Количество 327 090
Количество 327 090
CVE-2007-3945
Rule Set Based Access Control (RSBAC) before 1.3.5 does not properly use the Linux Kernel Crypto API for the Linux kernel 2.6.x, which allows context-dependent attackers to bypass authentication controls via unspecified vectors, possibly involving User Management password hashing and unchecked function return codes.
CVE-2007-3944
Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone. NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier.
CVE-2007-3943
SQL injection vulnerability in Infinite Responder before 1.48 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information.
CVE-2007-3942
Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.1.3 allows remote attackers to include local files via unspecified vectors related to the sourcedir parameter or the actionArray hash. NOTE: CVE and multiple third parties dispute this vulnerability because both sourcedir and actionArray are defined before use
CVE-2007-3941
Cross-site scripting (XSS) vulnerability in profile.php in Jasmine CMS 1.0_1 allows remote authenticated users to inject arbitrary web script or HTML via the profile_email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3940
Cross-site scripting (XSS) vulnerability in default.asp in QuickerSite 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the svalue parameter in a search action. NOTE: some of these details are obtained from third party information.
CVE-2007-3939
SQL injection vulnerability in index.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) CMS 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2007-3938
SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.8x and earlier before 20070720 allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a view action in the Topics module, a different vulnerability than CVE-2006-1676.
CVE-2007-3937
Multiple SQL injection vulnerabilities in A-shop 0.70 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2007-3936
Directory traversal vulnerability in admin/filebrowser.asp in A-shop 0.70 and earlier, and possibly 0.71, allows remote attackers to delete arbitrary files via unspecified filename references in the delfiles parameter.
CVE-2007-3935
PHP remote file inclusion vulnerability in link_main.php in the SupaNav 1.0.0 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2007-3934
PHP remote file inclusion vulnerability in postscript/postscript.php in BBS E-Market allows remote attackers to execute arbitrary PHP code via a URL in the p_mode parameter.
CVE-2007-3933
SQL injection vulnerability in insertorder.cfm in QuickEStore 8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the CFTOKEN parameter, a different vector than CVE-2006-2053.
CVE-2007-3932
uploadimg.php in the Expose RC35 and earlier (com_expose) component for Joomla! sends an error message but does not exit when it detects an attempt to upload a non-JPEG file, which allows remote attackers to upload and execute arbitrary PHP code in the img/ folder.
CVE-2007-3931
The wrap_setuid_third_party_application function in the installation script for the Samsung SCX-4200 Driver 2.00.95 adds setuid permissions to third party applications such as xsane and xscanimage, which allows local users to gain privileges.
CVE-2007-3930
Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain.
CVE-2007-3929
Use-after-free vulnerability in the BitTorrent support in Opera before 9.22 allows user-assisted remote attackers to execute arbitrary code via a crafted header in a torrent file, which leaves a dangling pointer to an invalid object.
CVE-2007-3928
Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users to execute arbitrary code via a long e-mail address in an address book entry. NOTE: this might overlap CVE-2007-3638.
CVE-2007-3927
Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 (1) allow remote attackers to execute arbitrary code via unspecified vectors in Imailsec and (2) allow attackers to have an unknown impact via an unspecified vector related to "subscribe."
CVE-2007-3926
Ipswitch IMail Server 2006 before 2006.21 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving an "overwritten destructor."
