Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0091 | 1 Katy Whitton Web Development | 1 Newscmslite | 2017-10-19 | 7.5 HIGH | N/A |
| newsCMSlite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for newsCMS.mdb. | |||||
| CVE-2007-0092 | 1 E-smart Cart | 1 E-smart Cart | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter. | |||||
| CVE-2007-0098 | 1 Verliadmin | 1 Verliadmin | 2017-10-19 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php. | |||||
| CVE-2007-0120 | 1 Acunetix | 1 Web Vulnerability Scanner | 2017-10-19 | 1.9 LOW | N/A |
| Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and earlier allows remote attackers to cause a denial of service (application crash) via multiple HTTP requests containing invalid Content-Length values. | |||||
| CVE-2007-0128 | 1 Digiappz | 1 Digirez | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in info_book.asp in Digirez 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the book_id parameter. | |||||
| CVE-2007-0129 | 1 Locazo | 1 Locazolist Classifieds | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in main.asp in LocazoList 2.01a beta5 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatID parameter. | |||||
| CVE-2007-0135 | 1 Aratix | 1 Aratix | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix 0.2.2 beta 11 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the current_path parameter. | |||||
| CVE-2007-0144 | 1 Digitizing Quote And Ordering System | 1 Digitizing Quote And Ordering System | 2017-10-19 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the ordernum parameter. | |||||
| CVE-2007-0170 | 1 Allmyphp | 1 Allmyvisitors | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in AllMyVisitors 0.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the AMV_serverpath parameter. | |||||
| CVE-2007-0171 | 1 Voice Of Web | 1 Allmylinks | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in AllMyLinks 0.5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AML_opensite parameter. | |||||
| CVE-2007-0172 | 1 Voice Of Web | 1 Allmyguests | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the AMG_serverpath parameter to (1) comments.php and (2) signin.php; and possibly via a URL in unspecified parameters to (3) include/submit.inc.php, (4) admin/index.php, (5) include/cm_submit.inc.php, and (6) index.php. | |||||
| CVE-2007-0173 | 1 L2j | 1 Statistik Script | 2017-10-19 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php. | |||||
| CVE-2007-0196 | 1 Motionborg | 1 Motionborg Web Real Estate | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin_check_user.asp in Motionborg Web Real Estate 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (txtUserName parameter) and possibly other parameters. NOTE: some details were obtained from third party information. | |||||
| CVE-2007-0200 | 1 Geoffrey Golliher | 1 Axiom Photo News Gallery | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in template.php in Geoffrey Golliher Axiom Photo/News Gallery (axiompng) 0.8.6 allows remote attackers to execute arbitrary PHP code via a URL in the baseAxiomPath parameter. | |||||
| CVE-2007-0224 | 1 Virtual Programming | 1 Vp-asp | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginLastname parameter. | |||||
| CVE-2007-0225 | 1 Virtual Programming | 1 Vp-asp | 2017-10-19 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
| CVE-2007-0233 | 1 Wordpress | 1 Wordpress | 2017-10-19 | 7.5 HIGH | N/A |
| wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the tb_id parameter. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in WordPress. | |||||
| CVE-2007-0261 | 1 Snews | 1 Snews | 2017-10-19 | 10.0 HIGH | N/A |
| snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter. | |||||
| CVE-2007-0300 | 1 Tlm Cms | 1 Tlm Cms | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in i-accueil.php in TLM CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. | |||||
| CVE-2007-0301 | 1 Fdweb | 1 Espace Membre | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in _admin/admin_menu.php in FdWeB Espace Membre 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||
| CVE-2007-0304 | 1 Mint | 1 Haber Sistemi | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in duyuru.asp in MiNT Haber Sistemi 2.7 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0306 | 1 Digiappz | 1 Digiaffiliate | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in visu_user.asp in Digiappz DigiAffiliate 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0307 | 1 Poplar Gedcom Viewer | 1 Poplar Gedcom Viewer | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/common.php in Poplar Gedcom Viewer 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[rootPath] parameter. | |||||
| CVE-2007-0311 | 1 Texas Imperial Software | 2 Wftpd, Wftpd Pro Server | 2017-10-19 | 5.0 MEDIUM | N/A |
| Texas Imperial Software WFTPD and WFTPD Pro Server 3.25 and earlier allow remote attackers to cause a denial of service (application crash) via a long SITE ADMIN command. | |||||
| CVE-2007-0314 | 1 Article System | 1 Article System | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Article System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_DIR parameter to (1) forms.php, (2) issue_edit.php, (3) client.php, and (4) classes.php. | |||||
| CVE-2007-0329 | 1 Joonas Viljanen | 1 Jv2 Folder Gallery | 2017-10-19 | 5.0 MEDIUM | N/A |
| download.php in Joonas Viljanen JV2 Folder Gallery allows remote attackers to read sensitive files via a relative pathname in the file parameter, as demonstrated by config/gallerysetup.php. NOTE: this issue might be resultant from a directory traversal vulnerability. | |||||
| CVE-2007-0337 | 1 Kgb | 1 Kgb | 2017-10-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in sesskglogadmin.php in KGB 1.9 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skinnn parameter, as demonstrated by invoking kg.php with a postek parameter containing PHP code, which is injected into a file in the kg directory, and then included by sesskglogadmin.php. | |||||
| CVE-2007-0338 | 1 Bolintech | 1 Dreamftp Server | 2017-10-19 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Dream FTP Server allows remote attackers to execute arbitrary code via a USER command with a large number of format string specifiers, which triggers the overflow during processing of the Server Log. | |||||
