Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0919 | 1 Nickolas Grigoriadis | 1 Mini Web Server | 2018-10-16 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in Nickolas Grigoriadis Mini Web server (MiniWebsvr) 0.0.6 allows remote attackers to list the directory immediately above the web root via a ..%00 sequence in the URI. | |||||
| CVE-2007-0889 | 1 Kiwi Enterprises | 1 Kiwi Cattools | 2018-10-16 | 4.6 MEDIUM | N/A |
| Kiwi CatTools before 3.2.0 beta uses weak encryption ("reversible encoding") for passwords, account names, and IP addresses in kiwidb-cattools.kdb, which might allow local users to gain sensitive information by decrypting the file. NOTE: this issue could be leveraged with a directory traversal vulnerability for a remote attack vector. | |||||
| CVE-2007-0929 | 1 Guillaume Fontaine | 1 Php Rrd Browser | 2018-10-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in php rrd browser before 0.2.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter. | |||||
| CVE-2007-0876 | 1 Qdig | 1 Qdig | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Quick Digital Image Gallery (Qdig) 1.2.9.3 and devel-20060624 allows remote attackers to inject arbitrary web script or HTML via the Qwd parameter to the top-level URI. | |||||
| CVE-2007-0973 | 1 Jupiter Cms | 1 Jupiter Cms | 2018-10-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Jupiter CMS 1.1.5 allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header and certain other HTTP headers, which are displayed without proper sanitization when an administrator performs a Logged Guest action. | |||||
| CVE-2007-0921 | 1 Radical Technologies | 1 Portal Search | 2018-10-16 | 9.4 HIGH | N/A |
| Portal Search allows remote attackers to redirect a URL to an arbitrary web site by placing the URL in the query string to the top-level URI. | |||||
| CVE-2007-0969 | 1 Webtester | 1 Webtester | 2018-10-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to POST parameters to multiple files. | |||||
| CVE-2007-0911 | 1 Php | 1 Php | 2018-10-16 | 7.8 HIGH | N/A |
| Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash). | |||||
| CVE-2007-0971 | 1 Jupiter Cms | 1 Jupiter Cms | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and certain other HTTP headers, which set the ip variable that is used in SQL queries performed by index.php and certain other PHP scripts. NOTE: the attack vector might involve _SERVER. | |||||
| CVE-2007-0888 | 1 Kiwi Enterprises | 1 Kiwi Cattools | 2018-10-16 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET or (2) PUT command. | |||||
| CVE-2007-0922 | 1 Radical Technologies | 1 Portal Search | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in buscador/buscador.htm in Portal Search allows remote attackers to inject arbitrary web script or HTML via the query string. | |||||
| CVE-2007-0951 | 1 Fullaspsite | 1 Asp Hosting Site | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2007-0924 | 1 Till Gerken | 1 Phppolls | 2018-10-16 | 7.5 HIGH | N/A |
| Till Gerken phpPolls 1.0.3 allows remote attackers to bypass authentication and perform certain administrative actions via a direct request to phpPollAdmin.php3. NOTE: this issue might subsume CVE-2006-3764. | |||||
| CVE-2007-0925 | 1 Communityserver.org | 1 Community Server | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search/SearchResults.aspx in Community Server allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2007-0950 | 1 Fullaspsite | 1 Asp Hosting Site | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | |||||
| CVE-2007-0987 | 1 Jupiter Cms | 1 Jupiter Cms | 2018-10-16 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot), or an absolute pathname, in the n parameter. | |||||
| CVE-2007-0926 | 1 Kvguestbook | 1 Kvguestbook | 2018-10-16 | 7.5 HIGH | N/A |
| The dologin function in guestbook.php in KvGuestbook 1.0 Beta allows remote attackers to gain administrative privileges, probably via modified $mysql['pass'] and $gbpass variables. | |||||
| CVE-2007-0938 | 1 Microsoft | 1 Content Management Server | 2018-10-16 | 10.0 HIGH | N/A |
| Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability." | |||||
| CVE-2007-0927 | 1 Utorrent | 1 Utorrent | 2018-10-16 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in uTorrent 1.6 allows remote attackers to execute arbitrary code via a torrent file with a crafted announce header. | |||||
