Логотип exploitDog
source:"nvd"
Консоль
Логотип exploitDog

exploitDog

source:"nvd"

Количество 331 703

Количество 331 703

nvd логотип

CVE-2007-3428

больше 18 лет назад

Multiple unspecified vulnerabilities in phpTrafficA before 1.4.2 allow remote attackers to have an unknown impact via the file parameter to (1) plotStatBar.php or (2) plotStatPie.php, different vectors than CVE-2007-1076.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-3427

больше 18 лет назад

SQL injection vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a stats action.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-3426

больше 18 лет назад

Cross-site scripting (XSS) vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-3425

больше 18 лет назад

Directory traversal vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to include arbitrary local files via the lang parameter, a different vector and version than CVE-2007-1076.2.

CVSS2: 5
EPSS: Средний
nvd логотип

CVE-2007-3424

больше 18 лет назад

The moveim function in cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the tocat parameter as a subdirectory name when moving an instant message, which has unknown impact and remote attack vectors.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-3423

больше 18 лет назад

cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the (1) imview2 or (2) imview3 function reads (a) an internal IM, or a message from a (b) guest or (c) removed member, which has unknown impact and remote attack vectors.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-3422

больше 18 лет назад

The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 attempts to parse query strings that contain (1) non-printing characters, (2) certain printing characters that do not commonly occur in URLs, or (3) invalid URL encoding sequences, which has unknown impact and remote attack vectors.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-3421

больше 18 лет назад

The (1) login, (2) admin profile edit, (3) reminder, (4) edit profile, (5) profile view, (6) gallery view, (7) gallery comment, and (8) gallery feedback capabilities in web-app.org WebAPP before 0.9.9.7 do not verify presence of users in memberlist.dat, which has unknown impact and remote attack vectors.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-3420

больше 18 лет назад

The Random Cookie Password functionality in the loaduser function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 does not clear the (1) username, (2) password, (3) usertheme, and (4) userlang cookies for unauthorized users, which has unknown impact and remote attack vectors.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-3419

больше 18 лет назад

The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org WebAPP before 0.9.9.7 does not properly check the (1) themes.dat, (2) languages.dat, (3) profession.dat, (4) gen.dat, (5) marstat.dat, (6) states.dat, and (7) ages.dat files before saving profile settings of members, which has unknown impact and remote attack vectors.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-3418

больше 18 лет назад

The displaypost function in cgi-bin/cgi-lib/forum_display.pl in web-app.org WebAPP before 0.9.9.7 does not display usernames in conjunction with real names, which makes it easier for remote authenticated users to impersonate other users.

CVSS2: 6.5
EPSS: Низкий
nvd логотип

CVE-2007-3417

больше 18 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/cgi-lib/search.pl in web-app.org WebAPP before 0.9.9.7 allow remote attackers to inject arbitrary web script or HTML via a search string, which is not sanitized when an HREF attribute is printed by the (1) process_search or (2) show_recent_searches function.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-3416

больше 18 лет назад

Multiple cross-site request forgery (CSRF) vulnerabilities in the administration of (1) polls, (2) profiles, (3) IP bans, and (4) forums in (a) web-app.org WebAPP 0.8 through 0.9.9.6; and (b) web-app.net WebAPP 0.9.9.3.3, 0.9.9.3.4, and 2007; allow remote attackers to perform deletions as administrators.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2007-3415

больше 18 лет назад

Multiple SQL injection vulnerabilities in index.php in phpRaider 1.0.0 rc8 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) type parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-3414

больше 18 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in access2asp 4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) od and (2) search parameters to (a) suppliersList.asp and (b) contactsList.asp.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-3413

больше 18 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in bosDataGrid 2.50 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) GridSearch, (2) gsearch, or (3) ParentID parameter to an unspecified component.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-3412

больше 18 лет назад

Cross-site scripting (XSS) vulnerability in edit_image.asp in ClickGallery Server 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-3411

больше 18 лет назад

SQL injection vulnerability in edit_image.asp in ClickGallery Server 5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the image_id parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-3410

больше 18 лет назад

Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to execute arbitrary code via an SMIL (SMIL2) file with a long wallclock value.

CVSS2: 9.3
EPSS: Средний
nvd логотип

CVE-2007-3409

больше 18 лет назад

Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop.

