Vulnerabilites related to santa_cruz_operation - sco_unix
Vulnerability from fkie_nvd
Published
2007-12-04 18:46
Modified
2024-11-21 00:39
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*", matchCriteriaId: "61A4F116-1FEE-450E-99AE-6AD9ACDDE570", vulnerable: false, }, { criteria: "cpe:2.3:o:hp:tru64:*:*:*:*:*:*:*:*", matchCriteriaId: "1FE64F3F-48F6-493F-A81E-2B106FF73AC1", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*", matchCriteriaId: "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "155AD4FB-E527-4103-BCEF-801B653DEA37", vulnerable: false, }, { criteria: "cpe:2.3:o:santa_cruz_operation:sco_unix:any_version:*:*:*:*:*:*:*", matchCriteriaId: "D7B2A213-26BC-4192-8695-D702BEF34E33", vulnerable: false, }, { criteria: "cpe:2.3:o:sgi:irix:any_version:*:*:*:*:*:*:*", matchCriteriaId: "258743E2-61D1-437C-A2B3-3CC6364DC9B2", vulnerable: false, }, { criteria: "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*", matchCriteriaId: "469B74F2-4B89-42B8-8638-731E92D463B9", vulnerable: false, }, { criteria: "cpe:2.3:o:windriver:bsdos:any_version:*:*:*:*:*:*:*", matchCriteriaId: "1EC68F59-F6BA-4818-ACE0-2F095F304D21", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:ftp:admin:0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "23F3C472-E4CD-403C-8626-BA100EA7268C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action.", }, { lang: "es", value: "Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en index.php en FTP Admin 0.1.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro error en una acción de página de error.", }, ], id: "CVE-2007-6232", lastModified: "2024-11-21T00:39:40.290", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2007-12-04T18:46:00.000", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/27875", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/38780", }, { source: "cve@mitre.org", url: "https://www.exploit-db.com/exploits/4681", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/27875", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/38780", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.exploit-db.com/exploits/4681", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-02-23 03:28
Modified
2024-11-21 00:24
Severity ?
Summary
SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | mac_os_x | 10.4.9 | |
| hp | hp-ux | * | |
| hp | tru64 | 5.1b_pk2_bl22 | |
| ibm | aix | * | |
| ibm | os2 | * | |
| linux | linux_kernel | * | |
| microsoft | windows_2000 | * | |
| microsoft | windows_2003_server | sp2 | |
| microsoft | windows_95 | * | |
| microsoft | windows_98 | * | |
| microsoft | windows_98se | * | |
| microsoft | windows_me | * | |
| microsoft | windows_nt | 4.0 | |
| microsoft | windows_xp | * | |
| santa_cruz_operation | sco_unix | * | |
| sun | solaris | * | |
| windriver | bsdos | * | |
| super_link_exchange_script | super_link_exchange_script | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*", matchCriteriaId: "786BB737-EA99-4EC6-B742-0C35BF2453F9", vulnerable: false, }, { criteria: "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*", matchCriteriaId: "61A4F116-1FEE-450E-99AE-6AD9ACDDE570", vulnerable: false, }, { criteria: "cpe:2.3:o:hp:tru64:5.1b_pk2_bl22:*:*:*:*:*:*:*", matchCriteriaId: "5F6E90A8-BF8E-46AD-A0E6-4266EE0AE70C", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*", matchCriteriaId: "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:os2:*:*:*:*:*:*:*:*", matchCriteriaId: "AD5511BD-2A41-4FF6-BD3F-9448F3F8AC90", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "155AD4FB-E527-4103-BCEF-801B653DEA37", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", matchCriteriaId: "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*", matchCriteriaId: "377F7D0C-6B44-4B90-BF90-DAF959880C6D", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_95:*:*:*:*:*:*:*:*", matchCriteriaId: "82F7322B-8022-4D0B-ADB3-D0F5B6F20309", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*", matchCriteriaId: "2D3B703C-79B2-4FA2-9E12-713AB977A880", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*", matchCriteriaId: "AA733AD2-D948-46A0-A063-D29081A56F1F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", matchCriteriaId: "799DA395-C7F8-477C-8BC7-5B4B88FB7503", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*", matchCriteriaId: "E53CDA8E-50A8-4509-B070-CCA5604FFB21", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*", matchCriteriaId: "580B0C9B-DD85-40FA-9D37-BAC0C96D57FC", vulnerable: false, }, { criteria: "cpe:2.3:o:santa_cruz_operation:sco_unix:*:*:*:*:*:*:*:*", matchCriteriaId: "ECCBDA43-9C75-4B36-8C90-EF26B8CD777D", vulnerable: false, }, { criteria: "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*", matchCriteriaId: "469B74F2-4B89-42B8-8638-731E92D463B9", vulnerable: false, }, { criteria: "cpe:2.3:o:windriver:bsdos:*:*:*:*:*:*:*:*", matchCriteriaId: "60ACA374-1434-4C02-8327-17BC9C000B65", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:super_link_exchange_script:super_link_exchange_script:1.0:*:*:*:*:*:*:*", matchCriteriaId: "72865C64-C70A-4CBC-83B7-629DE0DD3532", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter.", }, { lang: "es", value: "Vulnerabilidad de inyección SQL en directory.php en Super Link Exchange Script 1.0 podría permitir a atacantes remotos ejecutar consultas SQL de su elección a través del parámetro cat.", }, ], id: "CVE-2006-7034", lastModified: "2024-11-21T00:24:13.820", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-02-23T03:28:00.000", references: [ { source: "cve@mitre.org", url: "http://securityreason.com/securityalert/2285", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/435166/30/4680/threaded", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/26720", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/2285", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/435166/30/4680/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/26720", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-05-16 22:30
Modified
2024-11-21 00:29
Severity ?
Summary
formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | mac_os_x | * | |
| hp | hp-ux | * | |
| hp | tru64 | * | |
| linux | linux_kernel | * | |
| microsoft | windows_2000 | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_95 | * | |
| microsoft | windows_98 | * | |
| microsoft | windows_98se | * | |
| microsoft | windows_me | * | |
| microsoft | windows_nt | 4.0 | |
| microsoft | windows_xp | * | |
| santa_cruz_operation | sco_unix | * | |
| sun | solaris | * | |
| windriver | bsdos | * | |
| jetbox | jetbox_cms | 2.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574", vulnerable: false, }, { criteria: "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*", matchCriteriaId: "61A4F116-1FEE-450E-99AE-6AD9ACDDE570", vulnerable: false, }, { criteria: "cpe:2.3:o:hp:tru64:*:*:*:*:*:*:*:*", matchCriteriaId: "1FE64F3F-48F6-493F-A81E-2B106FF73AC1", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "155AD4FB-E527-4103-BCEF-801B653DEA37", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", matchCriteriaId: "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*", matchCriteriaId: "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_95:*:*:*:*:*:*:*:*", matchCriteriaId: "82F7322B-8022-4D0B-ADB3-D0F5B6F20309", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*", matchCriteriaId: "2D3B703C-79B2-4FA2-9E12-713AB977A880", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*", matchCriteriaId: "AA733AD2-D948-46A0-A063-D29081A56F1F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", matchCriteriaId: "799DA395-C7F8-477C-8BC7-5B4B88FB7503", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*", matchCriteriaId: "E53CDA8E-50A8-4509-B070-CCA5604FFB21", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*", matchCriteriaId: "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD", vulnerable: false, }, { criteria: "cpe:2.3:o:santa_cruz_operation:sco_unix:*:*:*:*:*:*:*:*", matchCriteriaId: "ECCBDA43-9C75-4B36-8C90-EF26B8CD777D", vulnerable: false, }, { criteria: "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*", matchCriteriaId: "469B74F2-4B89-42B8-8638-731E92D463B9", vulnerable: false, }, { criteria: "cpe:2.3:o:windriver:bsdos:*:*:*:*:*:*:*:*", matchCriteriaId: "60ACA374-1434-4C02-8327-17BC9C000B65", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:jetbox:jetbox_cms:2.1:*:*:*:*:*:*:*", matchCriteriaId: "0916DF3D-71ED-423F-A2F4-842EE706ADDC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.", }, { lang: "es", value: "formmail.php en Jetbox CMS 2.1 permite a atacantes remotos envíar e-mails de su elección a través de recipientes modificados, a través de los parámetros _SETTINGS[allowed_email_hosts][], y subject.", }, ], id: "CVE-2007-1898", lastModified: "2024-11-21T00:29:25.010", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-05-16T22:30:00.000", references: [ { source: "cve@mitre.org", url: "http://securityreason.com/securityalert/2710", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.netvigilance.com/advisory0026", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.osvdb.org/34088", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/468644/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/23989", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.securitytracker.com/id?1018063", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2007/1831", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34292", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/2710", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.netvigilance.com/advisory0026", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.osvdb.org/34088", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/468644/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/23989", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.securitytracker.com/id?1018063", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2007/1831", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34292", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-02-21 17:28
Modified
2024-11-21 00:27
Severity ?
