Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0827 | 1 Alibaba | 1 Alipay Activex Control | 2017-10-19 | 6.8 MEDIUM | N/A |
| The Alibaba Alipay PTA Module ActiveX control (PTA.DLL) allows remote attackers to execute arbitrary code via a JavaScript function that invokes the Remove method with an invalid index argument, which is used as an offset for a function call. | |||||
| CVE-2007-0681 | 1 Extcalendar | 1 Extcalendar | 2017-10-19 | 7.5 HIGH | N/A |
| profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to register.php. | |||||
| CVE-2007-0639 | 1 Guppy | 1 Guppy | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple static code injection vulnerabilities in error.php in GuppY 4.5.16 and earlier allow remote attackers to inject arbitrary PHP code into a .inc file in the data/ directory via (1) a REMOTE_ADDR cookie or (2) a cookie specifying an element of the msg array with an error number in the first dimension and 0 in the second dimension, as demonstrated by msg[999][0]. | |||||
| CVE-2007-0643 | 1 Bloodshed Software | 1 Dev-c\+\+ | 2017-10-19 | 4.3 MEDIUM | N/A |
| Stack-based buffer overflow in Bloodshed Dev-C++ 4.9.9.2 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp file. | |||||
| CVE-2007-0826 | 1 Kisisel Site 2007 | 1 Kisisel Site Forum.asp | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forum.asp in Kisisel Site 2007 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. | |||||
| CVE-2007-1059 | 1 Ultimate Fun Book | 1 Ultimate Fun Book | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in function.php in Ultimate Fun Book 1.02 allows remote attackers to execute arbitrary PHP code via a URL in the gbpfad parameter. NOTE: some sources mention "Ultimate Fun Board," but this appears to be an error. | |||||
| CVE-2007-1058 | 1 Online Web Building | 1 Online Web Building | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in user_pages/page.asp in Online Web Building 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter. | |||||
| CVE-2007-1011 | 1 Vs-gastebuch | 1 Vs-gastebuch | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in functions_inc.php in VS-Gastebuch 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gb_pfad parameter. | |||||
| CVE-2007-1428 | 1 Php Labs | 1 Jobsitepro | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in PHP Labs JobSitePro 1.0 allows remote attackers to execute arbitrary SQL commands via the salary parameter. | |||||
| CVE-2007-0656 | 1 Phpbb2-modificat | 1 Phpbb2-modificat | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/functions.php in phpBB2-MODificat 0.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-0662 | 1 Hailboards | 1 Hailboards | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/usercp_viewprofile.php in Hailboards 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-0865 | 1 Lushinews | 1 Lushinews | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comments.php in LushiNews 1.01 and earlier allows remote authenticated users to inject arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0703 | 1 Webbuilder | 1 Webbuilder | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in library/StageLoader.php in WebBuilder 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[core][module_path] parameter. | |||||
| CVE-2007-0679 | 1 Nicolas Grandjean | 1 Phpmyring | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lang/leslangues.php in Nicolas Grandjean PHPMyRing 4.1.3b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fichier parameter. | |||||
| CVE-2007-1423 | 1 Work System E-commerce | 1 Work System E-commerce | 2017-10-19 | 9.3 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in WORK system e-commerce 3.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the g_include parameter to include/include_top.php and certain other PHP scripts. | |||||
| CVE-2007-0682 | 1 Jv2 | 1 Folder Gallery | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in theme/include_mode/template.php in JV2 Folder Gallery 3.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the galleryfilesdir parameter. | |||||
| CVE-2007-0686 | 1 Intel | 1 2200bg Proset Wireless | 2017-10-19 | 7.1 HIGH | N/A |
| The Intel 2200BG 802.11 Wireless Mini-PCI driver 9.0.3.9 (w29n51.sys) allows remote attackers to cause a denial of service (system crash) via crafted disassociation packets, which triggers memory corruption of "internal kernel structures," a different vulnerability than CVE-2006-6651. NOTE: this issue might overlap CVE-2006-3992. | |||||
| CVE-2007-0502 | 1 Webspell | 1 Webspell | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows remote attackers to execute arbitrary SQL commands via the picID parameter, a different vector than CVE-2007-0492. | |||||
| CVE-2007-0920 | 1 Philboard | 1 Philboard | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in philboard_forum.asp in Philboard 1.14 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter. | |||||
| CVE-2007-0562 | 1 Microsoft | 1 Windows Explorer | 2017-10-19 | 4.3 MEDIUM | N/A |
| Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .avi file, which triggers the crash when the user right clicks on the file. | |||||
| CVE-2007-0500 | 1 Bradabra | 1 Bradabra | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/includes.php in Bradabra 2.0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. | |||||
| CVE-2007-0504 | 1 Vote Pro | 1 Vote Pro | 2017-10-19 | 10.0 HIGH | N/A |
| Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and possibly other scripts, allows remote attackers to execute arbitrary code via the poll_id parameter, which is supplied to an eval function call, a different vulnerability type than CVE-2005-4632. | |||||
| CVE-2007-0508 | 1 Bbclone | 1 Bbclone | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/selectlang.php in BBClone 0.31 allows remote attackers to execute arbitrary PHP code via a URL in the BBC_LANGUAGE_PATH parameter. | |||||
| CVE-2007-1539 | 1 Pragmamx | 1 Landkarten | 2017-10-19 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file. | |||||
