CyberSecurityBoard
Sponsor Register Login

CVE-2007-3239

Cross-site scripting (XSS) vulnerability in searchform.php in the AndyBlue theme before 20070607 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to index.php. NOTE: this can be leveraged for PHP code execution in an administrative session.

Publication date: Fri, 15 Jun 2007 06:30:00 +0000


Cyber News related to CVE-2007-3239

CVE-2015-2503 - Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 ...
6 years ago
CVE-2007-3239 - Cross-site scripting (XSS) vulnerability in searchform.php in the AndyBlue theme before 20070607 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to index.php. NOTE: this can be leveraged ...
6 years ago
CVE-2009-3239 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2139, CVE-2009-2140. Reason: This candidate is a duplicate of CVE-2009-2139 and CVE-2009-2140. Notes: All CVE users should reference CVE-2009-2139 and CVE-2009-2140 instead of ...
55 years ago Tenable.com
CVE-2021-3239 - E-Learning System 1.0 suffers from an unauthenticated SQL injection vulnerability, which allows remote attackers to execute arbitrary code on the hosting web server and gain a reverse shell. ...
3 years ago
CVE-2005-3239 - The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows remote attackers to cause a denial of service (segmentation fault) via a DOC file with an invalid property tree, which triggers an infinite recursion in the ole2_walk_property_tree ...
15 years ago
CVE-2013-3239 - phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of ...
11 years ago
CVE-2017-3239 - Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to ...
8 years ago
CVE-2006-3239 - SQL injection vulnerability in message.php in VBZooM 1.11 and earlier allows remote attackers to execute arbitrary SQL commands via the UserID parameter. ...
8 years ago
CVE-2011-3239 - WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability ...
7 years ago
CVE-2008-3239 - Unrestricted file upload vulnerability in the writeLogEntry function in system/v_cron_proc.php in PHPizabi 0.848b C1 HFP1, when register_globals is enabled, allows remote attackers to upload and execute arbitrary code via a filename in the ...
7 years ago
CVE-2010-3239 - Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing Vulnerability." ...
6 years ago
CVE-2016-3239 - The Print Spooler service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via vectors ...
6 years ago
CVE-2017-15418 - Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. ...
6 years ago
CVE-2017-15412 - Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. ...
6 years ago
CVE-2017-15413 - Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. ...
6 years ago
CVE-2017-15410 - Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. ...
6 years ago
CVE-2017-15411 - Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. ...
6 years ago
CVE-2017-15425 - Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. ...
6 years ago
CVE-2017-15424 - Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. ...
6 years ago
CVE-2017-15426 - Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. ...
6 years ago
CVE-2017-15408 - Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium. ...
6 years ago
CVE-2017-15409 - Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. ...
6 years ago
CVE-2017-15423 - Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512(password) by inspecting protocol traffic. ...
6 years ago
CVE-2017-15427 - Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar. ...
6 years ago
CVE-2017-15417 - Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page. ...
6 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)