Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2520 | 1 Frank Mancuso | 1 Mynews | 2018-10-16 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in admin.php in MyNews 0.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authacc cookie. | |||||
| CVE-2007-2577 | 1 Acp3 | 1 Acp3 | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ACP3 4.0 beta 3 allow remote attackers to execute arbitrary SQL commands via (1) the mode parameter to feeds.php, the (2) form[cat] parameter to (a) news/list/index.php or (b) certain news/details/id_*/action_create/index.php files, or (3) the form[mods][] parameter to search/list/action_search/index.php. | |||||
| CVE-2007-2514 | 3 Centennial, Numara, Symantec | 3 Discovery, Asset Manager, Discovery | 2018-10-16 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in XferWan.exe as used in multiple products including (1) Symantec Discovery 6.5, (2) Numara Asset Manager 8.0, and (3) Centennial UK Ltd Discovery 2006 Feature Pack, allows remote attackers to execute arbitrary code via a long request. NOTE: this might be a reservation duplicate of CVE-2007-1173. | |||||
| CVE-2007-2512 | 1 Alcatel-lucent | 1 Omnipcx | 2018-10-16 | 7.5 HIGH | N/A |
| Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and later enables the mini switch by default, which allows attackers to gain access to the voice VLAN via daisy-chained systems. | |||||
| CVE-2007-2506 | 1 Progress | 2 Progress, Webspeed | 2018-10-16 | 7.8 HIGH | N/A |
| WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO. | |||||
| CVE-2007-2505 | 1 Intervations | 1 Mailcopa | 2018-10-16 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in InterVations MailCOPA 8.01 20070323 allows user-assisted remote attackers to execute arbitrary code via a long command line argument, as demonstrated by a long string in the subject field in a mailto URI. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2504 | 1 Php Turbulence | 1 Php Turbulence | 2018-10-16 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in user/turbulence.php in PHP Turbulence 0.0.1 alpha allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[tcore] parameter. NOTE: this vulnerability is disputed by CVE and a reliable third party because a direct request to user/turbulence.php triggers a fatal error before inclusion. | |||||
| CVE-2007-2503 | 1 Php Turbulence | 1 Php Turbulence | 2018-10-16 | 10.0 HIGH | N/A |
| ** DISPUTED ** Directory traversal vulnerability in turbulence.php in PHP Turbulence 0.0.1 alpha allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tcore] parameter. NOTE: this vulnerability is disputed by CVE and a reliable third party because a direct request to user/turbulence.php triggers a fatal error before inclusion. | |||||
| CVE-2007-2358 | 1 B2evolution | 1 B2evolution | 2018-10-16 | 7.5 HIGH | N/A |
| ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in b2evolution allow remote attackers to execute arbitrary PHP code via a URL in the (1) inc_path parameter to (a) a_noskin.php, (b) a_stub.php, (c) admin.php, (d) contact.php, (e) default.php, (f) index.php, and (g) multiblogs.php in blogs/; the (2) view_path and (3) control_path parameters to blogs/admin.php; and the (4) skins_path parameter to (h) blogs/contact.php and (i) blogs/multiblogs.php. NOTE: this issue is disputed by CVE, since the inc_path, view_path, control_path, and skins_path variables are all initialized in conf/_advanced.php before they are used. | |||||
| CVE-2007-2294 | 1 Asterisk | 1 Asterisk | 2018-10-16 | 7.8 HIGH | N/A |
| The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference. | |||||
| CVE-2007-2339 | 1 Phorum | 1 Phorum | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow remote attackers to execute arbitrary SQL commands via (1) a modified recipients parameter name in (a) pm.php; (2) the curr parameter to the (b) badwords (aka censorlist) or (c) banlist module in admin.php; or (3) the "Edit groups / Add group" field in the (d) groups module in admin.php. | |||||
| CVE-2007-2300 | 1 Surat Kabar | 1 Phpwebnews | 2018-10-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto Surat kabar / News Management Online (aka phpwebnews) 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the m_txt parameter to (1) iklan.php, (2) index.php, or (3) bukutamu.php. | |||||
| CVE-2007-2338 | 1 Phorum | 1 Phorum | 2018-10-16 | 7.5 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in include/admin/banlist.php in Phorum before 5.1.22 allows remote attackers to perform unauthorized banlist deletions as an administrator via the delete parameter. | |||||
| CVE-2007-2367 | 1 Wserve Http Server | 1 Wserve Http Server | 2018-10-16 | 10.0 HIGH | N/A |