| CVE-2007-0559 | 1 Rp World | 1 Rp World | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.php in RPW 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the sql_language parameter. | |||||
| CVE-2007-0511 | 1 Phpxmldom | 1 Phpxmldom | 2017-10-19 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpXMLDOM (phpXD) 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) dom.php, (2) dtd.php, or (3) parser.php in include/. | |||||
| CVE-2007-0702 | 1 Phpeventman | 1 Phpeventman | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpEventMan 1.0.2 allow remote attackers to execute arbitrary PHP code via a URL in the level parameter to (1) Shared/controller/text.ctrl.php or (2) UserMan/controller/common.function.php. | |||||
| CVE-2007-0825 | 1 Flashfxp | 1 Flashfxp | 2017-10-19 | 7.8 HIGH | N/A |
| FlashFXP 3.4.0 build 1145 allows remote servers to cause a denial of service (CPU consumption) via a response to a PWD command that contains a long string with deeply nested directory structure, possibly due to a buffer overflow. | |||||
| CVE-2007-0766 | 1 Remotesoft | 1 .net Explorer | 2017-10-19 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Remotesoft .NET Explorer 2.0.1 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp file. | |||||
| CVE-2007-0558 | 1 Inter7 | 1 Vhostadmin | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in modules/mail/main.php in Inter7 vHostAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the MODULES_DIR parameter. | |||||
| CVE-2007-0568 | 1 Myphpcommander | 1 Myphpcommander | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in system/lib/package.php in MyPHPCommander 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the gl_root parameter. | |||||
| CVE-2007-0701 | 1 Epistemon | 1 Epistemon | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/common.inc.php in Epistemon 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter. | |||||
| CVE-2007-0810 | 1 Geeklog | 1 Geeklog | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in MVCnPHP/BaseView.php in GeekLog 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_libraries] parameter. NOTE: this might be a vulnerability in MVCnPHP rather than a vulnerability in GeekLog. | |||||
| CVE-2007-0765 | 1 Db Masters Multimedia | 1 Curium Cms | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php in dB Masters Curium CMS 1.03 and earlier allows remote attackers to execute arbitrary SQL commands via the c_id parameter. | |||||
| CVE-2007-0848 | 1 Maian Recipe | 1 Maian Recipe | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in classes/class_mail.inc.php in Maian Recipe 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. | |||||
| CVE-2007-0812 | 1 Woltlab | 1 Burning Board Lite | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) Lite 1.0.2pl3e and earlier allows remote authenticated users to execute arbitrary SQL commands via the pmid[0] parameter. | |||||
| CVE-2007-0824 | 1 Lightro | 1 Lightro Cms | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inhalt.php in LightRO CMS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dateien[news] parameter. | |||||
| CVE-2007-0764 | 1 F3site | 1 F3site | 2017-10-19 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in F3Site 2.1 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP scripts via GIF86 header in a file in the uplf parameter, which can be later accessed via a relative pathname in the dir parameter in adm.php. | |||||
| CVE-2007-0763 | 1 F3site | 1 F3site | 2017-10-19 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the news comment functionality in F3Site 2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the Autor field. | |||||
| CVE-2007-0762 | 1 Phpbb\+\+ | 1 Phpbb\+\+ | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/functions.php in phpBB++ Build 100 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-0864 | 1 Lushiwarplaner | 1 Lushiwarplaner | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in register.php in LushiWarPlaner 1.0 allows remote attackers to inject arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0811 | 1 Microsoft | 1 Ie | 2017-10-19 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById. | |||||
| CVE-2007-0761 | 1 Phpbb | 1 Ezboard Converter | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.php in phpBB ezBoard converter (ezconvert) 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the ezconvert_dir parameter. | |||||
| CVE-2007-0569 | 1 X-dev | 1 Xnews | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in xNews.php in xNews 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a shownews action. | |||||
| CVE-2007-0697 | 1 Mentiss Acgv | 1 Acgvannu | 2017-10-19 | 6.4 MEDIUM | N/A |
| index2.php in ACGVannu 1.3 and earlier allows remote attackers to change the password or profile of a user via a modified id parameter, related to templates/modif.html. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0760 | 1 Eqdkp | 1 Eqdkp | 2017-10-19 | 7.5 HIGH | N/A |
| EQdkp 1.3.1 and earlier authenticates administrative requests by verifying that the HTTP Referer header specifies an admin/ URL, which allows remote attackers to read or modify account names and passwords via a spoofed Referer. | |||||
| CVE-2007-0757 | 1 Miguel Nunes | 1 Call Of Duty 2 Dreamstats System | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Miguel Nunes Call of Duty 2 (CoD2) DreamStats System 4.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter. | |||||
| CVE-2007-0571 | 1 Phpmyreports | 1 Phpmyreports | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/lib/lib_head.php in phpMyReports 3.0.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfgPathModule parameter. | |||||
| CVE-2007-0809 | 1 Ptirhiikmods | 1 Mod-ch | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/class_template.php in Categories hierarchy (aka CH or mod-CH) 2.1.2 in ptirhiikmods allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-0804 | 1 Ggcms | 1 Ggcms | 2017-10-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 RC1 and earlier allows remote attackers to inject arbitrary PHP code into arbitrary files via ".." sequences in the subpageName parameter, as demonstrated by injecting PHP code into a template file. | |||||