CVE-2007-2101

FAC Guestbook 3.01 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/gbdb.mdb. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Publication date: Wed, 18 Apr 2007 15:19:00 +0000

Cyber News related to CVE-2007-2101

CVE-2023-0645 - An out of bounds read exists in libjxl. An attacker using a specifically crafted file could cause an out of bounds read in the exif handler. We recommend upgrading to version 0.8.1 or past commit ...
1 year ago

CVE-2015-2503 - Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 ...
6 years ago

CVE-2007-2101 - FAC Guestbook 3.01 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/gbdb.mdb. NOTE: the provenance of this information is unknown; the ...
7 years ago

CVE-2021-21990 - VMware Workspace one UEM console (2102 prior to 21.2.0.8, 2101 prior to 21.1.0.14, 2011 prior to 20.11.0.27, 2010 prior to 20.10.0.16,2008 prior to 20.8.0.28, 2007 prior to 20.7.0.14,2006 prior to 20.6.0.19, 2005 prior to 20.5.0.46, 2004 prior to ...
2 years ago

CVE-2002-2101 - Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag. ...
16 years ago

CVE-2005-2101 - langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in /tmp with predictable names, which allows local users to overwrite arbitrary files. ...
16 years ago

CVE-2012-5879 - An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician (MVT) and ePO-MVT 6.5.0.2101 and earlier allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method. ...
11 years ago

CVE-2010-2101 - The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) str_word_count, and (6) str_pad functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing ...
8 years ago

CVE-2017-2101 - Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to bypass authentication to perform arbitrary operations via unspecified vectors. ...
7 years ago

CVE-2004-2101 - The sysinfo script in GeoHttpServer allows remote attackers to cause a denial of service (crash) via a long pwd parameter, possibly triggering a buffer overflow. ...
7 years ago

CVE-2012-2101 - Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network ...
7 years ago

CVE-2011-2101 - Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X do not properly restrict script, which allows attackers to execute arbitrary code via a crafted document, related to a "cross document script ...
7 years ago

CVE-2009-2101 - Directory traversal vulnerability in archive.php in TorrentVolve 1.4, when register_globals is enabled, allows remote attackers to delete arbitrary files via a .. (dot dot) in the deleteTorrent parameter. ...
7 years ago

CVE-2008-2101 - The VMware Consolidated Backup (VCB) command-line utilities in VMware ESX 3.0.1 through 3.0.3 and ESX 3.5 place a password on the command line, which allows local users to obtain sensitive information by listing the process. ...
6 years ago

CVE-2006-2101 - Directory traversal vulnerability in WinISO 5.3 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image. ...
6 years ago

CVE-2019-8372 - The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because ...
5 years ago

CVE-2015-2101 - Cross-site scripting (XSS) vulnerability in the Navigate bar in the Navigate module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. ...
5 years ago

CVE-2021-2101 - Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated ...
4 years ago

CVE-2019-2101 - In uvc_parse_standard_control of uvc_driver.c, there is a possible out-of-bound read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for ...
2 years ago

CVE-2021-26579 - A security vulnerability in HPE Unified Data Management (UDM) could allow the local disclosure of privileged information (CWE-321: Use of Hard-coded Cryptographic Key in a product). HPE has provided updates to versions 1.2009.0 and 1.2101.0 of HPE ...
2 years ago

CVE-2022-2101 - The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `file[files][]` parameter in versions up to, and including, 3.2.46 due to insufficient input sanitization and output escaping. This makes it possible for ...
2 years ago

CVE-2013-2101 - Katello has multiple XSS issues in various entities ...
1 year ago

CVE-2023-2101 - A vulnerability, which was classified as problematic, has been found in moxi624 Mogu Blog v2 up to 5.2. This issue affects the function uploadPictureByUrl of the file /mogu-picture/file/uploadPicsByUrl. The manipulation of the argument urlList leads ...
1 year ago

CVE-2020-2101 - Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which could potentially allow an attacker to use a timing attack to obtain this secret. ...
1 year ago

CVE-2016-2101 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none ...
55 years ago Tenable.com

Latest Cyber News

CVE-2025-25246 - 14 hours ago
CVE-2025-1022 - 14 hours ago
CVE-2025-1025 - 14 hours ago
CVE-2025-1026 - 14 hours ago
CVE-2025-1028 - 15 hours ago
CVE-2025-23114 - 17 hours ago
CVE-2024-53966 - 19 hours ago
CVE-2025-0413 - 19 hours ago
CVE-2024-53962 - 19 hours ago
CVE-2024-53963 - 19 hours ago
CVE-2024-53964 - 19 hours ago
CVE-2024-53965 - 19 hours ago
CVE-2023-39943 - 20 hours ago
CVE-2023-40222 - 20 hours ago
CVE-2024-11467 - 20 hours ago
CVE-2024-11468 - 20 hours ago
CVE-2024-48445 - 20 hours ago
CVE-2024-8125 - 21 hours ago
CVE-2024-13722 - 21 hours ago
CVE-2024-13723 - 21 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

CVE-2024-13114 - 1 day ago
CVE-2024-13115 - 1 day ago
CVE-2024-13325 - 1 day ago
CVE-2024-13326 - 1 day ago
CVE-2024-13327 - 1 day ago
CVE-2024-13328 - 1 day ago
CVE-2024-13329 - 1 day ago
CVE-2024-13330 - 1 day ago
CVE-2024-13331 - 1 day ago
CVE-2024-13332 - 1 day ago
CVE-2025-0368 - 1 day ago
CVE-2025-0466 - 1 day ago
CVE-2024-12597 - 1 day ago
CVE-2024-13607 - 1 day ago
CVE-2024-10237 - 1 day ago
CVE-2024-10238 - 1 day ago
CVE-2024-10239 - 1 day ago
CVE-2024-12046 - 1 day ago
CVE-2024-13514 - 1 day ago
CVE-2025-20881 - 1 day ago