| Buffer overflow in wserve_console.exe in Wserve HTTP Server (whttp) 4.6 allows remote attackers to cause a denial of service (forced application exit) via a long directory name in the URI. | |||||
| CVE-2007-2373 | 1 Wf-links | 1 Wf-links | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewcat.php in the WF-Links (wflinks) 1.03 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2007-2331 | 1 Shop-script | 1 Shop-script | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in cart.php in Shop-Script 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the lang_list parameter. | |||||
| CVE-2007-2297 | 1 Asterisk | 1 Asterisk | 2018-10-16 | 7.8 HIGH | N/A |
| The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash). | |||||
| CVE-2007-2330 | 1 Dynatracker | 1 Dynatracker | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes_handler.php in DynaTracker 151 allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter. | |||||
| CVE-2007-2293 | 1 Asterisk | 1 Asterisk | 2018-10-16 | 7.6 HIGH | N/A |
| Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP INVITE. | |||||
| CVE-2007-2329 | 1 Searchactivity | 1 Searchactivity | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in searchbot.php in Searchactivity allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||
| CVE-2007-2328 | 1 Phpmytgp | 1 Phpmytgp | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in addvip.php in phpMYTGP 1.4b allows remote attackers to execute arbitrary PHP code via a URL in the msetstr[PROGSDIR] parameter. | |||||
| CVE-2007-2327 | 1 Labs4 | 1 Htmleditbox | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in _editor.php in HTMLeditbox 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the settings[app_dir] parameter. | |||||
| CVE-2007-2352 | 1 Afflib | 1 Afflib | 2018-10-16 | 10.0 HIGH | N/A |
| Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls, possibly involving (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/imager.cpp, and (f) tools/afxml.cpp. NOTE: this identifier is intended to address the vectors that were not fixed in CVE-2007-2054, but the unfixed vectors were not explicitly listed. | |||||
| CVE-2007-2326 | 1 Goldcoders | 1 Hyip Manager Pro | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in HYIP Manager Pro allow remote attackers to execute arbitrary PHP code via a URL in the plugin_file parameter to (1) Smarty.class.php and (2) Smarty_Compiler.class.php in inc/libs/; (3) core.display_debug_console.php, (4) core.load_plugins.php, (5) core.load_resource_plugin.php, (6) core.process_cached_inserts.php, (7) core.process_compiled_include.php, and (8) core.read_cache_file.php in inc/libs/core/; and other unspecified files. NOTE: (1) and (2) might be incorrectly reported vectors in Smarty. | |||||
| CVE-2007-2354 | 1 Progress | 1 Webspeed Messenger | 2018-10-16 | 7.8 HIGH | N/A |
| Progress Webspeed Messenger allows remote attackers to obtain sensitive information via a WService parameter containing "wsbroker1/webutil/about.r", which reveals the operating system and product information. | |||||
| CVE-2007-2325 | 1 Mynewsgroup | 1 Mynewsgroup | 2018-10-16 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in include.php in MyNewsGroups :) allows remote attackers to execute arbitrary PHP code via a URL in the myng_root parameter. | |||||
| CVE-2007-2438 | 2 Foresight Linux, Vim Development Group | 2 Foresight Linux, Vim | 2018-10-16 | 7.6 HIGH | N/A |
| The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines. | |||||
| CVE-2007-2398 | 2 Apple, Microsoft | 2 Safari, Windows 2003 Server | 2018-10-16 | 7.1 HIGH | N/A |
| Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks. | |||||
| CVE-2007-2411 | 1 Sphider | 1 Sphider | 2018-10-16 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Sphider 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter. NOTE: a third party disputes this vulnerability, stating that "the application is not vulnerable to this issue." | |||||
| CVE-2007-2412 | 1 Seir Anphin | 1 Seir Anphin | 2018-10-16 | 7.8 HIGH | N/A |
| ** DISPUTED ** Directory traversal vulnerability in modules/file.php in Seir Anphin allows remote attackers to obtain sensitive information via a .. (dot dot) in the a[filepath] parameter. NOTE: a third party has disputed this issue because the a array is populated by a database query before use. | |||||
| CVE-2007-2416 | 1 E-annu | 1 E-annu | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in home.php in E-Annu allows remote attackers to execute arbitrary SQL commands via the a parameter. | |||||
| CVE-2007-2419 | 1 Macrovision | 2 Flexnet Connect, Update Service | 2018-10-16 | 10.0 HIGH | N/A |
| Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the AddFileEx method, a different vulnerability than CVE-2007-0328. | |||||
