| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-1171 | 0.03 | — | 0.02 | Mar 2, 2007 | SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie. | |||
| CVE-2007-1172 | 0.03 | — | 0.01 | Mar 2, 2007 | SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the "File Disclosure Exploit." | |||
| CVE-2007-1174 | 0.00 | — | 0.02 | Mar 2, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 20070214 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to unspecified fields in user Profiles. NOTE: some of these details are obtained from third party… | |||
| CVE-2007-1175 | 0.00 | — | 0.01 | Mar 2, 2007 | Cross-site scripting (XSS) vulnerability in an admin feature in WebAPP before 20070209 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2007-1176 | 0.00 | — | 0.02 | Mar 2, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 0.9.9.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) Gallery Comments pages, (2) Feedback pages, (3) Search Results pages, and (4) the Statistics Log… | |||
| CVE-2007-1177 | 0.00 | — | 0.01 | Mar 2, 2007 | WebAPP before 0.9.9.5 does not properly filter certain characters in contexts related to (1) the query string, (2) Profiles, (3) the Forum Post icon field, (4) the Edit Profile, and (5) the Gallery, which has unknown impact and remote attack vectors, possibly related to… | |||
| CVE-2007-1178 | 0.00 | — | 0.01 | Mar 2, 2007 | WebAPP before 0.9.9.5 does not check access in certain contexts related to (1) Calendar Administration, (2) Instant Messages Administration, and (3) the Image Uploader, which has unknown impact and attack vectors. | |||
| CVE-2007-1179 | 0.00 | — | 0.01 | Mar 2, 2007 | WebAPP before 0.9.9.5 does not properly manage e-mail addresses in certain contexts related to (1) the Recommend feature, Email Article (2) senders and (3) recipients, (4) New User Approval, (5) Edit Profiles, (6) the Newsletter Subscription form, (7) the Recommend form, and (8)… | |||
| CVE-2007-1180 | 0.00 | — | 0.01 | Mar 2, 2007 | WebAPP before 0.9.9.5 does not check referrers in certain forms, which might facilitate remote cross-site request forgery (CSRF) attacks or have other unknown impact. | |||
| CVE-2007-1181 | 0.00 | — | 0.01 | Mar 2, 2007 | WebAPP before 0.9.9.5 passes (1) Unused Informations and (2) the username through Edit Profile forms, which has unknown impact and attack vectors. | |||
| CVE-2007-1182 | 0.00 | — | 0.01 | Mar 2, 2007 | WebAPP before 0.9.9.5 allows remote Guest users to edit a Guest profile, which has unknown impact. | |||
| CVE-2007-1183 | 0.00 | — | 0.01 | Mar 2, 2007 | WebAPP before 0.9.9.5 allows remote authenticated users to spoof another user's Real Name via whitespace, which has unknown impact and attack vectors. | |||
| CVE-2007-1184 | 0.00 | — | 0.01 | Mar 2, 2007 | The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA setting of "no," which makes it easier for automated programs to submit false data. | |||
| CVE-2007-1185 | 0.00 | — | 0.01 | Mar 2, 2007 | The (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval forms in WebAPP before 0.9.9.5 use hidden inputs, which has unknown impact and remote attack vectors. | |||
| CVE-2007-1186 | 0.00 | — | 0.01 | Mar 2, 2007 | WebAPP before 0.9.9.5 does not "censor" the Latest Member real name, which has unknown impact. | |||
| CVE-2007-1187 | 0.00 | — | 0.01 | Mar 2, 2007 | WebAPP before 0.9.9.5 allows remote authenticated users, without admin privileges, to obtain sensitive information via (1) the Forum Archive feature and (2) Recent Searches. | |||
| CVE-2007-1188 | 0.00 | — | 0.01 | Mar 2, 2007 | WebAPP before 0.9.9.5 allows remote attackers to submit Search form input that is not checked for (1) composition or (2) length, which has unknown impact, possibly related to "search form hijacking". | |||
| CVE-2007-1189 | 0.03 | — | 0.01 | Mar 2, 2007 | Integer overflow in the envwrite function in the Alcatel-Lucent Bell Labs Plan 9 kernel allows local users to overwrite certain memory addresses with kernel memory via a large n argument, as demonstrated by (1) modifying the iseve function to gain privileges and (2) making the… | |||
