Vulnerabilites related to santa_cruz_operation - sco_unix
Vulnerability from fkie_nvd
Published
2007-09-18 19:17
Modified
2024-11-21 00:36
Severity ?
Summary
Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
apple | mac_os_x | * | |
hp | hp-ux | * | |
hp | tru64 | * | |
ibm | aix | * | |
ibm | os2 | * | |
linux | linux_kernel | * | |
mandrakesoft | mandrake_linux | 2007 | |
mandrakesoft | mandrake_linux | 2007 | |
mandrakesoft | mandrake_linux | 2007.1 | |
mandrakesoft | mandrake_linux | 2007.1 | |
microsoft | windows_2000 | * | |
microsoft | windows_2003_server | * | |
microsoft | windows_98 | * | |
microsoft | windows_me | * | |
microsoft | windows_nt | 4.0 | |
microsoft | windows_xp | * | |
santa_cruz_operation | sco_unix | * | |
sun | solaris | * | |
windriver | bsdos | * | |
mplayer | mplayer | 1.0_rc1 | |
sgi | irix | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574", "vulnerable": false }, { "criteria": "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*", "matchCriteriaId": "61A4F116-1FEE-450E-99AE-6AD9ACDDE570", "vulnerable": false }, { "criteria": "cpe:2.3:o:hp:tru64:*:*:*:*:*:*:*:*", "matchCriteriaId": "1FE64F3F-48F6-493F-A81E-2B106FF73AC1", "vulnerable": false }, { "criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79", "vulnerable": false }, { "criteria": "cpe:2.3:o:ibm:os2:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD5511BD-2A41-4FF6-BD3F-9448F3F8AC90", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37", "vulnerable": false }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*", "matchCriteriaId": "02362C25-B373-4FB1-AF4A-2AFC7F7D4387", "vulnerable": false }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:*", "matchCriteriaId": "19AD5F8D-6EB9-4E4B-9E82-FFBAB68797E9", "vulnerable": false }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*", "matchCriteriaId": "19D64247-F0A0-4984-84EA-B63FC901F002", "vulnerable": false }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:x86_64:*:*:*:*:*", "matchCriteriaId": "316AA6EB-7191-479E-99D5-40DA79E340E7", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_98:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD1B68C0-2676-4F21-8EF0-1749103CB8C2", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", "matchCriteriaId": "799DA395-C7F8-477C-8BC7-5B4B88FB7503", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E53CDA8E-50A8-4509-B070-CCA5604FFB21", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*", "matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD", "vulnerable": false }, { "criteria": "cpe:2.3:o:santa_cruz_operation:sco_unix:*:*:*:*:*:*:*:*", "matchCriteriaId": "ECCBDA43-9C75-4B36-8C90-EF26B8CD777D", "vulnerable": false }, { "criteria": "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*", "matchCriteriaId": "469B74F2-4B89-42B8-8638-731E92D463B9", "vulnerable": false }, { "criteria": "cpe:2.3:o:windriver:bsdos:*:*:*:*:*:*:*:*", "matchCriteriaId": "60ACA374-1434-4C02-8327-17BC9C000B65", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:mplayer:mplayer:1.0_rc1:*:*:*:*:*:*:*", "matchCriteriaId": "83E84D8D-93DA-47C1-9282-E127CD1862E5", "vulnerable": true }, { "criteria": "cpe:2.3:o:sgi:irix:*:*:*:*:*:*:*:*", "matchCriteriaId": "056B3397-81A9-4128-9F49-ECEBE1743EE8", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large \"indx truck size\" and nEntriesInuse values, and a certain wLongsPerEntry value." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en libmpdemux/aviheader.c en MPlayer 1.0rc1 y anteriores permite a atacantes remotos provocar denegaci\u00f3n de servicio (caida de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo .avi con cierto \"tama\u00f1o indx tratado\" y valores nEntriesInuse, y un cierto valor wLongsPerEntry." } ], "id": "CVE-2007-4938", "lastModified": "2024-11-21T00:36:46.050", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2007-09-18T19:17:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://osvdb.org/45940" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/27016" }, { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3144" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:192" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/479222/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/25648" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36581" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/45940" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/27016" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3144" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:192" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/479222/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/25648" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36581" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-12-04 18:46
