| Max CVSS | 9.3 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2007-1924 | 6.8 |
Multiple PHP remote file inclusion vulnerabilities in phpContact allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) contact_business.php or (2) contact_person.php. NOTE: this issue is disputed by CVE
|
11-04-2024 - 00:42 | 10-04-2007 - 23:19 | |
| CVE-2008-4080 | 6.8 |
SQL injection vulnerability in Stash 1.0.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username parameter to admin/library/authenticate.php and the (2) download parameter to downloadmp3.ph
|
28-12-2020 - 09:15 | 15-09-2008 - 15:14 | |
| CVE-2005-2827 | 7.2 |
The thread termination routine in the kernel for Windows NT 4.0 and 2000 (NTOSKRNL.EXE) allows local users to modify kernel memory and execution flow via steps in which a terminating thread causes Asynchronous Procedure Call (APC) entries to free the
|
30-04-2019 - 14:27 | 14-12-2005 - 01:03 | |
| CVE-2007-1270 | 5.0 |
Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows attackers to cause a denial of service (crash), obtain sensitive information, or possibly execute arbitrary code via unspecified vectors.
|
30-10-2018 - 16:26 | 06-04-2007 - 00:19 | |
| CVE-2007-1271 | 6.6 |
Buffer overflow in VMware ESX Server 3.0.0 and 3.0.1 might allow attackers to gain privileges or cause a denial of service (application crash) via unspecified vectors.
|
30-10-2018 - 16:26 | 06-04-2007 - 00:19 | |
| CVE-2006-3827 | 6.5 |
SQL injection vulnerability in bmc/Inc/core/admin/search.inc.php in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the blog parameter.
|
17-10-2018 - 21:31 | 25-07-2006 - 13:22 | |
| CVE-2006-3829 | 5.0 |
Cross-site request forgery (CSRF) vulnerability in bmc/admin.php in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote attackers to perform unauthorized actions as an administrator and delete arbitrary user accounts via a del
|
17-10-2018 - 21:31 | 25-07-2006 - 13:22 | |
| CVE-2006-3828 | 6.5 |
Incomplete blacklist vulnerability in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to bypass SQL injection protection mechanisms by using commas, quote characters, pound sign (#) characters,
|
17-10-2018 - 21:31 | 25-07-2006 - 13:22 | |
| CVE-2006-3826 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user_login, (2) full_name, and (3) URL parameters in regist
|
17-10-2018 - 21:31 | 25-07-2006 - 13:22 | |
| CVE-2007-1894 | 4.3 |
Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function.
|
16-10-2018 - 16:41 | 09-04-2007 - 20:19 | |
| CVE-2007-1927 | 4.3 |
Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer WebMail 5.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the POP3Mail parameter.
|
16-10-2018 - 16:41 | 10-04-2007 - 23:19 | |
| CVE-2007-1878 | 6.8 |
Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension before 1.03 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute
|
16-10-2018 - 16:41 | 06-04-2007 - 00:19 | |
| CVE-2007-1848 | 4.3 |
Cross-site scripting (XSS) vulnerability in admin/classes/ui.dta.php in Drake CMS allows remote attackers to inject arbitrary web script or HTML via the desc[][title] field. NOTE: Drake CMS has only a beta version available, and the vendor has previ
|
16-10-2018 - 16:40 | 03-04-2007 - 16:19 | |
| CVE-2007-1855 | 7.5 |
Multiple PHP remote file inclusion vulnerabilities in smarty/smarty_class.php in Shop-Script FREE allow remote attackers to execute arbitrary PHP code via a URL in the (1) _smarty_compile_path, (2) smarty_compile_path, (3) get_plugin_filepath, (4) sm
|
16-10-2018 - 16:40 | 03-04-2007 - 16:19 | |
| CVE-2007-1680 | 9.3 |
Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before 20070313 allows remote attackers to execute arbitrary code via long (1) socksHostname and (2) hostname prope
|
16-10-2018 - 16:40 | 06-04-2007 - 01:19 | |
| CVE-2007-1850 | 5.0 |
Directory traversal vulnerability in classes/captcha/captcha.jpg.php in Drake CMS allows remote attackers to read arbitrary files or list arbitrary directories, and obtain the installation path, via a .. (dot dot) in the d_private parameter. NOTE: D
|
16-10-2018 - 16:40 | 03-04-2007 - 16:19 | |
| CVE-2011-1899 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in CA eHealth 6.0.x, 6.1.x, 6.2.1, and 6.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
|
09-10-2018 - 19:32 | 16-05-2011 - 17:55 | |
| CVE-2007-1882 | 6.5 |
qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury Quality Center 9.0 build 9.1.0.4352 allows remote authenticated users to execute arbitrary SQL commands via the RunQuery method.
|
29-07-2017 - 01:31 | 06-04-2007 - 01:19 | |
| CVE-2006-7017 | 7.5 |
Multiple PHP remote file inclusion vulnerabilities in Indexu 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the admin_template_path parameter to admin/ scripts (1) app_change_email.php, (2) app_change_pwd.php, (3) app_mod_rew
|
29-07-2017 - 01:29 | 15-02-2007 - 02:28 | |
| CVE-2003-1395 | 9.0 |
Buffer overflow in KaZaA Media Desktop 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a response to the ad server.
|
29-07-2017 - 01:29 | 31-12-2003 - 05:00 |