Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1146 | 1 Delmaa.com | 1 Arabhost | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in function.php in arabhost allows remote attackers to execute arbitrary PHP code via a URL in the adminfolder parameter. | |||||
| CVE-2007-1053 | 1 Warped Systems | 1 Phpxmms | 2018-10-16 | 10.0 HIGH | N/A |
| ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in phpXmms 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the tcmdp parameter to (1) phpxmmsb.php or (2) phpxmmst.php. NOTE: this issue has been disputed by a reliable third party, stating that the tcmdp variable is initialized by config.php. | |||||
| CVE-2007-1043 | 9 Apple, Ezboo, Hp and 6 more | 18 Mac Os X, Webstats, Hp-ux and 15 more | 2018-10-16 | 7.5 HIGH | N/A |
| Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php. | |||||
| CVE-2007-1156 | 1 Man Machine Systems | 1 Jbrowser | 2018-10-16 | 7.5 HIGH | N/A |
| JBrowser allows remote attackers to bypass authentication and access certain administrative capabilities via a direct request for _admin/. | |||||
| CVE-2007-1060 | 1 Interspire | 1 Sendstudio | 2018-10-16 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Interspire SendStudio 2004.14 and earlier, when register_globals and allow_fopenurl are enabled, allow remote attackers to execute arbitrary PHP code via a URL in the ROOTDIR parameter to (1) createemails.inc.php and (2) send_emails.inc.php in /admin/includes/. | |||||
| CVE-2007-1069 | 1 Vmware | 1 Workstation | 2018-10-16 | 7.8 HIGH | N/A |
| The memory management in VMware Workstation before 5.5.4 allows attackers to cause a denial of service (Windows virtual machine crash) by triggering certain general protection faults (GPF). | |||||
| CVE-2007-1158 | 1 Postnuke Software Foundation | 1 Pagesetter | 2018-10-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 through 6.3.0 beta 5 module for PostNuke allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. | |||||
| CVE-2007-0996 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-16 | 5.8 MEDIUM | N/A |
| The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set. | |||||
| CVE-2007-1002 | 1 Evolution | 1 Shared Memo | 2018-10-16 | 6.8 MEDIUM | N/A |
| Format string vulnerability in the write_html function in calendar/gui/e-cal-component-memo-preview.c in Evolution Shared Memo 2.8.2.1, and possibly earlier versions, allows user-assisted remote attackers to execute arbitrary code via format specifiers in the categories of a crafted shared memo. | |||||
| CVE-2007-1003 | 1 X.org | 1 X11 | 2018-10-16 | 9.0 HIGH | N/A |
| Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption. | |||||
| CVE-2007-1004 | 1 Mozilla | 1 Firefox | 2018-10-16 | 4.3 MEDIUM | N/A |
| Mozilla Firefox might allow remote attackers to conduct spoofing and phishing attacks by writing to an about:blank tab and overlaying the location bar. | |||||
| CVE-2007-1085 | 1 Google | 1 Desktop | 2018-10-16 | 7.6 HIGH | N/A |
| Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulnerability in google.com to extract the signature for the internal web server, then calling the "under" parameter in Advanced Search with the proper signature. | |||||
| CVE-2007-1008 | 1 Apple | 1 Itunes | 2018-10-16 | 2.6 LOW | N/A |
| Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation. | |||||
| CVE-2007-1009 | 1 Macrovision | 1 Installanywhere | 2018-10-16 | 4.6 MEDIUM | N/A |
| Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallScript.iap_xml configuration file without integrity protection to verify authorization for installing an application, which allows local users to perform unauthorized installations by removing the (1) password or (2) serial number verification sections from this file. | |||||
| CVE-2007-1102 | 1 Photostand | 1 Photostand | 2018-10-16 | 5.0 MEDIUM | N/A |
| Photostand 1.2.0 allows remote attackers to obtain sensitive information via a ' (quote) character in (1) a PHPSESSID cookie or (2) the id parameter in an article action in index.php, which reveal the path in various error messages. | |||||
| CVE-2007-1125 | 1 Xeroxer | 1 Simple One-file Gallery | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to inject arbitrary web script or HTML via the f parameter. | |||||
| CVE-2007-1124 | 1 Xeroxer | 1 Simple One-file Gallery | 2018-10-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. | |||||
| CVE-2007-1114 | 1 Microsoft | 1 Ie | 2018-10-16 | 4.3 MEDIUM | N/A |
| The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set. | |||||
| CVE-2007-1112 | 1 Kaspersky Lab | 2 Kaspersky Anti-virus, Kaspersky Internet Security | 2018-10-16 | 10.0 HIGH | N/A |
| Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods. | |||||
| CVE-2007-1073 | 1 Mcrefer | 1 Mcrefer | 2018-10-16 | 10.0 HIGH | N/A |
| Static code injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary PHP code via the bgcolor parameter, which is inserted into mcrconf.inc.php. | |||||
| CVE-2007-1126 | 1 Xt-commerce | 1 Xt-commerce Community Made Shopping | 2018-10-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in xtcommerce allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter. | |||||
| CVE-2007-1020 | 1 Cedstat | 1 Cedstat | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in CedStat 1.31 allows remote attackers to inject arbitrary web script or HTML via the hier parameter. | |||||
| CVE-2007-1051 | 1 Comodo | 1 Comodo Firewall Pro | 2018-10-16 | 4.6 MEDIUM | N/A |
| Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.17.183 and earlier uses a weak cryptographic hashing function (CRC32) to identify trusted modules, which allows local users to bypass security protections by substituting modified modules that have the same CRC32 value. | |||||
| CVE-2007-1061 | 1 Francisco Burzi | 1 Php-nuke | 2018-10-16 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" block is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header (HTTP_REFERER variable). | |||||
