Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4326 | 1 Mapos Scripts | 1 Bilder Uploader | 2018-10-15 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Bilder Uploader 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) gruppen.php, (2) bild.php, (3) feed.php, (4) mitglieder.php, (5) online.php, (6) profil.php, and possibly other unspecified PHP scripts. | |||||
| CVE-2007-4243 | 1 Astaro | 1 Security Gateway | 2018-10-15 | 7.8 HIGH | N/A |
| Unspecified vulnerability in pfilter-reporter.pl in Astaro Security Gateway (ASG) 7 allows remote attackers to cause a denial of service (CPU consumption) via certain network traffic, as demonstrated by P2P and iTunes applications that download large amounts of data. | |||||
| CVE-2007-4226 | 1 Bluecat Networks | 1 Adonis | 2018-10-15 | 7.1 HIGH | N/A |
| Directory traversal vulnerability in the BlueCat Networks Proteus IPAM appliance 2.0.2.0 (Adonis DNS/DHCP appliance 5.0.2.8) allows remote authenticated administrators, with certain TFTP privileges, to create and overwrite arbitrary files via a .. (dot dot) in a pathname. NOTE: this can be leveraged for administrative access by overwriting /etc/shadow. | |||||
| CVE-2007-4319 | 1 Zyxel | 2 Zynos, Zywall 2 | 2018-10-15 | 4.0 MEDIUM | N/A |
| The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to cause a denial of service (infinite reboot loop) via invalid configuration data. NOTE: this issue might not cross privilege boundaries, and it might be resultant from CSRF; if so, then it should not be included in CVE. | |||||
| CVE-2007-4235 | 1 Vietphp | 1 Vietphp | 2018-10-15 | 9.3 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in VietPHP allow remote attackers to execute arbitrary PHP code via a URL in (1) the dirpath parameter to (a) _functions.php, or (2) the language parameter to (b) admin/index.php or (c) index.php. | |||||
| CVE-2007-4239 | 1 C-sam | 1 Onewallet | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in user/forgotPassStep2.jsp in the admin interface in C-SAM oneWallet 210_07062007;1.0 allows remote attackers to inject arbitrary web script or HTML via the loginID parameter. | |||||
| CVE-2007-4383 | 1 Trackeur | 1 Trackeur | 2018-10-15 | 6.8 MEDIUM | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in tracking.php in Trackeur 1 allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: CVE and a third party dispute this vulnerability because header is defined before use. The researcher is known to be unreliable. | |||||
| CVE-2007-4247 | 1 Microsoft | 1 Windows Vista | 2018-10-15 | 4.3 MEDIUM | N/A |
| Windows Calendar on Microsoft Windows Vista allows remote attackers to cause a denial of service (NULL dereference and persistent application crash) via a malformed ICS file. | |||||
| CVE-2007-4248 | 1 Toolbar Gaming | 1 Toolbar Gaming | 2018-10-15 | 4.3 MEDIUM | N/A |
| The CallCmd function in toolbar_gaming.dll in the Toolbar Gaming toolbar for Internet Explorer allows remote attackers to cause a denial of service (NULL dereference and browser crash) via unspecified vectors. | |||||
| CVE-2007-4249 | 1 Exportnation | 1 Exportnation Toolbar | 2018-10-15 | 4.3 MEDIUM | N/A |
| The isChecked function in Toolbar.DLL in the ExportNation toolbar for Internet Explorer allows remote attackers to cause a denial of service (NULL dereference and browser crash) via unspecified vectors. | |||||
| CVE-2007-4251 | 1 Openoffice | 1 Openoffice | 2018-10-15 | 4.3 MEDIUM | N/A |
| OpenOffice.org (OOo) 2.2 does not properly handle files with multiple extensions, which allows user-assisted remote attackers to cause a denial of service. | |||||
| CVE-2007-4253 | 1 Envolution | 1 Envolution | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the News module in modules.php in Envolution 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2005-4263. | |||||
| CVE-2007-4255 | 1 Php | 1 Php | 2018-10-15 | 7.5 HIGH | N/A |
| Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function. | |||||
| CVE-2007-4283 | 1 Coppermine | 1 Coppermine Photo Gallery | 2018-10-15 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter. | |||||
| CVE-2007-4384 | 1 Stephane Pineau | 1 Vote | 2018-10-15 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in depouilg.php3 in Stephane Pineau VOTE 1c allow remote attackers to execute arbitrary PHP code via a URL in the (1) NomVote and (2) FilePalHex parameters. | |||||
| CVE-2007-4385 | 1 Owasp | 1 Stinger | 2018-10-15 | 6.8 MEDIUM | N/A |
| OWASP Stinger before 2.5 allows remote attackers to bypass input validation routines by using multipart encoded requests instead of form-urlencoded requests. NOTE: this might be used to expose vulnerabilities in applications that would otherwise be protected by the validation routines. | |||||
