Логотип exploitDog
source:"nvd"
Консоль
Логотип exploitDog

exploitDog

source:"nvd"

Количество 331 614

Количество 331 614

nvd логотип

CVE-2007-5607

больше 17 лет назад

Buffer overflow in the RegistryString function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long first argument, a different vulnerability than CVE-2007-5604, CVE-2007-5605, and CVE-2007-5606.

CVSS2: 7.5
EPSS: Средний
nvd логотип

CVE-2007-5606

больше 17 лет назад

Buffer overflow in the MoveFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long argument, a different vulnerability than CVE-2007-5604, CVE-2007-5605, and CVE-2007-5607.

CVSS2: 10
EPSS: Средний
nvd логотип

CVE-2007-5605

больше 17 лет назад

Buffer overflow in the GetFileTime function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long argument, a different vulnerability than CVE-2007-5604, CVE-2007-5606, and CVE-2007-5607.

CVSS2: 9.3
EPSS: Средний
nvd логотип

CVE-2007-5604

больше 17 лет назад

Buffer overflow in the ExtractCab function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long first argument, a different vulnerability than CVE-2007-5605, CVE-2007-5606, and CVE-2007-5607.

CVSS2: 7.5
EPSS: Средний
nvd логотип

CVE-2007-5603

больше 18 лет назад

Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allows remote attackers to execute arbitrary code via a long string in the second argument to the AddRouteEntry method.

CVSS2: 9.3
EPSS: Высокий
nvd логотип

CVE-2007-5602

около 18 лет назад

Multiple stack-based buffer overflows in SwiftView Viewer before 8.3.5, as used by SwiftView and SwiftSend, allow remote attackers to execute arbitrary code via unspecified vectors to the (1) svocx.ocx ActiveX control or the (2) npsview.dll plugin for Mozilla and Firefox.

CVSS2: 10
EPSS: Средний
nvd логотип

CVE-2007-5601

больше 18 лет назад

Stack-based buffer overflow in the Database Component in MPAMedia.dll in RealNetworks RealPlayer 10.5 and 11 beta, and earlier versions including 10, RealOne Player, and RealOne Player 2, allows remote attackers to execute arbitrary code via certain playlist names, as demonstrated via the import method to the IERPCtl ActiveX control in ierpplug.dll.

CVSS2: 9.3
EPSS: Средний
nvd логотип

CVE-2007-5600

больше 18 лет назад

Incomplete blacklist vulnerability in index.php in Artmedic CMS 3.4 and earlier allows remote attackers to execute arbitrary PHP code via a (1) UNC share pathname, or a (2) ftps, (3) ssh2.sftp, or (4) ssh2.scp URL, in the page parameter, for which PHP remote file inclusion is blocked only for http, https, and ftp URLs.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2007-5599

больше 18 лет назад

Multiple PHP remote file inclusion vulnerabilities in awrate 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to (1) 404.php or (2) topbar.php, different vectors than CVE-2006-6368.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2007-5598

больше 18 лет назад

Cross-site scripting (XSS) vulnerability in Weblinks for Drupal 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-5597

больше 18 лет назад

The hook_comments API in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 does not pass publication status, which might allow attackers to bypass access restrictions and trigger e-mail with unpublished comments from some modules, as demonstrated by (1) Organic groups and (2) Subscriptions.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-5596

больше 18 лет назад

The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 places the .html extension on a whitelist, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading .html files.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-5595

больше 18 лет назад

CRLF injection vulnerability in the drupal_goto function in includes/common.inc Drupal 4.7.x before 4.7.8 and 5.x before 5.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

CVSS2: 5.1
EPSS: Низкий
nvd логотип

CVE-2007-5594

больше 18 лет назад

Drupal 5.x before 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote attackers to delete users via a cross-site request forgery (CSRF) attack.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-5593

больше 18 лет назад

install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2007-5592

больше 18 лет назад

Multiple PHP remote file inclusion vulnerabilities in awzMB 4.2 beta 1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the Setting[OPT_includepath] parameter to (1) adminhelp.php; and (2) admin.incl.php, (3) reg.incl.php, (4) help.incl.php, (5) gbook.incl.php, and (6) core/core.incl.php in modules/.

CVSS2: 6.8
EPSS: Средний
nvd логотип

CVE-2007-5591

больше 18 лет назад

The CS1000 signaling server in Nortel Enterprise VoIP-Core-CS 1000M Chassis/Cabinet, Enterprise VoIP-Core-CS 1000E and 1000S, Meridian-Core-Option 11C Chassis and Cabinet, and Meridian-Core-Option 51C, 61C, and 81C allows remote attackers to cause a denial of service (telephony application outage) via a flood of packets to Embedded LAN (ELAN) ports.

CVSS2: 7.8
EPSS: Низкий
nvd логотип

CVE-2007-5590

больше 18 лет назад

Multiple buffer overflows in Miranda before 0.7.1 allow remote attackers to execute arbitrary code via unspecified vectors involving (1) IRC options, (2) Jabber forms, and unspecified aspects of the (3) ICQ and (4) Yahoo! instant messaging functionality. NOTE: some of these details are obtained from third party information.

CVSS2: 6.8
EPSS: Средний
nvd логотип

CVE-2007-5589

больше 18 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and (b) grab_globals.lib.php, (c) display_change_password.lib.php, and (d) common.lib.php in libraries/; and certain input available in PHP_SELF and (2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other vectors related to (3) REQUEST_URI.

CVSS2: 4.3
EPSS: Средний
nvd логотип

CVE-2007-5588

больше 18 лет назад

Cross-site scripting (XSS) vulnerability in mnoGoSearch before 3.2.43 allows remote attackers to inject arbitrary web script or HTML via the t parameter in search.cgi, as reachable from search.htm-dist.

