Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3002 | 1 Php Jackknife | 1 Php Jackknife | 2018-10-16 | 5.0 MEDIUM | N/A |
| PHP JackKnife (PHPJK) allows remote attackers to obtain sensitive information via (1) a request to index.php with an invalid value of the iParentUnq[] parameter, or a request to G_Display.php with an invalid (2) iCategoryUnq[] or (3) sSort[] array parameter, which reveals the path in various error messages. | |||||
| CVE-2007-3003 | 1 Mywebland | 1 Mybloggie | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) year parameter to index.php in a viewuser action, different vectors than CVE-2005-1500 and CVE-2005-4225. | |||||
| CVE-2007-3026 | 1 Panda | 1 Adminsecure | 2018-10-16 | 9.3 HIGH | N/A |
| Integer overflow in Panda Software AdminSecure allows remote attackers to execute arbitrary code via crafted packets with modified length values to TCP ports 19226 or 19227, resulting in a heap-based buffer overflow. | |||||
| CVE-2007-2845 | 1 Avast | 1 Avast Antivirus | 2018-10-16 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the CAB unpacker in avast! Anti-Virus Managed Client before 4.7.700 allows user-assisted remote attackers to execute arbitrary code via a crafted CAB archive, resulting from an "integer cast around". | |||||
| CVE-2007-2687 | 1 Microworld Technologies | 1 Escan | 2018-10-16 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan before 9.0.718.1 allows remote attackers to execute arbitrary code via a long command. | |||||
| CVE-2007-2782 | 1 Packeteer | 1 Packetshaper | 2018-10-16 | 7.5 HIGH | N/A |
| Packeteer PacketShaper uses fixed increments in TCP initial sequence number (ISN) values, which allows remote attackers to predict the ISN value, and perform session hijacking or disruption. | |||||
| CVE-2007-2731 | 1 Jetbox | 1 Jetbox Cms | 2018-10-16 | 4.0 MEDIUM | N/A |
| CRLF injection vulnerability in formmail.php in Jetbox CMS 2.1 might allow remote attackers to inject arbitrary e-mail headers via LF (%0A) sequences in the subject parameter, a related issue to CVE-2007-1898. | |||||
| CVE-2007-2730 | 3 Checkpoint, Comodo, Microsoft | 6 Zonealarm, Comodo Firewall Pro, Comodo Personal Firewall and 3 more | 2018-10-16 | 7.2 HIGH | N/A |
| Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier. | |||||
| CVE-2007-2847 | 1 Hlstats | 1 Hlstats | 2018-10-16 | 9.3 HIGH | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in hlstats.php in HLstats 1.35, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) authusername or (2) authpassword parameter, different vectors than CVE-2007-0840 and CVE-2007-2812. | |||||
| CVE-2007-2772 | 1 Ca | 1 Brightstor Arcserve Backup | 2018-10-16 | 7.8 HIGH | N/A |
| (1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and rwxdr.dll) in CA BrightStor Backup 11.5.2.0 SP2 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted RPC packet. | |||||
| CVE-2007-2790 | 1 Vp-asp | 1 Vp-asp Shopping Cart | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in shopcontent.asp in VP-ASP Shopping Cart 6.50, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the type parameter. | |||||
| CVE-2007-2852 | 1 Eset Software | 1 Nod32 Antivirus | 2018-10-16 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in ESET NOD32 Antivirus before 2.70.37.0 allow remote attackers to execute arbitrary code during (1) delete/disinfect or (2) rename operations via a crafted directory name. | |||||
| CVE-2007-2862 | 1 Devellion | 1 Cubecart | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow remote attackers to execute arbitrary SQL commands via an unspecified parameter to cart.inc.php and certain other files in an include directory, related to missing sanitization of the $option variable and possibly cookie modification. | |||||
| CVE-2007-2729 | 1 Comodo | 2 Comodo Firewall Pro, Comodo Personal Firewall | 2018-10-16 | 7.2 HIGH | N/A |
| Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier. | |||||
| CVE-2007-2732 | 1 Jetbox | 1 Jetbox Cms | 2018-10-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML via the (1) path parameter to view/search/; or the (2) companyname, (3) country, (4) email, (5) firstname, (6) middlename, (7) required, (8) surname, or (9) title parameter to view/supplynews/. | |||||
| CVE-2007-2783 | 1 Rational Software | 1 Hidden Administrator | 2018-10-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Rational Soft Hidden Administrator 1.7 and earlier allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors. NOTE: this issue has no actionable information, and perhaps should not be included in CVE. | |||||
