CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 2CVE-2007-6232 – ftp Admin 0.1.0 - Local File Inclusion / Cross-Site Scripting / Authentication Bypass
https://notcve.org/view.php?id=CVE-2007-6232
04 Dec 2007 — Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en index.php en FTP Admin 0.1.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro error en una acción de página de error. • https://www.exploit-db.com/exploits/4681 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 17%CPEs: 21EXPL: 3CVE-2007-4938 – MPlayer 1.0 - AVIHeader.C Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-4938
18 Sep 2007 — Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value. Desbordamiento de búfer basado en pila en libmpdemux/aviheader.c en MPlayer 1.0rc1 y anteriores permite a atacantes remotos provocar denegación de servicio (caida de aplicación) o posiblemente ejecutar códi... • https://www.exploit-db.com/exploits/30578 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 5%CPEs: 18EXPL: 1CVE-2007-2736 – Achievo 1.1.0 - 'config_atkroot' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-2736
17 May 2007 — PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter. Vulnerabilidad de inclusión remota de archivo en PHP en index.php de Achievo 1.1.0 permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro config_atkroot. • https://www.exploit-db.com/exploits/3928 •
CVSS: 7.5EPSS: 3%CPEs: 16EXPL: 1CVE-2007-1898 – Jetbox CMS 2.1 Email - 'FormMail.php' Input Validation
https://notcve.org/view.php?id=CVE-2007-1898
16 May 2007 — formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters. formmail.php en Jetbox CMS 2.1 permite a atacantes remotos envíar e-mails de su elección a través de recipientes modificados, a través de los parámetros _SETTINGS[allowed_email_hosts][], y subject. • https://www.exploit-db.com/exploits/30040 •
CVSS: 6.8EPSS: 21%CPEs: 9EXPL: 2CVE-2007-2191 – FreePBX 2.2 - SIP Packet Multiple HTML Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-2191
24 Apr 2007 — Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php. Múltiples vulnerabilidades de secuencia de comandos en sitios cruzados (XSS) en freePBX 2.2.x permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de ... • https://www.exploit-db.com/exploits/29873 •
CVSS: 10.0EPSS: 17%CPEs: 13EXPL: 0CVE-2007-1917
https://notcve.org/view.php?id=CVE-2007-1917
10 Apr 2007 — Buffer overflow in the SYSTEM_CREATE_INSTANCE function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. Desbordamiento de búfer en la función SYSTEM_CREATE_INSTANCE en la SAP RFC Library 6.40 y 7.00 anterior al 11/12/2006 permite a atacantes remotos ejecutar código de su elección mediante vectores no especifi... • http://secunia.com/advisories/24722 •
CVSS: 9.8EPSS: 17%CPEs: 11EXPL: 0CVE-2007-1915
https://notcve.org/view.php?id=CVE-2007-1915
10 Apr 2007 — Buffer overflow in the RFC_START_PROGRAM function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. Desbordamiento de búfer en la función RFC_START_PROGRAM en la libreria SAP RFC Library 6.40 y 7.00 anterior a 20061211 permite a atacantes remotos ejecutar código de su elección a través de vectores no especific... • http://secunia.com/advisories/24722 •
CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0CVE-2007-1913
https://notcve.org/view.php?id=CVE-2007-1913
10 Apr 2007 — The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to verify the existence of users and groups on systems and domains via unspecified vectors, a different vulnerability than CVE-2006-6010. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. La función TRUSTED_SYSTEM_SECURITY en la SAP RFC Library 6.40 y 7.00 anterior al 11/12/2006 permite a atacantes remotos verificar la exis... • http://secunia.com/advisories/24722 •
CVSS: 10.0EPSS: 17%CPEs: 13EXPL: 0CVE-2007-1916
https://notcve.org/view.php?id=CVE-2007-1916
10 Apr 2007 — Buffer overflow in the RFC_START_GUI function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. Desbordamiento de búfer en la función RFC_START_GUI en la libreria SAP RFC Library 6.40 y 7.00 anterior a 20061211 permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados. NO... • http://secunia.com/advisories/24722 •
CVSS: 9.1EPSS: 4%CPEs: 12EXPL: 0CVE-2007-1918
https://notcve.org/view.php?id=CVE-2007-1918
10 Apr 2007 — The RFC_SET_REG_SERVER_PROPERTY function in the SAP RFC Library 6.40 and 7.00 before 20070109 implements an option for exclusive access to an RFC server, which allows remote attackers to cause a denial of service (client lockout) via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. La función RFC_SET_REG_SERVER_PROPERTY en la libreria SAP RFC Library 6.40 y 7.00 anterior a 20070109 implementa una opción para acces... • http://secunia.com/advisories/24722 •