CVE List

Id CVE No. Status Description Phase Votes Comments Actions
23963  CVE-2007-0606  Candidate  w-agora 4.2.1 allows remote attackers to obtain sensitive information by via the (1) bn[] array parameter to index.php, which expects a string, and (2) certain parameters to delete_forum.php, which displays the path name in the resulting error message.  Assigned (20070130)  None (candidate not yet proposed)    View
5732  CVE-2002-1348  Entry  w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to access files or cookies.        View
6713  CVE-2002-2331  Candidate  W3Mail 1.0.2 through 1.0.5 with server side scripting (SSI) enabled in the attachments directory does not properly restrict the types of files that can be uploaded as attachments, which allows remote attackers to execute arbitrary code by sending code in MIME attachments, then requesting the attachments.  Assigned (20071026)  None (candidate not yet proposed)    View
26301  CVE-2007-2944  Candidate  WabCMS 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/wabcmsn.mdb. NOTE: this issue was originally reported for "webCMS," but this was an error by an unreliable researcher.  Assigned (20070530)  None (candidate not yet proposed)    View
56256  CVE-2012-3013  Candidate  WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices have default passwords for unspecified Web Based Management accounts, which makes it easier for remote attackers to obtain administrative access via a TCP session.  Assigned (20120530)  None (candidate not yet proposed)    View

Page 20534 of 20943, showing 5 records out of 104715 total, starting on record 102666, ending on 102670

Actions