Логотип exploitDog
source:"nvd"
Консоль
Логотип exploitDog

exploitDog

source:"nvd"

Количество 327 090

Количество 327 090

nvd логотип

CVE-2007-2262

почти 19 лет назад

Multiple PHP remote file inclusion vulnerabilities in html/php/detail.php in Sinato jmuffin allow remote attackers to execute arbitrary PHP code via a URL in the (1) relPath and (2) folder parameters. NOTE: this product was originally reported as "File117".

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2261

почти 19 лет назад

PHP remote file inclusion vulnerability in espaces/communiques/annotations.php in C-Arbre 0.6PR7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, a different vector than CVE-2007-1721.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2260

почти 19 лет назад

Multiple PHP remote file inclusion vulnerabilities in bibtex mase beta 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the bibtexrootrel parameter to (1) unavailable.php, (2) source.php, (3) log.php, (4) latex.php, (5) indexinfo.php, (6) index.php, (7) importinfo.php, (8) import.php, (9) examplefile.php, (10) clearinfo.php, (11) clear.php, (12) aboutinfo.php, (13) about.php, and other unspecified files.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2259

почти 19 лет назад

SQL injection vulnerability in forum.php in EsForum 3.0 allows remote attackers to execute arbitrary SQL commands via the idsalon parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2258

почти 19 лет назад

PHP remote file inclusion vulnerability in includes/init.inc.php in PHPMyBibli allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2257

почти 19 лет назад

PHP remote file inclusion vulnerability in subscp.php in Fully Modded phpBB2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2256

почти 19 лет назад

Cross-site scripting (XSS) vulnerability in you.php in TJSChat 0.95 allows remote attackers to inject arbitrary web script or HTML via the user parameter.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-2255

почти 19 лет назад

Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) eng_dir parameter to addmember.php, (2) lang_path parameter to admin/enginelib/class.phpmailer.php, and the (3) spaw_root parameter to admin/includes/spaw/dialogs/colorpicker.php, different vectors than CVE-2006-5291 and CVE-2006-5459. NOTE: vector 3 might be an issue in SPAW.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2254

почти 19 лет назад

PHP remote file inclusion vulnerability in admin/setup/level2.php in PHP Classifieds 6.04, and probably earlier versions, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this product was referred to as "Allfaclassfieds" in the original disclosure.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2253

почти 19 лет назад

Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain path information via a direct request for (1) sdk/blanks/formcontrol.php and (2) sdk/blanks/file_modules.php.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2007-2252

почти 19 лет назад

Directory traversal vulnerability in iconspopup.php in Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain sensitive information via a .. (dot dot) in the icodir parameter.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2007-2251

почти 19 лет назад

Unspecified vulnerability in the Roles module in Xaraya 1.1.2 and earlier allows attackers to gain privileges via unspecified vectors, probably related to incorrect permission checking in xartemplates/user-view.xd.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2250

почти 19 лет назад

admin.php in Phorum before 5.1.22 allows remote attackers to obtain the full path via the module[] parameter.

CVSS2: 5
EPSS: Средний
nvd логотип

CVE-2007-2249

почти 19 лет назад

include/controlcenter/users.php in Phorum before 5.1.22 allows remote authenticated moderators to gain privileges via a modified (1) user_ids POST parameter or (2) userdata array.

CVSS2: 6.5
EPSS: Средний
nvd логотип

CVE-2007-2248

почти 19 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Phorum before 5.1.22 allow remote attackers to inject arbitrary web script or HTML via the (1) group_id parameter in the groups module or (2) the smiley_id parameter in the smileys modsettings module.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-2247

почти 19 лет назад

SQL injection vulnerability in modules/news/article.php in phpMySpace Gold 8.10 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2246

почти 19 лет назад

Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when running sendmail 8.9.3 or 8.11.1; and HP-UX B.11.23 when running sendmail 8.11.1; allows remote attackers to cause a denial of service via unknown attack vectors. NOTE: due to the lack of details from HP, it is not known whether this issue is a duplicate of another CVE such as CVE-2006-1173 or CVE-2006-4434.

CVSS2: 7.8
EPSS: Низкий
nvd логотип

CVE-2007-2245

почти 19 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the fieldkey parameter to browse_foreigners.php or (2) certain input to the PMA_sanitize function.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2007-2244

почти 19 лет назад

Multiple buffer overflows in Adobe Photoshop CS2 and CS3, Illustrator CS3, and GoLive 9 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) BMP, (2) DIB, or (3) RLE file.

CVSS2: 9.3
EPSS: Средний
nvd логотип

CVE-2007-2243

почти 19 лет назад

OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.