Modified
2024-11-21 00:39
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*", "matchCriteriaId": "61A4F116-1FEE-450E-99AE-6AD9ACDDE570", "vulnerable": false }, { "criteria": "cpe:2.3:o:hp:tru64:*:*:*:*:*:*:*:*", "matchCriteriaId": "1FE64F3F-48F6-493F-A81E-2B106FF73AC1", "vulnerable": false }, { "criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37", "vulnerable": false }, { "criteria": "cpe:2.3:o:santa_cruz_operation:sco_unix:any_version:*:*:*:*:*:*:*", "matchCriteriaId": "D7B2A213-26BC-4192-8695-D702BEF34E33", "vulnerable": false }, { "criteria": "cpe:2.3:o:sgi:irix:any_version:*:*:*:*:*:*:*", "matchCriteriaId": "258743E2-61D1-437C-A2B3-3CC6364DC9B2", "vulnerable": false }, { "criteria": "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*", "matchCriteriaId": "469B74F2-4B89-42B8-8638-731E92D463B9", "vulnerable": false }, { "criteria": "cpe:2.3:o:windriver:bsdos:any_version:*:*:*:*:*:*:*", "matchCriteriaId": "1EC68F59-F6BA-4818-ACE0-2F095F304D21", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:ftp:admin:0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "23F3C472-E4CD-403C-8626-BA100EA7268C", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action." }, { "lang": "es", "value": "Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en index.php en FTP Admin 0.1.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro error en una acci\u00f3n de p\u00e1gina de error." } ], "id": "CVE-2007-6232", "lastModified": "2024-11-21T00:39:40.290", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2007-12-04T18:46:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/27875" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38780" }, { "source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/4681" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/27875" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38780" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/4681" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-02-23 03:28
Modified
2024-11-21 00:24
Severity ?
Summary
SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
apple | mac_os_x | 10.4.9 | |
hp | hp-ux | * | |
hp | tru64 | 5.1b_pk2_bl22 | |
ibm | aix | * | |
ibm | os2 | * | |
linux | linux_kernel | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2003_server | sp2 | |
microsoft | windows_95 | * | |
microsoft | windows_98 | * | |
microsoft | windows_98se | * | |
microsoft | windows_me | * | |
microsoft | windows_nt | 4.0 | |
microsoft | windows_xp | * | |
santa_cruz_operation | sco_unix | * | |
sun | solaris | * | |
windriver | bsdos | * | |
super_link_exchange_script | super_link_exchange_script | 1.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "786BB737-EA99-4EC6-B742-0C35BF2453F9", "vulnerable": false }, { "criteria": "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*", "matchCriteriaId": "61A4F116-1FEE-450E-99AE-6AD9ACDDE570", "vulnerable": false }, { "criteria": "cpe:2.3:o:hp:tru64:5.1b_pk2_bl22:*:*:*:*:*:*:*", "matchCriteriaId": "5F6E90A8-BF8E-46AD-A0E6-4266EE0AE70C", "vulnerable": false }, { "criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79", "vulnerable": false }, { "criteria": "cpe:2.3:o:ibm:os2:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD5511BD-2A41-4FF6-BD3F-9448F3F8AC90", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*", "matchCriteriaId": "377F7D0C-6B44-4B90-BF90-DAF959880C6D", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_95:*:*:*:*:*:*:*:*", "matchCriteriaId": "82F7322B-8022-4D0B-ADB3-D0F5B6F20309", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*", "matchCriteriaId": "2D3B703C-79B2-4FA2-9E12-713AB977A880", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA733AD2-D948-46A0-A063-D29081A56F1F", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", "matchCriteriaId": "799DA395-C7F8-477C-8BC7-5B4B88FB7503", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E53CDA8E-50A8-4509-B070-CCA5604FFB21", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*", "matchCriteriaId": "580B0C9B-DD85-40FA-9D37-BAC0C96D57FC", "vulnerable": false }, { "criteria": "cpe:2.3:o:santa_cruz_operation:sco_unix:*:*:*:*:*:*:*:*", "matchCriteriaId": "ECCBDA43-9C75-4B36-8C90-EF26B8CD777D", "vulnerable": false }, { "criteria": "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*", "matchCriteriaId": "469B74F2-4B89-42B8-8638-731E92D463B9", "vulnerable": false }, { "criteria": "cpe:2.3:o:windriver:bsdos:*:*:*:*:*:*:*:*", "matchCriteriaId": "60ACA374-1434-4C02-8327-17BC9C000B65", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:super_link_exchange_script:super_link_exchange_script:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "72865C64-C70A-4CBC-83B7-629DE0DD3532", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter." }, { "lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en directory.php en Super Link Exchange Script 1.0 podr\u00eda permitir a atacantes remotos ejecutar consultas SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro cat." } ], "id": "CVE-2006-7034", "lastModified": "2024-11-21T00:24:13.820", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2007-02-23T03:28:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2285" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/435166/30/4680/threaded" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26720" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2285" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/435166/30/4680/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26720" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-04-24 17:19
Modified
2024-11-21 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:bsd:bsd:*:*:*:*:*:*:*:*", "matchCriteriaId": "B44D379F-F380-42EC-9C9A-A4C8314A4BDF", "vulnerable": false }, { "criteria": "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*", "matchCriteriaId": "61A4F116-1FEE-450E-99AE-6AD9ACDDE570", "vulnerable": false }, { "criteria": "cpe:2.3:o:hp:tru64:*:*:*:*:*:*:*:*", "matchCriteriaId": "1FE64F3F-48F6-493F-A81E-2B106FF73AC1", "vulnerable": false }, { "criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37", "vulnerable": false }, { "criteria": "cpe:2.3:o:santa_cruz_operation:sco_unix:*:*:*:*:*:*:*:*", "matchCriteriaId": "ECCBDA43-9C75-4B36-8C90-EF26B8CD777D", "vulnerable": false }, { "criteria": "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*", "matchCriteriaId": "469B74F2-4B89-42B8-8638-731E92D463B9", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:freepbx:freepbx:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "A896A046-4843-46B6-A8BA-1E8207AC2915", "vulnerable": true }, { "criteria": "cpe:2.3:a:freepbx:freepbx:2.2_rc1:*:*:*:*:*:*:*", "matchCriteriaId": "D2B7FDB0-1CB9-49B6-B260-3BE25D7973EC", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php." }, { "lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencia de comandos en sitios cruzados (XSS) en freePBX 2.2.x permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de los campos (1) From, (2) To, (3) Call-ID, (4) User-Agent, y otros no especificados del protocolo SIP, lo cuales son almacenados en /var/log/asterisk/full y mostrados por admin/modules/logfiles/asterisk-full-log.php." } ], "id": "CVE-2007-2191", "lastModified": "2024-11-21T00:30:08.957", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2007-04-24T17:19:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053882.html" }, { "source": "cve@mitre.org", "url": "http://osvdb.org/35315" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/24935" }, { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2627" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/23575" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/1535" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33772" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053882.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/35315" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24935" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2627" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/23575" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/1535" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33772" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-05-17 19:30
Modified
2024-11-21 00:31
Severity ?
