Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1146 | 1 Delmaa.com | 1 Arabhost | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in function.php in arabhost allows remote attackers to execute arbitrary PHP code via a URL in the adminfolder parameter. | |||||
| CVE-2007-1147 | 1 Hbm | 1 Hbm | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in view.php in hbm allows remote attackers to execute arbitrary PHP code via a URL in the hbmpath parameter. | |||||
| CVE-2007-1148 | 1 Lovecms | 1 Lovecms | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in install/index.php in LoveCMS 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter. | |||||
| CVE-2007-1149 | 1 Lovecms | 1 Lovecms | 2018-10-16 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the step parameter to install/index.php or (2) the load parameter to the top-level URI. | |||||
| CVE-2007-1150 | 1 Lovecms | 1 Lovecms | 2018-10-16 | 3.6 LOW | N/A |
| Unrestricted file upload vulnerability in LoveCMS 1.4 allows remote authenticated administrators to upload arbitrary files to /modules/content/pictures/tmp/. | |||||
| CVE-2007-1151 | 1 Lovecms | 1 Lovecms | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in LoveCMS 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter to the top-level URI, possibly related to a SQL error. | |||||
| CVE-2007-1154 | 1 Webspell | 1 Webspell | 2018-10-16 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in webSPELL allows remote attackers to execute arbitrary SQL commands via a ws_auth cookie, a different vulnerability than CVE-2006-4782. | |||||
| CVE-2007-1155 | 1 Webspell | 1 Webspell | 2018-10-16 | 4.6 MEDIUM | N/A |
| Unrestricted file upload vulnerability in webSPELL allows remote authenticated administrators to upload and execute arbitrary PHP code via the add squad feature. NOTE: this issue may be an administrative feature, in which case this CVE may be REJECTED. | |||||
| CVE-2007-1156 | 1 Man Machine Systems | 1 Jbrowser | 2018-10-16 | 7.5 HIGH | N/A |
| JBrowser allows remote attackers to bypass authentication and access certain administrative capabilities via a direct request for _admin/. | |||||
| CVE-2007-1157 | 1 Jboss | 1 Jboss | 2018-10-16 | 7.6 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733. | |||||
| CVE-2007-1158 | 1 Postnuke Software Foundation | 1 Pagesetter | 2018-10-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 through 6.3.0 beta 5 module for PostNuke allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. | |||||
| CVE-2007-1160 | 1 Webspell | 1 Webspell | 2018-10-16 | 10.0 HIGH | N/A |
| webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782. | |||||
| CVE-2007-1161 | 1 Call Center Software | 1 Call Center Software | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in call_entry.php in Call Center Software 0,93 allows remote attackers to inject arbitrary web script or HTML via the problem_desc parameter, as demonstrated by the ONLOAD attribute of a BODY element. | |||||
| CVE-2007-1164 | 1 Dbscripts | 1 Dbimagegallery | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DBImageGallery 1.2.2 allow remote attackers to execute arbitrary PHP code via a URL in the donsimg_base_path parameter to (1) attributes.php, (2) images.php, or (3) scan.php in admin/; or (4) attributes.php, (5) db_utils.php, (6) images.php, (7) utils.php, or (8) values.php in includes/. | |||||
| CVE-2007-0876 | 1 Qdig | 1 Qdig | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Quick Digital Image Gallery (Qdig) 1.2.9.3 and devel-20060624 allows remote attackers to inject arbitrary web script or HTML via the Qwd parameter to the top-level URI. | |||||
| CVE-2007-0880 | 1 Capital Request Forms | 1 Capital Request Forms | 2018-10-16 | 7.8 HIGH | N/A |
| Capital Request Forms stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for inc/common_db.inc. | |||||
| CVE-2007-0883 | 1 Second Rule Llc | 1 Ip3 Netaccess | 2018-10-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in portalgroups/portalgroups/getfile.cgi in IP3 NetAccess before firmware 4.1.9.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | |||||
| CVE-2007-0885 | 1 Rainbow Portal | 2 Rainbow.zen, Rainbow With The Zen | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2007-0888 | 1 Kiwi Enterprises | 1 Kiwi Cattools | 2018-10-16 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET or (2) PUT command. | |||||
| CVE-2007-0889 | 1 Kiwi Enterprises | 1 Kiwi Cattools | 2018-10-16 | 4.6 MEDIUM | N/A |
| Kiwi CatTools before 3.2.0 beta uses weak encryption ("reversible encoding") for passwords, account names, and IP addresses in kiwidb-cattools.kdb, which might allow local users to gain sensitive information by decrypting the file. NOTE: this issue could be leveraged with a directory traversal vulnerability for a remote attack vector. | |||||
| CVE-2007-0890 | 1 Cpanel | 1 Webhost Manager | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPanel WebHost Manager (WHM) 11.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the password parameter. | |||||
| CVE-2007-0891 | 1 Matthieu Aubry | 1 Phpmyvisites | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the GetCurrentCompletePath function in phpmyvisites.php in phpMyVisites before 2.2 allows remote attackers to inject arbitrary web script or HTML via the query string. | |||||
| CVE-2007-0892 | 1 Matthieu Aubry | 1 Phpmyvisites | 2018-10-16 | 7.5 HIGH | N/A |
| CRLF injection vulnerability in phpMyVisites before 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the url parameter, when the pagename parameter begins with "FILE:". | |||||
| CVE-2007-0893 | 1 Matthieu Aubry | 1 Phpmyvisites | 2018-10-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in phpMyVisites before 2.2 allows remote attackers to include arbitrary files via leading ".." sequences on the pmv_ck_view COOKIE parameter, which bypasses the protection scheme. | |||||
