Количество 331 614
Количество 331 614
CVE-2007-2569
Multiple PHP remote file inclusion vulnerabilities in Friendly 1.0d1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the friendly_path parameter to (1) core/data/yaml.inc.php, or _load.php in (2) core/data/, (3) core/display/, or (4) core/support/.
CVE-2007-2568
Multiple stack-based buffer overflows in VCDGear 3.55 allow user-assisted remote attackers to execute arbitrary code via a long (1) tag or (2) track type in a CUE file.
CVE-2007-2567
Buffer overflow in the SaveBarCode function in the Taltech Tal Bar Code ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2007-2566
The SaveBarCode function in the Taltech Tal Bar Code ActiveX control allows remote attackers to cause a denial of service (disk consumption) by uploading multiple bar codes, as demonstrated by a WSF package.
CVE-2007-2565
Cdelia Software ImageProcessing allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted BMP file.
CVE-2007-2564
Multiple stack-based buffer overflows in the Sienzo Digital Music Mentor (DMM) 2.6.0.4 ActiveX control (DSKernel2.dll) allow remote attackers to execute arbitrary code via a long argument to the (1) LockModules or (2) UnlockModule function.
CVE-2007-2563
Buffer overflow in the AddFile function in VersalSoft HTTP File Upload ActiveX control (UFileUploaderD.dll) allows remote attackers to execute arbitrary code via a long argument.
CVE-2007-2562
Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 3.00.90 allows remote attackers to inject arbitrary web script or HTML via the _m parameter.
CVE-2007-2561
SQL injection vulnerability in index.asp in fipsCMS 2.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter, a different vector than CVE-2006-6115.
CVE-2007-2560
Directory traversal vulnerability in theme/acgv.php in ACGVannu 1.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the rubrik parameter.
CVE-2007-2559
Multiple PHP remote file inclusion vulnerabilities in american cart 3.5 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php, (2) checkout.php, and (3) libsecure.php.
CVE-2007-2558
PHP remote file inclusion vulnerability in index.php in phpFullAnnu CMS (pfa CMS) 6.0 allows remote attackers to execute arbitrary PHP code via a URL in the repinc parameter. NOTE: CVE disputes this issue since $repinc is set to a constant value before use
CVE-2007-2557
MOStlyDB Admin in Mambo 4.6.1 does not properly check privileges, which allows remote authenticated administrators to have an unknown impact via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-2556
SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, as demonstrated by a request to the /nk/ URI.
CVE-2007-2555
Unspecified vulnerability in Default.aspx in Podium CMS allows remote attackers to have an unknown impact, possibly session fixation, via a META HTTP-EQUIV Set-cookie expression in the id parameter, related to "cookie manipulation." NOTE: this issue might be cross-site scripting (XSS).
CVE-2007-2554
Associated Press (AP) Newspower 4.0.1 and earlier uses a default blank password for the MySQL root account, which allows remote attackers to insert or modify news articles via shows.tblscript.
CVE-2007-2553
Unspecified vulnerability in dop in HP Tru64 UNIX 5.1B-4, 5.1B-3, and 5.1A PK6 allows local users to gain privileges via a large amount of data in the environment, as demonstrated by a long environment variable.
CVE-2007-2552
The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to obtain the names, and possibly revision notes and dates, of private pages via RSS feeds.
