| Max CVSS | 10.0 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2012-1186 | 4.3 |
Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exist
|
13-02-2023 - 04:33 | 05-06-2012 - 22:55 | |
| CVE-2012-1185 | 6.8 |
Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the R
|
13-02-2023 - 04:33 | 05-06-2012 - 22:55 | |
| CVE-2005-4360 | 7.8 |
The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.d
|
08-11-2021 - 21:45 | 20-12-2005 - 01:03 | |
| CVE-2006-0506 | 4.3 |
Cross-site scripting (XSS) vulnerability in index.php in Nuked-klaN 1.7 allows remote attackers to inject arbitrary web script or HTML via the letter parameter.
|
19-10-2018 - 15:45 | 01-02-2006 - 23:02 | |
| CVE-2002-2208 | 7.8 |
Extended Interior Gateway Routing Protocol (EIGRP), as implemented in Cisco IOS 11.3 through 12.2 and other products, allows remote attackers to cause a denial of service (flood) by sending a large number of spoofed EIGRP neighbor announcements, whic
|
19-10-2018 - 15:29 | 31-12-2002 - 05:00 | |
| CVE-2006-3475 | 7.5 |
Multiple PHP remote file inclusion vulnerabilities in free QBoard 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the qb_path parameter to (1) index.php, (2) about.php, (3) contact.php, (4) delete.php, (5) faq.php, (6) features.
|
18-10-2018 - 16:47 | 10-07-2006 - 20:05 | |
| CVE-2006-2020 | 7.8 |
Asterisk Recording Interface (ARI) in Asterisk@Home before 2.8 stores recordings/includes/main.conf under the web document root with insufficient access control, which allows remote attackers to obtain password information. This vulnerability is addr
|
18-10-2018 - 16:37 | 25-04-2006 - 20:06 | |
| CVE-2006-6851 | 6.8 |
Multiple cross-site scripting (XSS) vulnerabilities in contact_us.php in ac4p Mobilelib gold 2 allow remote attackers to inject arbitrary web script or HTML via the (1) email or (2) errr parameter.
|
17-10-2018 - 21:49 | 31-12-2006 - 05:00 | |
| CVE-2006-4052 | 7.5 |
Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools PHP Simple Shop 2.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) admin/index.php, (2) admin/adminindex.php, (3) adm
|
17-10-2018 - 21:33 | 10-08-2006 - 00:04 | |
| CVE-2007-3456 | 9.3 |
Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an "input vali
|
16-10-2018 - 16:49 | 11-07-2007 - 16:30 | |
| CVE-2008-7005 | 7.5 |
include/modules/top/1-random_quote.php in Minb Is Not a Blog (minb) 0.1.0 allows remote attackers to execute arbitrary PHP code via the quotes_to_edit parameter. NOTE: this issue has been reported as an unrestricted file upload by some sources, but
|
11-10-2018 - 20:58 | 19-08-2009 - 10:30 | |
| CVE-2010-0713 | 6.8 |
Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss 2.3.3, and other versions before 2.5, allow remote attackers to hijack the authentication of an administrator for (1) requests that reset user passwords via zport/dmd/ZenUsers/admin
|
10-10-2018 - 19:53 | 26-02-2010 - 17:30 | |
| CVE-2001-0489 | 7.5 |
Format string vulnerability in gftp prior to 2.0.8 allows remote malicious FTP servers to execute arbitrary commands.
|
03-05-2018 - 01:29 | 27-06-2001 - 04:00 | |
| CVE-2006-4287 | 7.5 |
Multiple PHP remote file inclusion vulnerabilities in NES Game and NES System c108122 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) phphtmllib parameter to (a) phphtmllib/includes.php; tag_utils/ scripts includ
|
19-10-2017 - 01:29 | 22-08-2006 - 17:04 | |
| CVE-2007-2824 | 10.0 |
SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 and earlier allows remote attackers to execute arbitrary SQL commands via the pack parameter in a paypal action for index.php.
|
11-10-2017 - 01:32 | 22-05-2007 - 21:30 | |
| CVE-2007-2940 | 6.8 |
Multiple PHP remote file inclusion vulnerabilities in FlaP 1.0b (1.0 Beta) allow remote attackers to execute arbitrary PHP code via a URL in the pachtofile parameter to (1) skin/html/table.php or (2) login.php.
|
11-10-2017 - 01:32 | 31-05-2007 - 00:30 | |
| CVE-2007-2943 | 6.8 |
PHP remote file inclusion vulnerability in class/class.php in Webavis 0.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
|
11-10-2017 - 01:32 | 31-05-2007 - 00:30 | |
| CVE-2007-2891 | 7.5 |
Multiple PHP remote file inclusion vulnerabilities in FirmWorX 0.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bank_data[root] parameter to modules/bank/includes/design/main.inc.php, or the (2) fm_data[root] parameter
|
11-10-2017 - 01:32 | 30-05-2007 - 01:30 | |
| CVE-2001-0414 | 10.0 |
Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument.
|
10-10-2017 - 01:29 | 18-06-2001 - 04:00 | |
| CVE-2006-5190 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2 Milestone 2 Update 060817 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in the (a) banner_manager.php, (b) banner_statistics.php, (c) cou
|
05-10-2017 - 01:29 | 10-10-2006 - 04:06 | |
| CVE-2007-6553 | 6.8 |
Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONF[app_root] parameter to (1) tcuser.class.php, (2) absencecount.inc.php, (3) avatar.inc.php
|
29-09-2017 - 01:29 | 28-12-2007 - 00:46 | |
| CVE-2013-4117 | 4.3 |
Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter.
