Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2617 | 1 Sun | 2 Net Connect Software, Solaris | 2017-10-11 | 2.1 LOW | N/A |
| srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options. | |||||
| CVE-2007-2620 | 1 Jakub Steiner | 1 Original | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/config.inc.php in Jakub Steiner (aka jimmac) original 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the x[1] parameter. | |||||
| CVE-2007-2969 | 1 Wanewsletter | 1 Wanewsletter | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in newsletter.php in WAnewsletter 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the waroot parameter. | |||||
| CVE-2007-2677 | 1 Phpchess | 1 Phpchess | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpChess Community Edition 2.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the config parameter to includes/language.php, or the Root_Path parameter to (2) layout_admin_cfg.php, (3) layout_cfg.php, or (4) layout_t_top.php in skins/phpchess/. NOTE: vector 1 has been disputed by CVE, since the code is defined within a function that is not called from within includes/language.php. | |||||
| CVE-2007-2676 | 1 Open Translation Engine | 1 Open Translation Engine | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in skins/header.php in Open Translation Engine (OTE) 0.7.8 allows remote attackers to execute arbitrary PHP code via a URL in the ote_home parameter. | |||||
| CVE-2007-3099 | 1 Redhat | 1 Enterprise Linux | 2017-10-11 | 2.1 LOW | N/A |
| usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service (iscsid exit or iSCSI connection loss). | |||||
| CVE-2007-2675 | 1 Pre Projects | 1 Pre Classifieds Listings | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in Pre Classifieds Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2007-3270 | 1 Phpmyinventory | 1 Phpmyinventory | 2017-10-11 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in Includes/global.inc.php in phpMyInventory 2.8 allows remote attackers to execute arbitrary PHP code via a URL in the strIncludePrefix parameter. | |||||
| CVE-2007-3271 | 1 Yourfreescreamer | 1 Yourfreescreamer | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in templates/2blue/bodyTemplate.php in YourFreeScreamer 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the serverPath parameter. | |||||
| CVE-2007-3272 | 1 Minibb | 1 Minibb | 2017-10-11 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in index.php in MiniBB 2.0.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the language parameter in a register action. | |||||
| CVE-2007-2621 | 1 Extrovert Software | 1 Thyme Calndar | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in event_view.php in Thyme Calendar 1.3 allows remote attackers to execute arbitrary SQL commands via the eid parameter. | |||||
| CVE-2007-2674 | 1 Pre Projects | 1 Pre Shopping Mall | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.php in Pre Shopping Mall 1.0 allows remote attackers to execute arbitrary SQL commands via the prodid parameter. | |||||
| CVE-2007-3404 | 1 Sitedepth | 1 Sitedepth Cms | 2017-10-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ShowImage.php in SiteDepth CMS 3.44 allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter. | |||||
| CVE-2007-2721 | 1 Jasper Jpeg-2000 | 1 Jasper Jpeg-2000 | 2017-10-11 | 4.3 MEDIUM | N/A |
| The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert. | |||||
| CVE-2007-3282 | 1 Microsoft | 2 Office, Office Msodatasourcecontrol Activex | 2017-10-11 | 7.8 HIGH | N/A |
| Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX object allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the DeleteRecordSourceIfUnused method. | |||||
| CVE-2007-3283 | 1 Sun | 1 Solaris | 2017-10-11 | 6.8 MEDIUM | N/A |
| GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root is logged into the console, does not automatically lock the screen after a session has been inactive, which might allow physically proximate attackers to access the console. | |||||
| CVE-2007-2672 | 1 Thinc4orce Marketing Group | 1 Php Coupon Script | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PHP Coupon Script 3.0 allows remote attackers to execute arbitrary SQL commands via the bus parameter in a viewbus page. | |||||
