Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0598 | 1 Aztek Forum | 1 Aztek Forum | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forum/load.php in Aztek Forum 4.00 allows remote attackers to execute arbitrary SQL commands via the fid cookie to forum.php. | |||||
| CVE-2007-0597 | 1 Aztek Forum | 1 Aztek Forum | 2018-10-16 | 5.0 MEDIUM | N/A |
| Aztek Forum 4.00 allows remote attackers to obtain sensitive information via a direct request to forum.php with the fid=XD query string, which reveals the path in an error message. | |||||
| CVE-2007-0596 | 1 Aztek Forum | 1 Aztek Forum | 2018-10-16 | 6.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index/main.php in Aztek Forum 4.00 allows remote authenticated administrators to execute arbitrary PHP code via a URL in the PF[top_url] parameter. | |||||
| CVE-2007-0635 | 1 Encapscms | 1 Encapscms | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) config[path] parameter to (a) common_foot.php or (b) blogs.php, or (2) the config[theme] parameter to (c) admin/gallery_head.php. | |||||
| CVE-2007-0595 | 1 Designmind | 1 High5 Review Script | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search in High 5 Review Site allows remote attackers to inject arbitrary web script or HTML via the q parameter (aka the search box). | |||||
| CVE-2007-0594 | 1 Siteman | 1 Siteman | 2018-10-16 | 5.0 MEDIUM | N/A |
| Siteman 2.0.x2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for db/siteman/users.MYD. | |||||
| CVE-2007-0593 | 1 Siteman | 1 Siteman | 2018-10-16 | 5.0 MEDIUM | N/A |
| Siteman 1.1.11 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for data/members.txt. | |||||
| CVE-2007-0542 | 1 212cafe | 1 Guestbook | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in show.php in 212cafe Guestbook 4.00 beta allows remote attackers to inject arbitrary web script or HTML via the user parameter. | |||||
| CVE-2007-0592 | 1 Indexcor | 1 Ezdatabase | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in EzDatabase 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to admin/login.php and the Admin Panel Database. | |||||
| CVE-2007-0540 | 1 Wordpress | 1 Wordpress | 2018-10-16 | 5.0 MEDIUM | N/A |
| WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, which is downloaded even though it cannot contain usable pingback data. | |||||
| CVE-2007-0584 | 1 G-neric | 1 Php Generic Library And Framework | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in membres/membreManager.php in PhP Generic Library & Framework for comm (g-neric) allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. | |||||
| CVE-2007-0539 | 1 Wordpress | 1 Wordpress | 2018-10-16 | 7.8 HIGH | N/A |
| The wp_remote_fopen function in WordPress before 2.1 allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a large file, which triggers a long download session without a timeout constraint. | |||||
| CVE-2007-0538 | 1 Telligent Systems | 1 Community Server Forums | 2018-10-16 | 5.0 MEDIUM | N/A |
| Telligent Community Server 2.1 and earlier allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to (1) a large file, which triggers a long download session without a timeout constraint; or (2) a file with a binary content type, which is downloaded even though it cannot contain usable pingback data. | |||||
| CVE-2007-0533 | 1 Atozed Software | 1 Intraweb Component | 2018-10-16 | 5.0 MEDIUM | N/A |
| The AToZed IntraWeb component 8.0 and earlier for Borland Delphi and Kylix, and IntraWeb 9.0 before build (9.0.12), allows remote attackers to cause a denial of service (thread hang or CPU consumption) via a crafted HTTP request, related to the OnBeforeDispatch function in the TIWServerController object. | |||||
| CVE-2007-0532 | 1 Tuan Do | 1 Uploader | 2018-10-16 | 5.0 MEDIUM | N/A |
| Tuan Do Uploader (aka php-uploader) 6 beta 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrator password hash via a direct request for userdata/user_1.txt. | |||||
| CVE-2007-0581 | 1 Eclipsebb | 1 Eclipsebb | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in functions.php in EclipseBB 0.5.0 Lite allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-0530 | 1 Advanced Guestbook | 1 Advanced Guestbook | 2018-10-16 | 7.5 HIGH | N/A |
| ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Advanced Guestbook 2.4.2 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) index.php, (2) addentry.php, or (3) picture.php, a different set of vectors than CVE-2006-5804. NOTE: this issue has been disputed by third party researchers, stating that the include_path variable is instantiated before use. | |||||
