Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0301 | 1 Fdweb | 1 Espace Membre | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in _admin/admin_menu.php in FdWeB Espace Membre 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||
| CVE-2007-0304 | 1 Mint | 1 Haber Sistemi | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in duyuru.asp in MiNT Haber Sistemi 2.7 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0306 | 1 Digiappz | 1 Digiaffiliate | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in visu_user.asp in Digiappz DigiAffiliate 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0307 | 1 Poplar Gedcom Viewer | 1 Poplar Gedcom Viewer | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/common.php in Poplar Gedcom Viewer 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[rootPath] parameter. | |||||
| CVE-2007-0311 | 1 Texas Imperial Software | 2 Wftpd, Wftpd Pro Server | 2017-10-19 | 5.0 MEDIUM | N/A |
| Texas Imperial Software WFTPD and WFTPD Pro Server 3.25 and earlier allow remote attackers to cause a denial of service (application crash) via a long SITE ADMIN command. | |||||
| CVE-2007-0314 | 1 Article System | 1 Article System | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Article System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_DIR parameter to (1) forms.php, (2) issue_edit.php, (3) client.php, and (4) classes.php. | |||||
| CVE-2007-0354 | 1 Mgb | 1 Opensource Guestbook | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in email.php in MGB OpenSource Guestbook 0.5.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0329 | 1 Joonas Viljanen | 1 Jv2 Folder Gallery | 2017-10-19 | 5.0 MEDIUM | N/A |
| download.php in Joonas Viljanen JV2 Folder Gallery allows remote attackers to read sensitive files via a relative pathname in the file parameter, as demonstrated by config/gallerysetup.php. NOTE: this issue might be resultant from a directory traversal vulnerability. | |||||
| CVE-2007-0337 | 1 Kgb | 1 Kgb | 2017-10-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in sesskglogadmin.php in KGB 1.9 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skinnn parameter, as demonstrated by invoking kg.php with a postek parameter containing PHP code, which is injected into a file in the kg directory, and then included by sesskglogadmin.php. | |||||
| CVE-2007-0338 | 1 Bolintech | 1 Dreamftp Server | 2017-10-19 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Dream FTP Server allows remote attackers to execute arbitrary code via a USER command with a large number of format string specifiers, which triggers the overflow during processing of the Server Log. | |||||
| CVE-2007-0345 | 1 Apple | 1 Mac Os X | 2017-10-19 | 6.8 MEDIUM | N/A |
| The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain Access.app/Contents/Resources/kcproxy, and (3) ODBC Administrator.app/Contents/Resources/iodbcadmintool programs in /Applications/Utilities/ in Mac OS X 10.4.8 have weak permissions (writable by admin group), which allows local admin users to gain root privileges by modifying a program and then performing permissions repair via diskutil. | |||||
| CVE-2007-0356 | 2 Common Controls Replacement Project, Microsoft | 2 Foldertreeview Activex Control, Ie | 2017-10-19 | 5.0 MEDIUM | N/A |
| The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6.ocx) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP.RootFolder property value. | |||||
| CVE-2007-0359 | 1 Uberghey | 1 Cms | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in frontpage.php in Uberghey CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter. | |||||
| CVE-2007-0361 | 1 Comscripts | 1 Phpmyphorum | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in mep/frame.php in PHPMyphorum 1.5a allows remote attackers to execute arbitrary PHP code via a URL in the chem parameter. | |||||
| CVE-2007-0368 | 1 Michiel Broek | 1 Mbse-bbs | 2017-10-19 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in mbse-bbs 0.70 and earlier allows local users to execute arbitrary code via a long string in the MBSE_ROOT environment variable. | |||||
| CVE-2007-0369 | 1 Phpbp | 1 Phpbp | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in phpBP RC3 (2.204) and earlier allows remote attackers to execute arbitrary SQL commands via the comment forum. | |||||
