Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2007-4639 EnterpriseDB Advanced Server 8.2 does not properly handle certain debugging function calls that occur before a call to pldbg_create_listener, which allows remote authenticated users to cause a denial ... | N/A | NONE | β | 0 |
| CVE-2007-4640 Unrestricted file upload vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to upload and execute arbitrary PHP files in uploads/ via an Uploads action. | N/A | NONE | β | 0 |
| CVE-2007-4641 Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonst... | N/A | NONE | β | 0 |
| CVE-2007-4642 Multiple buffer overflows in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allow remote attackers to execute arbitrary code via a long chat (PKT_CHAT) message that is not properly handled by the (1) D... | N/A | NONE | β | 0 |
| CVE-2007-4643 Integer underflow in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via a PKT_CHAT packet with a data length less than 3, which trigg... | N/A | NONE | β | 0 |
| CVE-2007-4644 Format string vulnerability in the Cl_GetPackets function in cl_main.c in the client in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allows remote Doomsday servers to execute arbitrary code via forma... | N/A | NONE | β | 0 |
| CVE-2007-4645 SQL injection vulnerability in index.php in NMDeluxe 2.0.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a newspost do action, a different vulnerability than CVE-20... | N/A | NONE | β | 0 |
| CVE-2007-4646 Buffer overflow in the pop3 service in Hexamail Server 3.0.0.001 Lite allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long USER command. | N/A | NONE | β | 0 |
| CVE-2007-4647 newswire/uploadmedia.cgi in 2coolcode Our Space (Ourspace) 2.0.9 allows remote attackers to upload certain files via unspecified vectors, probably involving unrestricted functionality in uploadmedia.c... | N/A | NONE | β | 0 |
| CVE-2007-4648 The nvcoaft51 driver in Norman Virus Control (NVC) 5.82 uses weak permissions (unrestricted write access) for the NvcOa device, which allows local users to gain privileges by (1) triggering a buffer o... | N/A | NONE | β | 0 |
| CVE-2007-4649 MicroWorld eScan Virus Control 9.0.722.1, Anti-Virus 9.0.722.1, and Internet Security 9.0.722.1 use weak permissions (Everyone:Full Control) for their installation directory trees, which allows local ... | N/A | NONE | β | 0 |
| CVE-2007-4650 Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to (1) rename items, (2) read and modify item properties, or (3) lock and replace items via unknown vectors in (a) the WebD... | N/A | NONE | β | 0 |
| CVE-2007-3996 Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH val... | N/A | NONE | β | 0 |
| CVE-2007-3997 The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as de... | N/A | NONE | β | 0 |
| CVE-2007-3998 The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error a... | N/A | NONE | β | 0 |
| CVE-2007-4652 The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink. | N/A | NONE | β | 0 |
| CVE-2007-4653 SQL injection vulnerability in links.php in the Links MOD 1.2.2 and earlier for phpBB 2.0.22 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter in a search a... | N/A | NONE | β | 0 |
| CVE-2007-4654 Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on Cisco WebNS 8.20.0.1 on Cisco Content Services Switch (CSS) series 11000 devices allows remote attackers to cause a denial of service... | N/A | NONE | β | 0 |
| CVE-2007-4655 Multiple directory traversal vulnerabilities in CGI RESCUE Shopping Basket Professional 7.51 and earlier allow remote attackers to list arbitrary directories, and possibly read arbitrary files, via di... | N/A | NONE | β | 0 |
| CVE-2007-4656 backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain... | N/A | NONE | β | 0 |
| CVE-2025-62292 In SonarQube before 25.6, 2025.3 Commercial, and 2025.1.3 LTA, authenticated low-privileged users can query the /api/v2/users-management/users endpoint and obtain user fields intended for administrato... | 4.3 | MEDIUM | β | 0 |
| CVE-2007-4657 Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a lar... | N/A | NONE | β | 0 |
| CVE-2007-4658 The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vul... | N/A | NONE | β | 0 |
| CVE-2007-4659 The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vecto... | N/A | NONE | β | 0 |
| CVE-2007-4660 Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation. | N/A | NONE | β | 0 |