| CVE-2007-0880 | 1 Capital Request Forms | 1 Capital Request Forms | 2018-10-16 | 7.8 HIGH | N/A |
| Capital Request Forms stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for inc/common_db.inc. | |||||
| CVE-2007-0928 | 1 Virtual Calendar | 1 Virtual Calendar | 2018-10-16 | 5.0 MEDIUM | N/A |
| Virtual Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an encoded password via a direct request for pwd.txt. | |||||
| CVE-2007-0894 | 1 Mediawiki | 1 Mediawiki | 2018-10-16 | 5.0 MEDIUM | N/A |
| MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the installation path in the resulting error message. | |||||
| CVE-2007-0874 | 1 Allons Voter | 1 Allons Voter | 2018-10-16 | 6.8 MEDIUM | N/A |
| Allons_voter 1.0 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) admin_ajouter.php or (2) admin_supprimer.php. NOTE: this could be leveraged to conduct cross-site scripting (XSS) attacks. | |||||
| CVE-2007-0871 | 1 Extremepow | 1 Extreme File Hosting | 2018-10-16 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in eXtremePow eXtreme File Hosting allows remote attackers to upload arbitrary PHP code via a filename with a double extension such as (1) .rar.php or (2) .zip.php. | |||||
| CVE-2007-0870 | 1 Microsoft | 1 Word | 2018-10-16 | 7.6 HIGH | N/A |
| Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027. | |||||
| CVE-2007-0866 | 1 Hp | 1 Openview Storage Data Protector | 2018-10-16 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in HP OpenView Storage Data Protector on HP-UX B.11.00, B.11.11, or B.11.23 allows local users to execute arbitrary code via unknown vectors. | |||||
| CVE-2007-0861 | 1 Phpcoin | 1 Phpcoin | 2018-10-16 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in modules/mail/index.php in phpCOIN RC-1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _CCFG['_PKG_PATH_MDLS'] parameter. NOTE: this issue has been disputed by a reliable third party, who states that a fatal error occurs before the relevant code is reached. | |||||
| CVE-2007-0860 | 1 Laboratory For Optical And Computational Instrumentation | 1 Local Calendar System | 2018-10-16 | 7.5 HIGH | N/A |
| ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in local Calendar System 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) TEMPLATE_DIR parameter to (a) showinvoices.php, (b) showmonth.php, (c) showevents.php, (d) retrieveinvoice.php, (e) modifyitem.php, and (f) lookup_userid.php; or the LIBDIR parameter to (g) editevent.php, (h) resetpassword.php, (i) signup.php, showmonth.php, (j) showday.php, showevents.php, and lookup_userid.php. NOTE: this issue has been disputed by a third party, who states that the associated variables are set in config.php before use. | |||||
| CVE-2007-0859 | 1 Palm | 1 Treo | 2018-10-16 | 2.1 LOW | N/A |
| The Find feature in Palm OS Treo smart phones operates despite the system password lock, which allows attackers with physical access to obtain sensitive information (memory contents) by doing (1) text searches or (2) paste operations after pressing certain keyboard shortcut keys. | |||||
| CVE-2007-0850 | 1 Syscp Team | 1 Syscp | 2018-10-16 | 7.5 HIGH | N/A |
| scripts/cronscript.php in SysCP 1.2.15 and earlier includes and executes arbitrary PHP scripts that are referenced by the panel_cronscript table in the SysCP database, which allows attackers with database write privileges to execute arbitrary code by constructing a PHP file and adding its filename to this table. | |||||
| CVE-2007-0849 | 1 Syscp Team | 1 Syscp | 2018-10-16 | 7.2 HIGH | N/A |
| scripts/cronscript.php in SysCP 1.2.15 and earlier does not properly quote pathnames in user home directories, which allows local users to gain privileges by placing shell metacharacters in a directory name, and then using the control panel to protect this directory, a different vulnerability than CVE-2005-2568. | |||||
| CVE-2007-0873 | 1 Nabocorp | 1 Nabopoll | 2018-10-16 | 7.5 HIGH | N/A |
| nabopoll 1.1.2 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) config_edit.php, (2) template_edit.php, or (3) survey_edit.php in admin/. | |||||
