Количество 331 209
Количество 331 209
CVE-2007-6467
SQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows remote attackers to execute arbitrary SQL commands via the ida parameter in a gallery foto_show action.
CVE-2007-6466
Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the prod parameter in a details action, (2) the cat parameter in a browse list action, or (3) the group parameter in a categories action. NOTE: it was later reported that MOG - Web Shop (MOG-WebShop), a product based on the same code, is also affected.
CVE-2007-6465
Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in Ganglia before 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) c and (2) h parameters to (a) web/host_gmetrics.php; the (3) G, (4) me, (5) x, (6) n, (7) v, (8) l, (9) vl, and (10) st parameters to (b) web/graph.php; and the (11) c, (12) G, (13) h, (14) r, (15) m, (16) s, (17) cr, (18) hc, (19) sh, (20) p, (21) t, (22) jr, (23) js, (24) gw, (25) z, and (26) gs parameters to (c) web/get_context.php. NOTE: some of these details are obtained from third party information.
CVE-2007-6464
Multiple PHP remote file inclusion vulnerabilities in Form tools 1.5.0b allow remote attackers to execute arbitrary PHP code via a URL in the g_root_dir parameter to (1) admin_page_open.php and (2) client_page_open.php in global/templates/.
CVE-2007-6463
Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in PHP Real Estate Classifieds allow remote attackers to inject arbitrary web script or HTML via unspecified "text areas/boxes."
CVE-2007-6462
SQL injection vulnerability in fullnews.php in PHP Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-6461
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flyspray 0.9.9 through 0.9.9.3 allow remote attackers to inject arbitrary web script or HTML via (1) the query string in an index action, related to the savesearch JavaScript function; and (2) the details parameter in a details action, related to the History tab and the getHistory JavaScript function.
CVE-2007-6460
Multiple cross-site scripting (XSS) vulnerabilities in Anon Proxy Server before 0.101 allow remote attackers to inject arbitrary web script or HTML via the URI, which is later displayed by (1) log.php or (2) logerror.php, a different vulnerability than CVE-2007-6459.
CVE-2007-6459
Anon Proxy Server 0.100, and probably 0.101, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the host parameter to diagdns.php, and (2) the host parameter and possibly (3) the port parameter to diagconnect.php, a different vulnerability than CVE-2007-6460.
CVE-2007-6458
SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php.
CVE-2007-6457
Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header.
CVE-2007-6456
Unspecified vulnerability in OpenOffice.org code in Planamesa NeoOffice 2.2.2 before Patch 4 has unknown impact and attack vectors related to MacOS 10.3.9 .odb files. NOTE: it is not clear whether this issue is a vulnerability.
CVE-2007-6455
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Itemid parameter in a com_frontpage option and the (2) option parameter.
CVE-2007-6454
Heap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request.
CVE-2007-6453
Directory traversal vulnerability in raidenhttpd-admin/workspace.php in RaidenHTTPD 2.0.19, when the WebAdmin function is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ulang parameter.
CVE-2007-6452
Unspecified vulnerability in the benchmark reporting system in Google Web Toolkit (GWT) before 1.4.61 has unknown impact and attack vectors, possibly related to cross-site scripting (XSS).
CVE-2007-6451
Unspecified vulnerability in the CIP dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger allocation of large amounts of memory.
CVE-2007-6450
The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.
