Логотип exploitDog
source:"nvd"
Консоль
Логотип exploitDog

exploitDog

source:"nvd"

Количество 331 614

Количество 331 614

nvd логотип

CVE-2007-2549

почти 19 лет назад

SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) c or (2) quantity parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2548

почти 19 лет назад

Unspecified vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 has unknown impact and an l remote attack vector, related to "Cookie Manipulation."

CVSS2: 6.4
EPSS: Низкий
nvd логотип

CVE-2007-2547

почти 19 лет назад

Cross-site scripting (XSS) vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 allows remote attackers to inject arbitrary web script or HTML via the l parameter.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-2546

почти 19 лет назад

Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2007-2545

почти 19 лет назад

Multiple PHP remote file inclusion vulnerabilities in Persism CMS 0.9.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the system[path] parameter to (1) blocks/headerfile.php, (2) files/blocks/latest_files.php, (3) filters/headerfile.php, (4) forums/blocks/latest_posts.php, (5) groups/headerfile.php, (6) links/blocks/links.php, (7) menu/headerfile.php, (8) news/blocks/latest_news.php, (9) settings/headerfile.php, or (10) users/headerfile.php, in modules/.

CVSS2: 7.5
EPSS: Высокий
nvd логотип

CVE-2007-2544

почти 19 лет назад

PHP remote file inclusion vulnerability in templates/default/tpl_message.php in PHP TopTree BBS 2.0.1a and earlier allows remote attackers to execute arbitrary PHP code via a URL in the right_file parameter.

CVSS2: 7.5
EPSS: Средний
nvd логотип

CVE-2007-2543

почти 19 лет назад

SQL injection vulnerability in game.php in the Flashgames 1.0.1 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2542

почти 19 лет назад

PHP remote file inclusion vulnerability in header.php in workbench survival guide 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2541

почти 19 лет назад

PHP remote file inclusion vulnerability in includes/ajax_listado.php in Versado CMS 1.07 allows remote attackers to execute arbitrary PHP code via a URL in the urlModulo parameter.

CVSS2: 7.5
EPSS: Средний
nvd логотип

CVE-2007-2540

почти 19 лет назад

Multiple PHP remote file inclusion vulnerabilities in PMECMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[pathMod] parameter to index.php in (1) mod/image/, (2) mod/liens/, (3) mod/liste/, (4) mod/special/, or (5) mod/texte/.

CVSS2: 7.5
EPSS: Средний
nvd логотип

CVE-2007-2539

почти 19 лет назад

The show_files function in RunCms 1.5.2 and earlier allows remote attackers to obtain sensitive information (file existence and file metadata) via unspecified vectors.

CVSS2: 7.8
EPSS: Низкий
nvd логотип

CVE-2007-2538

почти 19 лет назад

SQL injection vulnerability in class/debug/debug_show.php in RunCms 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the executed_queries array parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2537

почти 19 лет назад

Multiple SQL injection vulnerabilities in mainfile.php in NPDS 5.10 and earlier allow remote authenticated users to execute arbitrary SQL commands via a (1) nickname or (2) Id in a cookie, or (3) the X-Forwarded-For (X_FORWARDED_FOR) HTTP header.

CVSS2: 6.5
EPSS: Низкий
nvd логотип

CVE-2007-2536

почти 19 лет назад

PicoZip allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.

CVSS2: 7.8
EPSS: Низкий
nvd логотип

CVE-2007-2535

почти 19 лет назад

WinAce allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.

CVSS2: 7.8
EPSS: Низкий
nvd логотип

CVE-2007-2534

почти 19 лет назад

Multiple SQL injection vulnerabilities in admin.php in phpHoo3 allow remote attackers to execute arbitrary SQL commands via the (1) ADMIN_USER (USER) and (2) ADMIN_PASS (PASS) parameters during a login. NOTE: CVE disputes this vulnerability, since ADMIN_USER/ADMIN_PASS are initialized before use

CVSS3: 9.8
EPSS: Низкий
nvd логотип

CVE-2007-2533

почти 19 лет назад

Multiple buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2- Build 1174 allow remote attackers to execute arbitrary code via a crafted RPC message processed by the (1) the RPCFN_ActiveRollback function in (a) stcommon.dll, or the (2) ENG_SetRealTimeScanConfigInfo or (3) ENG_SendEmail functions in (b) eng50.dll.

CVSS2: 10
EPSS: Средний
nvd логотип

CVE-2007-2532

почти 19 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Minh Nguyen Duong Obie Website Mini Web Shop 2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) to (1) sendmail.php or (2) order_form.php, different vectors than CVE-2006-6734.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-2531

почти 19 лет назад

PHP remote file inclusion vulnerability in berylium-classes.php in Berylium2 2003-08-18 allows remote attackers to execute arbitrary PHP code via a URL in the beryliumroot parameter.

