| Max CVSS | 9.3 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2006-2516 | 5.1 |
mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is enabled, allows remote attackers to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] t
|
18-10-2018 - 16:40 | 22-05-2006 - 22:02 | |
| CVE-2006-6189 | 7.5 |
SQL injection vulnerability in displayCalendar.asp in ClickTech Click Blog allows remote attackers to execute arbitrary SQL commands via the date parameter.
|
17-10-2018 - 21:47 | 01-12-2006 - 00:28 | |
| CVE-2007-4047 | 6.4 |
geoBlog (aka BitDamaged) 1 does not require authentication for (1) deletecomment.php, (2) deleteblog.php, and (3) listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other unspecifie
|
15-10-2018 - 21:33 | 27-07-2007 - 22:30 | |
| CVE-2008-1442 | 9.3 |
Heap-based buffer overflow in the substringData method in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code, related to an unspecified manipulation of a DOM object before a call to this method, aka the "HTML Object
|
12-10-2018 - 21:45 | 12-06-2008 - 02:32 | |
| CVE-2008-5935 | 5.0 |
Facto stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for database/facto.mdb. NOTE: some of these details are
|
11-10-2018 - 20:56 | 21-01-2009 - 18:30 |