CVE-2007-6449
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6121. Reason: This candidate is a duplicate of CVE-2007-6121. Notes: All CVE users should reference CVE-2007-6121 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
CVE-2007-6448
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6120. Reason: This candidate is a duplicate of CVE-2007-6120. Notes: All CVE users should reference CVE-2007-6120 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2007-6467 SQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows remote attackers to execute arbitrary SQL commands via the ida parameter in a gallery foto_show action. | CVSS2: 7.5 | 0% Низкий | около 18 лет назад |
| CVE-2007-6466 Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the prod parameter in a details action, (2) the cat parameter in a browse list action, or (3) the group parameter in a categories action. NOTE: it was later reported that MOG - Web Shop (MOG-WebShop), a product based on the same code, is also affected. | CVSS2: 7.5 | 1% Низкий | около 18 лет назад |
| CVE-2007-6465 Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in Ganglia before 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) c and (2) h parameters to (a) web/host_gmetrics.php; the (3) G, (4) me, (5) x, (6) n, (7) v, (8) l, (9) vl, and (10) st parameters to (b) web/graph.php; and the (11) c, (12) G, (13) h, (14) r, (15) m, (16) s, (17) cr, (18) hc, (19) sh, (20) p, (21) t, (22) jr, (23) js, (24) gw, (25) z, and (26) gs parameters to (c) web/get_context.php. NOTE: some of these details are obtained from third party information. | CVSS2: 4.3 | 0% Низкий | около 18 лет назад |
| CVE-2007-6464 Multiple PHP remote file inclusion vulnerabilities in Form tools 1.5.0b allow remote attackers to execute arbitrary PHP code via a URL in the g_root_dir parameter to (1) admin_page_open.php and (2) client_page_open.php in global/templates/. | CVSS2: 6.8 | 3% Низкий | около 18 лет назад |
| CVE-2007-6463 Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in PHP Real Estate Classifieds allow remote attackers to inject arbitrary web script or HTML via unspecified "text areas/boxes." | CVSS2: 4.3 | 0% Низкий | около 18 лет назад |
| CVE-2007-6462 SQL injection vulnerability in fullnews.php in PHP Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the id parameter. | CVSS2: 7.5 | 0% Низкий | около 18 лет назад |
| CVE-2007-6461 Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flyspray 0.9.9 through 0.9.9.3 allow remote attackers to inject arbitrary web script or HTML via (1) the query string in an index action, related to the savesearch JavaScript function; and (2) the details parameter in a details action, related to the History tab and the getHistory JavaScript function. | CVSS2: 4.3 | 0% Низкий | около 18 лет назад |
| CVE-2007-6460 Multiple cross-site scripting (XSS) vulnerabilities in Anon Proxy Server before 0.101 allow remote attackers to inject arbitrary web script or HTML via the URI, which is later displayed by (1) log.php or (2) logerror.php, a different vulnerability than CVE-2007-6459. | CVSS2: 4.3 | 0% Низкий | около 18 лет назад |
| CVE-2007-6459 Anon Proxy Server 0.100, and probably 0.101, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the host parameter to diagdns.php, and (2) the host parameter and possibly (3) the port parameter to diagconnect.php, a different vulnerability than CVE-2007-6460. | CVSS2: 6.8 | 5% Низкий | около 18 лет назад |
| CVE-2007-6458 SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php. | CVSS2: 7.5 | 0% Низкий | около 18 лет назад |
| CVE-2007-6457 Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header. | CVSS2: 5 | 6% Низкий | около 18 лет назад |
| CVE-2007-6456 Unspecified vulnerability in OpenOffice.org code in Planamesa NeoOffice 2.2.2 before Patch 4 has unknown impact and attack vectors related to MacOS 10.3.9 .odb files. NOTE: it is not clear whether this issue is a vulnerability. | CVSS2: 10 | 0% Низкий | около 18 лет назад |
| CVE-2007-6455 Multiple cross-site scripting (XSS) vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Itemid parameter in a com_frontpage option and the (2) option parameter. | CVSS2: 4.3 | 3% Низкий | около 18 лет назад |
| CVE-2007-6454 Heap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request. | CVSS2: 10 | 39% Средний | около 18 лет назад |
| CVE-2007-6453 Directory traversal vulnerability in raidenhttpd-admin/workspace.php in RaidenHTTPD 2.0.19, when the WebAdmin function is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ulang parameter. | CVSS2: 10 | 20% Средний | около 18 лет назад |
| CVE-2007-6452 Unspecified vulnerability in the benchmark reporting system in Google Web Toolkit (GWT) before 1.4.61 has unknown impact and attack vectors, possibly related to cross-site scripting (XSS). | CVSS2: 4.3 | 0% Низкий | около 18 лет назад |
| CVE-2007-6451 Unspecified vulnerability in the CIP dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger allocation of large amounts of memory. | CVSS2: 4.3 | 3% Низкий | около 18 лет назад |
| CVE-2007-6450 The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. | CVSS2: 5 | 3% Низкий | около 18 лет назад |
| CVE-2007-6449 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6121. Reason: This candidate is a duplicate of CVE-2007-6121. Notes: All CVE users should reference CVE-2007-6121 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | около 18 лет назад | ||
| CVE-2007-6448 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6120. Reason: This candidate is a duplicate of CVE-2007-6120. Notes: All CVE users should reference CVE-2007-6120 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | около 18 лет назад |
Уязвимостей на страницу