Логотип exploitDog
source:"nvd"
Консоль
Логотип exploitDog

exploitDog

source:"nvd"

Количество 331 614

Количество 331 614

nvd логотип

CVE-2007-2953

больше 18 лет назад

Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.

CVSS2: 6.8
EPSS: Средний
nvd логотип

CVE-2007-2952

больше 17 лет назад

Multiple stack-based buffer overflows in the filter service (aka k9filter.exe) in Blue Coat K9 Web Protection 3.2.44 with Filter 3.2.32 allow (1) remote attackers to execute arbitrary code via a long HTTP Referer header to the K9 Web Protection Administration interface and (2) man-in-the-middle attackers to execute arbitrary code via an HTTP response with a long HTTP version field.

CVSS2: 9.3
EPSS: Средний
nvd логотип

CVE-2007-2951

больше 18 лет назад

The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc 3.2.0 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an (1) irc:// or (2) irc6:// URI.

CVSS2: 9.3
EPSS: Низкий
nvd логотип

CVE-2007-2950

больше 18 лет назад

Centennial Discovery 2006 Feature Pack 1, which is used by (1) Numara Asset Manager 8.0 and (2) Symantec Discovery 6.5, uses insecure permissions on certain directories, which allows local users to gain privileges.

CVSS2: 7.2
EPSS: Низкий
nvd логотип

CVE-2007-2949

больше 18 лет назад

Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value.

CVSS2: 6.8
EPSS: Средний
nvd логотип

CVE-2007-2948

больше 18 лет назад

Multiple stack-based buffer overflows in stream/stream_cddb.c in MPlayer before 1.0rc1try3 allow remote attackers to execute arbitrary code via a CDDB entry with a long (1) album title or (2) category.

CVSS2: 9.3
EPSS: Средний
nvd логотип

CVE-2007-2947

больше 18 лет назад

Multiple PHP remote file inclusion vulnerabilities in OpenBASE Alpha 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the root_prefix parameter to (1) index.php, (2) email_subscribe.php, (3) download.php, or (4) development.php.

CVSS2: 7.5
EPSS: Средний
nvd логотип

CVE-2007-2946

больше 18 лет назад

Buffer overflow in a certain ActiveX control in LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL) 14.5.0.44 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long DestinationPath property value.

CVSS2: 10
EPSS: Средний
nvd логотип

CVE-2007-2945

больше 18 лет назад

RMForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for rmforum.mdb.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2007-2944

больше 18 лет назад

WabCMS 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/wabcmsn.mdb. NOTE: this issue was originally reported for "webCMS," but this was an error by an unreliable researcher.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2007-2943

больше 18 лет назад

PHP remote file inclusion vulnerability in class/class.php in Webavis 0.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2007-2942

больше 18 лет назад

SQL injection vulnerability in user.php in My Little Forum 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2941

больше 18 лет назад

Multiple PHP remote file inclusion vulnerabilities in the creator in vBulletin Google Yahoo Site Map (vBGSiteMap) 2.41 for vBulletin allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) vbgsitemap/vbgsitemap-config.php or (2) vbgsitemap/vbgsitemap-vbseo.php.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2940

больше 18 лет назад

Multiple PHP remote file inclusion vulnerabilities in FlaP 1.0b (1.0 Beta) allow remote attackers to execute arbitrary PHP code via a URL in the pachtofile parameter to (1) skin/html/table.php or (2) login.php.

CVSS2: 6.8
EPSS: Средний
nvd логотип

CVE-2007-2939

больше 18 лет назад

Multiple PHP remote file inclusion vulnerabilities in Mazen's PHP Chat 3.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the basepath parameter to (1) ITX.php, (2) IT_Error.php, or (3) IT.php in include/pear/.

CVSS2: 6.8
EPSS: Средний
nvd логотип

CVE-2007-2938

больше 18 лет назад

Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoader100.dll) 5.4.0.6, when Internet Explorer 6 is used, allows remote attackers to execute arbitrary code via a long argument to the (1) Send485CMD method, and possibly the (2) SetLoginID, (3) AddSite, (4) SetScreen, and (5) SetVideoServer methods.

CVSS2: 10
EPSS: Средний
nvd логотип

CVE-2007-2937

больше 18 лет назад

PHP remote file inclusion vulnerability in admin/admin.php in TROforum 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the site_url parameter.

CVSS2: 7.5
EPSS: Высокий
nvd логотип

CVE-2007-2936

больше 18 лет назад

Multiple PHP remote file inclusion vulnerabilities in Frequency Clock 0.1b (Beta 0.1) allow remote attackers to execute arbitrary PHP code via a URL in the securelib parameter to (1) conf.php or (2) cp2.php.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2935

больше 18 лет назад

core/spellcheck/spellcheck.php in Fundanemt before 2.2.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dict parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2934

больше 18 лет назад

Directory traversal vulnerability in skins/common.css.php in Vistered Little 1.6a allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter.

