Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1471 | 1 Orion-blog | 1 Orion-blog | 2018-10-16 | 7.5 HIGH | N/A |
| admin/default.asp in Orion-Blog 2.0 allows remote attackers to bypass authentication controls and gain privileges via a direct URL request for admin/AdminBlogNewsEdit.asp. | |||||
| CVE-2007-1467 | 1 Cisco | 18 Acs Solution Engine, Call Manager, Ciscoworks and 15 more | 2018-10-16 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form. | |||||
| CVE-2007-1459 | 1 Webcreator | 1 Webcreator | 2018-10-16 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in WebCreator 0.2.6-rc3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the moddir parameter to (1) content/load.inc.php, (2) config/load.inc.php, (3) http/load.inc.php, and unspecified other files. | |||||
| CVE-2007-1458 | 1 Care2x | 1 Care2x | 2018-10-16 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in CARE2X 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) inc_checkdate_lang.php, (2) inc_charset_fx.php, (3) inc_config_color.php, (4) inc_currency_set.php, (5) inc_db_makelink.php, (6) inc_diagnostics_report_fx.php, (7) inc_environment_global.php, (8) inc_front_chain_lang.php, (9) inc_init_crypt.php, (10) inc_load_copyrite.php, or (11) inc_news_save.php in include/; (12) diagnostics-report-index.php, (13) config_options_mascot.php, (14) barcode-labels.php, (15) chg-color.php, or (16) config_options_gui_template.php in main/; or unspecified other files. | |||||
| CVE-2007-1456 | 1 Phpalbum.net | 1 Phpalbum | 2018-10-16 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in common.php in PHP Photo Album allows remote attackers to execute arbitrary PHP code via a URL in the db_file parameter. NOTE: CVE disputes this vulnerability, because versions 0.3.2.6 and 0.4.1beta do not contain this file. However, it is possible that the original researcher was referring to a different product. | |||||
| CVE-2007-1455 | 1 Cpanel-host | 1 Fantastico De Luxe | 2018-10-16 | 9.0 HIGH | N/A |
| Multiple absolute path traversal vulnerabilities in Fantastico, as used with cPanel 10.x, allow remote authenticated users to include and execute arbitrary local files via (1) the userlanguage parameter to includes/load_language.php or (2) the fantasticopath parameter to includes/mysqlconfig.php and certain other files. | |||||
| CVE-2007-1451 | 1 Guppy | 1 Guppy | 2018-10-16 | 6.4 MEDIUM | N/A |
| GuppY 4.0 allows remote attackers to delete arbitrary files via a direct request to install/install.php, then selecting "Installation propre" (cleanup.php) and then "Suppression des fichiers d'installation" (delete.php). | |||||
| CVE-2007-1450 | 1 Phpnuke | 1 Php-nuke | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands in the Top or News module via the lang parameter. | |||||
| CVE-2007-1449 | 1 Phpnuke | 1 Php-nuke | 2018-10-16 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. | |||||
| CVE-2007-1515 | 1 Horde | 1 Imp | 2018-10-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4.1.3, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via (1) the email Subject header in thread.php, (2) the edit_query parameter in search.php, or other unspecified parameters in search.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-1440 | 1 Jgbbs | 1 Jgbbs | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 allows remote attackers to execute arbitrary SQL commands via the author parameter. | |||||
| CVE-2007-1437 | 2 Ledgersmb, Sql-ledger | 2 Ledgersmb, Sql-ledger | 2018-10-16 | 9.0 HIGH | N/A |
| Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution. | |||||
| CVE-2007-1436 | 2 Ledgersmb, Sql-ledger | 2 Ledgersmb, Sql-ledger | 2018-10-16 | 7.5 HIGH | N/A |
| Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring. | |||||
| CVE-2007-1434 | 1 Grayscale | 1 Grayscale Blog | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) userdetail.php, id and (2) url parameter to (b) jump.php, and id variable to (c) detail.php. | |||||
| CVE-2007-1433 | 1 Grayscale | 1 Grayscale Blog | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment fields to (1) scripts/addblog_comment.php and (2) detail.php. | |||||
| CVE-2007-1432 | 1 Grayscale | 1 Grayscale Blog | 2018-10-16 | 7.5 HIGH | N/A |
| Grayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to gain privileges via direct requests with modified arguments in (1) the user_permissions parameter to add_users.php, and unspecified parameters to (2) addblog.php, (3) editblog.php, (4) editlinks.php, (5) edit_users.php, and (6) add_links.php. | |||||
