Логотип exploitDog
source:"nvd"
Консоль
Логотип exploitDog

exploitDog

source:"nvd"

Количество 331 703

Количество 331 703

nvd логотип

CVE-2007-2315

почти 19 лет назад

MiniShare 1.5.4, and possibly earlier, allows remote attackers to cause a denial of service (application crash) via a flood of requests for new connections.

CVSS2: 7.8
EPSS: Низкий
nvd логотип

CVE-2007-2314

почти 19 лет назад

Multiple SQL injection vulnerabilities in Crea-Book 1.0, and possibly earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) pseudo or (2) passe parameter to (a) configurer.php, (b) connect.php, (c) delete.php, (d) delete2.php, (e) index.php, (f) infos.php, (g) membres.php, (h) modif-infos.php, (i) modif-message.php, (j) modif.php, (k) uninstall.php, or (l) uninstall_table.php in admin/, different vectors than CVE-2007-2000. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2007-2313

почти 19 лет назад

PHP remote file inclusion vulnerability in getinfo1.php in the Shotcast 1.0 RC2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2312

почти 19 лет назад

Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 R15 module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the n parameter to extra/online.php and other unspecified scripts in extra/. NOTE: this might be same vulnerability as CVE-2006-4142; however, there is an intervening vendor fix announcement.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2311

почти 19 лет назад

PHP remote file inclusion vulnerability in install/index.php in BlooFoxCMS 0.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the content_php parameter. NOTE: this issue has been disputed by a reliable third party, stating that content_php is initialized before use

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2310

почти 19 лет назад

Cross-site scripting (XSS) vulnerability in plugins/spaw/img_popup.php in BloofoxCMS 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the img_url parameter.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-2309

почти 19 лет назад

Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 allows remote attackers to inject arbitrary web script or HTML via the den parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-2308

почти 19 лет назад

Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 allows remote attackers to inject arbitrary web script or HTML via the rok parameter.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-2307

почти 19 лет назад

PHP remote file inclusion vulnerability in engine/engine.inc.php in WebKalk2 1.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2306

почти 19 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the Virtual War (VWar) 1.5.0 R15 and earlier module for PHP-Nuke, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) memberlist parameter to extra/login.php and the (2) title parameter to extra/today.php.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-2305

почти 19 лет назад

Multiple SQL injection vulnerabilities in authenticate.php in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2304

почти 19 лет назад

Multiple directory traversal vulnerabilities in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to categories.php and other unspecified files.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2303

почти 19 лет назад

Directory traversal vulnerability in includes/footer.php in News Manager Deluxe (NMDeluxe) 1.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2007-2302

почти 19 лет назад

PHP remote file inclusion vulnerability in autoindex.php in Expow 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_file parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2301

почти 19 лет назад

Multiple PHP remote file inclusion vulnerabilities in audioCMS arash 0.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the arashlib_dir parameter to (1) edit.inc.php and (2) list_features.inc.php in arash_lib/include, and (3) arash_gadmin.class.php and (4) arash_sadmin.class.php in arash_lib/class/.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2300

почти 19 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto Surat kabar / News Management Online (aka phpwebnews) 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the m_txt parameter to (1) iklan.php, (2) index.php, or (3) bukutamu.php.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-2299

почти 19 лет назад

Multiple SQL injection vulnerabilities in Frogss CMS 0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) dzial parameter to (a) katalog.php, or the (2) t parameter to (b) forum.php or (c) forum/viewtopic.php, different vectors than CVE-2006-4536.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2298

почти 19 лет назад

Multiple PHP remote file inclusion vulnerabilities in Garennes 0.6.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertoire_config parameter to index.php in (1) cpe/, (2) direction/, or (3) professeurs/.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2297

почти 19 лет назад

The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash).

CVSS2: 7.8
EPSS: Низкий
nvd логотип

CVE-2007-2296

почти 19 лет назад

Integer overflow in the FlipFileTypeAtom_BtoN function in Apple Quicktime 7.1.5, and other versions before 7.2, allows remote attackers to execute arbitrary code via a crafted M4V (MP4) file.

