Max CVSS | 10.0 | Min CVSS | 2.6 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2006-7103 | 6.4 |
Multiple directory traversal vulnerabilities in EZOnlineGallery 1.3 and earlier, and possibly other versions before 1.3.2 Beta, allow remote attackers to (1) determine directory existence via a ".." in the album parameter in a show_album action to (a
|
14-02-2024 - 01:17 | 03-03-2007 - 21:19 | |
CVE-2008-0662 | 7.2 |
The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control permissions, which allows local users to gain privi
|
25-01-2024 - 21:31 | 08-02-2008 - 02:00 | |
CVE-2007-2139 | 10.0 |
Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suit
|
09-04-2021 - 18:54 | 25-04-2007 - 20:19 | |
CVE-2011-3190 | 7.5 |
Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive in
|
25-03-2019 - 11:33 | 31-08-2011 - 23:55 | |
CVE-2006-0328 | 5.0 |
Format string vulnerability in Tftpd32 2.81 allows remote attackers to cause a denial of service via format string specifiers in a filename in a (1) GET or (2) SEND request.
|
19-10-2018 - 15:44 | 21-01-2006 - 00:03 | |
CVE-2006-0225 | 4.6 |
scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.
|
19-10-2018 - 15:43 | 25-01-2006 - 11:03 | |
CVE-2006-3273 | 2.6 |
Cross-site scripting (XSS) vulnerability in menu.php in Some Chess 1.5 rc1 allows remote attackers to inject arbitrary web script or HTML via the user parameter ("New Name" field).
|
18-10-2018 - 16:46 | 28-06-2006 - 22:05 | |
CVE-2006-2881 | 5.1 |
Multiple PHP remote file inclusion vulnerabilities in DreamAccount 3.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the da_path parameter in the (1) auth.cookie.inc.php, (2) auth.hea
|
18-10-2018 - 16:43 | 07-06-2006 - 10:02 | |
CVE-2006-2610 | 2.6 |
Cross-site scripting (XSS) vulnerability in view.php in phpRaid 2.9.5 allows remote attackers to inject arbitrary web script or HTML via the (1) URL query string and the (2) Sort parameter.
|
18-10-2018 - 16:40 | 26-05-2006 - 01:06 | |
CVE-2006-2278 | 5.0 |
SaphpLesson 3.0 does not initialize array variables, which allows remote attackers to obtain the full path via an non-array (1) hrow parameter to (a) show.php or (b) index.php; the (2) Lsnrow parameter to (c) showcat.php; or the (3) rows parameter to
|
18-10-2018 - 16:38 | 10-05-2006 - 02:14 | |
CVE-2006-2279 | 7.5 |
Multiple SQL injection vulnerabilities in SaphpLesson 3.0 allow remote attackers to execute arbitrary SQL commands via (1) the Find parameter in (a) search.php, and the (2) LID and (3) Rate parameters in (b) misc.php.
|
18-10-2018 - 16:38 | 10-05-2006 - 02:14 | |
CVE-2006-1896 | 6.0 |
Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 ($theme[fontcolor3] variable) and/or signature values, possibly involving the highlight func
|
18-10-2018 - 16:37 | 20-04-2006 - 10:02 | |
CVE-2006-1593 | 5.0 |
The (1) ZD_MissingPlayer, (2) ZD_UseItem, and (3) ZD_LoadNewClientLevel functions in sv_main.cpp for (a) Zdaemon 1.08.01 and (b) X-Doom allows remote attackers to cause a denial of service (crash) via an invalid player slot or item number, which caus
|
18-10-2018 - 16:33 | 03-04-2006 - 10:04 | |
CVE-2006-1391 | 5.0 |
The (a) Quick 'n Easy Web Server before 3.1.1 and (b) Baby ASP Web Server 2.7.2 allows remote attackers to obtain the source code of ASP files via (1) . (dot) and (2) space characters in the extension of a URL.
