Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2007-4230 BellaBiblio allows remote attackers to gain administrative privileges via a bellabiblio cookie with the value "administrator." NOTE: this issue is disputed by CVE and multiple third parties because th... | N/A | NONE | — | 0 |
| CVE-2007-4231 PHP remote file inclusion vulnerability in order/login.php in IDevSpot PhpHostBot 1.06 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the svr_rootscript parameter, a di... | N/A | NONE | — | 0 |
| CVE-2007-4232 PHP remote file inclusion vulnerability in admin/inc/change_action.php in Andreas Robertz PHPNews 0.93 allows remote attackers to execute arbitrary PHP code via a URL in the format_menue parameter. | N/A | NONE | — | 0 |
| CVE-2007-4233 Multiple unspecified vulnerabilities in Camera Life before 2.6 allow attackers to cause a denial of service via unknown vectors. | N/A | NONE | — | 0 |
| CVE-2007-4234 Unspecified vulnerability in Camera Life before 2.6 allows remote attackers to download private photos via unspecified vectors associated with the names of the photos. NOTE: some of these details are... | N/A | NONE | — | 0 |
| CVE-2007-4235 Multiple PHP remote file inclusion vulnerabilities in VietPHP allow remote attackers to execute arbitrary PHP code via a URL in (1) the dirpath parameter to (a) _functions.php, or (2) the language par... | N/A | NONE | — | 0 |
| CVE-2007-4236 Buffer overflow in lpd in bos.rte.printers in AIX 5.2 and 5.3 allows local users with printq group privileges to gain root privileges. | N/A | NONE | — | 0 |
| CVE-2007-4237 Buffer overflow in the atm subset in arp in devices.common.IBM.atm.rte in AIX 5.2 and 5.3 allows local users to gain root privileges. | N/A | NONE | — | 0 |
| CVE-2025-23696 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ronan Mockett Staging CDN staging-cdn allows Reflected XSS.This issue affects Staging CDN: from n/... | 7.1 | HIGH | — | 0 |
| CVE-2007-4238 AIX 5.2 and 5.3 install pioinit with user and group ownership of bin, which allows local users with bin or possibly printq privileges to gain root privileges by modifying pioinit. | N/A | NONE | — | 0 |
| CVE-2007-4239 Cross-site scripting (XSS) vulnerability in user/forgotPassStep2.jsp in the admin interface in C-SAM oneWallet 210_07062007;1.0 allows remote attackers to inject arbitrary web script or HTML via the l... | N/A | NONE | — | 0 |
| CVE-2007-4240 The check_logout function in class/auth.php in Help Center Live (hcl) 2.1.3a sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote atta... | N/A | NONE | — | 0 |
| CVE-2007-4241 Buffer overflow in ldcconn in Hewlett-Packard (HP) Controller for Cisco Local Director on HP-UX 11.11i allows remote attackers to execute arbitrary code via a long string to TCP port 17781. | N/A | NONE | — | 0 |
| CVE-2007-4242 The pop3 Proxy in Astaro Security Gateway (ASG) 7 does not perform virus scanning of attachments that exceed the maximum attachment size, and passes these attachments, which allows remote attackers to... | N/A | NONE | — | 0 |
| CVE-2007-4243 Unspecified vulnerability in pfilter-reporter.pl in Astaro Security Gateway (ASG) 7 allows remote attackers to cause a denial of service (CPU consumption) via certain network traffic, as demonstrated ... | N/A | NONE | — | 0 |
| CVE-2007-4244 PHP remote file inclusion vulnerability in langset.php in J! Reactions (com_jreactions) 1.8.1 and earlier, a Joomla! component, allows remote attackers to execute arbitrary PHP code via a URL in the c... | N/A | NONE | — | 0 |
| CVE-2007-4245 Cross-site scripting (XSS) vulnerability in Search.php in DiMeMa CONTENTdm (CDM) allows remote attackers to inject arbitrary web script or HTML via a search, probably related to the CISOBOX1 parameter... | N/A | NONE | — | 0 |
| CVE-2007-4246 Unspecified vulnerability, possibly a buffer overflow, in Justsystem Ichitaro 2007 and earlier allows remote attackers to execute arbitrary code via a modified document, as actively exploited in Augus... | N/A | NONE | — | 0 |
| CVE-2007-4247 Windows Calendar on Microsoft Windows Vista allows remote attackers to cause a denial of service (NULL dereference and persistent application crash) via a malformed ICS file. | N/A | NONE | — | 0 |
| CVE-2007-4248 The CallCmd function in toolbar_gaming.dll in the Toolbar Gaming toolbar for Internet Explorer allows remote attackers to cause a denial of service (NULL dereference and browser crash) via unspecified... | N/A | NONE | — | 0 |
| CVE-2007-4249 The isChecked function in Toolbar.DLL in the ExportNation toolbar for Internet Explorer allows remote attackers to cause a denial of service (NULL dereference and browser crash) via unspecified vector... | N/A | NONE | — | 0 |
| CVE-2007-4250 The isChecked function in Toolbar.DLL in Advanced Searchbar before 3.33 allows remote attackers to cause a denial of service (NULL dereference and browser crash) via unspecified vectors. | N/A | NONE | — | 0 |
| CVE-2007-4251 OpenOffice.org (OOo) 2.2 does not properly handle files with multiple extensions, which allows user-assisted remote attackers to cause a denial of service. | N/A | NONE | — | 0 |
