| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-2143 | 0.03 | — | 0.02 | Apr 19, 2007 | PHP remote file inclusion vulnerability in index.php in the Be2004-2 template for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||
| CVE-2007-2144 | 0.03 | — | 0.05 | Apr 19, 2007 | PHP remote file inclusion vulnerability in includes/CAltInstaller.php in the JoomlaPack (com_jpack) 1.0.4a2 RE component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||
| CVE-2007-2145 | 0.03 | — | 0.02 | Apr 19, 2007 | The imagecomments function in classes.php in MiniGal b13 allows remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the input parameter. NOTE: some of these details are obtained from third party information. | |||
| CVE-2007-2146 | 0.03 | — | 0.02 | Apr 19, 2007 | The imagecomments function in classes.php in MiniGal b13 allow remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the (1) name or (2) email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from… | |||
| CVE-2007-2147 | 0.03 | — | 0.03 | Apr 19, 2007 | admin/options.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier does not check for administrative credentials, which allows remote attackers to read and modify the classes/vars.php and classes/varstuff.php configuration files via direct requests. | |||
| CVE-2007-2148 | 0.03 | — | 0.02 | Apr 19, 2007 | Direct static code injection vulnerability in admin/save.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.html and foot.html, which are… | |||
| CVE-2007-2149 | 0.03 | — | 0.03 | Apr 19, 2007 | Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier stores usernames and unencrypted passwords in (1) classes/vars.php and (2) classes/varstuff.php, and recommends 0666 or 0777 permissions for these files, which allows local users to gain privileges by reading the files,… | |||
| CVE-2007-2150 | 0.00 | — | 0.01 | Apr 19, 2007 | BlueArc-FTPD in BlueArc Titan 2x00 devices with firmware 4.2.944b allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command, a variant of CVE-1999-0017. | |||
| CVE-2007-2151 | 0.00 | — | 0.02 | Apr 19, 2007 | The administration server in McAfee e-Business Server before 8.1.1 and 8.5.x before 8.5.2 allows remote attackers to cause a denial of service (service crash) via a large length value in a malformed authentication packet, which triggers a heap over-read. | |||
| CVE-2007-2152 | 0.00 | — | 0.03 | Apr 19, 2007 | Buffer overflow in the On-Access Scanner in McAfee VirusScan Enterprise before 8.0i Patch 12 allows user-assisted remote attackers to execute arbitrary code via a long filename containing multi-byte (Unicode) characters. | |||
| CVE-2007-2153 | 0.00 | — | 0.01 | Apr 19, 2007 | Cross-site scripting (XSS) vulnerability in atmail.php in @Mail 5.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||
| CVE-2007-2154 | 0.03 | — | 0.03 | Apr 19, 2007 | PHP remote file inclusion vulnerability in services/samples/inclusionService.php in Cabron Connector 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the CabronServiceFolder parameter. | |||
| CVE-2007-2155 | 0.03 | — | 0.03 | Apr 19, 2007 | Directory traversal vulnerability in template.php in in phpFaber TopSites 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the modify parameter in a template action to admin/index.php. | |||
| CVE-2007-2156 | 0.04 | — | 0.10 | Apr 19, 2007 | Multiple PHP remote file inclusion vulnerabilities in Rezervi Generic 0.9 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) datumVonDatumBis.inc.php, (2) footer.inc.php, (3) header.inc.php, and (4) stylesheets.php in templates/; and (5)… | |||
| CVE-2007-2157 | 0.03 | — | 0.04 | Apr 19, 2007 | Directory traversal vulnerability in upload/force_download.php in Zomplog 3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||
| CVE-2007-2158 | 0.03 | — | 0.02 | Apr 19, 2007 | PHP remote file inclusion vulnerability in index.php in jGallery 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the G_JGALL[inc_path] parameter. | |||