| CVE-2007-1111 | 1 Activecalendar | 1 Activecalendar | 2018-10-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the css parameter to (1) flatevents.php, (2) js.php, (3) mysqlevents.php, (4) m_2.php, (5) m_3.php, (6) m_4.php, (7) xmlevents.php, (8) y_2.php, or (9) y_3.php in data/. | |||||
| CVE-2007-1100 | 1 Pickle | 1 Pickle | 2018-10-16 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in download.php in Ahmet Sacan Pickle before 20070301 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2007-1110 | 1 Activecalendar | 1 Activecalendar | 2018-10-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in data/showcode.php in ActiveCalendar 1.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. | |||||
| CVE-2007-1127 | 1 Watersweb Shops | 1 Shop Kit Plus | 2018-10-16 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in enc/stylecss.php in shopkitplus allows remote attackers to read arbitrary files via a .. (dot dot) in the changetheme parameter. | |||||
| CVE-2007-1029 | 1 Quicksoft | 1 Easymail Objects | 2018-10-16 | 7.6 HIGH | N/A |
| Stack-based buffer overflow in the Connect method in the IMAP4 component in Quiksoft EasyMail Objects before 6.5 allows remote attackers to execute arbitrary code via a long host name. | |||||
| CVE-2007-1107 | 1 Coppermine | 1 Coppermine Photo Gallery | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using similar cookies. | |||||
| CVE-2007-1128 | 1 Watersweb Shops | 1 Shop Kit Plus | 2018-10-16 | 5.0 MEDIUM | N/A |
| shopkitplus allows remote attackers to obtain sensitive information via a request to (1) events.php with a curmonth[]=01 query string or (2) enc/stylecss.php with a changetheme[]= query string, which reveals the path in various error messages. | |||||
| CVE-2007-1046 | 1 Dem Trac | 1 Dem Trac | 2018-10-16 | 5.0 MEDIUM | N/A |
| Dem_trac allows remote attackers to read log file contents via a direct request for /anc_sit.txt. | |||||
| CVE-2007-1095 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-16 | 6.8 MEDIUM | N/A |
| Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client. | |||||
| CVE-2007-1052 | 1 Pblang | 1 Pblang | 2018-10-16 | 10.0 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in PBLang (PBL) 4.60 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the dbpath parameter, a different vector than CVE-2006-5062. NOTE: this issue has been disputed by a reliable third party for 4.65, stating that the dbpath variable is initialized in an included file that is created upon installation. | |||||
| CVE-2007-1070 | 2 Microsoft, Trend Micro | 6 Windows 2000, Windows 2003 Server, Windows Nt and 3 more | 2018-10-16 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll. | |||||
| CVE-2007-1024 | 1 Marcello Vitagliano | 1 Meganoides News | 2018-10-16 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in include.php in Meganoide's news 1.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter. | |||||
| CVE-2007-1054 | 1 Mediawiki | 1 Mediawiki | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer. | |||||
| CVE-2007-1092 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-16 | 9.3 HIGH | N/A |
| Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects. | |||||
| CVE-2007-0972 | 1 Jupiter Cms | 1 Jupiter Cms | 2018-10-16 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in modules/emoticons.php in Jupiter CMS 1.1.5 allows remote attackers to upload arbitrary files by modifying the HTTP request to send an image content type, and to omit is_guest and is_user parameters. NOTE: this issue might be related to CVE-2006-4875. | |||||
| CVE-2007-0936 | 1 Microsoft | 2 Office, Visio | 2018-10-16 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability." | |||||
| CVE-2007-0923 | 1 Radical Technologies | 1 Portal Search | 2018-10-16 | 7.8 HIGH | N/A |
| buscador/buscador.htm in Portal Search allows remote attackers to obtain sensitive information (business logic) via a query string composed of a search for certain characters. | |||||
| CVE-2007-0940 | 1 Microsoft | 2 Biztalk Server, Capicom | 2018-10-16 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability." | |||||
| CVE-2007-0931 | 2 Alcatel-lucent, Aruba | 2 Omniaccess Wireless, Mobility Controller | 2018-10-16 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the management interfaces in (1) Aruba Mobility Controllers 200, 800, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via long credential strings. | |||||
| CVE-2007-0970 | 1 Webtester | 1 Webtester | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to execute arbitrary SQL commands via the testID parameter to directions.php, and unspecified parameters to other files that accept GET or POST input. | |||||
| CVE-2007-0883 | 1 Second Rule Llc | 1 Ip3 Netaccess | 2018-10-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in portalgroups/portalgroups/getfile.cgi in IP3 NetAccess before firmware 4.1.9.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | |||||
| CVE-2007-0885 | 1 Rainbow Portal | 2 Rainbow.zen, Rainbow With The Zen | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2007-0939 | 1 Microsoft | 1 Content Management Server | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability." | |||||
| CVE-2007-0934 | 1 Microsoft | 1 Visio | 2018-10-16 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption. | |||||
| CVE-2007-0912 | 1 Jportal | 1 Jportal Web Server | 2018-10-16 | 9.3 HIGH | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php in Jportal 2.3.1, and possibly earlier, allows remote attackers to perform privileged actions as administrators by tricking the admin into accessing a URL with modified arguments to admin/admin.adm.php. | |||||
| CVE-2007-0890 | 1 Cpanel | 1 Webhost Manager | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPanel WebHost Manager (WHM) 11.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the password parameter. | |||||