| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2009-3558 | 6.8 |
The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating
|
30-10-2018 - 16:26 | 23-11-2009 - 17:30 | |
| CVE-2006-4905 | 7.5 |
PHP remote file inclusion vulnerability in index.php in Artmedic Links 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, which is processed by the readfile function.
|
17-10-2018 - 21:40 | 21-09-2006 - 00:07 | |
| CVE-2007-2164 | 5.0 |
Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service (browser crash or abort) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
|
16-10-2018 - 16:42 | 22-04-2007 - 19:19 | |
| CVE-2008-0736 | 5.0 |
admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and possibly other 4.x and 3.x versions, allows remote attackers to obtain the path via a certain value of the FedExAccount parameter.
|
15-10-2018 - 22:02 | 13-02-2008 - 01:00 | |
| CVE-2008-0737 | 7.5 |
SQL injection vulnerability in admin/utilities_ConfigHelp.asp in CandyPress (CP) 4.1.1.26, and other 4.x and 3.x versions, allows remote attackers to execute arbitrary SQL commands via the helpfield parameter.
|
15-10-2018 - 22:02 | 13-02-2008 - 01:00 | |
| CVE-2008-0546 | 7.5 |
Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and earlier 4.1.x versions, allow remote attackers to execute arbitrary SQL commands via the (1) idProduct and (2) options parameters to (a) ajax/ajax_optInventory.asp, or the (2) re
|
15-10-2018 - 22:01 | 01-02-2008 - 20:00 | |
| CVE-2008-0547 | 4.3 |
Cross-site scripting (XSS) vulnerability in admin/utilities_ConfigHelp.asp in CandyPress (CP) 4.1.1.26, and probably earlier 4.x and 3.x versions, allows remote attackers to inject arbitrary web script or HTML via the helpfield parameter.
|
15-10-2018 - 22:01 | 01-02-2008 - 20:00 | |
| CVE-2008-5121 | 7.2 |
dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a craf
|
29-09-2017 - 01:32 | 18-11-2008 - 00:30 | |
| CVE-2006-1333 | 6.4 |
Multiple SQL injection vulnerabilities in BetaParticle Blog 6.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to template_permalink.asp or (2) fldGalleryID parameter to template_gallery_detail.asp. Upda
|
21-07-2017 - 01:29 | 21-03-2006 - 01:06 |