| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2006-4656 | 7.5 |
PHP remote file inclusion vulnerability in admin/editeur/spaw_control.class.php in Web Provence SL_Site 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: CVE analysis suggests that this
|
17-10-2018 - 21:38 | 09-09-2006 - 00:04 | |
| CVE-2007-1848 | 4.3 |
Cross-site scripting (XSS) vulnerability in admin/classes/ui.dta.php in Drake CMS allows remote attackers to inject arbitrary web script or HTML via the desc[][title] field. NOTE: Drake CMS has only a beta version available, and the vendor has previ
|
16-10-2018 - 16:40 | 03-04-2007 - 16:19 | |
| CVE-2007-1850 | 5.0 |
Directory traversal vulnerability in classes/captcha/captcha.jpg.php in Drake CMS allows remote attackers to read arbitrary files or list arbitrary directories, and obtain the installation path, via a .. (dot dot) in the d_private parameter. NOTE: D
|
16-10-2018 - 16:40 | 03-04-2007 - 16:19 | |
| CVE-2008-0094 | 6.4 |
Multiple directory traversal vulnerabilities in MODx Content Management System 0.9.6.1 allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the as_language parameter to assets/snippets/AjaxSearch/AjaxSearch.ph
|
15-10-2018 - 21:57 | 08-01-2008 - 02:46 | |
| CVE-2008-4780 | 6.8 |
Directory traversal vulnerability in admin/centre.php in MyForum 1.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the padmin parameter.
|
29-09-2017 - 01:32 | 29-10-2008 - 14:22 | |
| CVE-2010-5035 | 4.3 |
Cross-site scripting (XSS) vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter (aka the search field). NOTE: some of these details are obtained from third p
|
29-08-2017 - 01:29 | 02-11-2011 - 21:55 | |
| CVE-2010-5036 | 7.5 |
SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter.
|
29-08-2017 - 01:29 | 02-11-2011 - 21:55 | |
| CVE-2006-0843 | 5.0 |
Leif M. Wright's Blog 3.5 stores the config file and other txt files under the web root with insufficient access control, which allows remote attackers to read the administrator's password.
|
20-07-2017 - 01:30 | 22-02-2006 - 02:02 | |
| CVE-2006-0844 | 7.5 |
Leif M. Wright's Blog 3.5 does not make a password comparison when authenticating an administrator via a cookie, which allows remote attackers to bypass login authentication, probably by setting the blogAdmin cookie.
|
20-07-2017 - 01:30 | 22-02-2006 - 02:02 | |
| CVE-2006-0845 | 6.5 |
Leif M. Wright's Blog 3.5 allows remote authenticated users with administrative privileges to execute arbitrary programs, including shell commands, by configuring the sendmail path to a malicious pathname.
|
20-07-2017 - 01:30 | 22-02-2006 - 02:02 | |
| CVE-2006-0846 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Leif M. Wright's Blog 3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Referer and (2) User-Agent HTTP headers, which are stored in a log file and not sanitized when
|
20-07-2017 - 01:30 | 22-02-2006 - 02:02 |