| Max CVSS | 7.5 | Min CVSS | 2.6 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2006-0225 | 4.6 |
scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.
|
19-10-2018 - 15:43 | 25-01-2006 - 11:03 | |
| CVE-2006-4423 | 7.5 |
Multiple PHP remote file inclusion vulnerabilities in Bigace 1.8.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[_BIGACE][DIR][admin] parameter in (a) system/command/admin.cmd.php, (b) admin/include/upload_form.php
|
17-10-2018 - 21:37 | 29-08-2006 - 00:04 | |
| CVE-2007-1607 | 5.0 |
search.php in w-Agora (Web-Agora) allows remote attackers to obtain potentially sensitive information via a ' (quote) value followed by certain SQL sequences in the (1) search_forum or (2) search_user parameter, which force a SQL error.
|
16-10-2018 - 16:39 | 22-03-2007 - 23:19 | |
| CVE-2007-1606 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in w-Agora (Web-Agora) allow remote attackers to inject arbitrary web script or HTML via (1) the showuser parameter to profile.php, the (2) search_forum or (3) search_user parameter to search.php, o
|
16-10-2018 - 16:39 | 22-03-2007 - 23:19 | |
| CVE-2007-1604 | 7.5 |
Multiple unrestricted file upload vulnerabilities in w-Agora (Web-Agora) allow remote attackers to upload and execute arbitrary PHP code (1) via a forum message with an attached file, which is stored under forums/hello/hello/notes/ or (2) by using br
|
16-10-2018 - 16:39 | 22-03-2007 - 23:19 | |
| CVE-2007-1605 | 5.0 |
w-Agora (Web-Agora) allows remote attackers to obtain sensitive information via a request to rss.php with an invalid (1) site or (2) bn parameter, (3) a certain value of the site[] parameter, or (4) an empty value of the bn[] parameter; a request to
|
16-10-2018 - 16:39 | 22-03-2007 - 23:19 | |
| CVE-2007-6455 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Itemid parameter in a com_frontpage option and the (2) option parameter.
|
15-10-2018 - 21:54 | 20-12-2007 - 00:46 | |
| CVE-2008-5211 | 2.6 |
Cross-site scripting (XSS) vulnerability in search.php in Sphider 1.3.4, when the search suggestion feature is enabled, allows remote attackers to inject arbitrary web script or HTML via the query parameter, a different vector than CVE-2006-2506.
|
11-10-2018 - 20:54 | 24-11-2008 - 17:30 | |
| CVE-2008-4682 | 5.0 |
wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion.
|
11-10-2018 - 20:52 | 22-10-2008 - 18:00 | |
| CVE-2008-5191 | 7.5 |
Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) poll_id parameter to poll.php and the (2) sp_id parameter to staticpages.php.
|
29-09-2017 - 01:32 | 21-11-2008 - 17:30 | |
| CVE-2008-5214 | 4.3 |
Cross-site scripting (XSS) vulnerability in service/calendrier.php in ClanLite 2.2006.05.20 allows remote attackers to inject arbitrary web script or HTML via the annee parameter.
|
29-09-2017 - 01:32 | 24-11-2008 - 17:30 | |
| CVE-2008-5209 | 5.0 |
Directory traversal vulnerability in modules/download/get_file.php in Admidio 1.4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
29-09-2017 - 01:32 | 24-11-2008 - 17:30 | |
| CVE-2008-5192 | 7.5 |
SQL injection vulnerability in forum.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: this might overlap CVE-2008-2334, CVE-2008-1939, CVE-2007-2641, or CVE-2007-0920.
|
29-09-2017 - 01:32 | 21-11-2008 - 17:30 | |
| CVE-2008-5217 | 5.1 |
Directory traversal vulnerability in index.php in txtCMS 0.3, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter.
|
29-09-2017 - 01:32 | 24-11-2008 - 17:30 | |
| CVE-2008-5208 | 7.5 |
SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
|
29-09-2017 - 01:32 | 24-11-2008 - 17:30 | |
| CVE-2008-5193 | 4.3 |
Cross-site scripting (XSS) vulnerability in search.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. NOTE: this might overlap CVE-2007-4024.
|
29-09-2017 - 01:32 | 21-11-2008 - 17:30 | |
| CVE-2008-5215 | 7.5 |
SQL injection vulnerability in service/profil.php in ClanLite 2.2006.05.20 allows remote attackers to execute arbitrary SQL commands via the link parameter.
|
29-09-2017 - 01:32 | 24-11-2008 - 17:30 | |
| CVE-2008-5194 | 7.5 |
SQL injection vulnerability in checkavail.php in SoftVisions Software Online Booking Manager (obm) 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
29-09-2017 - 01:32 | 21-11-2008 - 17:30 | |
| CVE-2008-5212 | 7.5 |
SQL injection vulnerability in classifide_ad.php in AJ Auction 6.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
|
29-09-2017 - 01:32 | 24-11-2008 - 17:30 | |
| CVE-2008-5195 | 7.5 |
Multiple SQL injection vulnerabilities in SebracCMS (sbcms) 0.4 allow remote attackers to execute arbitrary SQL commands via (1) the recid parameter to cms/form/read.php, (2) the uname parameter to cms/index.php, and other unspecified vectors.
|
29-09-2017 - 01:32 | 21-11-2008 - 17:30 | |
| CVE-2010-4940 | 7.5 |
SQL injection vulnerability in index.php in WAnewsletter 2.1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
29-08-2017 - 01:29 | 09-10-2011 - 10:55 |