Max CVSS 10.0 Min CVSS 2.1 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2007-4120 9.3
Multiple PHP remote file inclusion vulnerabilities in Jelsoft vBulletin 3.6.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) classfile parameter to includes/functions.php, the (2) nextitem parameter to includes/functions_cr
21-03-2024 - 02:16 01-08-2007 - 16:17
CVE-2007-2311 7.5
PHP remote file inclusion vulnerability in install/index.php in BlooFoxCMS 0.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the content_php parameter. NOTE: this issue has been disputed by a reliable third party, stating that
21-03-2024 - 02:15 26-04-2007 - 21:19
CVE-2007-0189 7.5
PHP remote file inclusion vulnerability in index.php in GeoBB Georgian Bulletin Board allows remote attackers to execute arbitrary PHP code via a URL in the action parameter. NOTE: CVE disputes this issue, since GeoBB 1.0 sets $action to a whitelist
21-03-2024 - 02:15 12-01-2007 - 05:04
CVE-2008-2433 7.5
The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attack
14-02-2024 - 16:01 27-08-2008 - 20:41
CVE-2007-6224 5.0
The RealNetworks RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll, as shipped with RealPlayer 11, allows remote attackers to cause a denial of service (browser crash) via a certain argument to the GetSourceTransport method.
14-02-2024 - 01:17 04-12-2007 - 18:46
CVE-2006-4020 4.6
scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a bu
14-02-2024 - 01:17 08-08-2006 - 20:04
CVE-2006-3211 4.3
Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook 1.3 and earlier allows remote attackers to inject Javascript code via a javascript URI in an img bbcode tag in the comments parameter.
09-02-2024 - 03:21 24-06-2006 - 01:06
CVE-2008-3775 2.1
Folder Lock 5.9.5 and earlier uses weak encryption (ROT-25) for the password, which allows local administrators to obtain sensitive information by reading and decrypting the QualityControl\_pack registry value.
09-02-2024 - 03:10 22-08-2008 - 16:41
CVE-2007-6388 4.3
Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or H
02-02-2024 - 16:16 08-01-2008 - 18:46
CVE-2008-2936 6.2
Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creatin
13-02-2023 - 02:19 18-08-2008 - 19:41
CVE-2008-2938 4.3
Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequence
13-02-2023 - 02:19 13-08-2008 - 00:41
CVE-2008-1997 9.0
Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the ADMIN_SP_C issue is already covered by CVE
17-01-2023 - 17:19 28-04-2008 - 20:05
CVE-2006-4191 5.1
Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by in
29-04-2021 - 15:15 17-08-2006 - 01:04
CVE-2008-4397 10.0
Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x
09-04-2021 - 18:54 14-10-2008 - 21:10
CVE-2008-3784 7.5
SQL injection vulnerability in scrape.php in BtiTracker 1.4.7 and earlier and xBtiTracker 2.0.542 and earlier allows remote attackers to execute arbitrary SQL commands via the info_hash parameter.
06-08-2020 - 15:03 26-08-2008 - 14:41
CVE-2011-2841 6.8
Google Chrome before 14.0.835.163 does not properly perform garbage collection during the processing of PDF documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
08-05-2020 - 18:59 19-09-2011 - 12:02
CVE-2008-1547 4.3
Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in th
09-04-2020 - 13:22 21-10-2008 - 01:18
CVE-2007-1420 2.1
MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialize
17-12-2019 - 20:16 12-03-2007 - 23:19
CVE-2007-6166 9.3
Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Conten
30-10-2018 - 16:25 29-11-2007 - 01:46
CVE-2008-4582 4.3
Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the
30-10-2018 - 16:25 15-10-2008 - 20:08
CVE-2008-3843 4.3
Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework with the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demo
30-10-2018 - 16:25 27-08-2008 - 20:41
CVE-2006-0513 5.0
Directory traversal vulnerability in pkmslogout in Tivoli Web Server Plug-in 5.1.0.10 in Tivoli Access Manager (TAM) 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
19-10-2018 - 15:45 06-02-2006 - 23:02
CVE-2006-0566 5.0
The LDAP component in CommuniGate Pro Core Server 5.0.7 allows remote attackers to cause a denial of service (application crash) via LDAP messages that contain Distinguished Names (DN) fields with a large number of elements.
19-10-2018 - 15:45 06-02-2006 - 23:02
CVE-2006-0636 7.5
desktop.php in eyeOS 0.8.9 and earlier tests for the existence of the _SESSION variable before calling the session_start function, which allows remote attackers to execute arbitrary PHP code and possibly conduct other attacks by modifying critical as
19-10-2018 - 15:45 10-02-2006 - 11:02
CVE-2006-0588 7.5
SQL injection vulnerability in search.php in MyTopix 1.2.3 allows remote attackers to execute arbitrary SQL commands via the (1) mid and (2) keywords parameters.
19-10-2018 - 15:45 08-02-2006 - 01:02
CVE-2006-0590 5.0
MyTopix 1.2.3 allows remote attackers to obtain the installation path via an invalid hl parameter to index.php, which leads to path disclosure, possibly related to invalid SQL syntax.
19-10-2018 - 15:45 08-02-2006 - 01:02
CVE-2006-0563 7.5
SQL injection vulnerability in exec.php in PluggedOut Blog 1.9.9c allows remote attackers to execute arbitrary SQL commands via the entryid parameter in a comment_add action.
19-10-2018 - 15:45 06-02-2006 - 23:02
CVE-2006-0568 4.3
Cross-site scripting (XSS) vulnerability in throw.main in Outblaze allows remote attackers to inject arbitrary web script or HTML via the file parameter.
19-10-2018 - 15:45 07-02-2006 - 18:06
CVE-2006-0624 7.5
SQL injection vulnerability in check.asp in Whomp Real Estate Manager XP 2005 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
19-10-2018 - 15:45 09-02-2006 - 02:02
CVE-2006-0565 7.5
PHP remote file include vulnerability in inc/backend_settings.php in Loudblog 0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the $GLOBALS[path] parameter.
19-10-2018 - 15:45 06-02-2006 - 23:02
CVE-2006-0589 5.0
MyTopix 1.2.3 allows remote attackers to obtain the installation path via a direct request to logon.mod.php, which leaks the path in an error message.
19-10-2018 - 15:45 08-02-2006 - 01:02
CVE-2006-0192 7.5
SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 allows remote attackers to execute arbitrary SQL commands via the Password parameter to login.asp.
