Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2749 | 1 Faqengine | 1 Faqengine | 2017-10-11 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in question.php in FAQEngine 4.16.03 and earlier allows remote attackers to execute arbitrary SQL commands via the questionref parameter in a display action. | |||||
| CVE-2007-2753 | 1 Runawaysoft | 1 Haber Portal | 2017-10-11 | 5.0 MEDIUM | N/A |
| RunawaySoft Haber portal 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/xice.mdb. | |||||
| CVE-2007-2817 | 1 Ol Bookmarks | 1 Ol Bookmarks | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in read/index.php in ol'bookmarks 0.7.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-2822 | 1 Wavelink Media | 1 Tutorialcms | 2017-10-11 | 9.3 HIGH | N/A |
| TutorialCMS 1.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication via the (1) loggedIn and (2) activated parameters to (a) login.php, (b) headerLinks.php, (c) submit1.php, (d) myFav.php, and (e) userCP.php. | |||||
| CVE-2007-1986 | 1 Barnraiser | 1 Aroundme | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in barnraiser AROUNDMe 0.7.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_path_core parameter to inc/core_profile.header.php, the (2) template_path_core parameter to template/barnraiser_01/maint_contact_view.tpl.php, and the (3) template_path parameter to template/barnraiser_01/default.tpl.php. NOTE: this issue might overlap CVE-2006-5533. | |||||
| CVE-2007-2755 | 1 Precisionid Barcode | 1 Precisionid Barcode | 2017-10-11 | 10.0 HIGH | N/A |
| The PrecisionID Barcode 1.9 ActiveX control in PrecisionID_Barcode.dll, when Internet Explorer 6 is used, allows remote attackers to overwrite arbitrary files via a full pathname to the SaveToFile function, a different vulnerability than CVE-2007-2744. | |||||
| CVE-2007-2756 | 1 Libgd | 1 Libgd | 2017-10-11 | 4.3 MEDIUM | N/A |
| The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng. | |||||
| CVE-2007-1983 | 1 Cyboards | 1 Cyboards Php Lite | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/default_header.php in Cyboards PHP Lite 1.21 allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter, a different vector than CVE-2006-2871. | |||||
| CVE-2007-2067 | 1 Webslider | 1 Webslider | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Marco Antonio Islas Cruz Web Slider (WebSlider) 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) index.php, (2) modules/pdf.php, (3) plugins/highlight.php, or (4) include/modules.php. | |||||
| CVE-2007-2486 | 1 Motobit | 1 Motobit | 2017-10-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download.asp in Motobit 1.3 and 1.5 (aka PStruh-CZ) allows remote attackers to read arbitrary files via a .. (dot dot) in the File parameter. | |||||
| CVE-2007-1982 | 1 Really Simple Php And Ajax | 1 Really Simple Php And Ajax | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Really Simple PHP and Ajax (RSPA) 2007-03-23 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) __IncludeFilePHPClass, (2) __ClassPath, and (3) __class parameters to (a) rspa/framework/Controller_v5.php, and (b) rspa/framework/Controller_v4.php. | |||||
| CVE-2007-1980 | 1 Nick Jones | 1 Topliste Module | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Topliste 1.0 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2007-2456 | 1 Firefly | 1 Firefly | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in FireFly 1.1.01 allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) localize.php or (2) config.php in modules/admin/include/. | |||||
| CVE-2007-2878 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 4.9 MEDIUM | N/A |
| The VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run on a 64-bit system, allow local users to corrupt a kernel_dirent struct and cause a denial of service (system crash) via unknown vectors. | |||||
| CVE-2007-2068 | 1 Storefront For Gallery | 1 Storefront Gallery | 2017-10-11 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the StoreFront mods for Gallery allow remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter to (1) mods/business_functions.php or (2) mods/ui_functions.php. | |||||
| CVE-2007-2901 | 1 Dokeos | 1 Dokeos | 2017-10-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the img parameter to main/inc/lib/fckeditor/editor/plugins/ImageManager/editor.php and other unspecified vectors. | |||||
| CVE-2007-2069 | 1 Openmairie | 1 Openmairie | 2017-10-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in scr/soustab.php in openMairie 1.11 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dsn[phptype] parameter. | |||||