CVSS2: 7.8
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2007-2953

Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.

CVSS2: 6.8
12%
Средний
больше 18 лет назад
nvd логотип
CVE-2007-2952

Multiple stack-based buffer overflows in the filter service (aka k9filter.exe) in Blue Coat K9 Web Protection 3.2.44 with Filter 3.2.32 allow (1) remote attackers to execute arbitrary code via a long HTTP Referer header to the K9 Web Protection Administration interface and (2) man-in-the-middle attackers to execute arbitrary code via an HTTP response with a long HTTP version field.

CVSS2: 9.3
15%
Средний
больше 17 лет назад
nvd логотип
CVE-2007-2951

The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc 3.2.0 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an (1) irc:// or (2) irc6:// URI.

CVSS2: 9.3
3%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-2950

Centennial Discovery 2006 Feature Pack 1, which is used by (1) Numara Asset Manager 8.0 and (2) Symantec Discovery 6.5, uses insecure permissions on certain directories, which allows local users to gain privileges.

CVSS2: 7.2
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-2949

Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value.

CVSS2: 6.8
34%
Средний
больше 18 лет назад
nvd логотип
CVE-2007-2948

Multiple stack-based buffer overflows in stream/stream_cddb.c in MPlayer before 1.0rc1try3 allow remote attackers to execute arbitrary code via a CDDB entry with a long (1) album title or (2) category.

CVSS2: 9.3
13%
Средний
больше 18 лет назад
nvd логотип
CVE-2007-2947

Multiple PHP remote file inclusion vulnerabilities in OpenBASE Alpha 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the root_prefix parameter to (1) index.php, (2) email_subscribe.php, (3) download.php, or (4) development.php.

CVSS2: 7.5
11%
Средний
больше 18 лет назад
nvd логотип
CVE-2007-2946

Buffer overflow in a certain ActiveX control in LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL) 14.5.0.44 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long DestinationPath property value.

CVSS2: 10
26%
Средний
больше 18 лет назад
nvd логотип
CVE-2007-2945

RMForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for rmforum.mdb.

CVSS2: 5
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-2944

WabCMS 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/wabcmsn.mdb. NOTE: this issue was originally reported for "webCMS," but this was an error by an unreliable researcher.

CVSS2: 5
0%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-2943

PHP remote file inclusion vulnerability in class/class.php in Webavis 0.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.

CVSS2: 6.8
5%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-2942

SQL injection vulnerability in user.php in My Little Forum 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS2: 7.5
2%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-2941

Multiple PHP remote file inclusion vulnerabilities in the creator in vBulletin Google Yahoo Site Map (vBGSiteMap) 2.41 for vBulletin allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) vbgsitemap/vbgsitemap-config.php or (2) vbgsitemap/vbgsitemap-vbseo.php.

CVSS2: 7.5
4%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-2940

Multiple PHP remote file inclusion vulnerabilities in FlaP 1.0b (1.0 Beta) allow remote attackers to execute arbitrary PHP code via a URL in the pachtofile parameter to (1) skin/html/table.php or (2) login.php.

CVSS2: 6.8
10%
Средний
больше 18 лет назад
nvd логотип
CVE-2007-2939

Multiple PHP remote file inclusion vulnerabilities in Mazen's PHP Chat 3.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the basepath parameter to (1) ITX.php, (2) IT_Error.php, or (3) IT.php in include/pear/.

CVSS2: 6.8
63%
Средний
больше 18 лет назад
nvd логотип
CVE-2007-2938

Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoader100.dll) 5.4.0.6, when Internet Explorer 6 is used, allows remote attackers to execute arbitrary code via a long argument to the (1) Send485CMD method, and possibly the (2) SetLoginID, (3) AddSite, (4) SetScreen, and (5) SetVideoServer methods.

CVSS2: 10
57%
Средний
больше 18 лет назад
nvd логотип
CVE-2007-2937

PHP remote file inclusion vulnerability in admin/admin.php in TROforum 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the site_url parameter.

CVSS2: 7.5
84%
Высокий
больше 18 лет назад
nvd логотип
CVE-2007-2936

Multiple PHP remote file inclusion vulnerabilities in Frequency Clock 0.1b (Beta 0.1) allow remote attackers to execute arbitrary PHP code via a URL in the securelib parameter to (1) conf.php or (2) cp2.php.

CVSS2: 7.5
4%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-2935

core/spellcheck/spellcheck.php in Fundanemt before 2.2.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dict parameter.

CVSS2: 7.5
9%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-2934

Directory traversal vulnerability in skins/common.css.php in Vistered Little 1.6a allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter.

CVSS2: 7.8
6%
Низкий
больше 18 лет назад

Уязвимостей на страницу