| Max CVSS | 9.0 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2001-1246 | 7.5 |
PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.
|
14-02-2024 - 15:17 | 30-06-2001 - 04:00 | |
| CVE-2018-0134 | 5.0 |
A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subscriber username is valid. The vulnerability occurs because the Cisco Policy Suite RADIUS server compo
|
04-09-2020 - 17:17 | 08-02-2018 - 07:29 | |
| CVE-2015-2044 | 2.1 |
The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size.
|
30-10-2018 - 16:26 | 12-03-2015 - 14:59 | |
| CVE-2005-0953 | 3.7 |
Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.
|
19-10-2018 - 15:31 | 02-05-2005 - 04:00 | |
| CVE-2008-2097 | 9.0 |
Buffer overflow in the openwsman management service in VMware ESXi 3.5 and ESX 3.5 allows remote authenticated users to gain privileges via an "invalid Content-Length."
|
11-10-2018 - 20:39 | 05-06-2008 - 20:32 | |
| CVE-2008-6751 | 6.8 |
Unrestricted file upload vulnerability in index.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct reque
|
29-09-2017 - 01:33 | 24-04-2009 - 14:30 | |
| CVE-2008-2553 | 4.3 |
Cross-site scripting (XSS) vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to inject arbitrary web script or HTML via the userfield parameter.
|
08-08-2017 - 01:31 | 05-06-2008 - 20:32 | |
| CVE-2008-2402 | 5.0 |
The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct reque
|
08-08-2017 - 01:31 | 04-06-2008 - 20:32 | |
| CVE-2008-2231 | 7.5 |
SQL injection vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to execute SQL commands and read table information via the id parameter.
|
08-08-2017 - 01:30 | 05-06-2008 - 20:32 | |
| CVE-2007-1461 | 7.8 |
The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended direct
|
13-07-2011 - 04:00 | 14-03-2007 - 18:19 | |
| CVE-2007-1460 | 5.0 |
The zip:// URL wrapper provided by the PECL zip extension in PHP before 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or open_basedir checks, which allows remote attackers to read ZIP archives located outside of the intended directories.
|
24-05-2011 - 04:00 | 14-03-2007 - 18:19 |