Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3012 | 1 Fujitsu | 1 Primergy Bx300 | 2018-10-16 | 5.0 MEDIUM | N/A |
| The web interface in Fujitsu-Siemens Computers PRIMERGY BX300 Switch Blade allows remote attackers to obtain sensitive information by canceling the authentication dialog when accessing a sub-page, which still displays the form field contents of the sub-page, as demonstrated using (1) config/ip_management.htm and (2) config/snmp_config.htm. | |||||
| CVE-2007-2973 | 1 Avira | 2 Antivir, Av Pack | 2018-10-16 | 7.8 HIGH | N/A |
| Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed TAR archive. | |||||
| CVE-2007-2972 | 1 Avira | 2 Antivir, Av Pack | 2018-10-16 | 7.8 HIGH | N/A |
| The file parsing engine in Avira Antivir Antivirus before 7.04.00.24 allows remote attackers to cause a denial of service (application crash) via a crafted UPX compressed file, which triggers a divide-by-zero error. | |||||
| CVE-2007-3003 | 1 Mywebland | 1 Mybloggie | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) year parameter to index.php in a viewuser action, different vectors than CVE-2005-1500 and CVE-2005-4225. | |||||
| CVE-2007-2968 | 1 Cpcommerce | 1 Cpcommerce | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in register.php in cpCommerce 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter (Full Name field). | |||||
| CVE-2007-2869 | 1 Mozilla | 1 Firefox | 2018-10-16 | 4.3 MEDIUM | N/A |
| The form autocomplete feature in Mozilla Firefox 1.5.x before 1.5.0.12, 2.x before 2.0.0.4, and possibly earlier versions, allows remote attackers to cause a denial of service (persistent temporary CPU consumption) via a large number of characters in a submitted form. | |||||
| CVE-2007-2916 | 1 Gmtt | 1 Music Distro | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in showown.php in GMTT Music Distro 1.2 allows remote attackers to inject arbitrary web script or HTML via the st parameter. | |||||
| CVE-2007-2887 | 1 Forsnet | 1 Web Icerik Yonetim Sistemi | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Web Icerik Yonetim Sistemi (WIYS) 1.0 allows remote attackers to inject arbitrary web script or HTML via the No parameter in the Sayfa page. | |||||
| CVE-2007-2883 | 1 Credant | 1 Credant Mobile Guardian Shield - Windows | 2018-10-16 | 4.6 MEDIUM | N/A |
| Credant Mobile Guardian Shield for Windows 5.2.1.105 and earlier stores account names and passwords in plaintext in memory, which allows local users to obtain sensitive information by (1) reading the paging file or (2) dumping and searching the memory image. NOTE: This issue crosses privilege boundaries because the product is intended to protect the data on a stolen computer. | |||||
| CVE-2007-2951 | 1 Kvirc | 1 Irc Client | 2018-10-16 | 9.3 HIGH | N/A |
| The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc 3.2.0 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an (1) irc:// or (2) irc6:// URI. | |||||
| CVE-2007-2930 | 1 Isc | 1 Bind | 2018-10-16 | 4.3 MEDIUM | N/A |
| The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors. NOTE: this issue is different from CVE-2007-2926. | |||||
| CVE-2007-2880 | 1 Digiappz | 1 Digirez | 2018-10-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Digirez 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Room_name parameter to room/info_book.asp or the (2) curYear parameter to room/week.asp. | |||||
| CVE-2007-2879 | 1 Gnuturk | 1 Gnuturk Portal System | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mods.php in GTP GNUTurk Portal System 3G allows remote attackers to inject arbitrary web script or HTML via the month parameter. | |||||
| CVE-2007-3001 | 1 Php Jackknife | 1 Php Jackknife | 2018-10-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP JackKnife (PHPJK) allow remote attackers to inject arbitrary web script or HTML via (1) the sUName parameter to UserArea/Authenticate.php, (2) the sAccountUnq parameter to UserArea/NewAccounts/index.php, or the (3) iCategoryUnq, (4) iDBLoc, (5) iTtlNumItems, (6) iNumPerPage, or (7) sSort parameter to G_Display.php, different vectors than CVE-2005-4239. | |||||
| CVE-2007-2905 | 1 2z Project | 1 2z Project | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the post_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2908 | 1 Jelsoft | 1 Vbulletin | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin before 3.6.6 allows remote attackers to inject arbitrary web script or HTML via the title field in a single add action. | |||||
