CVSS: 10.0EPSS: 5%CPEs: 18EXPL: 1CVE-2007-2736 – Achievo 1.1.0 - 'config_atkroot' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-2736
PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter. Vulnerabilidad de inclusión remota de archivo en PHP en index.php de Achievo 1.1.0 permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro config_atkroot. • https://www.exploit-db.com/exploits/3928 http://osvdb.org/37919 http://www.securityfocus.com/bid/23992 https://exchange.xforce.ibmcloud.com/vulnerabilities/34305 •
CVSS: 5.8EPSS: 4%CPEs: 16EXPL: 1CVE-2007-1898 – Jetbox CMS 2.1 Email - 'FormMail.php' Input Validation
https://notcve.org/view.php?id=CVE-2007-1898
formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters. formmail.php en Jetbox CMS 2.1 permite a atacantes remotos envíar e-mails de su elección a través de recipientes modificados, a través de los parámetros _SETTINGS[allowed_email_hosts][], y subject. Jetbox CMS version 2.1 suffers from an e-mail injection vulnerability that allows for spamming. • https://www.exploit-db.com/exploits/30040 http://securityreason.com/securityalert/2710 http://www.netvigilance.com/advisory0026 http://www.osvdb.org/34088 http://www.securityfocus.com/archive/1/468644/100/0/threaded http://www.securityfocus.com/bid/23989 http://www.securitytracker.com/id?1018063 http://www.vupen.com/english/advisories/2007/1831 https://exchange.xforce.ibmcloud.com/vulnerabilities/34292 •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 2CVE-2007-2553 – HP Tru64 5.0.1 - DOP Command Privilege Escalation
https://notcve.org/view.php?id=CVE-2007-2553
Unspecified vulnerability in dop in HP Tru64 UNIX 5.1B-4, 5.1B-3, and 5.1A PK6 allows local users to gain privileges via a large amount of data in the environment, as demonstrated by a long environment variable. Una vulnerabilidad no especificada en dop en HP Tru64 UNIX versiones 5.1B-4, 5.1B-3 y 5.1A PK6 permite a los usuarios locales alcanzar privilegios por medio de una gran cantidad de datos en el entorno, como es demostrado por una variable de entorno larga. • https://www.exploit-db.com/exploits/30017 http://osvdb.org/36203 http://secunia.com/advisories/25197 http://www.orkaan.org/tru64/orkaan_-_exp_Tru64-5.X_SSRT071326.html http://www.securityfocus.com/archive/1/468103/100/0/threaded http://www.securityfocus.com/bid/23881 http://www.securitytracker.com/id?1018021 http://www.vupen.com/english/advisories/2007/1715 https://exchange.xforce.ibmcloud.com/vulnerabilities/34175 https://www2.itrc.hp.com/service/cki/docDisplay.do?d •
CVSS: 6.8EPSS: 16%CPEs: 9EXPL: 2CVE-2007-2191 – FreePBX 2.2 - SIP Packet Multiple HTML Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-2191
Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php. Múltiples vulnerabilidades de secuencia de comandos en sitios cruzados (XSS) en freePBX 2.2.x permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de los campos (1) From, (2) To, (3) Call-ID, (4) User-Agent, y otros no especificados del protocolo SIP, lo cuales son almacenados en /var/log/asterisk/full y mostrados por admin/modules/logfiles/asterisk-full-log.php. • https://www.exploit-db.com/exploits/29873 http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053882.html http://osvdb.org/35315 http://secunia.com/advisories/24935 http://securityreason.com/securityalert/2627 http://www.securityfocus.com/bid/23575 http://www.vupen.com/english/advisories/2007/1535 https://exchange.xforce.ibmcloud.com/vulnerabilities/33772 •
CVSS: 5.0EPSS: 4%CPEs: 12EXPL: 0CVE-2007-1918
https://notcve.org/view.php?id=CVE-2007-1918
The RFC_SET_REG_SERVER_PROPERTY function in the SAP RFC Library 6.40 and 7.00 before 20070109 implements an option for exclusive access to an RFC server, which allows remote attackers to cause a denial of service (client lockout) via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. La función RFC_SET_REG_SERVER_PROPERTY en la libreria SAP RFC Library 6.40 y 7.00 anterior a 20070109 implementa una opción para acceso exclusivo a un servidor RFC, lo cual permite a atacantes remotos provocar denegación de servico (cierre del cliente) a través de vectores no especificados. NOTA: Esta información se basa en una vaga descripción inicial. • http://secunia.com/advisories/24722 http://securityreason.com/securityalert/2540 http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_SET_REG_SERVER_PROPERTY_RFC_Function_Denial_of_Service.pdf http://www.securityfocus.com/archive/1/464685/100/0/threaded http://www.securityfocus.com/bid/23309 http://www.vupen.com/english/advisories/2007/1270 https://exchange.xforce.ibmcloud.com/vulnerabilities/33418 •