|
18-10-2018 - 16:32 | 25-03-2006 - 00:06 | |
CVE-2006-1423 | 5.0 |
SQL injection vulnerability in showflat.php in UBB.threads 5.5.1, 6.0 br5, 6.0.1, 6.0.2, and earlier, allows remote attackers to execute arbitrary SQL commands via the Number parameter.
|
18-10-2018 - 16:32 | 28-03-2006 - 20:02 | |
CVE-2006-1420 | 5.0 |
SQL injection vulnerability in print.php in SaphpLesson 2.0 allows remote attackers to execute arbitrary SQL commands via the lessid parameter.
|
18-10-2018 - 16:32 | 28-03-2006 - 20:02 | |
CVE-2006-1217 | 7.5 |
SQL injection vulnerability in DSPoll 1.1 allows remote attackers to execute arbitrary SQL commands via the pollid parameter to (1) results.php, (2) topolls.php, (3) pollit.php.
|
18-10-2018 - 16:31 | 14-03-2006 - 02:02 | |
CVE-2006-1232 | 7.5 |
Multiple SQL injection vulnerabilities in DSDownload 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) key and (2) category parameters to (a) search.php and (b) downloads.php. "magic_quotes_gpc"
|
18-10-2018 - 16:31 | 14-03-2006 - 19:06 | |
CVE-2006-1237 | 7.5 |
Multiple SQL injection vulnerabilities in DSNewsletter 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the email parameter to (1) include/sub.php, (2) include/confirm.php, or (3) include/unconfirm.php
|
18-10-2018 - 16:31 | 15-03-2006 - 16:06 | |
CVE-2006-1234 | 5.1 |
SQL injection vulnerability in index.php in DSCounter 1.2, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header. Successf
|
18-10-2018 - 16:31 | 14-03-2006 - 19:06 | |
CVE-2006-1008 | 5.8 |
Multiple cross-site scripting (XSS) vulnerabilities in N8cms 1.1 and 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) dir and (2) page_id parameter to (a) index.php and (3) userid parameter to (b) mailto.php. NOTE: it is
|
18-10-2018 - 16:30 | 06-03-2006 - 20:06 | |
CVE-2006-6778 | 6.8 |
Cross-site scripting (XSS) vulnerability in shownews.php in TimberWolf 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the nid parameter.
|
17-10-2018 - 21:49 | 28-12-2006 - 00:28 | |
CVE-2006-6281 | 7.5 |
PHP remote file inclusion vulnerability in check_status.php in dicshunary 0.1 alpha allows remote attackers to execute arbitrary PHP code via a URL in the dicshunary_root_path parameter.
|
17-10-2018 - 21:47 | 04-12-2006 - 11:28 | |
CVE-2006-5918 | 7.5 |
Unrestricted file upload vulnerability in RapidKill (aka PHP Rapid Kill) 5.7 Pro, and certain other versions, allows remote attackers to upload and execute arbitrary PHP scripts via the "Link to Download" field. NOTE: it is possible that the field v
|
17-10-2018 - 21:45 | 15-11-2006 - 15:07 | |
CVE-2006-5485 | 7.5 |
Multiple PHP remote file inclusion vulnerabilities in SpeedBerg 1.2beta1 allow remote attackers to execute arbitrary PHP code via a URL in the SPEEDBERG_PATH parameter to (1) entrancePage.tpl.php, (2) generalToolBox.tlb.php, (3) myToolBox.tlb.php, (4
|
17-10-2018 - 21:43 | 24-10-2006 - 22:07 | |
CVE-2006-5107 | 7.5 |
Multiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter in admin/forgot_pass.php, (2) the order_id parameter in view_order.php, (3) the view_doc param
|
17-10-2018 - 21:41 | 03-10-2006 - 04:03 | |
CVE-2006-5109 | 5.0 |
Devellion CubeCart 2.0.x allows remote attackers to obtain sensitive information via a direct request for (1) link_navi.php or (2) spotlight.php, which reveals the path in various error messages. NOTE: the information.php, language.php, list_docs.ph
|
17-10-2018 - 21:41 | 03-10-2006 - 04:03 | |
CVE-2006-5108 | 6.8 |
Multiple cross-site scripting (XSS) vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to inject arbitrary web script or HTML via the order_id parameter in (1) admin/print_order.php and (2) view_order.php; the (3) site_url and (4) la_
|
17-10-2018 - 21:41 | 03-10-2006 - 04:03 | |
CVE-2006-4971 | 5.0 |
MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message.
