CyberSecurityBoard
Sponsor Register Login

CVE-2007-1146

PHP remote file inclusion vulnerability in function.php in arabhost allows remote attackers to execute arbitrary PHP code via a URL in the adminfolder parameter.

Publication date: Sat, 03 Mar 2007 03:18:00 +0000


Cyber News related to CVE-2007-1146

CVE-2015-2503 - Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 ...
6 years ago
CVE-2007-1146 - PHP remote file inclusion vulnerability in function.php in arabhost allows remote attackers to execute arbitrary PHP code via a URL in the adminfolder parameter. ...
6 years ago
CVE-2019-1146 - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1147, CVE-2019-1155, ...
4 years ago
CVE-2020-0766 - An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Microsoft Store Runtime Elevation ...
3 years ago
CVE-2020-1146 - An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Microsoft Store Runtime Elevation ...
3 years ago
CVE-2005-1145 - ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in calendar.pl in CalendarScript 3.20 allows remote attackers to inject arbitrary web script or HTML via the template parameter, a different ...
16 years ago
CVE-2005-1146 - ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in the login command in calendar.pl in CalendarScript 3.21 allows remote attackers to inject arbitrary web script or HTML via the username ...
7 years ago
CVE-2009-1146 - Unspecified vulnerability in an ioctl in hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 allows ...
6 years ago
CVE-2015-1145 - The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1146. ...
6 years ago
CVE-2015-1146 - The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1145. ...
6 years ago
CVE-2011-1146 - libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) ...
2 years ago
CVE-2003-1146 - Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the dir parameter. ...
16 years ago
CVE-2002-1146 - The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to ...
16 years ago
CVE-2013-1146 - The Smart Install client functionality in Cisco IOS 12.2 and 15.0 through 15.3 on Catalyst switches allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in Smart Install packets, aka Bug ID ...
11 years ago
CVE-2017-1146 - IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure ...
7 years ago
CVE-2004-1146 - Multiple cross-site scripting (XSS) vulnerabilities in (1) main.c and (2) login.c for CVSTrac before 1.1.5 allow remote attackers to inject arbitrary HTML and web script. ...
7 years ago
CVE-2008-1146 - A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing ...
1 year ago
CVE-1999-1146 - Vulnerability in Glance and gpm programs in GlancePlus for HP-UX 9.x and earlier allows local users to access arbitrary files and gain privileges. ...
7 years ago
CVE-2000-1146 - Recourse ManTrap 1.6 allows attackers to cause a denial of service via a sequence of commands that navigate into and out of the /proc/self directory and executing various commands such as ls or pwd. ...
7 years ago
CVE-2001-1146 - AllCommerce with debugging enabled in EnGarde Secure Linux 1.0.1 creates temporary files with predictable names, which allows local users to modify files via a symlink attack. ...
7 years ago
CVE-2017-18046 - Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 2.77p1-1124 and 3.03p2-1146 devices allows remote attackers to execute arbitrary code via a long POST request to the login_action function in /cgi-bin/login_action.cgi (aka cgipage.cgi). ...
6 years ago
CVE-2006-1146 - Stack-based buffer overflow in the Cmd_Say_f function in g_cmds.c in Alien Arena 2006 Gold Edition 5.00 allows remote attackers (possibly authenticated) to execute arbitrary code by sending a long message to the server. ...
6 years ago
CVE-2018-1146 - A remote unauthenticated user can enable telnet on the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to set.cgi. When enabled the telnet session requires no password and provides root access. ...
5 years ago
CVE-2020-15602 - An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code on a vulnerable system. As the Trend Micro installer ...
4 years ago
CVE-2010-1146 - The Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem exists, does not restrict read or write access to the .reiserfs_priv directory, which allows local users to gain privileges by modifying (1) extended attributes or (2) ACLs, as ...
4 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)