| CVE-2007-2821 | 1 Wordpress | 1 Wordpress | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter. | |||||
| CVE-2007-2857 | 1 Zakkis Technology Corporation | 1 Php Excel Parser | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in sample/xls2mysql in ABC Excel Parser Pro 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the parser_path parameter. | |||||
| CVE-2007-2858 | 1 Phpbb | 1 Ip-tracking | 2018-10-16 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the IP-Search functionality in the IP-Tracking Mod for phpBB 2.0.x allows remote authenticated administrators to execute arbitrary SQL commands via the Search Query field. | |||||
| CVE-2007-2796 | 1 Arris | 1 Cadant C3 Cmts | 2018-10-16 | 7.8 HIGH | N/A |
| Arris Cadant C3 CMTS allows remote attackers to cause a denial of service (service termination) via a malformed IP packet with an invalid IP option. | |||||
| CVE-2007-2713 | 1 Ifusionservices | 1 Ifdate | 2018-10-16 | 10.0 HIGH | N/A |
| ifdate 2.x sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request for the admin/ URI. | |||||
| CVE-2007-2859 | 1 Simpgb | 1 Simpgb | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SimpGB 1.46.0 allow remote attackers to execute arbitrary PHP code via a URL in the path_simpgb parameter to (1) guestbook.php, (2) search.php, (3) mailer.php, (4) avatars.php, (5) ccode.php, (6) comments.php, (7) emoticons.php, (8) gbdownload.php, and possibly other PHP scripts. | |||||
| CVE-2007-2860 | 1 Boastmachine | 1 Boastmachine | 2018-10-16 | 6.5 MEDIUM | N/A |
| user.php in BoastMachine 3.0 platinum allows remote authenticated users to gain privileges via a modified id parameter, as demonstrated by an edit_post action. | |||||
| CVE-2007-2797 | 3 Debian, Redhat, Xterm | 3 Debian Linux, Enterprise Linux, Xterm | 2018-10-16 | 2.1 LOW | N/A |
| xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in Debian GNU/Linux, sets the wrong group ownership of tty devices, which allows local users to write data to other users' terminals. | |||||
| CVE-2007-2723 | 1 Media Player Classic | 1 Media Player Classic | 2018-10-16 | 7.1 HIGH | N/A |
| Media Player Classic 6.4.9.0 allows user-assisted remote attackers to cause a denial of service (web browser crash) via an "empty" .MPA file, which triggers a divide-by-zero error. | |||||
| CVE-2007-2724 | 1 Fotolog | 1 Fotolog | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in all_photos.html in fotolog allows remote attackers to inject arbitrary web script or HTML via the user parameter. | |||||
| CVE-2007-2829 | 1 Madwifi | 1 Madwifi | 2018-10-16 | 5.0 MEDIUM | N/A |
| The 802.11 network stack in net80211/ieee80211_input.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system hang) via a crafted length field in nested 802.3 Ethernet frames in Fast Frame packets, which results in a NULL pointer dereference. | |||||
| CVE-2007-2800 | 1 Eticket | 1 Eticket | 2018-10-16 | 5.0 MEDIUM | N/A |
| index.php in eTicket 1.5.5.1 and earlier allows remote attackers to obtain sensitive information via the (1) name[], (2) email[], (3) phone[], or (4) subject[] parameters, which reveals the installation path in the resulting error messages. | |||||
| CVE-2007-2861 | 1 Saxon | 1 Saxon | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Simple Accessible XHTML Online News (SAXON) 4.6 allow remote attackers to execute arbitrary PHP code via a URL in the template parameter to (1) news.php, (2) preview.php, or (3) archive-display.php. | |||||
| CVE-2007-2761 | 1 Magiciso | 1 Magiciso | 2018-10-16 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in MagicISO 5.4 build 239 and earlier allows remote attackers to execute arbitrary code via a long filename in a .cue file. | |||||
| CVE-2007-2785 | 1 Esyndicat | 1 Esyndicat Pro | 2018-10-16 | 6.8 MEDIUM | N/A |
| manage-admins.php in eSyndiCat Pro 1.x allows remote attackers to create additional administrative accounts, and have other unspecified impact, via modified username, new_pass, new_pass2, status, super, and certain other parameters in an add action. | |||||
| CVE-2007-2757 | 1 Dean J Robinson | 1 Redoable | 2018-10-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Redoable 1.2 allow remote attackers to inject arbitrary web script or HTML via the s parameter to (1) wp-content/themes/redoable/searchloop.php or (2) wp-content/themes/redoable/header.php. | |||||
