| Max CVSS | 7.5 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2011-4107 | 4.3 |
The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity ref
|
09-02-2024 - 02:27 | 17-11-2011 - 19:55 | |
| CVE-2006-2161 | 5.1 |
Buffer overflow in (1) TZipBuilder 1.79.03.01, (2) Abakt 0.9.2 and 0.9.3-beta1, (3) CAM UnZip 4.0 and 4.3, and possibly other products, allows user-assisted attackers to execute arbitrary code via a ZIP archive that contains a file with a long file n
|
18-10-2018 - 16:38 | 09-05-2006 - 10:02 | |
| CVE-2006-5881 | 7.5 |
SQL injection vulnerability in cl_CatListing.asp in Dynamic Dataworx NuCommunity 1.0 allows remote attackers to execute arbitrary SQL commands via the cl_cat_ID parameter.
|
17-10-2018 - 21:45 | 14-11-2006 - 19:07 | |
| CVE-2007-3494 | 6.8 |
Papoo CMS 3.6, and possibly earlier, does not verify user privileges when accessing the backend administration plugins, which allows remote authenticated users to (1) read the entire database by accessing the database backup plugin via a devtools/tem
|
16-10-2018 - 16:50 | 29-06-2007 - 18:30 | |
| CVE-2008-5792 | 6.8 |
PHP remote file inclusion vulnerability in show_joined.php in Indiscripts Enthusiast 3.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: the researcher also points out the analogo
|
11-10-2018 - 20:56 | 31-12-2008 - 11:30 | |
| CVE-2008-2083 | 6.8 |
SQL injection vulnerability in directory.php in Prozilla Hosting Index, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
|
11-10-2018 - 20:39 | 05-05-2008 - 17:20 | |
| CVE-2011-4158 | 4.0 |
Unspecified vulnerability in HP Directories Support for ProLiant Management Processors 3.10 and 3.20 for Integrated Lights-Out iLO2 and iLO3 allows remote authenticated users to obtain sensitive information via unknown vectors.
|
09-10-2018 - 19:33 | 16-11-2011 - 16:55 | |
| CVE-2011-4432 | 5.0 |
www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rain
|
14-02-2012 - 04:09 | 10-11-2011 - 00:55 | |
| CVE-2011-4431 | 6.5 |
Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter.
|
14-02-2012 - 04:09 | 10-11-2011 - 00:55 | |
| CVE-2011-4155 | 4.3 |
Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0x and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4156.
|
14-02-2012 - 04:09 | 16-11-2011 - 22:55 | |
| CVE-2011-4156 | 4.3 |
Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0x and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4155.
|
14-02-2012 - 04:09 | 16-11-2011 - 22:55 |