Логотип exploitDog
source:"nvd"
Консоль
Логотип exploitDog

exploitDog

source:"nvd"

Количество 331 614

Количество 331 614

nvd логотип

CVE-2007-3702

больше 18 лет назад

Directory traversal vulnerability in the load function in cgi-bin/mail/mailmachine.cgi in Mail Machine 3.989 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the archives parameter in a Load action.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2007-3701

больше 18 лет назад

TippingPoint IPS before 20070710 does not properly handle a hex-encoded alternate Unicode '/' (slash) character, which might allow remote attackers to send certain network traffic and avoid detection, as demonstrated by a cmd.exe attack.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-3700

больше 18 лет назад

Sun Java System Access Manager (formerly Java System Identity Server) before 20070710, when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.properties, logs cleartext login passwords, which allows local users to gain privileges by reading /var/opt/SUNWam/debug/amAuth.

CVSS2: 1.7
EPSS: Низкий
nvd логотип

CVE-2007-3699

больше 18 лет назад

The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header.

CVSS2: 9.3
EPSS: Низкий
nvd логотип

CVE-2007-3698

больше 18 лет назад

The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests.

CVSS2: 7.8
EPSS: Средний
nvd логотип

CVE-2007-3697

больше 18 лет назад

PHP remote file inclusion vulnerability in phpbb/sendmsg.php in FlashBB 1.1.8 and earlier allows remote attackers to execute arbitrary code via a URL in the phpbb_root_path parameter.

CVSS2: 7.5
EPSS: Средний
nvd логотип

CVE-2007-3696

больше 18 лет назад

CA ERwin Data Model Validator (formerly AllFusion Data Model Validator) allows remote attackers to (1) cause a denial of service (application hang) via a malformed .EXP database file and (2) cause a denial of service (aaplication crash) via a crafted .EXP database file, which triggers a NULL dereference.

CVSS2: 7.8
EPSS: Низкий
nvd логотип

CVE-2007-3695

больше 18 лет назад

Buffer overflow in LICRCMD.EXE in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.1 allows attackers to execute arbitrary code via a long filename. NOTE: the researcher does not suggest any circumstances in which the filename would come from an untrusted source, and therefore perhaps the issue does not cross privilege boundaries and should not be included in CVE.

CVSS2: 10
EPSS: Низкий
nvd логотип

CVE-2007-3694

около 18 лет назад

Cross-site scripting (XSS) vulnerability in login.php in Miro Project Broadcast Machine 0.9.9.9 allows remote attackers to inject arbitrary web script or HTML via the username parameter.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-3693

больше 18 лет назад

Cross-site scripting (XSS) vulnerability in Gobi as of 20070711, built on Helma, allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search function.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-3692

больше 18 лет назад

Directory traversal vulnerability in download.cgi in EZFactory KDDI Download CGI 1.x allows remote attackers to read and download arbitrary files via a .. (dot dot) in the name parameter.

CVSS2: 7.8
EPSS: Низкий
nvd логотип

CVE-2007-3691

больше 18 лет назад

Multiple SQL injection vulnerabilities in changePW.php in AV Tutorial Script (avtutorial) 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) userid parameters, a different issue than CVE-2007-3630.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2007-3690

больше 18 лет назад

The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments.

CVSS2: 7.8
EPSS: Низкий
nvd логотип

CVE-2007-3689

больше 18 лет назад

The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments.

CVSS2: 7.8
EPSS: Низкий
nvd логотип

CVE-2007-3688

больше 18 лет назад

Multiple cross-site request forgery (CSRF) vulnerabilities in DotClear 1.2.6 allow remote attackers to perform actions as arbitrary users via the (1) tool_url parameter to ecrire/tools.php and multiple fields on the (2) blogconf, (3) blogroll, (4) ecrire/redacteur.php, and (5) ecrire/user_prefs.php pages.

CVSS2: 2.6
EPSS: Низкий
nvd логотип

CVE-2007-3687

больше 18 лет назад

SQL injection vulnerability in inferno.php in the Inferno Technologies RPG Inferno 2.4 and earlier, a vBulletin module, allows remote authenticated attackers to execute arbitrary SQL commands via the id parameter in a ScanMember do action.

CVSS2: 6.5
EPSS: Низкий
nvd логотип

CVE-2007-3686

больше 18 лет назад

CRLF injection vulnerability in db.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary HTTP headers and data via CRLF sequences in the HTTP_REFERER parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-3685

больше 18 лет назад

Cross-site scripting (XSS) vulnerability in rpc.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

CVSS2: 2.6
EPSS: Низкий
nvd логотип

CVE-2007-3684

больше 18 лет назад

Multiple SQL injection vulnerabilities in Unobtrusive Ajax Star Rating Bar before 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) q and (2) t parameters in (a) db.php and (b) rpc.php.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-3683

больше 18 лет назад

SQL injection vulnerability in pagetopic.php in Aigaion 1.3.3 and earlier allows remote attackers to execute arbitrary SQL commands via the topic_id parameter.

