Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0560 | 1 Asp Edge | 1 Asp Edge | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in user.asp in ASP EDGE 1.2b and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter. | |||||
| CVE-2007-0606 | 1 W-agora | 1 W-agora | 2018-10-16 | 5.0 MEDIUM | N/A |
| w-agora 4.2.1 allows remote attackers to obtain sensitive information by via the (1) bn[] array parameter to index.php, which expects a string, and (2) certain parameters to delete_forum.php, which displays the path name in the resulting error message. | |||||
| CVE-2007-0605 | 1 Advanced Guestbook | 1 Advanced Guestbook | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in picture.php in Advanced Guestbook 2.4.2 allows remote attackers to inject arbitrary web script or HTML via the picture parameter. | |||||
| CVE-2007-0556 | 1 Postgresql | 1 Postgresql | 2018-10-16 | 6.6 MEDIUM | N/A |
| The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server. | |||||
| CVE-2007-0555 | 1 Postgresql | 1 Postgresql | 2018-10-16 | 8.5 HIGH | N/A |
| PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content. | |||||
| CVE-2007-0620 | 1 Vlad Leont | 1 Fd Script | 2018-10-16 | 5.0 MEDIUM | N/A |
| download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php. | |||||
| CVE-2007-0554 | 1 Guo Xu Guos Posting System | 1 Guo Xu Guos Posting System | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in print.asp in Guo Xu Guos Posting System (GPS) 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0391 | 1 Bitdefender | 1 Bitdefender Client | 2018-10-16 | 7.2 HIGH | N/A |
| Format string vulnerability in the log creation functionality of BitDefender Client Professional Plus 8.02 allows attackers to execute arbitrary code via certain scan job settings. | |||||
| CVE-2007-0382 | 1 Letterman | 1 Letterman | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in letterman.class.php in the Letterman 1.2.3 (com_letterman) component for Joomla! before 1.0.12 allow remote attackers to execute arbitrary SQL commands via the id parameter, related to the (1) lm_sendMail, (2) saveNewsletter, and (3) cancelNewsletter functions. | |||||
| CVE-2007-0377 | 1 Xoops | 1 Xoops | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in kernel/group.php in core, (2) the lid parameter in class/table_broken.php in the Weblinks module, and other unspecified vectors. | |||||
| CVE-2007-0376 | 1 Virtuemart | 1 Virtuemart | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-0375 | 1 Joomla | 1 Joomla | 2018-10-16 | 5.0 MEDIUM | N/A |
| Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other unspecified PHP scripts, which reveals the path in various error messages, related to a jimport function call at the beginning of each script. | |||||
| CVE-2007-0374 | 2 Joomla, Mambo | 2 Joomla, Mambo | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing. | |||||
| CVE-2007-0490 | 1 Open-realty | 1 Open-realty | 2018-10-16 | 5.0 MEDIUM | N/A |
| index.php in Open-Realty 2.3.4 allows remote attackers to obtain sensitive information (the full path) via an invalid listingID parameter in a listingview action. | |||||
| CVE-2007-0373 | 1 Joomla | 1 Joomla | 2018-10-16 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow remote attackers to execute arbitrary SQL commands via (1) the searchword parameter in certain files; the where parameter in (2) plugins/search/content.php or (3) plugins/search/weblinks.php; the text parameter in (4) plugins/search/contacts.php, (5) plugins/search/categories.php, or (6) plugins/search/sections.php; or (7) the email parameter in database/table/user.php, which is not properly handled by the check function. | |||||
| CVE-2007-0487 | 1 Zoneo-soft | 1 Freeforum | 2018-10-16 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in FreeForum 0.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. NOTE: this issue has been disputed by third party researchers, stating that fpath variable is initialized before being used. | |||||
| CVE-2007-0372 | 1 Francisco Burzi | 1 Php-nuke | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 allow remote attackers to execute arbitrary SQL commands via (1) the active parameter in admin/modules/modules.php; the (2) ad_class, (3) imageurl, (4) clickurl, (5) ad_code, or (6) position parameter in modules/Advertising/admin/index.php; or unspecified vectors in the (7) advertising, (8) weblinks, or (9) reviews section. | |||||