| CVE-2007-1190 | 0.03 | — | 0.03 | Mar 2, 2007 | Unspecified vulnerability in the EmbeddedWB Web Browser ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||
| CVE-2007-1191 | 0.00 | — | 0.00 | Mar 2, 2007 | The Social Bookmarks (del.icio.us) plug-in 8F in Quicksilver writes usernames and passwords in plaintext to the /Library/Logs/Console/UID/Console.log file, which allows local users to obtain sensitive information by reading this file. | |||
| CVE-2007-1192 | 0.03 | — | 0.02 | Mar 2, 2007 | Thomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an admin password hash via a direct request for data/gbconfiguration.dat. | |||
| CVE-2007-1193 | 0.00 | — | 0.01 | Mar 2, 2007 | Multiple unspecified vulnerabilities in the Login page in OrangeHRM before 20070212 have unknown impact and attack vectors. | |||
| CVE-2007-1194 | 0.00 | — | 0.00 | Mar 2, 2007 | Norman SandBox Analyzer does not use the proper range for Interrupt Descriptor Table (IDT) entries, which allows local users to determine that the local machine is an emulator, or a similar environment not based on a physical Intel processor, which allows attackers to produce… | |||
| CVE-2007-1195 | 0.03 | — | 0.05 | Mar 2, 2007 | Multiple buffer overflows in XM Easy Personal FTP Server 5.3.0 allow remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might overlap CVE-2006-2225, CVE-2006-2226, or CVE-2006-5728. | |||
| CVE-2007-1196 | 0.00 | — | 0.04 | Mar 2, 2007 | Unspecified vulnerability in Citrix Presentation Server Client for Windows before 10.0 allows remote web sites to execute arbitrary code via unspecified vectors, related to the implementation of ICA connectivity through proxy servers. | |||
| CVE-2007-1197 | 0.00 | — | 0.01 | Mar 2, 2007 | Multiple unspecified vulnerabilities in Epiware before 4.7.5 have unknown impact and attack vectors, possibly related to cross-site scripting (XSS) and other unspecified issues. | |||
| CVE-2007-1198 | 0.00 | — | 0.01 | Mar 2, 2007 | Cross-site scripting (XSS) vulnerability in TaskFreak! before 0.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a variant of CVE-2007-0982. | |||
| CVE-2007-1199 | 0.04 | — | 0.10 | Mar 2, 2007 | Adobe Reader and Acrobat Trial allow remote attackers to read arbitrary files via a file:// URI in a PDF document, as demonstrated with <</URI(file:///C:/)/S/URI>>, a different issue than CVE-2007-0045. | |||
| CVE-2007-1217 | 0.00 | — | 0.00 | Mar 2, 2007 | Buffer overflow in the bufprint function in capiutil.c in libcapi, as used in Linux kernel 2.6.9 to 2.6.20 and isdn4k-utils, allows local users to cause a denial of service (crash) and possibly gain privileges via a crafted CAPI packet. | |||
| CVE-2007-1218 | 0.00 | — | 0.03 | Mar 2, 2007 | Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. NOTE: this was originally referred to as heap-based, but… | |||
| CVE-2007-0996 | 0.00 | — | 0.02 | Feb 27, 2007 | The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set. | |||
| CVE-2007-1117 | 0.01 | — | 0.18 | Feb 27, 2007 | Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. … | |||
| CVE-2007-1118 | 0.03 | — | 0.03 | Feb 27, 2007 | Multiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path_to_smf parameter to (1) bridges/SMF/logout.php or (2) get_session_vars.php. | |||
| CVE-2007-1119 | 0.00 | — | 0.02 | Feb 27, 2007 | Unspecified vulnerability in Novell ZENworks 7 Desktop Management Support Pack 1 before Hot patch 3 (ZDM7SP1HP3) allows remote attackers to upload images to certain folders that were not configured in the "Only allow uploads to the following directories" setting via unspecified… | |||
| CVE-2007-1120 | 0.00 | — | 0.02 | Feb 27, 2007 | The (1) Import.LoadFromURL and (2) Export.asText.SaveToFile functions in TeeChart Pro ActiveX control (TeeChart7.ocx) allow remote attackers to download a crafted .tee file to an arbitrary location. NOTE: the provenance of this information is unknown; the details are obtained… | |||
| CVE-2007-1121 | 0.00 | — | 0.01 | Feb 27, 2007 | Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php. NOTE: some of… | |||
| CVE-2007-1122 | 0.01 | — | 0.15 | Feb 27, 2007 | Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 and 1.01 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php, a… | |||
