Логотип exploitDog
source:"nvd"
Консоль
Логотип exploitDog

exploitDog

source:"nvd"

Количество 327 090

Количество 327 090

nvd логотип

CVE-2007-1259

почти 19 лет назад

Multiple unspecified vulnerabilities in WebAPP before 0.9.9.6 have unknown impact and attack vectors.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-1258

почти 19 лет назад

Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and the MSFC2, MSFC2a and MSFC3 running in Hybrid Mode on Cisco Catalyst 6000, 6500 and Cisco 7600 series systems; allows remote attackers on a local network segment to cause a denial of service (software reload) via a certain MPLS packet.

CVSS2: 6.1
EPSS: Низкий
nvd логотип

CVE-2007-1257

почти 19 лет назад

The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM's own IP address.

CVSS2: 10
EPSS: Низкий
nvd логотип

CVE-2007-1256

почти 19 лет назад

Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address bar, favicons, and document source, and perform updates in the context of arbitrary websites, by repeatedly setting document.location in the onunload attribute when linking to another website, a variant of CVE-2007-1092.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2007-1255

почти 19 лет назад

Unrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated administrators to execute arbitrary PHP code by uploading a crafted GIF smiley image with a .php extension via the uploadimage parameter to admin.php, which can be later accessed via a direct request for the file in smileys/. NOTE: this can be leveraged with a separate SQL injection issue for remote unauthenticated attacks.

CVSS2: 6
EPSS: Низкий
nvd логотип

CVE-2007-1254

почти 19 лет назад

SQL injection vulnerability in part.userprofile.php in Connectix Boards 0.7 and earlier allows remote authenticated users to execute arbitrary SQL commands and obtain privileges via the p_skin parameter to index.php.

CVSS2: 6.5
EPSS: Низкий
nvd логотип

CVE-2007-1253

почти 19 лет назад

Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script for Blender 0.1.9h, as used in (b) Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted (1) KML or (2) KMZ file.

CVSS2: 9.3
EPSS: Низкий
nvd логотип

CVE-2007-1252

почти 19 лет назад

Buffer overflow in Symantec Mail Security for SMTP 5.0 before Patch 175 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted headers in an e-mail message. NOTE: some information was obtained from third party sources.

CVSS2: 9.3
EPSS: Средний
nvd логотип

CVE-2007-1251

почти 19 лет назад

Format string vulnerability in the new_warning function in ntserv/warning.c for Netrek Vanilla Server 2.12.0, when EVENTLOG is enabled, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the message handling.

CVSS2: 9.3
EPSS: Средний
nvd логотип

CVE-2007-1250

почти 19 лет назад

SQL injection vulnerability in section/default.asp in ANGEL Learning Management Suite (LMS) 7.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-1249

почти 19 лет назад

MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 does not check "the additional environment security configuration," which allows remote attackers with write permissions to reorder components.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2007-1248

почти 19 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in built2go News Manager Blog 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) uid, and (3) nid parameters to (a) news.php, and the nid parameter to (b) rating.php.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-1247

почти 19 лет назад

Multiple PHP remote file inclusion vulnerabilities in aWeb Labs aWebNews 1.5 allow remote attackers to execute arbitrary PHP code via a URL in the path_to_news parameter to (1) listing.php or (2) visview.php.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2007-1246

почти 19 лет назад

The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than CVE-2007-1387.

CVSS2: 7.6
EPSS: Низкий
nvd логотип

CVE-2007-1245

почти 19 лет назад

IrfanView 3.99 allows remote attackers to cause a denial of service (application crash) via a malformed WMF file.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-1244

почти 19 лет назад

Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks and steal cookies via the post parameter.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2007-1243

почти 19 лет назад

Audins Audiens 3.3 allows remote attackers to bypass authentication and perform certain privileged actions, possibly an uninstall of the product, by calling unistall.php with the values cnf=disinstalla and status=on. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-1242

почти 19 лет назад

SQL injection vulnerability in system/index.php in Audins Audiens 3.3 allows remote attackers to execute arbitrary SQL commands via the PHPSESSID cookie. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-1241

почти 19 лет назад

Cross-site scripting (XSS) vulnerability in setup.php in Audins Audiens 3.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS2: 5.8
EPSS: Низкий
nvd логотип

CVE-2007-1240

почти 19 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS 3.0.3 through 3.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the searchkey parameter to index.php, or the (2) sn or (3) ri parameter to modules/htmlframechat/index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS2: 4.3
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2007-1259

Multiple unspecified vulnerabilities in WebAPP before 0.9.9.6 have unknown impact and attack vectors.

