| Max CVSS | 10.0 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2011-2534 | 7.2 |
Buffer overflow in the clusterip_proc_write function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel before 2.6.39 might allow local users to cause a denial of service or have unspecified other impact via a crafted write operation, related
|
27-07-2020 - 20:03 | 22-06-2011 - 23:55 | |
| CVE-2007-5646 | 6.8 |
SQL injection vulnerability in Sources/Search.php in Simple Machines Forum (SMF) 1.1.3, when MySQL 5 is used, allows remote attackers to execute arbitrary SQL commands via the userspec parameter in a search2 action to index.php.
|
17-12-2019 - 16:12 | 23-10-2007 - 21:47 | |
| CVE-2005-4461 | 7.5 |
SQL injection vulnerability in index.php in Beehive Forum 0.6.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_sess parameter.
|
19-10-2018 - 15:41 | 21-12-2005 - 20:03 | |
| CVE-2006-3881 | 4.3 |
Cross-site scripting (XSS) vulnerability in Shalwan MusicBox 2.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter in a request for the top-level URI. NOTE: the id parameter in index.php, and the type
|
17-10-2018 - 21:32 | 27-07-2006 - 01:04 | |
| CVE-2006-3882 | 5.0 |
Shalwan MusicBox 2.3.4 and earlier allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.
|
17-10-2018 - 21:32 | 27-07-2006 - 01:04 | |
| CVE-2006-3886 | 7.5 |
SQL injection vulnerability in Shalwan MusicBox 2.3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter in a viewgallery action in a request for the top-level URI. NOTE: the start parameter/search action is
|
17-10-2018 - 21:32 | 27-07-2006 - 01:04 | |
| CVE-2007-3495 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in the SAP Internet Communication Framework (BC-MID-ICF) in the SAP Basis component 700 before SP12, and 640 before SP20, allow remote attackers to inject arbitrary web script or HTML via certain pa
|
16-10-2018 - 16:50 | 29-06-2007 - 18:30 | |
| CVE-2007-3487 | 6.4 |
Absolute path traversal in a certain ActiveX control in hpqxml.dll 2.0.0.133 in Hewlett-Packard (HP) Photo Digital Imaging allows remote attackers to create or overwrite arbitrary files via the argument to the saveXMLAsFile method.
|
16-10-2018 - 16:50 | 29-06-2007 - 18:30 | |
| CVE-2007-3489 | 9.3 |
Cross-site request forgery (CSRF) vulnerability in pop/WizU.html in the management interface in Check Point VPN-1 Edge X Embedded NGX 7.0.33x on the Check Point VPN-1 UTM Edge allows remote attackers to perform privileged actions as administrators, a
|
16-10-2018 - 16:50 | 29-06-2007 - 18:30 | |
| CVE-2007-3492 | 6.8 |
Conti FtpServer 1.0 allows remote authenticated users to cause a denial of service (daemon crash) via a certain string containing "//A:" in the argument to the LIST command.
|
16-10-2018 - 16:50 | 29-06-2007 - 18:30 | |
| CVE-2007-3396 | 4.3 |
Cross-site scripting (XSS) vulnerability in index.wkf in KeyFocus (KF) web server 3.1.0 allows remote attackers to inject arbitrary web script or HTML via the opsubmenu parameter.
|
16-10-2018 - 16:49 | 26-06-2007 - 17:30 | |
| CVE-2007-3459 | 6.4 |
A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax Vector 1.3 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the WriteMovie method.
|
16-10-2018 - 16:49 | 27-06-2007 - 18:30 | |
| CVE-2007-3453 | 7.5 |
SQL injection vulnerability in Papoo 3.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the selmenuid parameter to certain components.
|
16-10-2018 - 16:49 | 27-06-2007 - 00:30 | |
| CVE-2007-3255 | 6.5 |
Multiple cross-site request forgery (CSRF) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to execute commands as arbitrary users via (1) a saved Workflow name or
|
16-10-2018 - 16:48 | 27-06-2007 - 18:30 | |
| CVE-2007-3256 | 4.0 |
Xythos Enterprise Document Manager (XEDM), Digital Locker (XDL), and possibly WebFile Server before 6.0.46.1 allow remote authenticated users to associate arbitrary Content-Type HTTP headers with documents, which might facilitate malware distribution
|
16-10-2018 - 16:48 | 27-06-2007 - 18:30 | |
| CVE-2007-3259 | 5.0 |
Calendarix 0.7.20070307 allows remote attackers to obtain sensitive information via (1) an invalid month[] parameter to calendar.php, (2) an invalid catview[] parameter to cal_week.php in a week operation, (3) an invalid ycyear[] parameter to yearcal
|
16-10-2018 - 16:48 | 26-06-2007 - 17:30 | |
| CVE-2007-3339 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in forum/include/error/autherror.cfm in FuseTalk Basic, Standard, Enterprise, and ColdFusion allow remote attackers to inject arbitrary web script or HTML via the (1) FTVAR_LINKP and (2) FTVAR_URLP
|
16-10-2018 - 16:48 | 21-06-2007 - 21:30 | |
| CVE-2007-3254 | 3.5 |
Multiple cross-site scripting (XSS) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to inject arbitrary web script or HTML via (1) a saved Workflow name; (2) a Wo
|
16-10-2018 - 16:48 | 27-06-2007 - 18:30 | |
| CVE-2006-7036 | 10.0 |
PHP remote file inclusion vulnerability in register.php for Andys Chat 4.5 allows remote attackers to execute arbitrary code via the action parameter. NOTE: this issue was announced by an unreliable researcher, but the vendor is no longer distributi
|
16-10-2018 - 16:29 | 23-02-2007 - 03:28 | |
| CVE-2008-4166 | 4.3 |
Integer overflow in the JavaScript engine in Avant Browser 11.7 Build 9 and earlier allows remote attackers to cause a denial of service (application crash) by attempting to URL encode a string containing many instances of an invalid character.
|
11-10-2018 - 20:51 | 22-09-2008 - 18:34 |