CVSS2: 7.5
EPSS: Средний
nvd логотип

CVE-2007-2530

почти 19 лет назад

Multiple PHP remote file inclusion vulnerabilities in Tropicalm Crowell Resource 4.5.2 allow remote attackers to execute arbitrary PHP code via a URL in the RESPATH parameter to (1) dosearch.php or (2) printfriendly.php.

CVSS2: 7.5
EPSS: Средний

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2007-2549

SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) c or (2) quantity parameter.

CVSS2: 7.5
1%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2548

Unspecified vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 has unknown impact and an l remote attack vector, related to "Cookie Manipulation."

CVSS2: 6.4
0%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2547

Cross-site scripting (XSS) vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 allows remote attackers to inject arbitrary web script or HTML via the l parameter.

CVSS2: 4.3
3%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2546

Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

CVSS2: 6.8
1%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2545

Multiple PHP remote file inclusion vulnerabilities in Persism CMS 0.9.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the system[path] parameter to (1) blocks/headerfile.php, (2) files/blocks/latest_files.php, (3) filters/headerfile.php, (4) forums/blocks/latest_posts.php, (5) groups/headerfile.php, (6) links/blocks/links.php, (7) menu/headerfile.php, (8) news/blocks/latest_news.php, (9) settings/headerfile.php, or (10) users/headerfile.php, in modules/.

CVSS2: 7.5
76%
Высокий
почти 19 лет назад
nvd логотип
CVE-2007-2544

PHP remote file inclusion vulnerability in templates/default/tpl_message.php in PHP TopTree BBS 2.0.1a and earlier allows remote attackers to execute arbitrary PHP code via a URL in the right_file parameter.

CVSS2: 7.5
16%
Средний
почти 19 лет назад
nvd логотип
CVE-2007-2543

SQL injection vulnerability in game.php in the Flashgames 1.0.1 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter.

CVSS2: 7.5
2%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2542

PHP remote file inclusion vulnerability in header.php in workbench survival guide 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.

CVSS2: 7.5
7%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2541

PHP remote file inclusion vulnerability in includes/ajax_listado.php in Versado CMS 1.07 allows remote attackers to execute arbitrary PHP code via a URL in the urlModulo parameter.

CVSS2: 7.5
16%
Средний
почти 19 лет назад
nvd логотип
CVE-2007-2540

Multiple PHP remote file inclusion vulnerabilities in PMECMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[pathMod] parameter to index.php in (1) mod/image/, (2) mod/liens/, (3) mod/liste/, (4) mod/special/, or (5) mod/texte/.

CVSS2: 7.5
10%
Средний
почти 19 лет назад
nvd логотип
CVE-2007-2539

The show_files function in RunCms 1.5.2 and earlier allows remote attackers to obtain sensitive information (file existence and file metadata) via unspecified vectors.

CVSS2: 7.8
7%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2538

SQL injection vulnerability in class/debug/debug_show.php in RunCms 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the executed_queries array parameter.

CVSS2: 7.5
3%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2537

Multiple SQL injection vulnerabilities in mainfile.php in NPDS 5.10 and earlier allow remote authenticated users to execute arbitrary SQL commands via a (1) nickname or (2) Id in a cookie, or (3) the X-Forwarded-For (X_FORWARDED_FOR) HTTP header.

CVSS2: 6.5
1%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2536

PicoZip allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.

CVSS2: 7.8
5%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2535

WinAce allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.

CVSS2: 7.8
1%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2534

Multiple SQL injection vulnerabilities in admin.php in phpHoo3 allow remote attackers to execute arbitrary SQL commands via the (1) ADMIN_USER (USER) and (2) ADMIN_PASS (PASS) parameters during a login. NOTE: CVE disputes this vulnerability, since ADMIN_USER/ADMIN_PASS are initialized before use

CVSS3: 9.8
1%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2533

Multiple buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2- Build 1174 allow remote attackers to execute arbitrary code via a crafted RPC message processed by the (1) the RPCFN_ActiveRollback function in (a) stcommon.dll, or the (2) ENG_SetRealTimeScanConfigInfo or (3) ENG_SendEmail functions in (b) eng50.dll.

CVSS2: 10
20%
Средний
почти 19 лет назад
nvd логотип
CVE-2007-2532

Multiple cross-site scripting (XSS) vulnerabilities in Minh Nguyen Duong Obie Website Mini Web Shop 2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) to (1) sendmail.php or (2) order_form.php, different vectors than CVE-2006-6734.

CVSS2: 4.3
10%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2531

PHP remote file inclusion vulnerability in berylium-classes.php in Berylium2 2003-08-18 allows remote attackers to execute arbitrary PHP code via a URL in the beryliumroot parameter.

CVSS2: 7.5
10%
Средний
почти 19 лет назад
nvd логотип
CVE-2007-2530

Multiple PHP remote file inclusion vulnerabilities in Tropicalm Crowell Resource 4.5.2 allow remote attackers to execute arbitrary PHP code via a URL in the RESPATH parameter to (1) dosearch.php or (2) printfriendly.php.

CVSS2: 7.5
10%
Средний
почти 19 лет назад

Уязвимостей на страницу