| Max CVSS | 7.5 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2016-4569 | 2.1 |
The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer
|
12-09-2023 - 14:55 | 23-05-2016 - 10:59 | |
| CVE-2005-4195 | 7.5 |
Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the ParentId parameter in SPT--BrowseResources.php, (2) ResourceId parameter in SPT--FullRecord.ph
|
19-10-2018 - 15:40 | 13-12-2005 - 11:03 | |
| CVE-2006-3767 | 6.8 |
Cross-site scripting (XSS) vulnerability in showprofile.php in Darren's $5 Script Archive osDate 1.1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the onerror attribute in an HTML IMG tag with a non-existent source
|
17-10-2018 - 21:29 | 21-07-2006 - 14:03 | |
| CVE-2014-3020 | 6.9 |
install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Tro
|
29-08-2017 - 01:34 | 29-07-2014 - 20:55 | |
| CVE-2003-1290 | 5.0 |
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI).
|
20-07-2017 - 01:29 | 31-12-2003 - 05:00 | |
| CVE-2015-6416 | 4.3 |
Cross-site scripting (XSS) vulnerability in Cisco Unified Email Interaction Manager and Unified Web Interaction Manager 11.0(1) allows remote attackers to inject arbitrary web script or HTML a crafted URL, aka Bug ID CSCuw24479.
|
07-12-2016 - 18:20 | 14-12-2015 - 03:59 | |
| CVE-2003-1221 | 5.0 |
BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessio
|
10-09-2008 - 19:22 | 31-12-2003 - 05:00 | |
| CVE-2003-1220 | 5.0 |
BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (proxy plugin crash) via a malformed URL.
|
10-09-2008 - 19:22 | 31-12-2003 - 05:00 | |
| CVE-2003-1222 | 5.0 |
BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a foreign Java Message Service (JMS) provider, echoes the password for the foreign provider to the console and stores it in cleartext in config.xml, which could allow attackers to obtai
|
10-09-2008 - 19:22 | 31-12-2003 - 05:00 | |
| CVE-2003-1223 | 5.0 |
The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (Node Manager crash) via malformed data to the Node Manager's port, as demonstrated by nmap.
|
10-09-2008 - 19:22 | 31-12-2003 - 05:00 |