CVE-2007-1136

index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to execute arbitrary code via shell metacharacters in an exec function call. NOTE: some sources have referred to this as eval injection in the param parameter, but CVE source inspection suggests that this is erroneous.

Publication date: Sat, 03 Mar 2007 03:18:00 +0000

Cyber News related to CVE-2007-1136

CVE-2023-52464 - In the Linux kernel, the following vulnerability has been resolved: ...
7 months ago

CVE-2015-2503 - Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 ...
5 years ago

CVE-2007-1136 - index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to execute arbitrary code via shell metacharacters in an exec function call. NOTE: some sources have referred to this as eval injection in the param parameter, but CVE source ...
13 years ago

CVE-2009-1136 - The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 ...
5 years ago

CVE-2020-1028 - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1126, CVE-2020-1136, CVE-2020-1150. ...
3 years ago

CVE-2020-1150 - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1028, CVE-2020-1126, CVE-2020-1136. ...
3 years ago

CVE-2020-1136 - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1028, CVE-2020-1126, CVE-2020-1150. ...
3 years ago

CVE-2020-1126 - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1028, CVE-2020-1136, CVE-2020-1150. ...
3 years ago

CVE-2013-1136 - The crypto engine process in Cisco IOS on Aggregation Services Router (ASR) Route Processor 2 does not properly manage memory, which allows local users to cause a denial of service (route processor crash) by creating multiple tunnels and then ...
11 years ago

CVE-2016-1136 - Cross-site scripting (XSS) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. ...
8 years ago

CVE-2005-1136 - Simple PHP Blog (sphpBlog) 0.4.0 stores the (1) password.txt and (2) config.txt files under the web document root, which allows remote attackers to obtain sensitive information and crack passwords via a direct request to these files. ...
7 years ago

CVE-2003-1136 - Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook 1.51 allows remote attackers to inject arbitrary web script or HTML via (1) HTML in a posted message or (2) Javascript in an onmouseover attribute in an e-mail address or URL. ...
7 years ago

CVE-2004-1136 - Buffer overflow in CuteFTP Professional 6.0, and possibly other versions, allows remote FTP servers to cause a denial of service (application crash) via large replies to FTP commands. ...
7 years ago

CVE-2010-1136 - The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to "persistent login," probably due to the generation of predictable cookies based on the IP address and User ...
7 years ago

CVE-1999-1136 - Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5 and earlier, allows attackers to compromise data transfer for Predictive messages (using e-mail or modem) between customer and Response Center Predictive systems. ...
6 years ago

CVE-2000-1136 - elvis-tiny before 1.4-10 in Debian GNU/Linux, and possibly other Linux operating systems, allows local users to overwrite files of other users via a symlink attack. ...
6 years ago

CVE-2001-1136 - The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to cause a denial of service. ...
6 years ago

CVE-2006-1136 - Buffer overflow in the PostScript file interpreter code for Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allows attackers to cause a denial of service via unknown vectors. ...
6 years ago

CVE-2008-1136 - The Utils::runScripts function in src/utils.cpp in vdccm 0.92 through 0.10.0 in SynCE (SynCE-dccm) allows remote attackers to execute arbitrary commands via shell metacharacters in a certain string to TCP port 5679. ...
5 years ago

CVE-2015-1136 - Use-after-free vulnerability in CoreAnimation in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code by leveraging improper use of a mutex. <a href"http://cwe.mitre.org/data/definitions/416.html" ...
5 years ago

CVE-2018-1136 - An issue was discovered in Moodle 3.x. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security ...
5 years ago

CVE-2011-1136 - In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file. ...
4 years ago

CVE-2019-1136 - An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. ...
4 years ago

CVE-2021-1136 - Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to ...
3 years ago

CVE-2022-1136 - Use after free in Tab Strip in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific set of user gestures. ...
1 year ago

Latest Cyber News

CVE-2024-47326 - 2 hours ago
CVE-2024-9553 - 2 hours ago
CVE-2024-47355 - 2 hours ago
CVE-2024-47352 - 2 hours ago
CVE-2024-47349 - 2 hours ago
CVE-2024-47348 - 2 hours ago
CVE-2024-47347 - 2 hours ago
CVE-2024-47346 - 2 hours ago
CVE-2024-47345 - 2 hours ago
CVE-2024-47343 - 2 hours ago
CVE-2024-47342 - 2 hours ago
CVE-2024-47341 - 2 hours ago
CVE-2024-47340 - 2 hours ago
CVE-2024-47339 - 2 hours ago
CVE-2024-47336 - 2 hours ago
CVE-2024-47333 - 2 hours ago
CVE-2024-47332 - 2 hours ago
CVE-2024-47329 - 2 hours ago
CVE-2024-47327 - 2 hours ago
CVE-2024-47368 - 3 hours ago

Cyber Trends (last 7 days)

Okta - 10 months ago
23andMe - 10 months ago
Kimsuky - 10 months ago
LogoFAIL - 9 months ago
Gh0st rat - 10 months ago

Trending Cyber News (last 7 days)

CVE-2024-47368 - 3 hours ago
CVE-2024-47367 - 3 hours ago
CVE-2024-47366 - 3 hours ago
CVE-2024-47364 - 3 hours ago
CVE-2024-47363 - 3 hours ago
CVE-2024-47360 - 3 hours ago
CVE-2024-47357 - 3 hours ago
CVE-2024-47356 - 3 hours ago
CVE-2024-9552 - 3 hours ago
CVE-2024-9551 - 3 hours ago
CVE-2024-47365 - 3 hours ago
CVE-2024-47326 - 2 hours ago
CVE-2024-9553 - 2 hours ago
CVE-2024-47355 - 2 hours ago
CVE-2024-47352 - 2 hours ago
CVE-2024-47349 - 2 hours ago
CVE-2024-47348 - 2 hours ago
CVE-2024-47347 - 2 hours ago
CVE-2024-47346 - 2 hours ago
CVE-2024-47345 - 2 hours ago