| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2007-3479 | 6.8 |
Stack-based buffer overflow in PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to execute arbitrary code via a long string in the "used DLL" field in a WDP project file.
|
16-10-2018 - 16:50 | 28-06-2007 - 18:30 | |
| CVE-2007-6397 | 5.0 |
Multiple directory traversal vulnerabilities in index.php in Flat PHP Board 1.2 and earlier allow remote attackers to (1) create arbitrary files via a .. (dot dot) in the username parameter when registering a user account, and (2) read arbitrary PHP
|
15-10-2018 - 21:52 | 17-12-2007 - 18:46 | |
| CVE-2007-5899 | 4.3 |
The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as
|
15-10-2018 - 21:46 | 20-11-2007 - 19:46 | |
| CVE-2007-5739 | 5.0 |
Directory traversal vulnerability in component/flashupload/download.jsp in the FlashUpload component in Korean GHBoard allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter.
|
15-10-2018 - 21:46 | 30-10-2007 - 23:46 | |
| CVE-2007-4840 | 5.0 |
PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode
|
15-10-2018 - 21:38 | 12-09-2007 - 20:17 | |
| CVE-2007-4783 | 5.0 |
The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2)
|
15-10-2018 - 21:38 | 10-09-2007 - 21:17 | |
| CVE-2007-3573 | 6.8 |
Multiple SQL injection vulnerabilities in akocomment allow remote attackers to execute arbitrary SQL commands via the (1) acparentid or (2) acitemid parameter to an unspecified component, different vectors than CVE-2006-1421.
|
15-10-2018 - 21:29 | 05-07-2007 - 20:30 | |
| CVE-2011-2780 | 5.0 |
Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2011-2744.
|
09-10-2018 - 19:33 | 19-07-2011 - 21:55 | |
| CVE-2007-6177 | 7.5 |
PHP remote file inclusion vulnerability in Exchange/include.php in PHP_CON 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the webappcfg[APPPATH] parameter.
|
29-09-2017 - 01:29 | 30-11-2007 - 00:46 | |
| CVE-2007-6179 | 7.5 |
Multiple PHP remote file inclusion vulnerabilities in Charray's CMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the ccms_library_path parameter to (1) markdown.php and (2) gallery.php in decoder/.
|
29-09-2017 - 01:29 | 30-11-2007 - 00:46 | |
| CVE-2007-6196 | 4.3 |
Cross-site scripting (XSS) vulnerability in util.php in Calacode @Mail before 5.2 allows remote attackers to inject arbitrary web script or HTML via the func parameter.
|
29-07-2017 - 01:34 | 01-12-2007 - 06:46 | |
| CVE-2004-2078 | 5.0 |
Red-M Red-Alert 2.7.5 with software 3.1 build 24 allows remote attackers to cause a denial of service (reboot and loss of logged events) via a long request to TCP port 80, possibly triggering a buffer overflow.
|
11-07-2017 - 01:31 | 09-02-2004 - 05:00 | |
| CVE-2009-0664 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0.x before 1.0.11 and 1.1.x before 1.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the introduction field in a user profile or (2) an arbitrary text block in
|
29-04-2009 - 05:28 | 23-04-2009 - 17:30 |