Логотип exploitDog
source:"nvd"
Консоль
Логотип exploitDog

exploitDog

source:"nvd"

Количество 331 703

Количество 331 703

nvd логотип

CVE-2007-1297

почти 19 лет назад

SQL injection vulnerability in view_profile.php in AJDating 1.0 allows remote attackers to execute arbitrary SQL commands via the user_id parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-1296

почти 19 лет назад

SQL injection vulnerability in postingdetails.php in AJ Classifieds 1.0 allows remote attackers to execute arbitrary SQL commands via the postingid parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-1295

почти 19 лет назад

SQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the td_id parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-1294

почти 19 лет назад

A certain ActiveX control in the DivXBrowserPlugin (npdivx32.dll) in DivX Web Player, as distributed with DivX Player 1.3.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via large values to DivxWP.Resize, related to resizing images.

CVSS2: 7.8
EPSS: Низкий
nvd логотип

CVE-2007-1293

почти 19 лет назад

SQL injection vulnerability in Rigter Portal System (RPS) 6.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the categoria parameter to the top-level URI (index.php), possibly related to ver_descarga.php.

CVSS2: 5.8
EPSS: Низкий
nvd логотип

CVE-2007-1292

почти 19 лет назад

SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances "almost impossible to achieve."

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-1291

почти 19 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Tyger Bug Tracking System (TygerBT) 1.1.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) Login.php and (2) Register.php.

CVSS2: 5.8
EPSS: Низкий
nvd логотип

CVE-2007-1290

почти 19 лет назад

SQL injection vulnerability in ViewReport.php in Tyger Bug Tracking System (TygerBT) 1.1.3 allows remote attackers to execute arbitrary SQL commands via the bug parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-1289

почти 19 лет назад

SQL injection vulnerability in ViewBugs.php in Tyger Bug Tracking System (TygerBT) 1.1.3 allows remote attackers to execute arbitrary SQL commands via the s parameter.

CVSS2: 6.4
EPSS: Низкий
nvd логотип

CVE-2007-1288

почти 19 лет назад

Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News 1.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) comment.php, (2) themes.php, (3) directory.php, and (4) sendmsg.php in admin/.

CVSS2: 10
EPSS: Низкий
nvd логотип

CVE-2007-1287

почти 19 лет назад

A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388.

CVSS2: 4.3
EPSS: Средний
nvd логотип

CVE-2007-1286

почти 19 лет назад

Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.

CVSS2: 6.8
EPSS: Высокий
nvd логотип

CVE-2007-1285

почти 19 лет назад

The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.

CVSS3: 7.5
EPSS: Низкий
nvd логотип

CVE-2007-1282

почти 19 лет назад

Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail message with an extremely long line.

CVSS2: 9.3
EPSS: Низкий
nvd логотип

CVE-2007-1281

почти 19 лет назад

Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux allows remote attackers to cause a denial of service (CPU consumption) via a crafted UPX compressed file with a negative offset, which triggers an infinite loop during decompression.

CVSS2: 7.8
EPSS: Низкий
nvd логотип

CVE-2007-1280

почти 19 лет назад

Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5, 6, and Server 6 allows remote attackers to inject arbitrary web script or HTML via a URL after a # (hash) in the URL path, as demonstrated using en/frameset-7.html, and possibly other unspecified vectors involving templates and (1) whstart.js and (2) whcsh_home.htm in WebHelp, (3) wf_startpage.js and (4) wf_startqs.htm in FlashHelp, or (5) WindowManager.dll in RoboHelp Server 6.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-1279

почти 19 лет назад

Unspecified vulnerability in the installer for Adobe Bridge 1.0.3 update for Apple OS X, when patching with desktop management tools, allows local users to gain privileges via unspecified vectors during installation of the update by a different user who has administrative privileges.

