Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0497 | 1 Upload-service | 1 Upload-service | 2018-10-16 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in upload/top.php in Upload-Service 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the maindir parameter. | |||||
| CVE-2007-0517 | 1 Scriptsez | 1 Random Php Quote | 2018-10-16 | 7.5 HIGH | N/A |
| Scriptsez Random PHP Quote 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password information via a direct request for pwd.txt. | |||||
| CVE-2007-0518 | 1 Scriptsez | 1 Smart Php Subscriber | 2018-10-16 | 7.5 HIGH | N/A |
| Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain encoded passwords via a direct request for pwd.txt. | |||||
| CVE-2007-0520 | 1 Unique Ads | 1 Unique Ads | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x allows remote attackers to execute arbitrary SQL commands via the bid parameter. | |||||
| CVE-2007-0521 | 1 Sony Ericsson | 2 K700i, W810i | 2018-10-16 | 3.3 LOW | N/A |
| The Sony Ericsson K700i and W810i phones allow remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push. | |||||
| CVE-2007-0522 | 1 Motorola | 1 Motorazr | 2018-10-16 | 3.3 LOW | N/A |
| The Motorola MOTORAZR V3 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push. | |||||
| CVE-2007-0523 | 1 Nokia | 1 N70 | 2018-10-16 | 3.3 LOW | N/A |
| The Nokia N70 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push. | |||||
| CVE-2007-0524 | 1 Lg Electronics | 1 Chocolate Kg800 | 2018-10-16 | 2.9 LOW | N/A |
| The LG Chocolate KG800 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push. | |||||
| CVE-2007-0526 | 1 Bitweaver | 1 Bitweaver | 2018-10-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the URL (PATH_INFO) to (1) articles/edit.php, (2) articles/list.php, (3) blogs/list_blogs.php, or (4) blogs/rankings.php. | |||||
| CVE-2007-0527 | 1 Website Baker | 1 Website Baker | 2018-10-16 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the is_remembered function in class.login.php in Website Baker 2.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the REMEMBER_KEY cookie parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0528 | 1 Centrality Communications | 1 Pa168 Chipset | 2018-10-16 | 9.0 HIGH | N/A |
| The admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to existing superuser sessions and obtain sensitive information (passwords and configuration data). | |||||
| CVE-2007-0529 | 1 Php Link Directory | 1 Php Link Directory | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.html (aka the administration page) in PHP Link Directory (phpLD) 3.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted link, which is triggered when the administrator uses the "Validate Links" functionality. | |||||
| CVE-2007-0530 | 1 Advanced Guestbook | 1 Advanced Guestbook | 2018-10-16 | 7.5 HIGH | N/A |
| ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Advanced Guestbook 2.4.2 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) index.php, (2) addentry.php, or (3) picture.php, a different set of vectors than CVE-2006-5804. NOTE: this issue has been disputed by third party researchers, stating that the include_path variable is instantiated before use. | |||||
| CVE-2007-0532 | 1 Tuan Do | 1 Uploader | 2018-10-16 | 5.0 MEDIUM | N/A |
| Tuan Do Uploader (aka php-uploader) 6 beta 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrator password hash via a direct request for userdata/user_1.txt. | |||||
| CVE-2007-0533 | 1 Atozed Software | 1 Intraweb Component | 2018-10-16 | 5.0 MEDIUM | N/A |
| The AToZed IntraWeb component 8.0 and earlier for Borland Delphi and Kylix, and IntraWeb 9.0 before build (9.0.12), allows remote attackers to cause a denial of service (thread hang or CPU consumption) via a crafted HTTP request, related to the OnBeforeDispatch function in the TIWServerController object. | |||||
| CVE-2007-0537 | 1 Kde | 1 Konqueror | 2018-10-16 | 2.6 LOW | N/A |
| The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478. | |||||
| CVE-2007-0538 | 1 Telligent Systems | 1 Community Server Forums | 2018-10-16 | 5.0 MEDIUM | N/A |
