| Max CVSS | 7.6 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2006-6074 | 7.5 |
Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via (1) the ProductID parameter in (a) reviews.asp, or the (2) cat_id or (3) sub_id parameter in (b) subProducts.asp. NOTE:
|
14-02-2024 - 01:17 | 24-11-2006 - 17:07 | |
| CVE-2006-2398 | 5.0 |
Directory traversal vulnerability in index.php in GPhotos 1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the rep parameter.
|
18-10-2018 - 16:39 | 16-05-2006 - 01:02 | |
| CVE-2006-2397 | 5.8 |
Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) rep parameter to (a) index.php or (b) diapo.php or (2) image parameter to (c) affich.php. NOTE:
|
18-10-2018 - 16:39 | 16-05-2006 - 01:02 | |
| CVE-2008-5896 | 7.5 |
CodeAvalanche RateMySite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CARateMySit
|
29-09-2017 - 01:32 | 12-01-2009 - 20:00 | |
| CVE-2007-3928 | 7.6 |
Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users to execute arbitrary code via a long e-mail address in an address book entry. NOTE: this might overlap CVE-2007-3638. The vendor has confirmed the vulnerability
|
29-07-2017 - 01:32 | 21-07-2007 - 00:30 |