Summary
Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | mac_os_x | 10.4.9 | |
| hp | hp-ux | * | |
| hp | tru64 | 5.1b_pk2_bl22 | |
| ibm | aix | * | |
| ibm | os2 | * | |
| linux | linux_kernel | * | |
| microsoft | windows_2000 | * | |
| microsoft | windows_2003_server | sp2 | |
| microsoft | windows_95 | * | |
| microsoft | windows_98 | * | |
| microsoft | windows_98se | * | |
| microsoft | windows_me | * | |
| microsoft | windows_nt | 4.0 | |
| microsoft | windows_xp | * | |
| santa_cruz_operation | sco_unix | * | |
| sun | solaris | * | |
| windriver | bsdos | * | |
| ezboo | webstats | 3.0.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*", matchCriteriaId: "786BB737-EA99-4EC6-B742-0C35BF2453F9", vulnerable: false, }, { criteria: "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*", matchCriteriaId: "61A4F116-1FEE-450E-99AE-6AD9ACDDE570", vulnerable: false, }, { criteria: "cpe:2.3:o:hp:tru64:5.1b_pk2_bl22:*:*:*:*:*:*:*", matchCriteriaId: "5F6E90A8-BF8E-46AD-A0E6-4266EE0AE70C", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*", matchCriteriaId: "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:os2:*:*:*:*:*:*:*:*", matchCriteriaId: "AD5511BD-2A41-4FF6-BD3F-9448F3F8AC90", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "155AD4FB-E527-4103-BCEF-801B653DEA37", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", matchCriteriaId: "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*", matchCriteriaId: "377F7D0C-6B44-4B90-BF90-DAF959880C6D", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_95:*:*:*:*:*:*:*:*", matchCriteriaId: "82F7322B-8022-4D0B-ADB3-D0F5B6F20309", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*", matchCriteriaId: "2D3B703C-79B2-4FA2-9E12-713AB977A880", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*", matchCriteriaId: "AA733AD2-D948-46A0-A063-D29081A56F1F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", matchCriteriaId: "799DA395-C7F8-477C-8BC7-5B4B88FB7503", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*", matchCriteriaId: "E53CDA8E-50A8-4509-B070-CCA5604FFB21", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*", matchCriteriaId: "580B0C9B-DD85-40FA-9D37-BAC0C96D57FC", vulnerable: false, }, { criteria: "cpe:2.3:o:santa_cruz_operation:sco_unix:*:*:*:*:*:*:*:*", matchCriteriaId: "ECCBDA43-9C75-4B36-8C90-EF26B8CD777D", vulnerable: false, }, { criteria: "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*", matchCriteriaId: "469B74F2-4B89-42B8-8638-731E92D463B9", vulnerable: false, }, { criteria: "cpe:2.3:o:windriver:bsdos:*:*:*:*:*:*:*:*", matchCriteriaId: "60ACA374-1434-4C02-8327-17BC9C000B65", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:ezboo:webstats:3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "E4F3346B-0AB1-4200-BF60-29392FB1EEB7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.", }, { lang: "es", value: "Ezboo webstats, posiblemente la 3.0.3, permite a atacantes remotos evitar la autenticación y obtener una vía de acceso mediante una petición directa al (1) update.php y (2) config.php.", }, ], id: "CVE-2007-1043", lastModified: "2024-11-21T00:27:22.077", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-02-21T17:28:00.000", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "http://forums.avenir-geopolitique.net/viewtopic.php?t=2674", }, { source: "cve@mitre.org", url: "http://osvdb.org/34181", }, { source: "cve@mitre.org", url: "http://securityreason.com/securityalert/2275", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/460325/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/22590", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/32563", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "http://forums.avenir-geopolitique.net/viewtopic.php?t=2674", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/34181", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/2275", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/460325/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/22590", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/32563", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-04-24 17:19
Modified
2024-11-21 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:bsd:bsd:*:*:*:*:*:*:*:*", matchCriteriaId: "B44D379F-F380-42EC-9C9A-A4C8314A4BDF", vulnerable: false, }, { criteria: "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*", matchCriteriaId: "61A4F116-1FEE-450E-99AE-6AD9ACDDE570", vulnerable: false, }, { criteria: "cpe:2.3:o:hp:tru64:*:*:*:*:*:*:*:*", matchCriteriaId: "1FE64F3F-48F6-493F-A81E-2B106FF73AC1", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*", matchCriteriaId: "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "155AD4FB-E527-4103-BCEF-801B653DEA37", vulnerable: false, }, { criteria: "cpe:2.3:o:santa_cruz_operation:sco_unix:*:*:*:*:*:*:*:*", matchCriteriaId: "ECCBDA43-9C75-4B36-8C90-EF26B8CD777D", vulnerable: false, }, { criteria: "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*", matchCriteriaId: "469B74F2-4B89-42B8-8638-731E92D463B9", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:freepbx:freepbx:2.2.1:*:*:*:*:*:*:*", matchCriteriaId: "A896A046-4843-46B6-A8BA-1E8207AC2915", vulnerable: true, }, { criteria: "cpe:2.3:a:freepbx:freepbx:2.2_rc1:*:*:*:*:*:*:*", matchCriteriaId: "D2B7FDB0-1CB9-49B6-B260-3BE25D7973EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php.", }, { lang: "es", value: "Múltiples vulnerabilidades de secuencia de comandos en sitios cruzados (XSS) en freePBX 2.2.x permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de los campos (1) From, (2) To, (3) Call-ID, (4) User-Agent, y otros no especificados del protocolo SIP, lo cuales son almacenados en /var/log/asterisk/full y mostrados por admin/modules/logfiles/asterisk-full-log.php.", }, ], id: "CVE-2007-2191", lastModified: "2024-11-21T00:30:08.957", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-04-24T17:19:00.000", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053882.html", }, { source: "cve@mitre.org", url: "http://osvdb.org/35315", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/24935", }, { source: "cve@mitre.org", url: "http://securityreason.com/securityalert/2627", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/23575", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2007/1535", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/33772", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053882.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/35315", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/24935", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/2627", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/23575", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2007/1535", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/33772", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-05-17 19:30
Modified
2024-11-21 00:31
Severity ?
Summary
PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | a_ux | * | |
| apple | mac_os_x | * | |
| hp | hp-ux | * | |
| hp | tru64 | * | |
| ibm | os2 | * | |
| linux | linux_kernel | * | |
| microsoft | windows_2000 | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_95 | * | |
| microsoft | windows_98 | * | |
| microsoft | windows_98se | * | |
| microsoft | windows_me | * | |
| microsoft | windows_nt | 4.0 | |
| microsoft | windows_xp | * | |
| santa_cruz_operation | sco_unix | * | |
| sun | solaris | * | |
| windriver | bsdos | * | |
| achievo | achievo | 1.1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:a_ux:*:*:*:*:*:*:*:*", matchCriteriaId: "B9E99BBE-C53B-4C23-95AB-61239020E252", vulnerable: false, }, { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574", vulnerable: false, }, { criteria: "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*", matchCriteriaId: "61A4F116-1FEE-450E-99AE-6AD9ACDDE570", vulnerable: false, }, { criteria: "cpe:2.3:o:hp:tru64:*:*:*:*:*:*:*:*", matchCriteriaId: "1FE64F3F-48F6-493F-A81E-2B106FF73AC1", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:os2:*:*:*:*:*:*:*:*", matchCriteriaId: "AD5511BD-2A41-4FF6-BD3F-9448F3F8AC90", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "155AD4FB-E527-4103-BCEF-801B653DEA37", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", matchCriteriaId: "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*", matchCriteriaId: "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_95:*:*:*:*:*:*:*:*", matchCriteriaId: "82F7322B-8022-4D0B-ADB3-D0F5B6F20309", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*", matchCriteriaId: "2D3B703C-79B2-4FA2-9E12-713AB977A880", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*", matchCriteriaId: "AA733AD2-D948-46A0-A063-D29081A56F1F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", matchCriteriaId: "799DA395-C7F8-477C-8BC7-5B4B88FB7503", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*", matchCriteriaId: "E53CDA8E-50A8-4509-B070-CCA5604FFB21", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*", matchCriteriaId: "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD", vulnerable: false, }, { criteria: "cpe:2.3:o:santa_cruz_operation:sco_unix:*:*:*:*:*:*:*:*", matchCriteriaId: "ECCBDA43-9C75-4B36-8C90-EF26B8CD777D", vulnerable: false, }, { criteria: "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*", matchCriteriaId: "469B74F2-4B89-42B8-8638-731E92D463B9", vulnerable: false, }, { criteria: "cpe:2.3:o:windriver:bsdos:*:*:*:*:*:*:*:*", matchCriteriaId: "60ACA374-1434-4C02-8327-17BC9C000B65", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:achievo:achievo:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A5D5AEF1-38CE-4B89-A15A-89D9BF3BEA55", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.", }, { lang: "es", value: "Vulnerabilidad de inclusión remota de archivo en PHP en index.php de Achievo 1.1.0 permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro config_atkroot.", }, ], id: "CVE-2007-2736", lastModified: "2024-11-21T00:31:31.847", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-05-17T19:30:00.000", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/37919", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/23992", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34305", }, { source: "cve@mitre.org", url: "https://www.exploit-db.com/exploits/3928", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/37919", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/23992", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34305", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.exploit-db.com/exploits/3928", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-09-18 19:17
Modified
2024-11-21 00:36
Severity ?