| CVE-2007-4661 The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unk... | N/A | NONE | β | 0 |
| CVE-2007-4662 Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors. | N/A | NONE | β | 0 |
| CVE-2007-4663 Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function. | N/A | NONE | β | 0 |
| CVE-2007-4664 Unspecified vulnerability in the (1) attach database and (2) create database functionality in Firebird before 2.0.2, when a filename exceeds MAX_PATH_LEN, has unknown impact and attack vectors, aka CO... | N/A | NONE | β | 0 |
| CVE-2007-4665 Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to cause a denial of service (daemon crash) via an XNET session that makes multiple simultaneous requests to re... | N/A | NONE | β | 0 |
| CVE-2007-4666 Unspecified vulnerability in the server in Firebird before 2.0.2, when a Superserver/TCP/IP environment is configured, allows remote attackers to cause a denial of service (CPU and memory consumption)... | N/A | NONE | β | 0 |
| CVE-2007-4667 Unspecified vulnerability in the Services API in Firebird before 2.0.2 allows remote attackers to cause a denial of service, aka CORE-1149. | N/A | NONE | β | 0 |
| CVE-2007-4668 Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to determine the existence of arbitrary files, and possibly obtain other "file access," via unknown vectors, ak... | N/A | NONE | β | 0 |
| CVE-2007-4669 The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log (firebird.log), aka CORE-1148. | N/A | NONE | β | 0 |
| CVE-2007-4670 Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285. | N/A | NONE | β | 0 |
| CVE-2007-3849 Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced Intrusion Detection Environment (AIDE) before 0.13.1 with a database that lacks checksum information, which allows context-dependent at... | N/A | NONE | β | 0 |
| CVE-2007-4135 The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle return values from the getpwnam_r function when performing a username lookup, which can cause it to report a file as being owned by ... | N/A | NONE | β | 0 |
| CVE-2007-4476 Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack." | N/A | NONE | β | 0 |
| CVE-2007-3999 Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerbe... | N/A | NONE | β | 0 |
| CVE-2007-4000 The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values... | N/A | NONE | β | 0 |
| CVE-2007-0322 Multiple stack-based buffer overflows in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to execute arbitrary code via unspecified vectors. | N/A | NONE | β | 0 |
| CVE-2007-4471 Multiple unspecified vulnerabilities in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to create or overwrite arbitrary files via unspecified arguments to the (1... | N/A | NONE | β | 0 |
| CVE-2007-4711 Multiple cross-site scripting (XSS) vulnerabilities in Toms Gaestebuch 1.00 allow remote attackers to inject arbitrary web script or HTML via the (1) homepage, (2) mail, and (3) name parameters in a s... | N/A | NONE | β | 0 |
| CVE-2007-4712 PHP remote file inclusion vulnerability in index.php in eNetman 1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | N/A | NONE | β | 0 |
| CVE-2025-52655 Inclusion of Functionality from Untrusted Control Sphere vulnerability in HCL MyXalytics. v6.6 allows Loading third-party scripts without integrity checks or validation can allow external code run in ... | 3.1 | LOW | β | 0 |
| CVE-2007-4713 Multiple cross-site scripting (XSS) vulnerabilities in urchin.cgi in Urchin 5.6.00r2 allow remote attackers to inject arbitrary web script or HTML via the (1) dtc, (2) vid, (3) n, (4) dt, (5) ed, and ... | N/A | NONE | β | 0 |
| CVE-2007-4714 SQL injection vulnerability in error_view.php in Yvora 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | N/A | NONE | β | 0 |
| CVE-2007-4715 Multiple PHP remote file inclusion vulnerabilities in Weblogicnet allow remote attackers to execute arbitrary PHP code via a URL in the files_dir parameter in (1) es_desp.php, (2) es_custom_menu.php, ... | N/A | NONE | β | 0 |
| CVE-2007-4716 Multiple SQL injection vulnerabilities in PHD Help Desk before 1.31 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | N/A | NONE | β | 0 |
| CVE-2007-4717 Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) dir parameter in admin/adminu... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.