Max CVSS 9.3 Min CVSS 4.3 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2005-2827 7.2
The thread termination routine in the kernel for Windows NT 4.0 and 2000 (NTOSKRNL.EXE) allows local users to modify kernel memory and execution flow via steps in which a terminating thread causes Asynchronous Procedure Call (APC) entries to free the
30-04-2019 - 14:27 14-12-2005 - 01:03
CVE-2007-1270 5.0
Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows attackers to cause a denial of service (crash), obtain sensitive information, or possibly execute arbitrary code via unspecified vectors.
30-10-2018 - 16:26 06-04-2007 - 00:19
CVE-2007-1271 6.6
Buffer overflow in VMware ESX Server 3.0.0 and 3.0.1 might allow attackers to gain privileges or cause a denial of service (application crash) via unspecified vectors.
30-10-2018 - 16:26 06-04-2007 - 00:19
CVE-2006-3827 6.5
SQL injection vulnerability in bmc/Inc/core/admin/search.inc.php in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the blog parameter.
17-10-2018 - 21:31 25-07-2006 - 13:22
CVE-2006-3829 5.0
Cross-site request forgery (CSRF) vulnerability in bmc/admin.php in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote attackers to perform unauthorized actions as an administrator and delete arbitrary user accounts via a del
17-10-2018 - 21:31 25-07-2006 - 13:22
CVE-2006-3828 6.5
Incomplete blacklist vulnerability in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to bypass SQL injection protection mechanisms by using commas, quote characters, pound sign (#) characters,
17-10-2018 - 21:31 25-07-2006 - 13:22
CVE-2006-3826 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user_login, (2) full_name, and (3) URL parameters in regist
17-10-2018 - 21:31 25-07-2006 - 13:22
CVE-2007-1894 4.3
Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function.
16-10-2018 - 16:41 09-04-2007 - 20:19
CVE-2007-1927 4.3
Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer WebMail 5.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the POP3Mail parameter.
16-10-2018 - 16:41 10-04-2007 - 23:19
CVE-2007-1924 6.8
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in phpContact allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) contact_business.php or (2) contact_person.php. NOTE: this issue is
16-10-2018 - 16:41 10-04-2007 - 23:19
CVE-2007-1878 6.8
Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension before 1.03 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute
16-10-2018 - 16:41 06-04-2007 - 00:19
CVE-2007-1848 4.3
Cross-site scripting (XSS) vulnerability in admin/classes/ui.dta.php in Drake CMS allows remote attackers to inject arbitrary web script or HTML via the desc[][title] field. NOTE: Drake CMS has only a beta version available, and the vendor has previ
16-10-2018 - 16:40 03-04-2007 - 16:19
CVE-2007-1855 7.5
Multiple PHP remote file inclusion vulnerabilities in smarty/smarty_class.php in Shop-Script FREE allow remote attackers to execute arbitrary PHP code via a URL in the (1) _smarty_compile_path, (2) smarty_compile_path, (3) get_plugin_filepath, (4) sm
16-10-2018 - 16:40 03-04-2007 - 16:19
CVE-2007-1680 9.3
Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before 20070313 allows remote attackers to execute arbitrary code via long (1) socksHostname and (2) hostname prope
16-10-2018 - 16:40 06-04-2007 - 01:19
CVE-2007-1850 5.0
Directory traversal vulnerability in classes/captcha/captcha.jpg.php in Drake CMS allows remote attackers to read arbitrary files or list arbitrary directories, and obtain the installation path, via a .. (dot dot) in the d_private parameter. NOTE: D
16-10-2018 - 16:40 03-04-2007 - 16:19
CVE-2008-4080 6.8
SQL injection vulnerability in Stash 1.0.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username parameter to admin/library/authenticate.php and the (2) download parameter to downloadmp3.ph
11-10-2018 - 20:50 15-09-2008 - 15:14
CVE-2011-1899 4.3
Multiple cross-site scripting (XSS) vulnerabilities in CA eHealth 6.0.x, 6.1.x, 6.2.1, and 6.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
09-10-2018 - 19:32 16-05-2011 - 17:55
CVE-2007-1882 6.5
qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury Quality Center 9.0 build 9.1.0.4352 allows remote authenticated users to execute arbitrary SQL commands via the RunQuery method.
29-07-2017 - 01:31 06-04-2007 - 01:19
CVE-2006-7017 7.5
Multiple PHP remote file inclusion vulnerabilities in Indexu 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the admin_template_path parameter to admin/ scripts (1) app_change_email.php, (2) app_change_pwd.php, (3) app_mod_rew
29-07-2017 - 01:29 15-02-2007 - 02:28
CVE-2003-1395 9.0
Buffer overflow in KaZaA Media Desktop 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a response to the ad server.
29-07-2017 - 01:29 31-12-2003 - 05:00
Back to Top Mark selected
Back to Top