| Telligent Community Server 2.1 and earlier allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to (1) a large file, which triggers a long download session without a timeout constraint; or (2) a file with a binary content type, which is downloaded even though it cannot contain usable pingback data. | |||||
| CVE-2007-0539 | 1 Wordpress | 1 Wordpress | 2018-10-16 | 7.8 HIGH | N/A |
| The wp_remote_fopen function in WordPress before 2.1 allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a large file, which triggers a long download session without a timeout constraint. | |||||
| CVE-2007-0540 | 1 Wordpress | 1 Wordpress | 2018-10-16 | 5.0 MEDIUM | N/A |
| WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, which is downloaded even though it cannot contain usable pingback data. | |||||
| CVE-2007-0541 | 1 Wordpress | 1 Wordpress | 2018-10-16 | 5.0 MEDIUM | N/A |
| WordPress allows remote attackers to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes for existing and non-existing files, and in certain configurations causes a brief file excerpt to be published as a blog comment. | |||||
| CVE-2007-0542 | 1 212cafe | 1 Guestbook | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in show.php in 212cafe Guestbook 4.00 beta allows remote attackers to inject arbitrary web script or HTML via the user parameter. | |||||
| CVE-2007-0543 | 1 Zixforum | 1 Zixforum | 2018-10-16 | 9.4 HIGH | N/A |
| ZixForum 1.14 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for Zixforum.mdb. NOTE: a followup post suggests that this issue only occurs if the administrator does not properly follow installation directions. | |||||
| CVE-2007-0544 | 1 Mybb | 1 Mybb | 2018-10-16 | 6.0 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949. | |||||
| CVE-2007-0545 | 1 Maxtricity | 1 Tagger | 2018-10-16 | 7.8 HIGH | N/A |
| Maxtricity Tagger 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for tagger.mdb. | |||||
| CVE-2007-0546 | 1 Toxiclab | 1 Shoutbox | 2018-10-16 | 7.8 HIGH | N/A |
| Toxiclab Shoutbox 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db.mdb. | |||||
| CVE-2007-0549 | 1 212cafe | 1 212cafeboard | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in list3.php in 212cafeBoard 6.30 Beta allows remote attackers to inject arbitrary web script or HTML via the user parameter. | |||||
| CVE-2007-0550 | 1 212cafe | 1 212cafeboard | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in 212cafeBoard 0.08 Beta allows remote attackers to inject arbitrary web script or HTML via keyword parameter. | |||||
| CVE-2007-0551 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php in CMSimple 2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pth[file][config] and (2) pth[file][image] parameters. | |||||
| CVE-2007-0554 | 1 Guo Xu Guos Posting System | 1 Guo Xu Guos Posting System | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in print.asp in Guo Xu Guos Posting System (GPS) 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0555 | 1 Postgresql | 1 Postgresql | 2018-10-16 | 8.5 HIGH | N/A |
| PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content. | |||||
| CVE-2007-0556 | 1 Postgresql | 1 Postgresql | 2018-10-16 | 6.6 MEDIUM | N/A |
| The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server. | |||||
| CVE-2007-0560 | 1 Asp Edge | 1 Asp Edge | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in user.asp in ASP EDGE 1.2b and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter. | |||||
| CVE-2007-0561 | 1 Xero Portal | 1 Xero Portal | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Xero Portal 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) admin_linkdb.php, (2) admin_forum_prune.php, (3) admin_extensions.php, (4) admin_board.php, (5) admin_attachments.php, or (6) admin_users.php in admin/. | |||||
| CVE-2007-0566 | 1 Asp News | 1 Asp News | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news_detail.asp in ASP NEWS 3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0567 | 1 Interactive-scripts.com | 1 Php Membership Manager | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin.php in Interactive-Scripts.Com PHP Membership Manager 1.5 allows remote attackers to inject arbitrary web script or HTML via the _p parameter. | |||||
