Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6287 | 1 Atomix Productions | 1 Atomixmp3 | 2017-10-19 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in AtomixMP3 2.3 and earlier allows remote attackers to execute arbitrary code via a long pathname in an M3U file. | |||||
| CVE-2007-0300 | 1 Tlm Cms | 1 Tlm Cms | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in i-accueil.php in TLM CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. | |||||
| CVE-2007-0498 | 1 Sky Gunning | 1 Myspeach | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter. | |||||
| CVE-2007-0496 | 1 Neon Labs | 1 Neon Labs Website | 2017-10-19 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the g_strRootDir parameter. | |||||
| CVE-2007-0015 | 1 Apple | 1 Quicktime | 2017-10-19 | 6.8 MEDIUM | N/A |
| Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI. | |||||
| CVE-2007-0495 | 1 Phpsherpa | 1 Phpsherpa | 2017-10-19 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/config.inc.php in PhpSherpa allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter. | |||||
| CVE-2007-0020 | 1 Panic Transmit | 1 Panic Transmit | 2017-10-19 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the SFTP protocol handler for Panic Transmit (Transmit.app) up to 3.5.5 allows remote attackers to execute arbitrary code via a long ftps:// URL. | |||||
| CVE-2006-5547 | 1 Otscms | 1 Otscms | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open Tibia Server Content Management System (OTSCMS) 1.0.0 through 1.0.3 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][otscms][directories][includes] parameter. | |||||
| CVE-2006-5458 | 1 Hinton Design | 1 Phpht Topsites | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in common.php in Hinton Design phpht Topsites allows remote attackers to execute arbitrary PHP code via a URL in the phpht_real_path parameter. | |||||
| CVE-2007-0489 | 1 Visohotlink | 1 Visohotlink | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/functions.visohotlink.php in VisoHotlink 1.01 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2007-0261 | 1 Snews | 1 Snews | 2017-10-19 | 10.0 HIGH | N/A |
| snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter. | |||||
| CVE-2007-0049 | 1 Geckovich | 2 Tasktracker, Tasktracker Pro | 2017-10-19 | 7.5 HIGH | N/A |
| Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to add administrative or other accounts via an Add action with a modified GroupID in a direct request to Customize.asp. | |||||
| CVE-2007-0052 | 1 Vizayn Haber | 1 Vizayn Haber | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in haberdetay.asp in Vizayn Haber allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0053 | 1 Asp Siteware | 1 Autodealer | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.asp in ASP SiteWare autoDealer 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the iPro parameter. | |||||
| CVE-2007-0055 | 1 Fersch | 1 Formbankserver | 2017-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in formbankcgi.exe/AbfrageForm in Formbankserver 1.9 allows remote attackers to read arbitrary files via directory traversal sequences in the Name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0301 | 1 Fdweb | 1 Espace Membre | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in _admin/admin_menu.php in FdWeB Espace Membre 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||
| CVE-2007-0371 | 1 Common Controls Replacement Project | 1 Browsedialog Server | 2017-10-19 | 4.3 MEDIUM | N/A |
| A certain ActiveX control in the Common Controls Replacement Project (CCRP) CCRP BrowseDialog Server (ccrpbds6.dll) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP_BDc.SelectedFolder property value. | |||||
| CVE-2007-0370 | 1 Phpbp | 1 Phpbp | 2017-10-19 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in index.php in phpBP RC3 (2.204) and earlier allows remote administrators to inject arbitrary PHP code into an upload/banners/ file via a banners add operation that uploads the PHP code through an image_form parameter specifying a multiple-extension filename such as .jpg.vil.gif.php, which is stored in upload/banners/ under a different name, and executable via a direct request. NOTE: a separate SQL injection issue could be leveraged to make this vulnerability reachable by remote unauthenticated attackers. | |||||
| CVE-2007-0082 | 1 Imgallery | 1 Imgallery | 2017-10-19 | 6.5 MEDIUM | N/A |
| users_adm/start1.php in IMGallery 2.5 and earlier does not properly handle files with multiple extensions, which allows remote authenticated users to upload and execute arbitrary PHP scripts. | |||||
| CVE-2007-0091 | 1 Katy Whitton Web Development | 1 Newscmslite | 2017-10-19 | 7.5 HIGH | N/A |
| newsCMSlite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for newsCMS.mdb. | |||||
| CVE-2007-0092 | 1 E-smart Cart | 1 E-smart Cart | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter. | |||||
| CVE-2007-0354 | 1 Mgb | 1 Opensource Guestbook | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in email.php in MGB OpenSource Guestbook 0.5.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0098 | 1 Verliadmin | 1 Verliadmin | 2017-10-19 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php. | |||||
| CVE-2007-0304 | 1 Mint | 1 Haber Sistemi | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in duyuru.asp in MiNT Haber Sistemi 2.7 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0345 | 1 Apple | 1 Mac Os X | 2017-10-19 | 6.8 MEDIUM | N/A |
| The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain Access.app/Contents/Resources/kcproxy, and (3) ODBC Administrator.app/Contents/Resources/iodbcadmintool programs in /Applications/Utilities/ in Mac OS X 10.4.8 have weak permissions (writable by admin group), which allows local admin users to gain root privileges by modifying a program and then performing permissions repair via diskutil. | |||||
| CVE-2007-0311 | 1 Texas Imperial Software | 2 Wftpd, Wftpd Pro Server | 2017-10-19 | 5.0 MEDIUM | N/A |
| Texas Imperial Software WFTPD and WFTPD Pro Server 3.25 and earlier allow remote attackers to cause a denial of service (application crash) via a long SITE ADMIN command. | |||||
