NVD-CWE-Other

CVE-2007-0623

February 26, 2023 by

SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows remote attackers to execute arbitrary SQL commands via the startrow parameter.

CVE-2007-0624

February 26, 2023 by

user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the full path via a ‘ (quote) character, and possibly other invalid values, in the uname parameter in a userinfo operation.

nxconfigure.sh in NoMachine NX Server before 2.1.0-18 does not validate the invoking user, which allows local users to modify server configuration keys in /usr/NX/etc/server.cfg, resulting in an unspecified denial of service.

CVE-2007-0627

February 26, 2023 by

Michael Still gtalkbot before 1.2 places username and password arguments on the command line, which allows local users to obtain sensitive information by listing the process.

CVE-2007-0628

February 26, 2023 by

Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the (1) goto or (2) gx-charset parameter. NOTE: some of these details are obtained from third party information.

CVE-2007-0629

February 26, 2023 by

The www_purgeList method in Plain Black WebGUI before 7.3.8 does not properly check user permissions, which allows attackers to delete unauthorized assets. NOTE: some of these details are obtained from third party information.