CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 1CVE-2007-0496 – Neon Labs Website 3.2 - 'nl.php?g_strRootDir' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-0496
PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the g_strRootDir parameter. Vulnerabilidad de inclusión remota de archivo en PHP en lib/nl/nl.php de Neon Labs Website (nlws) 3.2 y versiones anteriores permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro g_strRootDir. • https://www.exploit-db.com/exploits/3163 http://osvdb.org/36797 http://www.vupen.com/english/advisories/2007/0268 •
CVSS: 7.8EPSS: 7%CPEs: 3EXPL: 0CVE-2007-0157
https://notcve.org/view.php?id=CVE-2007-0157
Array index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service (crash) via a URI with non-ASCII characters, which triggers a buffer under-read due to a type conversion error that generates a negative index. Error de índice de array en la función uri_lookup del intérprete de URI para neon 0.26.0 hasta 0.26.2, posiblemente sólo en plataformas de 54 bits, permite a servidores remotos maliciosos provocar una denegación de servicio (caída) mediante un URI con caracteres no-ASCII, lo que dispara una lectura de búfer por debajo del límite inferior debido a un error de conversión de tipos que genera un índice negativo. • http://bugs.debian.org/cgi-bin/bugreport.cgi/neon26_0.26.2-3_to_mdx1.diff?bug=404723%3Bmsg=5%3Batt=2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=404723 http://mailman.webdav.org/pipermail/cadaver/2007-January/001015.html http://mailman.webdav.org/pipermail/neon/2007-January/002362.html http://osvdb.org/39247 http://secunia.com/advisories/23751 http://secunia.com/advisories/23763 http://secunia.com/advisories/23984 http://www.mandriva.com/security/advisories?name=MDKS •
CVSS: 5.0EPSS: 16%CPEs: 1EXPL: 2CVE-2006-1941 – Neon Responders 5.4 - Remote Clock Synchronization Denial of Service
https://notcve.org/view.php?id=CVE-2006-1941
Neon Responder 5.4 for LANsurveyor allows remote attackers to cause a denial of service (application outage) via a crafted Clock Synchronisation packet that triggers an access violation. • https://www.exploit-db.com/exploits/27668 http://secunia.com/advisories/19702 http://securityreason.com/securityalert/731 http://securityreason.com/securityalert/776 http://securitytracker.com/id?1015950 http://www.securityfocus.com/archive/1/431157/100/0/threaded http://www.securityfocus.com/bid/17569 http://www.vupen.com/english/advisories/2006/1442 https://exchange.xforce.ibmcloud.com/vulnerabilities/25904 •