CVE-2007-2724

Cross-site scripting (XSS) vulnerability in all_photos.html in fotolog allows remote attackers to inject arbitrary web script or HTML via the user parameter.

Publication date: Thu, 17 May 2007 03:30:00 +0000

Cyber News related to CVE-2007-2724

CVE-2015-2503 - Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 ...
6 years ago

CVE-2013-0710 - Buffer overflow in Kingsoft Writer 2007 and 2010 before 2724 allows remote attackers to execute arbitrary code via a crafted RTF document. ...
11 years ago

CVE-2007-2724 - Cross-site scripting (XSS) vulnerability in all_photos.html in fotolog allows remote attackers to inject arbitrary web script or HTML via the user parameter. ...
6 years ago

CVE-2006-2724 - Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows remote authenticated administrators to inject arbitrary HTML or web script to other administrators via the "Admin note" feature, a different vulnerability than CVE-2006-2227. ...
7 years ago

CVE-2011-2724 - The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a ...
2 years ago

CVE-2005-2724 - Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via a file attachment that is processed by the Display feature. NOTE: the severity of this issue has been disputed by the ...
7 years ago

CVE-2004-2724 - LionMax Software Chat Anywhere 2.72a allows remote attackers to cause a denial of service (server crash and client CPU consumption) via a username beginning with percent (%) followed by a null character. ...
7 years ago

CVE-2008-2724 - Menalto Gallery before 2.2.5 does not enforce permissions for non-album items that have been protected by a password, which might allow remote attackers to bypass intended access restrictions. ...
7 years ago

CVE-2010-2724 - Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 5.x before 5.x-3.2 and 6.x before 6.x-3.2 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via ...
7 years ago

CVE-2013-2724 - Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors. ...
7 years ago

CVE-2017-2724 - Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into ...
7 years ago

CVE-2009-2724 - Race condition in the java.lang package in Sun Java SE 5.0 before Update 20 has unknown impact and attack vectors, related to a "3Y Race condition in reflection checks." ...
6 years ago

CVE-2012-2724 - The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain ...
5 years ago

CVE-2020-2724 - Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows ...
2 years ago

CVE-2018-2724 - Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable ...
5 years ago

CVE-2022-2724 - A vulnerability was found in SourceCodester Employee Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /process/aprocess.php. The manipulation of the argument mailuid leads to ...
2 years ago

CVE-2015-2724 - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and ...
1 year ago

CVE-2023-2724 - Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) ...
1 year ago

CVE-2016-2724 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none ...
55 years ago Tenable.com

CVE-2024-2724 - SQL injection vulnerability in the CIGESv2 system, through /ajaxServiciosAtencion.php, in the 'idServicio' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a ...
10 months ago

CVE-2024-38596 - In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg A data-race condition has been identified in af_unix. In one data path, the write function unix_release_sock() ...
8 months ago Tenable.com

CVE-2024-26624 - In the Linux kernel, the following vulnerability has been resolved: ...
11 months ago

CVE-2013-6078 - The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager (DPM) 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm, which makes it easier for context-dependent attackers to ...
10 years ago

CVE-2016-0012 - Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, ...
6 years ago

CVE-2011-1892 - Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management ...
6 years ago

Latest Cyber News

Google Chrome disables uBlock Origin for some in Manifest v3 rollout - 6 hours ago
CVE-2025-25282 - 6 hours ago
CVE-2025-1555 - 6 hours ago
Hackers drained $1.4 billion of cryptocurrency from Bybit exchange, CEO confirms | The Record from Recorded Future News - 8 hours ago
Auto-Generated Password Vulnerability In Sitevision Leaks Signing Key - 8 hours ago
CVE-2025-25604 - 8 hours ago
CVE-2025-25605 - 8 hours ago
CVE-2025-25767 - 8 hours ago
CVE-2025-25768 - 8 hours ago
CVE-2025-25769 - 8 hours ago
CVE-2025-25770 - 8 hours ago
CVE-2025-25772 - 8 hours ago
CVE-2020-19248 - 8 hours ago
SpyLend Android malware downloaded 100,000 times from Google Play - 9 hours ago
CVE-2025-25876 - 9 hours ago
CVE-2025-25877 - 9 hours ago
CVE-2025-25878 - 9 hours ago
CVE-2025-25765 - 9 hours ago
CVE-2025-25766 - 9 hours ago
CVE-2025-25875 - 9 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

CVE-2025-25958 - 1 day ago
CVE-2025-25960 - 1 day ago
CVE-2024-54756 - 1 day ago
CVE-2024-7131 - 1 day ago
CVE-2025-22973 - 1 day ago
CVE-2025-25662 - 1 day ago
CVE-2025-25663 - 1 day ago
CVE-2025-25664 - 1 day ago
CVE-2025-25667 - 1 day ago
CVE-2025-25668 - 1 day ago
CVE-2025-25674 - 1 day ago
CVE-2025-25675 - 1 day ago
CVE-2025-25676 - 1 day ago
CVE-2025-25678 - 1 day ago
CVE-2025-25679 - 1 day ago
CVE-2025-25957 - 1 day ago
CVE-2025-27088 - 1 day ago
CVE-2025-27100 - 1 day ago
CVE-2025-1001 - 1 day ago
CVE-2024-13235 - 23 hours ago