Логотип exploitDog
source:"nvd"
Консоль
Логотип exploitDog

exploitDog

source:"nvd"

Количество 331 614

Количество 331 614

nvd логотип

CVE-2007-5800

больше 18 лет назад

Multiple PHP remote file inclusion vulnerabilities in the BackUpWordPress 0.4.2b and earlier plugin for WordPress allow remote attackers to execute arbitrary PHP code via a URL in the bkpwp_plugin_path parameter to (1) plugins/BackUp/Archive.php; and (2) Predicate.php, (3) Writer.php, (4) Reader.php, and other unspecified scripts under plugins/BackUp/Archive/.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2007-5799

больше 18 лет назад

Multiple cross-site request forgery (CSRF) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to perform some actions as WAS UDDI users via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-5798

больше 18 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to inject arbitrary web script or HTML via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-5797

больше 18 лет назад

SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-5796

больше 18 лет назад

Cross-site scripting (XSS) vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-5795

больше 18 лет назад

The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration.

CVSS2: 6.3
EPSS: Низкий
nvd логотип

CVE-2007-5794

около 18 лет назад

Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-5793

больше 18 лет назад

Stonesoft StoneGate IPS before 4.0 does not properly decode Fullwidth/Halfwidth Unicode encoded data, which makes it easier for remote attackers to scan or penetrate systems and avoid detection.

CVSS2: 7.1
EPSS: Низкий
nvd логотип

CVE-2007-5792

больше 18 лет назад

The Vonage Motorola Phone Adapter VT 2142-VD does not encrypt RTP packets, which might allow remote attackers to eavesdrop by sniffing the network and reconstructing the RTP session.

CVSS2: 7.1
EPSS: Низкий
nvd логотип

CVE-2007-5791

больше 18 лет назад

The Vonage Motorola Phone Adapter VT 2142-VD does not properly verify that a SIP INVITE message originated from a legitimate server, which allows remote attackers to send spoofed INVITE messages, as demonstrated by a flood of messages triggering a denial of service, and by phone calls with malicious content.

CVSS2: 10
EPSS: Низкий
nvd логотип

CVE-2007-5790

больше 18 лет назад

The Globe7 soft phone client 7.3 uses weak cryptography (reversed sequence of binary values) for the password, which might allow local users to obtain sensitive information.

CVSS2: 2.1
EPSS: Низкий
nvd логотип

CVE-2007-5789

больше 18 лет назад

The Grandstream HT-488 0.1 allows remote attackers to cause a denial of service (device crash) via a flood of fragmented packets to port 5060.

CVSS2: 7.8
EPSS: Низкий
nvd логотип

CVE-2007-5788

больше 18 лет назад

Buffer overflow in the SIP parser on the Grandstream HT-488 0.1 allows remote attackers to cause a denial of service (device crash) via a crafted SIP INVITE message.

CVSS2: 7.1
EPSS: Низкий
nvd логотип

CVE-2007-5787

больше 18 лет назад

Micro Login System 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a password via a direct request for userpwd.txt.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2007-5786

больше 18 лет назад

Multiple PHP remote file inclusion vulnerabilities in GoSamba 1.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) HTML_oben.php, (2) inc_freigabe.php, (3) inc_freigabe1.php, or (4) inc_freigabe3.php in include/; (5) inc_group.php; (6) inc_manager.php; (7) inc_newgroup.php; (8) inc_smb_conf.php; (9) inc_user.php; or (10) main.php.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-5785

больше 18 лет назад

SQL injection vulnerability in file.php in JobSite Professional 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-5784

больше 18 лет назад

PHP remote file inclusion vulnerability in index.php in CaupoShop Pro 2.x allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2007-5783

больше 18 лет назад

SQL injection vulnerability in emc.asp in emagiC CMS.Net 4.0 allows remote attackers to execute arbitrary SQL commands via the pageId parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-5782

больше 18 лет назад

Directory traversal vulnerability in dl.php in FireConfig 0.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2007-5781

больше 18 лет назад

PHP remote file inclusion vulnerability in inc/sige_init.php in Sige 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the SYS_PATH parameter.