| CVE-2007-4387 | 1 2wire | 2 1701hg Router, 2071 Router | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG and 2071 Gateway routers, with 3.17.5 and 5.29.51 software, allows remote attackers to perform certain configuration changes as administrators. | |||||
| CVE-2007-4288 | 1 Microsoft | 1 Windows Media Player | 2018-10-15 | 4.3 MEDIUM | N/A |
| Microsoft Windows Media Player 11 (wmplayer.exe) allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .au file that triggers a divide-by-zero error, as demonstrated by iapetus.au. | |||||
| CVE-2007-4373 | 1 Rndlabs | 1 Babo Violent | 2018-10-15 | 6.8 MEDIUM | N/A |
| The server in Babo Violent 2 2.08.00 and earlier does not properly implement password protection, which might allow remote attackers to bypass authentication by reconnecting after a connection closes. | |||||
| CVE-2007-4371 | 1 Hotscripts | 1 Neuron Blog | 2018-10-15 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in admin/pages/blog-add.php in Neuron Blog 1.1 allows remote attackers to upload and execute arbitrary PHP files in uploads/. | |||||
| CVE-2007-4374 | 1 Rndlabs | 1 Babo Violent | 2018-10-15 | 4.0 MEDIUM | N/A |
| Babo Violent 2 2.08.00 does not validate the sender field of a chat message composed by a client, which allows remote authenticated users to spoof messages. | |||||
| CVE-2007-4259 | 1 Ez Photo Sales | 1 Ez Photo Sales | 2018-10-15 | 5.0 MEDIUM | N/A |
| EZPhotoSales 1.9.3 and earlier allows remote attackers to download arbitrary image files via (1) a direct request for a URL under OnlineViewing/galleries/ or (2) navigation of the gallery user interface with JavaScript disabled. | |||||
| CVE-2007-4260 | 1 Ez Photo Sales | 1 Ez Photo Sales | 2018-10-15 | 5.0 MEDIUM | N/A |
| EZPhotoSales 1.9.3 and earlier has a default "admin" account for galleries, which allows remote attackers to access arbitrary galleries by specifying this username. | |||||
| CVE-2007-4369 | 1 Sote | 1 Soteesklep | 2018-10-15 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in go/_files in SOTEeSKLEP before 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2007-4262 | 1 Ez Photo Sales | 1 Ez Photo Sales | 2018-10-15 | 8.5 HIGH | N/A |
| Unrestricted file upload vulnerability in EZPhotoSales 1.9.3 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP code under OnlineViewing/galleries/. | |||||
| CVE-2007-4340 | 1 Phpdvd | 1 Phpdvd | 2018-10-15 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in phpDVD 1.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the dvd_config_file parameter. | |||||
| CVE-2007-4365 | 1 Exv2 | 1 Content Management System | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a set_lang cookie to an unspecified component. NOTE: this may overlap CVE-2007-1965. | |||||
| CVE-2007-4284 | 1 Cisco | 1 Meetingplace Web Confrencing | 2018-10-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified MeetingPlace Web Conferencing (MP) 5.3.235.0 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) Success Template (STPL) and (2) Failure Template (FTPL) parameters, which are not properly handled in an error message. | |||||
| CVE-2007-4289 | 1 Sun | 1 Java System Portal Server | 2018-10-15 | 6.8 MEDIUM | N/A |
| Sun Java System Portal Server 7.0 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3715. | |||||
| CVE-2007-4229 | 1 Kde | 1 Konqueror | 2018-10-15 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows remote attackers to cause a denial of service (failed assertion and application crash) via certain malformed HTML, as demonstrated by a document containing TEXTAREA, BUTTON, BR, BDO, PRE, FRAMESET, and A tags. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-4361 | 1 Netgear | 1 Readynas Raidiator | 2018-10-15 | 10.0 HIGH | N/A |
| NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardware serial number, which makes it easier for remote attackers to guess the password and obtain login access. | |||||
| CVE-2007-4375 | 1 Diskeeper | 1 Diskeeper | 2018-10-15 | 5.8 MEDIUM | N/A |
| The administrative interface (aka DkService.exe) in Diskeeper 9 Professional, 2007 Pro Premier, and probably other versions exposes a memory comparison function via RPC over TCP, which allows remote attackers to (1) obtain sensitive information (process memory contents), as demonstrated by an attack that obtains module base addresses to defeat Address Space Layout Randomization (ASLR); or (2) cause a denial of service (application crash) via an out-of-bounds address. | |||||
| CVE-2007-4376 | 1 Szymon Kosok | 1 Best Top List | 2018-10-15 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in banner-upload.php in Szymon Kosok Best Top List allows remote attackers to upload and execute arbitrary PHP files in banners/. | |||||
| CVE-2007-4378 | 1 Rndlabs | 1 Babo Violent | 2018-10-15 | 6.8 MEDIUM | N/A |
| Multiple format string vulnerabilities in Babo Violent 2 2.08.00 and earlier allow remote attackers to execute arbitrary code via format string specifiers in (1) a message or (2) certain data associated with an admin login. | |||||
