Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0443 | 1 Gracenote | 1 Cddbcontrol Activex Control | 2018-10-16 | 9.3 HIGH | N/A |
| Multiple buffer overflows in the CDDBControl ActiveX control in Gracenote CDDB before 20070418 allow remote attackers to execute arbitrary code via long values for certain Proxy configuration parameters. | |||||
| CVE-2007-0441 | 1 Hp | 1 Openview Network Node Manager | 2018-10-16 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allows remote attackers to execute arbitrary commands via unknown vectors. | |||||
| CVE-2007-0251 | 1 Snort | 1 Snort | 2018-10-16 | 7.8 HIGH | N/A |
| Integer underflow in the DecodeGRE function in src/decode.c in Snort 2.6.1.2 allows remote attackers to trigger dereferencing of certain memory locations via crafted GRE packets, which may cause corruption of log files or writing of sensitive information into log files. | |||||
| CVE-2007-0252 | 1 Easy-content Filemanager | 1 Easy-content Filemanager | 2018-10-16 | 7.5 HIGH | N/A |
| Unspecified vulnerability in easy-content filemanager allows remote attackers to upload or modify arbitrary files via unspecified vectors. | |||||
| CVE-2007-0254 | 1 Xine | 1 Xine-ui | 2018-10-16 | 10.0 HIGH | N/A |
| Format string vulnerability in the errors_create_window function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2007-0255 | 1 Xine | 1 Xine | 2018-10-16 | 9.3 HIGH | N/A |
| XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017. | |||||
| CVE-2007-0257 | 1 Grsecurity | 1 Grsecurity Kernel Patch | 2018-10-16 | 7.2 HIGH | N/A |
| ** DISPUTED ** Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven. As of 20070120, the original researcher has released demonstration code. | |||||
| CVE-2007-0260 | 1 Naig | 1 Naig | 2018-10-16 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Naig 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the this_path parameter. NOTE: a reliable third party disputes this vulnerability because this_path is defined before use. | |||||
| CVE-2007-0477 | 1 Openads | 1 Openads | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Openads 2.0.x before 2.0.10, 2.3 before 2.3.31 (aka Max Media Manager before 0.3.31-alpha-pr2), and phpAdsNew/phpPgAds before 2.0.9-pr1 allows remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter in admin-search.php and (2) affiliate-search.php. NOTE: this issue may overlap CVE-2007-0363. | |||||
| CVE-2007-0431 | 1 Avm | 1 Fritzbox | 2018-10-16 | 7.8 HIGH | N/A |
| AVM Fritz!Box 7050, and possibly other product models, allows remote attackers to cause a denial of service (VoIP application crash) via a zero-length UDP packet to the SIP port (port 5060). | |||||
| CVE-2007-0262 | 1 Wordpress | 1 Wordpress | 2018-10-16 | 7.8 HIGH | N/A |
| WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify that the m parameter value has the string data type, which allows remote attackers to obtain sensitive information via an invalid m[] parameter, as demonstrated by obtaining the path, and obtaining certain SQL information such as the table prefix. | |||||
| CVE-2007-0265 | 1 Ezboxx | 1 Portal System Beta | 2018-10-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ezboxx Portal System Beta 0.7.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the pic parameter to custom/piczoom.asp, (2) the nocatname parameter to boxx/user-upload.asp, or (3) the iid parameter to indexes/newscomments.asp. | |||||
| CVE-2007-0266 | 1 Ezboxx | 1 Ezboxx Portal System | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in boxx/ShowAppendix.asp in Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the iid parameter. | |||||
| CVE-2007-0302 | 1 Instantasp | 1 Instantasp | 2018-10-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in InstantASP 4.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to (a) Logon.aspx, and the (2) Username and (3) Update parameters to (b) Members1.aspx. | |||||
| CVE-2007-0339 | 1 Scriptme | 1 Sme Filemailer | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php (aka the login form) in Scriptme SMe FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the Password field (ps parameter). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0298 | 1 Dexxaboy | 1 Lunarpoll | 2018-10-16 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in show.php in LunarPoll, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PollDir parameter. | |||||
