Max CVSS | 10.0 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2020-5307 | 7.5 |
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and t
|
09-01-2020 - 19:59 | 07-01-2020 - 19:15 | |
CVE-2018-7182 | 5.0 |
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.
|
31-10-2019 - 19:15 | 06-03-2018 - 20:29 | |
CVE-2018-7584 | 7.5 |
In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This
|
19-08-2019 - 11:15 | 01-03-2018 - 19:29 | |
CVE-2009-1453 | 6.8 |
SQL injection vulnerability in class.eport.php in Tiny Blogr 1.0.0 rc4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the txtUsername parameter (aka the Username field). NOTE: some of these details
|
10-10-2018 - 19:36 | 28-04-2009 - 16:30 | |
CVE-2015-1366 | 4.3 |
Cross-site scripting (XSS) vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the image_user parameter.
|
09-10-2018 - 19:55 | 27-01-2015 - 20:04 | |
CVE-2015-1365 | 5.0 |
Directory traversal vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to write to arbitrary files via a .. (dot dot) in the q parameter.
|
09-10-2018 - 19:55 | 27-01-2015 - 20:04 | |
CVE-2015-1376 | 4.0 |
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com.
|
09-10-2018 - 19:55 | 28-01-2015 - 11:59 | |
CVE-2015-1375 | 7.5 |
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.
|
09-10-2018 - 19:55 | 28-01-2015 - 11:59 | |
CVE-2006-6160 | 7.5 |
SQL injection vulnerability in details.asp in Doug Luxem Liberum Help Desk 0.97.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
19-10-2017 - 01:29 | 28-11-2006 - 23:28 | |
CVE-2005-0619 | 2.1 |
Einstein 1.0.1 stores sensitive information such as usernames and passwords in plaintext in the registry, which allows local users to gain privileges.
|
19-10-2017 - 01:29 | 28-02-2005 - 05:00 | |
CVE-2007-2521 | 7.5 |
PHP remote file inclusion vulnerability in common.php in E-GADS! before 2.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the locale parameter.
|
11-10-2017 - 01:32 | 08-05-2007 - 18:19 | |
CVE-2009-1511 | 7.8 |
GDI+ in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (infinite loop) via a PNG file that contains a certain large btChunkLen value.
|
29-09-2017 - 01:34 | 01-05-2009 - 18:30 | |
CVE-2009-1452 | 7.5 |
Multiple PHP remote file inclusion vulnerabilities in theme/format.php in SMA-DB 0.3.13 allow remote attackers to execute arbitrary PHP code via a URL in the (1) _page_css and (2) _page_javascript parameters. NOTE: the _page_content vector is already
|
29-09-2017 - 01:34 | 28-04-2009 - 16:30 | |
CVE-2009-1347 | 6.8 |
Multiple SQL injection vulnerabilities in stats/index.php in chCounter 3.1.3 allow remote attackers to execute arbitrary SQL commands via (1) the login_name parameter (aka the username field) or (2) the login_pw parameter (aka the password field).
|
29-09-2017 - 01:34 | 20-04-2009 - 14:30 | |
CVE-2009-0379 | 7.5 |
SQL injection vulnerability in the Prince Clan Chess Club (com_pcchess) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a showgame action to index.php, a different vector than CVE-2008-0761
|
29-09-2017 - 01:33 | 02-02-2009 - 19:00 | |
CVE-2008-4780 | 6.8 |
Directory traversal vulnerability in admin/centre.php in MyForum 1.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the padmin parameter.
|
29-09-2017 - 01:32 | 29-10-2008 - 14:22 | |
CVE-2008-2792 | 7.5 |
SQL injection vulnerability in index.php in eroCMS 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the site parameter.
|
29-09-2017 - 01:31 | 20-06-2008 - 11:48 | |
CVE-2008-0140 | 6.4 |
Directory traversal vulnerability in error.php in Uebimiau Webmail 2.7.10 and 2.7.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the selected_theme parameter, a different vector than CVE-2007-3172.
|
29-09-2017 - 01:30 | 08-01-2008 - 19:46 | |
CVE-2008-0210 | 6.4 |
Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication state variables from being set through HTTP requests, which allows remote attackers to bypass authentication via a sess[auth]=1 parameter settting. NOTE: this can be leveraged to cond
|
29-09-2017 - 01:30 | 10-01-2008 - 00:46 | |
CVE-2015-3093 | 10.0 |
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow atta
|
17-09-2017 - 01:29 | 13-05-2015 - 11:00 | |
CVE-2012-1220 | 6.8 |
Cross-site request forgery (CSRF) vulnerability in modules/config/admin_utente.php in GAzie 5.20 and earlier allows remote attackers to hijack the authentication of administrators for requests that change account information via an update action, as
|
29-08-2017 - 01:31 | 21-02-2012 - 13:31 | |
CVE-2012-1017 | 7.5 |
Multiple SQL injection vulnerabilities in base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allow remote attackers to execute arbitrary SQL commands via the (1) ip_addr[0][1], (2) ip_addr[0][2], or (3) ip_addr[0][9] parameters.
|
29-08-2017 - 01:31 | 08-02-2012 - 00:55 | |
CVE-2012-1058 | 6.0 |
Cross-site request forgery (CSRF) vulnerability in Flyspray 0.9.9.6 allows remote attackers to hijack the authentication of admins for requests that add admin accounts via an admin.newuser action to index.php.
|
29-08-2017 - 01:31 | 14-02-2012 - 00:55 | |
CVE-2012-1029 | 7.5 |
SQL injection vulnerability in mobile/search/index.php in Tube Ace (Adult PHP Tube Script) 1.6 allows remote attackers to execute arbitrary SQL commands via the q parameter. NOTE: some of these details are obtained from third party information.
|
29-08-2017 - 01:31 | 08-02-2012 - 00:55 | |
CVE-2012-1026 | 7.5 |
Multiple SQL injection vulnerabilities in login2.php in XRay CMS 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.
|
29-08-2017 - 01:31 | 08-02-2012 - 00:55 | |
CVE-2010-3211 | 7.5 |
Multiple SQL injection vulnerabilities in the JE FAQ Pro (com_jefaqpro) component 1.5.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via category categorylist operations with (1) the catid parameter or (2) the catid parameter
|
17-08-2017 - 01:32 | 03-09-2010 - 18:00 | |
CVE-2016-6754 | 6.8 |
A remote code execution vulnerability in Webview in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-05 could enable a remote attacker to execute arbitrary code when the user is navigating to a website. This issue is rated as Hi
|
24-12-2016 - 02:59 | 25-11-2016 - 16:59 |