Логотип exploitDog
source:"nvd"
Консоль
Логотип exploitDog

exploitDog

source:"nvd"

Количество 331 703

Количество 331 703

nvd логотип

CVE-2007-3448

больше 18 лет назад

Cross-site scripting (XSS) vulnerability in index.php in BugMall Shopping Cart 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the msgs parameter. NOTE: 4.0.2 and other versions might also be affected.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-3447

больше 18 лет назад

SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the "basic search box." NOTE: 4.0.2 and other versions might also be affected.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2007-3446

больше 18 лет назад

BugMall Shopping Cart 2.5 and earlier has a default username "demo" and password "demo," which allows remote attackers to obtain login access.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-3445

больше 18 лет назад

Buffer overflow in SJ Labs SJphone 1.60.303c, running under Windows Mobile 2003 on the Samsung SCH-i730 phone, allows remote attackers to cause a denial of service (device hang and call termination) via a malformed SIP INVITE message, a different vulnerability than CVE-2007-3351.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-3444

больше 18 лет назад

The Research in Motion BlackBerry 7270 with 4.0 SP1 Bundle 83 allows remote attackers to cause a denial of service (blocked call reception) via a malformed SIP invite message, possibly related to multiple format string specifiers in the From field, a spoofed source IP address, and limitations of the function stack frame.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-3443

больше 18 лет назад

The Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 does not properly manage transaction states, which allows remote attackers to cause a denial of service (temporary device hang) by sending a certain SIP INVITE message, but not providing an ACK when the call is answered.

CVSS2: 2.3
EPSS: Низкий
nvd логотип

CVE-2007-3442

больше 18 лет назад

Format string vulnerability on the Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 allows remote attackers to cause a denial of service (blocked call reception and calling) via format string specifiers in an SIP INVITE message that lacks a host name in the Contact header.

CVSS2: 2.3
EPSS: Низкий
nvd логотип

CVE-2007-3441

больше 18 лет назад

Format string vulnerability in the Aastra 9112i SIP Phone with firmware 1.4.0.1048 and boot version 1.1.0.10 allows remote attackers to cause a denial of service (blocked call reception and slow calling) via format string specifiers in an SDP header value, a different vulnerability than CVE-2007-3349.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2007-3440

больше 18 лет назад

The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, and snom320 jffs23.36, allows remote attackers to place calls to arbitrary phone numbers via certain requests to the web server on port 1800.

CVSS2: 6.4
EPSS: Низкий
nvd логотип

CVE-2007-3439

больше 18 лет назад

The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, and snom320 jffs23.36, allows remote attackers to read a list of missed calls, received calls, and dialed numbers via a direct request to the web server on port 1800.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2007-3438

больше 18 лет назад

Buffer overflow in the SIP header parsing module in the Nortel PC Client SIP Soft Phone 4.1 3.5.208[20051015] allows remote attackers to execute arbitrary code via a malformed message, a different vulnerability than CVE-2007-3361.

CVSS2: 7.8
EPSS: Низкий
nvd логотип

CVE-2007-3437

больше 18 лет назад

AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application crash) via a malformed header value in a SIP INVITE message, a different vulnerability than CVE-2007-3350.

CVSS2: 7.8
EPSS: Низкий
nvd логотип

CVE-2007-3436

больше 18 лет назад

Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to cause a denial of service (resource consumption) via a flood of SIP INVITE requests to the port specified for voice conversation.

CVSS2: 5
EPSS: Средний
nvd логотип

CVE-2007-3435

больше 18 лет назад

Stack-based buffer overflow in the BeginPrint method in a certain ActiveX control in RKD Software (barcodetools.com) BarCodeAx.dll 4.9 allows remote attackers to execute arbitrary code via a long argument.

CVSS2: 9.3
EPSS: Высокий
nvd логотип

CVE-2007-3434

больше 18 лет назад

index.php in Pharmacy System 2 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the page parameter, which reveals the table prefix in an error message.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2007-3433

больше 18 лет назад

SQL injection vulnerability in index.php in Pharmacy System 2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter in an add action.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-3432

больше 18 лет назад

Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-3431

больше 18 лет назад

PHP remote file inclusion vulnerability in cal.func.php in Valerio Capello Dagger - The Cutting Edge r23jan2007 allows remote attackers to execute arbitrary PHP code via a URL in the dir_edge_lang parameter.

