| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2006-4848 | 7.5 |
Multiple PHP remote file inclusion vulnerabilities in Brian Fraval Hitweb 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the REP_CLASS parameter to (1) index.php, (2) arbo.php, (3) framepoint.php, (4) genpage.php, (5) lienvalid
|
11-04-2024 - 00:40 | 19-09-2006 - 01:07 | |
| CVE-2008-0174 | 5.0 |
GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges.
|
14-02-2024 - 15:31 | 29-01-2008 - 02:00 | |
| CVE-2006-1260 | 5.0 |
Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check.
|
18-10-2018 - 16:31 | 19-03-2006 - 02:02 | |
| CVE-2007-2093 | 7.5 |
Direct static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook) 1.0 allows remote attackers to inject arbitrary PHP code into posts.txt via the message parameter.
|
16-10-2018 - 16:41 | 18-04-2007 - 10:19 | |
| CVE-2008-5062 | 5.0 |
Directory traversal vulnerability in php/cal_pdf.php in Mini Web Calendar (mwcal) 1.2 allows remote attackers to read arbitrary files via directory traversal sequences in the thefile parameter.
|
29-09-2017 - 01:32 | 13-11-2008 - 11:30 | |
| CVE-2008-5061 | 4.3 |
Cross-site scripting (XSS) vulnerability in php/cal_default.php in Mini Web Calendar (mwcal) 1.2 allows remote attackers to inject arbitrary web script or HTML via the URL.
|
29-09-2017 - 01:32 | 13-11-2008 - 11:30 |