CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 2CVE-2007-6232 – ftp Admin 0.1.0 - Local File Inclusion / Cross-Site Scripting / Authentication Bypass
https://notcve.org/view.php?id=CVE-2007-6232
Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en index.php en FTP Admin 0.1.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro error en una acción de página de error. • https://www.exploit-db.com/exploits/4681 https://www.exploit-db.com/exploits/4684 http://secunia.com/advisories/27875 https://exchange.xforce.ibmcloud.com/vulnerabilities/38780 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2007-5946
https://notcve.org/view.php?id=CVE-2007-5946
Unspecified vulnerability in the Aries PA-RISC emulator on HP-UX B.11.23 and B.11.31 on the IA-64 platform allows local users to obtain unspecified access. Vulnerabilidad no especificada en el emulador Aries PA-RISC sobre HP-UX B.11.23 y B.11.31 sobre la plataforma IA-64 permite a usuarios locales obtener accesos no especificados. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01241483 http://secunia.com/advisories/27606 http://securitytracker.com/id?1018925 http://www.securityfocus.com/bid/26383 http://www.vupen.com/english/advisories/2007/3820 https://exchange.xforce.ibmcloud.com/vulnerabilities/38361 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5548 •
CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 0CVE-2007-5536
https://notcve.org/view.php?id=CVE-2007-5536
Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to cause a denial of service via unspecified vectors. Vulnerabilidad sin especificar en el OpenSSL anterior al A.00.09.07l en el HP-UX B.11.11, B.11.23 y B.11.31 permite a usuarios locales provocar una denegación de servicio a través de vectores sin especificar. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01203958 http://osvdb.org/37894 http://secunia.com/advisories/27265 http://www.securityfocus.com/bid/26093 http://www.vupen.com/english/advisories/2007/3526 https://exchange.xforce.ibmcloud.com/vulnerabilities/37231 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5871 •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2007-5302
https://notcve.org/view.php?id=CVE-2007-5302
Multiple cross-site scripting (XSS) vulnerabilities in HP System Management Homepage (SMH) in HP-UX B.11.11, B.11.23, and B.11.31, and SMH before 2.1.10 for Linux and Windows, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en HP System Management Homepage (SMH) en HP-UX versiones B.11.11, B.11.23 y B.11.31, y SMH versiones anteriores a 2.1.10 para Linux y Windows, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio de vectores no especificados. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01183265 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01183597 http://osvdb.org/37603 http://secunia.com/advisories/27067 http://www.securityfocus.com/bid/25953 http://www.securitytracker.com/id?1018775 http://www.vupen.com/english/advisories/2007/3387 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5773 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2007-5008
https://notcve.org/view.php?id=CVE-2007-5008
The logins command in HP-UX B.11.31, B.11.23, and B.11.11 does not correctly report password status, which allows remote attackers to obtain privileges when certain "password issues" are not detected. El comando logins en HP-UX versiones B.11.31, B.11.23 y B.11.11, no reporta correctamente el estado de la contraseña, lo que permite a atacantes remotos alcanzar privilegios cuando no son detectados ciertos "password issues". • http://secunia.com/advisories/26873 http://www.securityfocus.com/bid/25740 http://www.securitytracker.com/id?1018709 http://www.vupen.com/english/advisories/2007/3230 https://exchange.xforce.ibmcloud.com/vulnerabilities/36702 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5779 https://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c01167886 • CWE-287: Improper Authentication •