Summary
Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | mac_os_x | * | |
| hp | hp-ux | * | |
| hp | tru64 | * | |
| ibm | aix | * | |
| ibm | os2 | * | |
| linux | linux_kernel | * | |
| mandrakesoft | mandrake_linux | 2007 | |
| mandrakesoft | mandrake_linux | 2007 | |
| mandrakesoft | mandrake_linux | 2007.1 | |
| mandrakesoft | mandrake_linux | 2007.1 | |
| microsoft | windows_2000 | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_98 | * | |
| microsoft | windows_me | * | |
| microsoft | windows_nt | 4.0 | |
| microsoft | windows_xp | * | |
| santa_cruz_operation | sco_unix | * | |
| sun | solaris | * | |
| windriver | bsdos | * | |
| mplayer | mplayer | 1.0_rc1 | |
| sgi | irix | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574", vulnerable: false, }, { criteria: "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*", matchCriteriaId: "61A4F116-1FEE-450E-99AE-6AD9ACDDE570", vulnerable: false, }, { criteria: "cpe:2.3:o:hp:tru64:*:*:*:*:*:*:*:*", matchCriteriaId: "1FE64F3F-48F6-493F-A81E-2B106FF73AC1", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*", matchCriteriaId: "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79", vulnerable: false, }, { criteria: "cpe:2.3:o:ibm:os2:*:*:*:*:*:*:*:*", matchCriteriaId: "AD5511BD-2A41-4FF6-BD3F-9448F3F8AC90", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "155AD4FB-E527-4103-BCEF-801B653DEA37", vulnerable: false, }, { criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*", matchCriteriaId: "02362C25-B373-4FB1-AF4A-2AFC7F7D4387", vulnerable: false, }, { criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:*", matchCriteriaId: "19AD5F8D-6EB9-4E4B-9E82-FFBAB68797E9", vulnerable: false, }, { criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*", matchCriteriaId: "19D64247-F0A0-4984-84EA-B63FC901F002", vulnerable: false, }, { criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:x86_64:*:*:*:*:*", matchCriteriaId: "316AA6EB-7191-479E-99D5-40DA79E340E7", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", matchCriteriaId: "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*", matchCriteriaId: "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_98:*:*:*:*:*:*:*:*", matchCriteriaId: "AD1B68C0-2676-4F21-8EF0-1749103CB8C2", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", matchCriteriaId: "799DA395-C7F8-477C-8BC7-5B4B88FB7503", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*", matchCriteriaId: "E53CDA8E-50A8-4509-B070-CCA5604FFB21", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*", matchCriteriaId: "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD", vulnerable: false, }, { criteria: "cpe:2.3:o:santa_cruz_operation:sco_unix:*:*:*:*:*:*:*:*", matchCriteriaId: "ECCBDA43-9C75-4B36-8C90-EF26B8CD777D", vulnerable: false, }, { criteria: "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*", matchCriteriaId: "469B74F2-4B89-42B8-8638-731E92D463B9", vulnerable: false, }, { criteria: "cpe:2.3:o:windriver:bsdos:*:*:*:*:*:*:*:*", matchCriteriaId: "60ACA374-1434-4C02-8327-17BC9C000B65", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:mplayer:mplayer:1.0_rc1:*:*:*:*:*:*:*", matchCriteriaId: "83E84D8D-93DA-47C1-9282-E127CD1862E5", vulnerable: true, }, { criteria: "cpe:2.3:o:sgi:irix:*:*:*:*:*:*:*:*", matchCriteriaId: "056B3397-81A9-4128-9F49-ECEBE1743EE8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large \"indx truck size\" and nEntriesInuse values, and a certain wLongsPerEntry value.", }, { lang: "es", value: "Desbordamiento de búfer basado en pila en libmpdemux/aviheader.c en MPlayer 1.0rc1 y anteriores permite a atacantes remotos provocar denegación de servicio (caida de aplicación) o posiblemente ejecutar código de su elección a través de un archivo .avi con cierto \"tamaño indx tratado\" y valores nEntriesInuse, y un cierto valor wLongsPerEntry.", }, ], id: "CVE-2007-4938", lastModified: "2024-11-21T00:36:46.050", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.6, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:H/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2007-09-18T19:17:00.000", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/45940", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/27016", }, { source: "cve@mitre.org", url: "http://securityreason.com/securityalert/3144", }, { source: "cve@mitre.org", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:192", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/479222/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/25648", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36581", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/45940", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/27016", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/3144", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:192", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/479222/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/25648", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36581", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2007-2736
Vulnerability from cvelistv5
Published
2007-05-17 19:00
Modified
2024-08-07 13:49
Severity ?