19-10-2018 - 15:43 13-01-2006 - 11:03
CVE-2006-0209 7.5
SQL injection vulnerability in general_functions.php in TankLogger 2.4 allows remote attackers to execute arbitrary SQL commands via the (1) livestock_id parameter to showInfo.php and (2) tank_id parameter, possibly to livestock.php.
19-10-2018 - 15:43 14-01-2006 - 01:03
CVE-2006-2833 2.6
Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the
18-10-2018 - 16:43 06-06-2006 - 00:02
CVE-2006-2547 10.0
Unspecified vulnerability in the sapdba command in SAP with Informix before 700, and 700 up to patch 100, allows local users to execute arbitrary commands via unknown vectors related to "insecure environment variable" handling.
18-10-2018 - 16:40 23-05-2006 - 10:06
CVE-2006-2202 6.4
SQL injection vulnerability in post.php in Invision Gallery 2.0.6 allows remote attackers to execute arbitrary SQL commands via the album parameter.
18-10-2018 - 16:38 04-05-2006 - 17:06
CVE-2006-1657 4.3
Cross-site scripting (XSS) vulnerability in index.php in Chucky A. Ivey N.T. 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter, which is not filtered when the administrator views the "Login Log" page.
18-10-2018 - 16:33 07-04-2006 - 10:04
CVE-2006-1478 7.5
Directory traversal vulnerability in (1) initiate.php and (2) possibly other PHP scripts in Turnkey Web Tools PHP Live Helper 1.8, and possibly later versions, allows remote authenticated users to include and execute arbitrary local files via directo
18-10-2018 - 16:32 29-03-2006 - 01:06
CVE-2006-0784 5.0
D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers to cause a denial of service (CAMEO HTTP service crash) via a request composed of "GET" followed by a space and two newlines, possibly triggering the crash due to missing arguments
18-10-2018 - 16:29 19-02-2006 - 11:02
CVE-2006-0948 7.2
AOL 9.0 Security Edition revision 4184.2340, and probably other versions, uses insecure permissions (Everyone/Full Control) for the "America Online 9.0" directory, which allows local users to gain privileges by replacing critical files. AOL has relea
18-10-2018 - 16:29 21-08-2006 - 18:04
CVE-2006-6196 6.8
Cross-site scripting (XSS) vulnerability in the search functionality in Fixit iDMS Pro Image Gallery allows remote attackers to inject arbitrary web script or HTML via a search field (txtsearchtext parameter).
17-10-2018 - 21:47 01-12-2006 - 00:28
CVE-2006-5833 7.5
gbcms_php_files/up_loader.php GreenBeast CMS 1.3 does not require authentication to upload files, which allows remote attackers to cause a denial of service (disk consumption) and execute arbitrary code by uploading arbitrary files, such as executing
17-10-2018 - 21:45 10-11-2006 - 01:07
CVE-2006-5385 7.5
PHP remote file inclusion vulnerability in admin/admin_spam.php in the SpamOborona 1.0b and earlier phpBB module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
17-10-2018 - 21:42 18-10-2006 - 19:07
CVE-2006-5056 5.1
Cross-site scripting (XSS) vulnerability in index.php in Opial Audio/Video Download Management 1.0 allows remote attackers to inject arbitrary web script or HTML via the destination parameter in the Login view.
17-10-2018 - 21:40 28-09-2006 - 00:07
CVE-2006-4706 6.8
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character r
17-10-2018 - 21:39 12-09-2006 - 16:07
CVE-2006-4224 4.3
Cross-site scripting (XSS) vulnerability in calendar.php in Virtual War (VWar) 1.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the year parameter. NOTE: The page parameter vector is covered by CVE-2006-4009.
17-10-2018 - 21:34 18-08-2006 - 20:04
CVE-2006-4242 5.1
PHP remote file inclusion vulnerability in install.jim.php in the JIM 1.0.1 component for Joomla or Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. Successful exploitation requires that
17-10-2018 - 21:34 21-08-2006 - 18:04
CVE-2006-4230 7.5
Multiple PHP remote file inclusion vulnerabilities in index.php in Lizge V.20 Web Portal allow remote attackers to execute arbitrary PHP code via a URL in the (1) lizge or (2) bade parameters.
17-10-2018 - 21:34 18-08-2006 - 20:04
CVE-2006-4241 7.5
PHP remote file inclusion vulnerability in processor/reporter.sql.php in the Reporter Mambo component (com_reporter) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
17-10-2018 - 21:34 21-08-2006 - 18:04
CVE-2006-4231 2.6
IrfanView 3.98 (with plugins) allows remote attackers to cause a denial of service (application crash) via a crafted CUR image file.
17-10-2018 - 21:34 18-08-2006 - 20:04
CVE-2006-4236 7.5
Multiple PHP remote file inclusion vulnerabilities in POWERGAP allow remote attackers to execute arbitrary PHP code via a URL in the (1) shopid parameter to (a) s01.php, (b) s02.php, (c) s03.php, and (d) s04.php; and possibly a URL located after "sho
17-10-2018 - 21:34 21-08-2006 - 18:04
CVE-2006-4228 9.0
Symantec Veritas NetBackup PureDisk Remote Office Edition 6.0 before MP1 20060816 allows remote attackers to bypass authentication and gain privileges via unknown attack vectors in the management interface. This vulnerability is addresses in the foll
17-10-2018 - 21:34 18-08-2006 - 20:04
CVE-2006-4198 5.1
PHP remote file inclusion vulnerability in includes/session.php in Wheatblog (wB) 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wb_class_dir parameter. Successful exploitatio
17-10-2018 - 21:33 17-08-2006 - 21:04
CVE-2006-3869 7.5
Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a l
17-10-2018 - 21:32 23-08-2006 - 01:04
CVE-2006-3725 2.1
Norton Personal Firewall 2006 9.1.0.33 allows local users to cause a denial of service (crash) via certain RegSaveKey, RegRestoreKey and RegDeleteKey operations on the (1) HKLM\SYSTEM\CurrentControlSet\Services\SNDSrvc and (2) HKLM\SYSTEM\CurrentCont
17-10-2018 - 21:29 21-07-2006 - 14:03
CVE-2007-3259 5.0
Calendarix 0.7.20070307 allows remote attackers to obtain sensitive information via (1) an invalid month[] parameter to calendar.php, (2) an invalid catview[] parameter to cal_week.php in a week operation, (3) an invalid ycyear[] parameter to yearcal
16-10-2018 - 16:48 26-06-2007 - 17:30
CVE-2007-1921 9.3
LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other products, allows remote attackers to execute arbitrary code via a crafted .MAT file that contains a value that is used as an offset, which triggers memory corruption. To exploit t
16-10-2018 - 16:41 10-04-2007 - 23:19
CVE-2007-1433 4.3
Cross-site scripting (XSS) vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment fields to (1) scripts/addblog_comment.php and (2) detail.php.