| CVE-2007-3017 | 1 Activeweb | 1 Contentserver | 2018-10-16 | 4.0 MEDIUM | N/A |
| The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to admin/worklist/worklist_edit.asp. | |||||
| CVE-2007-2991 | 1 Evenzia | 1 Evenzia Cms | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in includes/send.inc.php in Evenzia CMS allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||||
| CVE-2007-2913 | 1 Clonuswiki | 1 Clonuswiki | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in ClonusWiki .5 allows remote attackers to inject arbitrary web script or HTML via the query parameter. | |||||
| CVE-2007-2988 | 1 Inout Scripts | 1 Inout Meta Search Engine | 2018-10-16 | 7.5 HIGH | N/A |
| A certain admin script in Inout Meta Search Engine sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a request to admin/create_engine.php followed by a request to admin/generate_tabs.php. | |||||
| CVE-2007-2915 | 1 Rm Easymail | 1 Rm Easymail Plus | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in RM EasyMail Plus allows remote attackers to inject arbitrary web script or HTML via the title field in an email. | |||||
| CVE-2007-3018 | 1 Activeweb | 1 Contentserver | 2018-10-16 | 4.0 MEDIUM | N/A |
| activeWeb contentserver CMS before 5.6.2964 does not limit the file-creation ability of editors who have restricted accounts, which allows these editors to create files in arbitrary directories. | |||||
| CVE-2007-2962 | 1 Particle Soft | 1 Particle Gallery | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Particle Gallery 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the order parameter. | |||||
| CVE-2007-2959 | 1 Cpcommerce | 1 Cpcommerce | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in manufacturer.php in cpCommerce before 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id_manufacturer parameter. | |||||
| CVE-2007-2945 | 1 Rmforum | 1 Rmforum | 2018-10-16 | 5.0 MEDIUM | N/A |
| RMForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for rmforum.mdb. | |||||
| CVE-2007-2974 | 1 Avira | 2 Antivir, Av Pack | 2018-10-16 | 10.0 HIGH | N/A |
| Buffer overflow in the file parsing engine in Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to execute arbitrary code via a crafted LZH archive file, resulting from an "integer cast around." | |||||
| CVE-2007-3000 | 1 Php Jackknife | 1 Php Jackknife | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP JackKnife (PHPJK) allow remote attackers to execute arbitrary SQL commands via (1) the iCategoryUnq parameter to G_Display.php or (2) the iSearchID parameter to Search/DisplayResults.php. | |||||
| CVE-2007-2871 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-16 | 4.3 MEDIUM | N/A |
| Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: this issue can be leveraged for phishing and other attacks. | |||||
| CVE-2007-2994 | 1 Dian Gemilang | 1 Dgnews | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a fullnews action, a different vector than CVE-2007-0693. | |||||
| CVE-2007-2870 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-16 | 4.3 MEDIUM | N/A |
| Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the addEventListener method to add an event listener for a site, which is executed in the context of that site. | |||||
| CVE-2007-3011 | 1 Fujitsu | 1 Serverview | 2018-10-16 | 7.5 HIGH | N/A |
| The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens Computers ServerView before 4.50.09 allows remote attackers to execute arbitrary commands via shell metacharacters in the Servername subparameter of the ParameterList parameter. | |||||
| CVE-2007-3014 | 1 Activeweb | 1 Contentserver | 2018-10-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in activeWeb contentserver before 5.6.2964 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) errors/rights.asp or (2) errors/transaction.asp, or (3) the name of a MIME type (mimetype). | |||||
| CVE-2007-2993 | 1 Omegasoft | 1 Interneserviceslosungen | 2018-10-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OmegaMw7.asp in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allow remote attackers to inject arbitrary web script or HTML via (1) user-created text fields; the (2) F05003, (3) F05005, and (4) F05015 fields; and other unspecified standard fields. | |||||
| CVE-2007-2829 | 1 Madwifi | 1 Madwifi | 2018-10-16 | 5.0 MEDIUM | N/A |
