Логотип exploitDog
source:"nvd"
Консоль
Логотип exploitDog

exploitDog

source:"nvd"

Количество 331 703

Количество 331 703

nvd логотип

CVE-2007-2678

больше 18 лет назад

Buffer overflow in the isChecked function in toolbar.dll in Netsprint Toolbar 1.1 might allow remote attackers to execute arbitrary code via unspecified vectors.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2677

больше 18 лет назад

Multiple PHP remote file inclusion vulnerabilities in phpChess Community Edition 2.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the config parameter to includes/language.php, or the Root_Path parameter to (2) layout_admin_cfg.php, (3) layout_cfg.php, or (4) layout_t_top.php in skins/phpchess/. NOTE: vector 1 has been disputed by CVE, since the code is defined within a function that is not called from within includes/language.php.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2676

больше 18 лет назад

PHP remote file inclusion vulnerability in skins/header.php in Open Translation Engine (OTE) 0.7.8 allows remote attackers to execute arbitrary PHP code via a URL in the ote_home parameter.

CVSS2: 7.5
EPSS: Средний
nvd логотип

CVE-2007-2675

больше 18 лет назад

SQL injection vulnerability in search.php in Pre Classifieds Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the category parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2674

больше 18 лет назад

SQL injection vulnerability in detail.php in Pre Shopping Mall 1.0 allows remote attackers to execute arbitrary SQL commands via the prodid parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2673

больше 18 лет назад

SQL injection vulnerability in includes/funcs_vendors.php in Censura 1.15.04, and other versions before 1.16.04, allows remote attackers to execute arbitrary SQL commands via the vendorid parameter in a vendor_info cmd action to censura.php.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2672

больше 18 лет назад

SQL injection vulnerability in index.php in PHP Coupon Script 3.0 allows remote attackers to execute arbitrary SQL commands via the bus parameter in a viewbus page.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2671

больше 18 лет назад

Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of service (application crash) via a long hostname in an HREF attribute in an A element, which triggers an out-of-bounds memory access.

CVSS2: 7.1
EPSS: Низкий
nvd логотип

CVE-2007-2670

больше 18 лет назад

PHPChain 1.0 and earlier allows remote attackers to obtain the installation path via invalid values of the catid parameter to (1) settings.php or (2) cat.php, as demonstrated by XSS manipulations.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-2669

больше 18 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in PHPChain 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the catid parameter to (1) settings.php or (2) cat.php. NOTE: certain parameter values also trigger path disclosure.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-2668

больше 18 лет назад

Buffer overflow in webdesproxy 0.0.1 allows remote attackers to execute arbitrary code via a long URL, possibly involving the process_connection_request function in webdesproxy.c.

CVSS2: 6.8
EPSS: Средний
nvd логотип

CVE-2007-2667

больше 18 лет назад

Buffer overflow in the DB Software Laboratory VImpX ActiveX control in VImpX.ocx 4.7.3 allows remote attackers to execute arbitrary code via a long LogFile parameter.

CVSS2: 9.3
EPSS: Средний
nvd логотип

CVE-2007-2666

больше 18 лет назад

Stack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla 1.73, as used by notepad++ 4.1.1 and earlier, allows user-assisted remote attackers to execute arbitrary code via certain Ruby (.rb) files with long lines. NOTE: this was originally reported as a vulnerability in notepad++.

CVSS2: 7.6
EPSS: Средний
nvd логотип

CVE-2007-2665

больше 18 лет назад

PHP remote file inclusion vulnerability in block.php in PhpFirstPost 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the Include parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2664

больше 18 лет назад

PHP remote file inclusion vulnerability in includes/common.php in Yaap 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, possibly related to the __autoload function.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2663

больше 18 лет назад

PHP remote file inclusion vulnerability in language/1/splash.lang.php in Beacon 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the languagePath parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2662

больше 18 лет назад

SQL injection vulnerability in EfesTECH Haber 5.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to the top-level URI.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2661

больше 18 лет назад

SQL injection vulnerability in archshow.asp in BlogMe 3.0 allows remote attackers to execute arbitrary SQL commands via the var parameter, a different vector than CVE-2006-5976.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2660

больше 18 лет назад

PHP remote file inclusion vulnerability in pcltrace.lib.php in the PclTar module in Vincent Blavet PhpConcept Library, as used in CJG EXPLORER PRO 3.3 and earlier and probably other products, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter. NOTE: CVE disputes this issue since there is no include statement in pcltrace.lib.php. NOTE: the pcltar.lib.php vector is already covered by CVE-2007-2199

CVSS2: 6.8
EPSS: Средний
nvd логотип

CVE-2007-2659

больше 18 лет назад

Directory traversal vulnerability in index.php in PHP Advanced Transfer Manager (phpATM) 1.30 allows remote attackers to read arbitrary files and obtain script source code via a .. (dot dot) in the directory parameter in a downloadfile action.