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
CVE-2007-3945 Rule Set Based Access Control (RSBAC) before 1.3.5 does not properly use the Linux Kernel Crypto API for the Linux kernel 2.6.x, which allows context-dependent attackers to bypass authentication controls via unspecified vectors, possibly involving User Management password hashing and unchecked function return codes. | CVSS2: 6.4 | 1% Низкий | больше 18 лет назад | |
CVE-2007-3944 Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone. NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier. | CVSS2: 9.3 | 18% Средний | больше 18 лет назад | |
CVE-2007-3943 SQL injection vulnerability in Infinite Responder before 1.48 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information. | CVSS2: 7.5 | 0% Низкий | больше 18 лет назад | |
CVE-2007-3942 Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.1.3 allows remote attackers to include local files via unspecified vectors related to the sourcedir parameter or the actionArray hash. NOTE: CVE and multiple third parties dispute this vulnerability because both sourcedir and actionArray are defined before use | CVSS2: 5.8 | 0% Низкий | больше 18 лет назад | |
CVE-2007-3941 Cross-site scripting (XSS) vulnerability in profile.php in Jasmine CMS 1.0_1 allows remote authenticated users to inject arbitrary web script or HTML via the profile_email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | CVSS2: 4.3 | 0% Низкий | больше 18 лет назад | |
CVE-2007-3940 Cross-site scripting (XSS) vulnerability in default.asp in QuickerSite 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the svalue parameter in a search action. NOTE: some of these details are obtained from third party information. | CVSS2: 4.3 | 0% Низкий | больше 18 лет назад | |
CVE-2007-3939 SQL injection vulnerability in index.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) CMS 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter. | CVSS2: 6.8 | 1% Низкий | больше 18 лет назад | |
CVE-2007-3938 SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.8x and earlier before 20070720 allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a view action in the Topics module, a different vulnerability than CVE-2006-1676. | CVSS2: 7.5 | 1% Низкий | больше 18 лет назад | |
CVE-2007-3937 Multiple SQL injection vulnerabilities in A-shop 0.70 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | CVSS2: 7.5 | 0% Низкий | больше 18 лет назад | |
CVE-2007-3936 Directory traversal vulnerability in admin/filebrowser.asp in A-shop 0.70 and earlier, and possibly 0.71, allows remote attackers to delete arbitrary files via unspecified filename references in the delfiles parameter. | CVSS2: 6.4 | 4% Низкий | больше 18 лет назад | |
CVE-2007-3935 PHP remote file inclusion vulnerability in link_main.php in the SupaNav 1.0.0 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | CVSS2: 9.3 | 1% Низкий | больше 18 лет назад | |
CVE-2007-3934 PHP remote file inclusion vulnerability in postscript/postscript.php in BBS E-Market allows remote attackers to execute arbitrary PHP code via a URL in the p_mode parameter. | CVSS2: 7.5 | 9% Низкий | больше 18 лет назад | |
CVE-2007-3933 SQL injection vulnerability in insertorder.cfm in QuickEStore 8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the CFTOKEN parameter, a different vector than CVE-2006-2053. | CVSS2: 7.5 | 1% Низкий | больше 18 лет назад | |
CVE-2007-3932 uploadimg.php in the Expose RC35 and earlier (com_expose) component for Joomla! sends an error message but does not exit when it detects an attempt to upload a non-JPEG file, which allows remote attackers to upload and execute arbitrary PHP code in the img/ folder. | CVSS2: 7.5 | 4% Низкий | больше 18 лет назад | |
CVE-2007-3931 The wrap_setuid_third_party_application function in the installation script for the Samsung SCX-4200 Driver 2.00.95 adds setuid permissions to third party applications such as xsane and xscanimage, which allows local users to gain privileges. | CVSS2: 4.4 | 0% Низкий | больше 18 лет назад | |
CVE-2007-3930 Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain. | CVSS2: 4.3 | 17% Средний | больше 18 лет назад | |
CVE-2007-3929 Use-after-free vulnerability in the BitTorrent support in Opera before 9.22 allows user-assisted remote attackers to execute arbitrary code via a crafted header in a torrent file, which leaves a dangling pointer to an invalid object. | CVSS2: 9.3 | 7% Низкий | больше 18 лет назад | |
CVE-2007-3928 Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users to execute arbitrary code via a long e-mail address in an address book entry. NOTE: this might overlap CVE-2007-3638. | CVSS2: 7.6 | 9% Низкий | больше 18 лет назад | |
CVE-2007-3927 Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 (1) allow remote attackers to execute arbitrary code via unspecified vectors in Imailsec and (2) allow attackers to have an unknown impact via an unspecified vector related to "subscribe." | CVSS2: 10 | 71% Высокий | больше 18 лет назад | |
CVE-2007-3926 Ipswitch IMail Server 2006 before 2006.21 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving an "overwritten destructor." | CVSS2: 7.8 | 0% Низкий | больше 18 лет назад |
Уязвимостей на страницу