Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1425 | 1 Triexa | 1 Sonicmailer Pro | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Triexa SonicMailer Pro 3.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the list parameter in an archive action. | |||||
| CVE-2007-1438 | 1 X-ice | 1 News System | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in devami.asp in X-Ice News System 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-1478 | 1 Mcgallery | 1 Mcgallery | 2017-10-11 | 5.0 MEDIUM | N/A |
| download.php in McGallery 0.5b allows remote attackers to read arbitrary files and obtain script source code via the filename parameter. | |||||
| CVE-2007-1479 | 1 Creative Guestbook | 1 Creative Guestbook | 2017-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Guestbook.php in Creative Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. | |||||
| CVE-2007-1480 | 1 Creative Guestbook | 1 Creative Guestbook | 2017-10-11 | 7.5 HIGH | N/A |
| Creative Guestbook 1.0 allows remote attackers to add an administrative account via a direct request to createadmin.php with Name, Email, and PASSWORD parameters set. | |||||
| CVE-2007-1481 | 1 Wbblog | 1 Wbblog | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in WBBlog allows remote attackers to execute arbitrary SQL commands via the e_id parameter in a viewentry cmd. | |||||
| CVE-2007-1482 | 1 Liqua | 1 Wbblog | 2017-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in WBBlog allows remote attackers to inject arbitrary web script or HTML via the e_id parameter in a viewentry cmd. | |||||
| CVE-2007-1487 | 3 Cyber Inside, Cyberteddy, Sascha Schroeder | 3 Weblog, Weblog, Weblog | 2017-10-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Sascha Schroeder (aka CyberTeddy or Cyber-inside) WebLog allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a showarticles action. | |||||
| CVE-2007-1496 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 4.9 MEDIUM | N/A |
| nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows attackers to cause a denial of service (crash) via unspecified vectors involving the (1) nfulnl_recv_config function, (2) using "multiple packets per netlink message", and (3) bridged packets, which trigger a NULL pointer dereference. | |||||
| CVE-2007-1497 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 5.0 MEDIUM | N/A |
| nf_conntrack in netfilter in the Linux kernel before 2.6.20.3 does not set nfctinfo during reassembly of fragmented packets, which leaves the default value as IP_CT_ESTABLISHED and might allow remote attackers to bypass certain rulesets using IPv6 fragments. | |||||
| CVE-2007-1501 | 1 Avant Force | 1 Avant Browser | 2017-10-11 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Avant Browser 11.0 build 26 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Content-Type HTTP header. | |||||
| CVE-2007-1516 | 1 Cicoandcico | 1 Ccmail | 2017-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in functions/update.php in Cicoandcico CcMail 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the functions_dir parameter. | |||||
| CVE-2007-1525 | 1 Dayfox Designs | 1 Dayfox Blog | 2017-10-11 | 6.8 MEDIUM | N/A |
| Direct static code injection vulnerability in postpost.php in Dayfox Blog (dfblog) 4 allows remote attackers to execute arbitrary PHP code via the cat parameter, which can be executed via a request to posts.php. | |||||
| CVE-2007-1553 | 1 Guestbara | 1 Guestbara | 2017-10-11 | 5.0 MEDIUM | N/A |
| admin/configuration.php in Guestbara 1.2 and earlier allows remote attackers to modify the e-mail, name, and password of the admin account by setting the zapis parameter to "ok" and providing modified admin_mail, login, and pass parameters. | |||||
| CVE-2007-1555 | 1 Minerva | 1 Minerva | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forum.php in the Minerva mod 2.0.21 build 238a and earlier for phpBB allows remote attackers to execute arbitrary SQL commands via the c parameter. | |||||
| CVE-2007-1556 | 1 Thecreativeheads.de | 1 Creative Files | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in kommentare.php in Creative Files 1.2 allows remote attackers to execute arbitrary SQL commands via the dlid parameter. | |||||
| CVE-2007-1560 | 1 Squid | 1 Squid | 2017-10-11 | 5.0 MEDIUM | N/A |
| The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error. | |||||
