Max CVSS 9.3 Min CVSS 4.3 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2004-2104 5.0
Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to obtain sensitive server information, including the internal IP address, via a direct request to (1) snoop.jsp, (2) SnoopServlet, (3) env.bas, or (4) lcgitest.nlm.
30-10-2018 - 16:26 31-12-2004 - 05:00
CVE-2006-1201 5.0
Directory traversal vulnerability in resetpw.php in eschew.net phpBannerExchange 2.0 and earlier, and other versions before 2.0 Update 5, allows remote attackers to read arbitrary files via a .. (dot dot) in the email parameter during a "Recover pass
18-10-2018 - 16:31 14-03-2006 - 01:06
CVE-2007-3215 6.8
PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php. Successful exploitation requires that the PHP script using PHPMa
16-10-2018 - 16:47 14-06-2007 - 22:30
CVE-2007-0950 6.8
Cross-site scripting (XSS) vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
16-10-2018 - 16:35 15-02-2007 - 02:28
CVE-2007-4543 4.3
Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla 2.17.1 through 2.20.4, 2.22.x before 2.22.3, and 3.x before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the buildid field in the "guided form."
15-10-2018 - 21:36 27-08-2007 - 21:17
CVE-2007-4538 5.0
email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers to execute arbitrary commands via the -f (From address) option to the Email::Send::Sendmail function, probably involving shell metacharacters.
15-10-2018 - 21:35 27-08-2007 - 21:17
CVE-2007-4539 5.0
The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote attackers to obtain sensitive information via certain XML-RPC requests, as demonstrated by the
15-10-2018 - 21:35 27-08-2007 - 21:17
CVE-2008-6540 5.1
DotNetNuke before 4.8.2, during installation or upgrade, does not warn the administrator when the default (1) ValidationKey and (2) DecryptionKey values cannot be modified in the web.config file, which allows remote attackers to bypass intended acces
11-10-2018 - 20:57 30-03-2009 - 01:30
CVE-2007-3199 7.5
Unrestricted file upload vulnerability in Link Request Contact Form 3.4 allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension and an image content type, as demonstrated by image/jpeg.
11-10-2017 - 01:32 12-06-2007 - 23:30
CVE-2007-3209 7.8
Mail Notification 4.0, when WITH_SSL is set to 0 at compile time, uses unencrypted connections for accounts configured with SSL/TLS, which allows remote attackers to obtain sensitive information by sniffing the network.
29-07-2017 - 01:32 14-06-2007 - 19:30
CVE-2007-4363 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the nodereference module in Drupal Content Construction Kit (CCK) before 4.7.x-1.6, and 5.x before 5.x-1.6 ,allow remote attackers to inject arbitrary web script or HTML via nodereference fields,
29-07-2017 - 01:32 15-08-2007 - 19:17
CVE-2007-2920 9.3
Multiple stack-based buffer overflows in the Zoomify Viewer ActiveX control in ZActiveX.dll might allow remote attackers to execute arbitrary code via unspecified vectors.
29-07-2017 - 01:31 11-06-2007 - 22:30
Back to Top Mark selected
Back to Top