Логотип exploitDog
source:"nvd"
Консоль
Логотип exploitDog

exploitDog

source:"nvd"

Количество 329 569

Количество 329 569

nvd логотип

CVE-2007-2724

больше 18 лет назад

Cross-site scripting (XSS) vulnerability in all_photos.html in fotolog allows remote attackers to inject arbitrary web script or HTML via the user parameter.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-2723

больше 18 лет назад

Media Player Classic 6.4.9.0 allows user-assisted remote attackers to cause a denial of service (web browser crash) via an "empty" .MPA file, which triggers a divide-by-zero error.

CVSS3: 5.5
EPSS: Низкий
nvd логотип

CVE-2007-2722

больше 18 лет назад

Unspecified vulnerability in NewzCrawler 1.8 allows remote attackers to cause a denial of service (application instability) via certain invalid strings in the URL attribute of an ENCLOSURE element, as demonstrated by a "%s" sequence, a "%Y" sequence, a "%%" sequence, and an "n," sequence.

CVSS2: 7.8
EPSS: Низкий
nvd логотип

CVE-2007-2721

больше 18 лет назад

The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-2720

больше 18 лет назад

Group-Office before 2.16-13 does not properly validate user IDs, which allows remote attackers to obtain sensitive information via certain requests for (1) message.php and (2) messages.php in modules/email/. NOTE: some of these details are obtained from third party information.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-2719

больше 18 лет назад

Session fixation vulnerability in HP Systems Insight Manager (SIM) 4.2 and 5.0 SP4 and SP5 allows remote attackers to hijack web sessions by setting the JSESSIONID cookie.

CVSS2: 10
EPSS: Низкий
nvd логотип

CVE-2007-2718

больше 18 лет назад

Cross-site scripting (XSS) vulnerability in the WebMail system in Stalker CommuniGate Pro 5.1.8 and earlier, when using Microsoft Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via crafted STYLE tags.

CVSS2: 4.3
EPSS: Средний
nvd логотип

CVE-2007-2717

больше 18 лет назад

SQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the type_id[] parameter, a different vector than CVE-2005-0537.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2716

больше 18 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in EQdkp 1.3.2c and earlier allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) listmembers.php and (2) stats.php. NOTE: some of these details are obtained from third party information.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2007-2715

больше 18 лет назад

Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers to change arbitrary usernames and passwords via the (1) username, or the (2) password and password2 parameters in an edit action.

CVSS2: 10
EPSS: Низкий
nvd логотип

CVE-2007-2714

больше 18 лет назад

Unspecified vulnerability in akismet.php in Matt Mullenweg Akismet before 2.0.2, a WordPress plugin, has unknown impact and attack vectors.

CVSS2: 10
EPSS: Средний
nvd логотип

CVE-2007-2713

больше 18 лет назад

ifdate 2.x sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request for the admin/ URI.

CVSS2: 10
EPSS: Низкий
nvd логотип

CVE-2007-2712

больше 18 лет назад

Unspecified vulnerability in MH Software Connect Daily before 3.3.3 has unknown impact and attack vectors.

CVSS2: 10
EPSS: Низкий
nvd логотип

CVE-2007-2711

больше 18 лет назад

Stack-based buffer overflow in TinyIdentD 2.2 and earlier allows remote attackers to execute arbitrary code via a long string to TCP port 113.

CVSS2: 10
EPSS: Высокий
nvd логотип

CVE-2007-2710

больше 18 лет назад

PHP remote file inclusion vulnerability in functions/prepend_adm.php in NagiosQL 2.00-P00 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SETS[path][IT] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2709

больше 18 лет назад

PHP remote file inclusion vulnerability in functions/prepend_adm.php in NagiosQL 2005 2.00 allows remote attackers to execute arbitrary PHP code via a URL in the SETS[path][physical] parameter.

CVSS2: 7.5
EPSS: Средний
nvd логотип

CVE-2007-2708

больше 18 лет назад

PHP remote file inclusion vulnerability in newsadmin.php in Feindt Computerservice News (News-Script) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.

CVSS2: 7.5
EPSS: Высокий
nvd логотип

CVE-2007-2707

больше 18 лет назад

PHP remote file inclusion vulnerability in linksnet_linkslog_rss.php in Linksnet Newsfeed 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dirpath_linksnet_newsfeed parameter.

CVSS2: 6.8
EPSS: Высокий
nvd логотип

CVE-2007-2706

больше 18 лет назад

PHP remote file inclusion vulnerability in maint/ftpmedia.php in Media Gallery 1.4.8a and earlier for Geeklog allows remote attackers to execute arbitrary PHP code via a URL in the _MG_CONF[path_html] parameter.