| CVE-2007-4329 | 1 Mapos Scripts | 1 Web News | 2018-10-15 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Web News 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php, (2) news.php, or (3) feed.php. | |||||
| CVE-2007-4308 | 2 Adaptec, Linux | 2 Aacraid Controller, Linux Kernel | 2018-10-15 | 1.9 LOW | N/A |
| The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges. | |||||
| CVE-2007-4313 | 1 Php Blue Dragon | 1 Php Blue Dragon Cms | 2018-10-15 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in public_includes/pub_blocks/activecontent.php in Php Blue Dragon CMS 3.0.0 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter, a different vector than CVE-2006-2392, CVE-2006-3076, and CVE-2006-6958. | |||||
| CVE-2007-4230 | 1 Jems Scripts | 1 Bellabiblio | 2018-10-15 | 7.5 HIGH | N/A |
| ** DISPUTED ** BellaBiblio allows remote attackers to gain administrative privileges via a bellabiblio cookie with the value "administrator." NOTE: this issue is disputed by CVE and multiple third parties because the cookie value must be an MD5 hash. | |||||
| CVE-2007-4382 | 1 Counterpath | 1 X-lite | 2018-10-15 | 5.0 MEDIUM | N/A |
| CounterPath X-Lite 3.0 34025, and possibly eyeBeam, allows remote attackers to cause a denial of service (device crash) via a SIP INVITE message without a Content-Type header. | |||||
| CVE-2007-4360 | 1 Dell | 1 Remote Access Card | 2018-10-15 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Dell Remote Access Card 4 (DRAC4) with firmware 1.50 Build 02.16 allows remote attackers to cause a denial of service (SSH daemon crash) via certain network traffic, as demonstrated by an "nmap -O" scan with nmap 4.03, possibly related to a Mocana (Mocanada) SSH vulnerability. | |||||
| CVE-2007-4316 | 1 Zyxel | 2 Zynos, Zywall 2 | 2018-10-15 | 4.3 MEDIUM | N/A |
| The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device has a certain default password, which allows remote attackers to perform administrative actions. | |||||
| CVE-2007-4359 | 1 Skilmatch Staffing Systems | 1 Joblister3 | 2018-10-15 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in SkilMatch Staffing Systems JobLister3 allow remote attackers to execute arbitrary SQL commands via (1) the search form or (2) the jobid parameter to index.php in a showbyID action. | |||||
| CVE-2007-4317 | 1 Zyxel | 2 Zynos, Zywall 2 | 2018-10-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allow remote attackers to perform certain actions as administrators, as demonstrated by a request to Forms/General_1 with the (1) sysSystemName and (2) sysDomainName parameters. | |||||
| CVE-2007-4318 | 1 Zyxel | 2 Zynos, Zywall 2 | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Forms/General_1 in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to inject arbitrary web script or HTML via the sysSystemName parameter. | |||||
| CVE-2007-4358 | 1 Zoidcom | 1 Zoidcom | 2018-10-15 | 4.3 MEDIUM | N/A |
| Zoidcom 0.6.7 and earlier allows remote attackers to cause a denial of service (application crash) via a JOIN packet (aka connection packet) containing 0x69 in the ninth byte, which triggers a "double-delete" of trace data, a different vulnerability than CVE-2005-1643. | |||||
| CVE-2007-4357 | 1 Mozilla | 1 Firefox | 2018-10-15 | 5.0 MEDIUM | N/A |
| Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof the contents of the status bar via a link to a data: URI containing an encoded URL. NOTE: the severity of this issue has been disputed by a reliable third party, since the intended functionality of the status bar allows it to be modified. | |||||
| CVE-2007-4379 | 1 Rndlabs | 1 Babo Violent | 2018-10-15 | 4.3 MEDIUM | N/A |
| Babo Violent 2 2.08.00 and earlier allows remote attackers to cause a denial of service (application crash) via (1) a value greater than 0x27 for the (a) 0xca, (b) 0xcb, (c) 0xcc, (d) 0xce, (e) 0xcf, or (f) 0xd0 data ID; (2) a nonexistent map name; or (3) a UDP packet that specifies a large data size. | |||||
| CVE-2007-4341 | 1 Omnistar | 1 Lib2 Php Library | 2018-10-15 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in adm/my_statistics.php in Omnistar Lib2 PHP 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. | |||||
| CVE-2007-4242 | 1 Astaro | 1 Security Gateway | 2018-10-15 | 5.0 MEDIUM | N/A |
| The pop3 Proxy in Astaro Security Gateway (ASG) 7 does not perform virus scanning of attachments that exceed the maximum attachment size, and passes these attachments, which allows remote attackers to bypass this scanning via a large attachment. | |||||
| CVE-2007-4325 | 1 Mapos Scripts | 1 Gaestebuch | 2018-10-15 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in Gaestebuch 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter. | |||||