Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2485 | 1 Ruben Boelinger | 1 Myflash | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in myflash-button.php in the myflash 1.00 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter. | |||||
| CVE-2007-2486 | 1 Motobit | 1 Motobit | 2017-10-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download.asp in Motobit 1.3 and 1.5 (aka PStruh-CZ) allows remote attackers to read arbitrary files via a .. (dot dot) in the File parameter. | |||||
| CVE-2007-2493 | 1 Mxbb | 2 Mxbb Faq, Mxbb Rules | 2017-10-11 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in faq.php in the FAQ & RULES 2.0.0 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | |||||
| CVE-2007-2494 | 1 Office Ocx | 1 Powerpoint Viewer Ocx | 2017-10-11 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in the PowerPointOCX ActiveX control in PowerPointViewer.ocx 3.1.0.3 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) Save, (6) SaveWebFile, (7) HttpDownloadFile, (8) Open, or (9) OpenWebFile property value. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2495 | 1 Office Ocx | 1 Excel Viewer Ocx | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in the ExcelOCX ActiveX control in ExcelViewer.ocx 3.1.0.6 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) Save, (6) SaveWebFile, (7) HttpDownloadFile, (8) Open, or (9) OpenWebFile property value. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2497 | 1 Realnetworks | 1 Realplayer | 2017-10-11 | 7.8 HIGH | N/A |
| RealNetworks RealPlayer 10 Gold allows remote attackers to cause a denial of service (memory consumption) via a certain .ra file. NOTE: this issue was referred to as a "memory leak," but it is not clear if this is correct. | |||||
| CVE-2007-2498 | 1 Nullsoft | 1 Winamp | 2017-10-11 | 9.3 HIGH | N/A |
| libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary code via a certain .MP4 file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2507 | 1 Treble Designs | 1 1024 Cms | 2017-10-11 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in includes/download.php in Treble Designs 1024 CMS 0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the item parameter. | |||||
| CVE-2007-2521 | 1 E-gads | 1 E-gads | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in common.php in E-GADS! before 2.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the locale parameter. | |||||
| CVE-2007-2525 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 4.9 MEDIUM | N/A |
| Memory leak in the PPP over Ethernet (PPPoE) socket implementation in the Linux kernel before 2.6.21-git8 allows local users to cause a denial of service (memory consumption) by creating a socket using connect, and releasing it before the PPPIOCGCHAN ioctl is initialized. | |||||
| CVE-2007-2526 | 1 Smartcode | 1 Vnc Manager | 2017-10-11 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the ConnectAsyncEx function in VNC Viewer ActiveX control (scvncctrl.dll) in the SmartCode VNC Manager 3.6 allows remote attackers to execute arbitrary code via a long argument. | |||||
| CVE-2007-2530 | 1 Tropicalm | 1 Tropicalm Crowell Resource | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Tropicalm Crowell Resource 4.5.2 allow remote attackers to execute arbitrary PHP code via a URL in the RESPATH parameter to (1) dosearch.php or (2) printfriendly.php. | |||||
| CVE-2007-2531 | 1 Berylium | 1 Berylium2 | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in berylium-classes.php in Berylium2 2003-08-18 allows remote attackers to execute arbitrary PHP code via a URL in the beryliumroot parameter. | |||||
| CVE-2007-2540 | 1 Pmecms | 1 Pmecms | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PMECMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[pathMod] parameter to index.php in (1) mod/image/, (2) mod/liens/, (3) mod/liste/, (4) mod/special/, or (5) mod/texte/. | |||||
| CVE-2007-2541 | 1 Versado Cms | 1 Versado Cms | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/ajax_listado.php in Versado CMS 1.07 allows remote attackers to execute arbitrary PHP code via a URL in the urlModulo parameter. | |||||
| CVE-2007-2542 | 1 Workbench Survival Guide | 1 Workbench Survival Guide | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in header.php in workbench survival guide 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||
| CVE-2007-2543 | 1 Xoops | 1 Flashgames Module | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in game.php in the Flashgames 1.0.1 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter. | |||||