Summary
PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
apple | a_ux | * | |
apple | mac_os_x | * | |
hp | hp-ux | * | |
hp | tru64 | * | |
ibm | os2 | * | |
linux | linux_kernel | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2003_server | * | |
microsoft | windows_95 | * | |
microsoft | windows_98 | * | |
microsoft | windows_98se | * | |
microsoft | windows_me | * | |
microsoft | windows_nt | 4.0 | |
microsoft | windows_xp | * | |
santa_cruz_operation | sco_unix | * | |
sun | solaris | * | |
windriver | bsdos | * | |
achievo | achievo | 1.1.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:apple:a_ux:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9E99BBE-C53B-4C23-95AB-61239020E252", "vulnerable": false }, { "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574", "vulnerable": false }, { "criteria": "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*", "matchCriteriaId": "61A4F116-1FEE-450E-99AE-6AD9ACDDE570", "vulnerable": false }, { "criteria": "cpe:2.3:o:hp:tru64:*:*:*:*:*:*:*:*", "matchCriteriaId": "1FE64F3F-48F6-493F-A81E-2B106FF73AC1", "vulnerable": false }, { "criteria": "cpe:2.3:o:ibm:os2:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD5511BD-2A41-4FF6-BD3F-9448F3F8AC90", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_95:*:*:*:*:*:*:*:*", "matchCriteriaId": "82F7322B-8022-4D0B-ADB3-D0F5B6F20309", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*", "matchCriteriaId": "2D3B703C-79B2-4FA2-9E12-713AB977A880", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA733AD2-D948-46A0-A063-D29081A56F1F", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", "matchCriteriaId": "799DA395-C7F8-477C-8BC7-5B4B88FB7503", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E53CDA8E-50A8-4509-B070-CCA5604FFB21", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*", "matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD", "vulnerable": false }, { "criteria": "cpe:2.3:o:santa_cruz_operation:sco_unix:*:*:*:*:*:*:*:*", "matchCriteriaId": "ECCBDA43-9C75-4B36-8C90-EF26B8CD777D", "vulnerable": false }, { "criteria": "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*", "matchCriteriaId": "469B74F2-4B89-42B8-8638-731E92D463B9", "vulnerable": false }, { "criteria": "cpe:2.3:o:windriver:bsdos:*:*:*:*:*:*:*:*", "matchCriteriaId": "60ACA374-1434-4C02-8327-17BC9C000B65", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:achievo:achievo:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5D5AEF1-38CE-4B89-A15A-89D9BF3BEA55", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter." }, { "lang": "es", "value": "Vulnerabilidad de inclusi\u00f3n remota de archivo en PHP en index.php de Achievo 1.1.0 permite a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n mediante una URL en el par\u00e1metro config_atkroot." } ], "id": "CVE-2007-2736", "lastModified": "2024-11-21T00:31:31.847", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2007-05-17T19:30:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://osvdb.org/37919" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/23992" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34305" }, { "source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/3928" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/37919" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/23992" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34305" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/3928" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-05-16 22:30
Modified
2024-11-21 00:29
Severity ?
Summary
formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
apple | mac_os_x | * | |
hp | hp-ux | * | |
hp | tru64 | * | |
linux | linux_kernel | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2003_server | * | |
microsoft | windows_95 | * | |
microsoft | windows_98 | * | |
microsoft | windows_98se | * | |
microsoft | windows_me | * | |
microsoft | windows_nt | 4.0 | |
microsoft | windows_xp | * | |
santa_cruz_operation | sco_unix | * | |
sun | solaris | * | |
windriver | bsdos | * | |
jetbox | jetbox_cms | 2.1 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574", "vulnerable": false }, { "criteria": "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*", "matchCriteriaId": "61A4F116-1FEE-450E-99AE-6AD9ACDDE570", "vulnerable": false }, { "criteria": "cpe:2.3:o:hp:tru64:*:*:*:*:*:*:*:*", "matchCriteriaId": "1FE64F3F-48F6-493F-A81E-2B106FF73AC1", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_95:*:*:*:*:*:*:*:*", "matchCriteriaId": "82F7322B-8022-4D0B-ADB3-D0F5B6F20309", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*", "matchCriteriaId": "2D3B703C-79B2-4FA2-9E12-713AB977A880", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA733AD2-D948-46A0-A063-D29081A56F1F", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", "matchCriteriaId": "799DA395-C7F8-477C-8BC7-5B4B88FB7503", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E53CDA8E-50A8-4509-B070-CCA5604FFB21", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*", "matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD", "vulnerable": false }, { "criteria": "cpe:2.3:o:santa_cruz_operation:sco_unix:*:*:*:*:*:*:*:*", "matchCriteriaId": "ECCBDA43-9C75-4B36-8C90-EF26B8CD777D", "vulnerable": false }, { "criteria": "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*", "matchCriteriaId": "469B74F2-4B89-42B8-8638-731E92D463B9", "vulnerable": false }, { "criteria": "cpe:2.3:o:windriver:bsdos:*:*:*:*:*:*:*:*", "matchCriteriaId": "60ACA374-1434-4C02-8327-17BC9C000B65", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:jetbox:jetbox_cms:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "0916DF3D-71ED-423F-A2F4-842EE706ADDC", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters." }, { "lang": "es", "value": "formmail.php en Jetbox CMS 2.1 permite a atacantes remotos env\u00edar e-mails de su elecci\u00f3n a trav\u00e9s de recipientes modificados, a trav\u00e9s de los par\u00e1metros _SETTINGS[allowed_email_hosts][], y subject." } ], "id": "CVE-2007-1898", "lastModified": "2024-11-21T00:29:25.010", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2007-05-16T22:30:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2710" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.netvigilance.com/advisory0026" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.osvdb.org/34088" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/468644/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/23989" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.securitytracker.com/id?1018063" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/1831" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34292" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2710" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.netvigilance.com/advisory0026" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.osvdb.org/34088" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/468644/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/23989" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.securitytracker.com/id?1018063" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/1831" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34292" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-02-21 17:28
Modified
2024-11-21 00:27
Severity ?