| CVE-2007-0894 | 1 Mediawiki | 1 Mediawiki | 2018-10-16 | 5.0 MEDIUM | N/A |
| MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the installation path in the resulting error message. | |||||
| CVE-2007-0911 | 1 Php | 1 Php | 2018-10-16 | 7.8 HIGH | N/A |
| Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash). | |||||
| CVE-2007-0912 | 1 Jportal | 1 Jportal Web Server | 2018-10-16 | 9.3 HIGH | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php in Jportal 2.3.1, and possibly earlier, allows remote attackers to perform privileged actions as administrators by tricking the admin into accessing a URL with modified arguments to admin/admin.adm.php. | |||||
| CVE-2007-0919 | 1 Nickolas Grigoriadis | 1 Mini Web Server | 2018-10-16 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in Nickolas Grigoriadis Mini Web server (MiniWebsvr) 0.0.6 allows remote attackers to list the directory immediately above the web root via a ..%00 sequence in the URI. | |||||
| CVE-2007-0921 | 1 Radical Technologies | 1 Portal Search | 2018-10-16 | 9.4 HIGH | N/A |
| Portal Search allows remote attackers to redirect a URL to an arbitrary web site by placing the URL in the query string to the top-level URI. | |||||
| CVE-2007-0922 | 1 Radical Technologies | 1 Portal Search | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in buscador/buscador.htm in Portal Search allows remote attackers to inject arbitrary web script or HTML via the query string. | |||||
| CVE-2007-0923 | 1 Radical Technologies | 1 Portal Search | 2018-10-16 | 7.8 HIGH | N/A |
| buscador/buscador.htm in Portal Search allows remote attackers to obtain sensitive information (business logic) via a query string composed of a search for certain characters. | |||||
| CVE-2007-0924 | 1 Till Gerken | 1 Phppolls | 2018-10-16 | 7.5 HIGH | N/A |
| Till Gerken phpPolls 1.0.3 allows remote attackers to bypass authentication and perform certain administrative actions via a direct request to phpPollAdmin.php3. NOTE: this issue might subsume CVE-2006-3764. | |||||
| CVE-2007-0925 | 1 Communityserver.org | 1 Community Server | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search/SearchResults.aspx in Community Server allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2007-0926 | 1 Kvguestbook | 1 Kvguestbook | 2018-10-16 | 7.5 HIGH | N/A |
| The dologin function in guestbook.php in KvGuestbook 1.0 Beta allows remote attackers to gain administrative privileges, probably via modified $mysql['pass'] and $gbpass variables. | |||||
| CVE-2007-0927 | 1 Utorrent | 1 Utorrent | 2018-10-16 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in uTorrent 1.6 allows remote attackers to execute arbitrary code via a torrent file with a crafted announce header. | |||||
| CVE-2007-0928 | 1 Virtual Calendar | 1 Virtual Calendar | 2018-10-16 | 5.0 MEDIUM | N/A |
| Virtual Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an encoded password via a direct request for pwd.txt. | |||||
| CVE-2007-0929 | 1 Guillaume Fontaine | 1 Php Rrd Browser | 2018-10-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in php rrd browser before 0.2.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter. | |||||
| CVE-2007-0931 | 2 Alcatel-lucent, Aruba | 2 Omniaccess Wireless, Mobility Controller | 2018-10-16 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the management interfaces in (1) Aruba Mobility Controllers 200, 800, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via long credential strings. | |||||
| CVE-2007-0932 | 2 Alcatel-lucent, Aruba | 2 Omniaccess Wireless, Mobility Controller | 2018-10-16 | 7.5 HIGH | N/A |
| The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 do not properly implement authentication and privilege assignment for the guest account, which allows remote attackers to access administrative interfaces or the WLAN. | |||||
| CVE-2007-0934 | 1 Microsoft | 1 Visio | 2018-10-16 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption. | |||||
| CVE-2007-0936 | 1 Microsoft | 2 Office, Visio | 2018-10-16 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability." | |||||
| CVE-2007-0938 | 1 Microsoft | 1 Content Management Server | 2018-10-16 | 10.0 HIGH | N/A |
| Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability." | |||||
| CVE-2007-0939 | 1 Microsoft | 1 Content Management Server | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability." | |||||
| CVE-2007-0940 | 1 Microsoft | 2 Biztalk Server, Capicom | 2018-10-16 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability." | |||||
| CVE-2007-0950 | 1 Fullaspsite | 1 Asp Hosting Site | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | |||||
| CVE-2007-0951 | 1 Fullaspsite | 1 Asp Hosting Site | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2007-0969 | 1 Webtester | 1 Webtester | 2018-10-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to POST parameters to multiple files. | |||||
| CVE-2007-0970 | 1 Webtester | 1 Webtester | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to execute arbitrary SQL commands via the testID parameter to directions.php, and unspecified parameters to other files that accept GET or POST input. | |||||
| CVE-2007-0971 | 1 Jupiter Cms | 1 Jupiter Cms | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and certain other HTTP headers, which set the ip variable that is used in SQL queries performed by index.php and certain other PHP scripts. NOTE: the attack vector might involve _SERVER. | |||||
| CVE-2007-0972 | 1 Jupiter Cms | 1 Jupiter Cms | 2018-10-16 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in modules/emoticons.php in Jupiter CMS 1.1.5 allows remote attackers to upload arbitrary files by modifying the HTTP request to send an image content type, and to omit is_guest and is_user parameters. NOTE: this issue might be related to CVE-2006-4875. | |||||