Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1845 | 1 Php Fusion | 1 Expanded Calendar Module | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in show_event.php in the Expanded Calendar (calendar_panel) 2.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the m_month parameter. | |||||
| CVE-2007-1844 | 1 Avatic | 1 Aardvark Topsites Php | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Aardvark Topsites PHP 5 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) button/settings_sql.php, (2) settings_sql.php, and (3) sources/misc/new_day.php. | |||||
| CVE-2007-1678 | 1 Fizzle | 1 Fizzle | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Fizzle 0.5 extension for Firefox allows remote attackers to inject arbitrary web script or HTML via RSS feeds, which are executed by the chrome: URI handler. | |||||
| CVE-2007-1792 | 1 Symantec | 2 Mail Security, Mail Security 8820 Appliance | 2018-10-16 | 7.8 HIGH | N/A |
| libdayzero.dll in the Filter Hub Service (filter-hub.exe) in Symantec Mail Security for SMTP before 5.0.1 Patch 181 and Mail Security Appliance before 5.0.0-36 allows remote attackers to cause a denial of service (crash) via a crafted executable attachment in an e-mail, involving the detection of "PE-Shield v0.2" and "ASPack v1.00-1.08.02". | |||||
| CVE-2007-1838 | 1 Xoops | 1 Friendfinder Module | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view.php in the Friendfinder 3.3 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-1836 | 1 Data Domain | 1 Data Domain Os | 2018-10-16 | 9.0 HIGH | N/A |
| The command line administration interface in Data Domain OS before 4.0.3.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in certain arguments to various commands, as demonstrated by the interface argument to the (1) ifconfig and (2) ping commands. | |||||
| CVE-2007-1680 | 1 Yahoo | 1 Messenger | 2018-10-16 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before 20070313 allows remote attackers to execute arbitrary code via long (1) socksHostname and (2) hostname properties. | |||||
| CVE-2007-1672 | 1 Avast | 1 Avast Antivirus | 2018-10-16 | 7.8 HIGH | N/A |
| avast! antivirus before 4.7.981 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | |||||
| CVE-2007-1669 | 2 Amavis, Barracuda Networks | 2 Amavis, Barracuda Spam Firewall | 2018-10-16 | 7.8 HIGH | N/A |
| zoo decoder 2.10 (zoo-2.10), as used in multiple products including (1) Barracuda Spam Firewall 3.4 and later with virusdef before 2.0.6399, (2) Spam Firewall before 3.4 20070319 with virusdef before 2.0.6399o, and (3) AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | |||||
| CVE-2007-1681 | 1 Sun | 2 Java Web Console, Solaris | 2018-10-16 | 7.5 HIGH | N/A |
| Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog. | |||||
| CVE-2007-1670 | 1 Panda | 6 Panda Activescan, Panda Antivirus, Panda Platinum 2006 Internet Security and 3 more | 2018-10-16 | 7.8 HIGH | N/A |
| Panda Software Antivirus before 20070402 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | |||||
| CVE-2007-1685 | 1 Bluecoat | 1 K9 Web Protection | 2018-10-16 | 10.0 HIGH | N/A |
| Buffer overflow in k9filter.exe in BlueCoat K9 Web Protection 3.2.36, and probably other versions before 3.2.44, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request to port 2372. | |||||
| CVE-2007-1695 | 1 Phpbb Group | 1 Phpbb | 2018-10-16 | 10.0 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in includes/usercp_register.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file checks for a global constant and cannot be accessed directly. | |||||
| CVE-2007-1671 | 1 Avira | 1 Antivir Personal | 2018-10-16 | 7.8 HIGH | N/A |
| avpack32.dll before 7.3.0.6 in Avira AntiVir allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | |||||
| CVE-2007-1689 | 1 Symantec | 2 Norton Internet Security, Norton Personal Firewall | 2018-10-16 | 10.0 HIGH | N/A |
| Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL for Norton Personal Firewall 2004 and Internet Security 2004 allows remote attackers to execute arbitrary code via long arguments to the (1) Get and (2) Set functions. | |||||
| CVE-2007-1787 | 1 Softerra | 1 Time-assistant | 2018-10-16 | 9.3 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in lib/timesheet.class.php in Softerra Time-Assistant 6.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) inc_dir or (2) lib_dir parameter. | |||||
| CVE-2007-1711 | 1 Php | 1 Php | 2018-10-16 | 6.8 MEDIUM | N/A |
| Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to (1) the GLOBALS array or (2) the session data in _SESSION. NOTE: this issue was introduced when attempting to patch CVE-2007-1701 (MOPB-31-2007). | |||||
| CVE-2007-1714 | 1 Cccounter | 1 Cccounter | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in CcCounter 2.0 allows remote attackers to inject arbitrary web script or HTML via dir parameter. | |||||
| CVE-2007-1721 | 1 Realink | 1 C-arbre | 2018-10-16 | 10.0 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in C-Arbre 0.6PR7 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) Richtxt_functions.inc.php, (2) adddocfile.php, (3) auth_check.php, (4) browse_current_category.inc.php, (5) docfile_details.php, (6) main.php, (7) mainarticle.php, (8) maindocfile.php, (9) modify.php, (10) new.php, (11) resource_details.php, or (12) smallsearch.php in lib/; or (13) mwiki/LocalSettings.php. | |||||