| CVE-2007-1430 | 1 Clip-share | 1 Clipshare | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/adodb-connection.inc.php in ClipShare 1.5.3 allows remote attackers to execute arbitrary PHP code via a URL in the cmd parameter. | |||||
| CVE-2007-1429 | 1 Moodle | 1 Moodle | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Moodle 1.7.1 allow remote attackers to execute arbitrary PHP code via a URL in the cmd parameter to (1) admin/utfdbmigrate.php or (2) filter.php. | |||||
| CVE-2007-1427 | 1 Assetman | 1 Assetman | 2018-10-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download_pdf.php in AssetMan 2.4a and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the pdf_file parameter. | |||||
| CVE-2007-1424 | 1 Softnews Media Group | 1 Datalife Engine | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Softnews Media Group DataLife Engine allow remote attackers to execute arbitrary PHP code via a URL in the root_dir parameter to (1) init.php and (2) Ajax/editnews.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-1422 | 1 Duyuru Scripti | 1 Duyuru Scripti | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in goster.asp in fystyq Duyuru Scripti allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-0688. | |||||
| CVE-2007-1421 | 1 Premod Subdog | 1 Premod Subdog | 2018-10-16 | 10.0 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Premod SubDog 2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) functions_kb.php, (2) themen_portal_mitte.php, or (3) logger_engine.php in includes/. | |||||
| CVE-2007-1417 | 1 Hc Design | 1 Newssystem | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in HC NEWSSYSTEM 1.0-4 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a komm aktion. | |||||
| CVE-2007-1416 | 1 Jccorp | 1 Urlshrink | 2018-10-16 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in createurl.php in JCcorp (aka James Coyle) URLshrink allows remote attackers to execute arbitrary PHP code via a URL in the formurl parameter. | |||||
| CVE-2007-1414 | 1 Coppermine | 1 Coppermine Photo Gallery | 2018-10-16 | 10.0 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter to (c) include/functions.php, (d) include/plugin_api.inc.php, (e) index.php, or (f) pluginmgr.php. | |||||
| CVE-2007-1409 | 1 Wordpress | 1 Wordpress | 2018-10-16 | 5.0 MEDIUM | N/A |
| WordPress allows remote attackers to obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message. | |||||
| CVE-2007-1464 | 1 Inkscape | 1 Inkscape | 2018-10-16 | 6.8 MEDIUM | N/A |
| Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-1463 | 2 Inkscape, Ubuntu | 2 Inkscape, Ubuntu Linux | 2018-10-16 | 6.8 MEDIUM | N/A |
| Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs. | |||||
| CVE-2007-1401 | 1 Php | 1 Php | 2018-10-16 | 6.9 MEDIUM | N/A |
| Buffer overflow in the crack extension (CrackLib), as bundled with PHP 4.4.6 and other versions before 5.0.0, might allow local users to gain privileges via a long argument to the crack_opendict function. | |||||
| CVE-2007-1391 | 1 Webo | 1 Webo | 2018-10-16 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in modules/abook/foldertree.php in Leo West WEBO (aka weborganizer) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter. | |||||
| CVE-2007-1390 | 1 Dynaliens | 1 Dynaliens | 2018-10-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in dynaliens 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) recherche.php3 or (2) ajouter.php3. | |||||
| CVE-2007-1389 | 1 Dynaliens | 1 Dynaliens | 2018-10-16 | 7.5 HIGH | N/A |
| dynaliens 2.0 and 2.1 allows remote attackers to bypass authentication and perform certain privileged actions via a direct request for (1) validlien.php3 (2) supprlien.php3 (3) supprub.php3 (4) validlien.php3 (5) confsuppr.php3 (6) modiflien.php3, or (7) confmodif.php3 in admin/. | |||||
| CVE-2007-1371 | 1 Radscan | 1 Conquest | 2018-10-16 | 6.9 MEDIUM | N/A |
| Multiple buffer overflows in Conquest 8.2a and earlier (1) allow local users to gain privileges by querying a metaserver that sends a long server entry processed by metaGetServerList and allow remote metaservers to execute arbitrary code via a long server entry processed by metaGetServerList; (2) allow attackers to have an unknown impact by exceeding the configured number of metaservers; and allow remote attackers to corrupt memory via a SP_CLIENTSTAT packet with certain values of (3) unum or (4) snum, different vulnerabilities than CVE-2003-0933. | |||||
| CVE-2007-1352 | 8 Mandrakesoft, Openbsd, Redhat and 5 more | 14 Mandrake Linux, Mandrake Linux Corporate Server, Mandrake Multi Network Firewall and 11 more | 2018-10-16 | 3.8 LOW | N/A |
| Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow. | |||||