| CVE-2007-3289 | 1 Xoops | 1 Wiwimod Module | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in spaw/spaw_control.class.php in the WiwiMod 0.4 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656. | |||||
| CVE-2007-3290 | 1 Livecms | 1 Livecms | 2017-10-11 | 9.3 HIGH | N/A |
| categoria.php in LiveCMS 3.4 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the cid parameter, which reveals the path in a forced SQL error message. | |||||
| CVE-2007-3292 | 1 Livecms | 1 Livecms | 2017-10-11 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier allows remote attackers to upload and execute arbitrary PHP code by specifying a PHP file type in a parameter intended for "a small image" associated with an article. | |||||
| CVE-2007-3293 | 1 Livecms | 1 Livecms | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in categoria.php in LiveCMS 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2007-3403 | 1 Dreamlog | 1 Dreamlog | 2017-10-11 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in upload.php in dreamLog (aka dreamblog) 0.5 allows remote attackers to upload and execute arbitrary PHP code in uploads/images/ via the uploadedFile[] parameter. | |||||
| CVE-2007-2049 | 1 Mambo | 1 Mambo Calendar | 2017-10-11 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Calendar Module (com_calendar) 1.5.5 for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) com_calendar.php or (2) mod_calendar.php. | |||||
| CVE-2007-3297 | 1 Cybozu Labs | 1 Musoo | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Musoo 0.21 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[ini_array][EXTLIB_PATH] parameter to (1) msDb.php, (2) modules/MusooTemplateLite.php, or (3) modules/SoundImporter.php. | |||||
| CVE-2007-3312 | 1 Efstratios Geroulis | 1 Jasmine Cms | 2017-10-11 | 9.0 HIGH | N/A |
| Directory traversal vulnerability in admin/plugin_manager.php in Jasmine CMS 1.0 allows remote authenticated administrators to include and execute arbitrary local files a .. (dot dot) in the u parameter. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers. | |||||
| CVE-2007-2622 | 1 Taskdriver | 1 Taskdriver | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in TaskDriver 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to login.php or (2) the taskid parameter to notes.php. | |||||
| CVE-2007-3401 | 1 B1g | 1 B1gbb | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in footer.inc.php in B1G b1gBB 2.24 allows remote attackers to execute arbitrary PHP code via a URL in the tfooter parameter. | |||||
| CVE-2007-2623 | 1 Fruit2004 | 1 Remote Display Development Kit | 2017-10-11 | 7.8 HIGH | N/A |
| Multiple buffer overflows in RControl.dll in Remote Display Dev kit 1.2.1.0 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via (1) a long first argument to the connect function or (2) a long InternalServer property value, possibly involving ntdll.dll. | |||||
| CVE-2007-3390 | 1 Wireshark | 1 Wireshark | 2017-10-11 | 5.0 MEDIUM | N/A |
| Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running on certain systems, allows remote attackers to cause a denial of service (crash) via crafted iSeries capture files that trigger a SIGTRAP. | |||||
| CVE-2007-3458 | 1 Sun | 1 Solaris | 2017-10-11 | 4.9 MEDIUM | N/A |
| The libsldap library in Sun Solaris 8, 9, and 10 allows local users to cause a denial of service (Name Service Caching Daemon (nscd) crash) via unspecified vectors. | |||||
| CVE-2007-3306 | 1 Ultrize | 1 Minibill | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in crontab/run_billing.php in MiniBill 1.2.5 allows remote attackers to execute arbitrary PHP code via a URL in the config[include_dir] parameter, a different vector than CVE-2006-4489. | |||||
| CVE-2007-2667 | 1 Db Soft Lab | 1 Vimp X | 2017-10-11 | 9.3 HIGH | N/A |
| Buffer overflow in the DB Software Laboratory VImpX ActiveX control in VImpX.ocx 4.7.3 allows remote attackers to execute arbitrary code via a long LogFile parameter. | |||||
| CVE-2007-3307 | 1 Solar Empire | 1 Solar Empire | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in game_listing.php in Solar Empire 2.9.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header. | |||||