| CVE-2007-0370 | 1 Phpbp | 1 Phpbp | 2017-10-19 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in index.php in phpBP RC3 (2.204) and earlier allows remote administrators to inject arbitrary PHP code into an upload/banners/ file via a banners add operation that uploads the PHP code through an image_form parameter specifying a multiple-extension filename such as .jpg.vil.gif.php, which is stored in upload/banners/ under a different name, and executable via a direct request. NOTE: a separate SQL injection issue could be leveraged to make this vulnerability reachable by remote unauthenticated attackers. | |||||
| CVE-2007-0371 | 1 Common Controls Replacement Project | 1 Browsedialog Server | 2017-10-19 | 4.3 MEDIUM | N/A |
| A certain ActiveX control in the Common Controls Replacement Project (CCRP) CCRP BrowseDialog Server (ccrpbds6.dll) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP_BDc.SelectedFolder property value. | |||||
| CVE-2007-0388 | 1 Woltlab | 1 Burning Board | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in Woltlab Burning Board (wBB) 1.0.2 and earlier, and 2.3.6 and earlier in the 2.x series, allows remote attackers to execute arbitrary SQL commands via the boardids[1] and other boardids[] parameters. | |||||
| CVE-2007-0395 | 1 Comvironment | 1 Comvironment | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in libraries/grab_globals.lib.php in ComVironment 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter. | |||||
| CVE-2007-0429 | 1 Divx | 1 Divx Player | 2017-10-19 | 5.0 MEDIUM | N/A |
| DivXBrowserPlugin (aka DivX Web Player) npdivx32.dll, as distributed with DivX Player 6.4.1, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the GoWindowed method for a certain instance of the ActiveX object. | |||||
| CVE-2007-0489 | 1 Visohotlink | 1 Visohotlink | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/functions.visohotlink.php in VisoHotlink 1.01 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2007-0495 | 1 Phpsherpa | 1 Phpsherpa | 2017-10-19 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/config.inc.php in PhpSherpa allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter. | |||||
| CVE-2007-0496 | 1 Neon Labs | 1 Neon Labs Website | 2017-10-19 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the g_strRootDir parameter. | |||||
| CVE-2007-0498 | 1 Sky Gunning | 1 Myspeach | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter. | |||||
| CVE-2006-1001 | 1 Lansuite | 1 Lanparty Intranet System | 2017-10-19 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in the board module in LanSuite LanParty Intranet System 2.0.6 and 2.1.0 beta allows remote attackers to execute arbitrary SQL commands via the fid parameter. | |||||
| CVE-2006-1596 | 1 Claroline | 1 Claroline | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in learnPath/include/scormExport.inc.php in Claroline 1.7.4 and earlier allows remote attackers to execute arbitrary PHP code via the includePath parameter. | |||||
| CVE-2006-1595 | 1 Claroline | 1 Claroline | 2017-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in Claroline 1.7.4 and earlier allows remote attackers to read arbitrary files via ".." sequences in the file parameter in a rqEditHtml command. | |||||
| CVE-2006-1668 | 1 Crafty Syntax Image Gallery | 1 Crafty Syntax Image Gallery | 2017-10-19 | 9.0 HIGH | N/A |
| newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to upload and execute arbitrary PHP code via a multipart/form-data POST with a .jpg filename in the fullimage parameter and the ext parameter set to .php. | |||||
| CVE-2006-1664 | 1 Xine | 1 Xine-lib | 2017-10-19 | 7.5 HIGH | N/A |
| Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream. | |||||
| CVE-2006-1667 | 1 Crafty Syntax Image Gallery | 1 Crafty Syntax Image Gallery | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to execute arbitrary SQL commands via the limitquery_s parameter when the $projectid variable is less than 1, which prevents the $limitquery_s from being set within slides.php. | |||||
| CVE-2006-0962 | 1 Vubb | 1 Vubb | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in vuBB 0.2 allows remote attackers to execute arbitrary SQL commands via the pass parameter in a cookie. | |||||
