Количество 331 209
Количество 331 209
CVE-2007-1636
Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
CVE-2007-1635
Static code injection vulnerability in admin/settings.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote authenticated users to inject arbitrary PHP code via the xtop parameter in a "ConfigSave" op to admin.php, which can later be accessed via a "Configure" op to admin.php.
CVE-2007-1634
Variable extraction vulnerability in grab_globals.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to conduct SQL injection attacks via the _FILES[DB][tmp_name] parameter to print.php, which overwrites the $DB variable with dynamic variable evaluation.
CVE-2007-1633
Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
CVE-2007-1632
Unspecified vulnerability in TYPOlight webCMS before 2.2 Build 5 has unknown impact and attack vectors related to a "major security hole."
CVE-2007-1631
PHP remote file inclusion vulnerability in signup.php in CLBOX 1.01 allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: this issue has been disputed by a reliable third party, stating that header is defined through an include file before use
CVE-2007-1630
SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Link Engine allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2007-1629
SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Photo Gallery allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2007-1628
Multiple PHP remote file inclusion vulnerabilities in Study planner (Studiewijzer) 0.15 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the SPL_CFG[dirroot] parameter to (1) service.alert.inc.php or (2) settings.ses.php in inc/; (3) db/mysql/db.inc.php; (4) integration/shortstat/configuration.php; (5) ali.class.php or (6) cat.class.php in methodology/traditional/class/; (7) cat_browse.inc.php, (8) chr_browse.inc.php, (9) chr_display.inc.php, or (10) dash_browse.inc.php in methodology/traditional/ui/inc/; (11) spl.webservice.php or (12) konfabulator/gateway_admin.php in ws/; or other unspecified files.
CVE-2007-1627
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-4606. Reason: This candidate is a duplicate of CVE-2006-4606. Notes: All CVE users should reference CVE-2006-4606 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
CVE-2007-1626
PHP remote file inclusion vulnerability in iframe.php in the iFrame Module for PHP-NUKE allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
CVE-2007-1625
Cross-site scripting (XSS) vulnerability in save_entry.php in realGuestbook 5.01 allows remote attackers to inject arbitrary web script or HTML via the homepage parameter, as reachable through add_entry.php. NOTE: the original report stated that the vulnerability was in add_entry.php, which does not receive the input data.
CVE-2007-1624
Multiple SQL injection vulnerabilities in realGuestbook 5.01 allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) homepage, and (4) text parameters to save_entry.php, as reachable through add_entry.php; and possibly other unspecified parameters and files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1623
Multiple cross-site scripting (XSS) vulnerabilities in realGuestbook 5.01, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) bg_color_1, (2) fs_menu, (3) fc_menu, (4) ff_menu, (5) bg_color_2, (6) fs_normal, (7) fc_normal, and (8) ff_normal parameters to welcome_admin.php; and possibly unspecified other parameters and files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1622
Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF.
CVE-2007-1621
PHP remote file inclusion vulnerability in templates/head.php in Active PHP Bookmark Notes (APB) 0.2.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the APB_SETTINGS[template_path] parameter. NOTE: this issue might be related to CVE-2003-1254.
CVE-2007-1620
Multiple PHP remote file inclusion vulnerabilities in PHP DB Designer 1.02 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SESSION[SITE_PATH] parameter to (a) wind/help.php or (b) wind/about.php, or the (2) _SESSION[DRIVER] parameter to (c) db/session.php.
CVE-2007-1619
SQL injection vulnerability in viewcomments.php in ScriptMagix Photo Rating 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the phid parameter.
