Max CVSS 9.3 Min CVSS 1.7 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2008-0560 6.8
PHP remote file inclusion vulnerability in cforms-css.php in Oliver Seidel cforms (contactforms), a Wordpress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the tm parameter. NOTE: CVE disputes this issue for 7.3, since th
21-03-2024 - 02:16 04-02-2008 - 23:00
CVE-2008-0590 9.0
Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long opendir command.
11-10-2023 - 14:45 05-02-2008 - 12:00
CVE-2008-0539 4.3
Cross-site scripting (XSS) vulnerability in dms/policy/rep_request.php in F5 BIG-IP Application Security Manager (ASM) 9.4.3 allows remote attackers to inject arbitrary web script or HTML via the report_type parameter.
03-03-2023 - 19:19 01-02-2008 - 20:00
CVE-2011-2928 4.9
The befs_follow_link function in fs/befs/linuxvfs.c in the Linux kernel before 3.1-rc3 does not validate the length attribute of long symlinks, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) by accessin
13-02-2023 - 04:32 29-08-2011 - 17:55
CVE-2005-2993 1.7
Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX 4.0F PK8 and other versions up to HP Tru64 UNIX 5.1B-3, and HP-UX B.11.00, B.11.04, B.11.11, and B.11.23, allows remote authenticated users to cause a denial of service (hang).
19-10-2018 - 15:34 20-09-2005 - 20:03
CVE-2006-4091 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Archangel Management Archangel Weblog 0.90.02 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Comment section.
17-10-2018 - 21:33 11-08-2006 - 10:04
CVE-2006-7124 7.5
PHP remote file inclusion vulnerability in external/rssfeeds.php in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to execute arbitrary PHP code via the baseDir parameter.
16-10-2018 - 16:29 06-03-2007 - 01:19
CVE-2006-7123 7.5
Multiple SQL injection vulnerabilities in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters when importing the (a) ip-to-count
16-10-2018 - 16:29 06-03-2007 - 01:19
CVE-2006-7122 6.8
Cross-site scripting (XSS) vulnerability in the IP Address Lookup functionality in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to inject arbitrary web script and HTML via the ip parame
16-10-2018 - 16:29 06-03-2007 - 01:19
CVE-2008-0736 5.0
admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and possibly other 4.x and 3.x versions, allows remote attackers to obtain the path via a certain value of the FedExAccount parameter.
15-10-2018 - 22:02 13-02-2008 - 01:00
CVE-2008-0737 7.5
SQL injection vulnerability in admin/utilities_ConfigHelp.asp in CandyPress (CP) 4.1.1.26, and other 4.x and 3.x versions, allows remote attackers to execute arbitrary SQL commands via the helpfield parameter.
15-10-2018 - 22:02 13-02-2008 - 01:00
CVE-2008-0574 4.3
Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.01.02 allows remote attackers to inject arbitrary web script or HTML via the sort parameter in a whoisonline action.
15-10-2018 - 22:01 05-02-2008 - 02:00
CVE-2008-0552 4.3
Cross-site scripting (XSS) vulnerability in index.php in eTicket 1.5.6-RC4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
15-10-2018 - 22:01 01-02-2008 - 20:00
CVE-2008-0543 7.5
Multiple SQL injection vulnerabilities in Pre Dynamic Institution allow remote attackers to execute arbitrary SQL commands via the (1) sloginid and (2) spass parameters to (a) login.asp and (b) siteadmin/login.asp. NOTE: some of these details are ob
15-10-2018 - 22:01 01-02-2008 - 20:00
CVE-2008-0559 5.0
Multiple directory traversal vulnerabilities in Nilson's Blogger 0.11 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the permalink parameter in core.php, accessed through index.php; and (2) the thispost
15-10-2018 - 22:01 04-02-2008 - 23:00
CVE-2008-0575 4.3
Cross-site request forgery (CSRF) vulnerability in admin/admincenter.php in webSPELL 4.01.02 allows remote attackers to assign the superadmin privilege level to arbitrary accounts as administrators via an "update member" action.
15-10-2018 - 22:01 05-02-2008 - 02:00
CVE-2008-0546 7.5
Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and earlier 4.1.x versions, allow remote attackers to execute arbitrary SQL commands via the (1) idProduct and (2) options parameters to (a) ajax/ajax_optInventory.asp, or the (2) re
15-10-2018 - 22:01 01-02-2008 - 20:00
CVE-2008-0547 4.3
Cross-site scripting (XSS) vulnerability in admin/utilities_ConfigHelp.asp in CandyPress (CP) 4.1.1.26, and probably earlier 4.x and 3.x versions, allows remote attackers to inject arbitrary web script or HTML via the helpfield parameter.
15-10-2018 - 22:01 01-02-2008 - 20:00
CVE-2008-0485 9.3
Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with a crafted stsc atom tag.
15-10-2018 - 22:00 05-02-2008 - 12:00
CVE-2008-0486 7.5
Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a
15-10-2018 - 22:00 05-02-2008 - 12:00
CVE-2007-5984 7.8
classes/Url.php in Justin Hagstrom AutoIndex PHP Script before 2.2.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via a %00 sequence in the dir parameter to index.php, which triggers an erroneous "recursive calcul
15-10-2018 - 21:48 15-11-2007 - 00:46
CVE-2007-5983 4.3
Cross-site scripting (XSS) vulnerability in index.php in Justin Hagstrom AutoIndex PHP Script before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).
15-10-2018 - 21:48 15-11-2007 - 00:46
CVE-2008-4421 7.8
Directory traversal vulnerability in MetaGauge 1.0.0.17, and probably other versions before 1.0.3.38, allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in the URL.
11-10-2018 - 20:51 07-10-2008 - 20:00
Back to Top Mark selected
Back to Top