| CVE-2006-0099 | 1 Valdersoft | 1 Valdersoft Shopping Cart | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file include vulnerability in (1) include/templates/categories/default.php and (2) certain other include/templates/categories/ PHP scripts in Valdersoft Shopping Cart 3.0 allows remote attackers to execute arbitrary code via a URL in the catalogDocumentRoot parameter. | |||||
| CVE-2006-1921 | 1 Php Net Tools | 1 Php Net Tools | 2017-10-19 | 6.4 MEDIUM | N/A |
| nettools.php in PHP Net Tools 2.7.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter. | |||||
| CVE-2006-1919 | 1 Thomas Voecking | 1 Internet Photoshow | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Internet Photoshow 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
| CVE-2006-1694 | 1 Xbrite | 1 Xbrite Members | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in members.php in XBrite Members 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-1917 | 1 Blackorpheus | 1 Clanmemberskript | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in member.php in Blackorpheus ClanMemberSkript 1.0 allows remote attackers to execute arbitrary SQL commands via the userID parameter. | |||||
| CVE-2006-1708 | 1 Clansys | 1 Clansys | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in member.php in Clansys 1.1 allows remote attackers to execute arbitrary SQL commands via the showid parameter in the member page to index.php. | |||||
| CVE-2006-1710 | 1 Design Nation | 1 Dnguestbook | 2017-10-19 | 7.6 HIGH | N/A |
| SQL injection vulnerability in admin.php in Design Nation DNGuestbook 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) email and (2) id parameters. | |||||
| CVE-2006-1243 | 1 Alexander Palmo | 1 Simple Php Blog | 2017-10-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php. | |||||
| CVE-2005-4218 | 1 Phpwebthings | 1 Phpwebthings | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forum.php in PHPWebThings 1.4 allows remote attackers to execute arbitrary SQL commands via the msg parameter, a different vulnerability than CVE-2005-3585. | |||||
| CVE-2006-2008 | 1 Built2go | 1 Movie Review | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in movie_cls.php in Built2Go PHP Movie Review 2B and earlier allows remote attackers to execute arbitrary PHP code via a URL in the full_path parameter. | |||||
| CVE-2006-1327 | 1 Softbb | 1 Softbb | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in reg.php in SoftBB 0.1 allows remote attackers to execute arbitrary SQL commands via the mail parameter. | |||||
| CVE-2006-0888 | 1 Invision Power Services | 1 Invision Power Board | 2017-10-19 | 2.6 LOW | N/A |
| index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation disabled, allows remote attackers to cause an unspecified denial of service by registering a large number of users. | |||||
| CVE-2006-1481 | 1 Php Ticket | 1 Php Ticket | 2017-10-19 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in search.php in PHP Ticket 0.71 allows remote authenticated users to execute arbitrary SQL commands and obtain usernames and passwords via the frm_search_in parameter. | |||||
| CVE-2006-0852 | 1 Devscripts | 1 Admbook | 2017-10-19 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in write.php in Admbook 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via the X-Forwarded-For HTTP header field, which is inserted into content-data.php. | |||||
| CVE-2005-4411 | 1 David Harris | 1 Mercury Mail Transport System | 2017-10-19 | 7.5 HIGH | N/A |
| Buffer overflow in Mercury Mail Transport System 4.01b allows remote attackers to execute arbitrary code via a long request to TCP port 105. | |||||
| CVE-2006-0851 | 1 Ilch.de | 1 Ilchclan | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the forum module of ilchClan 1.05g and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter, when creating a newpost. | |||||
| CVE-2006-0821 | 1 Bxcp | 1 Bxcp | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in BXCP 0.299 allows remote attackers to execute arbitrary SQL commands via the tid parameter. | |||||
| CVE-2006-3294 | 1 Cbsms | 1 Mambo Module | 2017-10-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in mod_cbsms_messages.php in CBSMS Mambo Module 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||