16-10-2018 - 16:38 13-03-2007 - 19:19
CVE-2007-1427 5.0
Directory traversal vulnerability in download_pdf.php in AssetMan 2.4a and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the pdf_file parameter.
16-10-2018 - 16:38 13-03-2007 - 01:19
CVE-2007-1414 10.0
Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter
16-10-2018 - 16:38 12-03-2007 - 23:19
CVE-2007-1470 6.8
Multiple buffer overflows in LIBFtp 5.0 allow user-assisted remote attackers to execute arbitrary code via certain long arguments to the (1) FtpArchie, (2) FtpDebugDebug, (3) FtpOpenDir, (4) FtpSize, or (5) FtpChmod function.
16-10-2018 - 16:38 16-03-2007 - 21:19
CVE-2007-1417 7.5
SQL injection vulnerability in index.php in HC NEWSSYSTEM 1.0-4 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a komm aktion.
16-10-2018 - 16:38 12-03-2007 - 23:19
CVE-2007-1421 10.0
Multiple PHP remote file inclusion vulnerabilities in Premod SubDog 2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) functions_kb.php, (2) themen_portal_mitte.php, or (3) logger_engine.php in in
16-10-2018 - 16:38 13-03-2007 - 01:19
CVE-2007-1432 7.5
Grayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to gain privileges via direct requests with modified arguments in (1) the user_permissions parameter to add_users.php, and unspecified parameters to (2) addblog.php, (3) edi
16-10-2018 - 16:38 13-03-2007 - 19:19
CVE-2007-1424 7.5
Multiple PHP remote file inclusion vulnerabilities in Softnews Media Group DataLife Engine allow remote attackers to execute arbitrary PHP code via a URL in the root_dir parameter to (1) init.php and (2) Ajax/editnews.php. NOTE: some of these detail
16-10-2018 - 16:38 13-03-2007 - 01:19
CVE-2007-1434 7.5
SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) userdetail.php, id and (2) url parameter to (b) jump.php, and id variab
16-10-2018 - 16:38 13-03-2007 - 19:19
CVE-2007-1416 10.0
PHP remote file inclusion vulnerability in createurl.php in JCcorp (aka James Coyle) URLshrink allows remote attackers to execute arbitrary PHP code via a URL in the formurl parameter.
16-10-2018 - 16:38 12-03-2007 - 23:19
CVE-2007-1172 6.4
SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the "File Disclosure Exploit."
16-10-2018 - 16:37 02-03-2007 - 21:18
CVE-2007-0925 4.3
Cross-site scripting (XSS) vulnerability in search/SearchResults.aspx in Community Server allows remote attackers to inject arbitrary web script or HTML via the q parameter.
16-10-2018 - 16:35 14-02-2007 - 11:28
CVE-2007-0692 5.0
DGNews 2.1 allows remote attackers to obtain sensitive information via a fullnews request to news.php with an invalid newsid parameter, and other unspecified vectors, which reveal the path in various error messages.
16-10-2018 - 16:33 30-05-2007 - 20:30
CVE-2008-0750 7.5
SQL injection vulnerability in philboard_forum.asp in Husrev BlackBoard 2.0.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
15-10-2018 - 22:02 13-02-2008 - 20:00
CVE-2007-6237 9.0
cp.php in DeluxeBB 1.09 does not verify that the membercookie parameter corresponds to the authenticated member during a profile update, which allows remote authenticated users to change the e-mail addresses of arbitrary accounts via a modified membe
15-10-2018 - 21:51 04-12-2007 - 18:46
CVE-2007-6226 7.1
The American Power Conversion (APC) AP7932 0u 30amp Switched Rack Power Distribution Unit (PDU), with rpdu 3.5.5 and aos 3.5.6, allows remote attackers to bypass authentication and obtain login access by making a login attempt while a different clien
15-10-2018 - 21:51 04-12-2007 - 18:46
CVE-2007-6217 7.5
Multiple SQL injection vulnerabilities in login.asp in Irola My-Time (aka Timesheet) 3.5 allow remote attackers to execute arbitrary SQL commands via the (1) login (aka Username) and (2) password parameters. NOTE: some of these details are obtained f
15-10-2018 - 21:51 04-12-2007 - 15:46
CVE-2007-6211 7.2
Send ICMP Nasty Garbage (sing) on Debian GNU/Linux allows local users to append to arbitrary files and gain privileges via the -L (output log file) option. NOTE: this issue is only a vulnerability in limited environments, since sing is not installed
15-10-2018 - 21:51 04-12-2007 - 01:46
CVE-2007-6204 10.0
Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allow remote attackers to execute arbitrary code via unspecified long arguments to (1) ovlogin.exe, (2) OpenView5.exe, (3) snmpviewer.exe, and (4)
15-10-2018 - 21:51 13-12-2007 - 21:46
CVE-2007-6260 6.8
The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the installation, if performed using the Database Configura
15-10-2018 - 21:51 06-12-2007 - 02:46
CVE-2007-6203 4.3
Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using w
15-10-2018 - 21:50 03-12-2007 - 22:46
CVE-2007-6014 7.5
SQL injection vulnerability in post.php in Beehive Forum 0.7.1 and earlier allows remote attackers to execute arbitrary SQL commands via the t_dedupe parameter.
15-10-2018 - 21:48 05-12-2007 - 11:46
CVE-2007-5818 7.6
Cross-site request forgery (CSRF) vulnerability in blocks_edit_do.php in sBlog 0.7.3 Beta allows remote attackers to change arbitrary blocks as administrators.
15-10-2018 - 21:46 05-11-2007 - 18:46
CVE-2007-4909 9.3
Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by
15-10-2018 - 21:38 17-09-2007 - 17:17
CVE-2007-4456 7.5
SQL injection vulnerability in index.php in the SimpleFAQ (com_simplefaq) 2.11 component for Mambo allows remote attackers to execute arbitrary SQL commands via the aid parameter. NOTE: it was later reported that 2.40 is also affected, and that the
15-10-2018 - 21:35 21-08-2007 - 21:17
CVE-2009-0246 9.3
Stack-based buffer overflow in easyHDR PRO 1.60.2 allows user-assisted attackers to execute arbitrary code via an invalid Radiance RGBE (aka .hdr) file.