CVSS2: 7.5
EPSS: Средний
nvd логотип

CVE-2007-2705

больше 18 лет назад

Directory traversal vulnerability in the Test View Console in BEA WebLogic Integration 9.2 before SP1 and WebLogic Workshop 8.1 SP2 through SP6, when "deployed in an exploded format," allows remote attackers to list a WebLogic Workshop Directory (wlwdir) parent directory via unspecified vectors.

CVSS2: 7.8
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2007-2724

Cross-site scripting (XSS) vulnerability in all_photos.html in fotolog allows remote attackers to inject arbitrary web script or HTML via the user parameter.

CVSS2: 4.3
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-2723

Media Player Classic 6.4.9.0 allows user-assisted remote attackers to cause a denial of service (web browser crash) via an "empty" .MPA file, which triggers a divide-by-zero error.

CVSS3: 5.5
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-2722

Unspecified vulnerability in NewzCrawler 1.8 allows remote attackers to cause a denial of service (application instability) via certain invalid strings in the URL attribute of an ENCLOSURE element, as demonstrated by a "%s" sequence, a "%Y" sequence, a "%%" sequence, and an "n," sequence.

CVSS2: 7.8
6%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-2721

The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert.

CVSS2: 4.3
8%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-2720

Group-Office before 2.16-13 does not properly validate user IDs, which allows remote attackers to obtain sensitive information via certain requests for (1) message.php and (2) messages.php in modules/email/. NOTE: some of these details are obtained from third party information.

CVSS2: 4.3
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-2719

Session fixation vulnerability in HP Systems Insight Manager (SIM) 4.2 and 5.0 SP4 and SP5 allows remote attackers to hijack web sessions by setting the JSESSIONID cookie.

CVSS2: 10
7%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-2718

Cross-site scripting (XSS) vulnerability in the WebMail system in Stalker CommuniGate Pro 5.1.8 and earlier, when using Microsoft Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via crafted STYLE tags.

CVSS2: 4.3
29%
Средний
больше 18 лет назад
nvd логотип
CVE-2007-2717

SQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the type_id[] parameter, a different vector than CVE-2005-0537.

CVSS2: 7.5
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-2716

Multiple cross-site scripting (XSS) vulnerabilities in EQdkp 1.3.2c and earlier allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) listmembers.php and (2) stats.php. NOTE: some of these details are obtained from third party information.

CVSS2: 6.8
4%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-2715

Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers to change arbitrary usernames and passwords via the (1) username, or the (2) password and password2 parameters in an edit action.

CVSS2: 10
7%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-2714

Unspecified vulnerability in akismet.php in Matt Mullenweg Akismet before 2.0.2, a WordPress plugin, has unknown impact and attack vectors.

CVSS2: 10
15%
Средний
больше 18 лет назад
nvd логотип
CVE-2007-2713

ifdate 2.x sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request for the admin/ URI.

CVSS2: 10
3%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-2712

Unspecified vulnerability in MH Software Connect Daily before 3.3.3 has unknown impact and attack vectors.

CVSS2: 10
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-2711

Stack-based buffer overflow in TinyIdentD 2.2 and earlier allows remote attackers to execute arbitrary code via a long string to TCP port 113.

CVSS2: 10
82%
Высокий
больше 18 лет назад
nvd логотип
CVE-2007-2710

PHP remote file inclusion vulnerability in functions/prepend_adm.php in NagiosQL 2.00-P00 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SETS[path][IT] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS2: 7.5
2%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-2709

PHP remote file inclusion vulnerability in functions/prepend_adm.php in NagiosQL 2005 2.00 allows remote attackers to execute arbitrary PHP code via a URL in the SETS[path][physical] parameter.

CVSS2: 7.5
16%
Средний
больше 18 лет назад
nvd логотип
CVE-2007-2708

PHP remote file inclusion vulnerability in newsadmin.php in Feindt Computerservice News (News-Script) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.

CVSS2: 7.5
74%
Высокий
больше 18 лет назад
nvd логотип
CVE-2007-2707

PHP remote file inclusion vulnerability in linksnet_linkslog_rss.php in Linksnet Newsfeed 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dirpath_linksnet_newsfeed parameter.

CVSS2: 6.8
86%
Высокий
больше 18 лет назад
nvd логотип
CVE-2007-2706

PHP remote file inclusion vulnerability in maint/ftpmedia.php in Media Gallery 1.4.8a and earlier for Geeklog allows remote attackers to execute arbitrary PHP code via a URL in the _MG_CONF[path_html] parameter.

CVSS2: 7.5
10%
Средний
больше 18 лет назад
nvd логотип
CVE-2007-2705

Directory traversal vulnerability in the Test View Console in BEA WebLogic Integration 9.2 before SP1 and WebLogic Workshop 8.1 SP2 through SP6, when "deployed in an exploded format," allows remote attackers to list a WebLogic Workshop Directory (wlwdir) parent directory via unspecified vectors.

CVSS2: 7.8
1%
Низкий
больше 18 лет назад

Уязвимостей на страницу