Количество 331 703
Количество 331 703
CVE-2007-2638
eFileCabinet 3.3 allows remote attackers to bypass authentication and access restricted portions of the interface via an invalid filecabinetnumber, which can be leveraged to obtain sensitive information or create new data structures.
CVE-2007-2637
MoinMoin before 20070507 does not properly enforce ACLs for calendars and includes, which allows remote attackers to read certain pages via unspecified vectors.
CVE-2007-2636
Unspecified vulnerability in phpTodo before 0.8.1 allows remote attackers to have an unknown impact via newlines in regular expressions to (1) index.php, (2) feed.php, (3) prefs.php, and (4) todolist.php; and (5) classTodoItem.php and (6) phpTodoUser.php in libs/. NOTE: some of these details are obtained from third party information.
CVE-2007-2635
Unspecified vulnerability in Interchange before 5.4.2 allows remote attackers to cause an unspecified denial of service (possibly server hang) via crafted HTTP requests.
CVE-2007-2634
PHP remote file inclusion vulnerability in common/errormsg.php in aForum 1.32 and possibly earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-2633
Directory traversal vulnerability in H-Sphere SiteStudio 1.6 allows remote attackers to read, or include and execute, arbitrary local files via a .. (dot dot) in the template parameter.
CVE-2007-2632
Multiple cross-site scripting (XSS) vulnerabilities in PHP Multi User Randomizer (phpMUR) 2006.09.13 allow remote attackers to inject arbitrary web script or HTML via (1) the edit_plugin parameter to configure_plugin.tpl.php, or (2) certain array parameters to web/phpinfo.php, as demonstrated by 1[] or a[].
CVE-2007-2631
Cross-site request forgery (CSRF) vulnerability in SquirrelMail 1.4.8-4.fc6 and earlier allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors. NOTE: this issue might overlap CVE-2007-2589 or CVE-2002-1648.
CVE-2007-2630
Incomplete blacklist vulnerability in filemanager/browser/default/connectors/php/config.php in the FCKeditor module, as used in ActiveCampaign 1-2-All (aka 12All) 4.50 through 4.53.13, and possibly other products, allows remote authenticated administrators to upload and possibly execute .php4 and .php5 files via unspecified vectors. NOTE: this issue is reachable through filemanager/browser/default/browser.html.
CVE-2007-2629
Bradford CampusManager Network Control Application Server 3.1(6) allows remote attackers to obtain sensitive information (backup, log, and configuration files) via direct request for certain files in (1) /runTime/ or (2) /remediationReports/.
CVE-2007-2628
PHP remote file inclusion vulnerability in include/logout.php in Justin Koivisto SecurityAdmin for PHP (aka PHPSecurityAdmin, PSA) 4.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the PSA_PATH parameter.
CVE-2007-2627
Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call get_sidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF), a different vulnerability than CVE-2007-1622.
CVE-2007-2626
SQL injection vulnerability in admin.php in SchoolBoard allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: CVE disputes this issue, because 'username' does not exist, and the password is not used in any queries
CVE-2007-2625
Cross-site scripting (XSS) vulnerability in shared/code/cp_authorization.php in All In One Control Panel (AIOCP) before 1.3.016 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: some of these details are obtained from third party information.
CVE-2007-2624
Dynamic variable evaluation vulnerability in shared/config/cp_config.php in All In One Control Panel (AIOCP) before 1.3.016 allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks via the SERVER superglobal array. NOTE: some of these details are obtained from third party information.
CVE-2007-2623
Multiple buffer overflows in RControl.dll in Remote Display Dev kit 1.2.1.0 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via (1) a long first argument to the connect function or (2) a long InternalServer property value, possibly involving ntdll.dll.
CVE-2007-2622
Multiple SQL injection vulnerabilities in TaskDriver 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to login.php or (2) the taskid parameter to notes.php.
CVE-2007-2621
SQL injection vulnerability in event_view.php in Thyme Calendar 1.3 allows remote attackers to execute arbitrary SQL commands via the eid parameter.
CVE-2007-2620
PHP remote file inclusion vulnerability in inc/config.inc.php in Jakub Steiner (aka jimmac) original 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the x[1] parameter.
