CyberSecurityBoard
Sponsor Register Login

CVE-2007-1486

PHP remote file inclusion vulnerability in template.class.php in Carbonize Lazarus Guestbook before 1.7.3 allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to admin.php, probably due to a dynamic variable evaluation vulnerability. This vulnerability has been addressed by the vendor with a product update: http://carbonize.co.uk/Lazarus/downloads.php

Publication date: Sat, 17 Mar 2007 02:19:00 +0000


Cyber News related to CVE-2007-1486

CVE-2021-47462 - In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: do not allow illegal MPOL_F_NUMA_BALANCING | MPOL_LOCAL in mbind() syzbot reported access to unitialized memory in mbind() [1] Issue came with commit bda420b98505 ...
1 year ago Tenable.com
CVE-2015-2503 - Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 ...
6 years ago
CVE-2007-1486 - PHP remote file inclusion vulnerability in template.class.php in Carbonize Lazarus Guestbook before 1.7.3 allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to admin.php, probably due to a dynamic variable ...
6 years ago
CVE-2020-1486 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1417, CVE-2020-1566. ...
3 years ago
CVE-2002-1486 - Multiple buffer overflows in the IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service and possibly execute arbitrary code via (1) a large response from the server, (2) a JOIN with a long channel ...
16 years ago
CVE-2010-1486 - Multiple cross-site scripting (XSS) vulnerabilities in _invoice.asp in CactuShop before 6.155 allow remote attackers to inject arbitrary web script or HTML via the (1) billing address or (2) shipping address. ...
15 years ago Cactus
CVE-2004-1486 - Unknown vulnerability in Serviceguard A.11.13 through A.11.16.00 and Cluster Object Manager A.01.03 and B.01.04 through B.03.00.01 on HP-UX, Serviceguard A.11.14.04 and A.11.15.04 and Cluster Object Manager B.02.01.02 and B.02.02.02 on HP Linux, ...
7 years ago
CVE-2006-1486 - Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in realestateZONE 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) bamin, (2) bemin, (3) pmin, and (4) state parameters. ...
7 years ago
CVE-2003-1486 - Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full path of the web server via an incorrect HTTP request to (1) smileys.php, (2) quick_listrss.php, (3) purge.php, (4) news.php, (5) memberlist.php, (6) forum_listrss.php, (7) ...
7 years ago
CVE-2016-1486 - A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection (AMP) feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device ...
7 years ago
CVE-2008-1486 - SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft is disabled, allows remote attackers to execute arbitrary SQL commands via the non-fulltext search. ...
7 years ago
CVE-2015-1486 - The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session. ...
7 years ago
CVE-2009-1486 - Directory traversal vulnerability in pmscript.php in Flatchat 3.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the with parameter. ...
7 years ago
CVE-1999-1486 - sadc in IBM AIX 4.1 through 4.3, when called from programs such as timex that are setgid adm, allows local users to overwrite arbitrary files via a symlink attack. ...
7 years ago
CVE-2017-1486 - IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading ...
7 years ago
CVE-2005-1486 - Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) trackingnum, (2) reqagree, or (3) m parameter to upstracking.php or (4) nlst parameter to display.php. NOTE: the ...
6 years ago
CVE-2018-16752 - LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the admin account may ...
5 years ago
CVE-2019-1486 - A spoofing vulnerability exists in Visual Studio Live Share when a guest connected to a Live Share session is redirected to an arbitrary URL specified by the session host, aka 'Visual Studio Live Share Spoofing Vulnerability'. ...
5 years ago
CVE-2014-1486 - Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving ...
4 years ago
CVE-2013-1486 - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability ...
3 years ago
CVE-2022-1486 - Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. ...
2 years ago
CVE-2011-1486 - libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same time. ...
2 years ago
CVE-2023-1486 - A vulnerability classified as problematic was found in Lespeed WiseCleaner Wise Force Deleter 1.5.3.54. This vulnerability affects the function 0x220004 in the library WiseUnlock64.sys of the component IoControlCode Handler. The manipulation leads to ...
2 years ago
CVE-2021-1486 - A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to enumerate user accounts. This vulnerability is due to the improper handling of HTTP headers. An attacker could exploit this vulnerability by sending ...
1 year ago
CVE-2024-1486 - Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices ...
1 year ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)