Summary
Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
apple | mac_os_x | 10.4.9 | |
hp | hp-ux | * | |
hp | tru64 | 5.1b_pk2_bl22 | |
ibm | aix | * | |
ibm | os2 | * | |
linux | linux_kernel | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2003_server | sp2 | |
microsoft | windows_95 | * | |
microsoft | windows_98 | * | |
microsoft | windows_98se | * | |
microsoft | windows_me | * | |
microsoft | windows_nt | 4.0 | |
microsoft | windows_xp | * | |
santa_cruz_operation | sco_unix | * | |
sun | solaris | * | |
windriver | bsdos | * | |
ezboo | webstats | 3.0.3 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "786BB737-EA99-4EC6-B742-0C35BF2453F9", "vulnerable": false }, { "criteria": "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*", "matchCriteriaId": "61A4F116-1FEE-450E-99AE-6AD9ACDDE570", "vulnerable": false }, { "criteria": "cpe:2.3:o:hp:tru64:5.1b_pk2_bl22:*:*:*:*:*:*:*", "matchCriteriaId": "5F6E90A8-BF8E-46AD-A0E6-4266EE0AE70C", "vulnerable": false }, { "criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79", "vulnerable": false }, { "criteria": "cpe:2.3:o:ibm:os2:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD5511BD-2A41-4FF6-BD3F-9448F3F8AC90", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*", "matchCriteriaId": "377F7D0C-6B44-4B90-BF90-DAF959880C6D", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_95:*:*:*:*:*:*:*:*", "matchCriteriaId": "82F7322B-8022-4D0B-ADB3-D0F5B6F20309", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*", "matchCriteriaId": "2D3B703C-79B2-4FA2-9E12-713AB977A880", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA733AD2-D948-46A0-A063-D29081A56F1F", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", "matchCriteriaId": "799DA395-C7F8-477C-8BC7-5B4B88FB7503", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E53CDA8E-50A8-4509-B070-CCA5604FFB21", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*", "matchCriteriaId": "580B0C9B-DD85-40FA-9D37-BAC0C96D57FC", "vulnerable": false }, { "criteria": "cpe:2.3:o:santa_cruz_operation:sco_unix:*:*:*:*:*:*:*:*", "matchCriteriaId": "ECCBDA43-9C75-4B36-8C90-EF26B8CD777D", "vulnerable": false }, { "criteria": "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*", "matchCriteriaId": "469B74F2-4B89-42B8-8638-731E92D463B9", "vulnerable": false }, { "criteria": "cpe:2.3:o:windriver:bsdos:*:*:*:*:*:*:*:*", "matchCriteriaId": "60ACA374-1434-4C02-8327-17BC9C000B65", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:ezboo:webstats:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "E4F3346B-0AB1-4200-BF60-29392FB1EEB7", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php." }, { "lang": "es", "value": "Ezboo webstats, posiblemente la 3.0.3, permite a atacantes remotos evitar la autenticaci\u00f3n y obtener una v\u00eda de acceso mediante una petici\u00f3n directa al (1) update.php y (2) config.php." } ], "id": "CVE-2007-1043", "lastModified": "2024-11-21T00:27:22.077", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2007-02-21T17:28:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://forums.avenir-geopolitique.net/viewtopic.php?t=2674" }, { "source": "cve@mitre.org", "url": "http://osvdb.org/34181" }, { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2275" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/460325/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/22590" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32563" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://forums.avenir-geopolitique.net/viewtopic.php?t=2674" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/34181" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2275" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/460325/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/22590" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32563" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
cve-2007-6232
Vulnerability from cvelistv5
Published
2007-12-04 18:00
Modified
2024-08-07 16:02
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action.