| CVE-2007-0485 | 1 Webchat.org | 1 Webchat | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in defines.php in WebChat 0.77 allows remote attackers to execute arbitrary PHP code via a URL in the WEBCHATPATH parameter. | |||||
| CVE-2007-0469 | 1 Rubyforge | 1 Rubygems | 2018-10-16 | 9.3 HIGH | N/A |
| The extract_files function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages. | |||||
| CVE-2007-0468 | 1 Microsoft | 1 Visual Studio | 2018-10-16 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ (MSVC) in Microsoft Visual Studio 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a long file path in the "1 TYPELIB MOVEABLE PURE" option in an RC file. | |||||
| CVE-2007-0453 | 1 Samba | 1 Samba | 2018-10-16 | 4.6 MEDIUM | N/A |
| Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 through 3.0.23d, as used in the winbindd daemon on Solaris, allows attackers to execute arbitrary code via the (1) gethostbyname and (2) getipnodebyname functions. | |||||
| CVE-2007-0452 | 1 Samba | 1 Samba | 2018-10-16 | 6.8 MEDIUM | N/A |
| smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service (memory and CPU exhaustion) by renaming a file in a way that prevents a request from being removed from the deferred open queue, which triggers an infinite loop. | |||||
| CVE-2007-0443 | 1 Gracenote | 1 Cddbcontrol Activex Control | 2018-10-16 | 9.3 HIGH | N/A |
| Multiple buffer overflows in the CDDBControl ActiveX control in Gracenote CDDB before 20070418 allow remote attackers to execute arbitrary code via long values for certain Proxy configuration parameters. | |||||
| CVE-2007-0441 | 1 Hp | 1 Openview Network Node Manager | 2018-10-16 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allows remote attackers to execute arbitrary commands via unknown vectors. | |||||
| CVE-2007-0477 | 1 Openads | 1 Openads | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Openads 2.0.x before 2.0.10, 2.3 before 2.3.31 (aka Max Media Manager before 0.3.31-alpha-pr2), and phpAdsNew/phpPgAds before 2.0.9-pr1 allows remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter in admin-search.php and (2) affiliate-search.php. NOTE: this issue may overlap CVE-2007-0363. | |||||
| CVE-2007-0431 | 1 Avm | 1 Fritzbox | 2018-10-16 | 7.8 HIGH | N/A |
| AVM Fritz!Box 7050, and possibly other product models, allows remote attackers to cause a denial of service (VoIP application crash) via a zero-length UDP packet to the SIP port (port 5060). | |||||
| CVE-2007-0430 | 1 Apple | 1 Mac Os X | 2018-10-16 | 4.9 MEDIUM | N/A |
| The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and earlier kernel allows local users to cause a denial of service (memory corruption) via a large mappingCount value. | |||||
| CVE-2007-0428 | 1 Wzdftpd | 1 Wzdftpd | 2018-10-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the chtbl_lookup function in hash.c for WzdFTPD 8.0 and earlier allows remote attackers to cause a denial of service via a crafted FTP command, probably due to a NULL pointer dereference. | |||||
| CVE-2007-0427 | 1 Microsoft | 1 Html Help Workshop | 2018-10-16 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a help project (.HPJ) file with a long HLP field in the OPTIONS section. | |||||
| CVE-2007-0446 | 1 Hp | 3 Mercury Loadrunner Agent, Mercury Monitor Over Firewall, Mercury Performance Center Agent | 2018-10-16 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in magentproc.exe for Hewlett-Packard Mercury LoadRunner Agent 8.0 and 8.1, Performance Center Agent 8.0 and 8.1, and Monitor over Firewall 8.1 allows remote attackers to execute arbitrary code via a packet with a long server_ip_name field to TCP port 54345, which triggers the overflow in mchan.dll. | |||||
| CVE-2007-0445 | 1 Kaspersky Lab | 2 Kaspersky Anti-virus, Kaspersky Internet Security | 2018-10-16 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the arj.ppl module in the OnDemand Scanner in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to execute arbitrary code via crafted ARJ archives. | |||||