| CVE-2007-0828 | 1 Mysqlnewsengine | 1 Mysqlnewsengine | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in affichearticles.php3 in MySQLNewsEngine allows remote attackers to execute arbitrary PHP code via a URL in the newsenginedir parameter. | |||||
| CVE-2007-0817 | 1 Adobe | 1 Coldfusion | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page. | |||||
| CVE-2007-0815 | 1 Uapplication | 1 Uphotogallery | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in images_archive.asp in Uapplication Uphotogallery 1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the s parameter. NOTE: the thumbnails.asp vector is already covered by CVE-2006-3023. | |||||
| CVE-2007-0814 | 1 Adrenalin Labs | 1 Adrenalins Asp Chat | 2018-10-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Adrenalin's ASP Chat allow remote attackers to inject arbitrary web script or HTML (1) via the psuedo (pseudo) field or (2) during chat. | |||||
| CVE-2007-0813 | 1 Home Production | 1 Mysearchengine | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Home production MySearchEngine allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-0833 | 1 Vmware | 1 Workstation | 2018-10-16 | 1.2 LOW | N/A |
| VMware Workstation 5.5.3 34685, when the "Enable copy and paste to and from this virtual machine" option is enabled, preserves clipboard data on the guest operating system after it was deleted on the host operating system, which might allow local users to read clipboard contents by moving the focus back to the host operating system. | |||||
| CVE-2007-0832 | 1 Vmware | 1 Workstation | 2018-10-16 | 1.2 LOW | N/A |
| VMware Workstation 5.5.3 34685 does not immediately change the availability of a shared clipboard when the "Enable copy and paste to and from this virtual machine" checkbox is changed, which allows local users to obtain sensitive information or conduct certain attacks that are facilitated by weaker isolation between the host and guest operating systems. | |||||
| CVE-2007-0808 | 1 Mina Ajans | 1 Mina Ajans Script | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Mina Ajans Script allows remote attackers to execute arbitrary PHP code via a URL in the syf parameter to an unspecified PHP script. | |||||
| CVE-2007-0807 | 1 Darrens 5-dollar Script Archive | 1 Flashchat | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in info.php in flashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via a channel title (aka room name) that is not properly handled by the "who's online" feature. | |||||
| CVE-2007-0806 | 1 Les News | 1 Les News | 2018-10-16 | 7.5 HIGH | N/A |
| Les News 2.2 allows remote attackers to bypass authentication and gain administrative access via a direct request for adminews/index_fr.php3, and possibly the adminews index documents for other localizations. | |||||
| CVE-2007-0801 | 1 Mozilla | 1 Firefox | 2018-10-16 | 4.3 MEDIUM | N/A |
| The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 creates temporary files with predictable filenames based on creation time, which allows remote attackers to execute arbitrary web script or HTML via a crafted XMLHttpRequest. | |||||
| CVE-2007-0800 | 1 Mozilla | 1 Firefox | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup. | |||||
| CVE-2007-0798 | 1 Uapplication | 1 Ublog Reload | 2018-10-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login.asp; and allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters to (2) badword.asp, (3) polls.asp, and (4) users.asp. | |||||
| CVE-2007-0795 | 1 Wap | 1 Wap Portal Server | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Wap Portal Server 1.x allow remote attackers to execute arbitrary PHP code via a URL in the language parameter to (1) index.php and (2) admin/index.php. | |||||
| CVE-2007-0799 | 1 Uapplication | 1 Ublog | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in badword.asp in Ublog Reload 1.0.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2007-0793 | 1 Globalmegacorp | 1 Dvddb | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the config parameter. | |||||
| CVE-2007-0792 | 1 Mozilla | 1 Bugzilla | 2018-10-16 | 7.5 HIGH | N/A |
| The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file. | |||||
| CVE-2007-0791 | 1 Mozilla | 1 Bugzilla | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla 2.20.3, 2.22.1, and 2.23.3, and earlier versions down to 2.20.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||