Max CVSS | 10.0 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2008-4078 | 6.5 |
SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
09-02-2024 - 20:08 | 15-09-2008 - 15:14 | |
CVE-2008-4077 | 7.8 |
The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length.
|
09-02-2024 - 16:11 | 15-09-2008 - 15:14 | |
CVE-2007-1785 | 7.1 |
The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 SP2 build 4237 allows remote attackers to execute arbitrary code via crafted xdr_handle_t data in RPC packets, which is used in calculating an address for a function call, as demon
|
07-04-2021 - 18:14 | 31-03-2007 - 01:19 | |
CVE-2005-4219 | 5.0 |
setting.php in Innovative CMS (ICMS, formerly Imoel-CMS) contains username and password information in cleartext, which might allow attackers to obtain this information via a direct request to setting.php. NOTE: on a properly configured web server, i
|
19-10-2018 - 15:40 | 14-12-2005 - 11:03 | |
CVE-2006-3737 | 4.3 |
Cross-site scripting (XSS) vulnerability in filemanager/filemanager.php in the control panel in SWsoft Plesk 8.0 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the file parameter.
|
17-10-2018 - 21:29 | 21-07-2006 - 14:03 | |
CVE-2007-1766 | 10.0 |
PHP remote file inclusion vulnerability in login/engine/db/profiledit.php in Advanced Login 0.76 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
|
16-10-2018 - 16:40 | 30-03-2007 - 00:19 | |
CVE-2007-0951 | 7.5 |
SQL injection vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to execute arbitrary SQL commands via the cat parameter.
|
16-10-2018 - 16:35 | 15-02-2007 - 02:28 | |
CVE-2007-0950 | 6.8 |
Cross-site scripting (XSS) vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
|
16-10-2018 - 16:35 | 15-02-2007 - 02:28 | |
CVE-2007-5507 | 6.4 |
The GIOP service in TNS Listener in the Oracle Net Services component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (crash) or read potentially sensitive memory via a conn
|
15-10-2018 - 21:45 | 17-10-2007 - 23:17 | |
CVE-2011-1840 | 2.1 |
The MartiniCreations PassmanLite Password Manager application before 1.48 for Android stores the master password and unspecified other account information in cleartext, which allows local users to obtain sensitive information by leveraging shell acce
|
22-09-2011 - 03:30 | 13-05-2011 - 17:05 |