| CVE-2007-2108 | 0.02 | — | 0.21 | Apr 18, 2007 | Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote attackers to have an unknown impact, aka DB01. NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue occurs because… | |||
| CVE-2007-2109 | 0.00 | — | 0.02 | Apr 18, 2007 | Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) Rules Manager and Expression Filter components (DB02) and (2) Oracle Streams (DB06). Note: as of 20070424, Oracle has not disputed… | |||
| CVE-2007-2110 | 0.00 | — | 0.00 | Apr 18, 2007 | Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB03 occurs because RDBMS uses a NULL… | |||
| CVE-2007-2111 | 0.00 | — | 0.03 | Apr 18, 2007 | SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 allows remote authenticated users to inject arbitrary SQL commands via unknown vectors, aka DB04. NOTE: as of 20070424, Oracle has not disputed reliable claims that… | |||
| CVE-2007-2112 | 0.00 | — | 0.04 | Apr 18, 2007 | Unspecified vulnerability in the Authentication component for Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and attack vectors, aka DB05. NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue allows remote authenticated users to bypass the… | |||
| CVE-2007-2113 | 0.00 | — | 0.03 | Apr 18, 2007 | SQL injection vulnerability in the Upgrade/Downgrade component (DBMS_UPGRADE_INTERNAL) for Oracle Database 10.1.0.5 allows remote authenticated users to execute arbitrary SQL commands via unknown vectors, aka DB07. NOTE: as of 20070424, Oracle has not disputed reliable claims… | |||
| CVE-2007-2114 | 0.00 | — | 0.06 | Apr 18, 2007 | Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors, related to (1) Change Data Capture (CDC), aka DB08, and (2) Oracle Instant Client, aka DB11. NOTE: as of 20070424, oracle has not disputed… | |||
| CVE-2007-2115 | 0.00 | — | 0.03 | Apr 18, 2007 | Unspecified vulnerability in the Change Data Capture (CDC) component in Oracle Database 9.2.0.7, 10.1.0.5, and 10.2.0.2 has unknown impact and attack vectors, aka DB09. NOTE: as of 20070424, oracle has not disputed reliable claims that this issue involves multiple SQL injection… | |||
| CVE-2007-2116 | 0.00 | — | 0.03 | Apr 18, 2007 | Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors, aka DB10. NOTE: as of 20070424, Oracle has not disputed claims that these are buffer overflows in kkzi.o for the… | |||
| CVE-2007-2117 | 0.00 | — | 0.01 | Apr 18, 2007 | Unspecified vulnerability in the Oracle Text component in Oracle Database 9.0.1.5+ and 9.2.0.5 has unknown impact and attack vectors, aka DB12. NOTE: as of 20070424, Oracle has not disputed reliable claims that this involves a buffer overflow in the ctxsrv server daemon. | |||
| CVE-2007-2118 | 0.00 | — | 0.04 | Apr 18, 2007 | Unspecified vulnerability in the Upgrade/Downgrade component of Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors, aka DB13. NOTE: as of 20070424, Oracle has not disputed reliable claims that this is a buffer overflow involving the "mig utility." | |||
| CVE-2007-2119 | 0.00 | — | 0.04 | Apr 18, 2007 | Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the Administration Front End for Oracle Enterprise (Ultra) Search, as used in Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers… | |||
| CVE-2007-2120 | 0.00 | — | 0.03 | Apr 18, 2007 | The Oracle Discoverer servlet in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to shut down an Oracle TNS Listener via a TNS STOP command in a request that uses the database/TNS alias, aka AS01. | |||
| CVE-2007-2121 | 0.00 | — | 0.02 | Apr 18, 2007 | Unspecified vulnerability in the COREid Access component in Oracle Application Server 7.0.4.4 has unknown impact and attack vectors, aka AS02. | |||
| CVE-2007-2122 | 0.00 | — | 0.02 | Apr 18, 2007 | Unspecified vulnerability in the Wireless component in Oracle Application Server 9.0.4.3 has unknown impact and attack vectors, aka AS03. | |||
| CVE-2007-2123 | 0.00 | — | 0.02 | Apr 18, 2007 | Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.3 up to 10.1.3.2.0, 10.1.2 up to 10.1.2.2.0, and 9.0.4.3 has unknown impact and attack vectors, aka AS04. | |||