EPSS score ?
Summary
PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/3928 | exploit, x_refsource_EXPLOIT-DB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34305 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/37919 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/23992 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T13:49:57.405Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "3928", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/3928", }, { name: "achievo-index-file-include(34305)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34305", }, { name: "37919", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/37919", }, { name: "23992", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/23992", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-05-15T00:00:00", descriptions: [ { lang: "en", value: "PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "3928", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/3928", }, { name: "achievo-index-file-include(34305)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34305", }, { name: "37919", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/37919", }, { name: "23992", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/23992", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-2736", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "3928", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/3928", }, { name: "achievo-index-file-include(34305)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34305", }, { name: "37919", refsource: "OSVDB", url: "http://osvdb.org/37919", }, { name: "23992", refsource: "BID", url: "http://www.securityfocus.com/bid/23992", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-2736", datePublished: "2007-05-17T19:00:00", dateReserved: "2007-05-17T00:00:00", dateUpdated: "2024-08-07T13:49:57.405Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-6232
Vulnerability from cvelistv5
Published
2007-12-04 18:00
Modified
2024-08-07 16:02
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/38780 | vdb-entry, x_refsource_XF | |
| https://www.exploit-db.com/exploits/4681 | exploit, x_refsource_EXPLOIT-DB | |
| http://secunia.com/advisories/27875 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T16:02:34.855Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ftp-admin-index-xss(38780)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/38780", }, { name: "4681", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/4681", }, { name: "27875", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27875", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-11-29T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "ftp-admin-index-xss(38780)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/38780", }, { name: "4681", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/4681", }, { name: "27875", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27875", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-6232", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ftp-admin-index-xss(38780)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/38780", }, { name: "4681", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/4681", }, { name: "27875", refsource: "SECUNIA", url: "http://secunia.com/advisories/27875", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-6232", datePublished: "2007-12-04T18:00:00", dateReserved: "2007-12-04T00:00:00", dateUpdated: "2024-08-07T16:02:34.855Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2006-7034
Vulnerability from cvelistv5
Published
2007-02-23 01:00
Modified
2024-08-07 20:50
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/435166/30/4680/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/2285 | third-party-advisory, x_refsource_SREASON | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26720 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T20:50:05.966Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20060525 Super Link Exchange Script v1.0", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/435166/30/4680/threaded", }, { name: "2285", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/2285", }, { name: "superlinkexchange-directory-sql-injection(26720)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/26720", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2006-05-25T00:00:00", descriptions: [ { lang: "en", value: "SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20060525 Super Link Exchange Script v1.0", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/435166/30/4680/threaded", }, { name: "2285", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/2285", }, { name: "superlinkexchange-directory-sql-injection(26720)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/26720", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2006-7034", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20060525 Super Link Exchange Script v1.0", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/435166/30/4680/threaded", }, { name: "2285", refsource: "SREASON", url: "http://securityreason.com/securityalert/2285", }, { name: "superlinkexchange-directory-sql-injection(26720)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/26720", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2006-7034", datePublished: "2007-02-23T01:00:00", dateReserved: "2007-02-22T00:00:00", dateUpdated: "2024-08-07T20:50:05.966Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-2191
Vulnerability from cvelistv5
Published
2007-04-24 17:00
Modified
2024-08-07 13:23
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/33772 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/23575 | vdb-entry, x_refsource_BID | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053882.html | mailing-list, x_refsource_FULLDISC | |
| http://securityreason.com/securityalert/2627 | third-party-advisory, x_refsource_SREASON | |
