CVE-2002-2217

CVE-2002-2217 - Multiple PHP remote file inclusion vulnerabilities in Web Server Creator - Web Portal (WSC-WebPortal) 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) l parameter to customize.php or the (2) pg parameter to index.php. ...
7 years ago

CVE-2002-0192 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-0193, CVE-2002-1564. Reason: This candidate was published with a description that identified a different vulnerability than what was identified in the original authoritative ...
55 years ago Tenable.com

CVE-2021-29281 - File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin which is affected by CVE-2014-2217, and CVE-2017-11317. ...
2 years ago

CVE-2021-2217 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via ...
3 years ago

CVE-2005-2217 - Dansie Shopping Cart stores the vars.dat file under the web root with insufficient access control, which might allow remote attackers to obtain sensitive information such as program variables. ...
16 years ago

CVE-2006-2217 - SQL injection vulnerability in index.php in Invision Power Board allows remote attackers to execute arbitrary SQL commands via the pid parameter in a reputation action. NOTE: the provenance of this information is unknown; the details are obtained ...
16 years ago

CVE-2010-2217 - Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, allows attackers to execute arbitrary code via unspecified vectors, related to a "JS method vulnerability." ...
13 years ago

CVE-2014-2217 - Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via a full pathname ...
10 years ago

CVE-2016-2217 - The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret. ...
7 years ago

CVE-2004-2217 - Multiple unknown vulnerabilities in yhttpd in yChat before 0.7 allow remote attackers to cause a denial of service (segmentation fault) via unknown vectors. ...
7 years ago

CVE-2009-2217 - Cross-site scripting (XSS) vulnerability in NBBC before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via an invalid URL in a BBCode img tag. ...
7 years ago

CVE-2011-2217 - Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware ...
7 years ago

CVE-2008-2217 - Directory traversal vulnerability in cm/graphie.php in Content Management System 0.6.1 for Phprojekt allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cm_imgpath parameter. ...
7 years ago

CVE-2012-2217 - The HTC IQRD service for Android on the HTC EVO 4G before 4.67.651.3, EVO Design 4G before 2.12.651.5, Shift 4G before 2.77.651.3, EVO 3D before 2.17.651.5, EVO View 4G before 2.23.651.1, Vivid before 3.26.502.56, and Hero does not restrict localhost ...
7 years ago

CVE-2015-2217 - Multiple cross-site scripting (XSS) vulnerabilities in Ultimate PHP Board (aka myUPB) before 2.2.8 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to search.php or (2) avatar parameter to profile.php. ...
6 years ago

CVE-2007-2217 - Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) ...
6 years ago

CVE-2013-2217 - cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/. ...
5 years ago

CVE-2017-2217 - Open redirect vulnerability in WordPress Download Manager prior to version 2.9.51 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. ...
4 years ago

CVE-2019-2217 - In setCpuVulkanInUse of GpuStats.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for ...
3 years ago

CVE-2022-2217 - Cross-site Scripting (XSS) - Generic in GitHub repository ionicabizau/parse-url prior to 7.0.0. ...
2 years ago

CVE-2023-2217 - A vulnerability, which was classified as critical, was found in SourceCodester Task Reminder System 1.0. This affects an unknown part of the file /admin/reminders/manage_reminder.php. The manipulation of the argument id leads to sql injection. It is ...
1 year ago

CVE-2020-2217 - Jenkins Compatibility Action Storage Plugin 1.0 and earlier does not escape the content coming from the MongoDB in the testConnection form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability. ...
1 year ago

CVE-2018-2217 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none ...
55 years ago Tenable.com

CVE-2024-2217 - gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the `config.json` file. This vulnerability is present in both authenticated and unauthenticated versions of the application, enabling attackers to ...
11 months ago Tenable.com

CVE-2025-2217 - A vulnerability, which was classified as critical, was found in zzskzy Warehouse Refinement Management System 1.3. This affects the function ProcessRequest of the file /getAdyData.ashx. The manipulation of the argument showid leads to sql injection. ...
3 weeks ago