Логотип exploitDog
source:"nvd"
Консоль
Логотип exploitDog

exploitDog

source:"nvd"

Количество 331 614

Количество 331 614

nvd логотип

CVE-2007-6492

около 18 лет назад

The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via an empty string in the argument to the ProcessRequestEx method.

CVSS2: 7.1
EPSS: Низкий
nvd логотип

CVE-2007-6491

около 18 лет назад

Multiple SQL injection vulnerabilities in Kvaliitti WebDoc 3.0 CMS allow remote attackers to execute arbitrary SQL commands via (1) the cat_id parameter to categories.asp; and probably (2) the document_id parameter to categories.asp, and the (3) cat_id and (4) document_id parameters to subcategory.asp.

CVSS2: 10
EPSS: Низкий
nvd логотип

CVE-2007-6490

около 18 лет назад

Cross-site request forgery (CSRF) vulnerability in Falcon Series One CMS 1.4.3 allows remote attackers to change a password via a certain changepass action to index.php.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-6489

около 18 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gb_mail, (2) gb_name, and (3) gb_text parameters in a guestbook action to index.php, and unspecified other vectors.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-6488

около 18 лет назад

Multiple PHP remote file inclusion vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the dir[classes] parameter to sitemap.xml.php or (2) the error parameter to errors.php.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2007-6487

около 18 лет назад

Unspecified vulnerability in Plain Black WebGUI 7.4.0 through 7.4.17 allows remote authenticated users with Secondary Admin privileges to create Admin accounts, a different vulnerability than CVE-2006-0680.

CVSS2: 4.9
EPSS: Низкий
nvd логотип

CVE-2007-6486

около 18 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in shout.php (aka the shoutbox) in LineShout 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username (nickname) or (2) message parameter. NOTE: some of these details are obtained from third party information.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-6485

около 18 лет назад

Multiple PHP remote file inclusion vulnerabilities in Centreon 1.4.1 (aka Oreon 1.4) allow remote attackers to execute arbitrary PHP code via a URL in the fileOreonConf parameter to (1) MakeXML.php or (2) MakeXML4statusCounter.php in include/monitoring/engine/.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-6484

около 18 лет назад

SQL injection vulnerability in index.php in phpRPG 0.8 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2007-6483

около 18 лет назад

Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.0.0 through 7.4.0 and possibly earlier versions, and Sentinel Keys Server 1.0.3 and possibly earlier versions, allows remote attackers to read arbitrary files via a .. (dot dot) in the query string.

CVSS2: 5
EPSS: Средний
nvd логотип

CVE-2007-6482

около 18 лет назад

Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.

CVSS2: 7.8
EPSS: Низкий
nvd логотип

CVE-2007-6481

около 18 лет назад

Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to create or delete arbitrary directories via unspecified vectors.

CVSS2: 6.4
EPSS: Низкий
nvd логотип

CVE-2007-6480

около 18 лет назад

The Oracle database component in Sun Management Center (Sun MC) 3.6.1, 3.6, and 3.5 Update 1 has a default account, which allows remote attackers to obtain database access and execute arbitrary code.

CVSS2: 9.4
EPSS: Низкий
nvd логотип

CVE-2007-6479

около 18 лет назад

Unrestricted file upload vulnerability in the "My productions" component for main/auth/profile.php (aka the "My profile" page) in Dokeos 1.8.4 allows remote authenticated users to upload and execute arbitrary PHP files via a filename with a double extension, which can then be accessed through a URI under main/upload/users/.

CVSS2: 4.9
EPSS: Низкий
nvd логотип

CVE-2007-6478

около 18 лет назад

Stack-based buffer overflow in Rosoft Media Player 4.1.7, 4.1.8, and possibly earlier versions allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a .M3U file. NOTE: some of these details are obtained from third party information.

CVSS2: 6.8
EPSS: Средний
nvd логотип

CVE-2007-6477

около 18 лет назад

Cross-site scripting (XSS) vulnerability in the on-line help feature in Citrix Web Interface 2.0 and earlier, and NFuse, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-6476

около 18 лет назад

GF-3XPLORER 2.4 allows remote attackers to obtain configuration information via a direct request to explorer/phpinfo.php, which calls the phpinfo function.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2007-6475

около 18 лет назад

Multiple directory traversal vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_sel parameter to (1) updater.php and (2) thumber.php.