| CVE-2007-1123 | 0.00 | — | 0.02 | Feb 27, 2007 | Multiple PHP remote file inclusion vulnerabilities in ZPanel 2.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the body parameter to templates/ZPanelV2/template.php or (2) the page parameter to zpanel.php. NOTE: the zpanel.php vector may overlap… | |||
| CVE-2007-1124 | 0.03 | — | 0.03 | Feb 27, 2007 | Directory traversal vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. | |||
| CVE-2007-1125 | 0.03 | — | 0.02 | Feb 27, 2007 | Cross-site scripting (XSS) vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to inject arbitrary web script or HTML via the f parameter. | |||
| CVE-2007-1126 | 0.03 | — | 0.05 | Feb 27, 2007 | Directory traversal vulnerability in index.php in xtcommerce allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter. | |||
| CVE-2007-1127 | 0.03 | — | 0.03 | Feb 27, 2007 | Directory traversal vulnerability in enc/stylecss.php in shopkitplus allows remote attackers to read arbitrary files via a .. (dot dot) in the changetheme parameter. | |||
| CVE-2007-1128 | 0.00 | — | 0.01 | Feb 27, 2007 | shopkitplus allows remote attackers to obtain sensitive information via a request to (1) events.php with a curmonth[]=01 query string or (2) enc/stylecss.php with a changetheme[]= query string, which reveals the path in various error messages. | |||
| CVE-2007-1129 | 0.00 | — | 0.01 | Feb 27, 2007 | Multiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow remote attackers to upload and execute files via (1) an avatar upload in an add_down action, or (2) an add_link action. | |||
| CVE-2007-1130 | 0.03 | — | 0.03 | Feb 27, 2007 | PHP remote file inclusion vulnerability in sinagb.php in Sinapis Gastebuch 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter. | |||
| CVE-2007-1131 | 0.03 | — | 0.03 | Feb 27, 2007 | PHP remote file inclusion vulnerability in sinapis.php in Sinapis Forum 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter. | |||
| CVE-2007-1132 | 0.00 | — | 0.01 | Feb 27, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in the "Contact Us" functionality in MTCMS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) message and (2) title fields. | |||
| CVE-2007-1133 | 0.03 | — | 0.03 | Feb 27, 2007 | PHP remote file inclusion vulnerability in fcring.php in FCRing 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the s_fuss parameter. | |||
| CVE-2007-1114 | 0.01 | — | 0.12 | Feb 26, 2007 | The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the… | |||
| CVE-2007-1115 | 0.00 | — | 0.02 | Feb 26, 2007 | The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7… |
- CVE-2007-1171Mar 2, 2007risk 0.03cvss —epss 0.02
SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie.
- CVE-2007-1172Mar 2, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the "File Disclosure Exploit."
- CVE-2007-1174Mar 2, 2007risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 20070214 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to unspecified fields in user Profiles. NOTE: some of these details are obtained from third party…
- CVE-2007-1175Mar 2, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in an admin feature in WebAPP before 20070209 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2007-1176Mar 2, 2007risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 0.9.9.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) Gallery Comments pages, (2) Feedback pages, (3) Search Results pages, and (4) the Statistics Log…
- CVE-2007-1177Mar 2, 2007risk 0.00cvss —epss 0.01
WebAPP before 0.9.9.5 does not properly filter certain characters in contexts related to (1) the query string, (2) Profiles, (3) the Forum Post icon field, (4) the Edit Profile, and (5) the Gallery, which has unknown impact and remote attack vectors, possibly related to…
- CVE-2007-1178Mar 2, 2007risk 0.00cvss —epss 0.01
WebAPP before 0.9.9.5 does not check access in certain contexts related to (1) Calendar Administration, (2) Instant Messages Administration, and (3) the Image Uploader, which has unknown impact and attack vectors.