CVSS2: 4.3
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2007-5607

Buffer overflow in the RegistryString function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long first argument, a different vulnerability than CVE-2007-5604, CVE-2007-5605, and CVE-2007-5606.

CVSS2: 7.5
33%
Средний
больше 17 лет назад
nvd логотип
CVE-2007-5606

Buffer overflow in the MoveFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long argument, a different vulnerability than CVE-2007-5604, CVE-2007-5605, and CVE-2007-5607.

CVSS2: 10
26%
Средний
больше 17 лет назад
nvd логотип
CVE-2007-5605

Buffer overflow in the GetFileTime function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long argument, a different vulnerability than CVE-2007-5604, CVE-2007-5606, and CVE-2007-5607.

CVSS2: 9.3
21%
Средний
больше 17 лет назад
nvd логотип
CVE-2007-5604

Buffer overflow in the ExtractCab function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long first argument, a different vulnerability than CVE-2007-5605, CVE-2007-5606, and CVE-2007-5607.

CVSS2: 7.5
34%
Средний
больше 17 лет назад
nvd логотип
CVE-2007-5603

Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allows remote attackers to execute arbitrary code via a long string in the second argument to the AddRouteEntry method.

CVSS2: 9.3
72%
Высокий
больше 18 лет назад
nvd логотип
CVE-2007-5602

Multiple stack-based buffer overflows in SwiftView Viewer before 8.3.5, as used by SwiftView and SwiftSend, allow remote attackers to execute arbitrary code via unspecified vectors to the (1) svocx.ocx ActiveX control or the (2) npsview.dll plugin for Mozilla and Firefox.

CVSS2: 10
30%
Средний
около 18 лет назад
nvd логотип
CVE-2007-5601

Stack-based buffer overflow in the Database Component in MPAMedia.dll in RealNetworks RealPlayer 10.5 and 11 beta, and earlier versions including 10, RealOne Player, and RealOne Player 2, allows remote attackers to execute arbitrary code via certain playlist names, as demonstrated via the import method to the IERPCtl ActiveX control in ierpplug.dll.

CVSS2: 9.3
68%
Средний
больше 18 лет назад
nvd логотип
CVE-2007-5600

Incomplete blacklist vulnerability in index.php in Artmedic CMS 3.4 and earlier allows remote attackers to execute arbitrary PHP code via a (1) UNC share pathname, or a (2) ftps, (3) ssh2.sftp, or (4) ssh2.scp URL, in the page parameter, for which PHP remote file inclusion is blocked only for http, https, and ftp URLs.

CVSS2: 6.8
3%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-5599

Multiple PHP remote file inclusion vulnerabilities in awrate 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to (1) 404.php or (2) topbar.php, different vectors than CVE-2006-6368.

CVSS2: 6.8
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-5598

Cross-site scripting (XSS) vulnerability in Weblinks for Drupal 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS2: 4.3
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-5597

The hook_comments API in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 does not pass publication status, which might allow attackers to bypass access restrictions and trigger e-mail with unpublished comments from some modules, as demonstrated by (1) Organic groups and (2) Subscriptions.

CVSS2: 4.3
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-5596

The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 places the .html extension on a whitelist, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading .html files.

CVSS2: 4.3
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-5595

CRLF injection vulnerability in the drupal_goto function in includes/common.inc Drupal 4.7.x before 4.7.8 and 5.x before 5.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

CVSS2: 5.1
3%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-5594

Drupal 5.x before 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote attackers to delete users via a cross-site request forgery (CSRF) attack.

CVSS2: 4.3
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-5593

install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified.

CVSS2: 6.8
3%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-5592

Multiple PHP remote file inclusion vulnerabilities in awzMB 4.2 beta 1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the Setting[OPT_includepath] parameter to (1) adminhelp.php; and (2) admin.incl.php, (3) reg.incl.php, (4) help.incl.php, (5) gbook.incl.php, and (6) core/core.incl.php in modules/.

CVSS2: 6.8
19%
Средний
больше 18 лет назад
nvd логотип
CVE-2007-5591

The CS1000 signaling server in Nortel Enterprise VoIP-Core-CS 1000M Chassis/Cabinet, Enterprise VoIP-Core-CS 1000E and 1000S, Meridian-Core-Option 11C Chassis and Cabinet, and Meridian-Core-Option 51C, 61C, and 81C allows remote attackers to cause a denial of service (telephony application outage) via a flood of packets to Embedded LAN (ELAN) ports.

CVSS2: 7.8
3%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-5590

Multiple buffer overflows in Miranda before 0.7.1 allow remote attackers to execute arbitrary code via unspecified vectors involving (1) IRC options, (2) Jabber forms, and unspecified aspects of the (3) ICQ and (4) Yahoo! instant messaging functionality. NOTE: some of these details are obtained from third party information.

CVSS2: 6.8
11%
Средний
больше 18 лет назад
nvd логотип
CVE-2007-5589

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and (b) grab_globals.lib.php, (c) display_change_password.lib.php, and (d) common.lib.php in libraries/; and certain input available in PHP_SELF and (2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other vectors related to (3) REQUEST_URI.

CVSS2: 4.3
11%
Средний
больше 18 лет назад
nvd логотип
CVE-2007-5588

Cross-site scripting (XSS) vulnerability in mnoGoSearch before 3.2.43 allows remote attackers to inject arbitrary web script or HTML via the t parameter in search.cgi, as reachable from search.htm-dist.

CVSS2: 4.3
0%
Низкий
больше 18 лет назад

Уязвимостей на страницу