Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2007-2186 Foxit Reader 2.0 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. | N/A | NONE | — | 0 |
| CVE-2007-2187 Stack-based buffer overflow in eXtremail 2.1.1 and earlier allows remote attackers to execute arbitrary code via a long DNS response. NOTE: this might be related to CVE-2006-6926. | N/A | NONE | — | 0 |
| CVE-2007-2188 eXtremail 2.1.1 and earlier does not verify the ID field (aka transaction id) in DNS responses, which makes it easier for remote attackers to conduct DNS spoofing. | N/A | NONE | — | 0 |
| CVE-2007-2189 PHP remote file inclusion vulnerability in admin/admin_album_otf.php in the MX Smartor Full Album Pack (FAP) 2.0 RC1 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in ... | N/A | NONE | — | 0 |
| CVE-2007-2190 PHP remote file inclusion vulnerability in admin/public/webpages.php in Eba News 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter. | N/A | NONE | — | 0 |
| CVE-2007-2191 Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecifie... | N/A | NONE | — | 0 |
| CVE-2007-2192 Buffer overflow in Photofiltre Studio 8.1.1 allows user-assisted remote attackers to execute arbitrary code via a crafted .tif file. | N/A | NONE | — | 0 |
| CVE-2007-2193 Stack-based buffer overflow in the ID_X.apl plugin in ACDSee 9.0 Build 108, Pro 8.1 Build 99, and Photo Editor 4.0 Build 195 allows user-assisted remote attackers to execute arbitrary code via a craft... | N/A | NONE | — | 0 |
| CVE-2007-2194 Stack-based buffer overflow in XnView 1.90.3 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtaine... | N/A | NONE | — | 0 |
| CVE-2007-2195 aMSN (aka Alvaro's Messenger) 0.96 and earlier allows remote attackers to cause a denial of service (application crash) by sending invalid data to TCP port 31337. | N/A | NONE | — | 0 |
| CVE-2007-2196 PHP remote file inclusion vulnerability in jambook.php in the Jambook (com_Jambook) 1.0 beta7 module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosCon... | N/A | NONE | — | 0 |
| CVE-2025-23611 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webhue WH Cache & Security wh-cache-and-security allows Reflected XSS.This issue affects WH Cache ... | 7.1 | HIGH | — | 0 |
| CVE-2007-2197 Race condition in the NeatUpload ASP.NET component 1.2.11 through 1.2.16, 1.1.18 through 1.1.23, and trunk.379 through trunk.445 allows remote attackers to obtain other clients' HTTP responses via mul... | N/A | NONE | — | 0 |
| CVE-2007-2198 Cross-site scripting (XSS) vulnerability in LAN Management System (LMS) before 1.6.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably involving the OD p... | N/A | NONE | — | 0 |
| CVE-2007-2135 The ADI_BINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FND_DOCUMENTS table via the ADI_DISPLAY_REPORT function, when passed a cer... | N/A | NONE | — | 0 |
| CVE-2007-2138 Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted ... | N/A | NONE | — | 0 |
| CVE-2007-2170 The APPLSYS.FND_DM_NODES package in Oracle E-Business Suite does not check for valid sessions, which allows remote attackers to delete arbitrary nodes. NOTE: due to lack of details from Oracle, it is... | N/A | NONE | — | 0 |
| CVE-2024-13256 Insufficient Granularity of Access Control vulnerability in Drupal Email Contact allows Forceful Browsing.This issue affects Email Contact: from 0.0.0 before 2.0.4. | 7.5 | HIGH | — | 0 |
| CVE-2007-2171 Stack-based buffer overflow in the base64_decode function in GWINTER.exe in Novell GroupWise (GW) WebAccess before 7.0 SP2 allows remote attackers to execute arbitrary code via long base64 content in ... | N/A | NONE | — | 0 |
| CVE-2007-2199 PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka pcltar.php) in the PclTar module 1.3 and 1.3.1 for Vincent Blavet PhpConcept Library, as used in multiple products including (1) Joom... | N/A | NONE | — | 0 |
| CVE-2007-2200 Directory traversal vulnerability in navigator/navigator_ok.php in Pagode 0.5.8 allows remote attackers to read and possibly delete arbitrary files via a .. (dot dot) in the asolute parameter. | N/A | NONE | — | 0 |
| CVE-2007-2201 Multiple PHP remote file inclusion vulnerabilities in Post Revolution 6.6 and 7.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to (1) common.php or (2) theme... | N/A | NONE | — | 0 |
| CVE-2007-2202 PHP remote file inclusion vulnerability in inc_ACVS/SOAP/Transport.php in Accueil et Conseil en Visites et Sejours Web Services (ACVSWS) PHP5 (ACVSWS_PHP5) 1.0 allows remote attackers to execute arbit... | N/A | NONE | — | 0 |
| CVE-2007-2203 Cross-site scripting (XSS) vulnerability in Big Blue Guestbook allows remote attackers to inject arbitrary web script or HTML via the message field in the guestbook entry submission form. | N/A | NONE | — | 0 |
