Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3547 | 1 Qt-cute | 1 Quickticket | 2017-09-29 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in qti_checkname.php in QuickTicket 1.2 allows remote attackers to include and execute arbitrary local files a .. (dot dot) in the lang parameter. | |||||
| CVE-2007-3548 | 1 W3filer | 1 W3filer | 2017-09-29 | 7.1 HIGH | N/A |
| Stack-based buffer overflow in W3Filer 2.1.3 allows remote FTP servers to cause a denial of service (application hang or crash) and possibly execute arbitrary code by sending a large banner to a client that is sending a file. | |||||
| CVE-2007-3549 | 1 Vastal I-tech | 1 Buddy Zone | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2007-3582 | 1 Inforest Communications | 1 Supercali | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in SuperCali PHP Event Calendar 0.4.0 allows remote attackers to execute arbitrary SQL commands via the o parameter. | |||||
| CVE-2007-3583 | 1 Girlserv | 1 Girlserv Ads | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in details_news.php in Girlserv ads 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the idnew parameter. | |||||
| CVE-2007-3584 | 1 Postnuke Software Foundation | 1 Pnphpbb2 | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i and earlier for Postnuke allows remote attackers to execute arbitrary SQL commands via the order parameter. | |||||
| CVE-2007-3585 | 1 Mycms | 1 Mycms | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in games.php in MyCMS 0.9.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the id parameter. | |||||
| CVE-2007-3586 | 1 Mycms | 1 Mycms | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 and earlier allow remote attackers to inject arbitrary PHP code into (1) a _score.txt file via the score parameter, or (2) a _setby.txt file via a login cookie, which is then included by games.php. NOTE: programs that use games.php might include (a) snakep.php, (b) tetrisp.php, and possibly other site-specific files. | |||||
| CVE-2007-3589 | 1 B1g | 1 B1gbb | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in b1gbb 2.24.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showthread.php or (2) showboard.php. | |||||
| CVE-2007-3590 | 1 B1g | 1 B1gbb | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in visitenkarte.php in b1gBB 2.24.0 allows remote attackers to inject arbitrary web script or HTML via the user parameter. | |||||
| CVE-2007-3606 | 1 Sap | 1 Enjoysap | 2017-09-29 | 7.6 HIGH | N/A |
| Heap-based buffer overflow in the rfcguisink.rfcguisink.1 ActiveX control in the EnjoySAP SAP GUI, on systems using ASCII versions, allows remote attackers to execute arbitrary code via a long first argument to the LaunchGui function. | |||||
| CVE-2007-3609 | 1 Emeeting | 1 Online Dating Software | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in eMeeting Online Dating Software 5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) b.php and (2) account/gallery.php, and other unspecified vectors. | |||||
| CVE-2007-3610 | 1 Vastal I-tech | 1 Phpvid | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in categories_type.php in phpVID 0.9.9 allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2007-3611 | 1 Vrnews | 1 Vrnews | 2017-09-29 | 9.3 HIGH | N/A |
| admin.php in VRNews 1.1.1, and possibly other 1.x versions, does not require authentication, which allows remote attackers to perform certain administrative actions via a direct request with a (1) edit, (2) add, (3) config, or (4) del value in the act parameter. | |||||
| CVE-2007-3612 | 1 Visual Irc | 1 Visual Irc | 2017-09-29 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Visual IRC (ViRC) 2.0 allows remote IRC servers to execute arbitrary code via a long response to a JOIN command. | |||||
| CVE-2007-3630 | 1 Av Scripts | 1 Av Tutorial Script | 2017-09-29 | 6.4 MEDIUM | N/A |
| changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter. | |||||
| CVE-2007-3631 | 1 Gamesitescript | 1 Gamesitescript | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in GameSiteScript (gss) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the params parameter, related to missing input validation of the id field. | |||||