| The 802.11 network stack in net80211/ieee80211_input.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system hang) via a crafted length field in nested 802.3 Ethernet frames in Fast Frame packets, which results in a NULL pointer dereference. | |||||
| CVE-2007-2785 | 1 Esyndicat | 1 Esyndicat Pro | 2018-10-16 | 6.8 MEDIUM | N/A |
| manage-admins.php in eSyndiCat Pro 1.x allows remote attackers to create additional administrative accounts, and have other unspecified impact, via modified username, new_pass, new_pass2, status, super, and certain other parameters in an add action. | |||||
| CVE-2007-2790 | 1 Vp-asp | 1 Vp-asp Shopping Cart | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in shopcontent.asp in VP-ASP Shopping Cart 6.50, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the type parameter. | |||||
| CVE-2007-2772 | 1 Ca | 1 Brightstor Arcserve Backup | 2018-10-16 | 7.8 HIGH | N/A |
| (1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and rwxdr.dll) in CA BrightStor Backup 11.5.2.0 SP2 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted RPC packet. | |||||
| CVE-2007-2796 | 1 Arris | 1 Cadant C3 Cmts | 2018-10-16 | 7.8 HIGH | N/A |
| Arris Cadant C3 CMTS allows remote attackers to cause a denial of service (service termination) via a malformed IP packet with an invalid IP option. | |||||
| CVE-2007-2797 | 3 Debian, Redhat, Xterm | 3 Debian Linux, Enterprise Linux, Xterm | 2018-10-16 | 2.1 LOW | N/A |
| xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in Debian GNU/Linux, sets the wrong group ownership of tty devices, which allows local users to write data to other users' terminals. | |||||
| CVE-2007-2800 | 1 Eticket | 1 Eticket | 2018-10-16 | 5.0 MEDIUM | N/A |
| index.php in eTicket 1.5.5.1 and earlier allows remote attackers to obtain sensitive information via the (1) name[], (2) email[], (3) phone[], or (4) subject[] parameters, which reveals the installation path in the resulting error messages. | |||||
| CVE-2007-2821 | 1 Wordpress | 1 Wordpress | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter. | |||||
| CVE-2007-2830 | 1 Madwifi | 1 Madwifi | 2018-10-16 | 5.0 MEDIUM | N/A |
| The ath_beacon_config function in if_ath.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system crash) via crafted beacon interval information when scanning for access points, which triggers a divide-by-zero error. | |||||
| CVE-2007-2687 | 1 Microworld Technologies | 1 Escan | 2018-10-16 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan before 9.0.718.1 allows remote attackers to execute arbitrary code via a long command. | |||||
| CVE-2007-2689 | 1 Checkpoint | 1 Web Intelligence | 2018-10-16 | 7.8 HIGH | N/A |
| Check Point Web Intelligence does not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic. | |||||
| CVE-2007-2690 | 1 Iss | 3 Proventia A Series Xpu, Proventia G Series Xpu, Proventia M Series Xpu | 2018-10-16 | 7.8 HIGH | N/A |
| Multiple IBM ISS Proventia Series products, including the A, G, and M series, do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic. | |||||
| CVE-2007-2729 | 1 Comodo | 2 Comodo Firewall Pro, Comodo Personal Firewall | 2018-10-16 | 7.2 HIGH | N/A |
| Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier. | |||||
| CVE-2007-2812 | 1 Hlstats | 1 Hlstats | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.35, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) the action parameter. | |||||
| CVE-2007-2862 | 1 Devellion | 1 Cubecart | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow remote attackers to execute arbitrary SQL commands via an unspecified parameter to cart.inc.php and certain other files in an include directory, related to missing sanitization of the $option variable and possibly cookie modification. | |||||
| CVE-2007-2731 | 1 Jetbox | 1 Jetbox Cms | 2018-10-16 | 4.0 MEDIUM | N/A |
| CRLF injection vulnerability in formmail.php in Jetbox CMS 2.1 might allow remote attackers to inject arbitrary e-mail headers via LF (%0A) sequences in the subject parameter, a related issue to CVE-2007-1898. | |||||
| CVE-2007-2732 | 1 Jetbox | 1 Jetbox Cms | 2018-10-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML via the (1) path parameter to view/search/; or the (2) companyname, (3) country, (4) email, (5) firstname, (6) middlename, (7) required, (8) surname, or (9) title parameter to view/supplynews/. | |||||