| CVE-2007-2079 | 1 Xampp | 1 Apache Distribution | 2017-10-11 | 9.3 HIGH | N/A |
| The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer overflow and execute arbitrary code via a long host parameter, or have other unspecified impact. NOTE: it could be argued that this is an issue in mssql_connect (CVE-2007-1411.1) in PHP, or an issue in the ADOdb Library, and the proper fix should be in one of these products; if so, then this should not be treated as a vulnerability in XAMPP. | |||||
| CVE-2007-2080 | 1 Xampp | 1 Apache Distribution | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows allow remote attackers to execute arbitrary SQL commands via unspecified vectors in certain test scripts. | |||||
| CVE-2007-1979 | 1 Xoops | 1 Xoops Popnupblog | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the get_blogid_from_postid function in class/PopnupBlogUtils.php. NOTE: later versions such as 3.03 and 3.05 might also be affected. | |||||
| CVE-2007-1978 | 1 Php Fusion | 1 Arcade Module | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Arcade 1.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view_game_list action. | |||||
| CVE-2007-2094 | 1 Anthologia | 1 Anthologia | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Anthologia 0.5.2 allows remote attackers to execute arbitrary PHP code via a URL in the ads_file parameter. | |||||
| CVE-2007-1976 | 1 Xoops | 1 Xoops Virii Info Module | 2017-10-11 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in the Virii Info 1.10 and earlier module for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. NOTE: the issue has been disputed by a reliable third party, stating that the application's checkSuperglobals function defends against the attack. | |||||
| CVE-2007-3118 | 1 K-letter | 1 K-letter | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Kravchuk letter (K-letter) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the scdir parameter to (1) action.php, (2) subs.php, or (3) unsubs.php. | |||||
| CVE-2007-2743 | 1 Glossword | 1 Glossword | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in custom_vars.php in GlossWord 1.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the sys[path_addon] parameter. | |||||
| CVE-2007-2750 | 1 Simpnews | 1 Simpnews | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in print.php in SimpNews 2.40.01 and earlier allows remote attackers to execute arbitrary SQL commands via the newsnr parameter. | |||||
| CVE-2007-2902 | 1 Dokeos | 1 Dokeos | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in main/auth/my_progress.php in Dokeos 1.8.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the course parameter. | |||||
| CVE-2007-2142 | 1 Ajportal2php | 1 Ajportal2php | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in AjPortal2Php allow remote attackers to execute arbitrary PHP code via a URL in the PagePrefix parameter to (1) begin.inc.php, (2) connection.inc.php, (3) events.inc.php, (4) footer.inc.php, (5) header.inc.php, (6) menuleft.inc.php, or (7) pages.inc.php in includes/. | |||||
| CVE-2007-2431 | 1 Tecnick.com | 1 Tcexam | 2017-10-11 | 6.8 MEDIUM | N/A |
| Dynamic variable evaluation vulnerability in shared/config/tce_config.php in TCExam 4.0.011 and earlier allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks by modifying critical variables such as $_SERVER, as demonstrated by injecting web script via the _SERVER[SCRIPT_NAME] parameter. | |||||
| CVE-2007-2143 | 1 Bonoestente | 1 Joomla Template Be2004-2 | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in the Be2004-2 template for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2007-2003 | 1 Inoutmailinglistmanager | 1 Inoutmailinglistmanager | 2017-10-11 | 6.8 MEDIUM | N/A |
| InoutMailingListManager 3.1 and earlier sends a Location redirect header but does not exit after an authorization check fails, which allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by ignoring the redirect. | |||||
| CVE-2007-1961 | 1 Phpbb | 1 Mutant | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in mutant_functions.php in the Mutant 0.9.2 portal for phpBB 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-2145 | 1 Minigal | 1 Minigal | 2017-10-11 | 7.5 HIGH | N/A |
| The imagecomments function in classes.php in MiniGal b13 allows remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the input parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-3136 | 1 Newssync | 1 Newssync | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/nuke_include.php in newsSync 1.5.0rc6 allows remote attackers to execute arbitrary PHP code via a URL in the newsSync_NUKE_PATH parameter. | |||||