CVSS2: 7.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2007-3702

Directory traversal vulnerability in the load function in cgi-bin/mail/mailmachine.cgi in Mail Machine 3.989 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the archives parameter in a Load action.

CVSS2: 5
8%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3701

TippingPoint IPS before 20070710 does not properly handle a hex-encoded alternate Unicode '/' (slash) character, which might allow remote attackers to send certain network traffic and avoid detection, as demonstrated by a cmd.exe attack.

CVSS2: 7.5
9%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3700

Sun Java System Access Manager (formerly Java System Identity Server) before 20070710, when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.properties, logs cleartext login passwords, which allows local users to gain privileges by reading /var/opt/SUNWam/debug/amAuth.

CVSS2: 1.7
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3699

The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header.

CVSS2: 9.3
2%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3698

The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests.

CVSS2: 7.8
17%
Средний
больше 18 лет назад
nvd логотип
CVE-2007-3697

PHP remote file inclusion vulnerability in phpbb/sendmsg.php in FlashBB 1.1.8 and earlier allows remote attackers to execute arbitrary code via a URL in the phpbb_root_path parameter.

CVSS2: 7.5
11%
Средний
больше 18 лет назад
nvd логотип
CVE-2007-3696

CA ERwin Data Model Validator (formerly AllFusion Data Model Validator) allows remote attackers to (1) cause a denial of service (application hang) via a malformed .EXP database file and (2) cause a denial of service (aaplication crash) via a crafted .EXP database file, which triggers a NULL dereference.

CVSS2: 7.8
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3695

Buffer overflow in LICRCMD.EXE in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.1 allows attackers to execute arbitrary code via a long filename. NOTE: the researcher does not suggest any circumstances in which the filename would come from an untrusted source, and therefore perhaps the issue does not cross privilege boundaries and should not be included in CVE.

CVSS2: 10
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3694

Cross-site scripting (XSS) vulnerability in login.php in Miro Project Broadcast Machine 0.9.9.9 allows remote attackers to inject arbitrary web script or HTML via the username parameter.

CVSS2: 4.3
2%
Низкий
около 18 лет назад
nvd логотип
CVE-2007-3693

Cross-site scripting (XSS) vulnerability in Gobi as of 20070711, built on Helma, allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search function.

CVSS2: 4.3
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3692

Directory traversal vulnerability in download.cgi in EZFactory KDDI Download CGI 1.x allows remote attackers to read and download arbitrary files via a .. (dot dot) in the name parameter.

CVSS2: 7.8
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3691

Multiple SQL injection vulnerabilities in changePW.php in AV Tutorial Script (avtutorial) 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) userid parameters, a different issue than CVE-2007-3630.

CVSS2: 6.8
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3690

The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments.

CVSS2: 7.8
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3689

The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments.

CVSS2: 7.8
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3688

Multiple cross-site request forgery (CSRF) vulnerabilities in DotClear 1.2.6 allow remote attackers to perform actions as arbitrary users via the (1) tool_url parameter to ecrire/tools.php and multiple fields on the (2) blogconf, (3) blogroll, (4) ecrire/redacteur.php, and (5) ecrire/user_prefs.php pages.

CVSS2: 2.6
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3687

SQL injection vulnerability in inferno.php in the Inferno Technologies RPG Inferno 2.4 and earlier, a vBulletin module, allows remote authenticated attackers to execute arbitrary SQL commands via the id parameter in a ScanMember do action.

CVSS2: 6.5
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3686

CRLF injection vulnerability in db.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary HTTP headers and data via CRLF sequences in the HTTP_REFERER parameter.

CVSS2: 7.5
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3685

Cross-site scripting (XSS) vulnerability in rpc.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

CVSS2: 2.6
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3684

Multiple SQL injection vulnerabilities in Unobtrusive Ajax Star Rating Bar before 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) q and (2) t parameters in (a) db.php and (b) rpc.php.

CVSS2: 7.5
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3683

SQL injection vulnerability in pagetopic.php in Aigaion 1.3.3 and earlier allows remote attackers to execute arbitrary SQL commands via the topic_id parameter.

CVSS2: 7.5
1%
Низкий
больше 18 лет назад

Уязвимостей на страницу