Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0260 | 1 Naig | 1 Naig | 2018-10-16 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Naig 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the this_path parameter. NOTE: a reliable third party disputes this vulnerability because this_path is defined before use. | |||||
| CVE-2007-0262 | 1 Wordpress | 1 Wordpress | 2018-10-16 | 7.8 HIGH | N/A |
| WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify that the m parameter value has the string data type, which allows remote attackers to obtain sensitive information via an invalid m[] parameter, as demonstrated by obtaining the path, and obtaining certain SQL information such as the table prefix. | |||||
| CVE-2007-0265 | 1 Ezboxx | 1 Portal System Beta | 2018-10-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ezboxx Portal System Beta 0.7.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the pic parameter to custom/piczoom.asp, (2) the nocatname parameter to boxx/user-upload.asp, or (3) the iid parameter to indexes/newscomments.asp. | |||||
| CVE-2007-0266 | 1 Ezboxx | 1 Ezboxx Portal System | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in boxx/ShowAppendix.asp in Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the iid parameter. | |||||
| CVE-2007-0302 | 1 Instantasp | 1 Instantasp | 2018-10-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in InstantASP 4.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to (a) Logon.aspx, and the (2) Username and (3) Update parameters to (b) Members1.aspx. | |||||
| CVE-2007-0389 | 1 Arsdigita | 2 Arsdigita Community Education Solution, Arsdigita Community System | 2018-10-16 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in ArsDigita Community System (ACS) 3.4.10 and earlier, and ArsDigita Community Education Solution (ACES) 1.1, allows remote attackers to read arbitrary files via .%252e/ (double-encoded dot dot slash) sequences in the URI. | |||||
| CVE-2007-0390 | 1 Sabros.us | 1 Sabros.us | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in sabros.us 1.7 allows remote attackers to inject arbitrary web script or HTML via the tag parameter. | |||||
| CVE-2007-0335 | 1 Jax Scripts | 1 Jax Petition Book | 2018-10-16 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Jax Petition Book 1.0.3.06 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the languagepack parameter to (1) jax_petitionbook.php or (2) smileys.php. | |||||
| CVE-2007-0333 | 1 Agnitum | 1 Outpost Firewall | 2018-10-16 | 7.2 HIGH | N/A |
| Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access restrictions and insert Trojan horse drivers into the product's installation directory by creating links using FileLinkInformation requests with the ZwSetInformationFile function, as demonstrated by modifying SandBox.sys. | |||||
| CVE-2007-0332 | 1 Xentraz | 1 Liens Dynamiques | 2018-10-16 | 7.5 HIGH | N/A |
| (1) admin/adminlien.php3 and (2) admin/modif.php3 in liens_dynamiques 2.1 do not require authentication, which allows remote attackers to perform unauthorized administrative actions using a direct request. | |||||
| CVE-2007-0331 | 1 Xentraz | 1 Liens Dynamiques | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in liens.php3 in liens_dynamiques 2.1 allows remote attackers to inject arbitrary web script or HTML by using the ajouter=1 query string and the add menu. | |||||
| CVE-2007-0330 | 1 Ipswitch | 1 Ws Ftp Pro | 2018-10-16 | 7.5 HIGH | N/A |
| Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch WS_FTP 2007 Professional allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long ftp:// URL in an HTML document, and possibly other vectors. | |||||
| CVE-2007-0339 | 1 Scriptme | 1 Sme Filemailer | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php (aka the login form) in Scriptme SMe FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the Password field (ps parameter). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0324 | 1 Lizardtech | 1 Djvu Browser Plug-in | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the LizardTech DjVu Browser Plug-in before 6.1.1 allow remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-0323 | 1 Rim | 1 Teamon Import Object Activex Control | 2018-10-16 | 7.5 HIGH | N/A |
