Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3085 | 1 Pbsite | 1 Pbsite | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PBSite allow remote attackers to execute arbitrary PHP code via a URL in the (1) dbpath parameter to (a) useronline.php, (b) ucp.php, (c) setcookie.php, (d) sendpm.php, (e) search.php, (f) register.php, (g) profile.php, (h) post.php, (i) pmpshow.php, (j) pm.php, (k) ntopic.php, (l) nreply.php, (m) news.php, (n) memberslist.php, (o) logout.php, (p) login.php, (q) index.php, (r) help.php, (s) forum.php, (t) error.php, (u) editpost.php, (v) delpost.php, (w) delpm.php, (x) confirm.php, (y) board.php, (z) admin2.php, (aa) admin.php, or (bb) templates/pb/css/formstyles.php; or the (2) temppath parameter to (a) useronline.php, (c) setcookie.php, (e) search.php, (f) register.php, (h) post.php, (l) nreply.php, (m) news.php, (o) logout.php, (p) login.php, (q) index.php, (r) help.php, (s) forum.php, (t) error.php, (w) delpm.php, (x) confirm.php, or (y) board.php. | |||||
| CVE-2007-3066 | 1 Phpreactor | 1 Phpreactor | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in php(Reactor) 1.2.7 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter to (1) view.inc.php, (2) users.inc.php, (3) updatecms.inc.php, and (4) polls.inc.php in inc/; and other unspecified files, different vectors than CVE-2006-3983. | |||||
| CVE-2007-3070 | 1 Bdigital Web Solutions | 1 Webstudio Cms | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in BDigital Web Solutions WebStudio allows remote attackers to inject arbitrary web script or HTML via the pageid parameter. | |||||
| CVE-2007-3086 | 1 Agnitum | 1 Outpost Firewall | 2018-10-16 | 4.9 MEDIUM | N/A |
| Unrestricted critical resource lock in Agnitum Outpost Firewall PRO 4.0 1007.591.145 and earlier allows local users to cause a denial of service (system hang) by capturing the outpost_ipc_hdr mutex. | |||||
| CVE-2007-3073 | 3 Apple, Mozilla, Unix | 3 Mac Os X, Firefox, Unix | 2018-10-16 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix allows remote attackers to read arbitrary files via ..%2F (dot dot encoded slash) sequences in a resource:// URI. | |||||
| CVE-2007-3081 | 1 Comdev | 1 Comdev Ecommerce | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in sampleecommerce.php in Comdev eCommerce 4.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. | |||||
| CVE-2007-3083 | 1 Rainbowsoft | 1 Z-blog | 2018-10-16 | 7.8 HIGH | N/A |
| Z-Blog 1.7 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for zblog.mdb. | |||||
| CVE-2007-3084 | 1 Comdev | 1 Comdev Web Blogger | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in sampleblogger.php in Comdev Web Blogger 4.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter, a different vector than CVE-2006-5441. | |||||
| CVE-2007-3087 | 1 Peercast | 1 Peercast | 2018-10-16 | 7.8 HIGH | N/A |
| Peercast places a cleartext password in a query string, which might allow attackers to obtain sensitive information by sniffing the network, or obtaining Referer or browser history information. | |||||
| CVE-2007-3088 | 1 Gaya Design | 1 Comicsense | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Comicsense allows remote attackers to execute arbitrary SQL commands via the epi parameter. | |||||
| CVE-2007-3089 | 1 Mozilla | 1 Firefox | 2018-10-16 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystroke values from window.event, aka the "promiscuous IFRAME access bug," a related issue to CVE-2006-4568. | |||||
| CVE-2007-3097 | 1 F5 | 1 Firepass 4100 | 2018-10-16 | 7.5 HIGH | N/A |
| my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote attackers to execute arbitrary shell commands via shell metacharacters in the username parameter. | |||||
| CVE-2007-3109 | 1 Microsoft | 2 Frontpage, Office | 2018-10-16 | 6.4 MEDIUM | N/A |
| The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage allows remote attackers to determine the existence, and possibly partial contents, of arbitrary files under the web root via a relative pathname in the PATH_INFO. | |||||
| CVE-2007-3151 | 1 Packeteer | 1 Packetshaper | 2018-10-16 | 5.0 MEDIUM | N/A |
| rpttop.htm in the web management interface in Packeteer PacketShaper 7.3.0g2 and 7.5.0g1 allows remote attackers to cause a denial of service (device reboot) via a request with empty values of the OP.MEAS.DATAQUERY and MEAS.TYPE parameters. | |||||
| CVE-2007-3127 | 1 Ibm | 1 Websphere Portal | 2018-10-16 | 5.0 MEDIUM | N/A |
| content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to obtain sensitive information via a "';" (quote semicolon) sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message. | |||||