| CVE-2007-2544 | 1 Php Toptree Bbs | 1 Php Toptree Bbs | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in templates/default/tpl_message.php in PHP TopTree BBS 2.0.1a and earlier allows remote attackers to execute arbitrary PHP code via a URL in the right_file parameter. | |||||
| CVE-2007-2545 | 1 Persism Cms | 1 Persism Cms | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Persism CMS 0.9.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the system[path] parameter to (1) blocks/headerfile.php, (2) files/blocks/latest_files.php, (3) filters/headerfile.php, (4) forums/blocks/latest_posts.php, (5) groups/headerfile.php, (6) links/blocks/links.php, (7) menu/headerfile.php, (8) news/blocks/latest_news.php, (9) settings/headerfile.php, or (10) users/headerfile.php, in modules/. | |||||
| CVE-2007-2560 | 1 Mentiss Acgv | 1 Acgvannu | 2017-10-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in theme/acgv.php in ACGVannu 1.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the rubrik parameter. | |||||
| CVE-2007-2569 | 1 Practical Creative And Code | 1 Friendly | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Friendly 1.0d1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the friendly_path parameter to (1) core/data/yaml.inc.php, or _load.php in (2) core/data/, (3) core/display/, or (4) core/support/. | |||||
| CVE-2007-2570 | 1 Guilain Omont | 1 Wikivi5 | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in handlers/page/show.php in Wikivi5 allows remote attackers to execute arbitrary PHP code via a URL in the sous_rep parameter. | |||||
| CVE-2007-2571 | 1 Xoops | 1 Wfquotes Module | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the wfquotes 1.0 0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action. | |||||
| CVE-2007-2572 | 1 Noah | 1 Noah | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in modules/noevents/templates/mfa_theme.php in NoAh (aka PHP Content Architect, phparch) 0.9 pre 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tpls[1] parameter. | |||||
| CVE-2007-2573 | 1 Phptree | 1 Phptree | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in plugin/HP_DEV/cms2.php in PHPtree 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the s_dir parameter. | |||||
| CVE-2007-2574 | 1 Archangelmgt | 1 Weblog | 2017-10-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Archangel Weblog 0.90.02 allows remote attackers to read arbitrary files via a .. (dot dot) in the index parameter. | |||||
| CVE-2007-2575 | 1 Vm Watermark | 1 Vm Watermark | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in watermark.php in the vm (aka Jean-Francois Laflamme) watermark 0.4.1 mod for Gallery allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter. | |||||
| CVE-2007-2576 | 1 East Wind Software | 1 Advdaudio.ocx | 2017-10-11 | 6.8 MEDIUM | N/A |
| Buffer overflow in the East Wind Software advdaudio.ocx 1.5.1.1 ActiveX control allows user-assisted remote attackers to execute arbitrary code via a long OpenDVD property value. NOTE: this issue might be related to CVE-2007-0976. | |||||
| CVE-2007-2589 | 1 Squirrelmail | 1 Squirrelmail | 2017-10-11 | 5.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element. | |||||
| CVE-2007-2594 | 1 Phpmyportal | 1 Phpmyportal | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/articles.inc.php in phpMyPortal 3.0.0 RC3 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[CHEMINMODULES] parameter. | |||||
| CVE-2007-2596 | 1 Agner Fog | 1 Aforum | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in common/func.php in aForum 1.32 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CommonAbsDir parameter. | |||||
| CVE-2007-2597 | 1 Telltargetcms | 1 Telltarget Cms | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in telltarget CMS 1.3.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) ordnertiefe parameter to site_conf.php; or the (2) tt_docroot parameter to (a) class.csv.php, (b) produkte_nach_serie.php, or (c) ref_kd_rubrik.php in functionen/; (d) hg_referenz_jobgalerie.php, (e) surfer_anmeldung_NWL.php, (f) produkte_nach_serie_alle.php, (g) surfer_aendern.php, (h) ref_kd_rubrik.php, or (i) referenz.php in module/; or (j) 1/lay.php or (k) 3/lay.php in standard/. | |||||
| CVE-2007-2598 | 1 Simplenews | 1 Simplenews | 2017-10-11 | 10.0 HIGH | N/A |
| SQL injection vulnerability in print.php in SimpleNews 1.0.0 FINAL allows remote attackers to execute arbitrary SQL commands via the news_id parameter. | |||||