|
17-10-2018 - 21:40 | 25-09-2006 - 01:07 | |
CVE-2006-4908 | 5.0 |
OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive information via a URL containing an * (asterisk) wildcard, which displays all matching file and directory information.
|
17-10-2018 - 21:40 | 21-09-2006 - 00:07 | |
CVE-2006-4958 | 6.8 |
Multiple cross-site scripting (XSS) vulnerabilities in Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.20.983 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving (1) taarchives.cgi, (2)
|
17-10-2018 - 21:40 | 23-09-2006 - 10:07 | |
CVE-2006-4979 | 5.0 |
Direct static code injection vulnerability in cfgphpquiz/install.php in Walter Beschmout PhpQuiz 1.2 and earlier allows remote attackers to inject arbitrary PHP code in config.inc.php via modified configuration settings.
|
17-10-2018 - 21:40 | 25-09-2006 - 01:07 | |
CVE-2006-4978 | 7.5 |
Multiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the univers parameter in score.php and (2) the quiz_id parameter in home.php, accessed through the fro
|
17-10-2018 - 21:40 | 25-09-2006 - 01:07 | |
CVE-2006-4976 | 5.0 |
The Date Library in John Lim ADOdb Library for PHP allows remote attackers to obtain sensitive information via a direct request for (1) server.php, (2) adodb-errorpear.inc.php, (3) adodb-iterator.inc.php, (4) adodb-pear.inc.php, (5) adodb-perf.inc.ph
|
17-10-2018 - 21:40 | 25-09-2006 - 01:07 | |
CVE-2006-4967 | 6.8 |
Multiple cross-site scripting (XSS) vulnerabilities in NextAge Cart allow remote attackers to inject arbitrary web script or HTML via (1) the CatId parameter in a product category action in index.php or (2) the SearchWd parameter in an index search a
|
17-10-2018 - 21:40 | 25-09-2006 - 01:07 | |
CVE-2006-4975 | 2.6 |
Yahoo! Messenger for WAP permits saving messages that contain JavaScript, which allows user-assisted remote attackers to inject arbitrary web script or HTML via a URL at the online service.
|
17-10-2018 - 21:40 | 25-09-2006 - 01:07 | |
CVE-2006-4972 | 5.1 |
Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter. Successful exploitation requires that "register
|
17-10-2018 - 21:40 | 25-09-2006 - 01:07 | |
CVE-2006-4977 | 5.0 |
Multiple unrestricted file upload vulnerabilities in (1) back/upload_img.php and (2) admin/upload_img.php in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to upload arbitrary PHP code to the phpquiz/img_quiz folder via the (a) uploa
|
17-10-2018 - 21:40 | 25-09-2006 - 01:07 | |
CVE-2006-4915 | 4.3 |
Cross-site scripting (XSS) vulnerability in index.php in Innovate Portal 2.0 allows remote attackers to inject arbitrary web script or HTML via the content parameter.
|
17-10-2018 - 21:40 | 21-09-2006 - 01:07 | |
CVE-2006-4970 | 7.5 |
PHP remote file inclusion vulnerability in enc/content.php in WAHM E-Commerce Pie Cart Pro allows remote attackers to execute arbitrary PHP code via a URL in the Home_Path parameter.