11-10-2018 - 21:00 22-01-2009 - 16:30
CVE-2008-4549 2.6
The ImageShack Toolbar ActiveX control (ImageShackToolbar.dll) in ImageShack Toolbar 4.5.7, possibly including 4.5.7.69, allows remote attackers to force the upload of arbitrary image files to the ImageShack site via a file: URI argument to the Build
11-10-2018 - 20:52 14-10-2008 - 18:12
CVE-2008-4585 7.5
Belong Software Site Builder 0.1 beta allows remote attackers to bypass intended access restrictions and perform administrative actions via a direct request to admin/home.php.
11-10-2018 - 20:52 15-10-2008 - 22:45
CVE-2008-3874 3.5
Cross-site scripting (XSS) vulnerability in account.php in Lussumo Vanilla 1.1.5-rc1, 1.1.4, and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Value field (aka Label ==> Value pairs). NOTE: some of these de
11-10-2018 - 20:50 29-08-2008 - 17:41
CVE-2008-3851 5.0
Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Windows allow remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the (1) blogpost, (2) cat, and (3) file parameters to data/inc/themes/pred
11-10-2018 - 20:50 27-08-2008 - 23:41
CVE-2008-3845 7.5
Multiple SQL injection vulnerabilities in Crafty Syntax Live Help (CSLH) 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to (1) is_xmlhttp.php and (2) is_flush.php.
11-10-2018 - 20:49 27-08-2008 - 23:41
CVE-2008-3770 6.8
Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) includes/events_application_t
11-10-2018 - 20:49 22-08-2008 - 16:41
CVE-2008-3758 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla 1.1.4 and earlier (1) allow remote attackers to inject arbitrary web script or HTML via the NewPassword parameter to people.php, and allow remote authenticated users to inject arb
11-10-2018 - 20:49 21-08-2008 - 17:41
CVE-2008-3764 7.5
Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php. Upgrade to Version 2.1.0 - http:
11-10-2018 - 20:49 21-08-2008 - 17:41
CVE-2008-3763 6.8
Variable overwrite vulnerability in libsecure.php in Turnkey PHP Live Helper 2.0.1 and earlier, when register_globals is enabled, allows remote attackers to overwrite arbitrary variables related to the db config file. NOTE: this can be leveraged for
11-10-2018 - 20:49 21-08-2008 - 17:41
CVE-2008-3841 4.3
Cross-site scripting (XSS) vulnerability in admin/search_links.php in Freeway eCommerce 1.4.1.171 allows remote attackers to inject arbitrary web script or HTML via the search_link parameter.
11-10-2018 - 20:49 27-08-2008 - 20:41
CVE-2008-3768 7.5
Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey Web Tools SunShop Shopping Cart before 4.1.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an edit_registry action to index.php, (2) a vector i
11-10-2018 - 20:49 22-08-2008 - 16:41
CVE-2008-3762 7.5
SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the dep parameter, related to lack of input sanitization in the get function in global.php
11-10-2018 - 20:49 21-08-2008 - 17:41
CVE-2008-3842 4.3
Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework without the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as d
11-10-2018 - 20:49 27-08-2008 - 20:41
CVE-2008-3840 5.0
Crafty Syntax Live Help (CSLH) 2.14.6 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.
11-10-2018 - 20:49 27-08-2008 - 20:41
CVE-2008-3769 6.8
PHP remote file inclusion vulnerability in admin/create_order_new.php in Freeway 1.4.1.171, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the include_page parameter.
11-10-2018 - 20:49 22-08-2008 - 16:41
CVE-2008-3703 10.0
The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbi
11-10-2018 - 20:49 18-08-2008 - 17:41
CVE-2008-3715 2.6
Cross-site scripting (XSS) vulnerability in inc-core-admin-editor-previouscolorsjs.php in the FlexCMS 2.5 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the PreviousColorsString param
11-10-2018 - 20:49 19-08-2008 - 19:41
CVE-2008-3712 2.6
Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.2 and 4.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to mambots/editors/mostlyce/jscripts/tiny_mce/filem
11-10-2018 - 20:49 19-08-2008 - 19:41
CVE-2008-3680 5.0
The decryption function in Flagship Industries Ventrilo 3.0.2 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) by sending a type 0 packet with an invalid version followed by another packet t
11-10-2018 - 20:49 14-08-2008 - 19:41
CVE-2008-3676 4.3
Unspecified vulnerability in the IMAP server in hMailServer 4.4.1 allows remote authenticated users to cause a denial of service (resource exhaustion or daemon crash) via a long series of IMAP commands.
11-10-2018 - 20:49 14-08-2008 - 19:41
CVE-2008-3431 7.2
The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain pri
11-10-2018 - 20:48 05-08-2008 - 19:41
CVE-2008-3568 7.5
Absolute path traversal vulnerability in fckeditor/editor/filemanager/browser/default/connectors/php/connector.php in UNAK-CMS 1.5.5 allows remote attackers to include and execute arbitrary local files via a full pathname in the Dirroot parameter, a
11-10-2018 - 20:48 10-08-2008 - 20:41
CVE-2008-3480 9.3
Stack-based buffer overflow in the Anzio Web Print Object (WePO) ActiveX control 3.2.19 and 3.2.24, as used in Anzio Print Wizard, allows remote attackers to execute arbitrary code via a long mainurl parameter.
11-10-2018 - 20:48 29-08-2008 - 17:41
CVE-2008-3582 6.8
SQL injection vulnerability in login.php in Keld PHP-MySQL News Script 0.7.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
11-10-2018 - 20:48 10-08-2008 - 21:41
CVE-2008-3574 2.6
Multiple cross-site scripting (XSS) vulnerabilities in Pluck 4.5.2, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lang_footer parameter to (a) data/inc/footer.php; the (2) pluck_version, (
11-10-2018 - 20:48 10-08-2008 - 20:41
CVE-2008-3563 7.5
Multiple SQL injection vulnerabilities in Plogger 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the checked array parameter to plog-download.php in an album action and (2) unspecified parameters to plog-remote.php,
11-10-2018 - 20:48 10-08-2008 - 20:41
CVE-2008-3575 7.5
PHP remote file inclusion vulnerability in modules/calendar/minicalendar.php in ezContents CMS allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[gsLanguage] parameter, a different vector than CVE-2006-4477 and CVE-2004-01
11-10-2018 - 20:48 10-08-2008 - 20:41
CVE-2008-3485 7.2
Untrusted search path vulnerability in Citrix MetaFrame Presentation Server allows local users to gain privileges via a malicious icabar.exe placed in the search path.