| CVE-2007-2599 | 1 Wavelink Media | 1 Tutorialcms | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or (3) the search parameter to search.php. | |||||
| CVE-2007-2600 | 1 Wavelink Media | 1 Tutorialcms | 2017-10-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or the (3) search parameter to search.php. | |||||
| CVE-2007-2601 | 1 Divx City | 1 Gdivx Zenith Player | 2017-10-11 | 9.3 HIGH | N/A |
| Buffer overflow in a certain ActiveX control in the GDivX Zenith Player AviFixer class in fix.dll 1.0.0.1 allows remote attackers to execute arbitrary code via a long SetInputFile property value. | |||||
| CVE-2007-2607 | 1 Lavague | 1 Lavague | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in views/print/printbar.php in LaVague 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the views_path parameter. | |||||
| CVE-2007-2608 | 1 Miplex2 | 1 Miplex2 | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/smarty/SmartyFU.class.php in Miplex2 Alpha 1 allows remote attackers to execute arbitrary PHP code via a URL in the system[smarty][dir] parameter. | |||||
| CVE-2007-2609 | 1 Gnuedu | 1 Gnu Edu | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote attackers to execute arbitrary PHP code via a URL in the (a) ETCDIR parameter to (1) libs/lom.php; (2) lom_update.php, (3) check-lom.php, and (4) weigh_keywords.php in scripts/; the (b) LIBSDIR parameter to (5) logout.php, (6) help.php, (7) index.php, (8) login.php; and the ETCDIR parameter to (9) web/lom.php. | |||||
| CVE-2007-2611 | 1 Cgx | 1 Cgx | 2017-10-11 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in CGX 20050314 allow remote attackers to execute arbitrary PHP code via a URL in the pathCGX parameter to (1) mtdialogo.php, (2) ltdialogo.php, (3) login.php, and (4) logingecon.php in inc/; and multiple unspecified files in frm/, sql/, and cns/. | |||||
| CVE-2007-2615 | 1 Crie Sue | 1 Phplojafacil | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Crie seu PHPLojaFacil 0.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the path_local parameter to (1) ftp.php, (2) libs/db.php, and (3) libs/ftp.php. | |||||
| CVE-2007-2617 | 1 Sun | 2 Net Connect Software, Solaris | 2017-10-11 | 2.1 LOW | N/A |
| srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options. | |||||
| CVE-2007-2620 | 1 Jakub Steiner | 1 Original | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/config.inc.php in Jakub Steiner (aka jimmac) original 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the x[1] parameter. | |||||
| CVE-2007-2621 | 1 Extrovert Software | 1 Thyme Calndar | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in event_view.php in Thyme Calendar 1.3 allows remote attackers to execute arbitrary SQL commands via the eid parameter. | |||||
| CVE-2007-2622 | 1 Taskdriver | 1 Taskdriver | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in TaskDriver 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to login.php or (2) the taskid parameter to notes.php. | |||||
| CVE-2007-2623 | 1 Fruit2004 | 1 Remote Display Development Kit | 2017-10-11 | 7.8 HIGH | N/A |
| Multiple buffer overflows in RControl.dll in Remote Display Dev kit 1.2.1.0 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via (1) a long first argument to the connect function or (2) a long InternalServer property value, possibly involving ntdll.dll. | |||||
| CVE-2007-2642 | 1 R2k | 1 R2k Gallery | 2017-10-11 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in galeria.php in R2K Gallery 1.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang2 parameter. | |||||
| CVE-2007-2643 | 1 Pinkcrow Designs | 1 Designs Gallery Magazin | 2017-10-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in phpThumb.php in PinkCrow Designs Gallery or maGAZIn 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter. | |||||
| CVE-2007-2644 | 1 Morovia | 1 Barcode Activex Control | 2017-10-11 | 9.4 HIGH | N/A |
| A certain ActiveX control in Morovia Barcode ActiveX Professional 3.3.1304 allows remote attackers to overwrite arbitrary files by calling the Save method with an arbitrary filename. | |||||
| CVE-2007-2656 | 1 Hp | 1 Hpqvwocx.dll | 2017-10-11 | 7.8 HIGH | N/A |
| Stack-based buffer overflow in the Hewlett-Packard (HP) Magview ActiveX control in hpqvwocx.dll 1.0.0.309 allows remote attackers to cause a denial of service (application crash) and possibly have other impact via a long argument to the DeleteProfile method. | |||||