CVE-2007-1618
SQL injection vulnerability in index.php in ScriptMagix FAQ Builder 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2007-1617
SQL injection vulnerability in index.php in ScriptMagix Recipes 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
CVE-2007-1636 Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header. | CVSS2: 7.5 | 7% Низкий | почти 19 лет назад | |
CVE-2007-1635 Static code injection vulnerability in admin/settings.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote authenticated users to inject arbitrary PHP code via the xtop parameter in a "ConfigSave" op to admin.php, which can later be accessed via a "Configure" op to admin.php. | CVSS2: 9 | 3% Низкий | почти 19 лет назад | |
CVE-2007-1634 Variable extraction vulnerability in grab_globals.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to conduct SQL injection attacks via the _FILES[DB][tmp_name] parameter to print.php, which overwrites the $DB variable with dynamic variable evaluation. | CVSS2: 7.5 | 0% Низкий | почти 19 лет назад | |
CVE-2007-1633 Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php. | CVSS2: 7.5 | 6% Низкий | почти 19 лет назад | |
CVE-2007-1632 Unspecified vulnerability in TYPOlight webCMS before 2.2 Build 5 has unknown impact and attack vectors related to a "major security hole." | CVSS2: 7.5 | 0% Низкий | почти 19 лет назад | |
CVE-2007-1631 PHP remote file inclusion vulnerability in signup.php in CLBOX 1.01 allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: this issue has been disputed by a reliable third party, stating that header is defined through an include file before use | CVSS2: 10 | 2% Низкий | почти 19 лет назад | |
CVE-2007-1630 SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Link Engine allows remote attackers to execute arbitrary SQL commands via the catid parameter. | CVSS2: 7.5 | 1% Низкий | почти 19 лет назад | |
CVE-2007-1629 SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Photo Gallery allows remote attackers to execute arbitrary SQL commands via the catid parameter. | CVSS2: 7.5 | 0% Низкий | почти 19 лет назад | |
CVE-2007-1628 Multiple PHP remote file inclusion vulnerabilities in Study planner (Studiewijzer) 0.15 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the SPL_CFG[dirroot] parameter to (1) service.alert.inc.php or (2) settings.ses.php in inc/; (3) db/mysql/db.inc.php; (4) integration/shortstat/configuration.php; (5) ali.class.php or (6) cat.class.php in methodology/traditional/class/; (7) cat_browse.inc.php, (8) chr_browse.inc.php, (9) chr_display.inc.php, or (10) dash_browse.inc.php in methodology/traditional/ui/inc/; (11) spl.webservice.php or (12) konfabulator/gateway_admin.php in ws/; or other unspecified files. | CVSS2: 9.3 | 10% Средний | почти 19 лет назад | |
CVE-2007-1627 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-4606. Reason: This candidate is a duplicate of CVE-2006-4606. Notes: All CVE users should reference CVE-2006-4606 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | почти 19 лет назад | |||
CVE-2007-1626 PHP remote file inclusion vulnerability in iframe.php in the iFrame Module for PHP-NUKE allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | CVSS2: 9.3 | 4% Низкий | почти 19 лет назад | |
CVE-2007-1625 Cross-site scripting (XSS) vulnerability in save_entry.php in realGuestbook 5.01 allows remote attackers to inject arbitrary web script or HTML via the homepage parameter, as reachable through add_entry.php. NOTE: the original report stated that the vulnerability was in add_entry.php, which does not receive the input data. | CVSS2: 4.3 | 0% Низкий | почти 19 лет назад | |
CVE-2007-1624 Multiple SQL injection vulnerabilities in realGuestbook 5.01 allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) homepage, and (4) text parameters to save_entry.php, as reachable through add_entry.php; and possibly other unspecified parameters and files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | CVSS2: 7.5 | 0% Низкий | почти 19 лет назад | |
CVE-2007-1623 Multiple cross-site scripting (XSS) vulnerabilities in realGuestbook 5.01, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) bg_color_1, (2) fs_menu, (3) fc_menu, (4) ff_menu, (5) bg_color_2, (6) fs_normal, (7) fc_normal, and (8) ff_normal parameters to welcome_admin.php; and possibly unspecified other parameters and files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | CVSS2: 4.3 | 0% Низкий | почти 19 лет назад | |
CVE-2007-1622 Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF. | CVSS2: 4.3 | 3% Низкий | почти 19 лет назад | |
CVE-2007-1621 PHP remote file inclusion vulnerability in templates/head.php in Active PHP Bookmark Notes (APB) 0.2.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the APB_SETTINGS[template_path] parameter. NOTE: this issue might be related to CVE-2003-1254. | CVSS2: 10 | 4% Низкий | почти 19 лет назад | |
CVE-2007-1620 Multiple PHP remote file inclusion vulnerabilities in PHP DB Designer 1.02 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SESSION[SITE_PATH] parameter to (a) wind/help.php or (b) wind/about.php, or the (2) _SESSION[DRIVER] parameter to (c) db/session.php. | CVSS2: 10 | 5% Низкий | почти 19 лет назад | |
CVE-2007-1619 SQL injection vulnerability in viewcomments.php in ScriptMagix Photo Rating 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the phid parameter. | CVSS2: 7.5 | 1% Низкий | почти 19 лет назад | |
CVE-2007-1618 SQL injection vulnerability in index.php in ScriptMagix FAQ Builder 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | CVSS2: 7.5 | 1% Низкий | почти 19 лет назад | |
CVE-2007-1617 SQL injection vulnerability in index.php in ScriptMagix Recipes 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | CVSS2: 7.5 | 1% Низкий | почти 19 лет назад |
Уязвимостей на страницу