CVE-2007-6130

gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions.

Publication date: Tue, 27 Nov 2007 04:46:00 +0000

Cyber News related to CVE-2007-6130

CVE-2005-4885 - Unspecified vulnerability on certain Sun StorEdge 6130 (SE6130) Controller Arrays allows remote attackers to delete data via unknown vectors. Per: http://sunsolve.sun.com/search/document.do?assetkey1-66-200971-1 ...
14 years ago

CVE-2015-2503 - Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 ...
5 years ago

CVE-2007-6130 - gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions. ...
13 years ago

CVE-2014-1978 - The application link interface in the NTT DOCOMO sp mode mail application 6100 through 6300 for Android 4.0.x and 6130 through 6700 for Android 4.1 through 4.4 writes message content to the SD card during e-mail composition, which allows attackers to ...
10 years ago

CVE-2016-6130 - Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a certain length value, aka a "double fetch" ...
6 months ago

CVE-2017-6130 - F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic. ...
7 years ago

CVE-2005-1609 - Unknown vulnerability in Sun StorEdge 6130 Arrays (SE6130) with serial numbers between 0451AWF00G and 0513AWF00J allows local users and remote attackers to delete data. ...
6 years ago

CVE-2006-4773 - Sun StorEdge 6130 Array Controllers with firmware 06.12.10.11 and earlier allow remote attackers to cause a denial of service (controller reboot) via a flood of traffic on the LAN. ...
6 years ago

CVE-2006-6130 - Apple Mac OS X AppleTalk allows local users to cause a denial of service (kernel panic) by calling the AIOCREGLOCALZN ioctl command with a crafted data structure on an AppleTalk socket. ...
6 years ago

CVE-2008-6130 - Cross-site scripting (XSS) vulnerability in index.php in moziloWiki 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) action and (2) page parameters. ...
6 years ago

CVE-2012-6130 - Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link. ...
6 years ago

CVE-2014-6130 - The IBM Notes Traveler application before 9.0.1.3 for Android lacks a warning message during selection of an HTTP session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which ...
6 years ago

CVE-2015-6130 - Integer underflow in Uniscribe in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows remote attackers to execute arbitrary code via a crafted font, aka "Windows Integer Underflow Vulnerability." ...
5 years ago

CVE-2018-6130 - Incorrect handling of object lifetimes in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. ...
5 years ago

CVE-2019-6130 - Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c. ...
3 years ago

CVE-2020-6130 - SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page MassDropSessionSet.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP ...
2 years ago

CVE-2024-6130 - The Form Maker by 10Web WordPress plugin before 1.15.26 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability ...
4 days ago

CVE-2013-6078 - The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager (DPM) 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm, which makes it easier for context-dependent attackers to ...
10 years ago

CVE-2011-1892 - Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management ...
5 years ago

CVE-2015-0085 - Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 Gold and SP1, Word 2013 Gold and SP1, Office 2013 RT Gold ...
5 years ago

CVE-2016-0012 - Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, ...
5 years ago

CVE-2007-4246 - Unspecified vulnerability, possibly a buffer overflow, in Justsystem Ichitaro 2007 and earlier allows remote attackers to execute arbitrary code via a modified document, as actively exploited in August 2007 by malware such as Tarodrop.D (Tarodrop.Q), ...
6 years ago

CVE-2007-0222 - Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably "\.." sequences in the beanId parameter. NOTE: this is ...
5 years ago

CVE-2007-2135 - The ADI_BINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FND_DOCUMENTS table via the ADI_DISPLAY_REPORT function, when passed a certain parameter. NOTE: due to lack of details from ...
5 years ago

CVE-2007-2170 - The APPLSYS.FND_DM_NODES package in Oracle E-Business Suite does not check for valid sessions, which allows remote attackers to delete arbitrary nodes. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other ...
5 years ago

Latest Cyber News

CVE-2024-6505 - 1 hour ago
CVE-2024-6426 - 1 hour ago
CVE-2024-39022 - 2 hours ago
CVE-2024-39020 - 2 hours ago
CVE-2024-39019 - 2 hours ago
CVE-2024-34361 - 2 hours ago
CVE-2024-39696 - 2 hours ago
CVE-2024-39691 - 2 hours ago
CVE-2024-39689 - 2 hours ago
CVE-2024-39023 - 2 hours ago
CVE-2024-39021 - 2 hours ago
CVE-2024-39475 - 3 hours ago
CVE-2024-39687 - 3 hours ago
CVE-2024-39321 - 3 hours ago
CVE-2024-39174 - 3 hours ago
CVE-2024-37903 - 3 hours ago
CVE-2020-36825 - 3 hours ago
CVE-2024-28593 - 3 hours ago
CVE-2024-2567 - 3 hours ago
CVE-2024-23492 - 3 hours ago

Cyber Trends (last 7 days)

Okta - 7 months ago
23andMe - 7 months ago
Kimsuky - 7 months ago
LogoFAIL - 6 months ago
Gh0st rat - 7 months ago

Trending Cyber News (last 7 days)

CVE-2024-39687 - 3 hours ago
CVE-2024-39321 - 3 hours ago
CVE-2024-39174 - 3 hours ago
CVE-2024-37903 - 3 hours ago
CVE-2024-39022 - 2 hours ago
CVE-2024-39020 - 2 hours ago
CVE-2024-39019 - 2 hours ago
CVE-2024-34361 - 2 hours ago
CVE-2024-39696 - 2 hours ago
CVE-2024-39691 - 2 hours ago
CVE-2024-39689 - 2 hours ago
CVE-2024-39023 - 2 hours ago
CVE-2024-39021 - 2 hours ago
CVE-2024-39210 - 5 hours ago
CVE-2024-37768 - 5 hours ago
CVE-2024-29319 - 5 hours ago
CVE-2024-29318 - 5 hours ago
CVE-2024-23997 - 5 hours ago
CVE-2024-37769 - 5 hours ago
CVE-2024-23998 - 5 hours ago