Количество 331 614
Количество 331 614
CVE-2007-4054
SQL injection vulnerability in category.php in PHP123 Top Sites allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2007-4053
SQL injection vulnerability in include/img_view.class.php in LinPHA 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the order parameter to new_images.php.
CVE-2007-4052
Cross-site scripting (XSS) vulnerability in utilities/login.asp in nukedit 4.9.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-4051
Heap-based buffer overflow in the FindFiles function in UltraDefrag 1.0.3 allows local users to gain privileges via a file with a long pathname. NOTE: some of these details are obtained from third party information.
CVE-2007-4050
Unspecified vulnerability in WebUI in ADempiere Bazaar before 3.3 beta Victoria edition allows remote attackers to access system-level windows via unspecified vectors.
CVE-2007-4049
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2000-1205. Reason: This candidate is a duplicate of CVE-2000-1205. Notes: All CVE users should reference CVE-2000-1205 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
CVE-2007-4048
Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo 2.5.4-dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2007-4047
geoBlog (aka BitDamaged) 1 does not require authentication for (1) deletecomment.php, (2) deleteblog.php, and (3) listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request with a valid id parameter.
CVE-2007-4046
SQL injection vulnerability in index.php in the Pony Gallery (com_ponygallery) 1.5 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2007-4045
The CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial of service via unspecified vectors related to an incomplete fix for CVE-2007-0720 that introduced a different denial of service problem in SSL negotiation.
CVE-2007-4044
Rejected reason: The MS-RPC functionality in smbd in Samba 3 on SUSE Linux before 20070720 does not include "one character in the shell escape handling." NOTE: this issue was originally characterized as a shell metacharacter issue due to an incomplete fix for CVE-2007-2447, which was interpreted by CVE to be security relevant. However, SUSE and Red Hat have disputed the problem, stating that the only impact is that scripts will not be executed if they have a "c" in their name, but even this limitation might not exist. This does not have security implications, so should not be included in CVE
CVE-2007-4043
file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence. NOTE: a separate traversal vulnerability could be leveraged to download arbitrary files.
CVE-2007-4042
Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.
CVE-2007-4041
Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.
CVE-2007-4040
Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.
CVE-2007-4039
Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.
CVE-2007-4038
Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, when running on systems with Thunderbird 1.5 installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking Thunderbird.exe, a similar issue to CVE-2007-3670.
CVE-2007-4037
Guidance Software EnCase allows user-assisted attackers to trigger a buffer over-read and application crash via a malformed NTFS filesystem containing a modified FILE record with a certain large offset. NOTE: the vendor disputes the significance of this issue, asserting that relevant attackers typically do not corrupt a filesystem, and indicating that the relevant read operation can be disabled
CVE-2007-4036
Guidance Software EnCase allows user-assisted remote attackers to cause a denial of service via (1) a corrupted Microsoft Exchange database, which triggers an application crash when many options are selected; (2) a corrupted NTFS filesystem, which causes the application to report "memory allocation errors;" or (3) deeply nested directories, which trigger an application crash during an Expand All action. NOTE: the vendor disputes the significance of these vectors because the user can select fewer options, there is no operational impact, or the user can do less expansion
CVE-2007-4035
Guidance Software EnCase does not properly handle (1) certain malformed MBR partition tables with many entries, which allows remote attackers to prevent logical collection of a disk image; (2) NTFS filesystems with directory loops, which allows remote attackers to prevent examination of certain directory contents; and (3) certain other malformed NTFS filesystems, which allows remote attackers to prevent examination of corrupted records. NOTE: the vendor disputes the significance of these issues, because physical collection can be used instead, because the vendor believes that relevant attackers typically do not corrupt an MBR or a filesystem, and because detection of a loop is valuable on its own
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
CVE-2007-4054 SQL injection vulnerability in category.php in PHP123 Top Sites allows remote attackers to execute arbitrary SQL commands via the cat parameter. | CVSS2: 7.5 | 1% Низкий | больше 18 лет назад | |
CVE-2007-4053 SQL injection vulnerability in include/img_view.class.php in LinPHA 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the order parameter to new_images.php. | CVSS2: 7.5 | 1% Низкий | больше 18 лет назад | |