| CVE-2007-0305 | 1 Okulsistem Okul Web | 1 Otomasyon Sistemi | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in etkinlikbak.asp in Okul Web Otomasyon Sistemi 4.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0430 | 1 Apple | 1 Mac Os X | 2018-10-16 | 4.9 MEDIUM | N/A |
| The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and earlier kernel allows local users to cause a denial of service (memory corruption) via a large mappingCount value. | |||||
| CVE-2007-0341 | 1 Phpmyadmin | 1 Phpmyadmin | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992. | |||||
| CVE-2007-0309 | 1 Francisco Burzi | 1 Php-nuke | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in blocks/block-Old_Articles.php in Francisco Burzi PHP-Nuke 7.9 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2007-0428 | 1 Wzdftpd | 1 Wzdftpd | 2018-10-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the chtbl_lookup function in hash.c for WzdFTPD 8.0 and earlier allows remote attackers to cause a denial of service via a crafted FTP command, probably due to a NULL pointer dereference. | |||||
| CVE-2007-0310 | 1 Bmc | 1 Remedy Action Request System | 2018-10-16 | 5.0 MEDIUM | N/A |
| BMC Remedy Action Request System 5.01.02 Patch 1267 generates different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to determine valid account names. | |||||
| CVE-2007-0427 | 1 Microsoft | 1 Html Help Workshop | 2018-10-16 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a help project (.HPJ) file with a long HLP field in the OPTIONS section. | |||||
| CVE-2007-0403 | 1 Easebay Resources | 1 Paypal Subscription Manager | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/memberlist.php in Easebay Resources Paypal Subscription Manager allows remote attackers to execute arbitrary SQL commands via the keyword parameter. | |||||
| CVE-2007-0312 | 1 Wcsimple Poll | 1 Wcsimple Poll | 2018-10-16 | 7.8 HIGH | N/A |
| wcSimple Poll stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password hashes via a direct request for password.txt. | |||||
| CVE-2007-0402 | 1 Easebay Resources | 1 Paypal Subscription Manager | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/edit_member.php in Easebay Resources Paypal Subscription Manager allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||
| CVE-2007-0353 | 1 Mywebland | 1 Mybloggie | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in (1) index.php and (2) login.php in myBloggie 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO string. | |||||
| CVE-2007-0323 | 1 Rim | 1 Teamon Import Object Activex Control | 2018-10-16 | 7.5 HIGH | N/A |
| Buffer overflow in the SetLanguage function in Research In Motion (RIM) TeamOn Import Object ActiveX control (TOImport.dll) allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-0401 | 1 Easebay Resources | 1 Login Manager | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the init_row parameter. | |||||
| CVE-2007-0400 | 1 Easebay Resources | 1 Login Manager | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | |||||
| CVE-2007-0324 | 1 Lizardtech | 1 Djvu Browser Plug-in | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the LizardTech DjVu Browser Plug-in before 6.1.1 allow remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-0330 | 1 Ipswitch | 1 Ws Ftp Pro | 2018-10-16 | 7.5 HIGH | N/A |
| Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch WS_FTP 2007 Professional allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long ftp:// URL in an HTML document, and possibly other vectors. | |||||
| CVE-2007-0399 | 1 Simple Machines | 1 Simple Machines Forum | 2018-10-16 | 6.0 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Simple Machines Forum (SMF) 1.1 RC3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) recipient or (2) BCC field when selecting send in a pm action. | |||||
| CVE-2007-0331 | 1 Xentraz | 1 Liens Dynamiques | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in liens.php3 in liens_dynamiques 2.1 allows remote attackers to inject arbitrary web script or HTML by using the ajouter=1 query string and the add menu. | |||||
| CVE-2007-0332 | 1 Xentraz | 1 Liens Dynamiques | 2018-10-16 | 7.5 HIGH | N/A |
| (1) admin/adminlien.php3 and (2) admin/modif.php3 in liens_dynamiques 2.1 do not require authentication, which allows remote attackers to perform unauthorized administrative actions using a direct request. | |||||
