| Max CVSS | 7.5 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2014-1731 | 7.5 |
core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote at
|
10-11-2022 - 17:58 | 26-04-2014 - 10:55 | |
| CVE-2017-11457 | 4.0 |
XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request, aka SAP Sec
|
20-04-2021 - 19:36 | 25-07-2017 - 18:29 | |
| CVE-2008-0691 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in admin_panel.php in the Simon Elvery WP-Footnotes 2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wp_footnotes_current_settings[priority], (2) wp
|
15-10-2018 - 22:02 | 12-02-2008 - 01:00 | |
| CVE-2006-1837 | 7.5 |
SQL injection vulnerability in archiv2.php in Fuju News 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
|
19-10-2017 - 01:29 | 19-04-2006 - 16:06 | |
| CVE-2006-1838 | 7.5 |
edit_kategorie.php in Fuju News 1.0 allows remote attackers to bypass authentication by setting the authorized cookie.
|
19-10-2017 - 01:29 | 19-04-2006 - 16:06 | |
| CVE-2014-8677 | 3.5 |
The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create arbitrary databases, or if PHP before 5.2 is being u
|
06-09-2017 - 20:17 | 31-08-2017 - 22:29 | |
| CVE-2014-8675 | 5.0 |
Soplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which allows remote attackers to obtain a calendar owner's password via a brute-force attack on the embedded password hash.
|
06-09-2017 - 02:17 | 31-08-2017 - 22:29 | |
| CVE-2014-8676 | 5.0 |
Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL path parameter.
|
05-09-2017 - 18:06 | 31-08-2017 - 22:29 | |
| CVE-2010-0216 | 5.0 |
authenticate_ad_setup_finished.cfm in MediaCAST 8 and earlier allows remote attackers to discover usernames and cleartext passwords by reading the error messages returned for requests that use the UserID parameter.
|
17-08-2017 - 01:31 | 10-05-2011 - 19:55 | |
| CVE-2003-1467 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
|
29-07-2017 - 01:29 | 31-12-2003 - 05:00 | |
| CVE-2015-3449 | 7.2 |
The Windows client in SAP Afaria 7.0.6398.0 uses weak permissions (Everyone: read and Everyone: write) for the install folder, which allows local users to gain privileges via a Trojan horse XeService.exe file.
|
06-12-2016 - 03:01 | 16-07-2015 - 14:59 | |
| CVE-2015-4426 | 7.5 |
SQL injection vulnerability in pimcore before build 3473 allows remote attackers to execute arbitrary SQL commands via the filter parameter to admin/asset/grid-proxy.
|
09-06-2016 - 17:29 | 18-08-2015 - 17:59 |