| Max CVSS | 9.3 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2009-3597 | 5.0 |
Digitaldesign CMS 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for autoconfig.dd.
|
25-01-2024 - 21:50 | 08-10-2009 - 17:30 | |
| CVE-2010-0702 | 7.5 |
SQL injection vulnerability in cisco/services/PhonecDirectory.php in Fonality Trixbox 2.2.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
|
31-01-2023 - 19:13 | 23-02-2010 - 20:30 | |
| CVE-2011-4710 | 7.5 |
Multiple SQL injection vulnerabilities in Pixie CMS 1.01 through 1.04 allow remote attackers to execute arbitrary SQL commands via the (1) pixie_user parameter and (2) Referer HTTP header in a request to the default URI.
|
29-03-2021 - 12:16 | 08-12-2011 - 19:55 | |
| CVE-2010-1029 | 5.0 |
Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (ap
|
26-09-2019 - 17:05 | 19-03-2010 - 21:30 | |
| CVE-2016-9079 | 5.0 |
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR <
|
09-08-2018 - 15:12 | 11-06-2018 - 21:29 | |
| CVE-2018-6372 | 7.5 |
SQL Injection exists in the JB Bus 2.3 component for Joomla! via the order_number parameter.
|
05-03-2018 - 16:01 | 17-02-2018 - 07:29 | |
| CVE-2010-0754 | 4.3 |
Cross-site scripting (XSS) vulnerability in index.php/Special/Main/Templates in WikyBlog 1.7.2 and 1.7.3 rc2 allows remote attackers to inject arbitrary web script or HTML via the which parameter in a copy action.
|
13-01-2018 - 02:29 | 27-02-2010 - 00:30 | |
| CVE-2017-16513 | 4.6 |
Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in the local search field and the backup locations field, aka WSCLT-1729.
|
27-11-2017 - 16:01 | 03-11-2017 - 15:29 | |
| CVE-2007-3505 | 6.4 |
Multiple directory traversal vulnerabilities in QuickTalk forum 1.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) sequence in the lang parameter to (1) qtf_checkname.php, (2) qtf_j_birth.php, or (3) qtf_j_exis
|
19-10-2017 - 01:30 | 02-07-2007 - 19:30 | |
| CVE-2006-4011 | 2.6 |
PHP remote file inclusion vulnerability in esupport/admin/autoclose.php in Kayako eSupport 2.3.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the subd parameter.
|
19-10-2017 - 01:29 | 07-08-2006 - 19:04 | |
| CVE-2007-0225 | 6.8 |
Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
|
19-10-2017 - 01:29 | 13-01-2007 - 02:28 | |
| CVE-2007-0224 | 7.5 |
SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginLastname parameter.
|
19-10-2017 - 01:29 | 13-01-2007 - 02:28 | |
| CVE-2003-0854 | 2.1 |
ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.
|
11-10-2017 - 01:29 | 17-11-2003 - 05:00 | |
| CVE-2008-3292 | 6.4 |
constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the photoalbumadmin cookie, as demonstrated via addpage.php.
|
29-09-2017 - 01:31 | 24-07-2008 - 18:41 | |
| CVE-2008-0796 | 7.5 |
SQL injection vulnerability in threads.php in Nuboard 0.5 allows remote attackers to execute arbitrary SQL commands via the ssid parameter.
|
29-09-2017 - 01:30 | 15-02-2008 - 22:00 | |
| CVE-2016-9838 | 5.0 |
An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to a registered user's account an
|
02-09-2017 - 01:29 | 16-12-2016 - 09:59 | |
| CVE-2010-2004 | 9.3 |
Stack-based buffer overflow in BS.Global BS.Player 2.51 Build 1022 Free, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via the Skin parameter in the Options section of a skins file (.bsi), a different vu
|
17-08-2017 - 01:32 | 20-05-2010 - 21:30 | |
| CVE-2010-1368 | 7.5 |
SQL injection vulnerability in index.php in GameScript (GS) 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a category action.
|
17-08-2017 - 01:32 | 13-04-2010 - 20:30 | |
| CVE-2010-1091 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in contact.php in phpMySite allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) city, (3) email, (4) state, and (5) message parameters.
|
17-08-2017 - 01:32 | 24-03-2010 - 22:44 | |
| CVE-2010-2138 | 6.8 |
Multiple directory traversal vulnerabilities in ProMan 0.1.1 and earlier allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SESSION[userLang] parameter to (1) elisttasks.php, (2) managepmanag
|
17-08-2017 - 01:32 | 02-06-2010 - 18:30 | |
| CVE-2010-1094 | 7.5 |
SQL injection vulnerability in news.php in DZ EROTIK Auktionshaus V4rgo allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
17-08-2017 - 01:32 | 24-03-2010 - 22:44 | |
| CVE-2010-1090 | 7.5 |
SQL injection vulnerability in index.php in phpMySite allows remote attackers to execute arbitrary SQL commands via the action parameter.
|
17-08-2017 - 01:32 | 24-03-2010 - 22:44 | |
| CVE-2010-2137 | 7.5 |
PHP remote file inclusion vulnerability in _center.php in ProMan 0.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
|
17-08-2017 - 01:32 | 02-06-2010 - 18:30 | |
| CVE-2010-1092 | 7.5 |
Multiple SQL injection vulnerabilities in login.php in ScriptsFeed Business Directory Software allow remote attackers to execute arbitrary SQL commands via the (1) us and (2) ps parameters.