CVSS2: 6.8
EPSS: Высокий
nvd логотип

CVE-2007-3430

больше 18 лет назад

SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 allows remote attackers to execute arbitrary SQL commands via the submit parameter in an email action.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-3429

больше 18 лет назад

Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg.

CVSS2: 6.8
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2007-3448

Cross-site scripting (XSS) vulnerability in index.php in BugMall Shopping Cart 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the msgs parameter. NOTE: 4.0.2 and other versions might also be affected.

CVSS2: 4.3
8%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3447

SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the "basic search box." NOTE: 4.0.2 and other versions might also be affected.

CVSS2: 6.8
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3446

BugMall Shopping Cart 2.5 and earlier has a default username "demo" and password "demo," which allows remote attackers to obtain login access.

CVSS2: 7.5
9%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3445

Buffer overflow in SJ Labs SJphone 1.60.303c, running under Windows Mobile 2003 on the Samsung SCH-i730 phone, allows remote attackers to cause a denial of service (device hang and call termination) via a malformed SIP INVITE message, a different vulnerability than CVE-2007-3351.

CVSS2: 4.3
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3444

The Research in Motion BlackBerry 7270 with 4.0 SP1 Bundle 83 allows remote attackers to cause a denial of service (blocked call reception) via a malformed SIP invite message, possibly related to multiple format string specifiers in the From field, a spoofed source IP address, and limitations of the function stack frame.

CVSS2: 4.3
2%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3443

The Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 does not properly manage transaction states, which allows remote attackers to cause a denial of service (temporary device hang) by sending a certain SIP INVITE message, but not providing an ACK when the call is answered.

CVSS2: 2.3
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3442

Format string vulnerability on the Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 allows remote attackers to cause a denial of service (blocked call reception and calling) via format string specifiers in an SIP INVITE message that lacks a host name in the Contact header.

CVSS2: 2.3
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3441

Format string vulnerability in the Aastra 9112i SIP Phone with firmware 1.4.0.1048 and boot version 1.1.0.10 allows remote attackers to cause a denial of service (blocked call reception and slow calling) via format string specifiers in an SDP header value, a different vulnerability than CVE-2007-3349.

CVSS2: 5
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3440

The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, and snom320 jffs23.36, allows remote attackers to place calls to arbitrary phone numbers via certain requests to the web server on port 1800.

CVSS2: 6.4
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3439

The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, and snom320 jffs23.36, allows remote attackers to read a list of missed calls, received calls, and dialed numbers via a direct request to the web server on port 1800.

CVSS2: 5
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3438

Buffer overflow in the SIP header parsing module in the Nortel PC Client SIP Soft Phone 4.1 3.5.208[20051015] allows remote attackers to execute arbitrary code via a malformed message, a different vulnerability than CVE-2007-3361.

CVSS2: 7.8
4%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3437

AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application crash) via a malformed header value in a SIP INVITE message, a different vulnerability than CVE-2007-3350.

CVSS2: 7.8
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3436

Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to cause a denial of service (resource consumption) via a flood of SIP INVITE requests to the port specified for voice conversation.

CVSS2: 5
17%
Средний
больше 18 лет назад
nvd логотип
CVE-2007-3435

Stack-based buffer overflow in the BeginPrint method in a certain ActiveX control in RKD Software (barcodetools.com) BarCodeAx.dll 4.9 allows remote attackers to execute arbitrary code via a long argument.

CVSS2: 9.3
77%
Высокий
больше 18 лет назад
nvd логотип
CVE-2007-3434

index.php in Pharmacy System 2 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the page parameter, which reveals the table prefix in an error message.

CVSS2: 5
5%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3433

SQL injection vulnerability in index.php in Pharmacy System 2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter in an add action.

CVSS2: 7.5
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3432

Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename.

CVSS2: 7.5
7%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3431

PHP remote file inclusion vulnerability in cal.func.php in Valerio Capello Dagger - The Cutting Edge r23jan2007 allows remote attackers to execute arbitrary PHP code via a URL in the dir_edge_lang parameter.

CVSS2: 6.8
84%
Высокий
больше 18 лет назад
nvd логотип
CVE-2007-3430

SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 allows remote attackers to execute arbitrary SQL commands via the submit parameter in an email action.

CVSS2: 7.5
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3429

Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg.

CVSS2: 6.8
4%
Низкий
больше 18 лет назад

Уязвимостей на страницу