CVSS2: 6.8
EPSS: Средний

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2007-5800

Multiple PHP remote file inclusion vulnerabilities in the BackUpWordPress 0.4.2b and earlier plugin for WordPress allow remote attackers to execute arbitrary PHP code via a URL in the bkpwp_plugin_path parameter to (1) plugins/BackUp/Archive.php; and (2) Predicate.php, (3) Writer.php, (4) Reader.php, and other unspecified scripts under plugins/BackUp/Archive/.

CVSS2: 6.8
6%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-5799

Multiple cross-site request forgery (CSRF) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to perform some actions as WAS UDDI users via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters.

CVSS2: 4.3
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-5798

Multiple cross-site scripting (XSS) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to inject arbitrary web script or HTML via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters.

CVSS2: 4.3
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-5797

SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.

CVSS2: 7.5
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-5796

Cross-site scripting (XSS) vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists.

CVSS2: 4.3
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-5795

The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration.

CVSS2: 6.3
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-5794

Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.

CVSS2: 4.3
2%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-5793

Stonesoft StoneGate IPS before 4.0 does not properly decode Fullwidth/Halfwidth Unicode encoded data, which makes it easier for remote attackers to scan or penetrate systems and avoid detection.

CVSS2: 7.1
4%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-5792

The Vonage Motorola Phone Adapter VT 2142-VD does not encrypt RTP packets, which might allow remote attackers to eavesdrop by sniffing the network and reconstructing the RTP session.

CVSS2: 7.1
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-5791

The Vonage Motorola Phone Adapter VT 2142-VD does not properly verify that a SIP INVITE message originated from a legitimate server, which allows remote attackers to send spoofed INVITE messages, as demonstrated by a flood of messages triggering a denial of service, and by phone calls with malicious content.

CVSS2: 10
4%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-5790

The Globe7 soft phone client 7.3 uses weak cryptography (reversed sequence of binary values) for the password, which might allow local users to obtain sensitive information.

CVSS2: 2.1
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-5789

The Grandstream HT-488 0.1 allows remote attackers to cause a denial of service (device crash) via a flood of fragmented packets to port 5060.

CVSS2: 7.8
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-5788

Buffer overflow in the SIP parser on the Grandstream HT-488 0.1 allows remote attackers to cause a denial of service (device crash) via a crafted SIP INVITE message.

CVSS2: 7.1
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-5787

Micro Login System 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a password via a direct request for userpwd.txt.

CVSS2: 5
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-5786

Multiple PHP remote file inclusion vulnerabilities in GoSamba 1.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) HTML_oben.php, (2) inc_freigabe.php, (3) inc_freigabe1.php, or (4) inc_freigabe3.php in include/; (5) inc_group.php; (6) inc_manager.php; (7) inc_newgroup.php; (8) inc_smb_conf.php; (9) inc_user.php; or (10) main.php.

CVSS2: 7.5
3%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-5785

SQL injection vulnerability in file.php in JobSite Professional 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS2: 7.5
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-5784

PHP remote file inclusion vulnerability in index.php in CaupoShop Pro 2.x allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.

CVSS2: 6.8
3%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-5783

SQL injection vulnerability in emc.asp in emagiC CMS.Net 4.0 allows remote attackers to execute arbitrary SQL commands via the pageId parameter.

CVSS2: 7.5
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-5782

Directory traversal vulnerability in dl.php in FireConfig 0.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

CVSS2: 5
4%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-5781

PHP remote file inclusion vulnerability in inc/sige_init.php in Sige 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the SYS_PATH parameter.

CVSS2: 6.8
58%
Средний
больше 18 лет назад

Уязвимостей на страницу