|
17-10-2018 - 21:40 | 25-09-2006 - 01:07 | |
CVE-2006-4959 | 5.0 |
Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.3 allows remote attackers to obtain sensitive information, including hostnames, versions, and settings details, via unspecified vectors, possibly involving (1) taarchives.cgi, (2) ttaAuthentic
|
17-10-2018 - 21:40 | 23-09-2006 - 10:07 | |
CVE-2006-4739 | 2.6 |
Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the OriginalImageData parameter to phpthumb.php.
|
17-10-2018 - 21:39 | 13-09-2006 - 22:07 | |
CVE-2006-4737 | 7.5 |
SQL injection vulnerability in index.php in Jetbox CMS allows remote attackers to inject arbitrary web script or HTML via the item parameter. NOTE: The view vector is already covered by CVE-2006-3586.2.
|
17-10-2018 - 21:39 | 13-09-2006 - 22:07 | |
CVE-2006-4740 | 5.0 |
Jetbox CMS allows remote attackers to obtain sensitive information via a direct request for certain files, which reveal the path in an error message.
|
17-10-2018 - 21:39 | 13-09-2006 - 22:07 | |
CVE-2006-4738 | 7.5 |
PHP remote file inclusion vulnerability in phpthumb.php in Jetbox CMS allows remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter. NOTE: The relative_script_path vector is already covered by CVE-2006-2270.
|
17-10-2018 - 21:39 | 13-09-2006 - 22:07 | |
CVE-2006-4423 | 7.5 |
Multiple PHP remote file inclusion vulnerabilities in Bigace 1.8.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[_BIGACE][DIR][admin] parameter in (a) system/command/admin.cmd.php, (b) admin/include/upload_form.php
|
17-10-2018 - 21:37 | 29-08-2006 - 00:04 | |
CVE-2006-3775 | 7.5 |
SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER['HTTP_CLIENT_IP'] variable), as utilized by in
|
17-10-2018 - 21:30 | 24-07-2006 - 12:19 | |
CVE-2007-2994 | 7.5 |
SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a fullnews action, a different vector than CVE-2007-0693.
|
16-10-2018 - 16:46 | 04-06-2007 - 17:30 | |
CVE-2007-2258 | 7.5 |
PHP remote file inclusion vulnerability in includes/init.inc.php in PHPMyBibli allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter.
|
16-10-2018 - 16:42 | 25-04-2007 - 17:19 | |
CVE-2007-2256 | 4.3 |
Cross-site scripting (XSS) vulnerability in you.php in TJSChat 0.95 allows remote attackers to inject arbitrary web script or HTML via the user parameter.
|
16-10-2018 - 16:42 | 25-04-2007 - 17:19 | |
CVE-2007-2259 | 7.5 |
SQL injection vulnerability in forum.php in EsForum 3.0 allows remote attackers to execute arbitrary SQL commands via the idsalon parameter.
|
16-10-2018 - 16:42 | 25-04-2007 - 17:19 | |
CVE-2007-2260 | 7.5 |
Multiple PHP remote file inclusion vulnerabilities in bibtex mase beta 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the bibtexrootrel parameter to (1) unavailable.php, (2) source.php, (3) log.php, (4) latex.php, (5) indexinfo
|
16-10-2018 - 16:42 | 25-04-2007 - 17:19 | |
CVE-2007-2265 | 6.8 |
Cross-site scripting (XSS) vulnerability in YA Book 0.98-alpha allows remote attackers to inject arbitrary web script or HTML via the City field in a sign action in index.php.
|
16-10-2018 - 16:42 | 25-04-2007 - 20:19 | |
CVE-2007-2262 | 7.5 |
Multiple PHP remote file inclusion vulnerabilities in html/php/detail.php in Sinato jmuffin allow remote attackers to execute arbitrary PHP code via a URL in the (1) relPath and (2) folder parameters. NOTE: this product was originally reported as "F
|
16-10-2018 - 16:42 | 25-04-2007 - 17:19 | |
CVE-2007-2261 | 7.5 |
PHP remote file inclusion vulnerability in espaces/communiques/annotations.php in C-Arbre 0.6PR7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, a different vector than CVE-2007-1721.
