| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2006-1896 | 6.0 |
Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 ($theme[fontcolor3] variable) and/or signature values, possibly involving the highlight func
|
18-10-2018 - 16:37 | 20-04-2006 - 10:02 | |
| CVE-2006-5485 | 7.5 |
Multiple PHP remote file inclusion vulnerabilities in SpeedBerg 1.2beta1 allow remote attackers to execute arbitrary PHP code via a URL in the SPEEDBERG_PATH parameter to (1) entrancePage.tpl.php, (2) generalToolBox.tlb.php, (3) myToolBox.tlb.php, (4
|
17-10-2018 - 21:43 | 24-10-2006 - 22:07 | |
| CVE-2007-2994 | 7.5 |
SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a fullnews action, a different vector than CVE-2007-0693.
|
16-10-2018 - 16:46 | 04-06-2007 - 17:30 | |
| CVE-2008-1458 | 4.3 |
Cross-site scripting (XSS) vulnerability in index.php in CS-Cart 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a products search action. NOTE: it was also reported that 1.3.5-SP2 trial edition is also af
|
11-10-2018 - 20:34 | 24-03-2008 - 18:44 | |
| CVE-2008-5603 | 5.0 |
ASPTicker 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for news.mdb.
|
29-09-2017 - 01:32 | 16-12-2008 - 19:07 |