CVE-2007-2551
Cross-site scripting (XSS) vulnerability in usersettings.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2007-2550
Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with "ccSID" to (1) cart.php or (2) index.php.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2007-2569 Multiple PHP remote file inclusion vulnerabilities in Friendly 1.0d1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the friendly_path parameter to (1) core/data/yaml.inc.php, or _load.php in (2) core/data/, (3) core/display/, or (4) core/support/. | CVSS2: 7.5 | 8% Низкий | почти 19 лет назад |
| CVE-2007-2568 Multiple stack-based buffer overflows in VCDGear 3.55 allow user-assisted remote attackers to execute arbitrary code via a long (1) tag or (2) track type in a CUE file. | CVSS2: 9.3 | 6% Низкий | больше 18 лет назад |
| CVE-2007-2567 Buffer overflow in the SaveBarCode function in the Taltech Tal Bar Code ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors. | CVSS2: 9.3 | 4% Низкий | почти 19 лет назад |
| CVE-2007-2566 The SaveBarCode function in the Taltech Tal Bar Code ActiveX control allows remote attackers to cause a denial of service (disk consumption) by uploading multiple bar codes, as demonstrated by a WSF package. | CVSS2: 5 | 5% Низкий | почти 19 лет назад |
| CVE-2007-2565 Cdelia Software ImageProcessing allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted BMP file. | CVSS2: 7.1 | 5% Низкий | почти 19 лет назад |
| CVE-2007-2564 Multiple stack-based buffer overflows in the Sienzo Digital Music Mentor (DMM) 2.6.0.4 ActiveX control (DSKernel2.dll) allow remote attackers to execute arbitrary code via a long argument to the (1) LockModules or (2) UnlockModule function. | CVSS2: 10 | 6% Низкий | почти 19 лет назад |
| CVE-2007-2563 Buffer overflow in the AddFile function in VersalSoft HTTP File Upload ActiveX control (UFileUploaderD.dll) allows remote attackers to execute arbitrary code via a long argument. | CVSS2: 9.3 | 7% Низкий | почти 19 лет назад |
| CVE-2007-2562 Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 3.00.90 allows remote attackers to inject arbitrary web script or HTML via the _m parameter. | CVSS2: 4.3 | 0% Низкий | почти 19 лет назад |
| CVE-2007-2561 SQL injection vulnerability in index.asp in fipsCMS 2.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter, a different vector than CVE-2006-6115. | CVSS2: 7.5 | 1% Низкий | почти 19 лет назад |
| CVE-2007-2560 Directory traversal vulnerability in theme/acgv.php in ACGVannu 1.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the rubrik parameter. | CVSS2: 5 | 6% Низкий | почти 19 лет назад |
| CVE-2007-2559 Multiple PHP remote file inclusion vulnerabilities in american cart 3.5 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php, (2) checkout.php, and (3) libsecure.php. | CVSS2: 7.5 | 1% Низкий | почти 19 лет назад |
| CVE-2007-2558 PHP remote file inclusion vulnerability in index.php in phpFullAnnu CMS (pfa CMS) 6.0 allows remote attackers to execute arbitrary PHP code via a URL in the repinc parameter. NOTE: CVE disputes this issue since $repinc is set to a constant value before use | CVSS2: 7.5 | 1% Низкий | почти 19 лет назад |
| CVE-2007-2557 MOStlyDB Admin in Mambo 4.6.1 does not properly check privileges, which allows remote authenticated administrators to have an unknown impact via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | CVSS2: 4 | 0% Низкий | почти 19 лет назад |
| CVE-2007-2556 SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, as demonstrated by a request to the /nk/ URI. | CVSS2: 7.5 | 6% Низкий | почти 19 лет назад |
| CVE-2007-2555 Unspecified vulnerability in Default.aspx in Podium CMS allows remote attackers to have an unknown impact, possibly session fixation, via a META HTTP-EQUIV Set-cookie expression in the id parameter, related to "cookie manipulation." NOTE: this issue might be cross-site scripting (XSS). | CVSS2: 4.3 | 0% Низкий | почти 19 лет назад |
| CVE-2007-2554 Associated Press (AP) Newspower 4.0.1 and earlier uses a default blank password for the MySQL root account, which allows remote attackers to insert or modify news articles via shows.tblscript. | CVSS2: 7.8 | 0% Низкий | почти 19 лет назад |
| CVE-2007-2553 Unspecified vulnerability in dop in HP Tru64 UNIX 5.1B-4, 5.1B-3, and 5.1A PK6 allows local users to gain privileges via a large amount of data in the environment, as demonstrated by a long environment variable. | CVSS2: 7.2 | 0% Низкий | почти 19 лет назад |
| CVE-2007-2552 The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to obtain the names, and possibly revision notes and dates, of private pages via RSS feeds. | CVSS2: 5 | 1% Низкий | почти 19 лет назад |
| CVE-2007-2551 Cross-site scripting (XSS) vulnerability in usersettings.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter. | CVSS2: 4.3 | 1% Низкий | почти 19 лет назад |
| CVE-2007-2550 Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with "ccSID" to (1) cart.php or (2) index.php. | CVSS2: 5 | 1% Низкий | почти 19 лет назад |
Уязвимостей на страницу