| CVE-2007-3128 | 1 Ibm | 1 Websphere Portal | 2018-10-16 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2007-3129 | 1 Utopia Software | 1 Utopia News Pro | 2018-10-16 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in Utopia News Pro 1.4.0 allows remote attackers to inject arbitrary web script or HTML via the password parameter. | |||||
| CVE-2007-3131 | 1 Public Warehouse | 1 Light Blog | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in add_comment.php in Light Blog 4.1 before 20070606 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2007-3132 | 1 Symantec | 2 Ghost Solutions Suite, Norton Ghost | 2018-10-16 | 5.0 MEDIUM | N/A |
| Multiple vulnerabilities in Symantec Ghost Solution Suite 2.0.0 and earlier, with Ghost 8.0.992 and possibly other versions, allow remote attackers to cause a denial of service (client or server crash) via malformed requests to the daemon port, 1346/udp or 1347/udp. | |||||
| CVE-2007-3133 | 1 W1l3d4 | 1 Webmarket | 2018-10-16 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in urunbak.asp in W1L3D4 WEBmarket 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-3135 | 1 Atom | 1 Photoblog | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in atomPhotoBlog.php in Atom Photoblog 1.0.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the tag parameter. | |||||
| CVE-2007-3141 | 1 Phpwebthings | 1 Phpwebthings | 2018-10-16 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in core/editor.php in phpWebThings 1.5.2 allows remote attackers to execute arbitrary PHP code via a URL in the editor_insert_top parameter. NOTE: the editor_insert_bottom vector is already covered by CVE-2006-6042. | |||||
| CVE-2007-3146 | 1 Zen Help Desk Software | 1 Zen Help Desk | 2018-10-16 | 5.0 MEDIUM | N/A |
| Zen Help Desk 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct request for ZenHelpDesk.mdb. | |||||
| CVE-2007-3158 | 1 Tenyearsgone | 1 Asp Folder Gallery | 2018-10-16 | 5.0 MEDIUM | N/A |
| download_script.asp in ASP Folder Gallery allows remote attackers to read arbitrary files via a filename in the file parameter. | |||||
| CVE-2007-3173 | 1 Almnzm | 1 Almnzm | 2018-10-16 | 5.0 MEDIUM | N/A |
| Almnzm allows remote attackers to obtain sensitive information via an activateorder request to index.php with an invalid orderid parameter, probably related to '[' and ']' characters. | |||||
| CVE-2007-3178 | 1 Zindizayn Okul Web Sistemi | 1 Zindizayn Okul Web Sistemi | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Zindizayn Okul Web Sistemi 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) pass parameter to (a) mezungiris.asp or (b) ogretmenkontrol.asp. | |||||
| CVE-2007-3179 | 1 Particle Blogger | 1 Particle Blogger | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in archives.php in Particle Blogger 1.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the month parameter and other unspecified vectors. | |||||
| CVE-2007-3182 | 1 Vincent Hor | 1 Calendarix | 2018-10-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Calendarix 0.7.20070307, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) year and (2) month parameters to calendar.php, and the (3) leftfooter parameter to cal_footer.inc.php. NOTE: the ycyear parameter to yearcal.php is already covered by CVE-2006-1835. | |||||
| CVE-2007-3183 | 1 Vincent Hor | 1 Calendarix | 2018-10-16 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Calendarix 0.7.20070307, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters to calendar.php and the (3) search string to cal_search.php. | |||||
| CVE-2007-3189 | 1 Jffnms | 1 Just For Fun Network Management System | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter. | |||||
| CVE-2007-3190 | 1 Jffnms | 1 Just For Fun Network Management System | 2018-10-16 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) pass parameters. | |||||
| CVE-2007-3191 | 1 Jffnms | 1 Just For Fun Network Management System | 2018-10-16 | 9.4 HIGH | N/A |
| Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to obtain configuration information via a direct request to admin/adm/test.php, which calls the phpinfo function. | |||||
| CVE-2007-3192 | 1 Jffnms | 1 Just For Fun Network Management System | 2018-10-16 | 9.4 HIGH | N/A |
| admin/setup.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to read and modify configuration settings via a direct request. | |||||
| CVE-2007-3194 | 1 Mywebland | 1 Mybloggie | 2018-10-16 | 7.5 HIGH | N/A |
| ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in myBloggie 2.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the bloggie_root_path parameter to (1) config.php; (2) db.php, (3) template.php, (4) functions.php, and (5) classes.php in includes/; (6) viewmode.php; and (7) blog_body.php. NOTE: another researcher disputes the vulnerability because the files are protected against direct requests, contain no relevant include statements, or do not exist. | |||||
