🚨 CVE-2007-2660
PHP remote file inclusion vulnerability in pcltrace.lib.php in the PclTar module in Vincent Blavet PhpConcept Library, as used in CJG EXPLORER PRO 3.3 and earlier and probably other products, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter. NOTE: CVE disputes this issue since there is no include statement in pcltrace.lib.php. NOTE: the pcltar.lib.php vector is already covered by CVE-2007-2199
🎖@cveNotify
PHP remote file inclusion vulnerability in pcltrace.lib.php in the PclTar module in Vincent Blavet PhpConcept Library, as used in CJG EXPLORER PRO 3.3 and earlier and probably other products, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter. NOTE: CVE disputes this issue since there is no include statement in pcltrace.lib.php. NOTE: the pcltar.lib.php vector is already covered by CVE-2007-2199
🎖@cveNotify
🚨 CVE-2007-2997
Multiple SQL injection vulnerabilities in cgi-bin/reorder2.asp in SalesCart Shopping Cart allow remote attackers to execute arbitrary SQL commands via the password field and other unspecified vectors. NOTE: the vendor disputes this issue, stating "We were able to reproduce this sql injection on an old out-of-date demo on the website but not on the released product.
🎖@cveNotify
Multiple SQL injection vulnerabilities in cgi-bin/reorder2.asp in SalesCart Shopping Cart allow remote attackers to execute arbitrary SQL commands via the password field and other unspecified vectors. NOTE: the vendor disputes this issue, stating "We were able to reproduce this sql injection on an old out-of-date demo on the website but not on the released product.
🎖@cveNotify
🚨 CVE-2007-3048
GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NOTE: multiple third parties report inability to reproduce this issue
🎖@cveNotify
GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NOTE: multiple third parties report inability to reproduce this issue
🎖@cveNotify
🚨 CVE-2023-33922
Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elementor Website Builder: from n/a through 3.13.2.
🎖@cveNotify
Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elementor Website Builder: from n/a through 3.13.2.
🎖@cveNotify
🚨 CVE-2023-52186
Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through 2.2.2.
🎖@cveNotify
Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through 2.2.2.
🎖@cveNotify
🚨 CVE-2023-51519
Missing Authorization vulnerability in Soliloquy Team Slider by Soliloquy.This issue affects Slider by Soliloquy: from n/a through 2.7.2.
🎖@cveNotify
Missing Authorization vulnerability in Soliloquy Team Slider by Soliloquy.This issue affects Slider by Soliloquy: from n/a through 2.7.2.
🎖@cveNotify
🚨 CVE-2023-51682
Missing Authorization vulnerability in ibericode MC4WP.This issue affects MC4WP: from n/a through 4.9.9.
🎖@cveNotify
Missing Authorization vulnerability in ibericode MC4WP.This issue affects MC4WP: from n/a through 4.9.9.
🎖@cveNotify
🚨 CVE-2023-52233
Missing Authorization vulnerability in Post SMTP Post SMTP Mailer/Email Log.This issue affects Post SMTP Mailer/Email Log: from n/a through 2.8.6.
🎖@cveNotify
Missing Authorization vulnerability in Post SMTP Post SMTP Mailer/Email Log.This issue affects Post SMTP Mailer/Email Log: from n/a through 2.8.6.
🎖@cveNotify
🚨 CVE-2024-23521
Missing Authorization vulnerability in Happyforms.This issue affects Happyforms: from n/a through 1.25.10.
🎖@cveNotify
Missing Authorization vulnerability in Happyforms.This issue affects Happyforms: from n/a through 1.25.10.
🎖@cveNotify
🚨 CVE-2024-32144
Missing Authorization vulnerability in Welcart Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through 2.9.14.
🎖@cveNotify
Missing Authorization vulnerability in Welcart Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through 2.9.14.
🎖@cveNotify
🚨 CVE-2024-34753
Missing Authorization vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73.
🎖@cveNotify
Missing Authorization vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73.
🎖@cveNotify
🚨 CVE-2024-34819
Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through 1.7.2.
🎖@cveNotify
Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through 1.7.2.
🎖@cveNotify
🚨 CVE-2007-3353
PHP remote file inclusion vulnerability in includes/template.php in MyEvent 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter. NOTE: a reliable third party disputes this issue, saying "the entire file is a class.
🎖@cveNotify
PHP remote file inclusion vulnerability in includes/template.php in MyEvent 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter. NOTE: a reliable third party disputes this issue, saying "the entire file is a class.