| CVE-2007-3632 | 1 Limesurvey | 1 Limesurvey | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka PHPSurveyor) 1.49RC2 allow remote attackers to execute arbitrary PHP code via a URL in the homedir parameter to (1) OLE/PPS/File.php, (2) OLE/PPS/Root.php, (3) Spreadsheet/Excel/Writer.php, or (4) OLE/PPS.php in admin/classes/pear/; or (5) Worksheet.php, (6) Parser.php, (7) Workbook.php, (8) Format.php, or (9) BIFFwriter.php in admin/classes/pear/Spreadsheet/Excel/Writer/. | |||||
| CVE-2007-3633 | 1 Chilkat Software | 1 Chilkat Zip Activex Control | 2017-09-29 | 6.4 MEDIUM | N/A |
| Absolute path traversal vulnerability in the Chilkat Software Chilkat Zip ActiveX control in ChilkatZip2.dll 12.4.2.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveLastError method and probably the (2) WriteExe method. | |||||
| CVE-2007-3649 | 1 Hp | 1 Photo Digital Imaging Activex Control | 2017-09-29 | 6.8 MEDIUM | N/A |
| Absolute path traversal vulnerability in a certain ActiveX control in hpqvwocx.dll 2.1.0.556 in Hewlett-Packard (HP) Digital Imaging allows remote attackers to create or overwrite arbitrary files via the second argument to the SaveToFile method. | |||||
| CVE-2007-3682 | 1 Openld | 1 Openld | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in OpenLD 1.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-3687 | 1 Infernotechnologies | 1 Rpg Inferno | 2017-09-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in inferno.php in the Inferno Technologies RPG Inferno 2.4 and earlier, a vBulletin module, allows remote authenticated attackers to execute arbitrary SQL commands via the id parameter in a ScanMember do action. | |||||
| CVE-2007-3702 | 1 Mail Machine | 1 Mail Machine | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the load function in cgi-bin/mail/mailmachine.cgi in Mail Machine 3.989 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the archives parameter in a Load action. | |||||
| CVE-2007-3703 | 1 Zenturi | 1 Zenturi Programchecker | 2017-09-29 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in a certain ActiveX control in sasatl.dll 1.5.0.531 in Zenturi Program Checker (ProgramChecker) Pro allows remote attackers to execute arbitrary code via a long argument to the Fill method. NOTE: this is probably a different issue than CVE-2007-2987. | |||||
| CVE-2007-3739 | 2 Apple, Redhat | 2 Powerpc, Enterprise Linux | 2017-09-29 | 4.7 MEDIUM | N/A |
| mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not prevent stack expansion from entering into reserved kernel page memory, which allows local users to cause a denial of service (OOPS) via unspecified vectors. | |||||
| CVE-2007-3740 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 4.4 MEDIUM | N/A |
| The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges. | |||||
| CVE-2007-3741 | 2 Gnu, Mandriva | 2 Gimp, Linux | 2017-09-29 | 4.3 MEDIUM | N/A |
| The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a denial of service (crash or memory consumption) via crafted image files, as discovered using the fusil fuzzing tool. | |||||
| CVE-2007-3772 | 1 Psnews | 1 Psnews | 2017-09-29 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in news/show.php in PsNews 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newspath parameter. | |||||
| CVE-2007-3790 | 1 Php | 1 Php | 2017-09-29 | 5.8 MEDIUM | N/A |
| The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allows context-dependent attackers to cause a denial of service via a long argument. | |||||
| CVE-2007-3806 | 1 Php | 1 Php | 2017-09-29 | 6.8 MEDIUM | N/A |
| The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure. | |||||
| CVE-2007-3808 | 1 Php Arena | 1 Pafiledb | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in includes/search.php in paFileDB 3.6 allows remote attackers to execute arbitrary SQL commands via the categories[] parameter in a search action to index.php, a different vector than CVE-2005-2000. | |||||
| CVE-2007-3809 | 1 Prozilla | 1 Prozilla Directory Script | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Prozilla Directory Script allow remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action to directory.php, and other unspecified vectors. | |||||
| CVE-2007-3810 | 1 It747 | 1 Realtor 747 | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Realtor 747 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter. | |||||
