The (1) Import.LoadFromURL and (2) Export.asText.SaveToFile functions in TeeChart Pro ActiveX control (TeeChart7.ocx) allow remote attackers to download a crafted .tee file to an arbitrary location. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
9.3
EPSS Score
1.04%
Published
2007-02-27
Updated
2017-07-29
Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
Max CVSS
10.0
EPSS Score
5.12%
Published
2007-02-27
Updated
2008-11-15
Unrestricted file upload vulnerability in the onAttachFiles function in the upload tool (inc/lib/attachment.lib.php) in Wiclear before 0.11.1 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to filename validation. NOTE: some details were obtained from third party information.
Max CVSS
10.0
EPSS Score
1.57%
Published
2007-02-26
Updated
2017-07-29
Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager (NNM) before 07-10-05, and before 08-00-02 in the 08-x series, allow remote attackers to execute arbitrary code, cause a denial of service, or trigger invalid Web utility behavior.
Max CVSS
10.0
EPSS Score
10.41%
Published
2007-02-26
Updated
2017-07-29
Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects.
Max CVSS
9.3
EPSS Score
96.73%
Published
2007-02-26
Updated
2018-10-16
Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method.
Max CVSS
9.3
EPSS Score
50.96%
Published
2007-02-23
Updated
2017-07-29
Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x allow user-assisted remote attackers to execute arbitrary code via a long (1) DataPath or (2) DownloadPath attributed in a (a) NBI file, or (3) a long group field in a (b) NZB file.
Max CVSS
9.3
EPSS Score
21.27%
Published
2007-02-22
Updated
2017-10-11
Static code injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary PHP code via the bgcolor parameter, which is inserted into mcrconf.inc.php.
Max CVSS
10.0
EPSS Score
0.83%
Published
2007-02-22
Updated
2018-10-16

CVE-2007-1070

Public exploit
Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll.
Max CVSS
10.0
EPSS Score
95.45%
Published
2007-02-21
Updated
2018-10-16
The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device.
Max CVSS
10.0
EPSS Score
1.20%
Published
2007-02-22
Updated
2019-05-23
The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and Station 7936 3.3(12) and earlier does not properly handle administrator HTTP sessions, which allows remote attackers to bypass authentication controls via a direct URL request to the administrative HTTP interface for a limited time
Max CVSS
10.0
EPSS Score
6.50%
Published
2007-02-22
Updated
2019-05-23
Multiple PHP remote file inclusion vulnerabilities in phpXmms 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the tcmdp parameter to (1) phpxmmsb.php or (2) phpxmmst.php. NOTE: this issue has been disputed by a reliable third party, stating that the tcmdp variable is initialized by config.php
Max CVSS
10.0
EPSS Score
0.90%
Published
2007-02-21
Updated
2024-03-21
PHP remote file inclusion vulnerability in index.php in PBLang (PBL) 4.60 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the dbpath parameter, a different vector than CVE-2006-5062. NOTE: this issue has been disputed by a reliable third party for 4.65, stating that the dbpath variable is initialized in an included file that is created upon installation
Max CVSS
10.0
EPSS Score
1.10%
Published
2007-02-21
Updated
2024-03-21
mAlbum 0.3 has default accounts (1) "login"/"pass" for its administrative account and (2) "dqsfg"/"sdfg", which allows remote attackers to gain privileges.
Max CVSS
10.0
EPSS Score
2.59%
Published
2007-02-21
Updated
2018-10-16
Multiple stack-based buffer overflows in S&H Computer Systems News Rover 12.1 Rev 1 allow remote attackers to execute arbitrary code via a .nzb file with a long (1) group or (2) subject string.
Max CVSS
9.3
EPSS Score
17.61%
Published
2007-02-21
Updated
2017-10-11
Unspecified vulnerability in Peanut Knowledge Base (PeanutKB) 0.0.3 and earlier has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.58%
Published
2007-02-21
Updated
2017-07-29
Stack-based buffer overflow in News File Grabber 4.1.0.1 and earlier allows remote attackers to execute arbitrary code via a .nzb file with a long subject field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
9.3
EPSS Score
24.17%
Published
2007-02-21
Updated
2017-07-29
PHP remote file inclusion vulnerability in include.php in Meganoide's news 1.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter.
Max CVSS
10.0
EPSS Score
15.33%
Published
2007-02-21
Updated
2018-10-16
SQL injection vulnerability in inc_listnews.asp in CodeAvalanche News 1.x allows remote attackers to execute arbitrary SQL commands via the CAT_ID parameter.
Max CVSS
10.0
EPSS Score
0.40%
Published
2007-02-21
Updated
2017-10-11
PHP remote file inclusion vulnerability in tpl/header.php in VirtualSystem VS-News-System 1.2.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the newsordner parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
9.3
EPSS Score
0.46%
Published
2007-02-21
Updated
2008-11-15
PHP remote file inclusion vulnerability in show_news_inc.php in VirtualSystem VS-News-System 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the newsordner parameter.
Max CVSS
9.3
EPSS Score
11.81%
Published
2007-02-21
Updated
2017-10-11
SQL injection vulnerability in HaberDetay.asp in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
10.0
EPSS Score
0.30%
Published
2007-02-21
Updated
2017-10-11
Stack-based buffer overflow in VicFTPS before 5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long CWD command.
Max CVSS
10.0
EPSS Score
15.78%
Published
2007-02-21
Updated
2017-10-11
PHP remote file inclusion vulnerability in generate.php in VirtualSystem Htaccess Passwort Generator 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the ht_pfad parameter.
Max CVSS
10.0
EPSS Score
15.33%
Published
2007-02-21
Updated
2017-10-11
Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function.
Max CVSS
10.0
EPSS Score
13.77%
Published
2007-02-20
Updated
2017-10-11
80 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!