CyberSecurityBoard
Sponsor Register Login

CVE-2007-3983

Absolute path traversal vulnerability in the Data Dynamics DDActiveReports2.ActiveReport.2 (ActiveReports) ActiveX control in arpro2.dll in ActiveReports 2.0 Professional Edition 2.5.0.1308 (SP5 RC) allows remote attackers to create or overwrite arbitrary files via a full pathname in an argument to the SaveLayout method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Publication date: Wed, 25 Jul 2007 22:30:00 +0000


Cyber News related to CVE-2007-3983

CVE-2015-2503 - Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 ...
6 years ago
CVE-2007-3066 - Multiple PHP remote file inclusion vulnerabilities in php(Reactor) 1.2.7 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter to (1) view.inc.php, (2) users.inc.php, (3) updatecms.inc.php, and (4) ...
6 years ago
CVE-2007-3983 - Absolute path traversal vulnerability in the Data Dynamics DDActiveReports2.ActiveReport.2 (ActiveReports) ActiveX control in arpro2.dll in ActiveReports 2.0 Professional Edition 2.5.0.1308 (SP5 RC) allows remote attackers to create or overwrite ...
7 years ago
CVE-2011-4172 - Multiple cross-site scripting (XSS) vulnerabilities in KENT-WEB WEB FORUM before 5.1 allow remote attackers to inject arbitrary web script or HTML via (1) an e-mail address field or (2) a cookie, a related issue to CVE-2011-3383, CVE-2011-3983, and ...
7 years ago
CVE-2008-3983 - Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a ...
7 years ago
CVE-2008-3982 - Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a ...
7 years ago
CVE-2008-3984 - Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a ...
7 years ago
CVE-2015-3983 - The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. NOTE: this issue was ...
8 years ago
CVE-2015-1848 - The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this ...
2 years ago
CVE-2021-3983 - kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') ...
3 years ago
CVE-2010-3983 - CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote authenticated users to gain privileges via vectors involving the Program Job Server and the Program Login property. ...
14 years ago
CVE-2016-3983 - McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass malware detection by leveraging information about the parent process. ...
9 years ago
CVE-2013-3983 - The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not validate URLs in Cookie headers before using them in redirects, which has unspecified impact and remote attack vectors. ...
7 years ago
CVE-2009-3983 - Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user. ...
7 years ago
CVE-2006-3983 - PHP remote file inclusion vulnerability in editprofile.php in php(Reactor) 1.27pl1 allows remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter. ...
7 years ago
CVE-2005-3983 - Unknown vulnerability in the login page for HP Systems Insight Manager (SIM) 4.0 and 4.1, when accessed by Microsoft Internet Explorer with the MS04-025 patch, leads to a denial of service (browser hang). NOTE: although the advisory is vague, this ...
6 years ago
CVE-2019-3983 - Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary code and commands on the device due to insufficient UART protections. ...
4 years ago
CVE-2012-3983 - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly ...
4 years ago
CVE-2011-3983 - Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to cookies. ...
4 years ago
CVE-2022-3983 - The Checkout for PayPal WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site ...
2 years ago
CVE-2018-3983 - An exploitable uninitialized pointer vulnerability exists in the Word document parser of the the Atlantis Word Processor. A specially crafted document can cause an array fetch to return an uninitialized pointer and then performs some arithmetic ...
2 years ago
CVE-2023-3983 - An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection. ...
1 year ago
CVE-2017-3983 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none ...
55 years ago Tenable.com
CVE-2024-56545 - In the Linux kernel, the following vulnerability has been resolved: HID: hyperv: streamline driver probe to avoid devres issues It was found that unloading 'hid_hyperv' module results in a devres complaint: ... hv_vmbus: unregistering driver ...
5 months ago Tenable.com
CVE-2024-3983 - The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting customers via CSRF attacks ...
10 months ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)