| CVE-2007-1744 | 2 Microsoft, Vmware | 2 Windows Xp, Workstation | 2018-10-16 | 6.3 MEDIUM | N/A |
| Directory traversal vulnerability in the Shared Folders feature for VMware Workstation before 5.5.4, when a folder is shared, allows users on the guest system to write to arbitrary files on the host system via the "Backdoor I/O Port" interface. | |||||
| CVE-2007-1674 | 1 Landesk | 1 Landesk Management Suite | 2018-10-16 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the Alert Service (aolnsrvr.exe) in LANDesk Management Suite 8.7 allows remote attackers to execute arbitrary code via a crafted packet to port 65535/UDP. | |||||
| CVE-2007-1728 | 1 Sony | 2 Playstation 3, Playstation Portable | 2018-10-16 | 7.8 HIGH | N/A |
| The Remote Play feature in Sony Playstation 3 (PS3) 1.60 and Playstation Portable (PSP) 3.10 OE-A allows remote attackers to cause a denial of service via a flood of UDP packets. | |||||
| CVE-2007-1729 | 1 Revolutionproducts | 1 Flexbb | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in includes/start.php in Flexbb 1.0.0 10005 Beta Release 1 allows remote attackers to execute arbitrary SQL commands via the flexbb_lang_id COOKIE parameter to index.php. | |||||
| CVE-2007-1730 | 1 Linux | 1 Linux Kernel | 2018-10-16 | 6.6 MEDIUM | N/A |
| Integer signedness error in the DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read kernel memory or cause a denial of service (oops) via a negative optlen value. | |||||
| CVE-2007-1733 | 1 Intervations | 1 Navicopa Web Server | 2018-10-16 | 10.0 HIGH | N/A |
| Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remote attackers to execute arbitrary code via a long (1) /cgi-bin/ or (2) /cgi/ pathname in an HTTP GET request, probably a different issue than CVE-2006-5112. | |||||
| CVE-2007-1734 | 1 Linux | 1 Linux Kernel | 2018-10-16 | 7.2 HIGH | N/A |
| The DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later does not verify the upper bounds of the optlen value, which allows local users running on certain architectures to read kernel memory or cause a denial of service (oops), a related issue to CVE-2007-1730. | |||||
| CVE-2007-1736 | 1 Mozilla | 1 Firefox | 2018-10-16 | 7.5 HIGH | N/A |
| Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection. | |||||
| CVE-2007-1737 | 1 Opera | 1 Opera Browser | 2018-10-16 | 7.5 HIGH | N/A |
| Opera 9.10 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection. | |||||
| CVE-2007-1738 | 1 Truecrypt Foundation | 1 Truecrypt | 2018-10-16 | 6.9 MEDIUM | N/A |
| TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service (filesystem unavailability) or gain privileges by mounting a crafted TrueCrypt volume, as demonstrated using (1) /usr/bin or (2) another user's home directory, a different issue than CVE-2007-1589. | |||||
| CVE-2007-1762 | 1 Mozilla | 1 Firefox | 2018-10-16 | 5.0 MEDIUM | N/A |
| Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs before checking them against the phishing site blacklist, which allows remote attackers to bypass phishing protection via multiple / (slash) characters in the URL. | |||||
| CVE-2007-1607 | 1 W-agora | 1 W-agora | 2018-10-16 | 5.0 MEDIUM | N/A |
| search.php in w-Agora (Web-Agora) allows remote attackers to obtain potentially sensitive information via a ' (quote) value followed by certain SQL sequences in the (1) search_forum or (2) search_user parameter, which force a SQL error. | |||||
| CVE-2007-1657 | 1 Python Software Foundation | 1 Python | 2018-10-16 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the file_compress function in minigzip (Modules/zlib) in Python 2.5 allows context-dependent attackers to execute arbitrary code via a long file argument. | |||||
| CVE-2007-1658 | 1 Microsoft | 1 Windows Vista | 2018-10-16 | 9.3 HIGH | N/A |
| Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe). | |||||
| CVE-2007-1661 | 2 Apple, Pcre | 3 Mac Os X, Mac Os X Server, Perl-compatible Regular Expression Library | 2018-10-16 | 6.4 MEDIUM | N/A |
| Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns. | |||||
| CVE-2007-1662 | 1 Pcre | 1 Pcre | 2018-10-16 | 5.0 MEDIUM | N/A |
| Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references. | |||||
| CVE-2007-1639 | 1 Phpprojekt | 1 Phpprojekt | 2018-10-16 | 4.6 MEDIUM | N/A |
| Unrestricted file upload vulnerability in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allows remote authenticated users to upload and execute arbitrary PHP code via a file with an executable extension, which is then accessed by the (1) calendar or (2) file management module, or possibly unspecified other files. | |||||
| CVE-2007-1638 | 1 Phpprojekt | 1 Phpprojekt | 2018-10-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the check_csrftoken function in lib/lib.inc.php in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote attackers to perform unauthorized actions as an arbitrary user via the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Notes, (5) Search, (6) Mail, or (7) Filemanager module; the (9) summary page; or unspecified other files. | |||||