- CVE-2007-1179Mar 2, 2007risk 0.00cvss —epss 0.01
WebAPP before 0.9.9.5 does not properly manage e-mail addresses in certain contexts related to (1) the Recommend feature, Email Article (2) senders and (3) recipients, (4) New User Approval, (5) Edit Profiles, (6) the Newsletter Subscription form, (7) the Recommend form, and (8)…
- CVE-2007-1180Mar 2, 2007risk 0.00cvss —epss 0.01
WebAPP before 0.9.9.5 does not check referrers in certain forms, which might facilitate remote cross-site request forgery (CSRF) attacks or have other unknown impact.
- CVE-2007-1181Mar 2, 2007risk 0.00cvss —epss 0.01
WebAPP before 0.9.9.5 passes (1) Unused Informations and (2) the username through Edit Profile forms, which has unknown impact and attack vectors.
- CVE-2007-1182Mar 2, 2007risk 0.00cvss —epss 0.01
WebAPP before 0.9.9.5 allows remote Guest users to edit a Guest profile, which has unknown impact.
- CVE-2007-1183Mar 2, 2007risk 0.00cvss —epss 0.01
WebAPP before 0.9.9.5 allows remote authenticated users to spoof another user's Real Name via whitespace, which has unknown impact and attack vectors.
- CVE-2007-1184Mar 2, 2007risk 0.00cvss —epss 0.01
The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA setting of "no," which makes it easier for automated programs to submit false data.
- CVE-2007-1185Mar 2, 2007risk 0.00cvss —epss 0.01
The (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval forms in WebAPP before 0.9.9.5 use hidden inputs, which has unknown impact and remote attack vectors.
- CVE-2007-1186Mar 2, 2007risk 0.00cvss —epss 0.01
WebAPP before 0.9.9.5 does not "censor" the Latest Member real name, which has unknown impact.
- CVE-2007-1187Mar 2, 2007risk 0.00cvss —epss 0.01
WebAPP before 0.9.9.5 allows remote authenticated users, without admin privileges, to obtain sensitive information via (1) the Forum Archive feature and (2) Recent Searches.
- CVE-2007-1188Mar 2, 2007risk 0.00cvss —epss 0.01
WebAPP before 0.9.9.5 allows remote attackers to submit Search form input that is not checked for (1) composition or (2) length, which has unknown impact, possibly related to "search form hijacking".
- CVE-2007-1189Mar 2, 2007risk 0.03cvss —epss 0.01
Integer overflow in the envwrite function in the Alcatel-Lucent Bell Labs Plan 9 kernel allows local users to overwrite certain memory addresses with kernel memory via a large n argument, as demonstrated by (1) modifying the iseve function to gain privileges and (2) making the…
- CVE-2007-1190Mar 2, 2007risk 0.03cvss —epss 0.03
Unspecified vulnerability in the EmbeddedWB Web Browser ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2007-1191Mar 2, 2007risk 0.00cvss —epss 0.00
The Social Bookmarks (del.icio.us) plug-in 8F in Quicksilver writes usernames and passwords in plaintext to the /Library/Logs/Console/UID/Console.log file, which allows local users to obtain sensitive information by reading this file.
- CVE-2007-1192Mar 2, 2007risk 0.03cvss —epss 0.02
Thomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an admin password hash via a direct request for data/gbconfiguration.dat.
- CVE-2007-1193Mar 2, 2007risk 0.00cvss —epss 0.01
Multiple unspecified vulnerabilities in the Login page in OrangeHRM before 20070212 have unknown impact and attack vectors.
- CVE-2007-1194Mar 2, 2007risk 0.00cvss —epss 0.00
Norman SandBox Analyzer does not use the proper range for Interrupt Descriptor Table (IDT) entries, which allows local users to determine that the local machine is an emulator, or a similar environment not based on a physical Intel processor, which allows attackers to produce…
- CVE-2007-1195Mar 2, 2007risk 0.03cvss —epss 0.05
Multiple buffer overflows in XM Easy Personal FTP Server 5.3.0 allow remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might overlap CVE-2006-2225, CVE-2006-2226, or CVE-2006-5728.
- CVE-2007-1196Mar 2, 2007risk 0.00cvss —epss 0.04
Unspecified vulnerability in Citrix Presentation Server Client for Windows before 10.0 allows remote web sites to execute arbitrary code via unspecified vectors, related to the implementation of ICA connectivity through proxy servers.
- CVE-2007-1197Mar 2, 2007risk 0.00cvss —epss 0.01
Multiple unspecified vulnerabilities in Epiware before 4.7.5 have unknown impact and attack vectors, possibly related to cross-site scripting (XSS) and other unspecified issues.