CVSS2: 5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2007-2678

Buffer overflow in the isChecked function in toolbar.dll in Netsprint Toolbar 1.1 might allow remote attackers to execute arbitrary code via unspecified vectors.

CVSS2: 7.5
5%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-2677

Multiple PHP remote file inclusion vulnerabilities in phpChess Community Edition 2.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the config parameter to includes/language.php, or the Root_Path parameter to (2) layout_admin_cfg.php, (3) layout_cfg.php, or (4) layout_t_top.php in skins/phpchess/. NOTE: vector 1 has been disputed by CVE, since the code is defined within a function that is not called from within includes/language.php.

CVSS2: 7.5
9%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-2676

PHP remote file inclusion vulnerability in skins/header.php in Open Translation Engine (OTE) 0.7.8 allows remote attackers to execute arbitrary PHP code via a URL in the ote_home parameter.

CVSS2: 7.5
66%
Средний
больше 18 лет назад
nvd логотип
CVE-2007-2675

SQL injection vulnerability in search.php in Pre Classifieds Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the category parameter.

CVSS2: 7.5
4%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-2674

SQL injection vulnerability in detail.php in Pre Shopping Mall 1.0 allows remote attackers to execute arbitrary SQL commands via the prodid parameter.

CVSS2: 7.5
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-2673

SQL injection vulnerability in includes/funcs_vendors.php in Censura 1.15.04, and other versions before 1.16.04, allows remote attackers to execute arbitrary SQL commands via the vendorid parameter in a vendor_info cmd action to censura.php.

CVSS2: 7.5
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-2672

SQL injection vulnerability in index.php in PHP Coupon Script 3.0 allows remote attackers to execute arbitrary SQL commands via the bus parameter in a viewbus page.

CVSS2: 7.5
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-2671

Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of service (application crash) via a long hostname in an HREF attribute in an A element, which triggers an out-of-bounds memory access.

CVSS2: 7.1
7%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-2670

PHPChain 1.0 and earlier allows remote attackers to obtain the installation path via invalid values of the catid parameter to (1) settings.php or (2) cat.php, as demonstrated by XSS manipulations.

CVSS2: 4.3
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-2669

Multiple cross-site scripting (XSS) vulnerabilities in PHPChain 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the catid parameter to (1) settings.php or (2) cat.php. NOTE: certain parameter values also trigger path disclosure.

CVSS2: 4.3
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-2668

Buffer overflow in webdesproxy 0.0.1 allows remote attackers to execute arbitrary code via a long URL, possibly involving the process_connection_request function in webdesproxy.c.

CVSS2: 6.8
17%
Средний
больше 18 лет назад
nvd логотип
CVE-2007-2667

Buffer overflow in the DB Software Laboratory VImpX ActiveX control in VImpX.ocx 4.7.3 allows remote attackers to execute arbitrary code via a long LogFile parameter.

CVSS2: 9.3
20%
Средний
больше 18 лет назад
nvd логотип
CVE-2007-2666

Stack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla 1.73, as used by notepad++ 4.1.1 and earlier, allows user-assisted remote attackers to execute arbitrary code via certain Ruby (.rb) files with long lines. NOTE: this was originally reported as a vulnerability in notepad++.

CVSS2: 7.6
19%
Средний
больше 18 лет назад
nvd логотип
CVE-2007-2665

PHP remote file inclusion vulnerability in block.php in PhpFirstPost 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the Include parameter.

CVSS2: 7.5
5%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-2664

PHP remote file inclusion vulnerability in includes/common.php in Yaap 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, possibly related to the __autoload function.

CVSS2: 7.5
7%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-2663

PHP remote file inclusion vulnerability in language/1/splash.lang.php in Beacon 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the languagePath parameter.

CVSS2: 7.5
6%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-2662

SQL injection vulnerability in EfesTECH Haber 5.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to the top-level URI.

CVSS2: 7.5
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-2661

SQL injection vulnerability in archshow.asp in BlogMe 3.0 allows remote attackers to execute arbitrary SQL commands via the var parameter, a different vector than CVE-2006-5976.

CVSS2: 7.5
1%
Низкий
больше 18 лет назад
nvd логотип
CVE-2007-2660

PHP remote file inclusion vulnerability in pcltrace.lib.php in the PclTar module in Vincent Blavet PhpConcept Library, as used in CJG EXPLORER PRO 3.3 and earlier and probably other products, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter. NOTE: CVE disputes this issue since there is no include statement in pcltrace.lib.php. NOTE: the pcltar.lib.php vector is already covered by CVE-2007-2199

CVSS2: 6.8
14%
Средний
больше 18 лет назад
nvd логотип
CVE-2007-2659

Directory traversal vulnerability in index.php in PHP Advanced Transfer Manager (phpATM) 1.30 allows remote attackers to read arbitrary files and obtain script source code via a .. (dot dot) in the directory parameter in a downloadfile action.

CVSS2: 5
5%
Низкий
больше 18 лет назад

Уязвимостей на страницу