| CVE-2007-0387 | 1 Joomla | 1 Joomla | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in models/category.php in the Weblinks component for Joomla! SVN 20070118 (com_weblinks) allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2007-0403 | 1 Easebay Resources | 1 Paypal Subscription Manager | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/memberlist.php in Easebay Resources Paypal Subscription Manager allows remote attackers to execute arbitrary SQL commands via the keyword parameter. | |||||
| CVE-2007-0402 | 1 Easebay Resources | 1 Paypal Subscription Manager | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/edit_member.php in Easebay Resources Paypal Subscription Manager allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||
| CVE-2007-0401 | 1 Easebay Resources | 1 Login Manager | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the init_row parameter. | |||||
| CVE-2007-0360 | 1 Oreon Project | 1 Oreon | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lang/index.php in Oreon 1.2.3 RC4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | |||||
| CVE-2007-0400 | 1 Easebay Resources | 1 Login Manager | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | |||||
| CVE-2007-0399 | 1 Simple Machines | 1 Simple Machines Forum | 2018-10-16 | 6.0 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Simple Machines Forum (SMF) 1.1 RC3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) recipient or (2) BCC field when selecting send in a pm action. | |||||
| CVE-2007-0352 | 1 Microsoft | 1 Html Help Workshop | 2018-10-16 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a crafted .cnt file composed of lines that begin with an integer followed by a space and a long string. | |||||
| CVE-2007-0398 | 1 Arnotic | 1 A-forum | 2018-10-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in forum.php3 in Arnaud Guyonne (aka Arnotic) a-forum allow remote attackers to inject arbitrary web script or HTML via the (1) Sujet or (2) Pseudo field. | |||||
| CVE-2007-0351 | 2 Microsoft, Zonelabs | 3 Windows 2003 Server, Windows Xp, Zonealarm | 2018-10-16 | 6.2 MEDIUM | N/A |
| Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user. | |||||
| CVE-2007-0349 | 1 Nicecoder | 1 Indexu | 2018-10-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in upgrade.php in nicecoder.com INDEXU 5.x allows remote attackers to include arbitrary local files via a .. (dot dot) in the gateway parameter. | |||||
| CVE-2007-0249 | 1 Nwom | 1 Nwom Topsites | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Nwom topsites 3.0 allows remote attackers to inject arbitrary web script or HTML via the o parameter. | |||||
| CVE-2007-0250 | 1 Nwom | 1 Nwom Topsites | 2018-10-16 | 5.0 MEDIUM | N/A |
| index.php in Nwom topsites 3.0 allows remote attackers to obtain potentially sensitive information via a ' (quote) character in the o parameter, which forces a SQL error. | |||||
| CVE-2007-0251 | 1 Snort | 1 Snort | 2018-10-16 | 7.8 HIGH | N/A |
| Integer underflow in the DecodeGRE function in src/decode.c in Snort 2.6.1.2 allows remote attackers to trigger dereferencing of certain memory locations via crafted GRE packets, which may cause corruption of log files or writing of sensitive information into log files. | |||||
| CVE-2007-0252 | 1 Easy-content Filemanager | 1 Easy-content Filemanager | 2018-10-16 | 7.5 HIGH | N/A |
| Unspecified vulnerability in easy-content filemanager allows remote attackers to upload or modify arbitrary files via unspecified vectors. | |||||
| CVE-2007-0347 | 1 Cvstrac | 1 Cvstrac | 2018-10-16 | 4.3 MEDIUM | N/A |
| The is_eow function in format.c in CVSTrac before 2.0.1 does not properly check for the "'" (quote) character, which allows remote authenticated users to execute limited SQL injection attacks and cause a denial of service (database error) via a ' character in certain messages, tickets, or Wiki entries. | |||||
| CVE-2007-0254 | 1 Xine | 1 Xine-ui | 2018-10-16 | 10.0 HIGH | N/A |
| Format string vulnerability in the errors_create_window function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2007-0255 | 1 Xine | 1 Xine | 2018-10-16 | 9.3 HIGH | N/A |
| XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017. | |||||
| CVE-2007-0257 | 1 Grsecurity | 1 Grsecurity Kernel Patch | 2018-10-16 | 7.2 HIGH | N/A |
| ** DISPUTED ** Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven. As of 20070120, the original researcher has released demonstration code. | |||||