| Max CVSS | 10.0 | Min CVSS | 2.6 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2007-0842 | 5.0 |
The 64-bit versions of Microsoft Visual C++ 8.0 standard library (MSVCR80.DLL) time functions, including (1) localtime, (2) localtime_s, (3) gmtime, (4) gmtime_s, (5) ctime, (6) ctime_s, (7) wctime, (8) wctime_s, and (9) fstat, trigger an assertion e
|
12-03-2024 - 17:39 | 13-02-2007 - 11:28 | |
| CVE-2005-4079 | 5.0 |
The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers to exploit other vulnerabilities in phpMyAdmin by modifying the import_blacklist variable in grab_globals.php, which can then be used to overwrite other variables.
|
19-10-2018 - 15:40 | 08-12-2005 - 01:03 | |
| CVE-2006-3550 | 2.6 |
Multiple cross-site scripting (XSS) vulnerabilities in F5 Networks FirePass 4100 5.x allow remote attackers to inject arbitrary web script or HTML via unspecified "writable form fields and hidden fields," including "authentication frontends."
|
18-10-2018 - 16:47 | 13-07-2006 - 00:05 | |
| CVE-2007-1236 | 6.4 |
sitex allows remote attackers to obtain sensitive information via a request with a numerical value for the (1) sxMonth[] or (2) sxYear[] parameter to calendar.php, or the (3) page[] parameter to calendar_events.php, which reveals the path in various
|
16-10-2018 - 16:37 | 03-03-2007 - 19:19 | |
| CVE-2007-1234 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in sitex allow remote attackers to inject arbitrary web script or HTML via (1) the sxYear parameter to calendar.php, (2) the search parameter to search.php, (3) the linkid parameter to redirect.php,
|
16-10-2018 - 16:37 | 03-03-2007 - 19:19 | |
| CVE-2007-1235 | 7.5 |
Unrestricted file upload vulnerability in sitex allows remote attackers to upload arbitrary PHP code via an avatar filename with a double extension such as .php.jpg, which fails verification and is saved as a .php file.
|
16-10-2018 - 16:37 | 03-03-2007 - 19:19 | |
| CVE-2007-1237 | 5.0 |
sitex allows remote attackers to obtain potentially sensitive information via a ' (quote) value for certain parameters, as demonstrated by parameters used in forum and search, which forces a SQL error.
|
16-10-2018 - 16:37 | 03-03-2007 - 19:19 | |
| CVE-2007-1166 | 7.5 |
SQL injection vulnerability in result.php in Nabopoll 1.2 allows remote attackers to execute arbitrary SQL commands via the surv parameter.
|
16-10-2018 - 16:37 | 02-03-2007 - 21:18 | |
| CVE-2007-1156 | 7.5 |
JBrowser allows remote attackers to bypass authentication and access certain administrative capabilities via a direct request for _admin/.
|
16-10-2018 - 16:36 | 02-03-2007 - 21:18 | |
| CVE-2006-7161 | 7.5 |
SQL injection vulnerability in giris_yap.asp in Hazir Site 2.0 allows remote attackers to bypass authentication via the (1) k_a class or (2) sifre parameter.
|
16-10-2018 - 16:29 | 07-03-2007 - 20:19 | |
| CVE-2006-7159 | 6.4 |
Directory traversal vulnerability in include/prune_torrents.php in BTI-Tracker 1.3.2 (aka btitracker) allows remote attackers to delete arbitrary files via ".." sequences in the TORRENTSDIR parameter in a prune action.
|
16-10-2018 - 16:29 | 07-03-2007 - 20:19 | |
| CVE-2006-7153 | 10.0 |
PHP remote file inclusion vulnerability in index.php in MiniBB Forum 2 allows remote attackers to execute arbitrary code via a URL in the pathToFiles parameter.
|
16-10-2018 - 16:29 | 07-03-2007 - 20:19 | |
| CVE-2006-7150 | 7.5 |
Multiple SQL injection vulnerabilities in Mambo 4.6.x allow remote attackers to execute arbitrary SQL commands via the mcname parameter to (1) moscomment.php and (2) com_comment.php.
|
16-10-2018 - 16:29 | 07-03-2007 - 20:19 | |
| CVE-2006-7157 | 7.1 |
Buffer overflow in Google Earth v4.0.2091 (beta) allows remote user-assisted attackers to cause a denial of service (crash) via a KML or KMZ file with a long href element.
|
16-10-2018 - 16:29 | 07-03-2007 - 20:19 | |
| CVE-2006-7149 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the query string to (a) index.php, which reflects the string in an error message from mod_login.php; and the (2)
|
16-10-2018 - 16:29 | 07-03-2007 - 20:19 | |
| CVE-2006-7151 | 6.6 |
Untrusted search path vulnerability in the libtool-ltdl library (libltdl.so) 1.5.22-2.3 in Fedora Core 5 might allow local users to execute arbitrary code via a malicious library in the (1) hwcap, (2) 0, and (3) nosegneg subdirectories.
|
16-10-2018 - 16:29 | 07-03-2007 - 20:19 | |
| CVE-2006-7160 | 4.9 |
The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly earlier versions, does not validate arguments to hooked SSDT functions, which allows local users to cause a denial of service (crash) via invalid arguments to the (1) NtAssignProcessToJ
|
16-10-2018 - 16:29 | 07-03-2007 - 20:19 | |
| CVE-2008-4039 | 7.5 |
SQL injection vulnerability in index.php in Spice Classifieds allows remote attackers to execute arbitrary SQL commands via the cat_path parameter.
|
29-09-2017 - 01:31 | 11-09-2008 - 21:06 | |
| CVE-2003-1365 | 5.0 |
The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does not correctly remove special characters including (1) "\" (backslash), (2) "?", (3) "~" (tilde), (4) "^" (carat), (5) newline, or (6) carriage return, which could allow remote atta
|
29-07-2017 - 01:29 | 31-12-2003 - 05:00 | |
| CVE-2011-1544 | 6.0 |
Unspecified vulnerability in HP Insight Control Performance Management before 6.3 allows remote authenticated users to gain privileges via unknown vectors.
|
22-09-2011 - 03:30 | 03-05-2011 - 19:55 | |
| CVE-2011-1545 | 6.8 |
Cross-site request forgery (CSRF) vulnerability in HP Insight Control Performance Management before 6.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
|
22-09-2011 - 03:30 | 03-05-2011 - 19:55 |