|
16-10-2018 - 16:42 | 25-04-2007 - 17:19 | |
CVE-2007-2257 | 7.5 |
PHP remote file inclusion vulnerability in subscp.php in Fully Modded phpBB2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
|
16-10-2018 - 16:42 | 25-04-2007 - 17:19 | |
CVE-2007-1996 | 6.8 |
PHP remote file inclusion vulnerability in codebreak.php in CodeBreak, probably 1.1.2 and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the process_method parameter.
|
16-10-2018 - 16:41 | 12-04-2007 - 10:19 | |
CVE-2007-1607 | 5.0 |
search.php in w-Agora (Web-Agora) allows remote attackers to obtain potentially sensitive information via a ' (quote) value followed by certain SQL sequences in the (1) search_forum or (2) search_user parameter, which force a SQL error.
|
16-10-2018 - 16:39 | 22-03-2007 - 23:19 | |
CVE-2007-1606 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in w-Agora (Web-Agora) allow remote attackers to inject arbitrary web script or HTML via (1) the showuser parameter to profile.php, the (2) search_forum or (3) search_user parameter to search.php, o
|
16-10-2018 - 16:39 | 22-03-2007 - 23:19 | |
CVE-2007-1604 | 7.5 |
Multiple unrestricted file upload vulnerabilities in w-Agora (Web-Agora) allow remote attackers to upload and execute arbitrary PHP code (1) via a forum message with an attached file, which is stored under forums/hello/hello/notes/ or (2) by using br
|
16-10-2018 - 16:39 | 22-03-2007 - 23:19 | |
CVE-2007-1605 | 5.0 |
w-Agora (Web-Agora) allows remote attackers to obtain sensitive information via a request to rss.php with an invalid (1) site or (2) bn parameter, (3) a certain value of the site[] parameter, or (4) an empty value of the bn[] parameter; a request to
|
16-10-2018 - 16:39 | 22-03-2007 - 23:19 | |
CVE-2007-0981 | 7.5 |
Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the h
|
16-10-2018 - 16:35 | 16-02-2007 - 01:28 | |
CVE-2007-0609 | 5.1 |
Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. (dot dot) in a lang cookie, followed by a filename w
|
16-10-2018 - 16:33 | 09-05-2007 - 17:19 | |
CVE-2007-0310 | 5.0 |
BMC Remedy Action Request System 5.01.02 Patch 1267 generates different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to determine valid account names.
|
16-10-2018 - 16:32 | 18-01-2007 - 00:28 | |
CVE-2008-0810 | 7.5 |
SQL injection vulnerability in the com_scheduling module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
15-10-2018 - 22:03 | 19-02-2008 - 02:00 | |
CVE-2008-0681 | 6.8 |
SQL injection vulnerability in index.php in PHPShop 0.8.1 allows remote attackers to execute arbitrary SQL commands via the product_id parameter, as demonstrated by a shop/flypage action.
|
15-10-2018 - 22:02 | 12-02-2008 - 01:00 | |
CVE-2008-0628 | 7.8 |
The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XX
|
15-10-2018 - 22:02 | 06-02-2008 - 21:00 | |
CVE-2008-0667 | 4.3 |
The DOC.print function in the Adobe JavaScript API, as used by Adobe Acrobat and Reader before 8.1.2, allows remote attackers to configure silent non-interactive printing, and trigger the printing of an arbitrary number of copies of a document. NOTE
|
15-10-2018 - 22:02 | 11-02-2008 - 21:00 | |
CVE-2008-0656 | 10.0 |
Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute.
