Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2657 | 1 Precisionid Barcode | 1 Precisionid Barcode | 2017-10-11 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the PrecisionID Barcode 1.3 ActiveX control in PrecisionID_DataMatrix.DLL allows remote attackers to cause a denial of service via a long argument to the SaveBarCode method. | |||||
| CVE-2007-2658 | 1 Id Automation | 1 Linear Barcode | 2017-10-11 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the ID Automation Linear Barcode 1.6.0.5 ActiveX control in IDAutomationLinear6.dll allows remote attackers to cause a denial of service via a long argument to the SaveEnhWMF method. | |||||
| CVE-2007-2659 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2017-10-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in PHP Advanced Transfer Manager (phpATM) 1.30 allows remote attackers to read arbitrary files and obtain script source code via a .. (dot dot) in the directory parameter in a downloadfile action. | |||||
| CVE-2007-2660 | 2 Cjg Explorer Pro, Vincent Blavet | 2 Cjg Explorer Pro, Phpconcept Library | 2017-10-11 | 6.8 MEDIUM | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in pcltrace.lib.php in the PclTar module in Vincent Blavet PhpConcept Library, as used in CJG EXPLORER PRO 3.3 and earlier and probably other products, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter. NOTE: CVE disputes this issue since there is no include statement in pcltrace.lib.php. NOTE: the pcltar.lib.php vector is already covered by CVE-2007-2199. | |||||
| CVE-2007-2661 | 1 Drumster | 1 Blogme | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in archshow.asp in BlogMe 3.0 allows remote attackers to execute arbitrary SQL commands via the var parameter, a different vector than CVE-2006-5976. | |||||
| CVE-2007-2662 | 1 Efestech Haber | 1 Efestech Haber | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in EfesTECH Haber 5.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to the top-level URI. | |||||
| CVE-2007-2663 | 1 Beacon | 1 Beacon | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in language/1/splash.lang.php in Beacon 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the languagePath parameter. | |||||
| CVE-2007-2664 | 1 Tomasz Rekawek | 1 Yet Another Asterisk Panel | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/common.php in Yaap 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, possibly related to the __autoload function. | |||||
| CVE-2007-2665 | 1 Php Firstpost | 1 Php Firstpost | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in block.php in PhpFirstPost 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the Include parameter. | |||||
| CVE-2007-2667 | 1 Db Soft Lab | 1 Vimp X | 2017-10-11 | 9.3 HIGH | N/A |
| Buffer overflow in the DB Software Laboratory VImpX ActiveX control in VImpX.ocx 4.7.3 allows remote attackers to execute arbitrary code via a long LogFile parameter. | |||||
| CVE-2007-2668 | 1 Webdesproxy | 1 Webdesproxy | 2017-10-11 | 6.8 MEDIUM | N/A |
| Buffer overflow in webdesproxy 0.0.1 allows remote attackers to execute arbitrary code via a long URL, possibly involving the process_connection_request function in webdesproxy.c. | |||||
| CVE-2007-2672 | 1 Thinc4orce Marketing Group | 1 Php Coupon Script | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PHP Coupon Script 3.0 allows remote attackers to execute arbitrary SQL commands via the bus parameter in a viewbus page. | |||||
| CVE-2007-2673 | 1 Censura | 1 Censura | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in includes/funcs_vendors.php in Censura 1.15.04, and other versions before 1.16.04, allows remote attackers to execute arbitrary SQL commands via the vendorid parameter in a vendor_info cmd action to censura.php. | |||||
| CVE-2007-2674 | 1 Pre Projects | 1 Pre Shopping Mall | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.php in Pre Shopping Mall 1.0 allows remote attackers to execute arbitrary SQL commands via the prodid parameter. | |||||
| CVE-2007-2675 | 1 Pre Projects | 1 Pre Classifieds Listings | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in Pre Classifieds Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2007-2676 | 1 Open Translation Engine | 1 Open Translation Engine | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in skins/header.php in Open Translation Engine (OTE) 0.7.8 allows remote attackers to execute arbitrary PHP code via a URL in the ote_home parameter. | |||||