CVE-2007-2619
Symantec pcAnywhere 11.5.x and 12.0.x retains unencrypted login credentials for the most recent login within process memory, which allows local administrators to obtain the credentials by reading process memory, a different vulnerability than CVE-2006-3785.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
CVE-2007-2638 eFileCabinet 3.3 allows remote attackers to bypass authentication and access restricted portions of the interface via an invalid filecabinetnumber, which can be leveraged to obtain sensitive information or create new data structures. | CVSS2: 10 | 2% Низкий | больше 18 лет назад | |
CVE-2007-2637 MoinMoin before 20070507 does not properly enforce ACLs for calendars and includes, which allows remote attackers to read certain pages via unspecified vectors. | CVSS2: 5 | 1% Низкий | больше 18 лет назад | |
CVE-2007-2636 Unspecified vulnerability in phpTodo before 0.8.1 allows remote attackers to have an unknown impact via newlines in regular expressions to (1) index.php, (2) feed.php, (3) prefs.php, and (4) todolist.php; and (5) classTodoItem.php and (6) phpTodoUser.php in libs/. NOTE: some of these details are obtained from third party information. | CVSS2: 6.8 | 1% Низкий | больше 18 лет назад | |
CVE-2007-2635 Unspecified vulnerability in Interchange before 5.4.2 allows remote attackers to cause an unspecified denial of service (possibly server hang) via crafted HTTP requests. | CVSS2: 7.8 | 2% Низкий | больше 18 лет назад | |
CVE-2007-2634 PHP remote file inclusion vulnerability in common/errormsg.php in aForum 1.32 and possibly earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | CVSS2: 6.8 | 2% Низкий | больше 18 лет назад | |
CVE-2007-2633 Directory traversal vulnerability in H-Sphere SiteStudio 1.6 allows remote attackers to read, or include and execute, arbitrary local files via a .. (dot dot) in the template parameter. | CVSS2: 10 | 1% Низкий | больше 18 лет назад | |
CVE-2007-2632 Multiple cross-site scripting (XSS) vulnerabilities in PHP Multi User Randomizer (phpMUR) 2006.09.13 allow remote attackers to inject arbitrary web script or HTML via (1) the edit_plugin parameter to configure_plugin.tpl.php, or (2) certain array parameters to web/phpinfo.php, as demonstrated by 1[] or a[]. | CVSS2: 6.8 | 9% Низкий | больше 18 лет назад | |
CVE-2007-2631 Cross-site request forgery (CSRF) vulnerability in SquirrelMail 1.4.8-4.fc6 and earlier allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors. NOTE: this issue might overlap CVE-2007-2589 or CVE-2002-1648. | CVSS2: 7.5 | 1% Низкий | больше 18 лет назад | |
CVE-2007-2630 Incomplete blacklist vulnerability in filemanager/browser/default/connectors/php/config.php in the FCKeditor module, as used in ActiveCampaign 1-2-All (aka 12All) 4.50 through 4.53.13, and possibly other products, allows remote authenticated administrators to upload and possibly execute .php4 and .php5 files via unspecified vectors. NOTE: this issue is reachable through filemanager/browser/default/browser.html. | CVSS2: 6.5 | 1% Низкий | больше 18 лет назад | |
CVE-2007-2629 Bradford CampusManager Network Control Application Server 3.1(6) allows remote attackers to obtain sensitive information (backup, log, and configuration files) via direct request for certain files in (1) /runTime/ or (2) /remediationReports/. | CVSS2: 7.8 | 1% Низкий | больше 18 лет назад | |
CVE-2007-2628 PHP remote file inclusion vulnerability in include/logout.php in Justin Koivisto SecurityAdmin for PHP (aka PHPSecurityAdmin, PSA) 4.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the PSA_PATH parameter. | CVSS2: 7.5 | 3% Низкий | больше 18 лет назад | |
CVE-2007-2627 Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call get_sidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF), a different vulnerability than CVE-2007-1622. | CVSS2: 6.8 | 1% Низкий | больше 18 лет назад | |
CVE-2007-2626 SQL injection vulnerability in admin.php in SchoolBoard allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: CVE disputes this issue, because 'username' does not exist, and the password is not used in any queries | CVSS2: 7.5 | 1% Низкий | больше 18 лет назад | |
CVE-2007-2625 Cross-site scripting (XSS) vulnerability in shared/code/cp_authorization.php in All In One Control Panel (AIOCP) before 1.3.016 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: some of these details are obtained from third party information. | CVSS2: 6.8 | 1% Низкий | больше 18 лет назад | |
CVE-2007-2624 Dynamic variable evaluation vulnerability in shared/config/cp_config.php in All In One Control Panel (AIOCP) before 1.3.016 allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks via the SERVER superglobal array. NOTE: some of these details are obtained from third party information. | CVSS2: 6.8 | 1% Низкий | больше 18 лет назад | |
CVE-2007-2623 Multiple buffer overflows in RControl.dll in Remote Display Dev kit 1.2.1.0 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via (1) a long first argument to the connect function or (2) a long InternalServer property value, possibly involving ntdll.dll. | CVSS2: 7.8 | 12% Средний | больше 18 лет назад | |
CVE-2007-2622 Multiple SQL injection vulnerabilities in TaskDriver 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to login.php or (2) the taskid parameter to notes.php. | CVSS2: 7.5 | 1% Низкий | больше 18 лет назад | |
CVE-2007-2621 SQL injection vulnerability in event_view.php in Thyme Calendar 1.3 allows remote attackers to execute arbitrary SQL commands via the eid parameter. | CVSS2: 7.5 | 1% Низкий | больше 18 лет назад | |
CVE-2007-2620 PHP remote file inclusion vulnerability in inc/config.inc.php in Jakub Steiner (aka jimmac) original 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the x[1] parameter. | CVSS2: 7.5 | 10% Средний | больше 18 лет назад | |
CVE-2007-2619 Symantec pcAnywhere 11.5.x and 12.0.x retains unencrypted login credentials for the most recent login within process memory, which allows local administrators to obtain the credentials by reading process memory, a different vulnerability than CVE-2006-3785. | CVSS2: 4.6 | 0% Низкий | больше 18 лет назад |
Уязвимостей на страницу