Количество 327 090
Количество 327 090
CVE-2007-6668
admin/uploadgames.php in MySpace Content Zone (MCZ) 3.x does not require administrative privileges, which allows remote attackers to perform unrestricted file uploads, as demonstrated by uploading (1) a .php file and (2) a .php%00.jpeg file.
CVE-2007-6667
SQL injection vulnerability in faq.php in MyPHP Forum 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the member.php vector is already covered by CVE-2005-0413.
CVE-2007-6666
SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the albumnr parameter.
CVE-2007-6665
SQL injection vulnerability in admin/login.asp in Netchemia oneSCHOOL allows remote attackers to execute arbitrary SQL commands via the txtLoginID parameter.
CVE-2007-6664
SQL injection vulnerability in index.php in WebPortal CMS 0.6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter.
CVE-2007-6663
SQL injection vulnerability in (1) Puarcade.php and (2) PUarcade.html.php in Pragmatic Utopia PU Arcade (com_puarcade) 2.0.3, 2.1.2, and 2.1.3 Beta component for Joomla! allows remote attackers to execute arbitrary SQL commands via the fid parameter to index.php.
CVE-2007-6662
Directory traversal vulnerability in file.php in CuteNews 2.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, as demonstrated by reading the admin username and password hash in data/users.db.php.
CVE-2007-6661
2z project 0.9.6.1 allows attackers to change the password without supplying the old password.
CVE-2007-6660
2z project 0.9.6.1 allows remote attackers to obtain sensitive information via (1) a request to index.php with an invalid template or (2) a request to the default URI with certain year and month parameters, which reveals the path in various error messages.
CVE-2007-6659
Multiple cross-site scripting (XSS) vulnerabilities in 2z project 0.9.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) contentshort or (2) contentfull parameter in an addnews action to the default URI; (3) the content parameter in a pm write action to 2z/admin.php; (4) the referer parameter to templates/default/usermenu.tpl, accessed through index.php; or the (5) newavatar or (6) newphoto parameter in a profile action to the default URI under 2z/.
CVE-2007-6658
SQL injection vulnerability in admin.php/vars.php in CustomCMS (CCMS) 3.1 Demo allows remote attackers to execute arbitrary SQL commands via the p parameter in the Console page.
CVE-2007-6657
PHP remote file inclusion vulnerability in source/includes/load_forum.php in Mihalism Multi Forum Host 3.0.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mfh_root_path parameter.
CVE-2007-6656
SQL injection vulnerability in content_css.php in the TinyMCE module for CMS Made Simple 1.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter.
CVE-2007-6655
PHP remote file inclusion vulnerability in includes/function.php in Kontakt Formular 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.
CVE-2007-6654
Buffer overflow in a certain ActiveX control in Macrovision InstallShield Update Service Web Agent 5.1.100.47363 allows remote attackers to execute arbitrary code via a long string in the ProductCode argument (second argument) to the DownloadAndExecute method, a different vulnerability than CVE-2007-0321, CVE-2007-2419, and CVE-2007-5660.
CVE-2007-6653
Directory traversal vulnerability in download.php in Mihalism Multi Host 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2007-6652
cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct direct static code injection attacks and execute arbitrary code via the testo_0 parameter in a cpie admin action to index.php, which writes to dati/generali/footer.dtb (aka the XCMS footer).
CVE-2007-6651
Directory traversal vulnerability in wiki/edit.php in Bitweaver R2 CMS allows remote attackers to obtain sensitive information (script source code) via a .. (dot dot) in the suck_url parameter.
CVE-2007-6650
Unrestricted file upload vulnerability in fisheye/upload.php in Bitweaver R2 CMS allows remote attackers to upload arbitrary files by using the image/gif content type, and possibly other image and PDF content types, as demonstrated by uploading a .htaccess file.