11-10-2018 - 20:48 06-08-2008 - 17:41
CVE-2008-3600 6.8
Directory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1.5.7 and 1.6-alpha3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter within a
11-10-2018 - 20:48 12-08-2008 - 19:41
CVE-2008-3448 4.3
Cross-site scripting (XSS) vulnerability in index.php in common solutions csphonebook 1.02 allows remote attackers to inject arbitrary web script or HTML via the letter parameter.
11-10-2018 - 20:48 04-08-2008 - 17:41
CVE-2008-3514 5.0
VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side "enabled/disabled functionality" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then ma
11-10-2018 - 20:48 13-08-2008 - 12:42
CVE-2008-3606 6.5
Heap-based buffer overflow in the IMAP service in Qbik WinGate 6.2.2.1137 and earlier allows remote authenticated users to cause a denial of service (resource exhaustion) or possibly execute arbitrary code via a long argument to the LIST command. NO
11-10-2018 - 20:48 12-08-2008 - 19:41
CVE-2008-3587 4.3
Cross-site scripting (XSS) vulnerability in result.php in Chris Bunting Homes 4 Sale allows remote attackers to inject arbitrary web script or HTML via the r parameter.
11-10-2018 - 20:48 11-08-2008 - 23:41
CVE-2008-3569 4.3
Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.6.7, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the text parameter to (1) iart.php and (2) ming.php.
11-10-2018 - 20:48 10-08-2008 - 20:41
CVE-2008-3607 5.0
The IMAP server in NoticeWare Email Server NG 4.6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via multiple long LOGIN commands.
11-10-2018 - 20:48 12-08-2008 - 19:41
CVE-2008-3556 7.5
Multiple SQL injection vulnerabilities in index.php in Battle.net Clan Script 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) showmember parameter in a members action and the (2) thread parameter in a board action. NOTE: v
11-10-2018 - 20:48 08-08-2008 - 19:41
CVE-2008-3315 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the (1) query string to (a) announcements/messages.php; (b) lostPassword.php and (c) profile.php in auth/; (d) c
11-10-2018 - 20:47 25-07-2008 - 16:41
CVE-2008-2665 5.0
Directory traversal vulnerability in the posix_access function in PHP 5.2.6 and earlier allows remote attackers to bypass safe_mode restrictions via a .. (dot dot) in an http URL, which results in the URL being canonicalized to a local filename after
11-10-2018 - 20:42 20-06-2008 - 01:41
CVE-2008-1337 5.0
The instant message service in Timbuktu Pro 8.6.5 RC 229 and earlier for Windows allows remote attackers to cause (1) a denial of service (daemon crash) via an invalid Version field or (2) a denial of service (CPU consumption and daemon termination)
11-10-2018 - 20:31 14-03-2008 - 20:44
CVE-2008-1117 10.0
Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2ftp.dll in Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, allows remote attackers to upload files to arbitrary locations via a destinat
11-10-2018 - 20:29 14-03-2008 - 20:44
CVE-2010-4903 7.5
SQL injection vulnerability in index.php in CubeCart 4.3.3 allows remote attackers to execute arbitrary SQL commands via the searchStr parameter.
10-10-2018 - 20:08 08-10-2011 - 10:55
CVE-2011-0745 4.0
SugarCRM before 6.1.3 does not properly handle reloads and direct requests for a warning page produced by a certain duplicate check, which allows remote authenticated users to discover (1) the names of customers via a ShowDuplicates action to the Acc
09-10-2018 - 19:29 16-03-2011 - 22:55
CVE-2008-3443 5.0
The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to
03-10-2018 - 21:55 14-08-2008 - 23:41
CVE-2008-3604 7.5
SQL injection vulnerability in bannerclick.php in ZeeBuddy 2.1 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
16-11-2017 - 18:23 12-08-2008 - 19:41
CVE-2008-5198 7.5
SQL injection vulnerability in memberlist.php in Acmlmboard 1.A2 allows remote attackers to execute arbitrary SQL commands via the pow parameter.
11-10-2017 - 01:32 21-11-2008 - 17:30
CVE-2005-2710 5.1
Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute arbitrary code via the (1) image handle or (2) timeformat attribute in a RealPix (.rp) or RealText (.rt) file.
11-10-2017 - 01:30 27-09-2005 - 20:03
CVE-2008-4702 7.5
Multiple directory traversal vulnerabilities in PhpWebGallery 1.3.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) user[language] and (2) user[template] parameters to (a) init.inc.php, and (b) the us
29-09-2017 - 01:32 22-10-2008 - 22:00
CVE-2008-4570 7.5
SQL injection vulnerability in index.php in Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter.
29-09-2017 - 01:32 15-10-2008 - 20:00
CVE-2008-5573 7.5
SQL injection vulnerability in the login feature in Poll Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) Password and (2) username parameters.
29-09-2017 - 01:32 15-12-2008 - 18:00
CVE-2008-4590 7.5
Multiple SQL injection vulnerabilities in Stash 1.0.3 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to admin/login.php and (2) the post parameter to admin/news.php.
29-09-2017 - 01:32 16-10-2008 - 18:00
CVE-2008-4885 7.5
SQL injection vulnerability in tr1.php in YourFreeWorld Scrolling Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
29-09-2017 - 01:32 04-11-2008 - 00:57
CVE-2008-4362 4.9
The Virtual Token driver (vdlptokn.sys) 1.0.2.43 in DESlock+ 3.2.7 allows local users to cause a denial of service (system crash) via a crafted IOCTL request to \Device\DLPTokenWalter0.
29-09-2017 - 01:32 30-09-2008 - 23:24
CVE-2008-4588 10.0
Stack-based buffer overflow in the FTP server in Etype Eserv 3.x, possibly 3.26, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long argument to the ABOR command.
29-09-2017 - 01:32 15-10-2008 - 22:45
CVE-2008-5793 6.8
Multiple PHP remote file inclusion vulnerabilities in the Clickheat - Heatmap stats (com_clickheat) component 1.0.1 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a
29-09-2017 - 01:32 31-12-2008 - 11:30
CVE-2008-4548 9.3
Stack-based buffer overflow in the PTZCamPanelCtrl ActiveX control (CamPanel.dll) in RTS Sentry 2.1.0.2 allows remote attackers to execute arbitrary code via a long second argument to the ConnectServer method.
29-09-2017 - 01:32 14-10-2008 - 18:12
CVE-2008-4569 7.5
SQL injection vulnerability in xlacomments.asp in XIGLA Software Absolute Poll Manager XE 4.1 allows remote attackers to execute arbitrary SQL commands via the p parameter.
29-09-2017 - 01:32 15-10-2008 - 20:00
CVE-2008-4591 4.3
Multiple cross-site scripting (XSS) vulnerabilities in admin/include/isadmin.inc.php in PhpWebGallery 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) lang[access_forbiden] and (2) lang[ident_title] parameters.