| CVE-2007-2420 | 1 Burak Yilmaz | 1 Burak Yilmaz Blog | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bry.asp in Burak Yilmaz Blog 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-2422 | 1 Comdev | 1 Modules Builder | 2018-10-16 | 7.5 HIGH | N/A |
| ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Modules Builder (modbuild) 4.1 for Comdev One Admin allow remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter to (1) config-bak.php or (2) config.php. NOTE: CVE disputes this vulnerability because the unmodified scripts set the applicable variable to the empty string; reasonable modified copies would use a fixed pathname string. | |||||
| CVE-2007-2312 | 1 Vwar | 1 Virtual War | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 R15 module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the n parameter to extra/online.php and other unspecified scripts in extra/. NOTE: this might be same vulnerability as CVE-2006-4142; however, there is an intervening vendor fix announcement. | |||||
| CVE-2007-2311 | 1 Bloofoxcms | 1 Bloofoxcms | 2018-10-16 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in install/index.php in BlooFoxCMS 0.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the content_php parameter. NOTE: this issue has been disputed by a reliable third party, stating that content_php is initialized before use. | |||||
| CVE-2007-2357 | 1 Sinecms | 1 Sinecms | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mods/Core/result.php in SineCms 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the stringa parameter. | |||||
| CVE-2007-2310 | 1 Bloofoxcms | 1 Bloofoxcms | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in plugins/spaw/img_popup.php in BloofoxCMS 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the img_url parameter. | |||||
| CVE-2007-2308 | 1 Flowers | 1 Flowers | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 allows remote attackers to inject arbitrary web script or HTML via the rok parameter. | |||||
| CVE-2007-2306 | 1 Vwar | 1 Virtual War | 2018-10-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Virtual War (VWar) 1.5.0 R15 and earlier module for PHP-Nuke, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) memberlist parameter to extra/login.php and the (2) title parameter to extra/today.php. | |||||
| CVE-2007-2444 | 1 Samba | 1 Samba | 2018-10-16 | 7.2 HIGH | N/A |
| Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user. | |||||
| CVE-2007-2447 | 1 Samba | 1 Samba | 2018-10-16 | 6.0 MEDIUM | N/A |
| The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management. | |||||
| CVE-2007-2254 | 1 Deltascripts | 1 Php Classifieds | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/setup/level2.php in PHP Classifieds 6.04, and probably earlier versions, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this product was referred to as "Allfaclassfieds" in the original disclosure. | |||||
| CVE-2007-2132 | 1 Oracle | 1 Peoplesoft Enterprise | 2018-10-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise 8.47.12 and 8.48.08 has unknown impact and attack vectors, aka PSE02. | |||||
| CVE-2007-2133 | 1 Oracle | 1 Peoplesoft Enterprise | 2018-10-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise Human Capital Management component in Oracle PeopleSoft Enterprise 8.9 has unknown impact and attack vectors, aka PSEHCM01. | |||||
| CVE-2007-2134 | 1 Oracle | 1 Enterpriseone | 2018-10-16 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the HTML Server in Oracle JD Edwards EnterpriseOne SP23_Q1 and 8.96.I1 has unknown impact and local attack vectors, aka JDE01. | |||||
| CVE-2007-2135 | 1 Oracle | 1 E-business Suite | 2018-10-16 | 7.8 HIGH | N/A |
| The ADI_BINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FND_DOCUMENTS table via the ADI_DISPLAY_REPORT function, when passed a certain parameter. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128. | |||||
| CVE-2007-2136 | 1 Bmc | 1 Patrol Perform Agent | 2018-10-16 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in bgs_sdservice.exe in BMC Patrol PerformAgent allows remote attackers to execute arbitrary code by connecting to TCP port 10128 and sending certain XDR data, which is not properly parsed. | |||||
| CVE-2007-2137 | 1 Ibm | 1 Tivoli Monitoring Express | 2018-10-16 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in kde.dll in IBM Tivoli Monitoring Express 6.1.0 before Fix Pack 2, as used in Tivoli Universal Agent, Windows OS Monitoring agent, and Enterprise Portal Server, allows remote attackers to execute arbitrary code by sending a long string to a certain TCP port. | |||||
| CVE-2007-2140 | 1 Franklin Huang | 1 Flip-search-add-on | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in everything.php in Franklin Huang Flip (aka Flip-search-add-on) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter. | |||||