| CVE-2007-4252 Absolute path traversal vulnerability in a certain ActiveX control in CkString.dll 1.1 and earlier in CHILKAT ASP String allows remote attackers to create or overwrite arbitrary files via a full pathn... | N/A | NONE | — | 0 |
| CVE-2007-4253 SQL injection vulnerability in the News module in modules.php in Envolution 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than... | N/A | NONE | — | 0 |
| CVE-2007-4254 Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL in Microsoft Visual Database Tools Database Designer 7.0 for Microsoft Visual Studio 6 allows remote attackers to execute arbitrar... | N/A | NONE | — | 0 |
| CVE-2007-4255 Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function. | N/A | NONE | — | 0 |
| CVE-2007-4256 Directory traversal vulnerability in showpage.cgi in YNP Portal System 2.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. | N/A | NONE | — | 0 |
| CVE-2007-4257 Multiple buffer overflows in Live for Speed (LFS) S1 and S2 allow user-assisted remote attackers to execute arbitrary code via (1) a .spr file (single player replay file) containing a long user name o... | N/A | NONE | — | 0 |
| CVE-2007-4258 SQL injection vulnerability in directory.php in Prozilla Pub Site Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter. | N/A | NONE | — | 0 |
| CVE-2007-4259 EZPhotoSales 1.9.3 and earlier allows remote attackers to download arbitrary image files via (1) a direct request for a URL under OnlineViewing/galleries/ or (2) navigation of the gallery user interfa... | N/A | NONE | — | 0 |
| CVE-2007-4260 EZPhotoSales 1.9.3 and earlier has a default "admin" account for galleries, which allows remote attackers to access arbitrary galleries by specifying this username. | N/A | NONE | — | 0 |
| CVE-2007-4261 EZPhotoSales 1.9.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) a file containing cleartext passwords via... | N/A | NONE | — | 0 |
| CVE-2007-4262 Unrestricted file upload vulnerability in EZPhotoSales 1.9.3 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP code under OnlineViewing/galleries/. | N/A | NONE | — | 0 |
| CVE-2007-4263 Unspecified vulnerability in the server side of the Secure Copy (SCP) implementation in Cisco 12.2-based IOS allows remote authenticated users to read, write or overwrite any file on the device's file... | N/A | NONE | — | 0 |
| CVE-2007-4264 Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) 1.5.2 and earlier allow remote attackers to inject arbitrary web scri... | N/A | NONE | — | 0 |
| CVE-2007-4265 Multiple cross-site scripting (XSS) vulnerabilities in VisionProject 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) projectIssueId parameter in EditProjectIs... | N/A | NONE | — | 0 |
| CVE-2007-3872 Multiple stack-based buffer overflows in the Shared Trace Service (OVTrace) service for HP OpenView Operations A.07.50 for Windows, and possibly earlier versions, allow remote attackers to execute arb... | N/A | NONE | — | 0 |
| CVE-2007-2955 Multiple unspecified "input validation error" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006,... | N/A | NONE | — | 0 |
| CVE-2007-3843 The Linux kernel before 2.6.23-rc1 checks the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for secur... | N/A | NONE | — | 0 |
| CVE-2007-4279 PHP remote file inclusion vulnerability in config.php in FrontAccounting 1.12 Build 31 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter. | N/A | NONE | — | 0 |
| CVE-2007-4280 The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authentica... | N/A | NONE | — | 0 |
| CVE-2007-4281 Cross-site scripting (XSS) vulnerability in KnowledgeTree Open Source 3.4 and 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the login field on the login page, and other unsp... | N/A | NONE | — | 0 |
| CVE-2007-4282 The "Extended properties for entries" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and "delive... | N/A | NONE | — | 0 |
| CVE-2007-4283 PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter. | N/A | NONE | — | 0 |
| CVE-2007-5582 Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to in... | N/A | NONE | — | 0 |
| CVE-2007-6151 The isdn_ioctl function in isdn_common.c in Linux kernel 2.6.23 allows local users to cause a denial of service via a crafted ioctl struct in which iocts is not null terminated, which triggers a buffe... | N/A | NONE | — | 0 |
| CVE-2007-6195 Buffer overflow in the sw_rpc_agent_init function in swagentd in Software Distributor (SD), and possibly other DCE applications, in HP HP-UX B.11.11 and B.11.23 allows remote attackers to execute arbi... | N/A | NONE | — | 0 |
| CVE-2007-6249 etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might all... | N/A | NONE | — | 0 |
| CVE-2007-6338 SQL injection vulnerability in userlogin.jsp in Trivantis CourseMill Enterprise Learning Management System 4.1 SP4 allows remote attackers to execute arbitrary SQL commands via the user parameter (use... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.