| CVE-2007-0340 | 1 Thwboard | 1 Thwboard | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in inc/header.inc.php in ThWboard 3.0b2.84-php5 and earlier allows remote attackers to execute arbitrary SQL commands via the board[styleid] parameter to index.php. | |||||
| CVE-2007-0344 | 1 Colloquy | 1 Colloquy | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in (1) _invitedToRoom: and (2) _invitedToDirectChat: in Colloquy 2.1 and earlier allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the channel name of an INVITE request, related to the implementation of AlertSheet and AlertPanel in Apple AppKit. | |||||
| CVE-2007-0345 | 1 Apple | 1 Mac Os X | 2017-10-19 | 6.8 MEDIUM | N/A |
| The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain Access.app/Contents/Resources/kcproxy, and (3) ODBC Administrator.app/Contents/Resources/iodbcadmintool programs in /Applications/Utilities/ in Mac OS X 10.4.8 have weak permissions (writable by admin group), which allows local admin users to gain root privileges by modifying a program and then performing permissions repair via diskutil. | |||||
| CVE-2007-0354 | 1 Mgb | 1 Opensource Guestbook | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in email.php in MGB OpenSource Guestbook 0.5.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0355 | 1 Apple | 2 Mac Os X, Minimal Slp Service Agent | 2017-10-19 | 7.2 HIGH | N/A |
| Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in Mac OS X 10.4.11 and earlier, including 10.4.8, allows local users, and possibly remote attackers, to gain privileges and possibly execute arbitrary code via a registration request with an invalid attr-list field. | |||||
| CVE-2007-0356 | 2 Common Controls Replacement Project, Microsoft | 2 Foldertreeview Activex Control, Ie | 2017-10-19 | 5.0 MEDIUM | N/A |
| The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6.ocx) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP.RootFolder property value. | |||||
| CVE-2007-0359 | 1 Uberghey | 1 Cms | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in frontpage.php in Uberghey CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter. | |||||
| CVE-2007-0361 | 1 Comscripts | 1 Phpmyphorum | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in mep/frame.php in PHPMyphorum 1.5a allows remote attackers to execute arbitrary PHP code via a URL in the chem parameter. | |||||
| CVE-2007-0368 | 1 Michiel Broek | 1 Mbse-bbs | 2017-10-19 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in mbse-bbs 0.70 and earlier allows local users to execute arbitrary code via a long string in the MBSE_ROOT environment variable. | |||||
| CVE-2007-0369 | 1 Phpbp | 1 Phpbp | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in phpBP RC3 (2.204) and earlier allows remote attackers to execute arbitrary SQL commands via the comment forum. | |||||
| CVE-2007-0370 | 1 Phpbp | 1 Phpbp | 2017-10-19 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in index.php in phpBP RC3 (2.204) and earlier allows remote administrators to inject arbitrary PHP code into an upload/banners/ file via a banners add operation that uploads the PHP code through an image_form parameter specifying a multiple-extension filename such as .jpg.vil.gif.php, which is stored in upload/banners/ under a different name, and executable via a direct request. NOTE: a separate SQL injection issue could be leveraged to make this vulnerability reachable by remote unauthenticated attackers. | |||||
| CVE-2007-0371 | 1 Common Controls Replacement Project | 1 Browsedialog Server | 2017-10-19 | 4.3 MEDIUM | N/A |
| A certain ActiveX control in the Common Controls Replacement Project (CCRP) CCRP BrowseDialog Server (ccrpbds6.dll) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP_BDc.SelectedFolder property value. | |||||
| CVE-2007-0388 | 1 Woltlab | 1 Burning Board | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in Woltlab Burning Board (wBB) 1.0.2 and earlier, and 2.3.6 and earlier in the 2.x series, allows remote attackers to execute arbitrary SQL commands via the boardids[1] and other boardids[] parameters. | |||||
| CVE-2007-0395 | 1 Comvironment | 1 Comvironment | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in libraries/grab_globals.lib.php in ComVironment 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter. | |||||
| CVE-2007-0429 | 1 Divx | 1 Divx Player | 2017-10-19 | 5.0 MEDIUM | N/A |
| DivXBrowserPlugin (aka DivX Web Player) npdivx32.dll, as distributed with DivX Player 6.4.1, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the GoWindowed method for a certain instance of the ActiveX object. | |||||
| CVE-2007-0489 | 1 Visohotlink | 1 Visohotlink | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/functions.visohotlink.php in VisoHotlink 1.01 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2007-0495 | 1 Phpsherpa | 1 Phpsherpa | 2017-10-19 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/config.inc.php in PhpSherpa allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter. | |||||
| CVE-2007-0496 | 1 Neon Labs | 1 Neon Labs Website | 2017-10-19 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the g_strRootDir parameter. | |||||
| CVE-2007-0498 | 1 Sky Gunning | 1 Myspeach | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter. | |||||
| CVE-2013-6355 | 2017-10-18 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6355. Reason: This candidate is a duplicate of CVE-2014-6355. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-6355 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2014-9017 | 1 Openkm | 1 Openkm | 2017-10-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 (build 23338) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field in a Task to frontend/index.jsp. | |||||
| CVE-2001-1564 | 1 Hp | 1 Hp-ux | 2017-10-12 | 2.1 LOW | N/A |
| setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11 does not properly enforce core file size on processes after setuid or setgid privileges are dropped, which could allow local users to cause a denial of service by exhausting available disk space. | |||||