| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2007-5460 | 7.1 |
Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to dec
|
09-02-2024 - 03:07 | 15-10-2007 - 22:17 | |
| CVE-2007-0908 | 5.0 |
The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element
|
30-10-2018 - 16:26 | 13-02-2007 - 23:28 | |
| CVE-2005-4080 | 4.3 |
Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Inte
|
19-10-2018 - 15:40 | 08-12-2005 - 01:03 | |
| CVE-2006-3546 | 5.0 |
Patrice Freydiere ImgSvr (aka ADA Image Server) allows remote attackers to cause a denial of service (daemon crash) via a long HTTP POST request. NOTE: this might be the same issue as CVE-2004-2463.
|
18-10-2018 - 16:47 | 13-07-2006 - 00:05 | |
| CVE-2007-0873 | 7.5 |
nabopoll 1.1.2 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) config_edit.php, (2) template_edit.php, or (3) survey_edit.php in admin/.
|
16-10-2018 - 16:34 | 12-02-2007 - 19:28 | |
| CVE-2006-7072 | 4.3 |
Cross-site scripting (XSS) vulnerability in GeoClassifieds Enterprise 2.0.5.2 and earlier allows remote attackers to inject arbitrary web script and HTML via the (1) b[username] and (2) c parameters to (a) index.php, the b[username] parameter to (b)
|
16-10-2018 - 16:29 | 02-03-2007 - 21:18 | |
| CVE-2006-7067 | 6.0 |
Oracle 10g R2 and possibly other versions allows remote attackers to trigger internal errors, and possibly have other impacts, via an "alter session set events" command with invalid arguments. NOTE: this issue was originally disputed by a third part
|
16-10-2018 - 16:29 | 02-03-2007 - 21:18 | |
| CVE-2006-7070 | 7.5 |
Unrestricted file upload vulnerability in manager/media/ibrowser/scripts/rfiles.php in Etomite CMS 0.6.1 and earlier allows remote attackers to upload and execute arbitrary files via an nfile[] parameter with a filename that contains a .php extension
|
16-10-2018 - 16:29 | 02-03-2007 - 21:18 | |
| CVE-2006-7078 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Professional Home Page Tools Login Script, as of July 2006, allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) vorname, and (3) nachname parameters in the registe
|
16-10-2018 - 16:29 | 02-03-2007 - 21:18 | |
| CVE-2006-7071 | 7.5 |
SQL injection vulnerability in classes/class_session.php in Invision Power Board (IPB) 2.1 up to 2.1.6 allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP parameter.
|
11-10-2017 - 01:31 | 02-03-2007 - 21:18 | |
| CVE-2008-3953 | 7.5 |
SQL injection vulnerability in keyword_search_action.php in Vastal I-Tech Shaadi Zone 1.0.9 allows remote attackers to execute arbitrary SQL commands via the tage parameter.
|
29-09-2017 - 01:31 | 11-09-2008 - 01:13 | |
| CVE-2006-7083 | 4.3 |
Directory traversal vulnerability in index.php in Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to read arbitrary files via ".." sequences in the id parameter.
|
29-07-2017 - 01:29 | 02-03-2007 - 21:18 | |
| CVE-2006-7082 | 7.5 |
Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to bypass authentication and upload arbitrary files via direct requests to (1) adm/photos/images.php and (2) adm/down/files.php.
|
29-07-2017 - 01:29 | 02-03-2007 - 21:18 | |
| CVE-2006-7090 | 6.8 |
PHP remote file inclusion vulnerability in phpbb_security.php in phpBB Security 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the php_root_path parameter.
|
29-07-2017 - 01:29 | 02-03-2007 - 21:18 | |
| CVE-2006-7077 | 6.8 |
SQL injection vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to execute arbitrary SQl commands via the entry parameter.
|
29-07-2017 - 01:29 | 02-03-2007 - 21:18 | |
| CVE-2006-7076 | 4.3 |
Cross-site scripting (XSS) vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to inject arbitrary web script or HTML via the entry parameter. NOTE: this issue might be resultant from SQL injection.
|
29-07-2017 - 01:29 | 02-03-2007 - 21:18 | |
| CVE-2006-7085 | 4.3 |
Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to add arbitrary content and conduct XSS attacks via a direct request to add_art.php. NOTE: this issue was originally reported as SQL injection, but this is not likely.
|
29-07-2017 - 01:29 | 02-03-2007 - 21:18 | |
| CVE-2011-1536 | 5.0 |
Unspecified vulnerability in HP Performance Insight 5.0, 5.1x. 5.2x, 5.3x, 5.4, 5.41, and 5.41.002 allows remote attackers to obtain sensitive information via unknown vectors.
|
22-09-2011 - 03:30 | 29-04-2011 - 22:55 | |
| CVE-2006-7084 | 5.0 |
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-7083. Reason: This candidate is a duplicate of CVE-2006-7083. Notes: All CVE users should reference CVE-2006-7083 instead of this candidate. All references and descriptions in t
|
11-09-2008 - 00:47 | 02-03-2007 - 21:18 |