Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2547 | 1 Turnkey Web Tools | 1 Sunshop Shopping Cart | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 allows remote attackers to inject arbitrary web script or HTML via the l parameter. | |||||
| CVE-2007-2548 | 1 Turnkey Web Tools | 1 Sunshop Shopping Cart | 2018-10-16 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 has unknown impact and an l remote attack vector, related to "Cookie Manipulation." | |||||
| CVE-2007-2549 | 1 Turnkey Web Tools | 1 Sunshop Shopping Cart | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) c or (2) quantity parameter. | |||||
| CVE-2007-2550 | 1 Devellion | 1 Cubecart | 2018-10-16 | 5.0 MEDIUM | N/A |
| Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with "ccSID" to (1) cart.php or (2) index.php. | |||||
| CVE-2007-2553 | 1 Hp | 1 Tru64 | 2018-10-16 | 7.2 HIGH | N/A |
| Unspecified vulnerability in dop in HP Tru64 UNIX 5.1B-4, 5.1B-3, and 5.1A PK6 allows local users to gain privileges via a large amount of data in the environment, as demonstrated by a long environment variable. | |||||
| CVE-2007-2554 | 1 Associated Press | 1 Newspower | 2018-10-16 | 7.8 HIGH | N/A |
| Associated Press (AP) Newspower 4.0.1 and earlier uses a default blank password for the MySQL root account, which allows remote attackers to insert or modify news articles via shows.tblscript. | |||||
| CVE-2007-2555 | 1 Podium Cms | 1 Podium Cms | 2018-10-16 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Default.aspx in Podium CMS allows remote attackers to have an unknown impact, possibly session fixation, via a META HTTP-EQUIV Set-cookie expression in the id parameter, related to "cookie manipulation." NOTE: this issue might be cross-site scripting (XSS). | |||||
| CVE-2007-2556 | 1 Nuked-klan | 1 Nuked-klan | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, as demonstrated by a request to the /nk/ URI. | |||||
| CVE-2007-2558 | 1 Netsliver | 1 Pfa Cms | 2018-10-16 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in phpFullAnnu CMS (pfa CMS) 6.0 allows remote attackers to execute arbitrary PHP code via a URL in the repinc parameter. NOTE: CVE disputes this issue since $repinc is set to a constant value before use. | |||||
| CVE-2007-2559 | 1 American Cart | 1 American Cart | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in american cart 3.5 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php, (2) checkout.php, and (3) libsecure.php. | |||||
| CVE-2007-2561 | 1 Fipsasp | 1 Fipscms | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.asp in fipsCMS 2.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter, a different vector than CVE-2006-6115. | |||||
| CVE-2007-2562 | 1 Kayako | 1 Esupport | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 3.00.90 allows remote attackers to inject arbitrary web script or HTML via the _m parameter. | |||||
| CVE-2007-2565 | 1 Cdelia Software | 1 Imageprocessing | 2018-10-16 | 7.1 HIGH | N/A |
| Cdelia Software ImageProcessing allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted BMP file. | |||||
| CVE-2007-2566 | 1 Taltech | 1 Tal Bar Code Activex Control | 2018-10-16 | 5.0 MEDIUM | N/A |
| The SaveBarCode function in the Taltech Tal Bar Code ActiveX control allows remote attackers to cause a denial of service (disk consumption) by uploading multiple bar codes, as demonstrated by a WSF package. | |||||
| CVE-2007-2567 | 1 Taltech | 1 Tal Bar Code Activex Control | 2018-10-16 | 9.3 HIGH | N/A |
| Buffer overflow in the SaveBarCode function in the Taltech Tal Bar Code ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-2577 | 1 Acp3 | 1 Acp3 | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ACP3 4.0 beta 3 allow remote attackers to execute arbitrary SQL commands via (1) the mode parameter to feeds.php, the (2) form[cat] parameter to (a) news/list/index.php or (b) certain news/details/id_*/action_create/index.php files, or (3) the form[mods][] parameter to search/list/action_search/index.php. | |||||
| CVE-2007-2578 | 1 Acp3 | 1 Acp3 | 2018-10-16 | 7.5 HIGH | N/A |
| Unspecified vulnerability in search/list/action_search/index.php in ACP3 4.0 beta 3 allows remote attackers to have unknown impact, relating to "Cookie Manipulation", via the form[search_term] parameter. | |||||
| CVE-2007-2579 | 1 Acp3 | 1 Acp3 | 2018-10-16 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ACP3 4.0 beta 3 allow remote attackers to inject arbitrary web script or HTML via (1) the form[mail] parameter to contact/contact/index.php; the (2) form[mods][] or (3) form[search_term] parameter to search/list/action_search/index.php; (4) the id parameter to modules/dl/download.php; (5) the form[cat] parameter to news/list/index.php; the (6) form[cat], (7) form[name], or (8) form[message] parameter to certain news/details/id_*/action_create/index.php files; or (9) the form[mail] parameter to newsletter/create/index.php. | |||||
| CVE-2007-2580 | 1 Apple | 1 Safari | 2018-10-16 | 1.9 LOW | N/A |
| Unspecified vulnerability in Apple Safari allows local users to obtain sensitive information (saved keychain passwords) via the document.loginform.password.value JavaScript parameter loaded from an AppleScript script. | |||||
| CVE-2007-2581 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Services, Windows 2003 | 2018-10-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx. | |||||
| CVE-2007-2582 | 1 Ibm | 1 Db2 | 2018-10-16 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) execute arbitrary code via a crafted packet to the DB2JDS service on tcp/6789; and cause a denial of service via (2) an invalid LANG parameter or (2) a long packet that generates a "MemTree overflow." | |||||
| CVE-2007-2590 | 1 Nokia | 3 Groupwise Mobile Server, Intellisync Mobile Suite, Intellisync Wireless Email Express | 2018-10-16 | 6.4 MEDIUM | N/A |
| Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to obtain user names and other sensitive information via a direct request to (1) usrmgr/userList.asp or (2) usrmgr/userStatusList.asp. | |||||
| CVE-2007-2591 | 1 Nokia | 3 Groupwise Mobile Server, Intellisync Mobile Suite, Intellisync Wireless Email Express | 2018-10-16 | 7.5 HIGH | N/A |
| usrmgr/userList.asp in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to modify user account details and cause a denial of service (account deactivation) via the userid parameter in an update action. | |||||
| CVE-2007-2592 | 1 Nokia | 3 Groupwise Mobile Server, Intellisync Mobile Suite, Intellisync Wireless Email Express | 2018-10-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files. | |||||
| CVE-2007-2593 | 1 Microsoft | 2 Terminal Server, Windows 2003 Server | 2018-10-16 | 7.5 HIGH | N/A |
| The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006. | |||||
| CVE-2007-2602 | 1 Ipswitch | 1 Whatsup Gold | 2018-10-16 | 7.8 HIGH | N/A |
| Buffer overflow in MIBEXTRA.EXE in Ipswitch WhatsUp Gold 11 allows attackers to cause a denial of service (application crash) or execute arbitrary code via a long MIB filename argument. NOTE: If there is not a common scenario under which MIBEXTRA.EXE is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE. | |||||
| CVE-2007-2603 | 1 Audio Cd Tools | 1 Audio Cd Ripper Ocx | 2018-10-16 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the Init function in the Audio CD Ripper OCX (AudioCDRipperOCX.ocx) 1.0 ActiveX control allows remote attackers to cause a denial of service (NULL dereference and Internet Explorer crash) via unspecified vectors. | |||||
| CVE-2007-2604 | 1 Brew City Software | 1 Flexlabel Ocx | 2018-10-16 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the FlexLabel ActiveX control allows remote attackers to cause a denial of service (unstable behavior) via an improper initialization, as demonstrated by a certain value of the Caption property. | |||||
| CVE-2007-2605 | 1 Brujula Toolbar | 1 Brujula Toolbar | 2018-10-16 | 7.1 HIGH | N/A |
| Unspecified vulnerability in the GetPropertyById function in ISoftomateObj in SoftomateLib in BRUJULA4.NET.DLL in the Brujula Toolbar (Brujula.net toolbar) allows attackers to cause a denial of service (NULL dereference and browser crash) via certain arguments. | |||||
| CVE-2007-2606 | 1 Firebirdsql | 1 Firebird | 2018-10-16 | 7.8 HIGH | N/A |
| Multiple buffer overflows in Firebird 2.1 allow attackers to trigger memory corruption and possibly have other unspecified impact via certain input processed by (1) config\ConfigFile.cpp or (2) msgs\check_msgs.epp. NOTE: if ConfigFile.cpp reads a configuration file with restrictive permissions, then the ConfigFile.cpp vector may not cross privilege boundaries and perhaps should not be included in CVE. | |||||
| CVE-2007-2614 | 1 Phphtmllib | 1 Phphtmllib | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in examples/widget8.php in phpHtmlLib 2.4.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phphtmllib parameter. | |||||
| CVE-2007-2618 | 1 Drake Team | 1 Drake Cms | 2018-10-16 | 5.1 MEDIUM | N/A |
| CRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the lang parameter. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports valid until the first official release of Drake CMS." | |||||
| CVE-2007-2626 | 1 Free Php Scripts | 1 Schoolboard | 2018-10-16 | 7.5 HIGH | N/A |
| ** DISPUTED ** SQL injection vulnerability in admin.php in SchoolBoard allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: CVE disputes this issue, because 'username' does not exist, and the password is not used in any queries. | |||||
| CVE-2007-2627 | 1 Wordpress | 1 Wordpress | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call get_sidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF), a different vulnerability than CVE-2007-1622. | |||||
| CVE-2007-2628 | 1 Justin Koivisto | 1 Phpsecurityadmin | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/logout.php in Justin Koivisto SecurityAdmin for PHP (aka PHPSecurityAdmin, PSA) 4.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the PSA_PATH parameter. | |||||
| CVE-2007-2629 | 1 Bradford Networks | 1 Campusmanager Network Control Application Server | 2018-10-16 | 7.8 HIGH | N/A |
| Bradford CampusManager Network Control Application Server 3.1(6) allows remote attackers to obtain sensitive information (backup, log, and configuration files) via direct request for certain files in (1) /runTime/ or (2) /remediationReports/. | |||||
| CVE-2007-2630 | 1 Activecampaign | 1 1-2-all Broadcast Email | 2018-10-16 | 6.5 MEDIUM | N/A |
| Incomplete blacklist vulnerability in filemanager/browser/default/connectors/php/config.php in the FCKeditor module, as used in ActiveCampaign 1-2-All (aka 12All) 4.50 through 4.53.13, and possibly other products, allows remote authenticated administrators to upload and possibly execute .php4 and .php5 files via unspecified vectors. NOTE: this issue is reachable through filemanager/browser/default/browser.html. | |||||
| CVE-2007-2631 | 1 Squirrelmail | 1 Squirrelmail | 2018-10-16 | 7.5 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in SquirrelMail 1.4.8-4.fc6 and earlier allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors. NOTE: this issue might overlap CVE-2007-2589 or CVE-2002-1648. | |||||
| CVE-2007-2638 | 1 Efilecabinet | 1 Efilecabinet | 2018-10-16 | 10.0 HIGH | N/A |
| eFileCabinet 3.3 allows remote attackers to bypass authentication and access restricted portions of the interface via an invalid filecabinetnumber, which can be leveraged to obtain sensitive information or create new data structures. | |||||
| CVE-2007-2639 | 1 Prosysinfo | 1 Tftp Server Tftpdwin | 2018-10-16 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in TFTPdWin 0.4.2 allows remote attackers to read or modify arbitrary files outside the TFTP root via unspecified vectors. | |||||
| CVE-2007-2641 | 1 W1l3d4 | 1 Philboard | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in W1L3D4_bolum.asp in W1L3D4 Philboard 0.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter, a different vector than CVE-2007-0920. | |||||
| CVE-2007-2645 | 1 Libexif | 1 Libexif | 2018-10-16 | 9.3 HIGH | N/A |
| Integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data, involving the (1) doff or (2) s variable. | |||||
| CVE-2007-2646 | 1 Yenc32 | 1 Yenc32 | 2018-10-16 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in yEnc32 1.0.7.207 allows user-assisted remote attackers to execute arbitrary code via a long filename in an NTX file. | |||||
| CVE-2007-2649 | 1 T-com | 1 Speedport W 700v | 2018-10-16 | 7.8 HIGH | N/A |
| Deutsche Telekom (T-com) Speedport W 700v uses JavaScript delays for invalid authentication attempts to the CGI script, which allows remote attackers to bypass the delays and conduct brute-force attacks via direct calls to the authentication CGI script. | |||||
| CVE-2007-2666 | 2 Notepad\+\+, Scintilla | 2 Notepad\+\+, Scintilla | 2018-10-16 | 7.6 HIGH | N/A |
| Stack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla 1.73, as used by notepad++ 4.1.1 and earlier, allows user-assisted remote attackers to execute arbitrary code via certain Ruby (.rb) files with long lines. NOTE: this was originally reported as a vulnerability in notepad++. | |||||
| CVE-2007-2678 | 1 Netsprint | 1 Netsprint Toolbar | 2018-10-16 | 7.5 HIGH | N/A |
| Buffer overflow in the isChecked function in toolbar.dll in Netsprint Toolbar 1.1 might allow remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-2681 | 1 B2evolution | 1 B2evolution | 2018-10-16 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in blogs/index.php in b2evolution 1.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the core_subdir parameter. | |||||
| CVE-2007-2684 | 1 Jetbox | 1 Jetbox Cms | 2018-10-16 | 5.0 MEDIUM | N/A |
| Jetbox CMS 2.1 allows remote attackers to obtain sensitive information via (1) a direct request to (a) main_page.php, (b) open_tree.php, and (c) outputs.php; (2) a malformed view parameter to index.php, as demonstrated with an SQL injection manipulation; or (3) the id[] parameter to admin/cms/opentree.php, which reveals the installation path in the resulting error message. | |||||
| CVE-2007-2685 | 1 Jetbox | 1 Jetbox Cms | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) login parameter. | |||||
| CVE-2007-2686 | 1 Jetbox | 1 Jetbox Cms | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in a sendpwd task. | |||||