CVSS: 5.8EPSS: 4%CPEs: 16EXPL: 1CVE-2007-1898 – Jetbox CMS 2.1 Email - 'FormMail.php' Input Validation
https://notcve.org/view.php?id=CVE-2007-1898
formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters. formmail.php en Jetbox CMS 2.1 permite a atacantes remotos envíar e-mails de su elección a través de recipientes modificados, a través de los parámetros _SETTINGS[allowed_email_hosts][], y subject. Jetbox CMS version 2.1 suffers from an e-mail injection vulnerability that allows for spamming. • https://www.exploit-db.com/exploits/30040 http://securityreason.com/securityalert/2710 http://www.netvigilance.com/advisory0026 http://www.osvdb.org/34088 http://www.securityfocus.com/archive/1/468644/100/0/threaded http://www.securityfocus.com/bid/23989 http://www.securitytracker.com/id?1018063 http://www.vupen.com/english/advisories/2007/1831 https://exchange.xforce.ibmcloud.com/vulnerabilities/34292 •
CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 1CVE-2007-2617 – Sun Microsystems Solaris SRSEXEC 3.2.x - Arbitrary File Read Local Information Disclosure
https://notcve.org/view.php?id=CVE-2007-2617
srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options. srsexec en el paquete Sun Remote Services (SRS) Net Connect Software Proxy Core en Sun Solaris 10 no hace cumplir los permisos de ficheros al abrirlos, lo cual permite a usuarios locales leer la primera línea de ficheros de su elección mediante las opciones -d y -v. • https://www.exploit-db.com/exploits/30021 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=531 http://osvdb.org/35940 http://secunia.com/advisories/25194 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102891-1 http://www.securityfocus.com/bid/23915 http://www.securitytracker.com/id?1018046 http://www.vupen.com/english/advisories/2007/1769 https://exchange.xforce.ibmcloud.com/vulnerabilities/34223 https://oval.cisecurity.org/repository/search/definition/ov •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2007-2529
https://notcve.org/view.php?id=CVE-2007-2529
Integer signedness error in the acl (facl) system call in Solaris 10 before 20070507 allows local users to cause a denial of service (kernel panic) and possibly gain privileges via a certain argument, related to ACE_SETACL. Error de entero sin signo en la llamada al sistema acl (facl) en Solaris 10 anterior al 07/05/2007 permite a atacantes remotos provocar una denegación de servicio (error irrecuperable en el núcleo del sistema, kernel panic) y posiblemente obtener privilegios mediante un cierto argumento, relacionado con ACE_SETACL. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=524 http://osvdb.org/34906 http://secunia.com/advisories/25162 http://securitytracker.com/id?1018009 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102869-1 http://www.securityfocus.com/bid/23863 http://www.vupen.com/english/advisories/2007/1683 https://exchange.xforce.ibmcloud.com/vulnerabilities/34147 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1669 •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2007-2465
https://notcve.org/view.php?id=CVE-2007-2465
Unspecified vulnerability in Sun Solaris 9, when Solaris Auditing (BSM) is enabled for file read, write, attribute modify, create, or delete audit classes, allows local users to cause a denial of service (panic) via unknown vectors, possibly related to the audit_savepath function. Vulnerabilidad no especificada en Sun Solaris 9, cuando Solaris Auditing (BSM) está habilitado para la lectura, escritura, modificación de atributos o borrado de clases de auditoria de fichero, permite a usuarios locales provocar denegación de servicio (panic) a través de vectores desconocidos, posiblemente relacionado con la función audit_savepath. • http://osvdb.org/34904 http://secunia.com/advisories/25081 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102900-1 http://www.securityfocus.com/bid/23751 http://www.securitytracker.com/id?1017992 http://www.vupen.com/english/advisories/2007/1611 https://exchange.xforce.ibmcloud.com/vulnerabilities/34003 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1085 •
CVSS: 6.8EPSS: 16%CPEs: 9EXPL: 2CVE-2007-2191 – FreePBX 2.2 - SIP Packet Multiple HTML Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-2191
Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php. Múltiples vulnerabilidades de secuencia de comandos en sitios cruzados (XSS) en freePBX 2.2.x permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de los campos (1) From, (2) To, (3) Call-ID, (4) User-Agent, y otros no especificados del protocolo SIP, lo cuales son almacenados en /var/log/asterisk/full y mostrados por admin/modules/logfiles/asterisk-full-log.php. • https://www.exploit-db.com/exploits/29873 http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053882.html http://osvdb.org/35315 http://secunia.com/advisories/24935 http://securityreason.com/securityalert/2627 http://www.securityfocus.com/bid/23575 http://www.vupen.com/english/advisories/2007/1535 https://exchange.xforce.ibmcloud.com/vulnerabilities/33772 •