29-09-2017 - 01:32 16-10-2008 - 18:00
CVE-2008-4044 7.5
SQL injection vulnerability in article/readarticle.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the artid parameter.
29-09-2017 - 01:31 11-09-2008 - 21:06
CVE-2008-3877 9.3
Stack-based buffer overflow in Acoustica Mixcraft 4.1 Build 96 and 4.2 Build 98 allows user-assisted attackers to execute arbitrary code via a crafted .mx4 file. NOTE: it was later reported that version 3 is also affected.
29-09-2017 - 01:31 02-09-2008 - 15:41
CVE-2008-3795 10.0
Buffer overflow in Ipswitch WS_FTP Home client allows remote FTP servers to have an unknown impact via a long "message response."
29-09-2017 - 01:31 27-08-2008 - 15:21
CVE-2008-3787 7.5
SQL injection vulnerability in listing_view.php in Web Directory Script 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter.
29-09-2017 - 01:31 26-08-2008 - 14:41
CVE-2008-3779 4.3
Cross-site scripting (XSS) vulnerability in search/index.php in Five Star Review Script allows remote attackers to inject arbitrary web script or HTML via the words parameter in a search action.
29-09-2017 - 01:31 26-08-2008 - 14:41
CVE-2008-3748 7.5
SQL injection vulnerability in view_group.php in Active PHP Bookmarks (APB) 1.1.02 and 1.2.06 allows remote attackers to execute arbitrary SQL commands via the id parameter.
29-09-2017 - 01:31 21-08-2008 - 17:41
CVE-2008-3767 7.5
SQL injection vulnerability in classified.php in phpBazar 2.0.2 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
29-09-2017 - 01:31 22-08-2008 - 16:41
CVE-2008-3785 7.5
Multiple SQL injection vulnerabilities in the com_content component in MiaCMS 4.6.5 allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) view, (2) category, or (3) blogsection action to index.php.
29-09-2017 - 01:31 26-08-2008 - 14:41
CVE-2008-3761 4.9
hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 uses the METHOD_NEITHER communication method for I
29-09-2017 - 01:31 21-08-2008 - 17:41
CVE-2008-3861 7.5
Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in pages.php and (2) the price_max parameter in search.php.
29-09-2017 - 01:31 29-08-2008 - 16:41
CVE-2008-3783 6.8
Multiple SQL injection vulnerabilities in index.php in Matterdaddy Market 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters.
29-09-2017 - 01:31 26-08-2008 - 14:41
CVE-2008-3749 7.5
SQL injection vulnerability in tr.php in YourFreeWorld Banner Management Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
29-09-2017 - 01:31 21-08-2008 - 17:41
CVE-2008-3794 6.8
Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and
29-09-2017 - 01:31 26-08-2008 - 15:41
CVE-2008-3780 7.5
SQL injection vulnerability in recommend.php in Five Star Review Script allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
29-09-2017 - 01:31 26-08-2008 - 14:41
CVE-2008-3859 5.0
Davlin Thickbox Gallery 2 allows remote attackers to obtain the administrative username and MD5 password hash via a direct request to conf/admins.php.
29-09-2017 - 01:31 29-08-2008 - 16:41
CVE-2008-3788 6.8
Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) qtitle, (2) qid, and (3) qyear parameters to (a) search.php, and the (4) ema
29-09-2017 - 01:31 26-08-2008 - 14:41
CVE-2008-3588 7.5
Multiple SQL injection vulnerabilities in phsBlog 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to comments.php, (2) cid parameter to index.php, and the (3) urltitle parameter to entries.php.
29-09-2017 - 01:31 11-08-2008 - 23:41
CVE-2008-3578 5.0
HydraIRC 0.3.164 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long irc:// URI.
29-09-2017 - 01:31 10-08-2008 - 21:41
CVE-2008-3570 7.5
PHP remote file inclusion vulnerability in index.php in Africa Be Gone (ABG) 1.0a allows remote attackers to execute arbitrary PHP code via a URL in the abg_path parameter.
29-09-2017 - 01:31 10-08-2008 - 20:41
CVE-2008-3555 6.8
Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 and earlier, (2) Gallery 4.1.30 and earlier, (3) Knowledge Base (WSNKB) 4.1.36 and earlier, (4) Links 4.1.44 and earlier, and possibly (5) Classifieds before 4.1.30 allows remote
29-09-2017 - 01:31 08-08-2008 - 19:41
CVE-2008-3734 9.3
Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and WS_FTP Professional 2007.1.0.0 allows remote FTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in a connecti
29-09-2017 - 01:31 20-08-2008 - 16:41
CVE-2008-3713 7.5
SQL injection vulnerability in product.php in PHPBasket allows remote attackers to execute arbitrary SQL commands via the pro_id parameter.
29-09-2017 - 01:31 19-08-2008 - 19:41
CVE-2008-3446 6.8
Directory traversal vulnerability in inc/wysiwyg.php in LetterIt 2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
29-09-2017 - 01:31 04-08-2008 - 17:41
CVE-2008-3489 7.5
SQL injection vulnerability in checkCookie function in includes/functions.inc.php in PHPX 3.5.16 allows remote attackers to execute arbitrary SQL commands via a PXL cookie.
29-09-2017 - 01:31 06-08-2008 - 17:41
CVE-2008-3732 9.3
Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based bu
29-09-2017 - 01:31 20-08-2008 - 16:41
CVE-2008-3727 5.0
Directory traversal vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
29-09-2017 - 01:31 20-08-2008 - 16:41
CVE-2008-3721 7.5
PHP remote file inclusion vulnerability in user_language.php in DeeEmm CMS (DMCMS) 0.7.4 allows remote attackers to execute arbitrary PHP code via a URL in the language_dir parameter.
29-09-2017 - 01:31 20-08-2008 - 16:41
CVE-2008-3706 7.5
SQL injection vulnerability in bannerclick.php in ZEEJOBSITE 2.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
29-09-2017 - 01:31 19-08-2008 - 19:41
CVE-2008-3702 9.3
Multiple stack-based buffer overflows in the Animation GIF ActiveX control in JComSoft AniGIF.ocx 1.12 and 2.47, as used in products such as SpeedBit Download Accelerator Plus (DAP) 8.6, allow remote attackers to execute arbitrary code via a long arg
29-09-2017 - 01:31 15-08-2008 - 20:41
CVE-2008-3681 7.5
components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator.