|
15-10-2018 - 22:02 | 07-02-2008 - 21:00 | |
CVE-2008-0703 | 5.0 |
Multiple directory traversal vulnerabilities in sflog! 0.96 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) permalink or (2) section parameter to index.php, possibly involving includes/entries.inc.php and other files incl
|
15-10-2018 - 22:02 | 12-02-2008 - 01:00 | |
CVE-2008-0635 | 7.5 |
Unspecified vulnerability in the delivery engine in Openads 2.4.0 through 2.4.2 allows remote attackers to execute arbitrary PHP code via unknown vectors.
|
15-10-2018 - 22:02 | 06-02-2008 - 21:00 | |
CVE-2008-0661 | 6.8 |
Buffer overflow in dBpowerAMP Audio Player Release 2 allows remote attackers to execute arbitrary code via a .M3U file with a long URI. NOTE: this might be the same issue as CVE-2004-1569.
|
15-10-2018 - 22:02 | 08-02-2008 - 02:00 | |
CVE-2008-0654 | 7.5 |
Multiple directory traversal vulnerabilities in Azucar CMS 1.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _VIEW (view) parameter to (1) index.php, (2) html/sitio/index.php, or (3) src/sistema/vistas/
|
15-10-2018 - 22:02 | 07-02-2008 - 21:00 | |
CVE-2007-6455 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Itemid parameter in a com_frontpage option and the (2) option parameter.
|
15-10-2018 - 21:54 | 20-12-2007 - 00:46 | |
CVE-2007-5978 | 7.5 |
SQL injection vulnerability in brokenlink.php in the mylinks module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter.
|
15-10-2018 - 21:48 | 15-11-2007 - 00:46 | |
CVE-2007-5052 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Vigile CMS 1.8 allow remote attackers to inject arbitrary web script or HTML via a request to the wiki module with (1) the title parameter or (2) a "title=" sequence in the PATH_INFO
|
15-10-2018 - 21:40 | 24-09-2007 - 00:17 | |
CVE-2007-4850 | 5.0 |
curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vuln
|
15-10-2018 - 21:38 | 25-01-2008 - 01:00 | |
CVE-2007-4540 | 7.5 |
Multiple SQL injection vulnerabilities in download.php in Olate Download (od) 3.4.2 allow remote attackers to execute arbitrary SQL commands via the (1) HTTP_REFERER or (2) HTTP_USER_AGENT HTTP header.
|
15-10-2018 - 21:35 | 27-08-2007 - 21:17 | |
CVE-2007-4167 | 7.5 |
PHP remote file inclusion vulnerability in cat_viewed.php in AL-Caricatier 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the CatName parameter.
|
15-10-2018 - 21:33 | 07-08-2007 - 10:17 | |
CVE-2007-3575 | 7.5 |
SQL injection vulnerability in includes/functions in FreeDomain.co.nr Clone allows remote attackers to execute arbitrary SQL commands via the logindomain parameter to members.php.
|
15-10-2018 - 21:29 | 05-07-2007 - 20:30 | |
CVE-2008-5828 | 5.0 |
Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2)
|
11-10-2018 - 20:56 | 02-01-2009 - 19:30 | |
CVE-2008-5211 | 2.6 |
Cross-site scripting (XSS) vulnerability in search.php in Sphider 1.3.4, when the search suggestion feature is enabled, allows remote attackers to inject arbitrary web script or HTML via the query parameter, a different vector than CVE-2006-2506.
|
11-10-2018 - 20:54 | 24-11-2008 - 17:30 | |
CVE-2008-4682 | 5.0 |
wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion.
|
11-10-2018 - 20:52 | 22-10-2008 - 18:00 | |
CVE-2008-4110 | 7.6 |
Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a
|
11-10-2018 - 20:50 | 16-09-2008 - 22:00 | |
CVE-2008-3365 | 6.8 |
Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on Windows, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language_full parameter.
|
11-10-2018 - 20:48 | 30-07-2008 - 17:41 | |
CVE-2008-2131 | 4.3 |
Cross-site scripting (XSS) vulnerability in mvnForum 1.1 GA allows remote authenticated users to inject arbitrary web script or HTML via the topic field, which is later displayed by user/viewthread.jsp through use of the "quick reply button."