| CVE-2007-0575 | 1 Stefan Holmberg | 1 Admentor | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the administrative login page (admin/login.asp) in ASPCode.net AdMentor allow remote attackers to execute arbitrary SQL commands via the (1) Userid and (2) Password fields. | |||||
| CVE-2007-0581 | 1 Eclipsebb | 1 Eclipsebb | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in functions.php in EclipseBB 0.5.0 Lite allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-0584 | 1 G-neric | 1 Php Generic Library And Framework | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in membres/membreManager.php in PhP Generic Library & Framework for comm (g-neric) allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. | |||||
| CVE-2007-0592 | 1 Indexcor | 1 Ezdatabase | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in EzDatabase 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to admin/login.php and the Admin Panel Database. | |||||
| CVE-2007-0593 | 1 Siteman | 1 Siteman | 2018-10-16 | 5.0 MEDIUM | N/A |
| Siteman 1.1.11 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for data/members.txt. | |||||
| CVE-2007-0594 | 1 Siteman | 1 Siteman | 2018-10-16 | 5.0 MEDIUM | N/A |
| Siteman 2.0.x2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for db/siteman/users.MYD. | |||||
| CVE-2007-0595 | 1 Designmind | 1 High5 Review Script | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search in High 5 Review Site allows remote attackers to inject arbitrary web script or HTML via the q parameter (aka the search box). | |||||
| CVE-2007-0596 | 1 Aztek Forum | 1 Aztek Forum | 2018-10-16 | 6.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index/main.php in Aztek Forum 4.00 allows remote authenticated administrators to execute arbitrary PHP code via a URL in the PF[top_url] parameter. | |||||
| CVE-2007-0597 | 1 Aztek Forum | 1 Aztek Forum | 2018-10-16 | 5.0 MEDIUM | N/A |
| Aztek Forum 4.00 allows remote attackers to obtain sensitive information via a direct request to forum.php with the fid=XD query string, which reveals the path in an error message. | |||||
| CVE-2007-0598 | 1 Aztek Forum | 1 Aztek Forum | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forum/load.php in Aztek Forum 4.00 allows remote attackers to execute arbitrary SQL commands via the fid cookie to forum.php. | |||||
| CVE-2007-0599 | 1 Aztek Forum | 1 Aztek Forum | 2018-10-16 | 7.5 HIGH | N/A |
| Variable overwrite vulnerability in common/config.php in Aztek Forum 4.00 allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as copying arbitrary files using index/common_actions.php, via vectors associated with extract operations on the (1) POST, (2) GET, (3) COOKIE, and (4) SERVER superglobal arrays. | |||||
| CVE-2007-0600 | 2 Makit, Martyn Kilbryde | 2 Newsposter Script, Newsposter Script | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news_page.asp in Martyn Kilbryde Newsposter Script (aka makit news/blog poster) 3 and earlier allows remote attackers to execute arbitrary SQL commands via the uid parameter. | |||||
| CVE-2007-0601 | 1 Aztek Forum | 1 Aztek Forum | 2018-10-16 | 7.5 HIGH | N/A |
| common/safety.php in Aztek Forum 4.00 allows remote attackers to enter certain data containing %22 sequences (URL encoded double quotes) and other potentially dangerous manipulations by sending a cookie, which bypasses the blacklist matching against the GET and PUT superglobal arrays. | |||||
| CVE-2007-0602 | 1 Trend Micro | 1 Viruswall | 2018-10-16 | 6.9 MEDIUM | N/A |
| Buffer overflow in libvsapi.so in the VSAPI library in Trend Micro VirusWall 3.81 for Linux, as used by IScan.BASE/vscan, allows local users to gain privileges via a long command line argument, a different vulnerability than CVE-2005-0533. | |||||
| CVE-2007-0603 | 1 Pgp | 1 Corporate Desktop | 2018-10-16 | 7.1 HIGH | N/A |
| PGP Desktop before 9.5.1 does not validate data objects received over the (1) \pipe\pgpserv named pipe for PGPServ.exe or the (2) \pipe\pgpsdkserv named pipe for PGPsdkServ.exe, which allows remote authenticated users to gain privileges by sending a data object representing an absolute pointer, which causes code execution at the corresponding address. | |||||