CVE-2007-1019

SQL injection vulnerability in news.php in webSPELL 4.01.02, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the showonly parameter to index.php, a different vector than CVE-2006-5388. Successful exploitation e.g. allows retrieval of password hashes, but requires that "register_globals" is enabled.

Publication date: Wed, 21 Feb 2007 17:28:00 +0000

Cyber News related to CVE-2007-1019

CVE-2015-2503 - Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 ...
6 years ago

CVE-2007-1163 - SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783. ...
7 years ago

CVE-2007-1019 - SQL injection vulnerability in news.php in webSPELL 4.01.02, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the showonly parameter to index.php, a different vector than CVE-2006-5388. Successful ...
7 years ago

CVE-2018-0990 - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This ...
4 years ago

CVE-2018-0993 - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This ...
4 years ago

CVE-2018-0979 - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This ...
4 years ago

CVE-2018-0995 - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This ...
4 years ago

CVE-2018-0994 - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This ...
4 years ago

CVE-2018-0980 - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This ...
4 years ago

CVE-2018-1019 - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This ...
4 years ago

CVE-2014-8142 - Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call ...
8 years ago

CVE-2016-1015 - Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code by overriding NetConnection object properties to leverage an unspecified ...
2 years ago

CVE-2021-1019 - In snoozeNotification of NotificationListenerService.java, there is a possible permission confusion due to a misleading user consent dialog. This could lead to local escalation of privilege with User execution privileges needed. User interaction is ...
2 years ago

CVE-2010-1019 - SQL injection vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. ...
14 years ago

CVE-2012-1019 - Multiple cross-site scripting (XSS) vulnerabilities in XWiki Enterprise 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) XWiki.XWikiComments_comment parameter to xwiki/bin/commentadd/Main/WebHome, (2) ...
12 years ago

CVE-1999-1019 - SpectroSERVER in Cabletron Spectrum Enterprise Manager 5.0 installs a directory tree with insecure permissions, which allows local users to replace a privileged executable (processd) with a Trojan horse, facilitating a root or Administrator ...
8 years ago

CVE-2002-1019 - The library feature for Adobe Content Server 3.0 allows a remote attacker to check out an eBook for an arbitrary length of time via a modified loanMin parameter to download.asp. ...
8 years ago

CVE-2005-1019 - Buffer overflow in the getConfig function in Aeon 0.2a and earlier allows local users to gain privileges via a long HOME environment variable. ...
7 years ago

CVE-2006-1019 - Cross-site scripting (XSS) vulnerability in fce.php in UKiBoard 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a BBCode url tag when using the show_post function. NOTE: the provenance of this information is unknown; the ...
7 years ago

CVE-2009-1019 - Unspecified vulnerability in the Network Authentication component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. ...
7 years ago

CVE-2013-1019 - Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. ...
7 years ago

CVE-2000-1019 - Search engine in Ultraseek 3.1 and 3.1.10 (aka Inktomi Search) allows remote attackers to cause a denial of service via a malformed URL. ...
7 years ago

CVE-2001-1019 - Directory traversal vulnerability in view_item CGI program in sglMerchant 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTML_FILE parameter. ...
7 years ago

CVE-2008-1019 - Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted PICT image file, related to an improperly terminated memory copy loop. ...
6 years ago

CVE-2004-1019 - The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, ...
6 years ago

Latest Cyber News

CVE-2025-24982 - 1 day ago
CVE-2025-22475 - 1 day ago
CVE-2025-1003 - 1 day ago
CVE-2025-0148 - 1 day ago
CVE-2025-24957 - 1 day ago
CVE-2025-24958 - 1 day ago
CVE-2025-22129 - 1 day ago
CVE-2025-23210 - 1 day ago
CVE-2025-24029 - 1 day ago
CVE-2025-24371 - 1 day ago
CVE-2025-24901 - 1 day ago
CVE-2025-24902 - 1 day ago
CVE-2025-24905 - 1 day ago
CVE-2025-24906 - 1 day ago
CVE-2024-35177 - 1 day ago
CVE-2024-47770 - 1 day ago
CVE-2025-24960 - 1 day ago
CVE-2025-24961 - 1 day ago
CVE-2025-24962 - 1 day ago
CVE-2025-22918 - 1 day ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

CVE-2024-20141 - 2 days ago
CVE-2024-20142 - 2 days ago
CVE-2024-20147 - 2 days ago
CVE-2025-20631 - 2 days ago
CVE-2025-20632 - 2 days ago
CVE-2025-20633 - 2 days ago
CVE-2025-20634 - 2 days ago
CVE-2025-20635 - 2 days ago
CVE-2025-20636 - 2 days ago
CVE-2025-20637 - 2 days ago
CVE-2025-20638 - 2 days ago
CVE-2025-20639 - 2 days ago
CVE-2025-20640 - 2 days ago
CVE-2025-20641 - 2 days ago
CVE-2025-20642 - 2 days ago
CVE-2025-20643 - 2 days ago
CVE-2025-25062 - 2 days ago
CVE-2025-25063 - 2 days ago
CVE-2024-57966 - 2 days ago
CVE-2024-13347 - 2 days ago