CyberSecurityBoard
Sponsor Register Login

CVE-2007-2317

Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier, as used by TOSMO/Mambo 4.0.12 and probably other products, allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to bb_plugins.php in (1) components/minibb/ or (2) components/com_minibb, or (3) configuration.php. NOTE: the com_minibb.php vector is already covered by CVE-2006-3690.

Publication date: Fri, 27 Apr 2007 02:19:00 +0000


Cyber News related to CVE-2007-2317

CVE-2015-2503 - Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 ...
5 years ago
CVE-2007-2317 - Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier, as used by TOSMO/Mambo 4.0.12 and probably other products, allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to ...
6 years ago
CVE-2016-7446 - Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317. ...
5 years ago
CVE-2008-1590 - JavaScriptCore in WebKit on Apple iPhone before 2.0 and iPod touch before 2.0 does not properly perform runtime garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via ...
1 year ago
CVE-2008-2317 - WebCore in Apple Safari does not properly perform garbage collection of JavaScript document elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a reference to the ...
1 year ago
CVE-2002-2317 - Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in VelociRaptor 1.0 allows remote attackers to cause a denial of service (memory consumption) via an unknown method. ...
15 years ago
CVE-2004-2317 - Information leak in Mbedthis AppWeb HTTP server 1.0 through 1.1.2 allows remote attackers to obtain sensitive information via a user message that is generated when Mbedthis denies access. ...
15 years ago
CVE-2005-2317 - Shorewall 2.4.x before 2.4.1, 2.2.x before 2.2.5, and 2.0.x before 2.0.17, when MACLIST_TTL is greater than 0 or MACLIST_DISPOSITION is set to ACCEPT, allows remote attackers with an accepted MAC address to bypass other firewall rules or policies. ...
15 years ago
CVE-2010-2317 - Multiple SQL injection vulnerabilities in WmsCms 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search, (2) sbr, (3) pid, (4) sbl, and (5) FilePath parameters to default.asp; and the (6) sbr, (7) pr, and (8) ...
14 years ago
CVE-2012-2317 - The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in the php5 package before 5.3.3-7+squeeze4 in Debian GNU/Linux squeeze, the php5 package before 5.3.2-1ubuntu4.17 in Ubuntu 10.04 LTS, and the php5 package before 5.3.5-1ubuntu7.10 in ...
11 years ago
CVE-2013-2317 - The Sleipnir Mobile application 2.9.1 and earlier and Sleipnir Mobile Black Edition application 2.9.1 and earlier for Android allow remote attackers to spoof the address bar via vectors involving the opening of a new window. ...
11 years ago
CVE-2014-2317 - SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. NOTE: some of these details are obtained from third party information. ...
10 years ago
CVE-2011-2317 - Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect integrity, related to Enterprise Infrastucture SEC (JDNET). ...
8 years ago
CVE-2009-2317 - The Axesstel MV 410R has a certain default administrator password, and does not force a password change, which makes it easier for remote attackers to obtain access. ...
5 years ago
CVE-2006-2317 - Unspecified vulnerability in Ideal Science Ideal BB 1.5.4a and earlier allows remote attackers to read arbitrary files under the web root via unspecified attack vectors related to the OpenTextFile method in Scripting.FileSystemObject. ...
5 years ago
CVE-2015-2317 - The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a ...
5 years ago
CVE-2016-2317 - Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) ...
5 years ago
CVE-2017-2317 - A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause denials of services to underlying database tables ...
4 years ago
CVE-2019-2317 - The secret key used to make the Initial Sequence Number in the TCP SYN packet could be brute forced and therefore can be predicted in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon ...
4 years ago
CVE-2021-2317 - Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console). The supported version that is affected is Prior to 1.4. Easily exploitable vulnerability allows unauthenticated ...
3 years ago
CVE-2022-2317 - The Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the registration stage due to insufficient checking of a user supplied parameter. ...
1 year ago
CVE-2023-2317 - DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora main window via loading typora://app/typemark/updater/update.html in ...
10 months ago
CVE-2020-2317 - Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post ...
8 months ago
CVE-2018-2317 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none ...
54 years ago Tenable.com
CVE-2024-2317 - A vulnerability was found in Bdtask Hospital AutoManager up to 20240227 and classified as problematic. This issue affects some unknown processing of the file /prescription/prescription/delete/ of the component Prescription Page. The manipulation ...
3 months ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)