| Buffer overflow in the SetLanguage function in Research In Motion (RIM) TeamOn Import Object ActiveX control (TOImport.dll) allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-0298 | 1 Dexxaboy | 1 Lunarpoll | 2018-10-16 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in show.php in LunarPoll, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PollDir parameter. | |||||
| CVE-2007-0394 | 1 Hp | 1 Hp-ux | 2018-10-16 | 4.6 MEDIUM | N/A |
| HP HP-UX B11.11 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572. | |||||
| CVE-2007-0393 | 1 Sun | 1 Solaris | 2018-10-16 | 4.6 MEDIUM | N/A |
| Sun Solaris 9 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572. | |||||
| CVE-2007-0305 | 1 Okulsistem Okul Web | 1 Otomasyon Sistemi | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in etkinlikbak.asp in Okul Web Otomasyon Sistemi 4.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0341 | 1 Phpmyadmin | 1 Phpmyadmin | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992. | |||||
| CVE-2007-0392 | 1 Ibm | 1 Aix | 2018-10-16 | 4.6 MEDIUM | N/A |
| IBM AIX 5.3 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572. | |||||
| CVE-2007-0309 | 1 Francisco Burzi | 1 Php-nuke | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in blocks/block-Old_Articles.php in Francisco Burzi PHP-Nuke 7.9 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2007-0310 | 1 Bmc | 1 Remedy Action Request System | 2018-10-16 | 5.0 MEDIUM | N/A |
| BMC Remedy Action Request System 5.01.02 Patch 1267 generates different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to determine valid account names. | |||||
| CVE-2007-0312 | 1 Wcsimple Poll | 1 Wcsimple Poll | 2018-10-16 | 7.8 HIGH | N/A |
| wcSimple Poll stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password hashes via a direct request for password.txt. | |||||
| CVE-2007-0353 | 1 Mywebland | 1 Mybloggie | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in (1) index.php and (2) login.php in myBloggie 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO string. | |||||
| CVE-2007-0146 | 1 Fix And Chips Computer Services | 1 Fix And Chips Cms | 2018-10-16 | 6.0 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) delete-announce.php; the (2) Announcement form field in (b) staff.php; the (3) Client Name, (4) Business Name, (5) Street, (6) Address 2, (7) Town/City, (8) Postcode, (9) Phone Number, (10) Email Address and (11) Website Address form fields in (c) new_customer.php; and unspecified fields in (d) search.php and (e) client-results.php. | |||||
| CVE-2007-0194 | 1 Mkportal | 1 Mkportal | 2018-10-16 | 7.8 HIGH | N/A |
| admin.php in MKPortal M1.1 RC1 allows remote attackers to obtain sensitive information via a direct request with an MK_PATH=1 query string, which reveals the path in an error message. | |||||
| CVE-2007-0148 | 1 Omnigroup | 1 Omniweb | 2018-10-16 | 6.8 MEDIUM | N/A |
| Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the Javascript alert function. | |||||
| CVE-2007-0149 | 1 Ememberspro | 1 Ememberspro | 2018-10-16 | 7.5 HIGH | N/A |
| EMembersPro 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for users.mdb. | |||||
| CVE-2007-0202 | 1 Alexphpteam | 1 Alex Guestbook | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in @lex Guestbook 4.0.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the lang parameter. | |||||
| CVE-2007-0142 | 1 Shopstorenow | 1 E-commerce Shopping Cart | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in orange.asp in ShopStoreNow E-commerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the CatID parameter. | |||||
| CVE-2007-0076 | 1 2enetworx | 1 Openforum | 2018-10-16 | 7.5 HIGH | N/A |
| Openforum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user passwords via a direct request for openforum.mdb. | |||||