CVE-2007-6649
PHP remote file inclusion vulnerability in includes/tumbnail.php in MatPo Bilder Galerie 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
CVE-2007-6668 admin/uploadgames.php in MySpace Content Zone (MCZ) 3.x does not require administrative privileges, which allows remote attackers to perform unrestricted file uploads, as demonstrated by uploading (1) a .php file and (2) a .php%00.jpeg file. | CVSS2: 7.5 | 4% Низкий | около 18 лет назад | |
CVE-2007-6667 SQL injection vulnerability in faq.php in MyPHP Forum 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the member.php vector is already covered by CVE-2005-0413. | CVSS2: 6.8 | 0% Низкий | около 18 лет назад | |
CVE-2007-6666 SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the albumnr parameter. | CVSS2: 7.5 | 0% Низкий | около 18 лет назад | |
CVE-2007-6665 SQL injection vulnerability in admin/login.asp in Netchemia oneSCHOOL allows remote attackers to execute arbitrary SQL commands via the txtLoginID parameter. | CVSS2: 7.5 | 0% Низкий | около 18 лет назад | |
CVE-2007-6664 SQL injection vulnerability in index.php in WebPortal CMS 0.6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter. | CVSS2: 7.5 | 0% Низкий | около 18 лет назад | |
CVE-2007-6663 SQL injection vulnerability in (1) Puarcade.php and (2) PUarcade.html.php in Pragmatic Utopia PU Arcade (com_puarcade) 2.0.3, 2.1.2, and 2.1.3 Beta component for Joomla! allows remote attackers to execute arbitrary SQL commands via the fid parameter to index.php. | CVSS2: 7.5 | 2% Низкий | около 18 лет назад | |
CVE-2007-6662 Directory traversal vulnerability in file.php in CuteNews 2.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, as demonstrated by reading the admin username and password hash in data/users.db.php. | CVSS2: 5.8 | 0% Низкий | около 18 лет назад | |
CVE-2007-6661 2z project 0.9.6.1 allows attackers to change the password without supplying the old password. | CVSS2: 6.4 | 0% Низкий | около 18 лет назад | |
CVE-2007-6660 2z project 0.9.6.1 allows remote attackers to obtain sensitive information via (1) a request to index.php with an invalid template or (2) a request to the default URI with certain year and month parameters, which reveals the path in various error messages. | CVSS2: 5 | 0% Низкий | около 18 лет назад | |
CVE-2007-6659 Multiple cross-site scripting (XSS) vulnerabilities in 2z project 0.9.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) contentshort or (2) contentfull parameter in an addnews action to the default URI; (3) the content parameter in a pm write action to 2z/admin.php; (4) the referer parameter to templates/default/usermenu.tpl, accessed through index.php; or the (5) newavatar or (6) newphoto parameter in a profile action to the default URI under 2z/. | CVSS2: 4.3 | 0% Низкий | около 18 лет назад | |
CVE-2007-6658 SQL injection vulnerability in admin.php/vars.php in CustomCMS (CCMS) 3.1 Demo allows remote attackers to execute arbitrary SQL commands via the p parameter in the Console page. | CVSS2: 7.5 | 1% Низкий | около 18 лет назад | |
CVE-2007-6657 PHP remote file inclusion vulnerability in source/includes/load_forum.php in Mihalism Multi Forum Host 3.0.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mfh_root_path parameter. | CVSS2: 7.5 | 2% Низкий | около 18 лет назад | |
CVE-2007-6656 SQL injection vulnerability in content_css.php in the TinyMCE module for CMS Made Simple 1.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter. | CVSS2: 7.5 | 1% Низкий | около 18 лет назад | |
CVE-2007-6655 PHP remote file inclusion vulnerability in includes/function.php in Kontakt Formular 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | CVSS2: 7.5 | 2% Низкий | около 18 лет назад | |
CVE-2007-6654 Buffer overflow in a certain ActiveX control in Macrovision InstallShield Update Service Web Agent 5.1.100.47363 allows remote attackers to execute arbitrary code via a long string in the ProductCode argument (second argument) to the DownloadAndExecute method, a different vulnerability than CVE-2007-0321, CVE-2007-2419, and CVE-2007-5660. | CVSS2: 9.3 | 12% Средний | около 18 лет назад | |
CVE-2007-6653 Directory traversal vulnerability in download.php in Mihalism Multi Host 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | CVSS2: 5 | 2% Низкий | около 18 лет назад | |
CVE-2007-6652 cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct direct static code injection attacks and execute arbitrary code via the testo_0 parameter in a cpie admin action to index.php, which writes to dati/generali/footer.dtb (aka the XCMS footer). | CVSS2: 7.5 | 6% Низкий | около 18 лет назад | |
CVE-2007-6651 Directory traversal vulnerability in wiki/edit.php in Bitweaver R2 CMS allows remote attackers to obtain sensitive information (script source code) via a .. (dot dot) in the suck_url parameter. | CVSS2: 5 | 5% Низкий | около 18 лет назад | |
CVE-2007-6650 Unrestricted file upload vulnerability in fisheye/upload.php in Bitweaver R2 CMS allows remote attackers to upload arbitrary files by using the image/gif content type, and possibly other image and PDF content types, as demonstrated by uploading a .htaccess file. | CVSS2: 7.5 | 4% Низкий | около 18 лет назад | |
CVE-2007-6649 PHP remote file inclusion vulnerability in includes/tumbnail.php in MatPo Bilder Galerie 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter. | CVSS2: 7.5 | 2% Низкий | около 18 лет назад |
Уязвимостей на страницу