| http://osvdb.org/35315 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/24935 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2007/1535 | vdb-entry, x_refsource_VUPEN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T13:23:51.024Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "freepbx-sip-xss(33772)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/33772", }, { name: "23575", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/23575", }, { name: "20070419 XSS in freePBX 2.2.x portal's Asterisk Log tool", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053882.html", }, { name: "2627", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/2627", }, { name: "35315", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/35315", }, { name: "24935", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/24935", }, { name: "ADV-2007-1535", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/1535", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-04-19T00:00:00", descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "freepbx-sip-xss(33772)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/33772", }, { name: "23575", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/23575", }, { name: "20070419 XSS in freePBX 2.2.x portal's Asterisk Log tool", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053882.html", }, { name: "2627", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/2627", }, { name: "35315", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/35315", }, { name: "24935", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/24935", }, { name: "ADV-2007-1535", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/1535", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-2191", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "freepbx-sip-xss(33772)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/33772", }, { name: "23575", refsource: "BID", url: "http://www.securityfocus.com/bid/23575", }, { name: "20070419 XSS in freePBX 2.2.x portal's Asterisk Log tool", refsource: "FULLDISC", url: "http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053882.html", }, { name: "2627", refsource: "SREASON", url: "http://securityreason.com/securityalert/2627", }, { name: "35315", refsource: "OSVDB", url: "http://osvdb.org/35315", }, { name: "24935", refsource: "SECUNIA", url: "http://secunia.com/advisories/24935", }, { name: "ADV-2007-1535", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/1535", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-2191", datePublished: "2007-04-24T17:00:00", dateReserved: "2007-04-24T00:00:00", dateUpdated: "2024-08-07T13:23:51.024Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-4938
Vulnerability from cvelistv5
Published
2007-09-18 19:00
Modified
2024-08-07 15:17
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/25648 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/3144 | third-party-advisory, x_refsource_SREASON | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36581 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/479222/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/27016 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/45940 | vdb-entry, x_refsource_OSVDB | |
| http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt | x_refsource_MISC | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2007:192 | vendor-advisory, x_refsource_MANDRIVA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T15:17:27.081Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "25648", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/25648", }, { name: "3144", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/3144", }, { name: "mplayer-avi-file-bo(36581)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36581", }, { name: "20070912 CAL-20070912-1 Multiple vendor produce handling AVI file vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/479222/100/0/threaded", }, { name: "27016", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27016", }, { name: "45940", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/45940", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt", }, { name: "MDKSA-2007:192", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:192", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-09-13T00:00:00", descriptions: [ { lang: "en", value: "Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large \"indx truck size\" and nEntriesInuse values, and a certain wLongsPerEntry value.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-15T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "25648", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/25648", }, { name: "3144", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/3144", }, { name: "mplayer-avi-file-bo(36581)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36581", }, { name: "20070912 CAL-20070912-1 Multiple vendor produce handling AVI file vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/479222/100/0/threaded", }, { name: "27016", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27016", }, { name: "45940", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/45940", }, { tags: [ "x_refsource_MISC", ], url: "http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt", }, { name: "MDKSA-2007:192", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:192", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-4938", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large \"indx truck size\" and nEntriesInuse values, and a certain wLongsPerEntry value.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "25648", refsource: "BID", url: "http://www.securityfocus.com/bid/25648", }, { name: "3144", refsource: "SREASON", url: "http://securityreason.com/securityalert/3144", }, { name: "mplayer-avi-file-bo(36581)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36581", }, { name: "20070912 CAL-20070912-1 Multiple vendor produce handling AVI file vulnerabilities", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/479222/100/0/threaded", }, { name: "27016", refsource: "SECUNIA", url: "http://secunia.com/advisories/27016", }, { name: "45940", refsource: "OSVDB", url: "http://osvdb.org/45940", }, { name: "http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt", refsource: "MISC", url: "http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt", }, { name: "MDKSA-2007:192", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:192", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-4938", datePublished: "2007-09-18T19:00:00", dateReserved: "2007-09-18T00:00:00", dateUpdated: "2024-08-07T15:17:27.081Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-1043
Vulnerability from cvelistv5
Published
2007-02-21 17:00
Modified
2024-08-07 12:43
Severity ?