CVE-2007-4052 Cross-site scripting (XSS) vulnerability in utilities/login.asp in nukedit 4.9.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | CVSS2: 4.3 | 1% Низкий | больше 18 лет назад | |
CVE-2007-4051 Heap-based buffer overflow in the FindFiles function in UltraDefrag 1.0.3 allows local users to gain privileges via a file with a long pathname. NOTE: some of these details are obtained from third party information. | CVSS2: 4.6 | 0% Низкий | больше 18 лет назад | |
CVE-2007-4050 Unspecified vulnerability in WebUI in ADempiere Bazaar before 3.3 beta Victoria edition allows remote attackers to access system-level windows via unspecified vectors. | CVSS2: 10 | 3% Низкий | больше 18 лет назад | |
CVE-2007-4049 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2000-1205. Reason: This candidate is a duplicate of CVE-2000-1205. Notes: All CVE users should reference CVE-2000-1205 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | больше 18 лет назад | |||
CVE-2007-4048 Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo 2.5.4-dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | CVSS2: 4.3 | 1% Низкий | больше 18 лет назад | |
CVE-2007-4047 geoBlog (aka BitDamaged) 1 does not require authentication for (1) deletecomment.php, (2) deleteblog.php, and (3) listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request with a valid id parameter. | CVSS2: 6.4 | 21% Средний | больше 18 лет назад | |
CVE-2007-4046 SQL injection vulnerability in index.php in the Pony Gallery (com_ponygallery) 1.5 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter. | CVSS2: 7.5 | 0% Низкий | больше 18 лет назад | |
CVE-2007-4045 The CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial of service via unspecified vectors related to an incomplete fix for CVE-2007-0720 that introduced a different denial of service problem in SSL negotiation. | CVSS2: 5 | 3% Низкий | больше 18 лет назад | |
CVE-2007-4044 Rejected reason: The MS-RPC functionality in smbd in Samba 3 on SUSE Linux before 20070720 does not include "one character in the shell escape handling." NOTE: this issue was originally characterized as a shell metacharacter issue due to an incomplete fix for CVE-2007-2447, which was interpreted by CVE to be security relevant. However, SUSE and Red Hat have disputed the problem, stating that the only impact is that scripts will not be executed if they have a "c" in their name, but even this limitation might not exist. This does not have security implications, so should not be included in CVE | больше 18 лет назад | |||
CVE-2007-4043 file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence. NOTE: a separate traversal vulnerability could be leveraged to download arbitrary files. | CVSS3: 9.8 | 1% Низкий | больше 18 лет назад | |
CVE-2007-4042 Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670. | CVSS2: 7.5 | 4% Низкий | больше 18 лет назад | |
CVE-2007-4041 Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670. | CVSS2: 6.8 | 11% Средний | больше 18 лет назад | |
CVE-2007-4040 Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670. | CVSS3: 8.8 | 17% Средний | больше 18 лет назад | |
CVE-2007-4039 Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670. | CVSS3: 9.8 | 0% Низкий | больше 18 лет назад | |
CVE-2007-4038 Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, when running on systems with Thunderbird 1.5 installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking Thunderbird.exe, a similar issue to CVE-2007-3670. | CVSS2: 4.3 | 0% Низкий | больше 18 лет назад | |
CVE-2007-4037 Guidance Software EnCase allows user-assisted attackers to trigger a buffer over-read and application crash via a malformed NTFS filesystem containing a modified FILE record with a certain large offset. NOTE: the vendor disputes the significance of this issue, asserting that relevant attackers typically do not corrupt a filesystem, and indicating that the relevant read operation can be disabled | CVSS2: 4.3 | 1% Низкий | больше 18 лет назад | |
CVE-2007-4036 Guidance Software EnCase allows user-assisted remote attackers to cause a denial of service via (1) a corrupted Microsoft Exchange database, which triggers an application crash when many options are selected; (2) a corrupted NTFS filesystem, which causes the application to report "memory allocation errors;" or (3) deeply nested directories, which trigger an application crash during an Expand All action. NOTE: the vendor disputes the significance of these vectors because the user can select fewer options, there is no operational impact, or the user can do less expansion | CVSS2: 4.3 | 1% Низкий | больше 18 лет назад | |
CVE-2007-4035 Guidance Software EnCase does not properly handle (1) certain malformed MBR partition tables with many entries, which allows remote attackers to prevent logical collection of a disk image; (2) NTFS filesystems with directory loops, which allows remote attackers to prevent examination of certain directory contents; and (3) certain other malformed NTFS filesystems, which allows remote attackers to prevent examination of corrupted records. NOTE: the vendor disputes the significance of these issues, because physical collection can be used instead, because the vendor believes that relevant attackers typically do not corrupt an MBR or a filesystem, and because detection of a loop is valuable on its own | CVSS2: 5 | 1% Низкий | больше 18 лет назад |
Уязвимостей на страницу