| CVE-2007-0178 | 1 Php Web Scripts | 1 Easy Banner Pro | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in info.php in Easy Banner Pro 2.8 allows remote attackers to execute arbitrary PHP code via a URL in the s[phppath] parameter. | |||||
| CVE-2007-0143 | 1 Nune | 1 News Script | 2018-10-16 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in NUNE News Script 2.0pre2 allow remote attackers to execute arbitrary PHP code via a URL in the custom_admin_path parameter to (1) index.php or (2) archives.php. | |||||
| CVE-2007-0075 | 1 Aspbb | 1 Aspbb | 2018-10-16 | 7.5 HIGH | N/A |
| AspBB stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user passwords via a direct request for db/aspbb.mdb. | |||||
| CVE-2007-0094 | 1 Sven Moderow | 1 Sven Moderow Guestbook | 2018-10-16 | 7.5 HIGH | N/A |
| Sven Moderow GuestBook 0.3a stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for (1) gbook97.mdb or (2) gbook.mdb in ~db/. | |||||
| CVE-2007-0093 | 1 Cms-center | 1 Simple Web Cms | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in page.php in Simple Web Content Management System allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0179 | 1 Phpkit | 1 Phpkit | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the subid parameter. | |||||
| CVE-2007-0069 | 1 Microsoft | 3 Windows 2003 Server, Windows Vista, Windows Xp | 2018-10-16 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability." | |||||
| CVE-2007-0181 | 1 Scriptaty | 1 Magic Photo Storage Website | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/common_function.php in magic photo storage website allows remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter. | |||||
| CVE-2007-0106 | 1 Wordpress | 1 Wordpress | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when WordPress generates a new link to verify the request. | |||||
| CVE-2007-0119 | 1 Edittag | 1 Edittag | 2018-10-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 allow remote attackers to inject arbitrary web script or HTML via the plain parameter to (1) mkpw_mp.cgi, (2) mkpw.pl, or (3) mkpw.cgi. | |||||
| CVE-2007-0150 | 1 Dayfox Designs | 1 Dayfox Blog | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in index.php in Dayfox Blog allow remote attackers to execute arbitrary PHP code via a URL in the (1) page, (2) subject, and (3) q parameters. | |||||
| CVE-2007-0151 | 1 Mitisoft | 1 Mitisoft | 2018-10-16 | 7.5 HIGH | N/A |
| MitiSoft stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for access_MS/MitiSoft.mdb. | |||||
| CVE-2007-0100 | 1 Perforce | 1 Perforce Client | 2018-10-16 | 10.0 HIGH | N/A |
| The Perforce client does not restrict the set of files that it overwrites upon receiving a request from the server, which allows remote attackers to overwrite arbitrary files by modifying the client config file on the server, or by operating a malicious server. | |||||
| CVE-2007-0152 | 1 Ohhasp | 1 Ohhasp | 2018-10-16 | 7.5 HIGH | N/A |
| OhhASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/OhhASP.mdb. | |||||
| CVE-2007-0097 | 1 Conexware | 1 Powerarchiver 2006 | 2018-10-16 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in the (1) LoadTree and (2) ReadHeader functions in PAISO.DLL 1.7.3.0 (1.7.3 beta) in ConeXware PowerArchiver 2006 9.64.02 allow user-assisted attackers to execute arbitrary code via a crafted ISO file containing a file within several nested directories. | |||||
| CVE-2007-0090 | 1 Fermentigrafici | 1 Wineglass | 2018-10-16 | 7.5 HIGH | N/A |
| WineGlass stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/data.mdb. | |||||
| CVE-2007-0189 | 1 Geobb | 1 Georgian Bulletin Board | 2018-10-16 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in GeoBB Georgian Bulletin Board allows remote attackers to execute arbitrary PHP code via a URL in the action parameter. NOTE: CVE disputes this issue, since GeoBB 1.0 sets $action to a whitelisted value. | |||||
| CVE-2007-0161 | 1 Hp | 21 Color Laserjet 4650, Officejet 4100, Officejet 5100 and 18 more | 2018-10-16 | 4.1 MEDIUM | N/A |
| The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument, a related issue to CVE-2006-0023. | |||||