Логотип exploitDog
source:"nvd"
Консоль
Логотип exploitDog

exploitDog

source:"nvd"

Количество 327 090

Количество 327 090

nvd логотип

CVE-2007-4416

больше 18 лет назад

captcha.php in BellaBook (aka BellaBuffs) allows remote attackers to obtain administrative privileges by sending the admin's username (admin_name) in a pheap_login cookie. NOTE: the vendor disputes this vulnerability because authentication data is derived from the admin_pass and secret variables, in addition to the admin_name; and because the exploit code is designed for an unrelated application

CVSS2: 10
EPSS: Низкий
nvd логотип

CVE-2007-4415

больше 18 лет назад

Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2007-4414

больше 18 лет назад

Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the "Start Before Logon" (SBL) and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2007-4413

больше 18 лет назад

Direct static code injection vulnerability in admincp/user_help.php in Headstart Solutions DeskPRO 3.0.2 allows remote authenticated users to inject arbitrary PHP code into an unspecified file via a new_entry value in the do parameter.

CVSS2: 3.5
EPSS: Низкий
nvd логотип

CVE-2007-4412

больше 18 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Headstart Solutions DeskPRO 3.0.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters to (1) techs.php, (2) ticket_category.php, (3) ticket_priority.php, (4) ticket_workflow.php, (5) ticket_escalate.php, (6) fields_ticket.php, (7) ticket_rules_web.php, (8) ticket_displayfields.php, (9) ticket_rules_mail.php, (10) fields_user.php, (11) fields_faq.php, and (12) user_help.php, in (a) admincp/ and (b) possibly a directory on the "User side."

CVSS2: 3.5
EPSS: Низкий
nvd логотип

CVE-2007-4411

больше 18 лет назад

ircu 2.10.12.05 and earlier allows remote attackers to discover the hidden IP address of arbitrary +x users via a series of /silence commands with (1) CIDR mask arguments or (2) certain other arguments that represent groups of IP addresses, then monitoring CTCP ping replies.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-4410

больше 18 лет назад

ircu 2.10.12.05 and earlier does not properly synchronize a kick action in certain cross scenarios, which allows remote authenticated operators to prevent later kick or de-op actions from non-local ops.

CVSS2: 6
EPSS: Низкий
nvd логотип

CVE-2007-4409

больше 18 лет назад

Race condition in ircu 2.10.12.01 through 2.10.12.05 allows remote attackers to set a new Apass during a netburst by arranging for ops privilege to be granted before the mode arrives.

CVSS2: 5.1
EPSS: Низкий
nvd логотип

CVE-2007-4408

больше 18 лет назад

ircu 2.10.12.05 and earlier ignores timestamps in bounces, which allows remote attackers to take over a channel during a netjoin by causing a bounce while a server with an older version of the channel is linking.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2007-4407

больше 18 лет назад

ircu 2.10.12.03 and 2.10.12.04 does not associate a timestamp with ops privilege on an unused channel (zannel), which allows remote attackers to (1) set or remove certain channel modes via a "netriding" attack or (2) take over a channel by joining an unlinked server with the A/Upass and then setting a new Apass.

CVSS2: 6.4
EPSS: Низкий
nvd логотип

CVE-2007-4406

больше 18 лет назад

ircu 2.10.12.01 through 2.10.12.04 does not remove ops privilege after a join from a server with an older timestamp (TS), which allows remote attackers to gain control of a channel during a split.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-4405

больше 18 лет назад

ircu 2.10.12.02 through 2.10.12.04 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by creating a large number of unused channels (zannels).

CVSS2: 7.8
EPSS: Низкий
nvd логотип

CVE-2007-4404

больше 18 лет назад

ircu 2.10.12.01 allows remote attackers to (1) cause a denial of service (flood wallops) by joining two channels with certain long names that differ in the final character, which triggers a protocol violation and (2) cause a denial of service (daemon crash) via a "J 0:#channel" message on a channel without an apass; and (3) allows remote authenticated operators to cause a denial of service (daemon crash) via a remote "names -D" command.

CVSS2: 7.8
EPSS: Низкий
nvd логотип

CVE-2007-4403

больше 18 лет назад

The mIRC Control Plug-in for Winamp allows user-assisted remote attackers to execute arbitrary code via the '|' (pipe) shell metacharacter in the name of the song in a .mp3 file.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2007-4402

больше 18 лет назад

Multiple unspecified scripts in mIRC allow user-assisted remote attackers to execute arbitrary code via the '|' (pipe) shell metacharacter in the name of the song in a .mp3 file.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2007-4401

больше 18 лет назад

Multiple CRLF injection vulnerabilities in the Advanced mIRC Integration Plugin and possibly other unspecified scripts in mIRC allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2007-4400

больше 18 лет назад

CRLF injection vulnerability in the included media script in Konversation allows user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2007-4399

больше 18 лет назад

CRLF injection vulnerability in the xmms.bx 1.0 script for BitchX allows user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2007-4398

больше 18 лет назад

Multiple CRLF injection vulnerabilities in the (1) now-playing.rb and (2) xmms.pl 1.1 scripts for WeeChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2007-4397

больше 18 лет назад

Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.