| CVE-2007-2733 | 1 Jetbox | 1 Jetbox Cms | 2018-10-16 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in Jetbox CMS allows remote authenticated users with author privileges to upload arbitrary scripts via unspecified vectors, which can be accessed in webfiles/. NOTE: this issue might be a duplicate of CVE-2004-1448. | |||||
| CVE-2007-2734 | 1 3com | 8 3crtpx505-73, 3crx506-96, Tippingpoint 200 and 5 more | 2018-10-16 | 7.5 HIGH | N/A |
| The 3Com TippingPoint IPS do not properly handle certain full-width and half-width Unicode character encodings in an HTTP POST request, which might allow remote attackers to evade detection of HTTP traffic. | |||||
| CVE-2007-2690 | 1 Iss | 3 Proventia A Series Xpu, Proventia G Series Xpu, Proventia M Series Xpu | 2018-10-16 | 7.8 HIGH | N/A |
| Multiple IBM ISS Proventia Series products, including the A, G, and M series, do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic. | |||||
| CVE-2007-2689 | 1 Checkpoint | 1 Web Intelligence | 2018-10-16 | 7.8 HIGH | N/A |
| Check Point Web Intelligence does not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic. | |||||
| CVE-2007-2754 | 1 Freetype | 1 Freetype | 2018-10-16 | 6.8 MEDIUM | N/A |
| Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow. | |||||
| CVE-2007-2830 | 1 Madwifi | 1 Madwifi | 2018-10-16 | 5.0 MEDIUM | N/A |
| The ath_beacon_config function in if_ath.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system crash) via crafted beacon interval information when scanning for access points, which triggers a divide-by-zero error. | |||||
| CVE-2007-2812 | 1 Hlstats | 1 Hlstats | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.35, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) the action parameter. | |||||
| CVE-2007-2556 | 1 Nuked-klan | 1 Nuked-klan | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, as demonstrated by a request to the /nk/ URI. | |||||
| CVE-2007-2492 | 1 Postnuke Software Foundation | 1 Postnuke V4bjournal Module | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the v4bJournal module for PostNuke allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a journal_comment action. | |||||
| CVE-2007-2487 | 1 Atomix Productions | 1 Atomixmp3 | 2018-10-16 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in AtomixMP3 allows remote attackers to execute arbitrary code via a long filename in an MP3 file, a different vector than CVE-2006-6287. | |||||
| CVE-2007-2484 | 1 Ruben Boelinger | 1 Wp-table | 2018-10-16 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in js/wptable-button.php in the wp-Table 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter. | |||||
| CVE-2007-2483 | 1 Ruben Boelinger | 1 Wp-table | 2018-10-16 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in js/wptable-button.php in the wp-Table 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the wpPATH parameter. | |||||
| CVE-2007-2482 | 1 Ruben Boelinger | 1 Wordtube | 2018-10-16 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in wordtube-button.php in the wordTube 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the wpPATH parameter. | |||||
| CVE-2007-2481 | 1 Ruben Boelinger | 1 Wordtube | 2018-10-16 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in wordtube-button.php in the wordTube 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter. | |||||
| CVE-2007-2477 | 1 Phpmychat | 1 Phpmychat | 2018-10-16 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in phpMyChat.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the {ChatPath} parameter. NOTE: this has been disputed by multiple third parties and CVE because $ChatPath is set to a constant value. | |||||
| CVE-2007-2474 | 1 Turnkey Web Tools | 1 Sunshop Shopping Cart | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) include/payment/payflow_pro.php, (2) global.php, or (3) libsecure.php, different vectors than CVE-2007-2070. | |||||
| CVE-2007-2457 | 1 Pixaria | 1 Pixaria Gallery | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in resources/includes/class.Smarty.php in Pixaria Gallery before 1.4.3 allows remote attackers to execute arbitrary PHP code via a URL in the cfg[sys][base_path] parameter. | |||||
| CVE-2007-2467 | 1 Zonelabs | 1 Zonealarm | 2018-10-16 | 4.9 MEDIUM | N/A |
| ZoneAlarm Pro 6.5.737.000, 6.1.744.001, and possibly earlier versions and other products, allows local users to cause a denial of service (system crash) by sending malformed data to the vsdatant device driver, which causes an invalid memory access. | |||||