|
29-08-2017 - 01:33 | 16-07-2013 - 14:08 | |
| CVE-2012-5917 | 4.3 |
SnackAmp 3.1.3 allows remote attackers to cause a denial of service (application crash) via a long string in an aiff file.
|
29-08-2017 - 01:32 | 17-11-2012 - 21:55 | |
| CVE-2012-5335 | 4.0 |
Directory traversal vulnerability in Tiny Server 1.1.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the URI of an HTTP request.
|
29-08-2017 - 01:32 | 08-10-2012 - 23:55 | |
| CVE-2012-4996 | 7.5 |
Multiple SQL injection vulnerabilities in RivetTracker 1.03 and earlier allow remote attackers to execute arbitrary SQL commands via the hash parameter to (1) dltorrent.php or (2) torrent_functions.php.
|
29-08-2017 - 01:32 | 19-09-2012 - 19:55 | |
| CVE-2012-1834 | 4.3 |
Cross-site scripting (XSS) vulnerability in the cms_tpv_admin_head function in functions.php in the CMS Tree Page View plugin before 0.8.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cms_tpv_view parameter to
|
29-08-2017 - 01:31 | 07-04-2014 - 15:55 | |
| CVE-2011-4921 | 5.1 |
SQL injection vulnerability in usersettings.php in e107 0.7.26, and possibly other versions before 1.0.0, allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
29-08-2017 - 01:30 | 04-01-2012 - 19:55 | |
| CVE-2010-3602 | 4.3 |
Cross-site scripting (XSS) vulnerability in ProfileView.aspx in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to inject arbitrary web script or HTML via the User ID parameter. NOTE: some of these details are obtained from third party inform
|
17-08-2017 - 01:33 | 24-09-2010 - 21:00 | |
| CVE-2007-5590 | 6.8 |
Multiple buffer overflows in Miranda before 0.7.1 allow remote attackers to execute arbitrary code via unspecified vectors involving (1) IRC options, (2) Jabber forms, and unspecified aspects of the (3) ICQ and (4) Yahoo! instant messaging functional
|
29-07-2017 - 01:33 | 19-10-2007 - 23:17 | |
| CVE-2007-4651 | 5.0 |
Unspecified vulnerability in Adobe Connect Enterprise Server 6 allows remote attackers to read certain pages that are restricted to the administrator via unknown vectors.
|
29-07-2017 - 01:33 | 12-09-2007 - 01:17 | |
| CVE-2007-3551 | 6.1 |
Buffer overflow in bbs100 before 3.2 allows remote attackers to cause a denial of service (crash) by attempting to login as the Guest user when another Guest user is already logged in, possibly related to the state_login_prompt function in state_logi
|
29-07-2017 - 01:32 | 03-07-2007 - 21:30 | |
| CVE-2007-3058 | 6.8 |
Multiple PHP remote file inclusion vulnerabilities in Madirish Webmail 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter to (1) calendar.php, (2) compose.php, and (3) index.php, different vectors tha
|
29-07-2017 - 01:31 | 06-06-2007 - 01:30 | |
| CVE-2007-3049 | 4.3 |
Cross-site scripting (XSS) vulnerability in index.php in Buttercup web file manager (BWFM) May 2007 allows remote attackers to inject arbitrary web script or HTML via the title parameter.
|
29-07-2017 - 01:31 | 06-06-2007 - 01:30 | |
| CVE-2003-1285 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server before 6.0 beta 6 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) isapi/testisa.dll, (2) testcgi.exe, (3) environ.pl, (4) the query paramet
|
11-07-2017 - 01:29 | 31-12-2003 - 05:00 | |
| CVE-2014-4643 | 5.0 |
Multiple heap-based buffer overflows in the client in Core FTP LE 2.2 build 1798 allow remote FTP servers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in a reply to a (1) USER, (2) PASS, (3) P
|
26-06-2014 - 14:30 | 25-06-2014 - 20:55 | |
| CVE-2014-4166 | 4.3 |
Cross-site scripting (XSS) vulnerability in the song history in SHOUTcast DNAS 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the mp3 title field.
|
17-06-2014 - 14:58 | 16-06-2014 - 18:55 | |
| CVE-2013-5967 | 7.5 |
Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the date_from parameter to (1) radar-iso27001-potential.php, (2) rad
|
10-10-2013 - 20:38 | 09-10-2013 - 14:54 | |
| CVE-2012-5329 | 4.0 |
Buffer overflow in TYPSoft FTP Server 1.1 allows remote authenticated users to cause a denial of service (application crash) via a long string in an APPE command.
|
26-01-2013 - 04:58 | 08-10-2012 - 23:55 | |
| CVE-2012-1461 | 4.3 |
The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Ji
|
06-11-2012 - 05:09 | 21-03-2012 - 10:11 | |
| CVE-2007-3628 | 5.0 |
Unspecified vulnerability in the fetch function in MDB2.php in PEAR Structures-DataGrid-DataSource-MDB2 0.1.9 and earlier allows attackers to "manipulate the generated sorting queries."
|
08-03-2011 - 02:56 | 09-07-2007 - 16:30 | |
| CVE-2007-2866 | 7.5 |
Multiple SQL injection vulnerabilities in modules/admin/modules/gallery.php in PHPEcho CMS 2.0-rc1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter and possibly other parameters. NOTE: some of these details a
|
08-03-2011 - 02:55 | 25-05-2007 - 18:30 |