CVSS2: 6.8
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2007-4416

captcha.php in BellaBook (aka BellaBuffs) allows remote attackers to obtain administrative privileges by sending the admin's username (admin_name) in a pheap_login cookie. NOTE: the vendor disputes this vulnerability because authentication data is derived from the admin_pass and secret variables, in addition to the admin_name; and because the exploit code is designed for an unrelated application

CVSS2: 10
2%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-4415

Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe.

CVSS2: 6.8
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-4414

Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the "Start Before Logon" (SBL) and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box.

CVSS2: 6.8
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-4413

Direct static code injection vulnerability in admincp/user_help.php in Headstart Solutions DeskPRO 3.0.2 allows remote authenticated users to inject arbitrary PHP code into an unspecified file via a new_entry value in the do parameter.

CVSS2: 3.5
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-4412

Multiple cross-site scripting (XSS) vulnerabilities in Headstart Solutions DeskPRO 3.0.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters to (1) techs.php, (2) ticket_category.php, (3) ticket_priority.php, (4) ticket_workflow.php, (5) ticket_escalate.php, (6) fields_ticket.php, (7) ticket_rules_web.php, (8) ticket_displayfields.php, (9) ticket_rules_mail.php, (10) fields_user.php, (11) fields_faq.php, and (12) user_help.php, in (a) admincp/ and (b) possibly a directory on the "User side."

CVSS2: 3.5
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-4411

ircu 2.10.12.05 and earlier allows remote attackers to discover the hidden IP address of arbitrary +x users via a series of /silence commands with (1) CIDR mask arguments or (2) certain other arguments that represent groups of IP addresses, then monitoring CTCP ping replies.

CVSS2: 4.3
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-4410

ircu 2.10.12.05 and earlier does not properly synchronize a kick action in certain cross scenarios, which allows remote authenticated operators to prevent later kick or de-op actions from non-local ops.

CVSS2: 6
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-4409

Race condition in ircu 2.10.12.01 through 2.10.12.05 allows remote attackers to set a new Apass during a netburst by arranging for ops privilege to be granted before the mode arrives.

CVSS2: 5.1
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-4408

ircu 2.10.12.05 and earlier ignores timestamps in bounces, which allows remote attackers to take over a channel during a netjoin by causing a bounce while a server with an older version of the channel is linking.

CVSS2: 5
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-4407

ircu 2.10.12.03 and 2.10.12.04 does not associate a timestamp with ops privilege on an unused channel (zannel), which allows remote attackers to (1) set or remove certain channel modes via a "netriding" attack or (2) take over a channel by joining an unlinked server with the A/Upass and then setting a new Apass.

CVSS2: 6.4
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-4406

ircu 2.10.12.01 through 2.10.12.04 does not remove ops privilege after a join from a server with an older timestamp (TS), which allows remote attackers to gain control of a channel during a split.

CVSS2: 7.5
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-4405

ircu 2.10.12.02 through 2.10.12.04 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by creating a large number of unused channels (zannels).

CVSS2: 7.8
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-4404

ircu 2.10.12.01 allows remote attackers to (1) cause a denial of service (flood wallops) by joining two channels with certain long names that differ in the final character, which triggers a protocol violation and (2) cause a denial of service (daemon crash) via a "J 0:#channel" message on a channel without an apass; and (3) allows remote authenticated operators to cause a denial of service (daemon crash) via a remote "names -D" command.

CVSS2: 7.8
3%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-4403

The mIRC Control Plug-in for Winamp allows user-assisted remote attackers to execute arbitrary code via the '|' (pipe) shell metacharacter in the name of the song in a .mp3 file.

CVSS2: 6.8
2%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-4402

Multiple unspecified scripts in mIRC allow user-assisted remote attackers to execute arbitrary code via the '|' (pipe) shell metacharacter in the name of the song in a .mp3 file.

CVSS2: 6.8
3%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-4401

Multiple CRLF injection vulnerabilities in the Advanced mIRC Integration Plugin and possibly other unspecified scripts in mIRC allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.

CVSS2: 6.8
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-4400

CRLF injection vulnerability in the included media script in Konversation allows user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.

CVSS2: 6.8
2%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-4399

CRLF injection vulnerability in the xmms.bx 1.0 script for BitchX allows user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.

CVSS2: 6.8
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-4398

Multiple CRLF injection vulnerabilities in the (1) now-playing.rb and (2) xmms.pl 1.1 scripts for WeeChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.

CVSS2: 6.8
2%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-4397

Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.

CVSS2: 6.8
4%
Низкий
больше 18 лет назад

Уязвимостей на страницу