- CVE-2007-1198Mar 2, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in TaskFreak! before 0.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a variant of CVE-2007-0982.
- CVE-2007-1199Mar 2, 2007risk 0.04cvss —epss 0.10
Adobe Reader and Acrobat Trial allow remote attackers to read arbitrary files via a file:// URI in a PDF document, as demonstrated with <</URI(file:///C:/)/S/URI>>, a different issue than CVE-2007-0045.
- CVE-2007-1217Mar 2, 2007risk 0.00cvss —epss 0.00
Buffer overflow in the bufprint function in capiutil.c in libcapi, as used in Linux kernel 2.6.9 to 2.6.20 and isdn4k-utils, allows local users to cause a denial of service (crash) and possibly gain privileges via a crafted CAPI packet.
- CVE-2007-1218Mar 2, 2007risk 0.00cvss —epss 0.03
Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. NOTE: this was originally referred to as heap-based, but…
- CVE-2007-0996Feb 27, 2007risk 0.00cvss —epss 0.02
The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.
- CVE-2007-1117Feb 27, 2007risk 0.01cvss —epss 0.18
Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. …
- CVE-2007-1118Feb 27, 2007risk 0.03cvss —epss 0.03
Multiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path_to_smf parameter to (1) bridges/SMF/logout.php or (2) get_session_vars.php.
- CVE-2007-1119Feb 27, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in Novell ZENworks 7 Desktop Management Support Pack 1 before Hot patch 3 (ZDM7SP1HP3) allows remote attackers to upload images to certain folders that were not configured in the "Only allow uploads to the following directories" setting via unspecified…
- CVE-2007-1120Feb 27, 2007risk 0.00cvss —epss 0.02
The (1) Import.LoadFromURL and (2) Export.asText.SaveToFile functions in TeeChart Pro ActiveX control (TeeChart7.ocx) allow remote attackers to download a crafted .tee file to an arbitrary location. NOTE: the provenance of this information is unknown; the details are obtained…
- CVE-2007-1121Feb 27, 2007risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php. NOTE: some of…
- CVE-2007-1122Feb 27, 2007risk 0.01cvss —epss 0.15
Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 and 1.01 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php, a…
- CVE-2007-1123Feb 27, 2007risk 0.00cvss —epss 0.02
Multiple PHP remote file inclusion vulnerabilities in ZPanel 2.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the body parameter to templates/ZPanelV2/template.php or (2) the page parameter to zpanel.php. NOTE: the zpanel.php vector may overlap…
- CVE-2007-1124Feb 27, 2007risk 0.03cvss —epss 0.03
Directory traversal vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.
- CVE-2007-1125Feb 27, 2007risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to inject arbitrary web script or HTML via the f parameter.
- CVE-2007-1126Feb 27, 2007risk 0.03cvss —epss 0.05
Directory traversal vulnerability in index.php in xtcommerce allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
- CVE-2007-1127Feb 27, 2007risk 0.03cvss —epss 0.03
Directory traversal vulnerability in enc/stylecss.php in shopkitplus allows remote attackers to read arbitrary files via a .. (dot dot) in the changetheme parameter.
- CVE-2007-1128Feb 27, 2007risk 0.00cvss —epss 0.01
shopkitplus allows remote attackers to obtain sensitive information via a request to (1) events.php with a curmonth[]=01 query string or (2) enc/stylecss.php with a changetheme[]= query string, which reveals the path in various error messages.
- CVE-2007-1129Feb 27, 2007risk 0.00cvss —epss 0.01
Multiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow remote attackers to upload and execute files via (1) an avatar upload in an add_down action, or (2) an add_link action.
- CVE-2007-1130Feb 27, 2007risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in sinagb.php in Sinapis Gastebuch 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter.
- CVE-2007-1131Feb 27, 2007risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in sinapis.php in Sinapis Forum 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter.
- CVE-2007-1132Feb 27, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in the "Contact Us" functionality in MTCMS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) message and (2) title fields.
- CVE-2007-1133Feb 27, 2007risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in fcring.php in FCRing 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the s_fuss parameter.
- CVE-2007-1114Feb 26, 2007risk 0.01cvss —epss 0.12
The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the…
- CVE-2007-1115Feb 26, 2007risk 0.00cvss —epss 0.02
The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7…