29-09-2017 - 01:31 14-08-2008 - 19:41
CVE-2008-3720 7.5
SQL injection vulnerability in index.php in DeeEmm CMS (DMCMS) 0.7.4 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the id vector is already covered by CVE-2007-5679.
29-09-2017 - 01:31 20-08-2008 - 16:41
CVE-2008-3718 6.5
Multiple SQL injection vulnerabilities in cyberBB 0.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter to show_topic.php and the (2) user parameter to profile.php.
29-09-2017 - 01:31 20-08-2008 - 16:41
CVE-2008-3733 9.3
Stack-based buffer overflow in EO Video (eo-video) 1.36 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a .eop (aka playlist) file with a ProjectElement element that contains a long Name element.
29-09-2017 - 01:31 20-08-2008 - 16:41
CVE-2008-3711 7.5
SQL injection vulnerability in index.php in PHPArcadeScript (PHP Arcade Script) 4.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter in a browse action.
29-09-2017 - 01:31 19-08-2008 - 19:41
CVE-2008-3445 7.5
SQL injection vulnerability in index.php in phpMyRealty (PMR) 2.0.0 allows remote attackers to execute arbitrary SQL commands via the location parameter.
29-09-2017 - 01:31 04-08-2008 - 17:41
CVE-2008-3708 4.3
Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) news/index.dot and (2) getting_started/macros/macros_detail.dot. In order to exploit this vuln
29-09-2017 - 01:31 19-08-2008 - 19:41
CVE-2008-3669 7.5
SQL injection vulnerability in comments.php in ZeeScripts Reviews Opinions Rating Posting Engine Web-Site PHP Script (aka ZeeReviews) allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
29-09-2017 - 01:31 13-08-2008 - 19:41
CVE-2008-3498 7.5
SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php. NOTE: some of these details are obtained from
29-09-2017 - 01:31 06-08-2008 - 18:41
CVE-2008-3491 7.5
SQL injection vulnerability in go.php in Scripts24 iPost 1.0.1 and iTGP 1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter in a report action.
29-09-2017 - 01:31 06-08-2008 - 17:41
CVE-2008-3455 10.0
PHP remote file inclusion vulnerability in include/admin.php in JnSHosts PHP Hosting Directory 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the rd parameter.
29-09-2017 - 01:31 04-08-2008 - 19:41
CVE-2008-3505 4.3
Cross-site scripting (XSS) vulnerability in PolyPager 1.0 rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via the nr parameter to the default URI.
29-09-2017 - 01:31 06-08-2008 - 18:41
CVE-2008-3497 6.8
SQL injection vulnerability in pages.php in MyPHP CMS 0.3.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
29-09-2017 - 01:31 06-08-2008 - 18:41
CVE-2008-3481 7.5
themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message. as per vendor link: http://coppermine-
29-09-2017 - 01:31 05-08-2008 - 19:41
CVE-2008-3486 7.5
Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via
29-09-2017 - 01:31 06-08-2008 - 17:41
CVE-2008-3601 7.5
SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 allows remote attackers to execute arbitrary SQL commands via the forums array parameter in a search action.
29-09-2017 - 01:31 12-08-2008 - 19:41
CVE-2008-3591 7.5
SQL injection vulnerability in lib/class.admin.php in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary SQL commands via the sym_auth cookie in a /publish/filemanager/ request to index.php.
29-09-2017 - 01:31 11-08-2008 - 23:41
CVE-2008-3585 7.5
Multiple SQL injection vulnerabilities in PozScripts GreenCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) product_desc.php and (2) store_info.php.
29-09-2017 - 01:31 11-08-2008 - 23:41
CVE-2008-3580 7.5
Multiple SQL injection vulnerabilities in Qsoft K-Links allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to visit.php, or the PATH_INFO to the default URI under (2) report/, (3) addreview/, or (4) refer/.
29-09-2017 - 01:31 10-08-2008 - 21:41
CVE-2008-3557 7.5
Free Hosting Manager 1.2 and 2.0 allows remote attackers to bypass authentication and gain administrative access by setting both the adminuser and loggedin cookies.
29-09-2017 - 01:31 08-08-2008 - 19:41
CVE-2008-3674 7.5
SQL injection vulnerability in ugroups.php in PozScripts TubeGuru Video Sharing Script allows remote attackers to execute arbitrary SQL commands via the UID parameter.
29-09-2017 - 01:31 13-08-2008 - 19:41
CVE-2008-3487 7.5
SQL injection vulnerability in profile.php in PHPAuction GPL Enhanced 2.51 allows remote attackers to execute arbitrary SQL commands via the id parameter.
29-09-2017 - 01:31 06-08-2008 - 17:41
CVE-2008-3602 7.5
admin/wr_admin.php in PHP-Ring Webring System (aka uPHP_ring_website) 0.9.1 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.
29-09-2017 - 01:31 12-08-2008 - 19:41
CVE-2008-3589 4.3
Directory traversal vulnerability in download.php in moziloCMS 1.10.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the cat parameter.
29-09-2017 - 01:31 11-08-2008 - 23:41
CVE-2008-3484 7.5
SQL injection vulnerability in eStoreAff 0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter in a showcat action to index.php.
29-09-2017 - 01:31 05-08-2008 - 21:41
CVE-2008-3649 6.8
SQL injection vulnerability in categorydetail.php in Article Friendly Standard allows remote attackers to execute arbitrary SQL commands via the Cat parameter. Regarding Access Complexity: http://secunia.com/advisories/31292: "Input passed to t
29-09-2017 - 01:31 13-08-2008 - 00:41
CVE-2008-3490 6.5
SQL injection vulnerability in members/mail.php in E-topbiz Online Dating 3 1.0 allows remote authenticated users to execute arbitrary SQL commands via the mail_id parameter in a veiw action.
29-09-2017 - 01:31 06-08-2008 - 17:41
CVE-2008-3592 8.5
Unrestricted file upload vulnerability in the File Manager in the admin panel in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to a directory specified
29-09-2017 - 01:31 11-08-2008 - 23:41
CVE-2008-3506 7.5
SQL injection vulnerability in PolyPager 1.0 rc2 and earlier allows remote attackers to execute arbitrary SQL commands via the nr parameter to the default URI.
29-09-2017 - 01:31 06-08-2008 - 18:41
CVE-2008-3594 7.5
SQL injection vulnerability in viewdetails.php in MagicScripts E-Store Kit-1, E-Store Kit-2, E-Store Kit-1 Pro PayPal Edition, and E-Store Kit-2 PayPal Edition allows remote attackers to execute arbitrary SQL commands via the pid parameter.