References
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/38780 | vdb-entry, x_refsource_XF | |
https://www.exploit-db.com/exploits/4681 | exploit, x_refsource_EXPLOIT-DB | |
http://secunia.com/advisories/27875 | third-party-advisory, x_refsource_SECUNIA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T16:02:34.855Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ftp-admin-index-xss(38780)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38780" }, { "name": "4681", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/4681" }, { "name": "27875", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27875" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-11-29T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "ftp-admin-index-xss(38780)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38780" }, { "name": "4681", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/4681" }, { "name": "27875", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27875" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-6232", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ftp-admin-index-xss(38780)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38780" }, { "name": "4681", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/4681" }, { "name": "27875", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27875" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-6232", "datePublished": "2007-12-04T18:00:00", "dateReserved": "2007-12-04T00:00:00", "dateUpdated": "2024-08-07T16:02:34.855Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-1043
Vulnerability from cvelistv5
Published
2007-02-21 17:00
Modified
2024-08-07 12:43
Severity ?
EPSS score ?
Summary
Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.
References
▼ | URL | Tags |
---|---|---|
http://forums.avenir-geopolitique.net/viewtopic.php?t=2674 | x_refsource_MISC | |
http://www.securityfocus.com/archive/1/460325/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/32563 | vdb-entry, x_refsource_XF | |
http://osvdb.org/34181 | vdb-entry, x_refsource_OSVDB | |
http://securityreason.com/securityalert/2275 | third-party-advisory, x_refsource_SREASON | |
http://www.securityfocus.com/bid/22590 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T12:43:22.287Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://forums.avenir-geopolitique.net/viewtopic.php?t=2674" }, { "name": "20070215 Ezboo webstats acces to sensitive files", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/460325/100/0/threaded" }, { "name": "ezboo-update-unauthorized-access(32563)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32563" }, { "name": "34181", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/34181" }, { "name": "2275", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/2275" }, { "name": "22590", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/22590" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-02-15T00:00:00", "descriptions": [ { "lang": "en", "value": "Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://forums.avenir-geopolitique.net/viewtopic.php?t=2674" }, { "name": "20070215 Ezboo webstats acces to sensitive files", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/460325/100/0/threaded" }, { "name": "ezboo-update-unauthorized-access(32563)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32563" }, { "name": "34181", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/34181" }, { "name": "2275", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/2275" }, { "name": "22590", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/22590" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1043", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://forums.avenir-geopolitique.net/viewtopic.php?t=2674", "refsource": "MISC", "url": "http://forums.avenir-geopolitique.net/viewtopic.php?t=2674" }, { "name": "20070215 Ezboo webstats acces to sensitive files", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/460325/100/0/threaded" }, { "name": "ezboo-update-unauthorized-access(32563)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32563" }, { "name": "34181", "refsource": "OSVDB", "url": "http://osvdb.org/34181" }, { "name": "2275", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2275" }, { "name": "22590", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22590" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1043", "datePublished": "2007-02-21T17:00:00", "dateReserved": "2007-02-21T00:00:00", "dateUpdated": "2024-08-07T12:43:22.287Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-7034
Vulnerability from cvelistv5
Published
2007-02-23 01:00
Modified
2024-08-07 20:50
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/archive/1/435166/30/4680/threaded | mailing-list, x_refsource_BUGTRAQ | |
http://securityreason.com/securityalert/2285 | third-party-advisory, x_refsource_SREASON | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/26720 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T20:50:05.966Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20060525 Super Link Exchange Script v1.0", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/435166/30/4680/threaded" }, { "name": "2285", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/2285" }, { "name": "superlinkexchange-directory-sql-injection(26720)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26720" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-05-25T00:00:00", "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20060525 Super Link Exchange Script v1.0", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/435166/30/4680/threaded" }, { "name": "2285", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/2285" }, { "name": "superlinkexchange-directory-sql-injection(26720)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26720" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-7034", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20060525 Super Link Exchange Script v1.0", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/435166/30/4680/threaded" }, { "name": "2285", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2285" }, { "name": "superlinkexchange-directory-sql-injection(26720)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26720" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-7034", "datePublished": "2007-02-23T01:00:00", "dateReserved": "2007-02-22T00:00:00", "dateUpdated": "2024-08-07T20:50:05.966Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-1898
Vulnerability from cvelistv5
Published
2007-05-16 22:00
Modified
2024-08-07 13:13
Severity ?