EPSS score ?
Summary
Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://forums.avenir-geopolitique.net/viewtopic.php?t=2674 | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/460325/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/32563 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/34181 | vdb-entry, x_refsource_OSVDB | |
| http://securityreason.com/securityalert/2275 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/22590 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T12:43:22.287Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://forums.avenir-geopolitique.net/viewtopic.php?t=2674", }, { name: "20070215 Ezboo webstats acces to sensitive files", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/460325/100/0/threaded", }, { name: "ezboo-update-unauthorized-access(32563)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/32563", }, { name: "34181", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/34181", }, { name: "2275", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/2275", }, { name: "22590", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/22590", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-02-15T00:00:00", descriptions: [ { lang: "en", value: "Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://forums.avenir-geopolitique.net/viewtopic.php?t=2674", }, { name: "20070215 Ezboo webstats acces to sensitive files", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/460325/100/0/threaded", }, { name: "ezboo-update-unauthorized-access(32563)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/32563", }, { name: "34181", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/34181", }, { name: "2275", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/2275", }, { name: "22590", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/22590", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-1043", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://forums.avenir-geopolitique.net/viewtopic.php?t=2674", refsource: "MISC", url: "http://forums.avenir-geopolitique.net/viewtopic.php?t=2674", }, { name: "20070215 Ezboo webstats acces to sensitive files", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/460325/100/0/threaded", }, { name: "ezboo-update-unauthorized-access(32563)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/32563", }, { name: "34181", refsource: "OSVDB", url: "http://osvdb.org/34181", }, { name: "2275", refsource: "SREASON", url: "http://securityreason.com/securityalert/2275", }, { name: "22590", refsource: "BID", url: "http://www.securityfocus.com/bid/22590", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-1043", datePublished: "2007-02-21T17:00:00", dateReserved: "2007-02-21T00:00:00", dateUpdated: "2024-08-07T12:43:22.287Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-1898
Vulnerability from cvelistv5
Published
2007-05-16 22:00
Modified
2024-08-07 13:13
Severity ?
EPSS score ?
Summary
formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34292 | vdb-entry, x_refsource_XF | |
| http://www.netvigilance.com/advisory0026 | x_refsource_MISC | |
| http://securityreason.com/securityalert/2710 | third-party-advisory, x_refsource_SREASON | |
| http://www.vupen.com/english/advisories/2007/1831 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/468644/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id?1018063 | vdb-entry, x_refsource_SECTRACK | |
| http://www.osvdb.org/34088 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/23989 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T13:13:41.503Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "jetbox-formmail-mail-relay(34292)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34292", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.netvigilance.com/advisory0026", }, { name: "2710", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/2710", }, { name: "ADV-2007-1831", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/1831", }, { name: "20070515 Jetbox CMS version 2.1 E-Mail Injection Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/468644/100/0/threaded", }, { name: "1018063", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1018063", }, { name: "34088", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/34088", }, { name: "23989", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/23989", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-05-15T00:00:00", descriptions: [ { lang: "en", value: "formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "jetbox-formmail-mail-relay(34292)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34292", }, { tags: [ "x_refsource_MISC", ], url: "http://www.netvigilance.com/advisory0026", }, { name: "2710", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/2710", }, { name: "ADV-2007-1831", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/1831", }, { name: "20070515 Jetbox CMS version 2.1 E-Mail Injection Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/468644/100/0/threaded", }, { name: "1018063", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1018063", }, { name: "34088", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/34088", }, { name: "23989", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/23989", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-1898", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "jetbox-formmail-mail-relay(34292)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34292", }, { name: "http://www.netvigilance.com/advisory0026", refsource: "MISC", url: "http://www.netvigilance.com/advisory0026", }, { name: "2710", refsource: "SREASON", url: "http://securityreason.com/securityalert/2710", }, { name: "ADV-2007-1831", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/1831", }, { name: "20070515 Jetbox CMS version 2.1 E-Mail Injection Vulnerability", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/468644/100/0/threaded", }, { name: "1018063", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1018063", }, { name: "34088", refsource: "OSVDB", url: "http://www.osvdb.org/34088", }, { name: "23989", refsource: "BID", url: "http://www.securityfocus.com/bid/23989", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-1898", datePublished: "2007-05-16T22:00:00", dateReserved: "2007-04-09T00:00:00", dateUpdated: "2024-08-07T13:13:41.503Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }