Max CVSS | 10.0 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2006-7103 | 6.4 |
Multiple directory traversal vulnerabilities in EZOnlineGallery 1.3 and earlier, and possibly other versions before 1.3.2 Beta, allow remote attackers to (1) determine directory existence via a ".." in the album parameter in a show_album action to (a
|
14-02-2024 - 01:17 | 03-03-2007 - 21:19 | |
CVE-2005-3193 | 5.1 |
Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-
|
19-10-2018 - 15:35 | 07-12-2005 - 00:03 | |
CVE-2007-1220 | 6.2 |
The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not properly verify the parameters passed to the syscall dispatcher, which allows attackers with physical access to bypass code-signing requirements and execute arbitrary code.
|
16-10-2018 - 16:37 | 02-03-2007 - 22:19 | |
CVE-2007-1247 | 6.8 |
Multiple PHP remote file inclusion vulnerabilities in aWeb Labs aWebNews 1.5 allow remote attackers to execute arbitrary PHP code via a URL in the path_to_news parameter to (1) listing.php or (2) visview.php. Successful exploitation requires that "re
|
16-10-2018 - 16:37 | 03-03-2007 - 20:19 | |
CVE-2007-1221 | 7.2 |
The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows attackers with physical access to force execution of the hypervisor syscall with a certain register set, which bypasses intended code protection.
|
16-10-2018 - 16:37 | 02-03-2007 - 22:19 | |
CVE-2007-1231 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) database name, (2) table name, (3) ViewName, (4) view, (5) trigger, and (6) function fields in main.p
|
16-10-2018 - 16:37 | 03-03-2007 - 19:19 | |
CVE-2007-1254 | 6.5 |
SQL injection vulnerability in part.userprofile.php in Connectix Boards 0.7 and earlier allows remote authenticated users to execute arbitrary SQL commands and obtain privileges via the p_skin parameter to index.php.
|
16-10-2018 - 16:37 | 03-03-2007 - 20:19 | |
CVE-2007-1170 | 5.0 |
SimBin GTR - FIA GT Racing Game 1.5.0.0 and earlier, GT Legends 1.1.0.0 and earlier, GTR 2 1.1 and earlier, and RACE - The WTCC Game 1.0 and earlier allow remote attackers to cause a denial of service (client disconnection) via an empty UDP packet to
|
16-10-2018 - 16:37 | 02-03-2007 - 21:18 | |
CVE-2007-1255 | 6.0 |
Unrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated administrators to execute arbitrary PHP code by uploading a crafted GIF smiley image with a .php extension via the uploadimage
|
16-10-2018 - 16:37 | 03-03-2007 - 20:19 | |
CVE-2007-1232 | 5.1 |
Directory traversal vulnerability in SQLiteManager 1.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in a SQLiteManager_currentTheme cookie. Successful exploitation requires that "magic_quotes_gpc" is disabled. Additionally, i
|
16-10-2018 - 16:37 | 03-03-2007 - 19:19 | |
CVE-2007-0889 | 4.6 |
Kiwi CatTools before 3.2.0 beta uses weak encryption ("reversible encoding") for passwords, account names, and IP addresses in kiwidb-cattools.kdb, which might allow local users to gain sensitive information by decrypting the file. NOTE: this issue
|
16-10-2018 - 16:35 | 12-02-2007 - 23:28 | |
CVE-2007-0888 | 10.0 |
Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET
|
16-10-2018 - 16:35 | 12-02-2007 - 23:28 | |
CVE-2006-7124 | 7.5 |
PHP remote file inclusion vulnerability in external/rssfeeds.php in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to execute arbitrary PHP code via the baseDir parameter.
|
16-10-2018 - 16:29 | 06-03-2007 - 01:19 | |
CVE-2006-7123 | 7.5 |
Multiple SQL injection vulnerabilities in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters when importing the (a) ip-to-count
|
16-10-2018 - 16:29 | 06-03-2007 - 01:19 | |
CVE-2006-7129 | 2.1 |
ISS BlackICE PC Protection 3.6 cpj and cpu, and possibly earlier versions, allows local users to bypass the protection scheme by using the ZwDeleteFile API function to delete the critical filelock.txt file, which stores information about protected fi
|
16-10-2018 - 16:29 | 06-03-2007 - 01:19 | |
CVE-2006-7122 | 6.8 |
Cross-site scripting (XSS) vulnerability in the IP Address Lookup functionality in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to inject arbitrary web script and HTML via the ip parame
|
16-10-2018 - 16:29 | 06-03-2007 - 01:19 | |
CVE-2003-1359 | 7.2 |
Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows local users to gain privileges via a long command line argument.
|
11-10-2017 - 01:29 | 31-12-2003 - 05:00 | |
CVE-2008-3539 | 2.1 |
Unspecified vulnerability in HP OpenView Select Identity (HPSI) Connectors on Windows, as used in HPSI Active Directory Connector 2.30 and earlier, HPSI SunOne Connector 1.14 and earlier, HPSI eDirectory Connector 1.12 and earlier, HPSI eTrust Connec
|
08-08-2017 - 01:31 | 11-09-2008 - 01:12 | |
CVE-2007-1191 | 2.1 |
The Social Bookmarks (del.icio.us) plug-in 8F in Quicksilver writes usernames and passwords in plaintext to the /Library/Logs/Console/UID/Console.log file, which allows local users to obtain sensitive information by reading this file.
|
29-07-2017 - 01:30 | 02-03-2007 - 21:18 | |
CVE-2006-7104 | 7.5 |
PHP remote file inclusion vulnerability in htmltemplate.php in the Chad Auld MOStlyContent Editor (MOStlyCE) as created on May 2006, a component for Mambo 4.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolut
|
29-07-2017 - 01:29 | 03-03-2007 - 21:19 | |
CVE-2003-1358 | 7.2 |
rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment variable to find and execute programs such as rm while operating at raised privileges, which allows local users to gain privileges by modifying the path to point to a malicious rm program
|
29-07-2017 - 01:29 | 31-12-2003 - 05:00 | |
CVE-2003-1360 | 7.2 |
Buffer overflow in the setupterm function of (1) lanadmin and (2) landiag programs of HP-UX 10.0 through 10.34 allows local users to execute arbitrary code via a long TERM environment variable.
|
29-07-2017 - 01:29 | 31-12-2003 - 05:00 | |
CVE-2006-3135 | 7.5 |
Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter in the (a) news module, (2) searchstring parameter in (b) the searc
|
20-07-2017 - 01:32 | 13-07-2006 - 21:05 | |
CVE-2011-1538 | 4.9 |
Open redirect vulnerability in HP Proliant Support Pack (PSP) before 8.7 allows remote authenticated users to redirect other users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
|
22-09-2011 - 03:30 | 03-05-2011 - 19:55 | |
CVE-2011-1539 | 5.0 |
Unspecified vulnerability in HP Proliant Support Pack (PSP) before 8.7 allows remote attackers to obtain sensitive information via unknown vectors.
|
22-09-2011 - 03:30 | 03-05-2011 - 19:55 | |
CVE-2011-1537 | 4.3 |
Cross-site scripting (XSS) vulnerability in HP Proliant Support Pack (PSP) before 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
22-09-2011 - 03:30 | 03-05-2011 - 19:55 |