CVSS: 5.8EPSS: 4%CPEs: 16EXPL: 1CVE-2007-1898 – Jetbox CMS 2.1 Email - 'FormMail.php' Input Validation
https://notcve.org/view.php?id=CVE-2007-1898
formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters. formmail.php en Jetbox CMS 2.1 permite a atacantes remotos envíar e-mails de su elección a través de recipientes modificados, a través de los parámetros _SETTINGS[allowed_email_hosts][], y subject. Jetbox CMS version 2.1 suffers from an e-mail injection vulnerability that allows for spamming. • https://www.exploit-db.com/exploits/30040 http://securityreason.com/securityalert/2710 http://www.netvigilance.com/advisory0026 http://www.osvdb.org/34088 http://www.securityfocus.com/archive/1/468644/100/0/threaded http://www.securityfocus.com/bid/23989 http://www.securitytracker.com/id?1018063 http://www.vupen.com/english/advisories/2007/1831 https://exchange.xforce.ibmcloud.com/vulnerabilities/34292 •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2007-2730
https://notcve.org/view.php?id=CVE-2007-2730
Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier. Check Point Zonealarm Pro anterior a 6.5.737.000 no comprueba adecuadamente la equivalencia de identificadores de proceso para determinadas funciones de la API de Windows en el núcleo de NT5.0 y superiores, lo cual permite a usuarios locales llamar a estas funciones y evitar reglas del cortafuegos u obtener privilegios, mediante un identificador modificado que es uno, dos, o tres unidades mayor que el identificador canónico. • http://osvdb.org/37383 http://securityreason.com/securityalert/2714 http://www.matousec.com/info/advisories/Bypassing-PWF-HIPS-open-process-control-with-uncommon-identifier.php http://www.securityfocus.com/archive/1/468643/100/0/threaded •
CVSS: 9.3EPSS: 86%CPEs: 25EXPL: 0CVE-2007-0942
https://notcve.org/view.php?id=CVE-2007-0942
Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll. Microsoft Internet Explorer versión 5.01 SP4 en Windows 2000 SP4; versión 6 SP1 en Windows 2000 SP4; versiones 6 y 7 en Windows XP SP2, o Windows Server 2003 SP1 o SP2; y posiblemente versión 7 en Windows Vista "instantiate certain COM objects as ActiveX controls" inapropiadamente, que permite a los atacantes remotos ejecutar código arbitrario por medio de un objeto COM creado de la biblioteca chtskdic.dll. • http://secunia.com/advisories/23769 http://www.osvdb.org/34399 http://www.securityfocus.com/archive/1/468871/100/200/threaded http://www.securitytracker.com/id?1018019 http://www.us-cert.gov/cas/techalerts/TA07-128A.html http://www.vupen.com/english/advisories/2007/1712 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027 https://exchange.xforce.ibmcloud.com/vulnerabilities/33252 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval •
CVSS: 9.3EPSS: 80%CPEs: 13EXPL: 0CVE-2007-0945
https://notcve.org/view.php?id=CVE-2007-0945
Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and 7 on Windows Vista allows remote attackers to execute arbitrary code via certain property methods that may trigger memory corruption, aka "Property Memory Corruption Vulnerability." Microsoft Internet Explorer 6 SP1 sobre Windows 2000 SP4; 6 y 7 sobre Windows XP SP2, o Windows Server 2003 SP1 o SP2; y 7 sobre Windows Vista permite a atacantes remotos ejecutar código de su elección a través de ciertos métodos propietarios que podrían disparar corrupciones de memoria, también conocido como "Vulnerabilidad de la corrupción de la memoria propietaria". • http://secunia.com/advisories/23769 http://www.osvdb.org/34401 http://www.securityfocus.com/archive/1/468871/100/200/threaded http://www.securityfocus.com/bid/23769 http://www.securitytracker.com/id?1018019 http://www.us-cert.gov/cas/techalerts/TA07-128A.html http://www.vupen.com/english/advisories/2007/1712 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1463 •
CVSS: 9.3EPSS: 92%CPEs: 13EXPL: 1CVE-2007-2221 – Microsoft Internet Explorer 7 - Arbitrary File Rewrite (MS07-027)
https://notcve.org/view.php?id=CVE-2007-2221
Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; or 7 on Windows Vista allows remote attackers to overwrite arbitrary files via unspecified vectors, aka the "Arbitrary File Rewrite Vulnerability." Vulnerabilidad no especificada en el objeto COM mdsauth.dll de Microsoft Windows Media Server en Microsoft Internet Explorer 5.01 SP4 de Windows 2000 SP4; 6 SP1 de Windows 2000 SP4; 6 y 7 de Windows XP SP2, ó Windows Server 2003 SP1 ó SP2; ó 7 en Windows Vista permite a atacantes remotos sobre-escribir ficheros de su elección mediante vectores no especificado, también conocido como "Vulnerabilidad de Sobre-Escritura de Ficheros De Su Elección". • https://www.exploit-db.com/exploits/3892 http://secunia.com/advisories/23769 http://www.fortiguardcenter.com/advisory/FGA-2007-07.html http://www.kb.cert.org/vuls/id/500753 http://www.osvdb.org/34404 http://www.securityfocus.com/archive/1/468871/100/200/threaded http://www.securityfocus.com/bid/23827 http://www.securitytracker.com/id?1018019 http://www.us-cert.gov/cas/techalerts/TA07-128A.html http://www.vupen.com/english/advisories/2007/1712 https://docs. •