| Max CVSS | 10.0 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2007-2412 | 7.8 |
Directory traversal vulnerability in modules/file.php in Seir Anphin allows remote attackers to obtain sensitive information via a .. (dot dot) in the a[filepath] parameter. NOTE: a third party has disputed this issue because the a array is populate
|
07-08-2024 - 14:15 | 01-05-2007 - 10:19 | |
| CVE-2007-2422 | 7.5 |
Multiple PHP remote file inclusion vulnerabilities in Modules Builder (modbuild) 4.1 for Comdev One Admin allow remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter to (1) config-bak.php or (2) config.php. NOTE: CV
|
07-08-2024 - 14:15 | 02-05-2007 - 00:19 | |
| CVE-2007-2292 | 4.3 |
CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.
|
23-07-2021 - 15:05 | 26-04-2007 - 20:19 | |
| CVE-2007-2291 | 7.5 |
CRLF injection vulnerability in the Digest Authentication support for Microsoft Internet Explorer 7.0.5730.11 allows remote attackers to conduct HTTP response splitting attacks via a LF (%0a) in the username attribute.
|
23-07-2021 - 15:05 | 26-04-2007 - 20:19 | |
| CVE-2005-4332 | 9.4 |
Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service or upload files via direct requests to obsolete JSP files including (1) admin/uploadclient.jsp, (2) apply_
|
30-10-2018 - 16:26 | 17-12-2005 - 11:03 | |
| CVE-2006-3771 | 7.5 |
Multiple PHP remote file inclusion vulnerabilities in component.php in iManage CMS 4.0.12 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) articles.php, (2) contact.php, (3) displaypage.
|
17-10-2018 - 21:30 | 24-07-2006 - 12:19 | |
| CVE-2007-2352 | 10.0 |
Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls, possibly involving (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c)
|
16-10-2018 - 16:43 | 30-04-2007 - 22:19 | |
| CVE-2007-2416 | 7.5 |
SQL injection vulnerability in home.php in E-Annu allows remote attackers to execute arbitrary SQL commands via the a parameter.
|
16-10-2018 - 16:43 | 01-05-2007 - 10:19 | |
| CVE-2007-2201 | 7.5 |
Multiple PHP remote file inclusion vulnerabilities in Post Revolution 6.6 and 7.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to (1) common.php or (2) themes/default/preview_post_completo.php.
|
16-10-2018 - 16:42 | 24-04-2007 - 20:19 | |
| CVE-2007-2054 | 7.5 |
Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls in (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afc
|
16-10-2018 - 16:41 | 30-04-2007 - 22:19 | |
| CVE-2007-2055 | 7.5 |
AFFLIB 2.2.8 and earlier allows attackers to execute arbitrary commands via shell metacharacters involving (1) certain command line parameters in tools/afconvert.cpp and (2) arguments to the get_parameter function in aimage/ident.cpp. NOTE: it is un
|
16-10-2018 - 16:41 | 30-04-2007 - 22:19 | |
| CVE-2007-2053 | 10.0 |
Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or
|
16-10-2018 - 16:41 | 30-04-2007 - 22:19 | |
| CVE-2007-1020 | 6.8 |
Cross-site scripting (XSS) vulnerability in index.php in CedStat 1.31 allows remote attackers to inject arbitrary web script or HTML via the hier parameter.
|
16-10-2018 - 16:36 | 21-02-2007 - 11:28 | |
| CVE-2011-2214 | 10.0 |
Unspecified vulnerability in the Open Database Connectivity (ODBC) component in 7T Interactive Graphical SCADA System (IGSS) before 9.0.0.11143 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 20222, which triggers m
|
09-10-2018 - 19:32 | 31-05-2011 - 20:55 | |
| CVE-2008-3195 | 6.8 |
Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable, an
|
29-09-2017 - 01:31 | 18-09-2008 - 15:04 | |
| CVE-2007-2362 | 9.0 |
Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) cause a denial of service (daemon crash) and possibly execute arbitrary code via a certain update, which triggers a heap-based buffer overflow in update.c; and (2) cause a denial
|
29-07-2017 - 01:31 | 30-04-2007 - 22:19 | |
| CVE-2003-1376 | 4.6 |
WinZip 8.0 uses weak random number generation for password protected ZIP files, which allows local users to brute force the encryption keys and extract the data from the zip file by guessing the state of the stream coder.
|
29-07-2017 - 01:29 | 31-12-2003 - 05:00 | |
| CVE-2007-2350 | 6.5 |
admin/config.php in the music-on-hold module in freePBX 2.2.x allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the del parameter.
|
08-03-2011 - 02:54 | 30-04-2007 - 22:19 | |
| CVE-2008-4112 | 5.0 |
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-3195. Reason: This candidate is a duplicate of CVE-2008-3195. Notes: All CVE users should reference CVE-2008-3195 instead of this candidate. All references and descriptions in t
|
24-09-2008 - 05:41 | 16-09-2008 - 23:00 |