| CVE-2007-0333 | 1 Agnitum | 1 Outpost Firewall | 2018-10-16 | 7.2 HIGH | N/A |
| Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access restrictions and insert Trojan horse drivers into the product's installation directory by creating links using FileLinkInformation requests with the ZwSetInformationFile function, as demonstrated by modifying SandBox.sys. | |||||
| CVE-2007-0335 | 1 Jax Scripts | 1 Jax Petition Book | 2018-10-16 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Jax Petition Book 1.0.3.06 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the languagepack parameter to (1) jax_petitionbook.php or (2) smileys.php. | |||||
| CVE-2007-0347 | 1 Cvstrac | 1 Cvstrac | 2018-10-16 | 4.3 MEDIUM | N/A |
| The is_eow function in format.c in CVSTrac before 2.0.1 does not properly check for the "'" (quote) character, which allows remote authenticated users to execute limited SQL injection attacks and cause a denial of service (database error) via a ' character in certain messages, tickets, or Wiki entries. | |||||
| CVE-2007-0487 | 1 Zoneo-soft | 1 Freeforum | 2018-10-16 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in FreeForum 0.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. NOTE: this issue has been disputed by third party researchers, stating that fpath variable is initialized before being used. | |||||
| CVE-2007-0349 | 1 Nicecoder | 1 Indexu | 2018-10-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in upgrade.php in nicecoder.com INDEXU 5.x allows remote attackers to include arbitrary local files via a .. (dot dot) in the gateway parameter. | |||||
| CVE-2007-0351 | 2 Microsoft, Zonelabs | 3 Windows 2003 Server, Windows Xp, Zonealarm | 2018-10-16 | 6.2 MEDIUM | N/A |
| Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user. | |||||
| CVE-2007-0352 | 1 Microsoft | 1 Html Help Workshop | 2018-10-16 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a crafted .cnt file composed of lines that begin with an integer followed by a space and a long string. | |||||
| CVE-2007-0360 | 1 Oreon Project | 1 Oreon | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lang/index.php in Oreon 1.2.3 RC4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | |||||
| CVE-2007-0469 | 1 Rubyforge | 1 Rubygems | 2018-10-16 | 9.3 HIGH | N/A |
| The extract_files function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages. | |||||
| CVE-2007-0398 | 1 Arnotic | 1 A-forum | 2018-10-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in forum.php3 in Arnaud Guyonne (aka Arnotic) a-forum allow remote attackers to inject arbitrary web script or HTML via the (1) Sujet or (2) Pseudo field. | |||||
| CVE-2007-0121 | 1 Michael Romedahl | 1 Ri Blog | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in RI Blog 1.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2007-0167 | 2 Ppc Search Engine, Wgs-ppc | 2 Ppc Search Engine, Wgs-ppc | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search Engine), as distributed with other aliases, allow remote attackers to execute arbitrary PHP code via a URL in the INC parameter in (1) config_admin.php, (2) config_main.php, (3) config_member.php, and (4) mysql_config.php in config/; (5) admin.php and (6) index.php in admini/; (7) paypalipn/ipnprocess.php; (8) index.php and (9) registration.php in members/; and (10) ppcbannerclick.php and (11) ppcclick.php in main/. | |||||
| CVE-2007-0222 | 1 Oracle | 1 Application Server | 2018-10-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably "\.." sequences in the beanId parameter. NOTE: this is likely a duplicate of another CVE that Oracle addressed in CPU Jan 2007, but due to lack of details by Oracle, it is unclear which BugID this issue is associated with, so the other CVE cannot be determined. Possibilities include EM02 (CVE-2007-0292) or EM05 (CVE-2007-0293). | |||||
| CVE-2007-0163 | 1 Securekit | 1 Securekit Steganography | 2018-10-16 | 7.8 HIGH | N/A |
| SecureKit Steganography 1.7.1 and 1.8 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing the last 20 bytes of the JPEG image with alternate password information. | |||||
| CVE-2007-0088 | 1 Openmedia | 1 Openmedia | 2018-10-16 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in openmedia allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) src parameter to page.php or the (2) format parameter to search_form.php. | |||||