| CVE-2007-2124 | 0.00 | — | 0.02 | Apr 18, 2007 | Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.4.1.0 has unknown impact and remote attack vectors, aka AS05. | |||
| CVE-2007-2125 | 0.00 | — | 0.02 | Apr 18, 2007 | Unspecified vulnerability in Collaborative Workspace in Oracle Collaboration Suite 10.1.2 has unknown impact and attack vectors, aka OCS01. | |||
| CVE-2007-2126 | 0.00 | — | 0.02 | Apr 18, 2007 | Unspecified vulnerability in Oracle E-Business Suite 11.5.10CU2 has unknown impact and remote attack vectors in the (1) Common Applications (APPS01) and (2) iProcurement (APPS02). | |||
| CVE-2007-2127 | 0.00 | — | 0.02 | Apr 18, 2007 | Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.0 have unknown impact and remote attack vectors via (1) Application Object Library (APPS04), iStore (2) APPS05 and (3) APPS06, (4) iSupport (APPS07), (5) Trade Management (APPS09), (6) Applications Manager… | |||
| CVE-2007-2128 | 0.00 | — | 0.03 | Apr 18, 2007 | Unspecified vulnerability in the Sales Online component for Oracle E-Business Suite 11.5.10 has unknown impact and remote authenticated attack vectors, aka APPS08. | |||
| CVE-2007-2129 | 0.00 | — | 0.02 | Apr 18, 2007 | Unspecified vulnerability in the Agent component in Oracle Enterprise Manager 9.2.0.8 has unknown impact and remote attack vectors, aka EM01. | |||
| CVE-2007-2130 | 0.00 | — | 0.03 | Apr 18, 2007 | Unspecified vulnerability in Workflow Cartridge, as used in Oracle Database Server 9.2.0.1, 10.1.0.2, and 10.2.0.1; Application Server 9.0.4.3 and 10.1.2.0.2; Collaboration Suite 10.1.2; and E-Business Suite; has unknown impact and remote authenticated attack vectors, aka OWF01. | |||
| CVE-2007-2131 | 0.00 | — | 0.03 | Apr 18, 2007 | Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.22.14, 8.47.12, and 8.48.08 has unknown impact and attack vectors, aka PSE01. | |||
| CVE-2007-2132 | 0.00 | — | 0.02 | Apr 18, 2007 | Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise 8.47.12 and 8.48.08 has unknown impact and attack vectors, aka PSE02. | |||
| CVE-2007-2133 | 0.00 | — | 0.02 | Apr 18, 2007 | Unspecified vulnerability in the PeopleSoft Enterprise Human Capital Management component in Oracle PeopleSoft Enterprise 8.9 has unknown impact and attack vectors, aka PSEHCM01. | |||
| CVE-2007-2134 | 0.00 | — | 0.00 | Apr 18, 2007 | Unspecified vulnerability in the HTML Server in Oracle JD Edwards EnterpriseOne SP23_Q1 and 8.96.I1 has unknown impact and local attack vectors, aka JDE01. | |||
| CVE-2006-7194 | 0.03 | — | 0.05 | Apr 18, 2007 | PHP remote file inclusion vulnerability in modules/Mysqlfinder/MysqlfinderAdmin.php in Agora 1.4 RC1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the _SESSION[PATH_COMPOSANT] parameter. | |||
| CVE-2007-2084 | 0.00 | — | 0.01 | Apr 18, 2007 | PHP remote file inclusion vulnerability in MobilePublisherphp 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the auth_method parameter to (1) index.php, (2) list.php, (3) postreview.php, (4) reindex.php, (5) sections.php, (6) templates.php, (7)… | |||
| CVE-2007-2085 | 0.00 | — | 0.01 | Apr 18, 2007 | Cross-site scripting (XSS) vulnerability in oe2edit.cgi in oe2edit CMS allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||
| CVE-2007-2086 | 0.03 | — | 0.02 | Apr 18, 2007 | Multiple PHP remote file inclusion vulnerabilities in CNStats 2.9 allow remote attackers to execute arbitrary PHP code via a URL in the bj parameter to (1) who_r.php or (2) who_s.php in reports/. | |||
| CVE-2007-2087 | 0.03 | — | 0.02 | Apr 18, 2007 | Multiple PHP remote file inclusion vulnerabilities in CNStats 2.12, when register_globals is enabled and .htaccess is not recognized, allow remote attackers to execute arbitrary PHP code via a URL in the bn parameter to (1) who_r.php or (2) who_s.php in reports/. NOTE: the… | |||
| CVE-2007-2088 | 0.00 | — | 0.02 | Apr 18, 2007 | Multiple PHP remote file inclusion vulnerabilities in Sitebar 3.3.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) writerFile parameter to index.php and the (2) file parameter to Integrator.php. | |||