| CVE-2007-3196 | 1 Jelsoft | 1 Vbsupport Integrated Ticket System | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in vBSupport.php in vSupport Integrated Ticket System 3.x.x allows remote attackers to execute arbitrary SQL commands via the ticketid parameter in a showticket action. | |||||
| CVE-2007-3198 | 1 Maran | 1 Php Blog | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in comments.php in Maran PHP Blog (Maran Blog), possibly only versions before 20070610, allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2007-3201 | 1 Winpt | 1 Winpt | 2018-10-16 | 7.1 HIGH | N/A |
| Visual truncation vulnerability in Windows Privacy Tray (WinPT) 1.2.0 allows user-assisted remote attackers to install a key listed under the wrong user ID, and possibly cause the user to encrypt a victim's correspondence with this attacker-supplied key, via a key ID composed of the attacker's user ID, space characters, an invalid WinPT message, additional space characters, and the victim's user ID. | |||||
| CVE-2007-3202 | 1 Bruce Corkhill | 1 Web Wiz Rich Text Editor | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the rich text editor in Webwiz allows remote attackers to inject arbitrary web script or HTML via URL-encoded HTML composed of a frameset in which a frame has a SRC attribute pointing to a JavaScript document. | |||||
| CVE-2007-3205 | 2 Hardened-php Project, Php | 3 Hardened-php, Subhosin, Php | 2018-10-16 | 5.0 MEDIUM | N/A |
| The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin. | |||||
| CVE-2007-3215 | 1 Phpmailer | 1 Phpmailer | 2018-10-16 | 6.8 MEDIUM | N/A |
| PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php. | |||||
| CVE-2007-3217 | 1 Prototype Of An Php Application | 1 Prototype Of An Php Application | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Prototype of an PHP application 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the path_inc parameter to (1) index.php in gestion/; (2) identification.php, (3) disconnect.php, (4) loginliste.php, (5) loginmodif.php, (6) index.php, and (7) ident.inc.php in ident/; (8) menuadministration.php and (9) menuprincipal.php in menu/; (10) param.inc.php in param/; (11) index.php in plugins/phpgacl/; and (12) index.php and (13) common.inc.php. | |||||
| CVE-2007-3238 | 1 Wordpress | 1 Wordpress | 2018-10-16 | 6.0 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability. | |||||
| CVE-2007-3239 | 1 Wordpress | 1 Wordpress | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in searchform.php in the AndyBlue theme before 20070607 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to index.php. NOTE: this can be leveraged for PHP code execution in an administrative session. | |||||
| CVE-2007-3240 | 1 Wordpress | 1 Wordpress | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in 404.php in the Vistered-Little theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI) that accesses index.php. NOTE: this can be leveraged for PHP code execution in an administrative session. | |||||
| CVE-2007-3241 | 1 Wordpress | 1 Wordpress | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in blogroll.php in the cordobo-green-park theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI. | |||||
| CVE-2007-3026 | 1 Panda | 1 Adminsecure | 2018-10-16 | 9.3 HIGH | N/A |
| Integer overflow in Panda Software AdminSecure allows remote attackers to execute arbitrary code via crafted packets with modified length values to TCP ports 19226 or 19227, resulting in a heap-based buffer overflow. | |||||
| CVE-2007-3013 | 1 Activeweb | 1 Contentserver | 2018-10-16 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/picture_real_edit.asp, and probably other unspecified vectors. | |||||
| CVE-2007-2992 | 1 Omegasoft | 1 Interneserviceslosungen | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in OmegaMw7.asp in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allow remote attackers to execute arbitrary SQL commands via (1) user-created text fields; the (2) F05003, (3) F05005, and (4) F05015 fields; and other unspecified standard fields. | |||||
| CVE-2007-3002 | 1 Php Jackknife | 1 Php Jackknife | 2018-10-16 | 5.0 MEDIUM | N/A |
| PHP JackKnife (PHPJK) allows remote attackers to obtain sensitive information via (1) a request to index.php with an invalid value of the iParentUnq[] parameter, or a request to G_Display.php with an invalid (2) iCategoryUnq[] or (3) sSort[] array parameter, which reveals the path in various error messages. | |||||
| CVE-2007-2953 | 1 Vim Development Group | 1 Vim | 2018-10-16 | 6.8 MEDIUM | N/A |
| Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command. | |||||