Max CVSS | 8.5 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2007-1420 | 2.1 |
MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialize
|
17-12-2019 - 20:16 | 12-03-2007 - 23:19 | |
CVE-2006-0588 | 7.5 |
SQL injection vulnerability in search.php in MyTopix 1.2.3 allows remote attackers to execute arbitrary SQL commands via the (1) mid and (2) keywords parameters.
|
19-10-2018 - 15:45 | 08-02-2006 - 01:02 | |
CVE-2006-0590 | 5.0 |
MyTopix 1.2.3 allows remote attackers to obtain the installation path via an invalid hl parameter to index.php, which leads to path disclosure, possibly related to invalid SQL syntax.
|
19-10-2018 - 15:45 | 08-02-2006 - 01:02 | |
CVE-2006-0589 | 5.0 |
MyTopix 1.2.3 allows remote attackers to obtain the installation path via a direct request to logon.mod.php, which leaks the path in an error message.
|
19-10-2018 - 15:45 | 08-02-2006 - 01:02 | |
CVE-2006-4224 | 4.3 |
Cross-site scripting (XSS) vulnerability in calendar.php in Virtual War (VWar) 1.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the year parameter. NOTE: The page parameter vector is covered by CVE-2006-4009.
|
17-10-2018 - 21:34 | 18-08-2006 - 20:04 | |
CVE-2008-3582 | 6.8 |
SQL injection vulnerability in login.php in Keld PHP-MySQL News Script 0.7.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
11-10-2018 - 20:48 | 10-08-2008 - 21:41 | |
CVE-2008-3575 | 7.5 |
PHP remote file inclusion vulnerability in modules/calendar/minicalendar.php in ezContents CMS allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[gsLanguage] parameter, a different vector than CVE-2006-4477 and CVE-2004-01
|
11-10-2018 - 20:48 | 10-08-2008 - 20:41 | |
CVE-2008-3587 | 4.3 |
Cross-site scripting (XSS) vulnerability in result.php in Chris Bunting Homes 4 Sale allows remote attackers to inject arbitrary web script or HTML via the r parameter.
|
11-10-2018 - 20:48 | 11-08-2008 - 23:41 | |
CVE-2008-4590 | 7.5 |
Multiple SQL injection vulnerabilities in Stash 1.0.3 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to admin/login.php and (2) the post parameter to admin/news.php.
|
29-09-2017 - 01:32 | 16-10-2008 - 18:00 | |
CVE-2008-3588 | 7.5 |
Multiple SQL injection vulnerabilities in phsBlog 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to comments.php, (2) cid parameter to index.php, and the (3) urltitle parameter to entries.php.
|
29-09-2017 - 01:31 | 11-08-2008 - 23:41 | |
CVE-2008-3591 | 7.5 |
SQL injection vulnerability in lib/class.admin.php in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary SQL commands via the sym_auth cookie in a /publish/filemanager/ request to index.php.
|
29-09-2017 - 01:31 | 11-08-2008 - 23:41 | |
CVE-2008-3585 | 7.5 |
Multiple SQL injection vulnerabilities in PozScripts GreenCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) product_desc.php and (2) store_info.php.
|
29-09-2017 - 01:31 | 11-08-2008 - 23:41 | |
CVE-2008-3580 | 7.5 |
Multiple SQL injection vulnerabilities in Qsoft K-Links allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to visit.php, or the PATH_INFO to the default URI under (2) report/, (3) addreview/, or (4) refer/.
|
29-09-2017 - 01:31 | 10-08-2008 - 21:41 | |
CVE-2008-3589 | 4.3 |
Directory traversal vulnerability in download.php in moziloCMS 1.10.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the cat parameter.
|
29-09-2017 - 01:31 | 11-08-2008 - 23:41 | |
CVE-2008-3592 | 8.5 |
Unrestricted file upload vulnerability in the File Manager in the admin panel in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to a directory specified
|
29-09-2017 - 01:31 | 11-08-2008 - 23:41 | |
CVE-2008-3594 | 7.5 |
SQL injection vulnerability in viewdetails.php in MagicScripts E-Store Kit-1, E-Store Kit-2, E-Store Kit-1 Pro PayPal Edition, and E-Store Kit-2 PayPal Edition allows remote attackers to execute arbitrary SQL commands via the pid parameter.
|
29-09-2017 - 01:31 | 11-08-2008 - 23:41 | |
CVE-2008-3581 | 4.3 |
Cross-site scripting (XSS) vulnerability in index.php in Qsoft K-Links allows remote attackers to inject arbitrary web script or HTML via the login_message parameter in a login action.
|
29-09-2017 - 01:31 | 10-08-2008 - 21:41 | |
CVE-2008-3593 | 7.5 |
Directory traversal vulnerability in index.php in SyzygyCMS 0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
|
29-09-2017 - 01:31 | 11-08-2008 - 23:41 | |
CVE-2010-4853 | 7.5 |
SQL injection vulnerability in the ccInvoices (com_ccinvoices) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewInv action to index.php.
|
29-08-2017 - 01:29 | 05-10-2011 - 10:55 | |
CVE-2006-4225 | 5.0 |
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-3139. Reason: This candidate is a duplicate of CVE-2006-3139. Notes: All CVE users should reference CVE-2006-3139 instead of this candidate. All references and descriptions in t
|
10-09-2008 - 20:27 | 18-08-2006 - 20:04 |