| CVE-2007-1635 | 1 Net Portal Dynamic System | 1 Net Portal Dynamic System | 2018-10-16 | 9.0 HIGH | N/A |
| Static code injection vulnerability in admin/settings.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote authenticated users to inject arbitrary PHP code via the xtop parameter in a "ConfigSave" op to admin.php, which can later be accessed via a "Configure" op to admin.php. | |||||
| CVE-2007-1634 | 1 Net Portal Dynamic System | 1 Net Portal Dynamic System | 2018-10-16 | 7.5 HIGH | N/A |
| Variable extraction vulnerability in grab_globals.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to conduct SQL injection attacks via the _FILES[DB][tmp_name] parameter to print.php, which overwrites the $DB variable with dynamic variable evaluation. | |||||
| CVE-2007-1628 | 1 Studiewijzer | 1 Studiewijzer | 2018-10-16 | 9.3 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Study planner (Studiewijzer) 0.15 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the SPL_CFG[dirroot] parameter to (1) service.alert.inc.php or (2) settings.ses.php in inc/; (3) db/mysql/db.inc.php; (4) integration/shortstat/configuration.php; (5) ali.class.php or (6) cat.class.php in methodology/traditional/class/; (7) cat_browse.inc.php, (8) chr_browse.inc.php, (9) chr_display.inc.php, or (10) dash_browse.inc.php in methodology/traditional/ui/inc/; (11) spl.webservice.php or (12) konfabulator/gateway_admin.php in ws/; or other unspecified files. | |||||
| CVE-2007-1631 | 1 Clbox | 1 Clbox | 2018-10-16 | 10.0 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in signup.php in CLBOX 1.01 allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: this issue has been disputed by a reliable third party, stating that header is defined through an include file before use. | |||||
| CVE-2007-1609 | 1 Oracle | 1 Application Server | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in servlet/Spy in Dynamic Monitoring Services (DMS) in Oracle Application Server (OAS) 10g 10.1.2.0.0 allows remote attackers to inject arbitrary web script or HTML via the table parameter. NOTE: This may be related to CVE-2002-0563. | |||||
| CVE-2007-1605 | 1 W-agora | 1 W-agora | 2018-10-16 | 5.0 MEDIUM | N/A |
| w-Agora (Web-Agora) allows remote attackers to obtain sensitive information via a request to rss.php with an invalid (1) site or (2) bn parameter, (3) a certain value of the site[] parameter, or (4) an empty value of the bn[] parameter; a request to index.php with a certain value of the (5) site[] or (6) sort[] parameter; (7) a request to profile.php with an empty value of the site[] parameter; or a request to search.php with (8) an empty value of the bn[] parameter or a certain value of the (9) pattern[] or (10) search_date[] parameter, which reveal the path in various error messages, probably related to variable type inconsistencies. NOTE: the bn[] parameter to index.php is already covered by CVE-2007-0606.1. | |||||
| CVE-2007-1604 | 1 W-agora | 1 W-agora | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple unrestricted file upload vulnerabilities in w-Agora (Web-Agora) allow remote attackers to upload and execute arbitrary PHP code (1) via a forum message with an attached file, which is stored under forums/hello/hello/notes/ or (2) by using browse_avatar.php to upload a file with a double extension, as demonstrated by .php.jpg. | |||||
| CVE-2007-1602 | 1 Weekly Drawing Contest | 1 Weekly Drawing Contest | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in check_vote.php in Weekly Drawing Contest 0.0.1 allows remote attackers to execute arbitrary SQL commands via the order parameter. | |||||
| CVE-2007-1606 | 1 W-agora | 1 W-agora | 2018-10-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in w-Agora (Web-Agora) allow remote attackers to inject arbitrary web script or HTML via (1) the showuser parameter to profile.php, the (2) search_forum or (3) search_user parameter to search.php, or (4) the userid parameter to change_password.php. | |||||
| CVE-2007-1603 | 1 Weekly Drawing Contest | 1 Weekly Drawing Contest | 2018-10-16 | 7.5 HIGH | N/A |
| admin/contest.php in Weekly Drawing Contest 0.0.1 allows remote attackers to bypass authentication, and insert new contest information into a database, via a direct POST request. | |||||
| CVE-2007-1646 | 1 Subhub | 1 Subhub | 2018-10-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SubHub 2.3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the searchtext parameter to (a) /search, or the (2) message parameter to (b) /calendar or (c) /subscribe. | |||||
| CVE-2007-1594 | 1 Asterisk | 1 Asterisk | 2018-10-16 | 7.8 HIGH | N/A |
| The handle_response function in chan_sip.c in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP Response code 0 in a SIP packet. | |||||
| CVE-2007-1586 | 1 Zyxel | 1 Zynos | 2018-10-16 | 7.8 HIGH | N/A |
| ZynOS 3.40 allows remote attackers to cause a denial of service (link restart) by sending a request for the name \M via the SMB Mail Slot Protocol. | |||||