CVSS: 9.3EPSS: 77%CPEs: 3EXPL: 0CVE-2007-5400 – RealPlayer: SWF Frame Handling Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-5400
Heap-based buffer overflow in the Shockwave Flash (SWF) frame handling in RealNetworks RealPlayer 10.5 Build 6.0.12.1483 might allow remote attackers to execute arbitrary code via a crafted SWF file. Desbordamiento de búfer basado en montículo en el manejador de ventanas (SWF) en RealNetworks RealPlayer 10.5 Build 6.0.12.1483, puede permitir a atacantes remotos ejecutar código de su elección a través de un archivo SWF manipulado. • http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://secunia.com/advisories/27620 http://secunia.com/advisories/31321 http://secunia.com/advisories/35416 http://secunia.com/secunia_research/2007-93/advisory http://securityreason.com/securityalert/4048 http://service.real.com/realplayer/security/07252008_player/en http://www.kb.cert.org/vuls/id/298651 http://www.redhat.com/support/errata/RHSA-2008-0812.html http://www.securityfocus.com/archive/1/494749& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2CVE-2008-2881 – Relative Real Estate Systems 3.0 - 'listing_id' SQL Injection
https://notcve.org/view.php?id=CVE-2008-2881
Relative Real Estate Systems 3.0 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information. Relative Real Estate Systems 3.0 y anteriores, guarda las contraseñas en texto claro (texto sin cifrar) en una base de datos MySQL; esto permite a atacantes dependientes del contacto obtener información sensible. • https://www.exploit-db.com/exploits/5924 http://e-rdc.org/v1/news.php?readmore=101 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2007-6462 – PHP Real Estate - 'fullnews.php?id' SQL Injection
https://notcve.org/view.php?id=CVE-2007-6462
SQL injection vulnerability in fullnews.php in PHP Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en el fichero fullnews.php de PHP Real Estate Classifieds, Permite que atacantes remotos ejecuten comandos SQL arbitrarios a través del parámetro id. • https://www.exploit-db.com/exploits/4737 http://phprealestatescript.com/PHPREC-121707-646PM-PATCH.zip http://secunia.com/advisories/28119 http://www.securityfocus.com/bid/26888 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6463
https://notcve.org/view.php?id=CVE-2007-6463
Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in PHP Real Estate Classifieds allow remote attackers to inject arbitrary web script or HTML via unspecified "text areas/boxes." Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el panel de administración de PHP Real Estate Classifieds permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de "cajas/áreas de texto" no especificadas. • http://osvdb.org/43708 http://phprealestatescript.com/PHPREC-121707-646PM-PATCH.zip • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 3CVE-2007-6316 – barracudadrive 3.7.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6316
Cross-site scripting (XSS) vulnerability in BarracudaDrive Web Server before 3.8 allows remote attackers to inject arbitrary web script or HTML via the URI path in an HTTP GET request, which is activated by administrators viewing log files via the Trace page. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en el servidor web BarracudaDrive anterior a 3.8 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de la ruta URI en una respuesta HTTP GET, la cual es activada por los administradores viendo los ficheros de registro a través de una pagina Trace. • https://www.exploit-db.com/exploits/4713 http://aluigi.altervista.org/adv/barradrive-adv.txt http://secunia.com/advisories/28032 http://securityreason.com/securityalert/3434 http://www.securityfocus.com/archive/1/484833/100/0/threaded http://www.securityfocus.com/bid/26805 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •