CVE-2007-2350

admin/config.php in the music-on-hold module in freePBX 2.2.x allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the del parameter.

Publication date: Tue, 01 May 2007 03:19:00 +0000

Cyber News related to CVE-2007-2350

CVE-2015-2503 - Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 ...
5 years ago

CVE-2007-2350 - admin/config.php in the music-on-hold module in freePBX 2.2.x allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the del parameter. ...
13 years ago

CVE-2006-2350 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-2344. Reason: This candidate is a duplicate of CVE-2006-2344. Notes: All CVE users should reference CVE-2006-2344 instead of this candidate. All references and descriptions in ...
54 years ago Tenable.com

CVE-2009-2350 - Microsoft Internet Explorer 6.0.2900.2180 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh ...
5 years ago

CVE-2022-29962 - The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. FTP has hardcoded credentials (but may often be disabled in production). This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: ...
1 year ago

CVE-2022-29963 - The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. TELNET on port 18550 provides access to a root shell via hardcoded credentials. This affects S-series, P-series, and CIOC/EIOC nodes. ...
1 year ago

CVE-2022-29964 - The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350. ...
1 year ago

CVE-2022-29965 - The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Access to privileged operations on the maintenance port TELNET interface (23/TCP) on M-series and SIS (CSLS/LSNB/LSNG) nodes is ...
1 year ago

CVE-2002-2350 - Cross-site scripting (XSS) vulnerability in z_user_show.php in dbtreelistproperty_method.php in Zorum 2.4 allows remote attackers to inject arbitrary web script or HTML via the class parameter. ...
15 years ago

CVE-2014-2350 - Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program. ...
10 years ago

CVE-2015-2350 - Cross-site request forgery (CSRF) vulnerability in MikroTik RouterOS 5.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request in the status page to /cfg. ...
8 years ago

CVE-2016-2350 - Multiple cross-site scripting (XSS) vulnerabilities on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) getimageajax.php, (2) ...
8 years ago

CVE-2004-2077 - Nadeo Game Engine for Nadeo TrackMania and Nadeo Virtual Skipper 3 allows remote attackers to cause a denial of service (server crash) via malformed data to TCP port 2350, possibly due to long values or incorrect size fields. ...
6 months ago

CVE-2004-2350 - SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to execute arbitrary SQL and gain privileges via the search_results parameter. ...
6 years ago

CVE-2008-2350 - Directory traversal vulnerability in highlight.php in bcoos 1.0.9 through 1.0.13 allows remote attackers to read arbitrary files via (1) .. (dot dot) or (2) C: folder sequences in the file parameter. ...
6 years ago

CVE-2010-2350 - Heap-based buffer overflow in the PNG decoder in Ziproxy 3.1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNG file. ...
6 years ago

CVE-2017-2350 - An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same ...
5 years ago

CVE-2013-2350 - Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1897. ...
4 years ago

CVE-2005-2350 - Cross-site scripting (XSS) vulnerability in websieve v0.62 allows remote attackers to inject arbitrary web script or HTML code in the web user interface. ...
4 years ago

CVE-2012-2350 - pam_shield before 0.9.4: Default configuration does not perform protective action ...
4 years ago

CVE-2011-2350 - The HTML parser in Google Chrome before 12.0.742.112 does not properly address "lifetime and re-entrancy issues," which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. ...
4 years ago

CVE-2021-2350 - Vulnerability in the Hyperion Essbase Administration Services product of Oracle Essbase (component: EAS Console). Supported versions that are affected are 11.1.2.4 and 21.2. Easily exploitable vulnerability allows unauthenticated attacker with ...
2 years ago

CVE-2022-2350 - The Disable User Login WordPress plugin through 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated attackers to block (or unblock) users at will. ...
11 months ago

CVE-2023-2350 - A vulnerability classified as problematic was found in SourceCodester Service Provider Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php. The manipulation of the argument id leads to ...
8 months ago

CVE-2018-2350 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none ...
54 years ago Tenable.com

Latest Cyber News

CVE-2024-6440 - 2 hours ago
CVE-2024-6439 - 2 hours ago
CVE-2024-6438 - 2 hours ago
CVE-2024-6264 - 2 hours ago
CVE-2024-6099 - 2 hours ago
CVE-2024-6088 - 2 hours ago
CVE-2024-4268 - 2 hours ago
CVE-2024-34593 - 3 hours ago
CVE-2024-20897 - 3 hours ago
CVE-2024-20888 - 3 hours ago
CVE-2024-20894 - 3 hours ago
CVE-2024-6012 - 3 hours ago
CVE-2024-6011 - 3 hours ago
CVE-2024-34601 - 3 hours ago
CVE-2024-34600 - 3 hours ago
CVE-2024-34599 - 3 hours ago
CVE-2024-34597 - 3 hours ago
CVE-2024-34596 - 3 hours ago
CVE-2024-34595 - 3 hours ago
CVE-2024-34594 - 3 hours ago

Cyber Trends (last 7 days)

Okta - 7 months ago
23andMe - 6 months ago
Kimsuky - 7 months ago
LogoFAIL - 6 months ago
Gh0st rat - 7 months ago

Trending Cyber News (last 7 days)

CVE-2024-21466 - 22 hours ago
CVE-2024-34593 - 3 hours ago
CVE-2024-20897 - 3 hours ago
CVE-2024-20888 - 3 hours ago
CVE-2024-20894 - 3 hours ago
CVE-2024-6012 - 3 hours ago
CVE-2024-6011 - 3 hours ago
CVE-2024-34601 - 3 hours ago
CVE-2024-34600 - 3 hours ago
CVE-2024-34599 - 3 hours ago
CVE-2024-34597 - 3 hours ago
CVE-2024-34596 - 3 hours ago
CVE-2024-34595 - 3 hours ago
CVE-2024-34594 - 3 hours ago
CVE-2024-34592 - 3 hours ago
CVE-2024-34591 - 3 hours ago
CVE-2024-34590 - 3 hours ago
CVE-2024-34589 - 3 hours ago
CVE-2024-34588 - 3 hours ago
CVE-2024-34587 - 3 hours ago