Логотип exploitDog
source:"nvd"
Консоль
Логотип exploitDog

exploitDog

source:"nvd"

Количество 327 090

Количество 327 090

nvd логотип

CVE-2007-6508

около 18 лет назад

Directory traversal vulnerability in view.php in xeCMS 1.0 allows remote attackers to read arbitrary files via a ..%2F (dot dot slash) in the list parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-6507

около 18 лет назад

SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain "full file system access" and execute arbitrary code.

CVSS2: 10
EPSS: Высокий
nvd логотип

CVE-2007-6506

около 18 лет назад

The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method.

CVSS2: 9.3
EPSS: Средний
nvd логотип

CVE-2007-6505

около 18 лет назад

Solaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit records with an audit-ID of 0 even when the user logging into ssh is not root, which makes it easier for attackers to avoid detection and can make it more difficult to conduct forensics activities.

CVSS2: 3.5
EPSS: Низкий
nvd логотип

CVE-2007-6504

около 18 лет назад

Unspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the headers of arbitrary hosts via an unspecified parameter.

CVSS2: 5.5
EPSS: Низкий
nvd логотип

CVE-2007-6503

около 18 лет назад

Multiple unspecified vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to (1) import an arbitrary plan via a request to hosting/importhostingplans.asp; or (2) change an arbitrary plan via a request to hosting/AutoSignUpPlans.asp with the (a) save, (b) 30, and (c) d_30 parameters.

CVSS2: 5.5
EPSS: Низкий
nvd логотип

CVE-2007-6502

около 18 лет назад

Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to obtain sensitive information via (1) the AdminName and AdminLevel parameters to fp2000/NEWSRVR.asp, which discloses usernames; and (2) certain XML HTTP requests to hosting/css.asp using Microsoft.XMLHTTP or MSXML2.XMLHTTP objects, which trigger a response with the setup directory pathname in the HTML source; and (3) might allow remote attackers to obtain sensitive information via a request for /admin/forum/, which reveals the path in an error message when a forum is not found.

CVSS2: 5.5
EPSS: Низкий
nvd логотип

CVE-2007-6501

около 18 лет назад

Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to enable or disable "pay type" via a request to adminsettings/choosetranstype.asp.

CVSS2: 5.5
EPSS: Низкий
nvd логотип

CVE-2007-6500

около 18 лет назад

Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to delete "gateway information" via a request to OpenApi/GatewayVariables.asp.

CVSS2: 4.9
EPSS: Низкий
nvd логотип

CVE-2007-6499

около 18 лет назад

Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to uninstall the FrontPage extensions of an arbitrary account via a request to fp2002/UNINSTAL.asp with a "host id (IIS) value."

CVSS2: 5.5
EPSS: Низкий
nvd логотип

CVE-2007-6498

около 18 лет назад

Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) email and (2) loginname parameters to Hosting/Addreseller.asp, (3) the sortfield parameter to accounts/accountmanager.asp, (4) the GateWayID parameter to OpenApi/GatewayVariables.asp, and possibly (5) unspecified vectors to IIS/iibind.asp.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-6497

около 18 лет назад

Hosting Controller 6.1 Hot fix 3.3 and earlier (1) allows remote attackers to change arbitrary user profiles via a request to Hosting/Addreseller.asp with modified loginname and email parameters; and (2) allows remote authenticated users to change a credit amount and increase a discount via an UpdateUser action to Accounts/AccountActions.asp with modified UserName, FullName, CreditLimit, and DefaultDiscount parameters, a related issue to CVE-2005-2219.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-6496

около 18 лет назад

Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to register arbitrary users via a request to hosting/addsubsite.asp with the loginname and password parameters set, when preceded by certain requests to hosting/default.asp and hosting/selectdomain.asp, a related issue to CVE-2005-1654.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2007-6495

около 18 лет назад

inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the permissions of directories named (1) db, (2) www, (3) Special, and (4) log at arbitrary locations under the web root via a modified Dirroot parameter in an AddUser action to accounts/AccountActions.asp. NOTE: this can be leveraged for remote code execution by changing the permissions of \Forum\db, which is configured for execution of ASP scripts with administrative privileges, and then uploading a script to \Forum\db.

CVSS2: 6.5
EPSS: Низкий
nvd логотип

CVE-2007-6494

около 18 лет назад

Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to obtain login access via a request to hosting/addreseller.asp with a username in the reseller parameter, followed by a request to AdminSettings/displays.asp with the DecideAction and ChangeSkin parameters.

CVSS2: 10
EPSS: Низкий
nvd логотип

CVE-2007-6493

около 18 лет назад

The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to execute arbitrary code via a certain argument to the SetHandler method.

CVSS2: 10
EPSS: Низкий
nvd логотип

CVE-2007-6492

около 18 лет назад

The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via an empty string in the argument to the ProcessRequestEx method.

CVSS2: 7.1
EPSS: Низкий
nvd логотип

CVE-2007-6491

около 18 лет назад

Multiple SQL injection vulnerabilities in Kvaliitti WebDoc 3.0 CMS allow remote attackers to execute arbitrary SQL commands via (1) the cat_id parameter to categories.asp; and probably (2) the document_id parameter to categories.asp, and the (3) cat_id and (4) document_id parameters to subcategory.asp.

