CVE-2007-2143

PHP remote file inclusion vulnerability in index.php in the Be2004-2 template for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Publication date: Thu, 19 Apr 2007 15:19:00 +0000


Cyber News related to CVE-2007-2143

CVE-2024-9063 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-2143 Reason: This candidate is a reservation duplicate of CVE-2023-2143. Notes: All CVE users should reference CVE-2023-2143 instead of this candidate. All ...
4 months ago Tenable.com
CVE-2024-9899 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-2143. Reason: This candidate is a reservation duplicate of CVE-2023-2143. Notes: All CVE users should reference CVE-2023-2143 instead of this candidate. All ...
3 months ago Tenable.com
CVE-2015-2503 - Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 ...
6 years ago
CVE-2007-2143 - PHP remote file inclusion vulnerability in index.php in the Be2004-2 template for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. ...
7 years ago
CVE-2021-24042 - The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp Desktop ...
3 years ago
CVE-2002-2143 - The admin.html file in MySimple News 1.0 stores its administrative password in plaintext, which allows remote attackers to gain unauthorized access to the web server by viewing the source of admin.html. ...
16 years ago
CVE-2005-2143 - Microsoft Front Page allows attackers to cause a denial of service (crash) via a crafted style tag in a web page. ...
16 years ago
CVE-2014-2143 - The IKE implementation in Cisco IOS 15.4(1)T and earlier and IOS XE allows remote attackers to cause a denial of service (security-association drop) via crafted Main Mode packets, aka Bug ID CSCun31021. ...
10 years ago
CVE-2004-2143 - SQL injection vulnerability in the ReMOSitory Server add-on module to Mambo Portal 4.5.1 (1.09) and earlier allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in the com_remository option. ...
7 years ago
CVE-2008-2143 - Unspecified versions of Microsoft Outlook Web Access (OWA) use the Cache-Control: no-cache HTTP directive instead of no-store, which might cause web browsers that follow RFC-2616 to cache sensitive information. ...
7 years ago
CVE-2011-2143 - IBM Datacap Taskmaster Capture 8.0.1 before FP1, when Windows Authentication is enabled, allows remote attackers to obtain login access by using an incorrect password in conjunction with an account name from a different domain. ...
7 years ago
CVE-2009-2143 - PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the fs_javascript parameter. ...
7 years ago
CVE-2015-2143 - Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to hijack the authentication of users for requests that cause an unspecified impact via unknown parameters. ...
7 years ago
CVE-2006-2143 - Multiple cross-site scripting (XSS) vulnerabilities in TextFileBB 1.0.16 allow remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) color, (2) size, or (3) url bbcode tags. ...
6 years ago
CVE-2019-2143 - In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: ...
5 years ago
CVE-2017-2143 - CS-Cart Japanese Edition v4.3.10-jp-1 and earlier, CS-Cart Multivendor Japanese Edition v4.3.10-jp-1 and earlier allows remote attackers to bypass access restriction to create a request to return a customer purchased item via rma.post.php. ...
5 years ago
CVE-2018-8924 - Cross-site scripting (XSS) vulnerability in Title Tootip in Synology Office before 3.0.3-2143 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name. ...
5 years ago
CVE-2010-2143 - Directory traversal vulnerability in index.php in Symphony CMS 2.0.7 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the mode parameter. ...
4 years ago
CVE-2013-2143 - The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account. ...
3 years ago
CVE-2012-2143 - The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for ...
11 months ago
CVE-2016-2143 - The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted ...
11 months ago
CVE-2022-2143 - The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code. ...
1 year ago
CVE-2023-2143 - The Enable SVG, WebP & ICO Upload WordPress plugin through 1.0.3 does not sanitize SVG file contents, leading to a Cross-Site Scripting vulnerability. ...
1 year ago
CVE-2020-2143 - Jenkins Logstash Plugin 2.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. ...
1 year ago
CVE-2018-2143 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none ...
55 years ago Tenable.com

Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)