Stack-based buffer overflow in Bloodshed Dev-C++ 4.9.9.2 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp file.
Max CVSS
4.3
EPSS Score
2.55%
Published
2007-01-31
Updated
2017-10-19
SQL injection vulnerability in tForum 2.00 in the Raymond BERTHOU script collection (aka RBL - ASP) allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) pass to user_confirm.asp.
Max CVSS
7.5
EPSS Score
0.31%
Published
2007-01-31
Updated
2018-10-16
Buffer overflow in the EnumPrintersA function in dapcnfsd.dll 0.6.4.0 in Shaffer Solutions (SSC) DiskAccess NFS Client allows remote attackers to execute arbitrary code via a long argument, an issue similar to CVE-2006-5854 and CVE-2007-0444.
Max CVSS
7.5
EPSS Score
2.76%
Published
2007-01-31
Updated
2008-11-13
Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses."
Max CVSS
10.0
EPSS Score
0.53%
Published
2007-01-31
Updated
2017-07-29
Multiple static code injection vulnerabilities in error.php in GuppY 4.5.16 and earlier allow remote attackers to inject arbitrary PHP code into a .inc file in the data/ directory via (1) a REMOTE_ADDR cookie or (2) a cookie specifying an element of the msg array with an error number in the first dimension and 0 in the second dimension, as demonstrated by msg[999][0].
Max CVSS
7.5
EPSS Score
1.81%
Published
2007-01-31
Updated
2017-10-19
show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers to obtain sensitive information (database contents) via a % (percent) character in the dbfieldv parameter.
Max CVSS
5.0
EPSS Score
1.80%
Published
2007-01-31
Updated
2017-10-19
Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
Max CVSS
7.5
EPSS Score
2.90%
Published
2007-01-31
Updated
2017-10-19
Unspecified vulnerability in inotify before 0.3.5 has unknown impact and attack vectors, related to "access rights to watched files."
Max CVSS
2.1
EPSS Score
0.06%
Published
2007-01-31
Updated
2011-03-08
Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) config[path] parameter to (a) common_foot.php or (b) blogs.php, or (2) the config[theme] parameter to (c) admin/gallery_head.php.
Max CVSS
7.5
EPSS Score
14.41%
Published
2007-01-31
Updated
2018-10-16
Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets.
Max CVSS
7.8
EPSS Score
5.25%
Published
2007-01-31
Updated
2017-10-11
PHP remote file inclusion vulnerability in include/themes/themefunc.php in MyNews 4.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter.
Max CVSS
7.5
EPSS Score
15.33%
Published
2007-01-31
Updated
2017-10-19
SQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via a username cookie, a different vector than CVE-2007-0560.
Max CVSS
7.5
EPSS Score
0.23%
Published
2007-01-31
Updated
2011-03-08
SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
Max CVSS
7.5
EPSS Score
3.13%
Published
2007-01-31
Updated
2017-10-19
Multiple SQL injection vulnerabilities in the generate_csv function in classes/class.news.php in X-dev xNews 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) from, and (3) q parameters, different vectors than CVE-2007-0569. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.14%
Published
2007-01-31
Updated
2011-03-08
The www_purgeList method in Plain Black WebGUI before 7.3.8 does not properly check user permissions, which allows attackers to delete unauthorized assets. NOTE: some of these details are obtained from third party information.
Max CVSS
6.4
EPSS Score
0.42%
Published
2007-01-31
Updated
2017-07-29
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the (1) goto or (2) gx-charset parameter. NOTE: some of these details are obtained from third party information.
Max CVSS
4.3
EPSS Score
0.72%
Published
2007-01-31
Updated
2017-07-29
Michael Still gtalkbot before 1.2 places username and password arguments on the command line, which allows local users to obtain sensitive information by listing the process.
Max CVSS
4.9
EPSS Score
0.04%
Published
2007-01-31
Updated
2017-07-29
The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines."
Max CVSS
6.5
EPSS Score
3.39%
Published
2007-01-31
Updated
2021-04-19
nxconfigure.sh in NoMachine NX Server before 2.1.0-18 does not validate the invoking user, which allows local users to modify server configuration keys in /usr/NX/etc/server.cfg, resulting in an unspecified denial of service.
Max CVSS
4.9
EPSS Score
0.04%
Published
2007-01-31
Updated
2017-07-29
user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the full path via a ' (quote) character, and possibly other invalid values, in the uname parameter in a userinfo operation.
Max CVSS
5.0
EPSS Score
0.61%
Published
2007-01-31
Updated
2018-10-16
SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows remote attackers to execute arbitrary SQL commands via the startrow parameter.
Max CVSS
7.5
EPSS Score
1.30%
Published
2007-01-31
Updated
2018-10-16
Cross-site request forgery (CSRF) vulnerability in MyBB (aka MyBulletinBoard) 1.2.2 allows remote attackers to send messages to arbitrary users. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
5.0
EPSS Score
0.27%
Published
2007-01-31
Updated
2008-11-15
download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php.
Max CVSS
5.0
EPSS Score
2.71%
Published
2007-01-31
Updated
2018-10-16
chmlib before 0.39 allows user-assisted remote attackers to execute arbitrary code via a crafted page block length in a CHM file, which triggers memory corruption.
Max CVSS
9.3
EPSS Score
6.21%
Published
2007-01-31
Updated
2011-03-08
Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
Max CVSS
7.5
EPSS Score
0.43%
Published
2007-01-31
Updated
2017-07-29
589 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!