🎖@cveNotify
🚨 CVE-2007-3463
Microsoft Windows XP SP2 allows local users, who have sessions created by another user's RunAs (run as) command, to kill arbitrary processes of this other user, as demonstrated by the taskkill program. NOTE: the researcher claims a vendor dispute in which the vendor states that "RunAs and UAC are convenience features, not security boundaries. If you need a security guarantee, please log out and log back in with a different account.
🎖@cveNotify
Microsoft Windows XP SP2 allows local users, who have sessions created by another user's RunAs (run as) command, to kill arbitrary processes of this other user, as demonstrated by the taskkill program. NOTE: the researcher claims a vendor dispute in which the vendor states that "RunAs and UAC are convenience features, not security boundaries. If you need a security guarantee, please log out and log back in with a different account.
🎖@cveNotify
🚨 CVE-2007-3481
Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. NOTE: this issue has been disputed by other researchers, citing a variable scoping issue and information about the semantics of document.domain
🎖@cveNotify
Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. NOTE: this issue has been disputed by other researchers, citing a variable scoping issue and information about the semantics of document.domain
🎖@cveNotify
🚨 CVE-2007-3484
Cross-site scripting (XSS) vulnerability in search.php in Google Custom Search Engine allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this issue is disputed by the Google Security Team, who states that "Google does not provide the 'search.php' script referenced. When a user creates a custom search engine, we provide them with a block of javascript to include on their site. Some users write additional code around this block of javascript to further customize their website.
🎖@cveNotify
Cross-site scripting (XSS) vulnerability in search.php in Google Custom Search Engine allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this issue is disputed by the Google Security Team, who states that "Google does not provide the 'search.php' script referenced. When a user creates a custom search engine, we provide them with a block of javascript to include on their site. Some users write additional code around this block of javascript to further customize their website.
🎖@cveNotify
🚨 CVE-2007-3508
Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is exploitable for code execution
🎖@cveNotify
Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is exploitable for code execution
🎖@cveNotify
🚨 CVE-2007-3550
Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to fill Zones with arbitrary domains using certain metacharacters such as wildcards via JavaScript, which results in a denial of service (website suppression and resource consumption), aka "Internet Explorer Zone Domain Specification Dos and Page Suppressing". NOTE: this issue has been disputed by a third party, who states that the zone settings cannot be manipulated
🎖@cveNotify
Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to fill Zones with arbitrary domains using certain metacharacters such as wildcards via JavaScript, which results in a denial of service (website suppression and resource consumption), aka "Internet Explorer Zone Domain Specification Dos and Page Suppressing". NOTE: this issue has been disputed by a third party, who states that the zone settings cannot be manipulated
🎖@cveNotify
🚨 CVE-2007-3576
Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the "script" character sequence, using the (1) vbscript: handler for scheme names with 7 through 9 characters, and the (2) javascript: handler for scheme names with 10 or more characters, which might allow remote attackers to bypass certain XSS protection schemes. NOTE: other researchers dispute the significance of this issue, stating "this only works when typed in the address bar.
🎖@cveNotify
Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the "script" character sequence, using the (1) vbscript: handler for scheme names with 7 through 9 characters, and the (2) javascript: handler for scheme names with 10 or more characters, which might allow remote attackers to bypass certain XSS protection schemes. NOTE: other researchers dispute the significance of this issue, stating "this only works when typed in the address bar.
🎖@cveNotify
🚨 CVE-2007-3657
Mozilla Firefox 2.0.0.4 allows remote attackers to cause a denial of service by opening multiple tabs in a popup window. NOTE: this issue has been disputed by third party researchers, stating that "this does not crash on me, and I can't see a likely mechanism of action that would lead to a DoS condition.
🎖@cveNotify
Mozilla Firefox 2.0.0.4 allows remote attackers to cause a denial of service by opening multiple tabs in a popup window. NOTE: this issue has been disputed by third party researchers, stating that "this does not crash on me, and I can't see a likely mechanism of action that would lead to a DoS condition.
🎖@cveNotify
🚨 CVE-2007-3786
Cross-site request forgery (CSRF) vulnerability on the eSoft InstaGate EX2 UTM device before firmware 3.1.20070615 allows remote attackers to perform privileged actions as administrators. NOTE: the vendor disputes the distribution of the vulnerable software, stating that it was a custom build for a former customer
🎖@cveNotify
Cross-site request forgery (CSRF) vulnerability on the eSoft InstaGate EX2 UTM device before firmware 3.1.20070615 allows remote attackers to perform privileged actions as administrators. NOTE: the vendor disputes the distribution of the vulnerable software, stating that it was a custom build for a former customer
🎖@cveNotify