CVSS2: 9.3
EPSS: Средний

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2007-2315

MiniShare 1.5.4, and possibly earlier, allows remote attackers to cause a denial of service (application crash) via a flood of requests for new connections.

CVSS2: 7.8
1%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2314

Multiple SQL injection vulnerabilities in Crea-Book 1.0, and possibly earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) pseudo or (2) passe parameter to (a) configurer.php, (b) connect.php, (c) delete.php, (d) delete2.php, (e) index.php, (f) infos.php, (g) membres.php, (h) modif-infos.php, (i) modif-message.php, (j) modif.php, (k) uninstall.php, or (l) uninstall_table.php in admin/, different vectors than CVE-2007-2000. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS2: 6.8
2%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2313

PHP remote file inclusion vulnerability in getinfo1.php in the Shotcast 1.0 RC2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.

CVSS2: 7.5
5%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2312

Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 R15 module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the n parameter to extra/online.php and other unspecified scripts in extra/. NOTE: this might be same vulnerability as CVE-2006-4142; however, there is an intervening vendor fix announcement.

CVSS2: 7.5
1%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2311

PHP remote file inclusion vulnerability in install/index.php in BlooFoxCMS 0.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the content_php parameter. NOTE: this issue has been disputed by a reliable third party, stating that content_php is initialized before use

CVSS2: 7.5
1%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2310

Cross-site scripting (XSS) vulnerability in plugins/spaw/img_popup.php in BloofoxCMS 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the img_url parameter.

CVSS2: 4.3
3%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2309

Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 allows remote attackers to inject arbitrary web script or HTML via the den parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS2: 4.3
0%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2308

Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 allows remote attackers to inject arbitrary web script or HTML via the rok parameter.

CVSS2: 4.3
3%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2307

PHP remote file inclusion vulnerability in engine/engine.inc.php in WebKalk2 1.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter.

CVSS2: 7.5
7%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2306

Multiple cross-site scripting (XSS) vulnerabilities in the Virtual War (VWar) 1.5.0 R15 and earlier module for PHP-Nuke, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) memberlist parameter to extra/login.php and the (2) title parameter to extra/today.php.

CVSS2: 4.3
0%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2305

Multiple SQL injection vulnerabilities in authenticate.php in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.

CVSS2: 7.5
1%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2304

Multiple directory traversal vulnerabilities in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to categories.php and other unspecified files.

CVSS2: 7.5
10%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2303

Directory traversal vulnerability in includes/footer.php in News Manager Deluxe (NMDeluxe) 1.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter.

CVSS2: 6.8
7%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2302

PHP remote file inclusion vulnerability in autoindex.php in Expow 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_file parameter.

CVSS2: 7.5
5%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2301

Multiple PHP remote file inclusion vulnerabilities in audioCMS arash 0.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the arashlib_dir parameter to (1) edit.inc.php and (2) list_features.inc.php in arash_lib/include, and (3) arash_gadmin.class.php and (4) arash_sadmin.class.php in arash_lib/class/.

CVSS2: 7.5
4%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2300

Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto Surat kabar / News Management Online (aka phpwebnews) 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the m_txt parameter to (1) iklan.php, (2) index.php, or (3) bukutamu.php.

CVSS2: 4.3
3%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2299

Multiple SQL injection vulnerabilities in Frogss CMS 0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) dzial parameter to (a) katalog.php, or the (2) t parameter to (b) forum.php or (c) forum/viewtopic.php, different vectors than CVE-2006-4536.

CVSS2: 7.5
1%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2298

Multiple PHP remote file inclusion vulnerabilities in Garennes 0.6.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertoire_config parameter to index.php in (1) cpe/, (2) direction/, or (3) professeurs/.

CVSS2: 7.5
5%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2297

The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash).

CVSS2: 7.8
2%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2296

Integer overflow in the FlipFileTypeAtom_BtoN function in Apple Quicktime 7.1.5, and other versions before 7.2, allows remote attackers to execute arbitrary code via a crafted M4V (MP4) file.

CVSS2: 9.3
29%
Средний
почти 19 лет назад

Уязвимостей на страницу