| CVE-2007-3811 | 1 Esyndicat | 1 Esyndicat Directory | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in eSyndiCat allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php or (2) the name parameter to page.php. | |||||
| CVE-2007-3812 | 1 Cmscout | 1 Cmscout | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forums.php in CMScout 1.23 and earlier allows remote attackers to execute arbitrary SQL commands via the f parameter in a forums action to index.php. | |||||
| CVE-2007-3813 | 1 Mkportal | 1 Noboard Module | 2017-09-29 | 4.3 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in include/user.php in the NoBoard BETA module for MKPortal allows remote attackers to execute arbitrary PHP code via a URL in the MK_PATH parameter. | |||||
| CVE-2007-3840 | 1 Sitetrafficstats | 1 Sitetrafficstats | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in referralUrl.php in Traffic Stats allows remote attackers to execute arbitrary SQL commands via the offset parameter. | |||||
| CVE-2007-3843 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 4.3 MEDIUM | N/A |
| The Linux kernel before 2.6.23-rc1 checks the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing despite sec=ntlmv2i in a SetupAndX request. | |||||
| CVE-2007-3849 | 1 Redhat | 1 Enterprise Linux | 2017-09-29 | 1.9 LOW | N/A |
| Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced Intrusion Detection Environment (AIDE) before 0.13.1 with a database that lacks checksum information, which allows context-dependent attackers to bypass file integrity checks and modify certain files. | |||||
| CVE-2007-3850 | 2 Apple, Linux | 2 Powerpc, Linux Kernel | 2017-09-29 | 1.9 LOW | N/A |
| The eHCA driver in Linux kernel 2.6 before 2.6.22, when running on PowerPC, does not properly map userspace resources, which allows local users to read portions of physical address space. | |||||
| CVE-2007-3851 | 2 Intel, Linux | 2 I915 Chipset, Linux Kernel | 2017-09-29 | 6.0 MEDIUM | N/A |
| The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer. | |||||
| CVE-2007-3876 | 1 Apple | 1 Mac Os X | 2017-09-29 | 6.6 MEDIUM | N/A |
| Stack-based buffer overflow in SMB in Apple Mac OS X 10.4.11 allows local users to execute arbitrary code via (1) a long workgroup (-W) option to mount_smbfs or (2) an unspecified manipulation of the command line to smbutil. | |||||
| CVE-2007-3881 | 1 Pictures Rating | 1 Pictures Rating | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Pictures Rating (Picture Rating) allows remote attackers to execute arbitrary SQL commands via the msgid parameter. | |||||
| CVE-2007-3882 | 1 Popscript.com | 1 Expert Advisor | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Expert Advisor allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-3883 | 1 Datadynamics | 1 Activebar | 2017-09-29 | 5.1 MEDIUM | N/A |
| The Data Dynamics ActiveBar ActiveX control (actbar3.ocx) 3.2 and earlier allows remote attackers to create or overwrite files via a full pathname in (1) the second argument to the Save method, or the first argument to the (2) SaveLayoutChanges or (3) SaveMenuUsageData method. | |||||
| CVE-2007-3919 | 2 Debian, Xensource Inc | 2 Debian Linux, Xen | 2017-09-29 | 6.0 MEDIUM | N/A |
| (1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm. | |||||
| CVE-2007-3920 | 3 Compiz, Gnome, Ubuntu | 3 Compiz, Screensaver, Ubuntu Linux | 2017-09-29 | 6.2 MEDIUM | N/A |
| GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069. | |||||
| CVE-2007-3922 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-29 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to certain localhost services running on the machine that loaded the applet. | |||||
| CVE-2007-3932 | 1 Joomla | 1 Expose | 2017-09-29 | 7.5 HIGH | N/A |
| uploadimg.php in the Expose RC35 and earlier (com_expose) component for Joomla! sends an error message but does not exit when it detects an attempt to upload a non-JPEG file, which allows remote attackers to upload and execute arbitrary PHP code in the img/ folder. | |||||
| CVE-2007-3933 | 1 Quickestore | 1 Quickestore | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in insertorder.cfm in QuickEStore 8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the CFTOKEN parameter, a different vector than CVE-2006-2053. | |||||