|
11-10-2018 - 20:39 | 09-05-2008 - 18:20 | |
CVE-2008-1458 | 4.3 |
Cross-site scripting (XSS) vulnerability in index.php in CS-Cart 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a products search action. NOTE: it was also reported that 1.3.5-SP2 trial edition is also af
|
11-10-2018 - 20:34 | 24-03-2008 - 18:44 | |
CVE-2010-3276 | 9.3 |
libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an NSV file.
|
10-10-2018 - 20:01 | 28-03-2011 - 16:55 | |
CVE-2010-3275 | 9.3 |
libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a "dangling pointer vulnerability."
|
10-10-2018 - 20:01 | 28-03-2011 - 16:55 | |
CVE-2011-0772 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to
|
09-10-2018 - 19:29 | 04-02-2011 - 01:00 | |
CVE-2008-2882 | 7.5 |
upgrade.asp in sHibby sHop 2.2 and earlier does not require administrative authentication, which allows remote attackers to update a file or have unspecified other impact via a direct request.
|
19-10-2017 - 01:30 | 26-06-2008 - 17:41 | |
CVE-2005-1192 | 5.0 |
Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23, when running TCP/IP on IPv4, allows remote attackers to cause a denial of service via certain packets, related to the PMTU, a different vulnerability than CVE-2004-1060.
|
11-10-2017 - 01:30 | 02-05-2005 - 04:00 | |
CVE-2008-5191 | 7.5 |
Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) poll_id parameter to poll.php and the (2) sp_id parameter to staticpages.php.
|
29-09-2017 - 01:32 | 21-11-2008 - 17:30 | |
CVE-2008-5214 | 4.3 |
Cross-site scripting (XSS) vulnerability in service/calendrier.php in ClanLite 2.2006.05.20 allows remote attackers to inject arbitrary web script or HTML via the annee parameter.
|
29-09-2017 - 01:32 | 24-11-2008 - 17:30 | |
CVE-2008-5209 | 5.0 |
Directory traversal vulnerability in modules/download/get_file.php in Admidio 1.4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
29-09-2017 - 01:32 | 24-11-2008 - 17:30 | |
CVE-2008-4492 | 7.5 |
SQL injection vulnerability in referrals.php in YourOwnBux 4.0 allows remote attackers to execute arbitrary SQL commands via the usNick cookie.
|
29-09-2017 - 01:32 | 08-10-2008 - 18:00 | |
CVE-2008-5603 | 5.0 |
ASPTicker 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for news.mdb.
|
29-09-2017 - 01:32 | 16-12-2008 - 19:07 | |
CVE-2008-5192 | 7.5 |
SQL injection vulnerability in forum.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: this might overlap CVE-2008-2334, CVE-2008-1939, CVE-2007-2641, or CVE-2007-0920.
|
29-09-2017 - 01:32 | 21-11-2008 - 17:30 | |
CVE-2008-5217 | 5.1 |
Directory traversal vulnerability in index.php in txtCMS 0.3, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter.
|
29-09-2017 - 01:32 | 24-11-2008 - 17:30 | |
CVE-2008-5208 | 7.5 |
SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
|
29-09-2017 - 01:32 | 24-11-2008 - 17:30 | |
CVE-2008-5193 | 4.3 |
Cross-site scripting (XSS) vulnerability in search.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. NOTE: this might overlap CVE-2007-4024.
|
29-09-2017 - 01:32 | 21-11-2008 - 17:30 | |
CVE-2008-5215 | 7.5 |
SQL injection vulnerability in service/profil.php in ClanLite 2.2006.05.20 allows remote attackers to execute arbitrary SQL commands via the link parameter.