| CVE-2007-2665 | 1 Php Firstpost | 1 Php Firstpost | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in block.php in PhpFirstPost 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the Include parameter. | |||||
| CVE-2007-2664 | 1 Tomasz Rekawek | 1 Yet Another Asterisk Panel | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/common.php in Yaap 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, possibly related to the __autoload function. | |||||
| CVE-2007-3371 | 1 Powl | 1 Powl | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in plugins/widgets/htmledit/htmledit.php in Powl 0.94 allows remote attackers to execute arbitrary PHP code via a URL in the _POWL[installPath] parameter. | |||||
| CVE-2007-2663 | 1 Beacon | 1 Beacon | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in language/1/splash.lang.php in Beacon 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the languagePath parameter. | |||||
| CVE-2007-3313 | 1 Efstratios Geroulis | 1 Jasmine Cms | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Jasmine CMS 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the login_username parameter to login.php or (2) the item parameter to news.php. | |||||
| CVE-2007-3393 | 1 Wireshark | 1 Wireshark | 2017-10-11 | 5.0 MEDIUM | N/A |
| Off-by-one error in the DHCP/BOOTP dissector in Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via crafted DHCP-over-DOCSIS packets. | |||||
| CVE-2006-5158 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 3.3 LOW | N/A |
| The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified vectors that trigger a kernel oops (null dereference) and a deadlock. | |||||
| CVE-2006-5541 | 1 Postgresql | 1 Postgresql | 2017-10-11 | 4.0 MEDIUM | N/A |
| backend/parser/parse_coerce.c in PostgreSQL 7.4.1 through 7.4.14, 8.0.x before 8.0.9, and 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via a coercion of an unknown element to ANYARRAY. | |||||
| CVE-2006-3694 | 1 Yukihiro Matsumoto | 1 Ruby | 2017-10-11 | 6.4 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations". | |||||
| CVE-2006-3465 | 1 Libtiff | 1 Libtiff | 2017-10-11 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the custom tag support for the TIFF library (libtiff) before 3.8.2 allows remote attackers to cause a denial of service (instability or crash) and execute arbitrary code via unknown vectors. | |||||
| CVE-2006-4439 | 1 Sun | 1 Solaris | 2017-10-11 | 3.6 LOW | N/A |
| pkgadd in Sun Solaris 10 before 20060825 installs files with insecure file and directory permissions (755 or 777) if the pkgmap file contains a "?" (question mark) in the mode field, which allows local users to modify arbitrary files or directories, a different vulnerability than CVE-2002-1871. | |||||
| CVE-2006-4440 | 1 Ay System Solutions | 1 Ay System Solutions Cms | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in main.php in Ay System Solutions CMS 2.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path[ShowProcessHandle] parameter. | |||||
| CVE-2006-3595 | 1 Cisco | 1 Router Web Setup | 2017-10-11 | 7.5 HIGH | N/A |
| The default configuration of IOS HTTP server in Cisco Router Web Setup (CRWS) before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary privilege levels, aka bug CSCsa78190. | |||||
| CVE-2006-5542 | 1 Postgresql | 1 Postgresql | 2017-10-11 | 4.0 MEDIUM | N/A |
| backend/tcop/postgres.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) related to duration logging of V3-protocol Execute messages for (1) COMMIT and (2) ROLLBACK SQL statements. | |||||
| CVE-2006-4380 | 1 Mysql | 1 Mysql | 2017-10-11 | 2.1 LOW | N/A |
| MySQL before 4.1.13 allows local users to cause a denial of service (persistent replication slave crash) via a query with multiupdate and subselects. | |||||
| CVE-2006-4188 | 1 Hp | 1 Hp-ux | 2017-10-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the LP subsystem in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via unknown vectors. | |||||
| CVE-2006-4950 | 1 Cisco | 1 Ios | 2017-10-11 | 10.0 HIGH | N/A |
| Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting DOCSIS, which allows remote attackers to gain read-write access via a hard-coded cable-docsis community string and read or modify arbitrary SNMP variables. | |||||