| CVE-2007-2677 | 1 Phpchess | 1 Phpchess | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpChess Community Edition 2.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the config parameter to includes/language.php, or the Root_Path parameter to (2) layout_admin_cfg.php, (3) layout_cfg.php, or (4) layout_t_top.php in skins/phpchess/. NOTE: vector 1 has been disputed by CVE, since the code is defined within a function that is not called from within includes/language.php. | |||||
| CVE-2007-2683 | 1 Mutt | 1 Mutt | 2017-10-11 | 3.5 LOW | N/A |
| Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion. | |||||
| CVE-2007-2706 | 1 Geeklog | 1 Media Gallery | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in maint/ftpmedia.php in Media Gallery 1.4.8a and earlier for Geeklog allows remote attackers to execute arbitrary PHP code via a URL in the _MG_CONF[path_html] parameter. | |||||
| CVE-2007-2707 | 1 Linksnet | 1 Newsfeed | 2017-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in linksnet_linkslog_rss.php in Linksnet Newsfeed 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dirpath_linksnet_newsfeed parameter. | |||||
| CVE-2007-2708 | 1 Feindt Computerservice | 1 News-script | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in newsadmin.php in Feindt Computerservice News (News-Script) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the action parameter. | |||||
| CVE-2007-2709 | 1 Nagiosql | 1 Nagiosql 2005 | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in functions/prepend_adm.php in NagiosQL 2005 2.00 allows remote attackers to execute arbitrary PHP code via a URL in the SETS[path][physical] parameter. | |||||
| CVE-2007-2711 | 1 Tinyirc | 1 Tinyidentd | 2017-10-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in TinyIdentD 2.2 and earlier allows remote attackers to execute arbitrary code via a long string to TCP port 113. | |||||
| CVE-2007-2715 | 1 Snaps Gallery | 1 Snaps Gallery | 2017-10-11 | 10.0 HIGH | N/A |
| Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers to change arbitrary usernames and passwords via the (1) username, or the (2) password and password2 parameters in an edit action. | |||||
| CVE-2007-2717 | 1 Igeneric | 1 Ig Shop | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the type_id[] parameter, a different vector than CVE-2005-0537. | |||||
| CVE-2007-2721 | 1 Jasper Jpeg-2000 | 1 Jasper Jpeg-2000 | 2017-10-11 | 4.3 MEDIUM | N/A |
| The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert. | |||||
| CVE-2007-2722 | 1 Newzcrawler | 1 Newzcrawler | 2017-10-11 | 7.8 HIGH | N/A |
| Unspecified vulnerability in NewzCrawler 1.8 allows remote attackers to cause a denial of service (application instability) via certain invalid strings in the URL attribute of an ENCLOSURE element, as demonstrated by a "%s" sequence, a "%Y" sequence, a "%%" sequence, and an "n," sequence. | |||||
| CVE-2007-2726 | 1 Bitscast | 1 Bitscast | 2017-10-11 | 7.8 HIGH | N/A |
| BitsCast 0.13.0 allows remote attackers to cause a denial of service (application crash) via an RSS 2.0 feed item with certain invalid strings in a pubDate element, as demonstrated by repeated "../A" or "A/../" patterns. | |||||
| CVE-2007-2735 | 1 Touteresa | 1 Resmanager | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in edit_day.php in the ResManager 1.2.1 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id_reserv parameter. | |||||
| CVE-2007-2736 | 9 Achievo, Apple, Hp and 6 more | 18 Achievo, A Ux, Mac Os X and 15 more | 2017-10-11 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter. | |||||
| CVE-2007-2738 | 1 Xoops | 1 Xoops Glossaire Module | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the sid parameter in an ImprDef action. | |||||
| CVE-2007-2743 | 1 Glossword | 1 Glossword | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in custom_vars.php in GlossWord 1.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the sys[path_addon] parameter. | |||||
| CVE-2007-2749 | 1 Faqengine | 1 Faqengine | 2017-10-11 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in question.php in FAQEngine 4.16.03 and earlier allows remote attackers to execute arbitrary SQL commands via the questionref parameter in a display action. | |||||