EPSS score ?
Summary
formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.
References
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/34292 | vdb-entry, x_refsource_XF | |
http://www.netvigilance.com/advisory0026 | x_refsource_MISC | |
http://securityreason.com/securityalert/2710 | third-party-advisory, x_refsource_SREASON | |
http://www.vupen.com/english/advisories/2007/1831 | vdb-entry, x_refsource_VUPEN | |
http://www.securityfocus.com/archive/1/468644/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
http://www.securitytracker.com/id?1018063 | vdb-entry, x_refsource_SECTRACK | |
http://www.osvdb.org/34088 | vdb-entry, x_refsource_OSVDB | |
http://www.securityfocus.com/bid/23989 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T13:13:41.503Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "jetbox-formmail-mail-relay(34292)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34292" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.netvigilance.com/advisory0026" }, { "name": "2710", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/2710" }, { "name": "ADV-2007-1831", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1831" }, { "name": "20070515 Jetbox CMS version 2.1 E-Mail Injection Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/468644/100/0/threaded" }, { "name": "1018063", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1018063" }, { "name": "34088", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/34088" }, { "name": "23989", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/23989" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "jetbox-formmail-mail-relay(34292)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34292" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.netvigilance.com/advisory0026" }, { "name": "2710", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/2710" }, { "name": "ADV-2007-1831", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1831" }, { "name": "20070515 Jetbox CMS version 2.1 E-Mail Injection Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/468644/100/0/threaded" }, { "name": "1018063", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1018063" }, { "name": "34088", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/34088" }, { "name": "23989", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/23989" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1898", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "jetbox-formmail-mail-relay(34292)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34292" }, { "name": "http://www.netvigilance.com/advisory0026", "refsource": "MISC", "url": "http://www.netvigilance.com/advisory0026" }, { "name": "2710", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2710" }, { "name": "ADV-2007-1831", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1831" }, { "name": "20070515 Jetbox CMS version 2.1 E-Mail Injection Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/468644/100/0/threaded" }, { "name": "1018063", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018063" }, { "name": "34088", "refsource": "OSVDB", "url": "http://www.osvdb.org/34088" }, { "name": "23989", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23989" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1898", "datePublished": "2007-05-16T22:00:00", "dateReserved": "2007-04-09T00:00:00", "dateUpdated": "2024-08-07T13:13:41.503Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-2191
Vulnerability from cvelistv5
Published
2007-04-24 17:00
Modified
2024-08-07 13:23
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php.
References
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/33772 | vdb-entry, x_refsource_XF | |
http://www.securityfocus.com/bid/23575 | vdb-entry, x_refsource_BID | |
http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053882.html | mailing-list, x_refsource_FULLDISC | |
http://securityreason.com/securityalert/2627 | third-party-advisory, x_refsource_SREASON | |
http://osvdb.org/35315 | vdb-entry, x_refsource_OSVDB | |
http://secunia.com/advisories/24935 | third-party-advisory, x_refsource_SECUNIA | |
http://www.vupen.com/english/advisories/2007/1535 | vdb-entry, x_refsource_VUPEN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T13:23:51.024Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "freepbx-sip-xss(33772)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33772" }, { "name": "23575", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/23575" }, { "name": "20070419 XSS in freePBX 2.2.x portal\u0027s Asterisk Log tool", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053882.html" }, { "name": "2627", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/2627" }, { "name": "35315", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/35315" }, { "name": "24935", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24935" }, { "name": "ADV-2007-1535", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1535" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-04-19T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "freepbx-sip-xss(33772)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33772" }, { "name": "23575", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/23575" }, { "name": "20070419 XSS in freePBX 2.2.x portal\u0027s Asterisk Log tool", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053882.html" }, { "name": "2627", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/2627" }, { "name": "35315", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/35315" }, { "name": "24935", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24935" }, { "name": "ADV-2007-1535", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1535" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2191", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "freepbx-sip-xss(33772)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33772" }, { "name": "23575", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23575" }, { "name": "20070419 XSS in freePBX 2.2.x portal\u0027s Asterisk Log tool", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053882.html" }, { "name": "2627", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2627" }, { "name": "35315", "refsource": "OSVDB", "url": "http://osvdb.org/35315" }, { "name": "24935", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24935" }, { "name": "ADV-2007-1535", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1535" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2191", "datePublished": "2007-04-24T17:00:00", "dateReserved": "2007-04-24T00:00:00", "dateUpdated": "2024-08-07T13:23:51.024Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-2736
Vulnerability from cvelistv5
Published
2007-05-17 19:00
Modified
2024-08-07 13:49
Severity ?
