Логотип exploitDog
source:"nvd"
Консоль
Логотип exploitDog

exploitDog

source:"nvd"

Количество 331 614

Количество 331 614

nvd логотип

CVE-2007-2206

почти 19 лет назад

Cross-site scripting (XSS) vulnerability in contact/index.php in Ripe Website Manager 0.8.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a leading "<"<" in the ripeformpost parameter.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-2205

почти 19 лет назад

PHP remote file inclusion vulnerability in modules/rtmessageadd.php in LAN Management System (LMS) 1.5.3, and possibly 1.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2204

почти 19 лет назад

Multiple PHP remote file inclusion vulnerabilities in GPL PHP Board (GPB) unstable-2001.11.14-1 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) db.mysql.inc.php or (2) gpb.inc.php in include/, or the (3) theme parameter to themes/ubb/login.php.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2203

почти 19 лет назад

Cross-site scripting (XSS) vulnerability in Big Blue Guestbook allows remote attackers to inject arbitrary web script or HTML via the message field in the guestbook entry submission form.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-2202

почти 19 лет назад

PHP remote file inclusion vulnerability in inc_ACVS/SOAP/Transport.php in Accueil et Conseil en Visites et Sejours Web Services (ACVSWS) PHP5 (ACVSWS_PHP5) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the CheminInclude parameter.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2007-2201

почти 19 лет назад

Multiple PHP remote file inclusion vulnerabilities in Post Revolution 6.6 and 7.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to (1) common.php or (2) themes/default/preview_post_completo.php.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-2200

почти 19 лет назад

Directory traversal vulnerability in navigator/navigator_ok.php in Pagode 0.5.8 allows remote attackers to read and possibly delete arbitrary files via a .. (dot dot) in the asolute parameter.

CVSS2: 10
EPSS: Низкий
nvd логотип

CVE-2007-2199

почти 19 лет назад

PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka pcltar.php) in the PclTar module 1.3 and 1.3.1 for Vincent Blavet PhpConcept Library, as used in multiple products including (1) Joomla! 1.5.0 Beta, (2) N/X Web Content Management System (WCMS) 4.5, (3) CJG EXPLORER PRO 3.3, and (4) phpSiteBackup 0.1, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter.

CVSS2: 6.8
EPSS: Высокий
nvd логотип

CVE-2007-2198

почти 19 лет назад

Cross-site scripting (XSS) vulnerability in LAN Management System (LMS) before 1.6.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably involving the OD parameter to contrib/formularz_przelewu_wplaty/druk.php.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-2197

почти 19 лет назад

Race condition in the NeatUpload ASP.NET component 1.2.11 through 1.2.16, 1.1.18 through 1.1.23, and trunk.379 through trunk.445 allows remote attackers to obtain other clients' HTTP responses via multiple simultaneous requests, which triggers multiple calls to HttpWorkerRequest.FlushResponse for the same HttpWorkerRequest object and causes a buffer to be reused for a different request.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2007-2196

почти 19 лет назад

PHP remote file inclusion vulnerability in jambook.php in the Jambook (com_Jambook) 1.0 beta7 module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by a reliable third party because the jambook.php protects against direct request

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2007-2195

почти 19 лет назад

aMSN (aka Alvaro's Messenger) 0.96 and earlier allows remote attackers to cause a denial of service (application crash) by sending invalid data to TCP port 31337.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2007-2194

почти 19 лет назад

Stack-based buffer overflow in XnView 1.90.3 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information.

CVSS2: 10
EPSS: Средний
nvd логотип

CVE-2007-2193

почти 19 лет назад

Stack-based buffer overflow in the ID_X.apl plugin in ACDSee 9.0 Build 108, Pro 8.1 Build 99, and Photo Editor 4.0 Build 195 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information.

CVSS2: 9.3
EPSS: Высокий
nvd логотип

CVE-2007-2192

почти 19 лет назад

Buffer overflow in Photofiltre Studio 8.1.1 allows user-assisted remote attackers to execute arbitrary code via a crafted .tif file.

CVSS2: 9.3
EPSS: Средний
nvd логотип

CVE-2007-2191

почти 19 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2007-2190

почти 19 лет назад

PHP remote file inclusion vulnerability in admin/public/webpages.php in Eba News 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2007-2189

почти 19 лет назад

PHP remote file inclusion vulnerability in admin/admin_album_otf.php in the MX Smartor Full Album Pack (FAP) 2.0 RC1 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2007-2188

почти 19 лет назад

eXtremail 2.1.1 and earlier does not verify the ID field (aka transaction id) in DNS responses, which makes it easier for remote attackers to conduct DNS spoofing.

CVSS2: 10
EPSS: Низкий
nvd логотип

CVE-2007-2187

почти 19 лет назад

Stack-based buffer overflow in eXtremail 2.1.1 and earlier allows remote attackers to execute arbitrary code via a long DNS response. NOTE: this might be related to CVE-2006-6926.