| CVE-2007-2750 | 1 Simpnews | 1 Simpnews | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in print.php in SimpNews 2.40.01 and earlier allows remote attackers to execute arbitrary SQL commands via the newsnr parameter. | |||||
| CVE-2007-2751 | 1 Phpglossar | 1 Phpglossar | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PHPGlossar 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the format_menue parameter to (1) admin/inc/change_action.php or (2) admin/inc/add.php. | |||||
| CVE-2007-2752 | 1 Runawaysoft | 1 Haber Portal | 2017-10-11 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in devami.asp in RunawaySoft Haber portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-2753 | 1 Runawaysoft | 1 Haber Portal | 2017-10-11 | 5.0 MEDIUM | N/A |
| RunawaySoft Haber portal 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/xice.mdb. | |||||
| CVE-2007-2755 | 1 Precisionid Barcode | 1 Precisionid Barcode | 2017-10-11 | 10.0 HIGH | N/A |
| The PrecisionID Barcode 1.9 ActiveX control in PrecisionID_Barcode.dll, when Internet Explorer 6 is used, allows remote attackers to overwrite arbitrary files via a full pathname to the SaveToFile function, a different vulnerability than CVE-2007-2744. | |||||
| CVE-2007-2756 | 1 Libgd | 1 Libgd | 2017-10-11 | 4.3 MEDIUM | N/A |
| The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng. | |||||
| CVE-2007-2762 | 1 Build It Fast | 1 Build It Fast | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Build it Fast (bif3) 0.4.1 allow remote attackers to execute arbitrary PHP code via a URL in (1) the pear_dir parameter to Base/Application.php, or the (2) sys_dir parameter to (a) Footer.php, (b) widget.BifContainer.php, (c) widget.BifRoot.php, (d) widget.BifRoot2.php, (e) widget.BifRoot3.php, or (f) widget.BifWarning.php in Widgets/Base/. | |||||
| CVE-2007-2773 | 1 Zomplog | 1 Zomplog | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in plugins/mp3playlist/mp3playlist.php in Zomplog 3.8 and earlier allows remote attackers to execute arbitrary SQL commands via the speler parameter. | |||||
| CVE-2007-2774 | 1 Sunlight Cms | 1 Sunlight Cms | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SunLight CMS 5.3 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) _connect.php or (2) modules/startup.php. | |||||
| CVE-2007-2775 | 1 Alstrasoft | 1 Live Support | 2017-10-11 | 10.0 HIGH | N/A |
| AlstraSoft Live Support 1.21 sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request to admin/managesettings.php. | |||||
| CVE-2007-2776 | 1 Alstrasoft | 1 Template Seller | 2017-10-11 | 10.0 HIGH | N/A |
| AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject a credential variable setting and obtain administrative access via a direct request to admin/changeinfo.php. | |||||
| CVE-2007-2777 | 1 Alstrasoft | 1 Template Seller | 2017-10-11 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in admin/addsptemplate.php in AlstraSoft Template Seller Pro 3.25 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary .php filename in the zip parameter, which is created under sptemplates/. | |||||
| CVE-2007-2778 | 1 Molyx | 1 Molyx Board | 2017-10-11 | 7.8 HIGH | N/A |
| Multiple directory traversal vulnerabilities in MolyX BOARD 2.5.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to index.php and other unspecified PHP scripts. | |||||
| CVE-2007-2779 | 1 Libstats | 1 Libstats | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in template_csv.php in Libstats 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rInfo[content] parameter. | |||||
| CVE-2007-2787 | 1 Lead Technologies | 1 Leadtools Raster Thumbnail Object Library | 2017-10-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the BrowseDir function in the (1) lttmb14E.ocx or (2) LTRTM14e.DLL ActiveX control in LeadTools Raster Thumbnail Object Library 14.5.0.44 allows remote attackers to execute arbitrary code via a long argument. | |||||
| CVE-2007-2792 | 1 Com Yanc | 1 Com Yanc | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Yet another Newsletter Component (aka YaNC or com_yanc) component before 1.5 beta 3 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2793 | 1 Geeklog | 1 Geeklog | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in ImageImageMagick.php in Geeklog 2.x allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_system] parameter. | |||||