|
17-08-2017 - 01:32 | 24-03-2010 - 22:44 | |
| CVE-2010-2134 | 7.5 |
Multiple SQL injection vulnerabilities in login.php in Project Man 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.
|
17-08-2017 - 01:32 | 02-06-2010 - 18:30 | |
| CVE-2010-1077 | 6.8 |
Directory traversal vulnerability in vbseo.php in Crawlability vBSEO plugin 3.1.0 for vBulletin allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the vbseourl parameter.
|
17-08-2017 - 01:32 | 23-03-2010 - 19:30 | |
| CVE-2010-1538 | 7.5 |
SQL injection vulnerability in print_raincheck.php in phpRAINCHECK 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
17-08-2017 - 01:32 | 26-04-2010 - 19:30 | |
| CVE-2010-1537 | 7.5 |
Multiple directory traversal vulnerabilities in phpCDB 1.0 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_global parameter to (1) firstvisit.php, (2) newfolder.php, (3) showfolders.php,
|
17-08-2017 - 01:32 | 26-04-2010 - 19:30 | |
| CVE-2010-0755 | 7.5 |
PHP remote file inclusion vulnerability in include/WBmap.php in WikyBlog 1.7.3 rc2 allows remote attackers to execute arbitrary PHP code via a URL in the langFile parameter.
|
17-08-2017 - 01:32 | 27-02-2010 - 00:30 | |
| CVE-2010-0707 | 6.8 |
Cross-site request forgery (CSRF) vulnerability in add_user.php in Employee Timeclock Software 0.99 allows remote attackers to hijack the authentication of an administrator for requests that create new administrative users. NOTE: some of these detai
|
17-08-2017 - 01:32 | 25-02-2010 - 18:30 | |
| CVE-2010-0718 | 4.3 |
Buffer overflow in Microsoft Windows Media Player 9 and 11.0.5721.5145 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted .mpg file.
|
17-08-2017 - 01:32 | 26-02-2010 - 19:30 | |
| CVE-2010-0698 | 7.5 |
SQL injection vulnerability in backoffice/login.asp in Dynamicsoft WSC CMS 2.2 allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: some of these details are obtained from third party information.
|
17-08-2017 - 01:32 | 23-02-2010 - 20:30 | |
| CVE-2010-0722 | 7.5 |
SQL injection vulnerability in news.php in Php Auktion Pro allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
17-08-2017 - 01:32 | 26-02-2010 - 20:30 | |
| CVE-2010-0756 | 5.8 |
Session fixation vulnerability in WikyBlog 1.7.3 rc2 allows remote attackers to hijack web sessions by setting the jsessionid parameter to (1) index.php/Comment/Main, (2) index.php/Comment/Main/Home_Wiky, or (3) index.php/Edit/Main.
|
17-08-2017 - 01:32 | 27-02-2010 - 00:30 | |
| CVE-2010-0723 | 7.5 |
SQL injection vulnerability in news.php in Ero Auktion 2.0 and 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
17-08-2017 - 01:32 | 26-02-2010 - 20:30 | |
| CVE-2010-0753 | 7.5 |
SQL injection vulnerability in the SQL Reports (com_sqlreport) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter to ajax/print.php. NOTE: some of these details are obtained from third party
|
17-08-2017 - 01:32 | 27-02-2010 - 00:30 | |
| CVE-2010-0757 | 6.5 |
Unrestricted file upload vulnerability in index.php/Attach in WikyBlog 1.7.3rc2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension using the uploadform action, then accessing it via a direct r
|
17-08-2017 - 01:32 | 27-02-2010 - 00:30 | |
| CVE-2010-0758 | 7.5 |
SQL injection vulnerability in news_desc.php in Softbiz Jobs allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
17-08-2017 - 01:32 | 27-02-2010 - 00:30 | |
| CVE-2017-9430 | 7.5 |
Stack-based buffer overflow in dnstracer through 1.9 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a command line with a long name argument that is mishandled in a strcpy call for argv
|
12-08-2017 - 01:29 | 05-06-2017 - 11:29 | |
| CVE-2017-11517 | 7.5 |
Stack-based buffer overflow in GCoreServer.exe in the server in Geutebrueck Gcore 1.3.8.42 and 1.4.2.37 allows remote attackers to execute arbitrary code via a long URI in a GET request.
|
26-07-2017 - 18:09 | 21-07-2017 - 20:29 | |
| CVE-2010-0725 | 4.3 |
Cross-site scripting (XSS) vulnerability in showimg.php in Arab Cart 1.0.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
15-04-2010 - 05:41 | 26-02-2010 - 20:30 | |
| CVE-2010-0724 | 7.5 |
SQL injection vulnerability in showimg.php in Arab Cart 1.0.2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
15-04-2010 - 05:41 | 26-02-2010 - 20:30 | |
| CVE-2010-1369 | 7.5 |
SQL injection vulnerability in signup.asp in Pre Classified Listings ASP allows remote attackers to execute arbitrary SQL commands via the email parameter.
|
14-04-2010 - 20:58 | 13-04-2010 - 20:30 | |
| CVE-2010-1366 | 7.5 |
Multiple SQL injection vulnerabilities in admin/admin_login.php in Uiga Fan Club 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) admin_name and (2) admin_password parameters.
|
14-04-2010 - 20:49 | 13-04-2010 - 20:30 | |
| CVE-2010-1364 | 7.5 |
SQL injection vulnerability in index.php in Uiga Personal Portal, as downloaded on 20100301, allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action. NOTE: some of these details are obtained from third party
|
14-04-2010 - 19:37 | 13-04-2010 - 20:30 |