Max CVSS | 10.0 | Min CVSS | 5.0 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2005-3750 | 7.5 |
Opera before 8.51 on Linux and Unix systems allows remote attackers to execute arbitrary code via shell metacharacters (backticks) in a URL that another product provides in a command line argument when launching Opera.
|
28-02-2022 - 16:23 | 22-11-2005 - 19:03 | |
CVE-2007-0612 | 7.8 |
Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties
|
23-07-2021 - 15:06 | 31-01-2007 - 11:28 | |
CVE-2006-3406 | 6.4 |
Directory traversal vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to modify arbitrary files via a .. (dot dot) sequence in the edit parameter.
|
18-10-2018 - 16:47 | 07-07-2006 - 00:05 | |
CVE-2006-3405 | 5.8 |
Cross-site scripting (XSS) vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) delete, (2) pathext, and (3) edit parameters.
|
18-10-2018 - 16:47 | 07-07-2006 - 00:05 | |
CVE-2006-6371 | 6.8 |
Cross-site scripting (XSS) vulnerability in pbguestbook.php in JAB Guest Book allows remote attackers to inject arbitrary web script or HTML via the author parameter.
|
17-10-2018 - 21:47 | 07-12-2006 - 17:28 | |
CVE-2006-6351 | 10.0 |
KhaledMuratList stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) CL2F9R1A2C1N.mdb or (2) Data2F9R1A2C1N.mdb.
|
17-10-2018 - 21:47 | 07-12-2006 - 01:28 | |
CVE-2006-6354 | 7.5 |
Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews allow remote attackers to execute arbitrary SQL commands via the (1) iNews, (2) iType, or (3) Action parameter. NOTE: the iType parameter in type.asp is covered by CVE-2005-3976.
|
17-10-2018 - 21:47 | 07-12-2006 - 01:28 | |
CVE-2006-6364 | 6.8 |
Cross-site scripting (XSS) vulnerability in error.php in Inside Systems Mail (ISMail) 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter.
|
17-10-2018 - 21:47 | 07-12-2006 - 11:28 | |
CVE-2006-6363 | 6.8 |
Cross-site scripting (XSS) vulnerability in admin.pl in BlueSocket Secure Controller (BSC) before 5.2, or without 5.1.1-BluePatch, allows remote attackers to inject arbitrary web script or HTML via the ad_name parameter.
|
17-10-2018 - 21:47 | 07-12-2006 - 11:28 | |
CVE-2006-6352 | 5.0 |
FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted remote attackers to cause a denial of service (infinite loop) via a crafted ACE file. NOTE: this issue has at least a partial overlap with CVE-2006-6294.
|
17-10-2018 - 21:47 | 07-12-2006 - 01:28 | |
CVE-2006-6374 | 7.5 |
Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in (1) css/phpmyadmin.css.php, (2) db_create
|
17-10-2018 - 21:47 | 07-12-2006 - 17:28 | |
CVE-2006-6334 | 6.8 |
Heap-based buffer overflow in the SendChannelData function in wfica.ocx in Citrix Presentation Server Client before 9.230 for Windows allows remote malicious web sites to execute arbitrary code via a DataSize parameter that is less than the length of
|
17-10-2018 - 21:47 | 08-12-2006 - 01:28 | |
CVE-2006-6356 | 6.8 |
Multiple cross-site scripting (XSS) vulnerabilities in templates/link_temp.php in PHPNews 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) url, (2) id, (3) subject, (4) username, or (5) time parameter. Successful exploi
|
17-10-2018 - 21:47 | 07-12-2006 - 01:28 | |
CVE-2006-6373 | 5.0 |
PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message.
|
17-10-2018 - 21:47 | 07-12-2006 - 17:28 | |
CVE-2006-6355 | 10.0 |
SQL injection vulnerability in default.asp in DuWare DuClassmate allows remote attackers to execute arbitrary SQL commands via the iCity parameter. NOTE: the iState parameter is already covered by CVE-2005-2049.
|
17-10-2018 - 21:47 | 07-12-2006 - 01:28 | |
CVE-2007-5260 | 5.0 |
ASP-CMS 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request for mdb-database/ASP-CMS_v100.mdb.
|
15-10-2018 - 21:41 | 06-10-2007 - 17:17 | |
CVE-2011-0748 | 6.8 |
Multiple cross-site request forgery (CSRF) vulnerabilities in phpList before 2.10.13 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) edit administrator accounts.
|
09-10-2018 - 19:29 | 13-04-2011 - 14:55 | |
CVE-2008-3877 | 9.3 |
Stack-based buffer overflow in Acoustica Mixcraft 4.1 Build 96 and 4.2 Build 98 allows user-assisted attackers to execute arbitrary code via a crafted .mx4 file. NOTE: it was later reported that version 3 is also affected.
|
29-09-2017 - 01:31 | 02-09-2008 - 15:41 |