| CVE-2007-1350 | 1 Novell | 1 Netmail | 2018-10-16 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 allows remote attackers to execute arbitrary code via a long username during HTTP Basic authentication. | |||||
| CVE-2007-1342 | 1 Jelsoft | 1 Vbulletin | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the add rss url form. | |||||
| CVE-2007-1439 | 1 Bitesser | 1 Mysql Commander | 2018-10-16 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in ressourcen/dbopen.php in bitesser MySQL Commander 2.7 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the home parameter. | |||||
| CVE-2007-1269 | 1 Gnu | 1 Gnumail | 2018-10-16 | 5.0 MEDIUM | N/A |
| GNUMail 1.1.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents GNUMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | |||||
| CVE-2007-1226 | 1 Mcafee | 1 Virex | 2018-10-16 | 4.1 MEDIUM | N/A |
| McAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak permissions (0666) for /Library/Application Support/Virex/VShieldExclude.txt, which allows local users to reconfigure Virex to skip scanning of arbitrary files. | |||||
| CVE-2007-1221 | 1 Microsoft | 1 Xbox 360 | 2018-10-16 | 7.2 HIGH | N/A |
| The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows attackers with physical access to force execution of the hypervisor syscall with a certain register set, which bypasses intended code protection. | |||||
| CVE-2007-1330 | 1 Comodo | 1 Comodo Firewall Pro | 2018-10-16 | 4.4 MEDIUM | N/A |
| Comodo Firewall Pro (CFP) (formerly Comodo Personal Firewall) 2.4.18.184 and earlier allows local users to bypass driver protections on the HKLM\SYSTEM\Software\Comodo\Personal Firewall registry key by guessing the name of a named pipe under \Device\NamedPipe\OLE and attempting to open it multiple times. | |||||
| CVE-2007-1331 | 1 Tks Banking Solutions | 1 Eportfolio | 2018-10-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java allow remote attackers to inject arbitrary web script or HTML via unspecified vectors that bypass the client-side protection scheme, one of which may be the q parameter to the search program. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-1332 | 1 Tks Banking Solutions | 1 Eportfolio | 2018-10-16 | 9.3 HIGH | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java allow remote attackers to perform unspecified restricted actions in the context of certain accounts by bypassing the client-side protection scheme. | |||||
| CVE-2007-1337 | 1 Vmware | 1 Workstation | 2018-10-16 | 7.8 HIGH | N/A |
| The virtual machine process (VMX) in VMware Workstation before 5.5.4 does not properly read state information when moving from the ACPI sleep state to the run state, which allows attackers to cause a denial of service (virtual machine reboot) via unknown vectors. | |||||
| CVE-2007-1268 | 1 Mutt | 1 Mutt | 2018-10-16 | 5.0 MEDIUM | N/A |
| Mutt 1.5.13 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Mutt from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | |||||
| CVE-2007-1267 | 1 Sylpheed | 1 Sylpheed | 2018-10-16 | 5.0 MEDIUM | N/A |
| Sylpheed 2.2.7 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Sylpheed from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | |||||
| CVE-2007-1254 | 1 Connectix | 1 Connectix Boards | 2018-10-16 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in part.userprofile.php in Connectix Boards 0.7 and earlier allows remote authenticated users to execute arbitrary SQL commands and obtain privileges via the p_skin parameter to index.php. | |||||
| CVE-2007-1255 | 1 Connectix | 1 Connectix Boards | 2018-10-16 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated administrators to execute arbitrary PHP code by uploading a crafted GIF smiley image with a .php extension via the uploadimage parameter to admin.php, which can be later accessed via a direct request for the file in smileys/. NOTE: this can be leveraged with a separate SQL injection issue for remote unauthenticated attacks. | |||||
| CVE-2007-1286 | 1 Php | 1 Php | 2018-10-16 | 6.8 MEDIUM | N/A |
| Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter. | |||||
| CVE-2007-1280 | 2 Adobe, Microsoft | 3 Robohelp, Robohelp Server, All Windows | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5, 6, and Server 6 allows remote attackers to inject arbitrary web script or HTML via a URL after a # (hash) in the URL path, as demonstrated using en/frameset-7.html, and possibly other unspecified vectors involving templates and (1) whstart.js and (2) whcsh_home.htm in WebHelp, (3) wf_startpage.js and (4) wf_startqs.htm in FlashHelp, or (5) WindowManager.dll in RoboHelp Server 6. | |||||