CVE-2007-1949

CVE-2021-44054 - An open redirect vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this ...
2 years ago

CVE-2021-38693 - A path traversal vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, QTS, QVR Pro Appliance. If exploited, this vulnerability allows attackers to read the contents of unexpected files and expose sensitive data. We have ...
2 years ago

CVE-2015-2503 - Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 ...
6 years ago

CVE-2007-1949 - Session fixation vulnerability in WebBlizzard CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. ...
6 years ago

CVE-2011-1949 - Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than ...
6 years ago

CVE-2021-1949 - Possible integer overflow due to improper check of batch count value while sanitizer is enabled in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, ...
1 year ago

CVE-2002-1949 - The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote attackers to sniff the administrative password. ...
16 years ago

CVE-2010-1949 - SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php. NOTE: some of these details are obtained from third ...
14 years ago

CVE-2013-1949 - Social Media Widget (social-media-widget) plugin 4.0 for WordPress contains an externally introduced modification (Trojan Horse), which allows remote attackers to force the upload of arbitrary files. ...
11 years ago

CVE-2005-1949 - The eping_validaddr function in functions.php for the ePing plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the eping_host parameter. ...
8 years ago

CVE-2016-1949 - Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use ...
8 years ago

CVE-2015-1949 - The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands with SYSTEM privileges via unspecified vectors. ...
8 years ago

CVE-2004-1949 - SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via (1) the sif parameter to index.php in the Comments module or (2) timezoneoffset parameter to changeinfo.php in the Your_Account module. ...
7 years ago

CVE-2006-1949 - SQL injection vulnerability in plexcart.pl in NicPlex PlexCart X3 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. ...
7 years ago

CVE-2009-1949 - import_wbb1.php in Unclassified NewsBoard (UNB) 1.6.4 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message. ...
7 years ago

CVE-2012-1949 - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or ...
7 years ago

CVE-2008-1949 - The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to ...
6 years ago

CVE-2018-1949 - IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 153429. ...
5 years ago

CVE-2020-1949 - Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks. ...
5 years ago

CVE-2021-44051 - A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following ...
2 years ago

CVE-2021-44053 - A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in ...
2 years ago

CVE-2019-1949 - A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an ...
2 years ago

CVE-2023-1949 - A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the file change-password.php of the component Change Password Handler. The manipulation of the argument ...
1 year ago

CVE-2014-1949 - GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button. ...
1 year ago

CVE-2022-1949 - An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote ...
1 year ago