CVE-2007-4007

PHP remote file inclusion vulnerability in index.php in Article Directory (Article Site Directory) allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

Publication date: Thu, 26 Jul 2007 05:30:00 +0000

Cyber News related to CVE-2007-4007

CVE-2015-2503 - Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 ...
5 years ago

CVE-2007-4007 - PHP remote file inclusion vulnerability in index.php in Article Directory (Article Site Directory) allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. ...
6 years ago

CVE-2021-4007 - Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent versions 3.0.1 to 3.1.2.34 start, the Python interpreter attempts to load python3.dll ...
2 years ago

CVE-2010-4007 - Oracle Mojarra uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057. ...
13 years ago

CVE-2009-4007 - Unspecified vulnerability in the NormaliseTrainConsist function in src/train_cmd.cpp in OpenTTD before 0.7.5-RC1 allows remote attackers to cause a denial of service (daemon crash) via certain game actions involving a wagon and a dual-headed engine. ...
14 years ago

CVE-2012-4007 - The mixi application before 4.3.0 for Android allows remote attackers to read potentially sensitive information in friends' comments via a crafted application that leverages the storage of these comments on an SD card. ...
11 years ago

CVE-2005-4007 - Multiple unspecified vulnerabilities in SAPID CMS before 1.2.3.03, related to newly registered users and possibly authorization checks, have unknown impact and attack vectors involving (1) mvc/controller/user_request_analysis.inc.php and (2) ...
11 years ago

CVE-2008-4007 - Unspecified vulnerability in the PeopleSoft Enterprise Components component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown ...
11 years ago

CVE-2011-4007 - Cisco IOS 15.0 and 15.1 and IOS XE 3.x do not properly handle the "set mpls experimental imposition" command, which allows remote attackers to cause a denial of service (device crash) via network traffic that triggers (1) fragmentation or (2) ...
11 years ago

CVE-2014-4007 - The SAP Upgrade tools for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. ...
10 years ago

CVE-2013-4007 - Cross-site scripting (XSS) vulnerability in adv_sw.php in the Advanced Management Module (AMM) with firmware BBET before BBET64G and BPET before BPET64G for IBM BladeCenter systems allows remote attackers to inject arbitrary web script or HTML via ...
6 years ago

CVE-2006-4007 - PHP remote file inclusion vulnerability in index.php in Knusperleicht Guestbook 3.5 allows remote attackers to execute arbitrary PHP code via a URL in the GB_PATH parameter. ...
5 years ago

CVE-2016-4007 - Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip ...
5 years ago

CVE-2018-4007 - An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the deleteConfig functionality. The program is able to delete any protected file on the system. An attacker would need local access to the machine to ...
1 year ago

CVE-2022-4007 - A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the title field of work items that allowed ...
1 year ago

CVE-2023-4007 - Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16. ...
11 months ago

CVE-2017-4007 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none ...
54 years ago Tenable.com

CVE-2024-4007 - Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured. ...
4 days ago

CVE-2013-6078 - The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager (DPM) 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm, which makes it easier for context-dependent attackers to ...
10 years ago

CVE-2011-1892 - Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management ...
5 years ago

CVE-2015-0085 - Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 Gold and SP1, Word 2013 Gold and SP1, Office 2013 RT Gold ...
5 years ago

CVE-2016-0012 - Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, ...
5 years ago

CVE-2007-4246 - Unspecified vulnerability, possibly a buffer overflow, in Justsystem Ichitaro 2007 and earlier allows remote attackers to execute arbitrary code via a modified document, as actively exploited in August 2007 by malware such as Tarodrop.D (Tarodrop.Q), ...
6 years ago

CVE-2007-0222 - Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably "\.." sequences in the beanId parameter. NOTE: this is ...
5 years ago

CVE-2007-2135 - The ADI_BINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FND_DOCUMENTS table via the ADI_DISPLAY_REPORT function, when passed a certain parameter. NOTE: due to lack of details from ...
5 years ago

Latest Cyber News

CVE-2024-39182 - 9 hours ago
CVE-2024-33862 - 9 hours ago
CVE-2023-52169 - 9 hours ago
CVE-2023-52168 - 9 hours ago
CVE-2024-6387 - 9 hours ago
CVE-2024-0986 - 9 hours ago
CVE-2023-33281 - 11 hours ago
CVE-2023-30402 - 11 hours ago
CVE-2024-6505 - 11 hours ago
CVE-2024-6426 - 11 hours ago
CVE-2024-5753 - 12 hours ago
CVE-2023-26756 - 12 hours ago
CVE-2024-39022 - 13 hours ago
CVE-2024-39020 - 13 hours ago
CVE-2024-39019 - 13 hours ago
CVE-2024-34361 - 13 hours ago
CVE-2024-39696 - 13 hours ago
CVE-2024-39691 - 13 hours ago
CVE-2024-39689 - 13 hours ago
CVE-2024-39023 - 13 hours ago

Cyber Trends (last 7 days)

Okta - 7 months ago
23andMe - 7 months ago
Kimsuky - 7 months ago
LogoFAIL - 6 months ago
Gh0st rat - 7 months ago

Trending Cyber News (last 7 days)

CVE-2024-39182 - 9 hours ago
CVE-2024-33862 - 9 hours ago
CVE-2024-5753 - 12 hours ago
CVE-2024-39687 - 14 hours ago
CVE-2024-39321 - 14 hours ago
CVE-2024-39174 - 14 hours ago
CVE-2024-37903 - 14 hours ago
CVE-2024-39022 - 13 hours ago
CVE-2024-39020 - 13 hours ago
CVE-2024-39019 - 13 hours ago
CVE-2024-34361 - 13 hours ago
CVE-2024-39696 - 13 hours ago
CVE-2024-39691 - 13 hours ago
CVE-2024-39689 - 13 hours ago
CVE-2024-39023 - 13 hours ago
CVE-2024-39021 - 13 hours ago
CVE-2024-39210 - 15 hours ago
CVE-2024-37768 - 15 hours ago
CVE-2024-29319 - 15 hours ago
CVE-2024-29318 - 15 hours ago