| CVE-2007-1564 | 1 Kde | 1 Konqueror | 2017-10-11 | 6.8 MEDIUM | N/A |
| The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. | |||||
| CVE-2007-1566 | 1 Netvios | 1 Netvios | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in News/page.asp in NetVIOS Portal allows remote attackers to execute arbitrary SQL commands via the NewsID parameter. NOTE: this issue might be the same as CVE-2006-5954. | |||||
| CVE-2007-1568 | 1 Daansystems | 1 Newsreactor | 2017-10-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in DaanSystems NewsReactor 20070220.21 allows remote attackers to execute arbitrary code via a yEnc (yEncode) encoded article with a long filename. | |||||
| CVE-2007-1569 | 1 Newsbin Pro | 1 Newsbin Pro | 2017-10-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in NewsBin Pro 4.32 allows remote attackers to cause a denial of service or execute arbitrary code via a yEnc (yEncode) encoded article with a long filename, as demonstrated using a .nzb file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-1577 | 1 Geblog | 1 Geblog | 2017-10-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php. | |||||
| CVE-2007-1578 | 1 Atrium Software | 1 Mercur Imapd | 2017-10-11 | 10.0 HIGH | N/A |
| Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD (mcrimap4.exe) 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument that triggers a stack-based buffer overflow. | |||||
| CVE-2007-1579 | 1 Atrium Software | 2 Mercur Imapd, Mercur Messaging 2005 | 2017-10-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command. | |||||
| CVE-2007-1580 | 1 Ftpdmin | 1 Ftpdmin | 2017-10-11 | 6.3 MEDIUM | N/A |
| FTPDMIN 0.96 allows remote attackers to cause a denial of service (daemon crash) via a LIST command for a Windows drive letter, as demonstrated using "//A:". NOTE: this has been reported as a buffer overflow by some sources, but there is not a long argument. | |||||
| CVE-2007-1584 | 1 Php | 1 Php | 2017-10-11 | 6.8 MEDIUM | N/A |
| Buffer underflow in the header function in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by passing an all-whitespace string to this function, which causes it to write '\0' characters in whitespace that precedes the string. | |||||
| CVE-2007-1592 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 4.9 MEDIUM | N/A |
| net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 inadvertently copies the ipv6_fl_socklist from a listening TCP socket to child sockets, which allows local users to cause a denial of service (OOPS) or double free by opening a listening IPv6 socket, attaching a flow label, and connecting to that socket. | |||||
| CVE-2007-1596 | 2 Joomla, Mambo | 2 Nfn Address Book, Nfn Address Book | 2017-10-11 | 9.3 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the NFN Address Book (com_nfn_addressbook) 0.4 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) components/com_nfn_addressbook/nfnaddressbook.php or (2) administrator/components/com_nfn_addressbook/nfnaddressbook.php. | |||||
| CVE-2007-1600 | 1 Digital Eye Gallery | 1 Digital Eye Gallery | 2017-10-11 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in module.php in Digital Eye Gallery 1.1 Beta (aka 0.1.1b) allows remote attackers to execute arbitrary PHP code via a URL in the menu parameter. | |||||
| CVE-2007-1618 | 1 Scriptmagix | 1 Scriptmagix Faq Builder | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ScriptMagix FAQ Builder 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2007-1619 | 1 Scriptmagix | 1 Scriptmagix Photo Rating | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewcomments.php in ScriptMagix Photo Rating 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the phid parameter. | |||||
| CVE-2007-1620 | 1 Php Db Designer | 1 Php Db Designer | 2017-10-11 | 10.0 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PHP DB Designer 1.02 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SESSION[SITE_PATH] parameter to (a) wind/help.php or (b) wind/about.php, or the (2) _SESSION[DRIVER] parameter to (c) db/session.php. | |||||
| CVE-2007-1621 | 1 Lbstone | 1 Active Php Bookmark Notes | 2017-10-11 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in templates/head.php in Active PHP Bookmark Notes (APB) 0.2.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the APB_SETTINGS[template_path] parameter. NOTE: this issue might be related to CVE-2003-1254. | |||||
| CVE-2007-1626 | 1 Php-nuke | 1 Iframe Module | 2017-10-11 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in iframe.php in the iFrame Module for PHP-NUKE allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | |||||
| CVE-2007-1629 | 1 Active Web Softwares | 1 Active Photo Gallery | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Photo Gallery allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2007-1630 | 1 Active Web Softwares | 1 Active Link Engine | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Link Engine allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2007-1633 | 1 Giorgio Ciranni | 1 Splatt Forum | 2017-10-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php. | |||||
| CVE-2007-1636 | 1 Roseonlinecms | 1 Roseonlinecms | 2017-10-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header. | |||||
| CVE-2007-1640 | 1 Classweb | 1 Classweb | 2017-10-11 | 10.0 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ClassWeb 2.03 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the BASE parameter to (1) language.php and (2) phpadmin/survey.php. | |||||
| CVE-2007-1641 | 1 Portailphp | 1 Portailphp | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PortailPHP 2.0 allows remote attackers to execute arbitrary SQL commands via the idnews parameter. | |||||
| CVE-2007-1643 | 1 Lan Management System | 1 Lan Management System | 2017-10-11 | 10.0 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in LAN Management System (LMS) 1.8.9 Vala and earlier allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG[directories][userpanel_dir] parameter to userpanel.php or the (2) _LIB_DIR parameter to welcome.php. | |||||
| CVE-2007-1644 | 1 Microsoft | 1 All Windows | 2017-10-11 | 10.0 HIGH | N/A |
| The dynamic DNS update mechanism in the DNS Server service on Microsoft Windows does not properly authenticate clients in certain deployments or configurations, which allows remote attackers to change DNS records for a web proxy server and conduct man-in-the-middle (MITM) attacks on web traffic, conduct pharming attacks by poisoning DNS records, and cause a denial of service (erroneous name resolution). | |||||
| CVE-2007-1645 | 2 Futuresoft, Microsoft | 2 Tftp Server 2000, Windows 2000 | 2017-10-11 | 10.0 HIGH | N/A |
| Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812. | |||||
| CVE-2007-1647 | 1 Moodle | 1 Moodle | 2017-10-11 | 7.8 HIGH | N/A |
| Moodle 1.5.2 and earlier stores sensitive information under the web root with insufficient access control, and provides directory listings, which allows remote attackers to obtain user names, password hashes, and other sensitive information via a direct request for session (sess_*) files in moodledata/sessions/. | |||||
| CVE-2007-1648 | 1 Dev0.de | 1 0irc | 2017-10-11 | 7.8 HIGH | N/A |
| 0irc 1345 build 20060823 allows remote attackers to cause a denial of service (application crash) by operating an IRC server that sends a long string to a client, which triggers a NULL pointer dereference. | |||||
| CVE-2007-1696 | 1 Active Web Softwares | 1 Active Newsletter | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ViewNewspapers.asp in Active Newsletter 4.3 and earlier allows remote attackers to execute arbitrary SQL commands via the NewsPaperID parameter. | |||||
| CVE-2007-1697 | 1 Philex | 1 Philex | 2017-10-11 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in header.inc.php in Philex 0.2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CssFile parameter. | |||||
| CVE-2007-1698 | 1 Philex | 1 Philex | 2017-10-11 | 5.0 MEDIUM | N/A |
| download.php in Philex 0.2.3 and earlier allows remote attackers to read arbitrary files and source code, and obtain sensitive information via the file parameter. | |||||
| CVE-2007-1699 | 2 Joomla, Mambo | 2 Swmenu Component, Swmenu Component | 2017-10-11 | 10.0 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the SWmenu (com_swmenupro and com_swmenufree) 4.0 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to ImageManager/Classes/ImageManager.php under the (1) components/ or (2) administrator/components/ directory trees. | |||||
| CVE-2007-1702 | 1 Mambo | 1 Flatmenu | 2017-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in mod_flatmenu.php in the Flatmenu 1.07 and earlier Mambo module allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||