| Max CVSS | 9.3 | Min CVSS | 2.6 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2017-2658 | 4.3 |
It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests.
|
12-02-2023 - 23:29 | 27-07-2018 - 18:29 | |
| CVE-2019-7399 | 5.8 |
Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for "Terms of Use" and Privacy pages.
|
24-08-2020 - 17:37 | 17-02-2019 - 04:29 | |
| CVE-2006-1144 | 2.6 |
Cross-site scripting (XSS) vulnerability in HitHost 1.0.0 allows remote attackers to inject arbitrary web script or HTML via (1) the user parameter in deleteuser.php and (2) the hits parameter in viewuser.php.
|
18-10-2018 - 16:30 | 10-03-2006 - 11:02 | |
| CVE-2014-8766 | 7.5 |
Multiple SQL injection vulnerabilities in Allomani Weblinks 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter in a browse action to index.php or (2) unspecified parameters to admin.php.
|
08-09-2017 - 01:29 | 14-10-2014 - 14:55 | |
| CVE-2014-8593 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Allomani Weblinks 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default URI to admin.php or the (2) id parameter to admin.php or (3) go.php.
|
08-09-2017 - 01:29 | 04-11-2014 - 16:55 | |
| CVE-2003-0144 | 7.2 |
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or
|
11-07-2017 - 01:29 | 31-03-2003 - 05:00 | |
| CVE-2015-4974 | 7.2 |
IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain root privileges for command execution via unspecified vectors.
|
06-12-2016 - 03:02 | 26-10-2015 - 02:59 | |
| CVE-2014-1573 | 4.3 |
Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not ensure that a scalar context is used for certain CGI parameters, which allows remote attackers to conduct cross-sit
|
28-11-2016 - 19:10 | 13-10-2014 - 01:55 | |
| CVE-2014-7217 | 3.5 |
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improper
|
04-04-2016 - 13:15 | 03-10-2014 - 01:55 | |
| CVE-2014-4871 | 4.3 |
Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetCommWireless NB604N routers with firmware before GAN5.CZ56T-B-NC.AU-R4B030.EN allows remote attackers to inject arbitrary web script or HTML via the wlWpaPsk parameter.
|
06-10-2015 - 02:38 | 07-10-2014 - 10:55 | |
| CVE-2007-6530 | 9.3 |
Buffer overflow in the XUpload.ocx ActiveX control in Persits Software XUpload 2.1.0.1, and probably other versions before 3.0, as used by HP Mercury LoadRunner and Groove Virtual Office, allows remote attackers to execute arbitrary code via a long a
|
08-03-2011 - 03:03 | 27-12-2007 - 22:46 |