|
29-09-2017 - 01:32 | 24-11-2008 - 17:30 | |
CVE-2008-5194 | 7.5 |
SQL injection vulnerability in checkavail.php in SoftVisions Software Online Booking Manager (obm) 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
29-09-2017 - 01:32 | 21-11-2008 - 17:30 | |
CVE-2008-4924 | 9.0 |
Multiple insecure method vulnerabilities in MW6 Technologies 1D Barcode ActiveX control (BARCODELib.MW6Barcode, Barcode.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsW
|
29-09-2017 - 01:32 | 04-11-2008 - 21:00 | |
CVE-2008-5212 | 7.5 |
SQL injection vulnerability in classifide_ad.php in AJ Auction 6.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
|
29-09-2017 - 01:32 | 24-11-2008 - 17:30 | |
CVE-2008-5195 | 7.5 |
Multiple SQL injection vulnerabilities in SebracCMS (sbcms) 0.4 allow remote attackers to execute arbitrary SQL commands via (1) the recid parameter to cms/form/read.php, (2) the uname parameter to cms/index.php, and other unspecified vectors.
|
29-09-2017 - 01:32 | 21-11-2008 - 17:30 | |
CVE-2008-3706 | 7.5 |
SQL injection vulnerability in bannerclick.php in ZEEJOBSITE 2.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
|
29-09-2017 - 01:31 | 19-08-2008 - 19:41 | |
CVE-2010-4940 | 7.5 |
SQL injection vulnerability in index.php in WAnewsletter 2.1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
29-08-2017 - 01:29 | 09-10-2011 - 10:55 | |
CVE-2011-1938 | 7.5 |
Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket.
|
17-08-2017 - 01:34 | 31-05-2011 - 20:55 | |
CVE-2008-5278 | 4.3 |
Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable).
|
08-08-2017 - 01:33 | 28-11-2008 - 19:30 | |
CVE-2007-2191 | 6.8 |
Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /
|
29-07-2017 - 01:31 | 24-04-2007 - 17:19 | |
CVE-2002-2273 | 4.3 |
Cross-site scripting (XSS) vulnerability in Webster HTTP Server allows remote attackers to inject arbitrary web script or HTML via the URL.
|
29-07-2017 - 01:29 | 31-12-2002 - 05:00 | |
CVE-2002-2269 | 9.4 |
Directory traversal vulnerability in Webster HTTP Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
|
29-07-2017 - 01:29 | 31-12-2002 - 05:00 | |
CVE-2005-3635 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTE
|
11-07-2017 - 01:33 | 16-11-2005 - 21:22 | |
CVE-2005-3636 | 4.3 |
Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages.
|
11-07-2017 - 01:33 | 16-11-2005 - 21:22 | |
CVE-2005-3202 | 6.8 |
Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 allow remote attackers to inject arbitrary web script or HTML, and subsequently execute SQL statements via the (1) p or (2) p_t02 parameters.
|
11-07-2017 - 01:33 | 14-10-2005 - 10:02 | |
CVE-2006-1497 | 5.0 |
Directory traversal vulnerability in index.php in ViHor Design allows remote attackers to read arbitrary files via the page parameter.
|
08-03-2011 - 02:33 | 30-03-2006 - 00:06 | |
CVE-2006-4068 | 5.0 |
The pswd.js script relies on the client to calculate whether a username and password match hard-coded hashed values for a server, and uses a hashing scheme that creates a large number of collisions, which makes it easier for remote attackers to condu
|
05-09-2008 - 21:08 | 10-08-2006 - 00:04 | |
CVE-2008-0626 | 5.0 |
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6303. Reason: This candidate is a duplicate of CVE-2007-6303. Notes: All CVE users should reference CVE-2007-6303 instead of this candidate. All references and descriptions in t
|
07-02-2008 - 05:00 | 06-02-2008 - 21:00 | |
CVE-2008-0627 | 5.0 |
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6304. Reason: This candidate is a duplicate of CVE-2007-6304. Notes: All CVE users should reference CVE-2007-6304 instead of this candidate. All references and descriptions in t
|
07-02-2008 - 05:00 | 06-02-2008 - 21:00 |