| CVE-2007-2089 | 0.03 | — | 0.06 | Apr 18, 2007 | Multiple PHP remote file inclusion vulnerabilities in the Jx Development Article 1.1 and earlier component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to com_articles.php in (1) components/ or (2)… |
- CVE-2007-2143Apr 19, 2007risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in index.php in the Be2004-2 template for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
- CVE-2007-2144Apr 19, 2007risk 0.03cvss —epss 0.05
PHP remote file inclusion vulnerability in includes/CAltInstaller.php in the JoomlaPack (com_jpack) 1.0.4a2 RE component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
- CVE-2007-2145Apr 19, 2007risk 0.03cvss —epss 0.02
The imagecomments function in classes.php in MiniGal b13 allows remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the input parameter. NOTE: some of these details are obtained from third party information.
- CVE-2007-2146Apr 19, 2007risk 0.03cvss —epss 0.02
The imagecomments function in classes.php in MiniGal b13 allow remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the (1) name or (2) email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from…
- CVE-2007-2147Apr 19, 2007risk 0.03cvss —epss 0.03
admin/options.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier does not check for administrative credentials, which allows remote attackers to read and modify the classes/vars.php and classes/varstuff.php configuration files via direct requests.
- CVE-2007-2148Apr 19, 2007risk 0.03cvss —epss 0.02
Direct static code injection vulnerability in admin/save.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.html and foot.html, which are…
- CVE-2007-2149Apr 19, 2007risk 0.03cvss —epss 0.03
Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier stores usernames and unencrypted passwords in (1) classes/vars.php and (2) classes/varstuff.php, and recommends 0666 or 0777 permissions for these files, which allows local users to gain privileges by reading the files,…
- CVE-2007-2150Apr 19, 2007risk 0.00cvss —epss 0.01
BlueArc-FTPD in BlueArc Titan 2x00 devices with firmware 4.2.944b allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command, a variant of CVE-1999-0017.
- CVE-2007-2151Apr 19, 2007risk 0.00cvss —epss 0.02
The administration server in McAfee e-Business Server before 8.1.1 and 8.5.x before 8.5.2 allows remote attackers to cause a denial of service (service crash) via a large length value in a malformed authentication packet, which triggers a heap over-read.
- CVE-2007-2152Apr 19, 2007risk 0.00cvss —epss 0.03
Buffer overflow in the On-Access Scanner in McAfee VirusScan Enterprise before 8.0i Patch 12 allows user-assisted remote attackers to execute arbitrary code via a long filename containing multi-byte (Unicode) characters.
- CVE-2007-2153Apr 19, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in atmail.php in @Mail 5.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
- CVE-2007-2154Apr 19, 2007risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in services/samples/inclusionService.php in Cabron Connector 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the CabronServiceFolder parameter.
- CVE-2007-2155Apr 19, 2007risk 0.03cvss —epss 0.03
Directory traversal vulnerability in template.php in in phpFaber TopSites 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the modify parameter in a template action to admin/index.php.
- CVE-2007-2156Apr 19, 2007risk 0.04cvss —epss 0.10
Multiple PHP remote file inclusion vulnerabilities in Rezervi Generic 0.9 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) datumVonDatumBis.inc.php, (2) footer.inc.php, (3) header.inc.php, and (4) stylesheets.php in templates/; and (5)…
- CVE-2007-2157Apr 19, 2007risk 0.03cvss —epss 0.04
Directory traversal vulnerability in upload/force_download.php in Zomplog 3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
- CVE-2007-2158Apr 19, 2007risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in index.php in jGallery 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the G_JGALL[inc_path] parameter.
