Max CVSS 7.8 Min CVSS 2.1 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2007-0189 7.5
PHP remote file inclusion vulnerability in index.php in GeoBB Georgian Bulletin Board allows remote attackers to execute arbitrary PHP code via a URL in the action parameter. NOTE: CVE disputes this issue, since GeoBB 1.0 sets $action to a whitelist
21-03-2024 - 02:15 12-01-2007 - 05:04
CVE-2007-0260 7.5
PHP remote file inclusion vulnerability in index.php in Naig 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the this_path parameter. NOTE: a reliable third party disputes this vulnerability because this_path is
21-03-2024 - 02:15 16-01-2007 - 23:28
CVE-2006-6930 7.5
SQL injection vulnerability in viewad.asp in Rapid Classified 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
14-02-2024 - 01:17 13-01-2007 - 02:28
CVE-2006-6929 6.8
Multiple cross-site scripting (XSS) vulnerabilities in Rapid Classified 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) reply.asp or (b) view_print.asp, the (2) SH1 parameter to (c) search.asp, the (3
14-02-2024 - 01:17 13-01-2007 - 02:28
CVE-2006-3532 5.1
PHP file inclusion vulnerability in includes/edit_new.php in Pivot 1.30 RC2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a FTP URL or full file path in the Paths[extensions_path] parameter.
18-10-2018 - 16:47 12-07-2006 - 21:05
CVE-2006-3533 5.8
Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.30 RC2 and earlier, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) fg, (2) line1, (3) line2, (4) bg, (5) c1, (6) c2, (7) c3, a
18-10-2018 - 16:47 12-07-2006 - 21:05
CVE-2006-3531 7.5
includes/editor/insert_image.php in Pivot 1.30 RC2 and earlier creates the authentication credentials from parameters, which allows remote attackers to obtain privileges and upload arbitrary files via modified (1) pass and (2) session parameters, and
18-10-2018 - 16:47 12-07-2006 - 21:05
CVE-2007-0545 7.8
Maxtricity Tagger 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for tagger.mdb.
16-10-2018 - 16:33 29-01-2007 - 17:28
CVE-2007-0250 5.0
index.php in Nwom topsites 3.0 allows remote attackers to obtain potentially sensitive information via a ' (quote) character in the o parameter, which forces a SQL error.
16-10-2018 - 16:32 16-01-2007 - 23:28
CVE-2007-0249 6.8
Cross-site scripting (XSS) vulnerability in index.php in Nwom topsites 3.0 allows remote attackers to inject arbitrary web script or HTML via the o parameter.
16-10-2018 - 16:32 16-01-2007 - 23:28
CVE-2007-0206 5.0
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allows remote attackers to read arbitrary files via unknown vectors.
16-10-2018 - 16:31 12-01-2007 - 01:28
CVE-2007-0232 7.5
PHP remote file inclusion vulnerability in routines/fieldValidation.php in Jshop Server 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the jssShopFileSystem parameter.
16-10-2018 - 16:31 13-01-2007 - 02:28
CVE-2006-6927 7.5
Multiple SQL injection vulnerabilities in Rialto 1.6 allow remote attackers to execute arbitrary SQL commands via (1) the uname (username) and (2) pword (passwd) fields in (a) admin/default.asp; the (3) ID parameter to (b) listfull.asp or (c) printma
16-10-2018 - 16:29 13-01-2007 - 02:28
CVE-2006-6936 6.8
Cross-site scripting (XSS) vulnerability in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary HTML or web script via (1) the catname parameter to displaypic.asp or (2) the search field. NOTE: vector 1 likely overlaps CVE-2006-3032.
16-10-2018 - 16:29 17-01-2007 - 00:28
CVE-2006-6932 7.5
Multiple SQL injection vulnerabilities in Image Gallery with Access Database allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to (a) dispimage.asp, or the (2) order or (3) page parameter to (b) default.asp.
16-10-2018 - 16:29 16-01-2007 - 23:28
CVE-2006-6937 7.5
SQL injection vulnerability in displaypic.asp in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary SQL commands via the sortorder parameter.
16-10-2018 - 16:29 17-01-2007 - 00:28
CVE-2006-6928 6.8
Multiple cross-site scripting (XSS) vulnerabilities in Rialto 1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to (a) listmain.asp or (b) searchmain.asp, the (2) the Keyword parameter to (c) searchkey.asp, o
16-10-2018 - 16:29 13-01-2007 - 02:28
CVE-2007-5369 5.0
The GetMagicNumberString function in Massive Entertainment World in Conflict 1.000 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a string to the VoIP port (52999/tcp) with an invalid value in
15-10-2018 - 21:44 11-10-2007 - 10:17
CVE-2008-3902 2.1
HP firmware 68DTT F.0D stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with th
11-10-2018 - 20:50 03-09-2008 - 19:42
CVE-2011-1421 6.9
EMC NetWorker 7.5.x before 7.5.4.3 and 7.6.x before 7.6.1.5, when the client push feature is enabled, uses weak permissions for an unspecified file, which allows local users to gain privileges via unknown vectors.
09-10-2018 - 19:30 22-04-2011 - 10:55
CVE-2006-6924 5.0
bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitive information via a sort_mode=-98 query string to (1) blogs/list_blogs.php, (2) fisheye/index.php, (3) wiki/orphan_pages.php, or (4) wiki/list_pages.php, which forces a SQL error.
29-07-2017 - 01:29 13-01-2007 - 02:28
CVE-2006-6925 6.8
Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the message title field when submitting an article to articles/edit.php, (2) the message title fi
29-07-2017 - 01:29 13-01-2007 - 02:28
CVE-2005-4015 5.0
PHP Web Statistik 1.4 does not rotate the log database or limit the size of the referer field, which allows remote attackers to fill the log files via a large number of requests, as demonstrated using pixel.php.
20-07-2017 - 01:29 05-12-2005 - 11:03
CVE-2006-6923 7.5
SQL injection vulnerability in newsletters/edition.php in bitweaver 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the tk parameter.
08-03-2011 - 02:47 13-01-2007 - 02:28
Back to Top Mark selected
Back to Top