CVSS2: 7.5
1%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-1258

Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and the MSFC2, MSFC2a and MSFC3 running in Hybrid Mode on Cisco Catalyst 6000, 6500 and Cisco 7600 series systems; allows remote attackers on a local network segment to cause a denial of service (software reload) via a certain MPLS packet.

CVSS2: 6.1
1%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-1257

The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM's own IP address.

CVSS2: 10
3%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-1256

Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address bar, favicons, and document source, and perform updates in the context of arbitrary websites, by repeatedly setting document.location in the onunload attribute when linking to another website, a variant of CVE-2007-1092.

CVSS2: 6.8
1%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-1255

Unrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated administrators to execute arbitrary PHP code by uploading a crafted GIF smiley image with a .php extension via the uploadimage parameter to admin.php, which can be later accessed via a direct request for the file in smileys/. NOTE: this can be leveraged with a separate SQL injection issue for remote unauthenticated attacks.

CVSS2: 6
1%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-1254

SQL injection vulnerability in part.userprofile.php in Connectix Boards 0.7 and earlier allows remote authenticated users to execute arbitrary SQL commands and obtain privileges via the p_skin parameter to index.php.

CVSS2: 6.5
1%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-1253

Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script for Blender 0.1.9h, as used in (b) Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted (1) KML or (2) KMZ file.

CVSS2: 9.3
3%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-1252

Buffer overflow in Symantec Mail Security for SMTP 5.0 before Patch 175 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted headers in an e-mail message. NOTE: some information was obtained from third party sources.

CVSS2: 9.3
11%
Средний
почти 19 лет назад
nvd логотип
CVE-2007-1251

Format string vulnerability in the new_warning function in ntserv/warning.c for Netrek Vanilla Server 2.12.0, when EVENTLOG is enabled, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the message handling.

CVSS2: 9.3
12%
Средний
почти 19 лет назад
nvd логотип
CVE-2007-1250

SQL injection vulnerability in section/default.asp in ANGEL Learning Management Suite (LMS) 7.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS2: 7.5
2%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-1249

MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 does not check "the additional environment security configuration," which allows remote attackers with write permissions to reorder components.

CVSS2: 6.8
1%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-1248

Multiple cross-site scripting (XSS) vulnerabilities in built2go News Manager Blog 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) uid, and (3) nid parameters to (a) news.php, and the nid parameter to (b) rating.php.

CVSS2: 4.3
5%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-1247

Multiple PHP remote file inclusion vulnerabilities in aWeb Labs aWebNews 1.5 allow remote attackers to execute arbitrary PHP code via a URL in the path_to_news parameter to (1) listing.php or (2) visview.php.

CVSS2: 6.8
6%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-1246

The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than CVE-2007-1387.

CVSS2: 7.6
9%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-1245

IrfanView 3.99 allows remote attackers to cause a denial of service (application crash) via a malformed WMF file.

CVSS2: 4.3
1%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-1244

Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks and steal cookies via the post parameter.

CVSS2: 6.8
8%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-1243

Audins Audiens 3.3 allows remote attackers to bypass authentication and perform certain privileged actions, possibly an uninstall of the product, by calling unistall.php with the values cnf=disinstalla and status=on. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS2: 7.5
5%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-1242

SQL injection vulnerability in system/index.php in Audins Audiens 3.3 allows remote attackers to execute arbitrary SQL commands via the PHPSESSID cookie. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS2: 7.5
0%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-1241

Cross-site scripting (XSS) vulnerability in setup.php in Audins Audiens 3.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS2: 5.8
2%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-1240

Multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS 3.0.3 through 3.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the searchkey parameter to index.php, or the (2) sn or (3) ri parameter to modules/htmlframechat/index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS2: 4.3
2%
Низкий
почти 19 лет назад

Уязвимостей на страницу