CVSS: 6.1EPSS: 9%CPEs: 4EXPL: 1CVE-2007-1280 – Adobe RoboHelp - Frameset-7.HTML Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-1280
09 May 2007 — Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5, 6, and Server 6 allows remote attackers to inject arbitrary web script or HTML via a URL after a # (hash) in the URL path, as demonstrated using en/frameset-7.html, and possibly other unspecified vectors involving templates and (1) whstart.js and (2) whcsh_home.htm in WebHelp, (3) wf_startpage.js and (4) wf_startqs.htm in FlashHelp, or (5) WindowManager.dll in RoboHelp Server 6. Una vulnerabilidad de tipo cross-site-scripting (XSS) en Adobe Robo... • https://www.exploit-db.com/exploits/30016 •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2007-2414
https://notcve.org/view.php?id=CVE-2007-2414
01 May 2007 — MyServer before 0.8.8 allows remote attackers to cause a denial of service via unspecified vectors. MyServer anterior a 0.8.8 permite a atacantes remotos provocar una denegación de servicio a través de vectores no identificados. • http://osvdb.org/35469 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2007-1981
https://notcve.org/view.php?id=CVE-2007-1981
12 Apr 2007 — The safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier on Windows allows remote attackers to cause a denial of service (daemon crash) via a long meta list command. La función safevoid_vsnprintf de Metamod-P 1.19p29 y anteriores en Windows permite a atacantes remotos provocar una denegación de servicio (caída del demonio) mediante un comando meta list largo. • http://secunia.com/advisories/24738 •
CVSS: 10.0EPSS: 31%CPEs: 1EXPL: 1CVE-2007-1644 – Microsoft DNS Server - Dynamic DNS Update/Change
https://notcve.org/view.php?id=CVE-2007-1644
24 Mar 2007 — The dynamic DNS update mechanism in the DNS Server service on Microsoft Windows does not properly authenticate clients in certain deployments or configurations, which allows remote attackers to change DNS records for a web proxy server and conduct man-in-the-middle (MITM) attacks on web traffic, conduct pharming attacks by poisoning DNS records, and cause a denial of service (erroneous name resolution). El mecanismo de actualización DNS en el servidor DNS de Microsoft Windows no valida adecuadamente a clien... • https://www.exploit-db.com/exploits/3544 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2007-1382 – PHP 'COM' Extensions - inconsistent Win32 'safe_mode' Bypass
https://notcve.org/view.php?id=CVE-2007-1382
10 Mar 2007 — The PHP COM extensions for PHP on Windows systems allow context-dependent attackers to execute arbitrary code via a WScript.Shell COM object, as demonstrated by using the Run method of this object to execute cmd.exe, which bypasses PHP's safe mode. La extensión PHP COM para PHP en los sistemas Windows permite a atacantes dependientes del contexto ejecutar código de su elección mediante el objeto COM WScript.Shell, como lo demostrado usando el método Run de dicho objeto para ejecutar cmd.exe, que evita el mo... • https://www.exploit-db.com/exploits/3429 •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2007-1281
https://notcve.org/view.php?id=CVE-2007-1281
06 Mar 2007 — Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux allows remote attackers to cause a denial of service (CPU consumption) via a crafted UPX compressed file with a negative offset, which triggers an infinite loop during decompression. Kaspersky AntiVirus Engine 6.0.1.411 para Windows y 5.5-10 para Linux permite a atacantes remotos provocar una denegación de servicio (agotamiento de CPU) mediante un archivo comprimido con UPX manipulado con un desplazamiento (offset) negativo, lo cual dispa... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=485 •
CVSS: 10.0EPSS: 12%CPEs: 94EXPL: 0CVE-2007-1093
https://notcve.org/view.php?id=CVE-2007-1093
26 Feb 2007 — Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager (NNM) before 07-10-05, and before 08-00-02 in the 08-x series, allow remote attackers to execute arbitrary code, cause a denial of service, or trigger invalid Web utility behavior. Múltiples vulnerabilidades no especificadas en JP1/Cm2/Network Node Manager (NNM) anterior a 07-10-05, y anterior a 08-00-02 en la serie 08-x, permiten a atacantes remotos ejecutar código de su elección, provocar una denegación de servicio, o disparar un comport... • http://osvdb.org/33528 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2003-1330
https://notcve.org/view.php?id=CVE-2003-1330
31 Dec 2003 — Clearswift MAILsweeper for SMTP 4.3.6 SP1 does not execute custom "on strip unsuccessful" hooks, which allows remote attackers to bypass e-mail attachment filtering policies via an attachment that MAILsweeper can detect but not remove. • http://www.mimesweeper.com/download/bin/Patches/MAILsweeper_Patches_301_ReadMe.htm •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 3CVE-2003-1372 – myPHPNuke 1.8.8 - 'links.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2003-1372
31 Dec 2003 — Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters. • https://www.exploit-db.com/exploits/22268 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2003-1392
https://notcve.org/view.php?id=CVE-2003-1392
31 Dec 2003 — CryptoBuddy 1.0 and 1.2 does not use the user-supplied passphrase to encrypt data, which could allow local users to use their own passphrase to decrypt the data. • http://www.securityfocus.com/archive/1/311176 • CWE-310: Cryptographic Issues •