| CVE-2007-0529 | 1 Php Link Directory | 1 Php Link Directory | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.html (aka the administration page) in PHP Link Directory (phpLD) 3.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted link, which is triggered when the administrator uses the "Validate Links" functionality. | |||||
| CVE-2007-0609 | 1 Advanced Guestbook | 1 Advanced Guestbook | 2018-10-16 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. (dot dot) in a lang cookie, followed by a filename without its .php extension, as demonstrated via a request to index.php. | |||||
| CVE-2007-0567 | 1 Interactive-scripts.com | 1 Php Membership Manager | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin.php in Interactive-Scripts.Com PHP Membership Manager 1.5 allows remote attackers to inject arbitrary web script or HTML via the _p parameter. | |||||
| CVE-2007-0528 | 1 Centrality Communications | 1 Pa168 Chipset | 2018-10-16 | 9.0 HIGH | N/A |
| The admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to existing superuser sessions and obtain sensitive information (passwords and configuration data). | |||||
| CVE-2007-0526 | 1 Bitweaver | 1 Bitweaver | 2018-10-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the URL (PATH_INFO) to (1) articles/edit.php, (2) articles/list.php, (3) blogs/list_blogs.php, or (4) blogs/rankings.php. | |||||
| CVE-2007-0677 | 1 Cronosys | 1 Cadre Php Framework | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in fw/class.Quick_Config_Browser.php in Cadre PHP Framework 20020724 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][framework_path] parameter. | |||||
| CVE-2007-0684 | 1 Cerulean Portal System | 1 Cerulean Portal System | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in portal.php in Cerulean Portal System 0.7b allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-0667 | 2 Ledgersmb, Sql-ledger | 2 Ledgersmb, Sql-ledger | 2018-10-16 | 6.5 MEDIUM | N/A |
| The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2) SQL-Ledger allows remote authenticated users to execute arbitrary code via redirects, related to callbacks, a different issue than CVE-2006-5872. | |||||
| CVE-2007-0666 | 1 Ipswitch | 1 Ws Ftp Server | 2018-10-16 | 6.8 MEDIUM | N/A |
| Ipswitch WS_FTP Server 5.04 allows FTP site administrators to execute arbitrary code on the system via a long input string to the (1) iFTPAddU or (2) iFTPAddH file, or to a (3) edition module. | |||||
| CVE-2007-0665 | 1 Ipswitch | 1 Ws Ftp Pro | 2018-10-16 | 6.8 MEDIUM | N/A |
| Format string vulnerability in the SCP module in Ipswitch WS_FTP 2007 Professional might allow remote attackers to execute arbitrary commands via format string specifiers in the filename, related to the SHELL WS_FTP script command. | |||||
| CVE-2007-0654 | 1 X Multimedia System | 1 X Multimedia System | 2018-10-16 | 9.3 HIGH | N/A |
| Integer underflow in X MultiMedia System (xmms) 1.2.10 allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which results in a stack-based buffer overflow. | |||||
| CVE-2007-0653 | 2 Linux, X Multimedia System | 2 Linux Kernel, X Multimedia System | 2018-10-16 | 9.3 HIGH | N/A |
| Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which triggers memory corruption. | |||||
| CVE-2007-0652 | 1 Mailenable | 1 Mailenable Professional | 2018-10-16 | 5.1 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag. | |||||
| CVE-2007-0688 | 1 Hunkaray Duyuru | 1 Scripti | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in oku.asp in Hunkaray Duyuru Scripti allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0689 | 1 Mybb | 1 Mybb | 2018-10-16 | 5.0 MEDIUM | N/A |
| MyBB 1.2.4 allows remote attackers to obtain sensitive information via the (1) action[] parameter to member.php, (2) imagehash[] parameter to captcha.php, and (3) a direct request to inc/datahandlers/event.php, which reveal the installation path in the resulting error message. | |||||
| CVE-2007-0690 | 1 Myevent | 1 Myevent | 2018-10-16 | 5.0 MEDIUM | N/A |
| myEvent 1.6 allows remote attackers to obtain sensitive information via (1) a Log In action without a password to login.php, or an invalid (2) view[] or (3) monthno[] parameter to myevent.php, which reveals the path in various error messages. | |||||
| CVE-2007-0651 | 1 Mailenable | 1 Mailenable Professional | 2018-10-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and (c) Forms/VCF/list.asp in mewebmail/base/default/lang/EN/. | |||||
| CVE-2007-0709 | 1 Comodo | 1 Comodo Firewall Pro | 2018-10-16 | 7.2 HIGH | N/A |
| cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.16.174 and earlier does not validate arguments that originate in user mode for the (1) NtCreateSection, (2) NtOpenProcess, (3) NtOpenSection, (4) NtOpenThread, and (5) NtSetValueKey hooked SSDT functions, which allows local users to cause a denial of service (system crash) and possibly gain privileges via invalid arguments. | |||||
| CVE-2007-0713 | 1 Apple | 1 Quicktime | 2018-10-16 | 5.8 MEDIUM | N/A |
| Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file. | |||||
| CVE-2007-0692 | 1 Dgnews | 1 Dgnews | 2018-10-16 | 5.0 MEDIUM | N/A |
| DGNews 2.1 allows remote attackers to obtain sensitive information via a fullnews request to news.php with an invalid newsid parameter, and other unspecified vectors, which reveal the path in various error messages. | |||||
| CVE-2007-0708 | 1 Comodo | 1 Comodo Firewall Pro | 2018-10-16 | 7.2 HIGH | N/A |
| cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) before 2.4.16.174 does not validate arguments that originate in user mode for the (1) NtConnectPort and (2) NtCreatePort hooked SSDT functions, which allows local users to cause a denial of service (system crash) and possibly gain privileges via invalid arguments. | |||||
| CVE-2007-0624 | 1 Maxdev | 1 Mdpro | 2018-10-16 | 5.0 MEDIUM | N/A |
| user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the full path via a ' (quote) character, and possibly other invalid values, in the uname parameter in a userinfo operation. | |||||
| CVE-2007-0693 | 1 Dian Gemilang | 1 Dgnews | 2018-10-16 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newslist action. NOTE: this issue can produce resultant cross-site scripting (XSS). | |||||
| CVE-2007-0694 | 1 Dian Gemilang | 1 Dgnews | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in footer.php in DGNews 2.1 allows remote attackers to inject arbitrary web script or HTML via the copyright parameter. | |||||
| CVE-2007-0566 | 1 Asp News | 1 Asp News | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news_detail.asp in ASP NEWS 3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0543 | 1 Zixforum | 1 Zixforum | 2018-10-16 | 9.4 HIGH | N/A |
| ZixForum 1.14 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for Zixforum.mdb. NOTE: a followup post suggests that this issue only occurs if the administrator does not properly follow installation directions. | |||||
| CVE-2007-0623 | 1 Maxdev | 1 Mdpro | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows remote attackers to execute arbitrary SQL commands via the startrow parameter. | |||||
| CVE-2007-0608 | 1 Advanced Guestbook | 1 Advanced Guestbook | 2018-10-16 | 7.1 HIGH | N/A |
| Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive information via an invalid (1) GB_TBL parameter to (a) lang/codes-english.php or (b) image.php, which reveal the database name; (2) an invalid GB_DB parameter to index.php, coupled with a ../index lang cookie, which reveals the installation path; or (3) a direct request to index.php with no parameters or cookies, which reveals the installation path. | |||||
| CVE-2007-0518 | 1 Scriptsez | 1 Smart Php Subscriber | 2018-10-16 | 7.5 HIGH | N/A |
| Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain encoded passwords via a direct request for pwd.txt. | |||||
| CVE-2007-0607 | 1 W-agora | 1 W-agora | 2018-10-16 | 4.3 MEDIUM | N/A |
| W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores globals.inc under the web document root with insufficient access control, which allows remote attackers to obtain application path information via a direct request. | |||||
| CVE-2007-0561 | 1 Xero Portal | 1 Xero Portal | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Xero Portal 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) admin_linkdb.php, (2) admin_forum_prune.php, (3) admin_extensions.php, (4) admin_board.php, (5) admin_attachments.php, or (6) admin_users.php in admin/. | |||||
| CVE-2007-0517 | 1 Scriptsez | 1 Random Php Quote | 2018-10-16 | 7.5 HIGH | N/A |
| Scriptsez Random PHP Quote 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password information via a direct request for pwd.txt. | |||||
| CVE-2007-0497 | 1 Upload-service | 1 Upload-service | 2018-10-16 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in upload/top.php in Upload-Service 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the maindir parameter. | |||||