CVSS: 10.0EPSS: 5%CPEs: 18EXPL: 1CVE-2007-2736 – Achievo 1.1.0 - 'config_atkroot' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-2736
PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter. Vulnerabilidad de inclusión remota de archivo en PHP en index.php de Achievo 1.1.0 permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro config_atkroot. • https://www.exploit-db.com/exploits/3928 http://osvdb.org/37919 http://www.securityfocus.com/bid/23992 https://exchange.xforce.ibmcloud.com/vulnerabilities/34305 •
CVSS: 5.8EPSS: 4%CPEs: 16EXPL: 1CVE-2007-1898 – Jetbox CMS 2.1 Email - 'FormMail.php' Input Validation
https://notcve.org/view.php?id=CVE-2007-1898
formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters. formmail.php en Jetbox CMS 2.1 permite a atacantes remotos envíar e-mails de su elección a través de recipientes modificados, a través de los parámetros _SETTINGS[allowed_email_hosts][], y subject. Jetbox CMS version 2.1 suffers from an e-mail injection vulnerability that allows for spamming. • https://www.exploit-db.com/exploits/30040 http://securityreason.com/securityalert/2710 http://www.netvigilance.com/advisory0026 http://www.osvdb.org/34088 http://www.securityfocus.com/archive/1/468644/100/0/threaded http://www.securityfocus.com/bid/23989 http://www.securitytracker.com/id?1018063 http://www.vupen.com/english/advisories/2007/1831 https://exchange.xforce.ibmcloud.com/vulnerabilities/34292 •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2007-2351
https://notcve.org/view.php?id=CVE-2007-2351
Unspecified vulnerability in the HP Power Manager Remote Agent (RA) 4.0Build10 and earlier in HP-UX B.11.11 and B.11.23 allows local users to execute arbitrary code via unspecified vectors. Vulnerabilidad sin especificar en el HP Power Manager Remote Agent (RA) 4.0Build10 y versiones anteriores en el HP-UX B.11.11 y B.11.23 permite a usuarios locales ejecutar código de su elección mediante vectores sin especificar. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00819543 http://secunia.com/advisories/25066 http://www.securityfocus.com/bid/23703 http://www.securitytracker.com/id?1017977 http://www.vupen.com/english/advisories/2007/1574 https://exchange.xforce.ibmcloud.com/vulnerabilities/33965 •
CVSS: 7.8EPSS: 8%CPEs: 5EXPL: 0CVE-2007-2246
https://notcve.org/view.php?id=CVE-2007-2246
Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when running sendmail 8.9.3 or 8.11.1; and HP-UX B.11.23 when running sendmail 8.11.1; allows remote attackers to cause a denial of service via unknown attack vectors. NOTE: due to the lack of details from HP, it is not known whether this issue is a duplicate of another CVE such as CVE-2006-1173 or CVE-2006-4434. Vulnerabilidad no especificada en HP-UX B.11.00 y B.11.11, cuando se ejecuta sendmail 8.9.3 o 8.11.1; y HP-UX B.11.23 cuando se ejecuta sendmail 8.11.1; permite a los atacantes remotos causar una denegación de servicio a través de vectores de ataque desconocidos. NOTA: debido a la falta de detalles de HP, no se sabe si este problema es un duplicado de otro CVE como CVE-2006-1173 o CVE-2006-4434. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00841370 http://secunia.com/advisories/24990 http://www.kb.cert.org/vuls/id/349305 http://www.securityfocus.com/bid/23606 http://www.securitytracker.com/id?1017966 http://www.vupen.com/english/advisories/2007/1504 • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 16%CPEs: 9EXPL: 2CVE-2007-2191 – FreePBX 2.2 - SIP Packet Multiple HTML Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-2191
Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php. Múltiples vulnerabilidades de secuencia de comandos en sitios cruzados (XSS) en freePBX 2.2.x permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de los campos (1) From, (2) To, (3) Call-ID, (4) User-Agent, y otros no especificados del protocolo SIP, lo cuales son almacenados en /var/log/asterisk/full y mostrados por admin/modules/logfiles/asterisk-full-log.php. • https://www.exploit-db.com/exploits/29873 http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053882.html http://osvdb.org/35315 http://secunia.com/advisories/24935 http://securityreason.com/securityalert/2627 http://www.securityfocus.com/bid/23575 http://www.vupen.com/english/advisories/2007/1535 https://exchange.xforce.ibmcloud.com/vulnerabilities/33772 •