CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2007-1572 – JGBBS 3.0beta1 - 'search.asp?author' SQL Injection
https://notcve.org/view.php?id=CVE-2007-1572
SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter, a different vector than CVE-2007-1440. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de inyección SQL en earch.asp del JGBBS 3.0 Beta 1 y versiones anteriores permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro title. Vulnerabilidad diferente a la CVE-2007-1440. NOTA: la procedencia de esta información es desconocida; los detalles se obtienen a partir de la información de terceros. • https://www.exploit-db.com/exploits/3470 http://www.vupen.com/english/advisories/2007/0940 •
CVSS: 6.8EPSS: 14%CPEs: 1EXPL: 0CVE-2007-1466
https://notcve.org/view.php?id=CVE-2007-1466
Integer overflow in the WP6GeneralTextPacket::_readContents function in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file, a different vulnerability than CVE-2007-0002. Un desbordamiento de enteros en la función WP6GeneralTextPacket::_ readContents en el importador/exportador de documentos (libwpd) de WordPerfect anterior a versión 0.8.9, permite a los atacantes remotos asistidos por el usuario causar una denegación de servicio (bloqueo de aplicación) y posiblemente ejecutar código arbitrario por medio de un archivo WordPerfect creado, Vulnerabilidad diferente a la CVE-2007-0002. • http://fedoranews.org/cms/node/2805 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=490 http://secunia.com/advisories/24507 http://secunia.com/advisories/24550 http://secunia.com/advisories/24557 http://secunia.com/advisories/24572 http://secunia.com/advisories/24573 http://secunia.com/advisories/24580 http://secunia.com/advisories/24581 http://secunia.com/advisories/24588 http://secunia.com/advisories/24794 http://secunia.com/advisories/24856 http:// • CWE-189: Numeric Errors •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-1135
https://notcve.org/view.php?id=CVE-2007-1135
Multiple SQL injection vulnerabilities in WebMplayer before 0.6.1-Alpha allow remote attackers to execute arbitrary SQL commands via the (1) strid parameter to index.php and the (2) id[0] or other id array index parameter to filecheck.php. Múltiples vulnerabilidades de inyección SQL en WebMplayer anterior a 0.6.1-Alpha permite a atacantes remotos ejecutar comandos SQL de su elección mediante el (1) parámetro strid a index.php y el (2) parámetro id[0] u otros índices del vector de parámetros id a filecheck.php. • http://osvdb.org/34442 http://osvdb.org/34443 http://sourceforge.net/project/shownotes.php?release_id=486880&group_id=172354 http://www.securityfocus.com/bid/22726 http://www.vupen.com/english/advisories/2007/0742 •
CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0CVE-2007-1137
https://notcve.org/view.php?id=CVE-2007-1137
putmail.py in Putmail before 1.4 does not detect when a user attempts to use TLS with a server that does not support it, which causes putmail.py to send the username and password in plaintext while the user believes encryption is in use, and allows remote attackers to obtain sensitive information. putmail.py en Putmail anterior a 1.4 no detecta cuando un usuario intenta utilizar TLS con un servidor que no lo soporta, lo cual provoca que putmail.py envíe el nombre de usuario y contraseña en texto plano mientras que el usuario cree que se está usando cifrado, y permite a atacantes remotos obtener información sensible. • http://osvdb.org/33764 http://putmail.sourceforge.net/home.html http://secunia.com/advisories/24266 http://www.securityfocus.com/bid/22718 http://www.vupen.com/english/advisories/2007/0753 https://exchange.xforce.ibmcloud.com/vulnerabilities/32689 •
CVSS: 10.0EPSS: 13%CPEs: 14EXPL: 1CVE-2005-4837
https://notcve.org/view.php?id=CVE-2005-4837
snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177. • http://secunia.com/advisories/25114 http://secunia.com/advisories/25115 http://secunia.com/advisories/25411 http://sourceforge.net/tracker/index.php?func=detail&aid=1207023&group_id=12694&atid=112694 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102929-1 http://www.securityfocus.com/bid/23762 http://www.ubuntu.com/usn/USN-456-1 http://www.vupen.com/english/advisories/2007/1944 https://issues.rpath.com/browse/RPL-1334 https://oval.cisecurity.org/repository/sea • CWE-16: Configuration CWE-189: Numeric Errors •