EPSS score ?
Summary
PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
References
▼ | URL | Tags |
---|---|---|
https://www.exploit-db.com/exploits/3928 | exploit, x_refsource_EXPLOIT-DB | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/34305 | vdb-entry, x_refsource_XF | |
http://osvdb.org/37919 | vdb-entry, x_refsource_OSVDB | |
http://www.securityfocus.com/bid/23992 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T13:49:57.405Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "3928", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/3928" }, { "name": "achievo-index-file-include(34305)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34305" }, { "name": "37919", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/37919" }, { "name": "23992", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/23992" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "3928", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/3928" }, { "name": "achievo-index-file-include(34305)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34305" }, { "name": "37919", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/37919" }, { "name": "23992", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/23992" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2736", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "3928", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/3928" }, { "name": "achievo-index-file-include(34305)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34305" }, { "name": "37919", "refsource": "OSVDB", "url": "http://osvdb.org/37919" }, { "name": "23992", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23992" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2736", "datePublished": "2007-05-17T19:00:00", "dateReserved": "2007-05-17T00:00:00", "dateUpdated": "2024-08-07T13:49:57.405Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-4938
Vulnerability from cvelistv5
Published
2007-09-18 19:00
Modified
2024-08-07 15:17
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/25648 | vdb-entry, x_refsource_BID | |
http://securityreason.com/securityalert/3144 | third-party-advisory, x_refsource_SREASON | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/36581 | vdb-entry, x_refsource_XF | |
http://www.securityfocus.com/archive/1/479222/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
http://secunia.com/advisories/27016 | third-party-advisory, x_refsource_SECUNIA | |
http://osvdb.org/45940 | vdb-entry, x_refsource_OSVDB | |
http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt | x_refsource_MISC | |
http://www.mandriva.com/security/advisories?name=MDKSA-2007:192 | vendor-advisory, x_refsource_MANDRIVA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T15:17:27.081Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "25648", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/25648" }, { "name": "3144", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/3144" }, { "name": "mplayer-avi-file-bo(36581)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36581" }, { "name": "20070912 CAL-20070912-1 Multiple vendor produce handling AVI file vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/479222/100/0/threaded" }, { "name": "27016", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27016" }, { "name": "45940", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/45940" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt" }, { "name": "MDKSA-2007:192", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:192" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-09-13T00:00:00", "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large \"indx truck size\" and nEntriesInuse values, and a certain wLongsPerEntry value." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "25648", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/25648" }, { "name": "3144", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/3144" }, { "name": "mplayer-avi-file-bo(36581)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36581" }, { "name": "20070912 CAL-20070912-1 Multiple vendor produce handling AVI file vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/479222/100/0/threaded" }, { "name": "27016", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27016" }, { "name": "45940", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/45940" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt" }, { "name": "MDKSA-2007:192", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:192" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4938", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large \"indx truck size\" and nEntriesInuse values, and a certain wLongsPerEntry value." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "25648", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25648" }, { "name": "3144", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3144" }, { "name": "mplayer-avi-file-bo(36581)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36581" }, { "name": "20070912 CAL-20070912-1 Multiple vendor produce handling AVI file vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/479222/100/0/threaded" }, { "name": "27016", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27016" }, { "name": "45940", "refsource": "OSVDB", "url": "http://osvdb.org/45940" }, { "name": "http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt", "refsource": "MISC", "url": "http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt" }, { "name": "MDKSA-2007:192", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:192" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4938", "datePublished": "2007-09-18T19:00:00", "dateReserved": "2007-09-18T00:00:00", "dateUpdated": "2024-08-07T15:17:27.081Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }