Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2019 | 1 Tomex | 1 Phpgalleryscript | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in init.gallery.php in phpGalleryScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the include_class parameter. | |||||
| CVE-2007-2020 | 1 Xodagallery | 1 Xodagallery | 2018-10-16 | 7.5 HIGH | N/A |
| ** DISPUTED ** Unspecified vulnerability in administration.php in xodagallery allows remote attackers to execute arbitrary code via the cmd parameter. NOTE: CVE disputes this vulnerability because administration.php does not use the cmd parameter for inclusion. | |||||
| CVE-2007-2021 | 1 Pineapple Technologies | 1 Lore | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Pineapple Technologies Lore 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang_path parameter to third_party/phpmailer/class.phpmailer.php or the (2) get_plugin_file_path parameter to third_party/smarty/libs/plugins/function.html_checkboxes.php. NOTE: the affected files might be from other software packages, so this might not be a vulnerability in Lore itself. NOTE: (1) might be the same issue as CVE-2006-5734.4. | |||||
| CVE-2007-2024 | 1 Phpwiki | 1 Phpwiki | 2018-10-16 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.x allows remote attackers to upload arbitrary PHP files with a (1) php3, (2) php4, or (3) php5 extension. | |||||
| CVE-2007-2026 | 2 Amavis, Gentoo | 2 Virus Scanner, File | 2018-10-16 | 7.8 HIGH | N/A |
| The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS. | |||||
| CVE-2007-2031 | 1 3proxy | 1 3proxy | 2018-10-16 | 10.0 HIGH | N/A |
| Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, and 0.6b-devel before 20070413, might allow remote attackers to execute arbitrary code via crafted transparent requests. | |||||
| CVE-2007-2048 | 1 Webmethods | 1 Glue | 2018-10-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in /console in the Management Console in webMethods Glue 6.5.1 and earlier allows remote attackers to read arbitrary system files via a .. (dot dot) in the resource parameter. | |||||
| CVE-2007-2053 | 1 Afflib | 1 Afflib | 2018-10-16 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB. | |||||
| CVE-2007-2054 | 1 Afflib | 1 Afflib | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls in (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/aimage.cpp, (f) aimage/imager.cpp, and (g) tools/afxml.cpp. NOTE: the aimage.cpp vector (e) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB. | |||||
| CVE-2007-2055 | 1 Afflib | 1 Afflib | 2018-10-16 | 7.5 HIGH | N/A |
| AFFLIB 2.2.8 and earlier allows attackers to execute arbitrary commands via shell metacharacters involving (1) certain command line parameters in tools/afconvert.cpp and (2) arguments to the get_parameter function in aimage/ident.cpp. NOTE: it is unknown if the get_parameter vector (2) is ever called. | |||||
| CVE-2007-2057 | 1 Aircrack-ng | 1 Airodump-ng | 2018-10-16 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in aircrack-ng airodump-ng 0.7 allows remote attackers to execute arbitrary code via crafted 802.11 authentication packets. | |||||
| CVE-2007-2059 | 1 Eiqnetworks | 1 Enterprise Security Analyzer | 2018-10-16 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the ESA protocol implementation in eIQnetworks Enterprise Security Analyzer (ESA) 2.5 allow remote attackers to execute arbitrary code via a long parameter to the (1) DELETESEARCHFOLDER, (2) DELTASK, (3) HMGR_CHECKHOSTSCSV, (4) TASKUPDATEDUSER, (5) VERIFYUSERKEY, or (6) VERIFYPWD command. | |||||
| CVE-2007-2061 | 1 Afterlogic | 1 Mailbee Webmail | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in check_login.asp in AfterLogic MailBee WebMail Pro 3.4 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||
| CVE-2007-2062 | 1 Vcdgear | 1 Vcdgear | 2018-10-16 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in VCDGear 3.55 and 3.56 BETA allows user-assisted remote attackers to execute arbitrary code via a long FILE argument in a CUE file. | |||||
| CVE-2007-2064 | 1 Actionpoll | 1 Actionpoll | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Robert Ladstaetter ActionPoll 1.1.0, and possibly 1.1.1, allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_POLLDB parameter to actionpoll.php or (2) the CONFIG_DB parameter to db/DataReaderWriter.php, different vectors than CVE-2001-1297. | |||||
| CVE-2007-2072 | 1 Ivan Gallery Script | 1 Ivan Gallery Script | 2018-10-16 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Ivan Gallery Script 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue has been disputed by third party researchers for 0.3, stating that the dir variable is properly initialized before use. | |||||
| CVE-2007-2076 | 1 Maian | 1 Gallery | 2018-10-16 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in Maian Gallery 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, but confirmed by the vendor, stating "this problem existed only briefly in v1.0." | |||||
| CVE-2007-2077 | 1 Maian | 1 Search | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, but confirmed by the vendor, stating "this issue was fixed last year and [no] is longer a problem." | |||||
| CVE-2007-2078 | 1 Maian | 1 Weblog | 2018-10-16 | 6.8 MEDIUM | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Maian Weblog 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, since the path_to_folder variable is initialized before use. | |||||
| CVE-2007-2081 | 1 Myblog | 1 Myblog | 2018-10-16 | 7.5 HIGH | N/A |
| MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication requirements via the admin cookie parameter to certain admin files, as demonstrated by admin/settings.php. | |||||
| CVE-2007-2082 | 1 Myblog | 1 Myblog | 2018-10-16 | 6.5 MEDIUM | N/A |
| Direct static code injection vulnerability in admin/settings.php in MyBlog 0.9.8 and earlier allows remote authenticated admin users to inject arbitrary PHP code via the content parameter, which can be executed by accessing index.php. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers. | |||||
| CVE-2007-2083 | 1 Zonelabs | 1 Zonealarm | 2018-10-16 | 6.9 MEDIUM | N/A |
| vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (system crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateKey and (2) NtDeleteFile functions. | |||||
| CVE-2007-2084 | 1 Mobilepublisherphp | 1 Mobilepublisherphp | 2018-10-16 | 6.8 MEDIUM | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in MobilePublisherphp 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the auth_method parameter to (1) index.php, (2) list.php, (3) postreview.php, (4) reindex.php, (5) sections.php, (6) templates.php, (7) userinfo.php, (8) users.php, and (9) view.php in admin/. NOTE: this issue has been disputed by a reliable third party, who states that $auth_method is defined before use. | |||||
| CVE-2007-2085 | 1 Oe2edit | 1 Oe2edit Cms | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in oe2edit.cgi in oe2edit CMS allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2007-2088 | 1 Sitebar | 1 Sitebar | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Sitebar 3.3.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) writerFile parameter to index.php and the (2) file parameter to Integrator.php. | |||||
| CVE-2007-2089 | 1 Jx Development | 1 Article Component | 2018-10-16 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Jx Development Article 1.1 and earlier component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to com_articles.php in (1) components/ or (2) classes/html/. | |||||
| CVE-2007-2090 | 1 Tumusika Evolution | 1 Tumusika Evolution | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in TuMusika Evolution 1.6 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
| CVE-2007-2093 | 1 Limesoft | 1 Limesoft Guestbook | 2018-10-16 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook) 1.0 allows remote attackers to inject arbitrary PHP code into posts.txt via the message parameter. | |||||
| CVE-2007-2095 | 1 Myspeach | 1 Myspeach | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in chat.php in MySpeach 1.9 allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter, a different vector than CVE-2007-0498. | |||||
| CVE-2007-2096 | 1 Hinton Design | 1 Phphd Download System | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in common.php in Hinton Design PHPHD Download System (phphd_downloads) allows remote attackers to execute arbitrary PHP code via a URL in the phphd_real_path parameter. NOTE: this issue may be present in versions from 2006. | |||||
| CVE-2007-2097 | 1 Openconcept | 1 Back-end Cms | 2018-10-16 | 7.5 HIGH | N/A |
| ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in OpenConcept Back-End CMS 0.4.7 allow remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter to (1) click.php or (2) pollcollector.php in htdocs/; or (3) index.php, (4) articlepages.php, (5) articles.php, (6) articleform.php, (7) articlesections.php, (8) createArticlesPage.php, (9) guestbook.php, (10) helpguide.php, (11) helpguideeditor.php, (12) links.php, (13) upload.php, (14) sitestatistics.php, (15) nav.php, (16) tpl_upload.php, (17) linksections, or (18) pophelp.php in htdocs/site-admin/; different vectors than CVE-2006-5076. NOTE: this issue is disputed by a third party, who states that $includes_path is defined before use. | |||||
| CVE-2007-2098 | 1 Wabbit | 1 Wabbit Php Gallery | 2018-10-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in showpic.php in Wabbit PHP Gallery 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) pic and (2) gal parameters. | |||||
| CVE-2007-2099 | 1 Openconcept | 1 Back-end Cms | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in htdocs/php.php in OpenConcept Back-End CMS 0.4.7 allows remote attackers to inject arbitrary web script or HTML via the page[] parameter. | |||||
| CVE-2007-2100 | 1 Fac Guestbook | 1 Fac Guestbook | 2018-10-16 | 10.0 HIGH | N/A |
| FAC Guestbook 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/Gdb.mdb. | |||||
| CVE-2007-2102 | 1 My Little Homepage | 1 My Little Weblog | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vector than CVE-2006-6087. | |||||
| CVE-2007-2103 | 1 My Little Homepage | 1 My Little Forum | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in my little forum 1.7 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) admin.php and (2) timedifference.php. | |||||
| CVE-2007-2104 | 1 Ixon Cms | 1 Ixon Cms | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in iXon CMS 0.30 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme_url parameter to (1) index.php, (2) page.php, (3) search.php, (4) single.php, and (5) archives.php. | |||||
| CVE-2007-2105 | 1 Monkey Cms | 1 Monkey Cms | 2018-10-16 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in admin/index.php in Monkey CMS 0.0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the admin_skin parameter. | |||||
| CVE-2007-2106 | 1 Kai Content Management System | 1 Kai Content Management System | 2018-10-16 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in Kai Content Management System (K-CMS) 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the current_theme parameter. | |||||
| CVE-2007-2108 | 2 Microsoft, Oracle | 2 Windows, Database Server | 2018-10-16 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote attackers to have an unknown impact, aka DB01. NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue occurs because the NTLM SSPI AcceptSecurityContext function grants privileges based on the username provided even though all users are authenticated as Guest, which allows remote attackers to gain privileges. | |||||
| CVE-2007-2109 | 1 Oracle | 1 Database Server | 2018-10-16 | 6.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) Rules Manager and Expression Filter components (DB02) and (2) Oracle Streams (DB06). Note: as of 20070424, Oracle has not disputed reliable claims that DB02 is for a race condition in the RLMGR_TRUNCATE_MAINT trigger in the Rules Manager and Expression Filter components changing the AUTHID of a package from DEFINER to CURRENT_USER after a TRUNCATE call, and DB06 is for SQL injection in the DBMS_APPLY_USER_AGENT.SET_REGISTRATION_HANDLER procedure, which is later passed to the DBMS_APPLY_ADM_INTERNAL.ALTER_APPLY procedure, aka "Oracle Streams". | |||||
| CVE-2007-2110 | 2 Microsoft, Oracle | 2 Windows, Database Server | 2018-10-16 | 4.4 MEDIUM | N/A |
| Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB03 occurs because RDBMS uses a NULL Discretionary Access Control List (DACL) for the Oracle process and certain shared memory sections, which allows local users to inject threads and execute arbitrary code via the OpenProcess, OpenThread, and SetThreadContext functions (DB03). | |||||
| CVE-2007-2111 | 1 Oracle | 1 Database Server | 2018-10-16 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 allows remote authenticated users to inject arbitrary SQL commands via unknown vectors, aka DB04. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB04 is actually for multiple vulnerabilities. | |||||
| CVE-2007-1667 | 2 Imagemagick, X.org | 2 Imagemagick, Libx11 | 2018-10-16 | 9.3 HIGH | N/A |
| Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. | |||||
| CVE-2007-1669 | 2 Amavis, Barracuda Networks | 2 Amavis, Barracuda Spam Firewall | 2018-10-16 | 7.8 HIGH | N/A |
| zoo decoder 2.10 (zoo-2.10), as used in multiple products including (1) Barracuda Spam Firewall 3.4 and later with virusdef before 2.0.6399, (2) Spam Firewall before 3.4 20070319 with virusdef before 2.0.6399o, and (3) AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | |||||
| CVE-2007-1670 | 1 Panda | 6 Panda Activescan, Panda Antivirus, Panda Platinum 2006 Internet Security and 3 more | 2018-10-16 | 7.8 HIGH | N/A |
| Panda Software Antivirus before 20070402 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | |||||
| CVE-2007-1671 | 1 Avira | 1 Antivir Personal | 2018-10-16 | 7.8 HIGH | N/A |
| avpack32.dll before 7.3.0.6 in Avira AntiVir allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | |||||
| CVE-2007-1672 | 1 Avast | 1 Avast Antivirus | 2018-10-16 | 7.8 HIGH | N/A |
| avast! antivirus before 4.7.981 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | |||||
| CVE-2007-1673 | 9 Amavis, Avast, Avira and 6 more | 13 Amavis, Avast Antivirus, Avast Antivirus Home and 10 more | 2018-10-16 | 7.8 HIGH | N/A |
| unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | |||||
| CVE-2007-1674 | 1 Landesk | 1 Landesk Management Suite | 2018-10-16 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the Alert Service (aolnsrvr.exe) in LANDesk Management Suite 8.7 allows remote attackers to execute arbitrary code via a crafted packet to port 65535/UDP. | |||||