Page 2 of 213 results (0.013 seconds)

CVSS: 5.8EPSS: 4%CPEs: 16EXPL: 1

formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters. formmail.php en Jetbox CMS 2.1 permite a atacantes remotos envíar e-mails de su elección a través de recipientes modificados, a través de los parámetros _SETTINGS[allowed_email_hosts][], y subject. Jetbox CMS version 2.1 suffers from an e-mail injection vulnerability that allows for spamming. • https://www.exploit-db.com/exploits/30040 http://securityreason.com/securityalert/2710 http://www.netvigilance.com/advisory0026 http://www.osvdb.org/34088 http://www.securityfocus.com/archive/1/468644/100/0/threaded http://www.securityfocus.com/bid/23989 http://www.securitytracker.com/id?1018063 http://www.vupen.com/english/advisories/2007/1831 https://exchange.xforce.ibmcloud.com/vulnerabilities/34292 •

CVSS: 5.0EPSS: 5%CPEs: 9EXPL: 1

Foxit Reader 2.0 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. Foxit Reader 2.0 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) mediante un documento PDF manipulado artesanalmente. • https://www.exploit-db.com/exploits/3770 http://osvdb.org/39054 http://www.securityfocus.com/bid/23576 https://exchange.xforce.ibmcloud.com/vulnerabilities/33784 •

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0

Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 allows local users to modify memory and gain privileges via the temporary \Device\PhysicalMemory section handle, a related issue to CVE-2007-1206. Condición de carrera en la Virtual DOS Machine (VDM) en el núcleo de Windows en Microsoft Windows NT 4.0 permite a usuarios locales modificar la memoria y obtener privilegios mediante un manejador de sección \Device\PhysicalMemory temporal, un asunto relacionado con CVE-2007-1206. • http://osvdb.org/37635 http://research.eeye.com/html/advisories/published/AD20070410a.html http://securityreason.com/securityalert/2563 http://www.securityfocus.com/archive/1/465232/100/0/threaded •

CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0

SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter. Vulnerabilidad de inyección SQL en directory.php en Super Link Exchange Script 1.0 podría permitir a atacantes remotos ejecutar consultas SQL de su elección a través del parámetro cat. • http://securityreason.com/securityalert/2285 http://www.securityfocus.com/archive/1/435166/30/4680/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/26720 •

CVSS: 5.0EPSS: 1%CPEs: 11EXPL: 0

The IMAP4 service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a message with a long subject field. El servicio IMAP4 en MERCUR Messaging 2005 anterior a Service Pack 4 permite a atacantes remotos provocar denegación de servicio (caida) a través de un mensaje con un campo subject. • http://secunia.com/advisories/20432 http://www.atrium-software.com/download/McrReadMe_EN.html http://www.securityfocus.com/bid/18462 http://www.vupen.com/english/advisories/2006/2354 https://exchange.xforce.ibmcloud.com/vulnerabilities/27229 •