| Max CVSS | 9.3 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2008-4127 | 4.3 |
Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8 Beta 8.0.6001 on Windows XP SP2 allows remote attackers to cause a denial of service (failure of subsequent image rendering) via a crafted PNG file, related to an infinite loop in the CD
|
23-07-2021 - 15:12 | 18-09-2008 - 17:59 | |
| CVE-2008-4107 | 5.1 |
The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by
|
30-10-2018 - 16:26 | 18-09-2008 - 17:59 | |
| CVE-2006-0571 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in phpstatus 1.0 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrative interface.
|
19-10-2018 - 15:45 | 07-02-2006 - 18:06 | |
| CVE-2006-0572 | 7.5 |
phpstatus 1.0 does not require passwords when using cookies to identify a user, which allows remote attackers to bypass authentication.
|
19-10-2018 - 15:45 | 07-02-2006 - 18:06 | |
| CVE-2006-0570 | 7.5 |
Multiple SQL injection vulnerabilities in phpstatus 1.0, when gpc_magic_quotes is disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the username parameter in check.php and (2) unknown attack vectors
|
19-10-2018 - 15:45 | 07-02-2006 - 18:06 | |
| CVE-2006-4265 | 5.0 |
Kaspersky Anti-Hacker 1.8.180, when Stealth Mode is enabled, allows remote attackers to obtain responses to ICMP (1) timestamp and (2) netmask requests, which is inconsistent with the documented behavior of Stealth Mode.
|
17-10-2018 - 21:34 | 21-08-2006 - 21:04 | |
| CVE-2007-1473 | 4.3 |
Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to
|
16-10-2018 - 16:38 | 16-03-2007 - 21:19 | |
| CVE-2007-6301 | 4.3 |
Cross-site scripting (XSS) vulnerability in compose.php in OpenNewsletter 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter.
|
15-10-2018 - 21:51 | 10-12-2007 - 18:46 | |
| CVE-2008-4133 | 4.3 |
The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters.
|
11-10-2018 - 20:51 | 19-09-2008 - 17:15 | |
| CVE-2008-4106 | 5.1 |
WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows rem
|
11-10-2018 - 20:50 | 18-09-2008 - 17:59 | |
| CVE-2008-4102 | 7.5 |
Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability t
|
11-10-2018 - 20:50 | 18-09-2008 - 17:59 | |
| CVE-2010-4870 | 7.5 |
SQL injection vulnerability in index.php in BloofoxCMS 0.3.5 allows remote attackers to execute arbitrary SQL commands via the gender parameter.
|
10-10-2018 - 20:08 | 07-10-2011 - 10:55 | |
| CVE-2008-4135 | 7.8 |
Symbian OS S60 3rd edition on the Nokia E90 Communicator 07.40.1.2 Ra-6 and Nseries N82 allows remote attackers to cause a denial of service (device crash) via multiple deauthentication (DeAuth) frames.
|
29-09-2017 - 01:32 | 19-09-2008 - 17:15 | |
| CVE-2008-4154 | 7.5 |
SQL injection vulnerability in living-e webEdition CMS allows remote attackers to execute arbitrary SQL commands via the we_objectID parameter.
|
29-09-2017 - 01:32 | 19-09-2008 - 23:00 | |
| CVE-2008-4134 | 7.5 |
PHP remote file inclusion vulnerability in manager/static/view.php in phpRealty 0.03 and earlier, and possibly other versions before 0.05, allows remote attackers to execute arbitrary PHP code via a URL in the INC parameter.
|
29-09-2017 - 01:32 | 19-09-2008 - 17:15 | |
| CVE-2008-4116 | 9.3 |
Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 o
|
29-09-2017 - 01:32 | 18-09-2008 - 15:04 | |
| CVE-2008-4583 | 7.5 |
Insecure method vulnerability in the Chilkat FTP 2.0 ActiveX component (ChilkatCert.dll) allows remote attackers to overwrite arbitrary files via a full pathname in the SavePkcs8File method.
|
29-09-2017 - 01:32 | 15-10-2008 - 22:45 | |
| CVE-2008-4103 | 5.0 |
The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 sends e-mail messages without validating the URL, which allows remote attackers to transmit spam.
|
08-08-2017 - 01:32 | 18-09-2008 - 17:59 | |
| CVE-2008-4108 | 7.2 |
Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which
|
08-08-2017 - 01:32 | 18-09-2008 - 17:59 | |
| CVE-2008-4104 | 5.8 |
Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL.
|
08-08-2017 - 01:32 | 18-09-2008 - 17:59 | |
| CVE-2008-4105 | 7.5 |
JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct "variable injection" attacks and have unspecified other impact.
|
08-08-2017 - 01:32 | 18-09-2008 - 17:59 |