Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1983 | 1 Cyboards | 1 Cyboards Php Lite | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/default_header.php in Cyboards PHP Lite 1.21 allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter, a different vector than CVE-2006-2871. | |||||
| CVE-2007-1986 | 1 Barnraiser | 1 Aroundme | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in barnraiser AROUNDMe 0.7.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_path_core parameter to inc/core_profile.header.php, the (2) template_path_core parameter to template/barnraiser_01/maint_contact_view.tpl.php, and the (3) template_path parameter to template/barnraiser_01/default.tpl.php. NOTE: this issue might overlap CVE-2006-5533. | |||||
| CVE-2007-1992 | 1 Mamboxchange | 1 Com Zoom | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the com_zoom 2.5 beta 2 and earlier module for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) EXIF_Makernote.php or (2) EXIF.php in classes/iptc/. | |||||
| CVE-2007-1993 | 1 Hp | 1 Hp-ux | 2017-10-11 | 9.3 HIGH | N/A |
| Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File System (PFS) in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to execute arbitrary code by sending "a call to procedure 5, followed by a crafted payload to procedure 2." | |||||
| CVE-2007-1994 | 1 Hp | 1 Hp-ux | 2017-10-11 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.00 allows local users to cause a denial of service via unknown vectors. NOTE: due to lack of vendor details, it is not clear whether this is the same as CVE-2007-0916. | |||||
| CVE-2007-1995 | 1 Quagga | 1 Quagga | 2017-10-11 | 6.3 MEDIUM | N/A |
| bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read. | |||||
| CVE-2007-1998 | 1 Hiox India | 1 Guest Book | 2017-10-11 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in HIOX Guest Book (HGB) 4.0 allows remote attackers to inject arbitrary PHP code via the Email field, which results in code execution through a direct request to gb.php. | |||||
| CVE-2007-1999 | 1 Nazarkin.name | 1 Weatimages | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Weatimages 1.7.1 and earlier, when weatimages.ini is missing, allows remote attackers to execute arbitrary PHP code via a URL in the ini[langpack] parameter. | |||||
| CVE-2007-2000 | 1 Raphael Limbach | 1 Crea-book | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin/admin.php in Crea-Book 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) pseudo or (2) passe parameter. | |||||
| CVE-2007-2001 | 1 Crea-book | 1 Crea-book | 2017-10-11 | 6.5 MEDIUM | N/A |
| Multiple direct static code injection vulnerabilities in admin/configurer2.php in Crea-Book 1.0 and earlier allow remote authenticated administrators to execute arbitrary PHP code via the "Fond de la page" (background color) field and other unspecified fields, which injects into config.inc.php3. | |||||
| CVE-2007-2002 | 1 Inoutmailinglistmanager | 1 Inoutmailinglistmanager | 2017-10-11 | 6.8 MEDIUM | N/A |
| InoutMailingListManager 3.1 and earlier allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by setting an arbitrary admin cookie. | |||||
| CVE-2007-2003 | 1 Inoutmailinglistmanager | 1 Inoutmailinglistmanager | 2017-10-11 | 6.8 MEDIUM | N/A |
| InoutMailingListManager 3.1 and earlier sends a Location redirect header but does not exit after an authorization check fails, which allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by ignoring the redirect. | |||||
| CVE-2007-2004 | 1 Inoutmailinglistmanager | 1 Inoutmailinglistmanager | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in InoutMailingListManager 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to changename.php and other unspecified vectors. | |||||
| CVE-2007-2005 | 2 Joomla, Mambo | 2 Taskhopper Component, Taskhopper Component | 2017-10-11 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Taskhopper 1.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) contact_type.php, (2) itemstatus_type.php, (3) projectstatus_type.php, (4) request_type.php, (5) responses_type.php, (6) timelog_type.php, or (7) urgency_type.php in inc/. | |||||
| CVE-2007-2022 | 2 Adobe, Opera | 2 Flash Player, Opera Browser | 2017-10-11 | 6.8 MEDIUM | N/A |
| Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet. | |||||
| CVE-2007-2027 | 1 Elinks | 1 Elinks | 2017-10-11 | 4.4 MEDIUM | N/A |
| Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a "../po" directory, which can be leveraged to conduct format string attacks. | |||||
| CVE-2007-2028 | 1 Freeradius | 1 Freeradius | 2017-10-11 | 5.0 MEDIUM | N/A |
| Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures. | |||||
| CVE-2007-2043 | 1 Avant-garde Solutions | 1 Mosmedia | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia (com_mosmedia) 1.08 and earlier module for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) media.tab.php or (2) media.divs.php. | |||||
| CVE-2007-2044 | 1 Antonis Ventouris | 1 Weather Module | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in mod_weather.php in the Antonis Ventouris Weather module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter. | |||||
| CVE-2007-2049 | 1 Mambo | 1 Mambo Calendar | 2017-10-11 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Calendar Module (com_calendar) 1.5.5 for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) com_calendar.php or (2) mod_calendar.php. | |||||
| CVE-2007-2050 | 1 Ricargbook | 1 Ricargbook | 2017-10-11 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in header.php in RicarGBooK 1.2.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) a lang cookie or (2) the language parameter. | |||||
| CVE-2007-2067 | 1 Webslider | 1 Webslider | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Marco Antonio Islas Cruz Web Slider (WebSlider) 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) index.php, (2) modules/pdf.php, (3) plugins/highlight.php, or (4) include/modules.php. | |||||
| CVE-2007-2068 | 1 Storefront For Gallery | 1 Storefront Gallery | 2017-10-11 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the StoreFront mods for Gallery allow remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter to (1) mods/business_functions.php or (2) mods/ui_functions.php. | |||||
| CVE-2007-2069 | 1 Openmairie | 1 Openmairie | 2017-10-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in scr/soustab.php in openMairie 1.11 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dsn[phptype] parameter. | |||||
| CVE-2007-2070 | 1 Turnkey Web Tools | 1 Sunshop Shopping Cart | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart before 3.5.1 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php or (2) checkout.php. | |||||
| CVE-2007-2079 | 1 Xampp | 1 Apache Distribution | 2017-10-11 | 9.3 HIGH | N/A |
| The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer overflow and execute arbitrary code via a long host parameter, or have other unspecified impact. NOTE: it could be argued that this is an issue in mssql_connect (CVE-2007-1411.1) in PHP, or an issue in the ADOdb Library, and the proper fix should be in one of these products; if so, then this should not be treated as a vulnerability in XAMPP. | |||||
| CVE-2007-2080 | 1 Xampp | 1 Apache Distribution | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows allow remote attackers to execute arbitrary SQL commands via unspecified vectors in certain test scripts. | |||||
| CVE-2007-2091 | 1 Tsdisplay4xoops | 1 Tsdisplay4xoops | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in blocks/tsdisplay4xoops_block2.php in tsdisplay4xoops (TSD4XOOPS, aka the TeamSpeak display module) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the xoops_url parameter. | |||||
| CVE-2007-2094 | 1 Anthologia | 1 Anthologia | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Anthologia 0.5.2 allows remote attackers to execute arbitrary PHP code via a URL in the ads_file parameter. | |||||
| CVE-2007-2142 | 1 Ajportal2php | 1 Ajportal2php | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in AjPortal2Php allow remote attackers to execute arbitrary PHP code via a URL in the PagePrefix parameter to (1) begin.inc.php, (2) connection.inc.php, (3) events.inc.php, (4) footer.inc.php, (5) header.inc.php, (6) menuleft.inc.php, or (7) pages.inc.php in includes/. | |||||
| CVE-2007-2143 | 1 Bonoestente | 1 Joomla Template Be2004-2 | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in the Be2004-2 template for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2007-2144 | 1 Joomlapack | 1 Joomlapack | 2017-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/CAltInstaller.php in the JoomlaPack (com_jpack) 1.0.4a2 RE component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2007-2145 | 1 Minigal | 1 Minigal | 2017-10-11 | 7.5 HIGH | N/A |
| The imagecomments function in classes.php in MiniGal b13 allows remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the input parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2154 | 1 Cabron Connector | 1 Cabron Connector | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in services/samples/inclusionService.php in Cabron Connector 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the CabronServiceFolder parameter. | |||||