29-09-2017 - 01:31 11-08-2008 - 23:41
CVE-2008-3599 7.5
SQL injection vulnerability in image.php in OpenImpro 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
29-09-2017 - 01:31 12-08-2008 - 19:41
CVE-2008-3581 4.3
Cross-site scripting (XSS) vulnerability in index.php in Qsoft K-Links allows remote attackers to inject arbitrary web script or HTML via the login_message parameter in a login action.
29-09-2017 - 01:31 10-08-2008 - 21:41
CVE-2008-3675 5.0
Directory traversal vulnerability in classes/imgsize.php in Gelato 0.95 allows remote attackers to read arbitrary files via (1) a .. (dot dot) and possibly (2) a full pathname in the img parameter. NOTE: some of these details are obtained from third
29-09-2017 - 01:31 14-08-2008 - 19:41
CVE-2008-3673 7.5
SQL injection vulnerability in browsecats.php in PozScripts Classified Ads allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2008-3672.
29-09-2017 - 01:31 13-08-2008 - 19:41
CVE-2008-3670 6.8
SQL injection vulnerability in authordetail.php in Article Friendly Pro allows remote attackers to execute arbitrary SQL commands via the autid parameter.
29-09-2017 - 01:31 13-08-2008 - 19:41
CVE-2008-3452 6.8
SQL injection vulnerability in the Calendar module in eNdonesia 8.4 allows remote attackers to execute arbitrary SQL commands via the loc_id parameter in a list_events action to mod.php.
29-09-2017 - 01:31 04-08-2008 - 19:41
CVE-2008-3571 7.8
The Xerox Phaser 8400 allows remote attackers to cause a denial of service (reboot) via an empty UDP packet to port 1900.
29-09-2017 - 01:31 10-08-2008 - 20:41
CVE-2008-3598 7.5
Multiple SQL injection vulnerabilities in psipuss 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the Cid parameter to categories.php or (2) the Username parameter to login.php.
29-09-2017 - 01:31 12-08-2008 - 19:41
CVE-2008-3593 7.5
Directory traversal vulnerability in index.php in SyzygyCMS 0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
29-09-2017 - 01:31 11-08-2008 - 23:41
CVE-2008-3564 7.5
Multiple directory traversal vulnerabilities in index.php in Dayfox Blog 4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p, (2) cat, and (3) archive parameters. NOTE: in some environments, this can
29-09-2017 - 01:31 10-08-2008 - 20:41
CVE-2008-3454 7.5
JnSHosts PHP Hosting Directory 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the "adm" cookie value to 1.
29-09-2017 - 01:31 04-08-2008 - 19:41
CVE-2010-4861 7.5
SQL injection vulnerability in asearch.php in webSPELL 4.2.1 allows remote attackers to execute arbitrary SQL commands via the search parameter.
29-08-2017 - 01:29 05-10-2011 - 10:55
CVE-2010-4857 7.5
SQL injection vulnerability in click.php in CAG CMS 0.2 Beta allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
29-08-2017 - 01:29 05-10-2011 - 10:55
CVE-2010-4860 7.5
SQL injection vulnerability in product_desc.php in MyPhpAuction 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter.
29-08-2017 - 01:29 05-10-2011 - 10:55
CVE-2010-4853 7.5
SQL injection vulnerability in the ccInvoices (com_ccinvoices) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewInv action to index.php.
29-08-2017 - 01:29 05-10-2011 - 10:55
CVE-2000-1247 2.1
The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ U
29-08-2017 - 01:29 05-10-2011 - 02:56
CVE-2008-3773 4.3
Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and 3.6.10 PL3, when "Show New Private Message Notification Pop-Up" is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a private message subject (ak
08-08-2017 - 01:32 22-08-2008 - 16:41
CVE-2008-3728 5.0
Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to determine the installation path, IP addresses, and error m
08-08-2017 - 01:32 20-08-2008 - 16:41
CVE-2008-3726 4.3
Cross-site scripting (XSS) vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to inject arbitrary web script or HTML via the URI.
08-08-2017 - 01:32 20-08-2008 - 16:41
CVE-2008-3729 7.5
Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to bypass authentication and obtain administrative access via a direct request with (1) an IsAdmin=true cookie value or (2) no cookie.
08-08-2017 - 01:32 20-08-2008 - 16:41
CVE-2008-3572 4.3
Cross-site scripting (XSS) vulnerability in index.php in Pligg 9.9.5 allows remote attackers to inject arbitrary web script or HTML via the category parameter.
08-08-2017 - 01:31 10-08-2008 - 20:41
CVE-2006-6634 7.5
Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai (com_extcalendar) 0.9.1 and earlier component for Mambo allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_EXT[LANGUAGES_DIR] parameter to admin_events
29-07-2017 - 01:29 18-12-2006 - 11:28
CVE-2002-2291 7.8
Calisto Internet Talker 0.04 and earlier allows remote attackers to cause a denial of service (hang) via a long request, possibly triggering a buffer overflow.
29-07-2017 - 01:29 31-12-2002 - 05:00
CVE-2004-0964 10.0
Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for Linux, allows remote attackers or local users to execute arbitrary code via certain values in a .pls file.
11-07-2017 - 01:30 09-02-2005 - 05:00
CVE-2011-2443 9.3
Multiple buffer overflows in Adobe Photoshop Elements 8.0 and earlier allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted (1) .grd or (2) .abr file, a related
14-02-2012 - 04:07 04-10-2011 - 20:55
CVE-2010-4855 7.5
SQL injection vulnerability in oku.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the makale_id parameter.
14-02-2012 - 04:02 05-10-2011 - 10:55
CVE-2010-4858 5.0
Directory traversal vulnerability in team.rc5-72.php in DNET Live-Stats 0.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the showlang parameter.
14-02-2012 - 04:02 05-10-2011 - 10:55
CVE-2010-4859 7.5
SQL injection vulnerability in index.php in WebAsyst Shop-Script allows remote attackers to execute arbitrary SQL commands via the blog_id parameter in a news action.
14-02-2012 - 04:02 05-10-2011 - 10:55
CVE-2011-1523 4.3
Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter.
22-09-2011 - 03:30 03-05-2011 - 19:55
CVE-2004-2760 6.8
sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for
29-01-2009 - 05:37 31-12-2004 - 05:00
CVE-2006-4225 5.0
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-3139. Reason: This candidate is a duplicate of CVE-2006-3139. Notes: All CVE users should reference CVE-2006-3139 instead of this candidate. All references and descriptions in t
10-09-2008 - 20:27 18-08-2006 - 20:04
Back to Top Mark selected
Back to Top