| CVE-2007-2204 Multiple PHP remote file inclusion vulnerabilities in GPL PHP Board (GPB) unstable-2001.11.14-1 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) db.mysq... | N/A | NONE | — | 0 |
| CVE-2007-2205 PHP remote file inclusion vulnerability in modules/rtmessageadd.php in LAN Management System (LMS) 1.5.3, and possibly 1.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the _LI... | N/A | NONE | — | 0 |
| CVE-2007-2206 Cross-site scripting (XSS) vulnerability in contact/index.php in Ripe Website Manager 0.8.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a leading "<"<" in... | N/A | NONE | — | 0 |
| CVE-2007-2207 SQL injection vulnerability in contact/index.php in Ripe Website Manager 0.8.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ripeformpost parameter. | N/A | NONE | — | 0 |
| CVE-2007-2208 Multiple PHP remote file inclusion vulnerabilities in Extreme PHPBB2 3.0 Pre Final allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) functions.php ... | N/A | NONE | — | 0 |
| CVE-2007-2209 Buffer overflow in igcore15d.dll 15.1.2.0 and 15.2.0.0 for AccuSoft ImageGear, as used in Corel Paint Shop Pro Photo 11.20 and possibly other products, allows user-assisted remote attackers to execute... | N/A | NONE | — | 0 |
| CVE-2007-2210 A certain ActiveX control in askPopStp.dll in Netsprint Ask IE Toolbar 1.1 allows remote attackers to cause a denial of service (Internet Explorer crash) via a long AddAllowed property value, related ... | N/A | NONE | — | 0 |
| CVE-2007-2211 SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action. | N/A | NONE | — | 0 |
| CVE-2007-2212 Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) month parameter.... | N/A | NONE | — | 0 |
| CVE-2012-2108 Stack-based buffer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted file... | N/A | NONE | — | 0 |
| CVE-2007-2213 Unspecified vulnerability in the Initialize function in NetscapeFTPHandler in WS_FTP Home and Professional 2007 allows remote attackers to cause a denial of service (NULL dereference and application c... | N/A | NONE | — | 0 |
| CVE-2007-2214 Unrestricted file upload vulnerability in includes/upload_file.php in DmCMS allows remote attackers to upload arbitrary PHP scripts by placing a script's contents in both the File2 and File3 parameter... | N/A | NONE | — | 0 |
| CVE-2007-2230 SQL injection vulnerability in CA Clever Path Portal allows remote authenticated users to execute limited SQL commands and retrieve arbitrary database contents via (1) the ofinterest parameter in a li... | N/A | NONE | — | 0 |
| CVE-2007-2231 Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) vi... | N/A | NONE | — | 0 |
| CVE-2007-2232 The CHECK command in Cosign 2.0.1 and earlier allows remote attackers to bypass authentication requirements via CR (\r) sequences in the cosign cookie parameter. | N/A | NONE | — | 0 |
| CVE-2007-2233 cosign-bin/cosign.cgi in Cosign 2.0.2 and earlier allows remote authenticated users to perform unauthorized actions as an arbitrary user by using CR (\r) sequences in the service parameter to inject L... | N/A | NONE | — | 0 |
| CVE-2007-2234 include/common.php in PunBB 1.2.14 and earlier does not properly handle a disabled ini_get function when checking the register_globals setting, which allows remote attackers to register global paramet... | N/A | NONE | — | 0 |
| CVE-2007-2235 Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Referer HTTP header to misc.php or the (2) cat... | N/A | NONE | — | 0 |
| CVE-2007-2236 footer.php in PunBB 1.2.14 and earlier allows remote attackers to include local files in include/user/ via a cross-site scripting (XSS) attack, or via the pun_include tag, as demonstrated by use of ad... | N/A | NONE | — | 0 |
| CVE-2007-2242 The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers. | N/A | NONE | — | 0 |
| CVE-2013-0933 Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allow remote attackers to inject arbitrary web script or HTML via uns... | N/A | NONE | — | 0 |
| CVE-2007-2243 OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a ... | N/A | NONE | — | 0 |
| CVE-2007-2244 Multiple buffer overflows in Adobe Photoshop CS2 and CS3, Illustrator CS3, and GoLive 9 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) BMP, (2) DIB, or (3) RLE file. | N/A | NONE | — | 0 |
| CVE-2007-2245 Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the fieldkey parameter to browse_foreigners.php ... | N/A | NONE | — | 0 |
| CVE-2007-2246 Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when running sendmail 8.9.3 or 8.11.1; and HP-UX B.11.23 when running sendmail 8.11.1; allows remote attackers to cause a denial of service via ... | N/A | NONE | — | 0 |
| CVE-2013-0934 EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and modify global reports via unspecified vectors. | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.