| Max CVSS | 7.8 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2012-4035 | 7.5 |
The new_password page in PBBoard 2.1.4 allows remote attackers to change the password of arbitrary user accounts via the member_id and new_password parameters to index.php.
|
14-02-2024 - 01:17 | 12-08-2012 - 00:55 | |
| CVE-2012-4036 | 6.8 |
Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 allows remote administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the addons directo
|
14-02-2024 - 01:17 | 27-08-2012 - 23:55 | |
| CVE-2012-4034 | 7.5 |
Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to the send page, (2) email parameter to the forget page, (3) password parameter to the forum_archive page
|
14-02-2024 - 01:17 | 12-08-2012 - 00:55 | |
| CVE-2014-0375 | 5.8 |
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5898 and CVE-2014-0403.
|
13-05-2022 - 14:57 | 15-01-2014 - 16:08 | |
| CVE-2005-2701 | 7.5 |
Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag.
|
11-10-2017 - 01:30 | 23-09-2005 - 19:03 | |
| CVE-2009-1580 | 5.8 |
Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie.
|
29-09-2017 - 01:34 | 14-05-2009 - 17:30 | |
| CVE-2009-1578 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to c
|
29-09-2017 - 01:34 | 14-05-2009 - 17:30 | |
| CVE-2009-1579 | 6.8 |
The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program.
|
29-09-2017 - 01:34 | 14-05-2009 - 17:30 | |
| CVE-2009-1581 | 4.3 |
functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scrip
|
29-09-2017 - 01:34 | 14-05-2009 - 17:30 | |
| CVE-2007-3810 | 7.5 |
SQL injection vulnerability in index.php in Realtor 747 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter.
|
29-09-2017 - 01:29 | 17-07-2007 - 00:30 | |
| CVE-2016-8942 | 3.5 |
IBM Tivoli Storage Productivity Center could allow an authenticated user with intimate knowledge of the system to edit a limited set of properties on the server.
|
13-02-2017 - 22:28 | 01-02-2017 - 20:59 | |
| CVE-2015-0744 | 7.8 |
Cisco DTA Control System (DTACS) 4.0.0.9 and Cisco Headend System Release allow remote attackers to cause a denial of service (CPU and memory consumption, and TCP service outage) via (1) a SYN flood or (2) another type of TCP traffic flood, aka Bug I
|
04-01-2017 - 15:44 | 30-05-2015 - 14:59 | |
| CVE-2002-2040 | 7.2 |
The (1) phrafx and (2) phgrafx-startup programs in QNX realtime operating system (RTOS) 4.25 and 6.1.0 do not properly drop privileges before executing the system command, which allows local users to execute arbitrary commands by modifying the PATH e
|
05-09-2008 - 20:32 | 31-12-2002 - 05:00 |