CVSS2: 10
EPSS: Низкий
nvd логотип

CVE-2007-6490

около 18 лет назад

Cross-site request forgery (CSRF) vulnerability in Falcon Series One CMS 1.4.3 allows remote attackers to change a password via a certain changepass action to index.php.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-6489

около 18 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gb_mail, (2) gb_name, and (3) gb_text parameters in a guestbook action to index.php, and unspecified other vectors.

CVSS2: 7.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2007-6508

Directory traversal vulnerability in view.php in xeCMS 1.0 allows remote attackers to read arbitrary files via a ..%2F (dot dot slash) in the list parameter.

CVSS2: 7.5
7%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-6507

SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain "full file system access" and execute arbitrary code.

CVSS2: 10
71%
Высокий
около 18 лет назад
nvd логотип
CVE-2007-6506

The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method.

CVSS2: 9.3
28%
Средний
около 18 лет назад
nvd логотип
CVE-2007-6505

Solaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit records with an audit-ID of 0 even when the user logging into ssh is not root, which makes it easier for attackers to avoid detection and can make it more difficult to conduct forensics activities.

CVSS2: 3.5
0%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-6504

Unspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the headers of arbitrary hosts via an unspecified parameter.

CVSS2: 5.5
1%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-6503

Multiple unspecified vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to (1) import an arbitrary plan via a request to hosting/importhostingplans.asp; or (2) change an arbitrary plan via a request to hosting/AutoSignUpPlans.asp with the (a) save, (b) 30, and (c) d_30 parameters.

CVSS2: 5.5
1%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-6502

Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to obtain sensitive information via (1) the AdminName and AdminLevel parameters to fp2000/NEWSRVR.asp, which discloses usernames; and (2) certain XML HTTP requests to hosting/css.asp using Microsoft.XMLHTTP or MSXML2.XMLHTTP objects, which trigger a response with the setup directory pathname in the HTML source; and (3) might allow remote attackers to obtain sensitive information via a request for /admin/forum/, which reveals the path in an error message when a forum is not found.

CVSS2: 5.5
1%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-6501

Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to enable or disable "pay type" via a request to adminsettings/choosetranstype.asp.

CVSS2: 5.5
1%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-6500

Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to delete "gateway information" via a request to OpenApi/GatewayVariables.asp.

CVSS2: 4.9
2%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-6499

Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to uninstall the FrontPage extensions of an arbitrary account via a request to fp2002/UNINSTAL.asp with a "host id (IIS) value."

CVSS2: 5.5
1%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-6498

Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) email and (2) loginname parameters to Hosting/Addreseller.asp, (3) the sortfield parameter to accounts/accountmanager.asp, (4) the GateWayID parameter to OpenApi/GatewayVariables.asp, and possibly (5) unspecified vectors to IIS/iibind.asp.

CVSS2: 7.5
1%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-6497

Hosting Controller 6.1 Hot fix 3.3 and earlier (1) allows remote attackers to change arbitrary user profiles via a request to Hosting/Addreseller.asp with modified loginname and email parameters; and (2) allows remote authenticated users to change a credit amount and increase a discount via an UpdateUser action to Accounts/AccountActions.asp with modified UserName, FullName, CreditLimit, and DefaultDiscount parameters, a related issue to CVE-2005-2219.

CVSS2: 7.5
2%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-6496

Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to register arbitrary users via a request to hosting/addsubsite.asp with the loginname and password parameters set, when preceded by certain requests to hosting/default.asp and hosting/selectdomain.asp, a related issue to CVE-2005-1654.

CVSS2: 6.8
2%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-6495

inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the permissions of directories named (1) db, (2) www, (3) Special, and (4) log at arbitrary locations under the web root via a modified Dirroot parameter in an AddUser action to accounts/AccountActions.asp. NOTE: this can be leveraged for remote code execution by changing the permissions of \Forum\db, which is configured for execution of ASP scripts with administrative privileges, and then uploading a script to \Forum\db.

CVSS2: 6.5
2%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-6494

Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to obtain login access via a request to hosting/addreseller.asp with a username in the reseller parameter, followed by a request to AdminSettings/displays.asp with the DecideAction and ChangeSkin parameters.

CVSS2: 10
2%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-6493

The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to execute arbitrary code via a certain argument to the SetHandler method.

CVSS2: 10
8%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-6492

The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via an empty string in the argument to the ProcessRequestEx method.

CVSS2: 7.1
1%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-6491

Multiple SQL injection vulnerabilities in Kvaliitti WebDoc 3.0 CMS allow remote attackers to execute arbitrary SQL commands via (1) the cat_id parameter to categories.asp; and probably (2) the document_id parameter to categories.asp, and the (3) cat_id and (4) document_id parameters to subcategory.asp.

CVSS2: 10
0%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-6490

Cross-site request forgery (CSRF) vulnerability in Falcon Series One CMS 1.4.3 allows remote attackers to change a password via a certain changepass action to index.php.

CVSS2: 4.3
1%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-6489

Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gb_mail, (2) gb_name, and (3) gb_text parameters in a guestbook action to index.php, and unspecified other vectors.

CVSS2: 7.5
8%
Низкий
около 18 лет назад

Уязвимостей на страницу