CVSS2: 10
EPSS: Средний

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2007-2206

Cross-site scripting (XSS) vulnerability in contact/index.php in Ripe Website Manager 0.8.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a leading "<"<" in the ripeformpost parameter.

CVSS2: 4.3
1%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2205

PHP remote file inclusion vulnerability in modules/rtmessageadd.php in LAN Management System (LMS) 1.5.3, and possibly 1.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643.

CVSS2: 7.5
5%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2204

Multiple PHP remote file inclusion vulnerabilities in GPL PHP Board (GPB) unstable-2001.11.14-1 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) db.mysql.inc.php or (2) gpb.inc.php in include/, or the (3) theme parameter to themes/ubb/login.php.

CVSS2: 7.5
9%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2203

Cross-site scripting (XSS) vulnerability in Big Blue Guestbook allows remote attackers to inject arbitrary web script or HTML via the message field in the guestbook entry submission form.

CVSS2: 4.3
0%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2202

PHP remote file inclusion vulnerability in inc_ACVS/SOAP/Transport.php in Accueil et Conseil en Visites et Sejours Web Services (ACVSWS) PHP5 (ACVSWS_PHP5) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the CheminInclude parameter.

CVSS2: 6.8
6%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2201

Multiple PHP remote file inclusion vulnerabilities in Post Revolution 6.6 and 7.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to (1) common.php or (2) themes/default/preview_post_completo.php.

CVSS2: 7.5
9%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2200

Directory traversal vulnerability in navigator/navigator_ok.php in Pagode 0.5.8 allows remote attackers to read and possibly delete arbitrary files via a .. (dot dot) in the asolute parameter.

CVSS2: 10
8%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2199

PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka pcltar.php) in the PclTar module 1.3 and 1.3.1 for Vincent Blavet PhpConcept Library, as used in multiple products including (1) Joomla! 1.5.0 Beta, (2) N/X Web Content Management System (WCMS) 4.5, (3) CJG EXPLORER PRO 3.3, and (4) phpSiteBackup 0.1, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter.

CVSS2: 6.8
86%
Высокий
почти 19 лет назад
nvd логотип
CVE-2007-2198

Cross-site scripting (XSS) vulnerability in LAN Management System (LMS) before 1.6.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably involving the OD parameter to contrib/formularz_przelewu_wplaty/druk.php.

CVSS2: 4.3
1%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2197

Race condition in the NeatUpload ASP.NET component 1.2.11 through 1.2.16, 1.1.18 through 1.1.23, and trunk.379 through trunk.445 allows remote attackers to obtain other clients' HTTP responses via multiple simultaneous requests, which triggers multiple calls to HttpWorkerRequest.FlushResponse for the same HttpWorkerRequest object and causes a buffer to be reused for a different request.

CVSS2: 5
0%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2196

PHP remote file inclusion vulnerability in jambook.php in the Jambook (com_Jambook) 1.0 beta7 module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by a reliable third party because the jambook.php protects against direct request

CVSS2: 6.8
0%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2195

aMSN (aka Alvaro's Messenger) 0.96 and earlier allows remote attackers to cause a denial of service (application crash) by sending invalid data to TCP port 31337.

CVSS2: 5
4%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2194

Stack-based buffer overflow in XnView 1.90.3 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information.

CVSS2: 10
28%
Средний
почти 19 лет назад
nvd логотип
CVE-2007-2193

Stack-based buffer overflow in the ID_X.apl plugin in ACDSee 9.0 Build 108, Pro 8.1 Build 99, and Photo Editor 4.0 Build 195 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information.

CVSS2: 9.3
78%
Высокий
почти 19 лет назад
nvd логотип
CVE-2007-2192

Buffer overflow in Photofiltre Studio 8.1.1 allows user-assisted remote attackers to execute arbitrary code via a crafted .tif file.

CVSS2: 9.3
26%
Средний
почти 19 лет назад
nvd логотип
CVE-2007-2191

Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php.

CVSS2: 6.8
8%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2190

PHP remote file inclusion vulnerability in admin/public/webpages.php in Eba News 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter.

CVSS2: 6.8
1%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2189

PHP remote file inclusion vulnerability in admin/admin_album_otf.php in the MX Smartor Full Album Pack (FAP) 2.0 RC1 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

CVSS2: 6.8
4%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2188

eXtremail 2.1.1 and earlier does not verify the ID field (aka transaction id) in DNS responses, which makes it easier for remote attackers to conduct DNS spoofing.

CVSS2: 10
1%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-2187

Stack-based buffer overflow in eXtremail 2.1.1 and earlier allows remote attackers to execute arbitrary code via a long DNS response. NOTE: this might be related to CVE-2006-6926.

CVSS2: 10
23%
Средний
почти 19 лет назад

Уязвимостей на страницу