CVSS2: 5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2007-2262

Multiple PHP remote file inclusion vulnerabilities in html/php/detail.php in Sinato jmuffin allow remote attackers to execute arbitrary PHP code via a URL in the (1) relPath and (2) folder parameters. NOTE: this product was originally reported as "File117".

CVSS2: 7.5
7%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2261

PHP remote file inclusion vulnerability in espaces/communiques/annotations.php in C-Arbre 0.6PR7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, a different vector than CVE-2007-1721.

CVSS2: 7.5
1%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2260

Multiple PHP remote file inclusion vulnerabilities in bibtex mase beta 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the bibtexrootrel parameter to (1) unavailable.php, (2) source.php, (3) log.php, (4) latex.php, (5) indexinfo.php, (6) index.php, (7) importinfo.php, (8) import.php, (9) examplefile.php, (10) clearinfo.php, (11) clear.php, (12) aboutinfo.php, (13) about.php, and other unspecified files.

CVSS2: 7.5
2%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2259

SQL injection vulnerability in forum.php in EsForum 3.0 allows remote attackers to execute arbitrary SQL commands via the idsalon parameter.

CVSS2: 7.5
2%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2258

PHP remote file inclusion vulnerability in includes/init.inc.php in PHPMyBibli allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter.

CVSS2: 7.5
3%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2257

PHP remote file inclusion vulnerability in subscp.php in Fully Modded phpBB2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

CVSS2: 7.5
3%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2256

Cross-site scripting (XSS) vulnerability in you.php in TJSChat 0.95 allows remote attackers to inject arbitrary web script or HTML via the user parameter.

CVSS2: 4.3
6%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2255

Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) eng_dir parameter to addmember.php, (2) lang_path parameter to admin/enginelib/class.phpmailer.php, and the (3) spaw_root parameter to admin/includes/spaw/dialogs/colorpicker.php, different vectors than CVE-2006-5291 and CVE-2006-5459. NOTE: vector 3 might be an issue in SPAW.

CVSS2: 7.5
1%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2254

PHP remote file inclusion vulnerability in admin/setup/level2.php in PHP Classifieds 6.04, and probably earlier versions, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this product was referred to as "Allfaclassfieds" in the original disclosure.

CVSS2: 7.5
1%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2253

Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain path information via a direct request for (1) sdk/blanks/formcontrol.php and (2) sdk/blanks/file_modules.php.

CVSS2: 5
0%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2252

Directory traversal vulnerability in iconspopup.php in Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain sensitive information via a .. (dot dot) in the icodir parameter.

CVSS2: 5
5%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2251

Unspecified vulnerability in the Roles module in Xaraya 1.1.2 and earlier allows attackers to gain privileges via unspecified vectors, probably related to incorrect permission checking in xartemplates/user-view.xd.

CVSS2: 7.5
1%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2250

admin.php in Phorum before 5.1.22 allows remote attackers to obtain the full path via the module[] parameter.

CVSS2: 5
13%
Средний
почти 19 лет назад
nvd логотип
CVE-2007-2249

include/controlcenter/users.php in Phorum before 5.1.22 allows remote authenticated moderators to gain privileges via a modified (1) user_ids POST parameter or (2) userdata array.

CVSS2: 6.5
16%
Средний
почти 19 лет назад
nvd логотип
CVE-2007-2248

Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Phorum before 5.1.22 allow remote attackers to inject arbitrary web script or HTML via the (1) group_id parameter in the groups module or (2) the smiley_id parameter in the smileys modsettings module.

CVSS2: 4.3
8%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2247

SQL injection vulnerability in modules/news/article.php in phpMySpace Gold 8.10 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.

CVSS2: 7.5
1%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2246

Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when running sendmail 8.9.3 or 8.11.1; and HP-UX B.11.23 when running sendmail 8.11.1; allows remote attackers to cause a denial of service via unknown attack vectors. NOTE: due to the lack of details from HP, it is not known whether this issue is a duplicate of another CVE such as CVE-2006-1173 or CVE-2006-4434.

CVSS2: 7.8
3%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2245

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the fieldkey parameter to browse_foreigners.php or (2) certain input to the PMA_sanitize function.

CVSS2: 6.8
2%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2244

Multiple buffer overflows in Adobe Photoshop CS2 and CS3, Illustrator CS3, and GoLive 9 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) BMP, (2) DIB, or (3) RLE file.

CVSS2: 9.3
22%
Средний
почти 19 лет назад
nvd логотип
CVE-2007-2243

OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.

CVSS2: 5
0%
Низкий
почти 19 лет назад

Уязвимостей на страницу