CyberSecurityBoard
Sponsor Register Login

CVE-2007-2412

** DISPUTED ** Directory traversal vulnerability in modules/file.php in Seir Anphin allows remote attackers to obtain sensitive information via a .. (dot dot) in the a[filepath] parameter. NOTE: a third party has disputed this issue because the a array is populated by a database query before use.

Publication date: Tue, 01 May 2007 15:19:00 +0000


Cyber News related to CVE-2007-2412

CVE-2015-2503 - Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 ...
6 years ago
CVE-2007-2412 - ** DISPUTED ** Directory traversal vulnerability in modules/file.php in Seir Anphin allows remote attackers to obtain sensitive information via a .. (dot dot) in the a[filepath] parameter. NOTE: a third party has disputed this issue because the a ...
6 years ago
CVE-2012-2412 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4531. Reason: This candidate is a duplicate of CVE-2012-4531. Notes: All CVE users should reference CVE-2012-4531 instead of this candidate. All references and descriptions in ...
55 years ago Tenable.com
CVE-2009-2411 - Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger ...
7 years ago
CVE-2014-0451 - Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-2412. ...
2 years ago
CVE-2014-2412 - Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than ...
2 years ago
CVE-2002-2412 - Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts. ...
16 years ago
CVE-2010-2412 - Unspecified vulnerability in the OLAP component in Oracle Database Server 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. ...
14 years ago
CVE-2011-2412 - Unspecified vulnerability in HP Business Service Automation (BSA) Essentials 2.01 allows remote attackers to execute arbitrary code via unknown vectors. ...
13 years ago
CVE-2016-2412 - include/core/SkPostConfig.h in Skia, as used in System_server in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01, mishandles certain crashes, which allows attackers to gain privileges via a crafted ...
8 years ago
CVE-2004-2412 - Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 through 5.0 allow remote attackers to execute arbitrary SQL commands via the catalogid parameter in (1) shopreviewlist.asp and (2) shopreviewadd.asp. ...
7 years ago
CVE-2005-2412 - PHP remote file inclusion vulnerability in block.php in PHP FirstPost allows remote attackers to execute arbitrary PHP code via the Include parameter. ...
7 years ago
CVE-2008-2412 - SQL injection vulnerability in glossaire.php in ACGV News 0.9.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. ...
7 years ago
CVE-2015-2412 - Microsoft Internet Explorer 10 and 11 allows remote attackers to read arbitrary local files via a crafted pathname, aka "Internet Explorer Information Disclosure Vulnerability." ...
6 years ago
CVE-2006-2412 - The raydium_network_read function in network.c in Raydium SVN revision 312 and earlier allows remote attackers to cause a denial of service (application crash) via a large ID, which causes an invalid memory access (buffer over-read). ...
6 years ago
CVE-2017-2412 - An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "iTunes Store" component. It allows man-in-the-middle attackers to modify the client-server data stream to iTunes sandbox web services by ...
5 years ago
CVE-2018-2412 - SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. ...
5 years ago
CVE-2019-2412 - Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Object Store). The supported version that is affected is prior to 8.8.2. Difficult to exploit vulnerability allows high privileged ...
4 years ago
CVE-2021-2412 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple ...
3 years ago
CVE-2013-2412 - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to ...
2 years ago
CVE-2022-2412 - The Better Tag Cloud WordPress plugin through 0.99.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is ...
2 years ago
CVE-2009-2412 - Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code ...
2 years ago
CVE-2023-2412 - A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. It ...
1 year ago
CVE-2024-2412 - The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registration is supposed to be disabled. ...
4 months ago
CVE-2013-6078 - The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager (DPM) 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm, which makes it easier for context-dependent attackers to ...
10 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)