CVSS2: 6.4
EPSS: Низкий
nvd логотип

CVE-2007-6474

около 18 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to inject arbitrary web script or HTML via the newdir parameter to index_3x.php, and unspecified other vectors.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-6473

около 18 лет назад

Heap-based buffer overflow in Texas Imperial Software WFTPD Pro Explorer 1.0 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command.

CVSS2: 5.8
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2007-6492

The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via an empty string in the argument to the ProcessRequestEx method.

CVSS2: 7.1
1%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-6491

Multiple SQL injection vulnerabilities in Kvaliitti WebDoc 3.0 CMS allow remote attackers to execute arbitrary SQL commands via (1) the cat_id parameter to categories.asp; and probably (2) the document_id parameter to categories.asp, and the (3) cat_id and (4) document_id parameters to subcategory.asp.

CVSS2: 10
0%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-6490

Cross-site request forgery (CSRF) vulnerability in Falcon Series One CMS 1.4.3 allows remote attackers to change a password via a certain changepass action to index.php.

CVSS2: 4.3
1%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-6489

Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gb_mail, (2) gb_name, and (3) gb_text parameters in a guestbook action to index.php, and unspecified other vectors.

CVSS2: 7.5
8%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-6488

Multiple PHP remote file inclusion vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the dir[classes] parameter to sitemap.xml.php or (2) the error parameter to errors.php.

CVSS2: 6.8
6%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-6487

Unspecified vulnerability in Plain Black WebGUI 7.4.0 through 7.4.17 allows remote authenticated users with Secondary Admin privileges to create Admin accounts, a different vulnerability than CVE-2006-0680.

CVSS2: 4.9
0%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-6486

Multiple cross-site scripting (XSS) vulnerabilities in shout.php (aka the shoutbox) in LineShout 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username (nickname) or (2) message parameter. NOTE: some of these details are obtained from third party information.

CVSS2: 4.3
0%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-6485

Multiple PHP remote file inclusion vulnerabilities in Centreon 1.4.1 (aka Oreon 1.4) allow remote attackers to execute arbitrary PHP code via a URL in the fileOreonConf parameter to (1) MakeXML.php or (2) MakeXML4statusCounter.php in include/monitoring/engine/.

CVSS2: 7.5
1%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-6484

SQL injection vulnerability in index.php in phpRPG 0.8 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS2: 6.8
0%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-6483

Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.0.0 through 7.4.0 and possibly earlier versions, and Sentinel Keys Server 1.0.3 and possibly earlier versions, allows remote attackers to read arbitrary files via a .. (dot dot) in the query string.

CVSS2: 5
32%
Средний
около 18 лет назад
nvd логотип
CVE-2007-6482

Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.

CVSS2: 7.8
2%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-6481

Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to create or delete arbitrary directories via unspecified vectors.

CVSS2: 6.4
2%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-6480

The Oracle database component in Sun Management Center (Sun MC) 3.6.1, 3.6, and 3.5 Update 1 has a default account, which allows remote attackers to obtain database access and execute arbitrary code.

CVSS2: 9.4
5%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-6479

Unrestricted file upload vulnerability in the "My productions" component for main/auth/profile.php (aka the "My profile" page) in Dokeos 1.8.4 allows remote authenticated users to upload and execute arbitrary PHP files via a filename with a double extension, which can then be accessed through a URI under main/upload/users/.

CVSS2: 4.9
5%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-6478

Stack-based buffer overflow in Rosoft Media Player 4.1.7, 4.1.8, and possibly earlier versions allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a .M3U file. NOTE: some of these details are obtained from third party information.

CVSS2: 6.8
26%
Средний
около 18 лет назад
nvd логотип
CVE-2007-6477

Cross-site scripting (XSS) vulnerability in the on-line help feature in Citrix Web Interface 2.0 and earlier, and NFuse, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS2: 4.3
1%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-6476

GF-3XPLORER 2.4 allows remote attackers to obtain configuration information via a direct request to explorer/phpinfo.php, which calls the phpinfo function.

CVSS2: 5
6%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-6475

Multiple directory traversal vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_sel parameter to (1) updater.php and (2) thumber.php.

CVSS2: 6.4
4%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-6474

Multiple cross-site scripting (XSS) vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to inject arbitrary web script or HTML via the newdir parameter to index_3x.php, and unspecified other vectors.

CVSS2: 4.3
4%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-6473

Heap-based buffer overflow in Texas Imperial Software WFTPD Pro Explorer 1.0 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command.

CVSS2: 5.8
4%
Низкий
около 18 лет назад

Уязвимостей на страницу