| CVE-2007-0120 | 1 Acunetix | 1 Web Vulnerability Scanner | 2017-10-19 | 1.9 LOW | N/A |
| Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and earlier allows remote attackers to cause a denial of service (application crash) via multiple HTTP requests containing invalid Content-Length values. | |||||
| CVE-2007-0329 | 1 Joonas Viljanen | 1 Jv2 Folder Gallery | 2017-10-19 | 5.0 MEDIUM | N/A |
| download.php in Joonas Viljanen JV2 Folder Gallery allows remote attackers to read sensitive files via a relative pathname in the file parameter, as demonstrated by config/gallerysetup.php. NOTE: this issue might be resultant from a directory traversal vulnerability. | |||||
| CVE-2007-0128 | 1 Digiappz | 1 Digirez | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in info_book.asp in Digirez 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the book_id parameter. | |||||
| CVE-2007-0129 | 1 Locazo | 1 Locazolist Classifieds | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in main.asp in LocazoList 2.01a beta5 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatID parameter. | |||||
| CVE-2007-0306 | 1 Digiappz | 1 Digiaffiliate | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in visu_user.asp in Digiappz DigiAffiliate 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0135 | 1 Aratix | 1 Aratix | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix 0.2.2 beta 11 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the current_path parameter. | |||||
| CVE-2006-5429 | 1 Barry Nauta | 1 Brim | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Barry Nauta BRIM 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the renderer parameter in template.tpl.php in (1) templates/barrel/, (2) templates/sidebar/, (3) templates/text-only, (4) templates/slashdot/, (5) templates/penguin/, (6) templates/pda/, (7) templates/oerdec/, (8) templates/nifty/, (9) templates/mylook, and (10) templates/barry/. | |||||
| CVE-2007-0429 | 1 Divx | 1 Divx Player | 2017-10-19 | 5.0 MEDIUM | N/A |
| DivXBrowserPlugin (aka DivX Web Player) npdivx32.dll, as distributed with DivX Player 6.4.1, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the GoWindowed method for a certain instance of the ActiveX object. | |||||
| CVE-2007-0369 | 1 Phpbp | 1 Phpbp | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in phpBP RC3 (2.204) and earlier allows remote attackers to execute arbitrary SQL commands via the comment forum. | |||||
| CVE-2007-0144 | 1 Digitizing Quote And Ordering System | 1 Digitizing Quote And Ordering System | 2017-10-19 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the ordernum parameter. | |||||
| CVE-2007-0340 | 1 Thwboard | 1 Thwboard | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in inc/header.inc.php in ThWboard 3.0b2.84-php5 and earlier allows remote attackers to execute arbitrary SQL commands via the board[styleid] parameter to index.php. | |||||
| CVE-2007-0368 | 1 Michiel Broek | 1 Mbse-bbs | 2017-10-19 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in mbse-bbs 0.70 and earlier allows local users to execute arbitrary code via a long string in the MBSE_ROOT environment variable. | |||||
| CVE-2006-5432 | 1 Marc Giombetti | 1 Phppowercards | 2017-10-19 | 2.6 LOW | N/A |
| Multiple direct static code injection vulnerabilities in db/txt.inc.php in phpPowerCards 2.10, when register_globals is enabled, allow remote attackers to create or overwrite arbitrary files via the (1) email[to], (2) email[from], (3) name[to], (4) name[from], (5) picture, (6) comment, or (7) sessionID parameter, as demonstrated by creating a new .php file that permits remote file inclusion, and then requesting this file. | |||||
| CVE-2006-6295 | 1 Mxbb | 1 Mx Tinies | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/mx_common.php in the mx_tinies 1.3.0 Module for MxBB Portal 1.06 allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | |||||
| CVE-2007-0395 | 1 Comvironment | 1 Comvironment | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in libraries/grab_globals.lib.php in ComVironment 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter. | |||||
| CVE-2007-0170 | 1 Allmyphp | 1 Allmyvisitors | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in AllMyVisitors 0.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the AMV_serverpath parameter. | |||||
| CVE-2007-0171 | 1 Voice Of Web | 1 Allmylinks | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in AllMyLinks 0.5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AML_opensite parameter. | |||||
| CVE-2007-0172 | 1 Voice Of Web | 1 Allmyguests | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the AMG_serverpath parameter to (1) comments.php and (2) signin.php; and possibly via a URL in unspecified parameters to (3) include/submit.inc.php, (4) admin/index.php, (5) include/cm_submit.inc.php, and (6) index.php. | |||||
| CVE-2007-0173 | 1 L2j | 1 Statistik Script | 2017-10-19 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php. | |||||
| CVE-2006-5433 | 1 Timm Maass | 1 Alice Cms | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in modules/guestbook/index.php in ALiCE-CMS 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[local_root] parameter. | |||||
| CVE-2007-0307 | 1 Poplar Gedcom Viewer | 1 Poplar Gedcom Viewer | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/common.php in Poplar Gedcom Viewer 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[rootPath] parameter. | |||||
| CVE-2006-5434 | 1 P-news | 1 P-news | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in p-news.php in P-News 1.16 and 1.17 allows remote attackers to execute arbitrary PHP code via a URL in the pn_lang parameter. | |||||
| CVE-2007-0361 | 1 Comscripts | 1 Phpmyphorum | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in mep/frame.php in PHPMyphorum 1.5a allows remote attackers to execute arbitrary PHP code via a URL in the chem parameter. | |||||
| CVE-2007-0388 | 1 Woltlab | 1 Burning Board | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in Woltlab Burning Board (wBB) 1.0.2 and earlier, and 2.3.6 and earlier in the 2.x series, allows remote attackers to execute arbitrary SQL commands via the boardids[1] and other boardids[] parameters. | |||||