CVSS2: 7.2
EPSS: Низкий
nvd логотип

CVE-2007-1278

почти 19 лет назад

Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2007-1277

почти 19 лет назад

WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via (1) an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and (2) an untrusted passthru call in the iz parameter to wp-includes/theme.php.

CVSS2: 7.5
EPSS: Высокий
nvd логотип

CVE-2007-1276

почти 19 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename.

CVSS2: 4.3
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2007-1297

SQL injection vulnerability in view_profile.php in AJDating 1.0 allows remote attackers to execute arbitrary SQL commands via the user_id parameter.

CVSS2: 7.5
2%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-1296

SQL injection vulnerability in postingdetails.php in AJ Classifieds 1.0 allows remote attackers to execute arbitrary SQL commands via the postingid parameter.

CVSS2: 7.5
1%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-1295

SQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the td_id parameter.

CVSS2: 7.5
1%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-1294

A certain ActiveX control in the DivXBrowserPlugin (npdivx32.dll) in DivX Web Player, as distributed with DivX Player 1.3.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via large values to DivxWP.Resize, related to resizing images.

CVSS2: 7.8
6%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-1293

SQL injection vulnerability in Rigter Portal System (RPS) 6.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the categoria parameter to the top-level URI (index.php), possibly related to ver_descarga.php.

CVSS2: 5.8
2%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-1292

SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances "almost impossible to achieve."

CVSS2: 7.5
1%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-1291

Multiple cross-site scripting (XSS) vulnerabilities in Tyger Bug Tracking System (TygerBT) 1.1.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) Login.php and (2) Register.php.

CVSS2: 5.8
7%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-1290

SQL injection vulnerability in ViewReport.php in Tyger Bug Tracking System (TygerBT) 1.1.3 allows remote attackers to execute arbitrary SQL commands via the bug parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS2: 7.5
0%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-1289

SQL injection vulnerability in ViewBugs.php in Tyger Bug Tracking System (TygerBT) 1.1.3 allows remote attackers to execute arbitrary SQL commands via the s parameter.

CVSS2: 6.4
1%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-1288

Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News 1.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) comment.php, (2) themes.php, (3) directory.php, and (4) sendmsg.php in admin/.

CVSS2: 10
2%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-1287

A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388.

CVSS2: 4.3
23%
Средний
почти 19 лет назад
nvd логотип
CVE-2007-1286

Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.

CVSS2: 6.8
86%
Высокий
почти 19 лет назад
nvd логотип
CVE-2007-1285

The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.

CVSS3: 7.5
8%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-1282

Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail message with an extremely long line.

CVSS2: 9.3
3%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-1281

Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux allows remote attackers to cause a denial of service (CPU consumption) via a crafted UPX compressed file with a negative offset, which triggers an infinite loop during decompression.

CVSS2: 7.8
2%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-1280

Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5, 6, and Server 6 allows remote attackers to inject arbitrary web script or HTML via a URL after a # (hash) in the URL path, as demonstrated using en/frameset-7.html, and possibly other unspecified vectors involving templates and (1) whstart.js and (2) whcsh_home.htm in WebHelp, (3) wf_startpage.js and (4) wf_startqs.htm in FlashHelp, or (5) WindowManager.dll in RoboHelp Server 6.

CVSS2: 4.3
4%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-1279

Unspecified vulnerability in the installer for Adobe Bridge 1.0.3 update for Apple OS X, when patching with desktop management tools, allows local users to gain privileges via unspecified vectors during installation of the update by a different user who has administrative privileges.

CVSS2: 7.2
0%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-1278

Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root.

CVSS2: 4.3
5%
Низкий
почти 19 лет назад
nvd логотип
CVE-2007-1277

WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via (1) an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and (2) an untrusted passthru call in the iz parameter to wp-includes/theme.php.

CVSS2: 7.5
85%
Высокий
почти 19 лет назад
nvd логотип
CVE-2007-1276

Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename.

CVSS2: 4.3
0%
Низкий
почти 19 лет назад

Уязвимостей на страницу