CVSS3: 7.5
EPSS: Средний

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2007-3428

Multiple unspecified vulnerabilities in phpTrafficA before 1.4.2 allow remote attackers to have an unknown impact via the file parameter to (1) plotStatBar.php or (2) plotStatPie.php, different vectors than CVE-2007-1076.

CVSS2: 7.5
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3427

SQL injection vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a stats action.

CVSS2: 7.5
2%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3426

Cross-site scripting (XSS) vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

CVSS2: 4.3
9%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3425

Directory traversal vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to include arbitrary local files via the lang parameter, a different vector and version than CVE-2007-1076.2.

CVSS2: 5
13%
Средний
больше 18 лет назад
nvd логотип
CVE-2007-3424

The moveim function in cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the tocat parameter as a subdirectory name when moving an instant message, which has unknown impact and remote attack vectors.

CVSS2: 7.5
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3423

cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the (1) imview2 or (2) imview3 function reads (a) an internal IM, or a message from a (b) guest or (c) removed member, which has unknown impact and remote attack vectors.

CVSS2: 7.5
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3422

The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 attempts to parse query strings that contain (1) non-printing characters, (2) certain printing characters that do not commonly occur in URLs, or (3) invalid URL encoding sequences, which has unknown impact and remote attack vectors.

CVSS2: 7.5
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3421

The (1) login, (2) admin profile edit, (3) reminder, (4) edit profile, (5) profile view, (6) gallery view, (7) gallery comment, and (8) gallery feedback capabilities in web-app.org WebAPP before 0.9.9.7 do not verify presence of users in memberlist.dat, which has unknown impact and remote attack vectors.

CVSS2: 7.5
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3420

The Random Cookie Password functionality in the loaduser function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 does not clear the (1) username, (2) password, (3) usertheme, and (4) userlang cookies for unauthorized users, which has unknown impact and remote attack vectors.

CVSS2: 7.5
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3419

The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org WebAPP before 0.9.9.7 does not properly check the (1) themes.dat, (2) languages.dat, (3) profession.dat, (4) gen.dat, (5) marstat.dat, (6) states.dat, and (7) ages.dat files before saving profile settings of members, which has unknown impact and remote attack vectors.

CVSS2: 7.5
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3418

The displaypost function in cgi-bin/cgi-lib/forum_display.pl in web-app.org WebAPP before 0.9.9.7 does not display usernames in conjunction with real names, which makes it easier for remote authenticated users to impersonate other users.

CVSS2: 6.5
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3417

Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/cgi-lib/search.pl in web-app.org WebAPP before 0.9.9.7 allow remote attackers to inject arbitrary web script or HTML via a search string, which is not sanitized when an HREF attribute is printed by the (1) process_search or (2) show_recent_searches function.

CVSS2: 4.3
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3416

Multiple cross-site request forgery (CSRF) vulnerabilities in the administration of (1) polls, (2) profiles, (3) IP bans, and (4) forums in (a) web-app.org WebAPP 0.8 through 0.9.9.6; and (b) web-app.net WebAPP 0.9.9.3.3, 0.9.9.3.4, and 2007; allow remote attackers to perform deletions as administrators.

CVSS2: 5
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3415

Multiple SQL injection vulnerabilities in index.php in phpRaider 1.0.0 rc8 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) type parameter.

CVSS2: 7.5
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3414

Multiple cross-site scripting (XSS) vulnerabilities in access2asp 4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) od and (2) search parameters to (a) suppliersList.asp and (b) contactsList.asp.

CVSS2: 4.3
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3413

Multiple cross-site scripting (XSS) vulnerabilities in bosDataGrid 2.50 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) GridSearch, (2) gsearch, or (3) ParentID parameter to an unspecified component.

CVSS2: 4.3
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3412

Cross-site scripting (XSS) vulnerability in edit_image.asp in ClickGallery Server 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter.

CVSS2: 4.3
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3411

SQL injection vulnerability in edit_image.asp in ClickGallery Server 5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the image_id parameter.

CVSS2: 7.5
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-3410

Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to execute arbitrary code via an SMIL (SMIL2) file with a long wallclock value.

CVSS2: 9.3
29%
Средний
больше 18 лет назад
nvd логотип
CVE-2007-3409

Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop.

CVSS3: 7.5
12%
Средний
больше 18 лет назад

Уязвимостей на страницу