- CVE-2007-2108Apr 18, 2007risk 0.02cvss —epss 0.21
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote attackers to have an unknown impact, aka DB01. NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue occurs because…
- CVE-2007-2109Apr 18, 2007risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) Rules Manager and Expression Filter components (DB02) and (2) Oracle Streams (DB06). Note: as of 20070424, Oracle has not disputed…
- CVE-2007-2110Apr 18, 2007risk 0.00cvss —epss 0.00
Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB03 occurs because RDBMS uses a NULL…
- CVE-2007-2111Apr 18, 2007risk 0.00cvss —epss 0.03
SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 allows remote authenticated users to inject arbitrary SQL commands via unknown vectors, aka DB04. NOTE: as of 20070424, Oracle has not disputed reliable claims that…
- CVE-2007-2112Apr 18, 2007risk 0.00cvss —epss 0.04
Unspecified vulnerability in the Authentication component for Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and attack vectors, aka DB05. NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue allows remote authenticated users to bypass the…
- CVE-2007-2113Apr 18, 2007risk 0.00cvss —epss 0.03
SQL injection vulnerability in the Upgrade/Downgrade component (DBMS_UPGRADE_INTERNAL) for Oracle Database 10.1.0.5 allows remote authenticated users to execute arbitrary SQL commands via unknown vectors, aka DB07. NOTE: as of 20070424, Oracle has not disputed reliable claims…
- CVE-2007-2114Apr 18, 2007risk 0.00cvss —epss 0.06
Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors, related to (1) Change Data Capture (CDC), aka DB08, and (2) Oracle Instant Client, aka DB11. NOTE: as of 20070424, oracle has not disputed…
- CVE-2007-2115Apr 18, 2007risk 0.00cvss —epss 0.03
Unspecified vulnerability in the Change Data Capture (CDC) component in Oracle Database 9.2.0.7, 10.1.0.5, and 10.2.0.2 has unknown impact and attack vectors, aka DB09. NOTE: as of 20070424, oracle has not disputed reliable claims that this issue involves multiple SQL injection…
- CVE-2007-2116Apr 18, 2007risk 0.00cvss —epss 0.03
Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors, aka DB10. NOTE: as of 20070424, Oracle has not disputed claims that these are buffer overflows in kkzi.o for the…
- CVE-2007-2117Apr 18, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in the Oracle Text component in Oracle Database 9.0.1.5+ and 9.2.0.5 has unknown impact and attack vectors, aka DB12. NOTE: as of 20070424, Oracle has not disputed reliable claims that this involves a buffer overflow in the ctxsrv server daemon.
- CVE-2007-2118Apr 18, 2007risk 0.00cvss —epss 0.04
Unspecified vulnerability in the Upgrade/Downgrade component of Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors, aka DB13. NOTE: as of 20070424, Oracle has not disputed reliable claims that this is a buffer overflow involving the "mig utility."
- CVE-2007-2119Apr 18, 2007risk 0.00cvss —epss 0.04
Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the Administration Front End for Oracle Enterprise (Ultra) Search, as used in Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers…
- CVE-2007-2120Apr 18, 2007risk 0.00cvss —epss 0.03
The Oracle Discoverer servlet in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to shut down an Oracle TNS Listener via a TNS STOP command in a request that uses the database/TNS alias, aka AS01.
- CVE-2007-2121Apr 18, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in the COREid Access component in Oracle Application Server 7.0.4.4 has unknown impact and attack vectors, aka AS02.
- CVE-2007-2122Apr 18, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Wireless component in Oracle Application Server 9.0.4.3 has unknown impact and attack vectors, aka AS03.
- CVE-2007-2123Apr 18, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.3 up to 10.1.3.2.0, 10.1.2 up to 10.1.2.2.0, and 9.0.4.3 has unknown impact and attack vectors, aka AS04.
- CVE-2007-2124Apr 18, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.4.1.0 has unknown impact and remote attack vectors, aka AS05.
- CVE-2007-2125Apr 18, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in Collaborative Workspace in Oracle Collaboration Suite 10.1.2 has unknown impact and attack vectors, aka OCS01.
