Multiple PHP remote file inclusion vulnerabilities in Armin Burger p.mapper 3.2.0 beta3 allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[PM_INCPHP] parameter to (1) incphp/globals.php or (2) plugins/export/mc_table.php. NOTE: it could be argued that this vulnerability is caused by a problem in PHP and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in p.mapper.
Max CVSS
6.8
EPSS Score
1.98%
Published
2007-11-30
Updated
2017-07-29
A certain ActiveX control in (1) OScan8.ocx and (2) Oscan81.ocx in BitDefender Online Anti-Virus Scanner 8.0 allows remote attackers to execute arbitrary code via a long argument to the InitX method that begins with a "%%" sequence, which is misinterpreted as a Unicode string and decoded twice, leading to improper memory allocation and a heap-based buffer overflow.
Max CVSS
9.3
EPSS Score
10.81%
Published
2007-11-30
Updated
2018-10-15
Multiple directory traversal vulnerabilities in TuMusika Evolution 1.7R5 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) languages_n.php, (2) languages_f.php, or (3) languages.php in inc/; and (4) allow remote attackers to read arbitrary local files via a .. (dot dot) in the uri parameter to frames/nogui/sc_download.php.
Max CVSS
7.5
EPSS Score
1.95%
Published
2007-11-30
Updated
2017-09-29
Unspecified vulnerability in PHPDevShell before 0.7.0 has unknown impact and attack vectors, involving a "minor security bug in repair & optimize database."
Max CVSS
10.0
EPSS Score
0.24%
Published
2007-11-30
Updated
2017-07-29
Directory traversal vulnerability in users/files.php in Eurologon CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a download action, as demonstrated by a certain PHP file containing database credentials.
Max CVSS
7.5
EPSS Score
4.76%
Published
2007-11-30
Updated
2018-10-15
Directory traversal vulnerability in index.php in Project Alumni 1.0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter.
Max CVSS
7.5
EPSS Score
3.65%
Published
2007-11-30
Updated
2017-09-29
Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter.
Max CVSS
6.8
EPSS Score
0.96%
Published
2007-11-30
Updated
2018-10-15
The responder program in ISPsystem ISPmanager (aka ISPmgr) 4.2.15.1 allows local users to gain privileges via shell metacharacters in command line arguments.
Max CVSS
7.2
EPSS Score
0.04%
Published
2007-11-30
Updated
2017-07-29
Heap-based buffer overflow in cygwin1.dll in Cygwin 1.5.7 and earlier allows context-dependent attackers to execute arbitrary code via a filename with a certain length, as demonstrated by a remote authenticated user who uses the SCP protocol to send a file to the Cygwin machine, and thereby causes scp.exe on this machine to execute, and then overwrite heap memory with characters from the filename. NOTE: it is also reported that a related issue might exist in 1.5.7 through 1.5.19.
Max CVSS
8.5
EPSS Score
2.33%
Published
2007-11-30
Updated
2018-10-26
Race condition in the Remote Procedure Call kernel module (rpcmod) in Sun Solaris 8 through 10 allows local users to cause a denial of service (NULL dereference and panic) via unspecified vectors.
Max CVSS
7.6
EPSS Score
0.13%
Published
2007-11-30
Updated
2017-07-29
Multiple PHP remote file inclusion vulnerabilities in Charray's CMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the ccms_library_path parameter to (1) markdown.php and (2) gallery.php in decoder/.
Max CVSS
7.5
EPSS Score
10.53%
Published
2007-11-30
Updated
2017-09-29
Multiple PHP remote file inclusion vulnerabilities in Easy Hosting Control Panel for Ubuntu (EHCP) 0.22.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the confdir parameter to (1) dbutil.bck.php and (2) dbutil.php in config/.
Max CVSS
7.5
EPSS Score
2.03%
Published
2007-11-30
Updated
2017-09-29
PHP remote file inclusion vulnerability in Exchange/include.php in PHP_CON 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the webappcfg[APPPATH] parameter.
Max CVSS
7.5
EPSS Score
5.18%
Published
2007-11-30
Updated
2017-09-29
kb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) domain or (2) tld parameter in a check_owner action.
Max CVSS
10.0
EPSS Score
2.85%
Published
2007-11-30
Updated
2017-09-29
Buffer overflow in Lhaplus 1.55 and earlier allows remote attackers to execute arbitrary code via a crafted LZH archive, a different vector than CVE-2007-5048.
Max CVSS
6.6
EPSS Score
9.21%
Published
2007-11-30
Updated
2017-07-29
PHPDevShell before 0.7.0 allows remote authenticated users to gain privileges via a crafted request to update a user profile. NOTE: some of these details are obtained from third party information.
Max CVSS
8.5
EPSS Score
0.25%
Published
2007-11-30
Updated
2017-07-29
Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewimage.php and (2) comments.php.
Max CVSS
10.0
EPSS Score
0.09%
Published
2007-11-30
Updated
2017-10-19
SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
Max CVSS
7.5
EPSS Score
0.76%
Published
2007-11-30
Updated
2018-10-26
SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments.
Max CVSS
6.5
EPSS Score
0.21%
Published
2007-11-30
Updated
2018-10-26
SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the uname parameter, a different vector than CVE-2007-6163. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.17%
Published
2007-11-29
Updated
2017-07-29
SQL injection vulnerability in default.asp in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the username parameter, a different vector than CVE-2007-6143. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.15%
Published
2007-11-29
Updated
2011-03-08
Untrusted search path vulnerability in yast2-core in SUSE Linux might allow local users to execute arbitrary code by creating a malicious yast2 module in the current working directory.
Max CVSS
7.2
EPSS Score
0.04%
Published
2007-11-29
Updated
2008-11-15

CVE-2007-6166

Public exploit
Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.
Max CVSS
9.3
EPSS Score
97.02%
Published
2007-11-29
Updated
2018-10-30

CVE-2007-6165

Public exploit
Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. NOTE: this is a regression error related to CVE-2006-0395.
Max CVSS
9.3
EPSS Score
13.93%
Published
2007-11-29
Updated
2011-10-06
Multiple SQL injection vulnerabilities in Eurologon CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) reviews.php, (2) links.php and (3) articles.php.
Max CVSS
7.5
EPSS Score
0.06%
Published
2007-11-29
Updated
2018-10-15
276 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!