| CVE-2007-2156 | 1 Rezervi Generic | 1 Rezervi Generic | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Rezervi Generic 0.9 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) datumVonDatumBis.inc.php, (2) footer.inc.php, (3) header.inc.php, and (4) stylesheets.php in templates/; and (5) wochenuebersicht.inc.php, (6) monatsuebersicht.inc.php, (7) jahresuebersicht.inc.php, and (8) tagesuebersicht.inc.php in belegungsplan/. | |||||
| CVE-2007-2157 | 1 Zomplog | 1 Zomplog | 2017-10-11 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in upload/force_download.php in Zomplog 3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2007-2158 | 1 Kooijman-design | 1 Jgallery | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in jGallery 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the G_JGALL[inc_path] parameter. | |||||
| CVE-2007-2166 | 1 Opensurveypilot | 1 Opensurveypilot | 2017-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in administration/user/lib/group.inc.php in OpenSurveyPilot (osp) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfgPathToProjectAdmin parameter. | |||||
| CVE-2007-2167 | 1 Aimstats | 1 Aimstats | 2017-10-11 | 7.5 HIGH | N/A |
| Static code injection vulnerability in process.php in AimStats 3.2 allows remote attackers to inject PHP code into config.php via the number parameter in an update action. | |||||
| CVE-2007-2169 | 1 Mozzers Subsystem | 1 Mozzers Subsystem | 2017-10-11 | 7.5 HIGH | N/A |
| Static code injection vulnerability in add.php in Mozzers SubSystem 1.0 allows remote attackers to inject PHP code into subs.php via the (1) Sub-name or (2) Sub-url field. NOTE: an earlier report indicated that the add action can be reached through a request to index.php. | |||||
| CVE-2007-2181 | 1 Webinsta | 1 Fm Manager | 2017-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin/login.php in Webinsta FM Manager 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter, a different product and vector than CVE-2005-0748. | |||||
| CVE-2007-2182 | 1 Maran | 1 Php Forum | 2017-10-11 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in forum_write.php in Maran PHP Forum allows remote attackers to upload and execute arbitrary PHP files via a trailing %00 in a filename in the page parameter. | |||||
| CVE-2007-2183 | 1 Php-ring | 1 Webring System | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PHP-Ring Webring System (aka uPHP_ring_website) 0.9 allows remote attackers to execute arbitrary SQL commands via the ring parameter. | |||||
| CVE-2007-2184 | 1 Jchit | 1 Counter | 2017-10-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in imgsrv.php in jchit counter 1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the acc parameter. | |||||
| CVE-2007-2185 | 1 Supasite | 1 Supasite | 2017-10-11 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Supasite 1.23b allow remote attackers to execute arbitrary PHP code via a URL in the supa[db_path] parameter to (1) common_functions.php, (2) admin_auth_cookies.php, (3) admin_mods.php, (4) admin_news.php, (5) admin_topics.php, (6) admin_users.php, (7) admin_utilities.php, (8) site_comment.php, or (9) site_news.php; or the supa[include_path] parameter to (10) admin_settings.php or (11) backend_site.php. | |||||
| CVE-2007-2186 | 2 Foxit, Microsoft | 9 Pdf Reader, Windows 2000, Windows 2003 Server and 6 more | 2017-10-11 | 5.0 MEDIUM | N/A |
| Foxit Reader 2.0 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. | |||||
| CVE-2007-2187 | 1 Extremail | 1 Extremail | 2017-10-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in eXtremail 2.1.1 and earlier allows remote attackers to execute arbitrary code via a long DNS response. NOTE: this might be related to CVE-2006-6926. | |||||
| CVE-2007-2189 | 1 Mx Smartor | 1 Full Album Pack | 2017-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin/admin_album_otf.php in the MX Smartor Full Album Pack (FAP) 2.0 RC1 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-2192 | 1 Antonio Da Cruz | 1 Photofiltre Studio | 2017-10-11 | 9.3 HIGH | N/A |
| Buffer overflow in Photofiltre Studio 8.1.1 allows user-assisted remote attackers to execute arbitrary code via a crafted .tif file. | |||||
| CVE-2007-2193 | 1 Acd Systems | 2 Acdsee, Photo Editor | 2017-10-11 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the ID_X.apl plugin in ACDSee 9.0 Build 108, Pro 8.1 Build 99, and Photo Editor 4.0 Build 195 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information. | |||||