- CVE-2007-2126Apr 18, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in Oracle E-Business Suite 11.5.10CU2 has unknown impact and remote attack vectors in the (1) Common Applications (APPS01) and (2) iProcurement (APPS02).
- CVE-2007-2127Apr 18, 2007risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.0 have unknown impact and remote attack vectors via (1) Application Object Library (APPS04), iStore (2) APPS05 and (3) APPS06, (4) iSupport (APPS07), (5) Trade Management (APPS09), (6) Applications Manager…
- CVE-2007-2128Apr 18, 2007risk 0.00cvss —epss 0.03
Unspecified vulnerability in the Sales Online component for Oracle E-Business Suite 11.5.10 has unknown impact and remote authenticated attack vectors, aka APPS08.
- CVE-2007-2129Apr 18, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Agent component in Oracle Enterprise Manager 9.2.0.8 has unknown impact and remote attack vectors, aka EM01.
- CVE-2007-2130Apr 18, 2007risk 0.00cvss —epss 0.03
Unspecified vulnerability in Workflow Cartridge, as used in Oracle Database Server 9.2.0.1, 10.1.0.2, and 10.2.0.1; Application Server 9.0.4.3 and 10.1.2.0.2; Collaboration Suite 10.1.2; and E-Business Suite; has unknown impact and remote authenticated attack vectors, aka OWF01.
- CVE-2007-2131Apr 18, 2007risk 0.00cvss —epss 0.03
Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.22.14, 8.47.12, and 8.48.08 has unknown impact and attack vectors, aka PSE01.
- CVE-2007-2132Apr 18, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise 8.47.12 and 8.48.08 has unknown impact and attack vectors, aka PSE02.
- CVE-2007-2133Apr 18, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in the PeopleSoft Enterprise Human Capital Management component in Oracle PeopleSoft Enterprise 8.9 has unknown impact and attack vectors, aka PSEHCM01.
- CVE-2007-2134Apr 18, 2007risk 0.00cvss —epss 0.00
Unspecified vulnerability in the HTML Server in Oracle JD Edwards EnterpriseOne SP23_Q1 and 8.96.I1 has unknown impact and local attack vectors, aka JDE01.
- CVE-2006-7194Apr 18, 2007risk 0.03cvss —epss 0.05
PHP remote file inclusion vulnerability in modules/Mysqlfinder/MysqlfinderAdmin.php in Agora 1.4 RC1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the _SESSION[PATH_COMPOSANT] parameter.
- CVE-2007-2084Apr 18, 2007risk 0.00cvss —epss 0.01
PHP remote file inclusion vulnerability in MobilePublisherphp 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the auth_method parameter to (1) index.php, (2) list.php, (3) postreview.php, (4) reindex.php, (5) sections.php, (6) templates.php, (7)…
- CVE-2007-2085Apr 18, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in oe2edit.cgi in oe2edit CMS allows remote attackers to inject arbitrary web script or HTML via the q parameter.
- CVE-2007-2086Apr 18, 2007risk 0.03cvss —epss 0.02
Multiple PHP remote file inclusion vulnerabilities in CNStats 2.9 allow remote attackers to execute arbitrary PHP code via a URL in the bj parameter to (1) who_r.php or (2) who_s.php in reports/.
- CVE-2007-2087Apr 18, 2007risk 0.03cvss —epss 0.02
Multiple PHP remote file inclusion vulnerabilities in CNStats 2.12, when register_globals is enabled and .htaccess is not recognized, allow remote attackers to execute arbitrary PHP code via a URL in the bn parameter to (1) who_r.php or (2) who_s.php in reports/. NOTE: the…
- CVE-2007-2088Apr 18, 2007risk 0.00cvss —epss 0.02
Multiple PHP remote file inclusion vulnerabilities in Sitebar 3.3.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) writerFile parameter to index.php and the (2) file parameter to Integrator.php.
- CVE-2007-2089Apr 18, 2007risk 0.03cvss —epss 0.06
Multiple PHP remote file inclusion vulnerabilities in the Jx Development Article 1.1 and earlier component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to com_articles.php in (1) components/ or (2)…