| CVE-2007-2430 | 1 Tecnick.com | 1 Tcexam | 2017-10-11 | 7.8 HIGH | N/A |
| shared/code/tce_tmx.php in TCExam 4.0.011 and earlier allows remote attackers to create arbitrary PHP files in cache/ by placing file contents and directory traversal manipulations into a SessionUserLang cookie to public/code/index.php. | |||||
| CVE-2007-1936 | 1 Scar4u.de | 1 Scaradcontroller | 2017-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in scaradcontrol.php in ScarAdControl (ScarAdController) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the sac_config_dir parameter. | |||||
| CVE-2007-3138 | 1 Open Solution | 1 Quick.cart | 2017-10-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in Open Solution Quick.Cart 2.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in an sLanguage cookie, which is used to define a value in config/general.php. | |||||
| CVE-2007-3139 | 1 Open Solution | 1 Quick.cart | 2017-10-11 | 6.8 MEDIUM | N/A |
| config/general.php in Quick.Cart 2.2 and earlier uses a default username and password, which allows remote attackers to access the application via a login action to admin.php. NOTE: this can be leveraged to upload and execute arbitrary code. | |||||
| CVE-2007-2154 | 1 Cabron Connector | 1 Cabron Connector | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in services/samples/inclusionService.php in Cabron Connector 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the CabronServiceFolder parameter. | |||||
| CVE-2007-1935 | 1 Scar4u.de | 1 Scaradcontroller | 2017-10-11 | 6.8 MEDIUM | N/A |
| PHP file inclusion vulnerability in admin/index.php in ScarAdControl (ScarAdController) 1.1 allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the site parameter, which is accessed by the file_exists function. | |||||
| CVE-2007-1934 | 1 Php-nuke | 1 Eboard Module | 2017-10-11 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in member.php in the eBoard 1.0.7 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[name] parameter. | |||||
| CVE-2007-2156 | 1 Rezervi Generic | 1 Rezervi Generic | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Rezervi Generic 0.9 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) datumVonDatumBis.inc.php, (2) footer.inc.php, (3) header.inc.php, and (4) stylesheets.php in templates/; and (5) wochenuebersicht.inc.php, (6) monatsuebersicht.inc.php, (7) jahresuebersicht.inc.php, and (8) tagesuebersicht.inc.php in belegungsplan/. | |||||
| CVE-2007-2493 | 1 Mxbb | 2 Mxbb Faq, Mxbb Rules | 2017-10-11 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in faq.php in the FAQ & RULES 2.0.0 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | |||||
| CVE-2007-2427 | 1 Pnflashgames | 1 Pnflashgames | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the pnFlashGames 1.5 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2007-2426 | 1 Wildbits | 1 Mygallery | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in myfunctions/mygallerybrowser.php in the myGallery 1.4b4 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the myPath parameter. | |||||
| CVE-2007-2494 | 1 Office Ocx | 1 Powerpoint Viewer Ocx | 2017-10-11 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in the PowerPointOCX ActiveX control in PowerPointViewer.ocx 3.1.0.3 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) Save, (6) SaveWebFile, (7) HttpDownloadFile, (8) Open, or (9) OpenWebFile property value. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2495 | 1 Office Ocx | 1 Excel Viewer Ocx | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in the ExcelOCX ActiveX control in ExcelViewer.ocx 3.1.0.6 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) Save, (6) SaveWebFile, (7) HttpDownloadFile, (8) Open, or (9) OpenWebFile property value. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2425 | 1 Blackdot | 1 Imageview | 2017-10-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in fileview.php in Imageview 5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the album parameter. | |||||
| CVE-2007-2889 | 1 Dokeos | 1 Open Source Learning And Knowledge Management Tool | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the scormcontopen parameter. | |||||
| CVE-2007-2888 | 1 Ezb Systems | 1 Ultraiso | 2017-10-11 | 7.6 HIGH | N/A |
| Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows user-assisted remote attackers to execute arbitrary code via a long FILE string (filename) in a .cue file, a related issue to CVE-2007-2761. NOTE: some details are obtained from third party information. | |||||