| Max CVSS | 7.5 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2008-3431 | 7.2 |
The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain pri
|
16-07-2024 - 17:23 | 05-08-2008 - 19:41 | |
| CVE-2011-1020 | 4.6 |
The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive informat
|
12-08-2020 - 16:35 | 28-02-2011 - 16:00 | |
| CVE-2006-2967 | 2.1 |
Syworks SafeNET allows local users to bypass restrictions on network resource consumption by editing the policy.dat file.
|
18-10-2018 - 16:45 | 12-06-2006 - 20:06 | |
| CVE-2006-2965 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Particle Soft Particle Whois 1.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) the target parameter in index.php and (2) the "input box."
|
18-10-2018 - 16:45 | 12-06-2006 - 20:06 | |
| CVE-2006-2978 | 5.0 |
Mafia Moblog 0.6M1 and earlier allows remote attackers to obtain the installation path in an error message via a direct request to (1) big.php and (2) upgrade.php.
|
18-10-2018 - 16:45 | 12-06-2006 - 22:02 | |
| CVE-2006-2966 | 4.3 |
Cross-site scripting (XSS) vulnerability in Particle Soft Particle Wiki 1.0.2 allows remote attackers to inject arbitrary web script or HTML via a BR element with an extraneous IMG tag and a STYLE attribute that contains "/**/" comment sequences, whi
|
18-10-2018 - 16:45 | 12-06-2006 - 20:06 | |
| CVE-2006-2977 | 7.5 |
SQL injection vulnerability in big.php in Mafia Moblog 0.6M1 and earlier allows remote attackers to execute arbitrary SQL commands via the img parameter.
|
18-10-2018 - 16:45 | 12-06-2006 - 22:02 | |
| CVE-2006-3061 | 2.6 |
Multiple cross-site scripting (XSS) vulnerabilities in 5 Star Review allow remote attackers to inject arbitrary web script or HTML via the (1) sort parameter in index2.php, (2) item_id parameter in report.php, (3) search_term parameter (aka the "sear
|
18-10-2018 - 16:45 | 19-06-2006 - 10:02 | |
| CVE-2006-2972 | 7.5 |
SQL injection vulnerability in vs_resource.php in Arantius Vice Stats 0.5b and 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
|
18-10-2018 - 16:45 | 12-06-2006 - 22:02 | |
| CVE-2006-2950 | 5.0 |
Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) header.php, (2) contact.php, or (3) forum_extender.php, which reveals the path in an error message.
|
18-10-2018 - 16:44 | 12-06-2006 - 20:06 | |
| CVE-2006-2964 | 7.5 |
Multiple PHP remote file inclusion vulnerabilities in Xtreme Scripts Download Manager (aka Xtreme Downloads) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) download.php, (2) manager.php, (3) admin/scri
|
18-10-2018 - 16:44 | 12-06-2006 - 20:06 | |
| CVE-2006-2960 | 7.5 |
PHP remote file inclusion vulnerability in includes/joomla.php in Joomla! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter.
|
18-10-2018 - 16:44 | 12-06-2006 - 20:06 | |
| CVE-2006-2951 | 6.8 |
Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dynamic System (NPDS) 5.10 and earlier allow remote attackers to inject arbitrary web script and HTML via the (1) Titlesitename or (2) sitename parameter to (a) header.php, (3) nuke_ur
|
18-10-2018 - 16:44 | 12-06-2006 - 20:06 | |
| CVE-2006-2959 | 7.5 |
SQL injection vulnerability in inc_header.asp in Snitz Forum 3.4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the %strCookieURL%.GROUP parameter in a cookie.
|
18-10-2018 - 16:44 | 12-06-2006 - 20:06 | |
| CVE-2006-2952 | 5.0 |
Directory traversal vulnerability in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the (1) Default_Theme parameter to header.php or (2) Mo
|
18-10-2018 - 16:44 | 12-06-2006 - 20:06 | |
| CVE-2007-0115 | 6.0 |
Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, wh
|
16-10-2018 - 16:31 | 09-01-2007 - 02:28 | |
| CVE-2007-4512 | 4.3 |
Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Windows 6.x before 6.5.8 and 7.x before 7.0.1 allows remote attackers to inject arbitrary web script or HTML via an archive with a file that matches a virus signature and has a crafted
|
15-10-2018 - 21:35 | 10-09-2007 - 17:17 | |
| CVE-2006-3002 | 5.8 |
Cross-site scripting (XSS) vulnerability in details.php in Easy Ad-Manager allows remote attackers to inject arbitrary web script or HTML via the mbid parameter, which is reflected in an error message. NOTE: on 20060829, the vendor notified CVE that
|
20-07-2017 - 01:31 | 13-06-2006 - 01:02 | |
| CVE-2006-3003 | 4.3 |
details.php in Easy Ad-Manager allows remote attackers to obtain the full installation path via an invalid mbid parameter, which leaks the path in an error message. NOTE: this might be resultant from another vulnerability, since this vector also pro
|
20-07-2017 - 01:31 | 13-06-2006 - 01:02 | |
| CVE-2005-3328 | 7.5 |
PHP remote file inclusion vulnerability in common.php in PunBB 1.1.2 through 1.1.5 allows remote attackers to execute arbitrary code via the pun_root parameter.
|
18-10-2016 - 03:34 | 27-10-2005 - 10:02 |