Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2792 | 1 Com Yanc | 1 Com Yanc | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Yet another Newsletter Component (aka YaNC or com_yanc) component before 1.5 beta 3 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-3082 | 1 Sendcard | 1 Sendcard | 2017-10-11 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sc_language parameter. | |||||
| CVE-2007-2271 | 1 Rajneel Lal Totaram | 1 Usp Foss Distribution | 2017-10-11 | 9.4 HIGH | N/A |
| Directory traversal vulnerability in Rajneel Lal TotaRam USP FOSS Distribution 1.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the dnld parameter. | |||||
| CVE-2007-2270 | 1 Linksys | 1 Spa941 | 2017-10-11 | 7.8 HIGH | N/A |
| The Linksys SPA941 VoIP Phone allows remote attackers to cause a denial of service (device reboot) via a 0377 (0xff) character in the From header, and possibly certain other locations, in a SIP INVITE request. | |||||
| CVE-2007-2305 | 1 Qdblog | 1 Qdblog | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in authenticate.php in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | |||||
| CVE-2007-2304 | 1 Qdblog | 1 Qdblog | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to categories.php and other unspecified files. | |||||
| CVE-2007-1842 | 1 Jsboard | 1 Jsboard | 2017-10-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019. | |||||
| CVE-2007-2853 | 1 H\+h | 2 Vcdapilibapi Activex Control, Virtual Cd | 2017-10-11 | 10.0 HIGH | N/A |
| The VCDAPILibApi ActiveX control in vc9api.DLL 9.0.0.57 in Virtual CD 9.0.0.2 allows remote attackers to execute arbitrary commands via a command line in the first argument to the VCDLaunchAndWait function. | |||||
| CVE-2007-1839 | 1 Codebb | 1 Codebb | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in CodeBB 1.1b3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) pass_code.php or (2) lang_select. | |||||
| CVE-2007-2313 | 1 Mxbb | 1 Mx Shotcast | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in getinfo1.php in the Shotcast 1.0 RC2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter. | |||||
| CVE-2007-2507 | 1 Treble Designs | 1 1024 Cms | 2017-10-11 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in includes/download.php in Treble Designs 1024 CMS 0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the item parameter. | |||||
| CVE-2007-1837 | 1 Mangobery Cms | 1 Mangobery Cms | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in MangoBery CMS 0.5.5 allow remote attackers to execute arbitrary PHP code via a URL in the Site_Path parameter to (1) boxes/quotes.php or (2) templates/mangobery/footer.sample.php. | |||||
| CVE-2007-2774 | 1 Sunlight Cms | 1 Sunlight Cms | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SunLight CMS 5.3 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) _connect.php or (2) modules/startup.php. | |||||
| CVE-2007-2775 | 1 Alstrasoft | 1 Live Support | 2017-10-11 | 10.0 HIGH | N/A |
| AlstraSoft Live Support 1.21 sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request to admin/managesettings.php. | |||||
| CVE-2007-2762 | 1 Build It Fast | 1 Build It Fast | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Build it Fast (bif3) 0.4.1 allow remote attackers to execute arbitrary PHP code via a URL in (1) the pear_dir parameter to Base/Application.php, or the (2) sys_dir parameter to (a) Footer.php, (b) widget.BifContainer.php, (c) widget.BifRoot.php, (d) widget.BifRoot2.php, (e) widget.BifRoot3.php, or (f) widget.BifWarning.php in Widgets/Base/. | |||||
| CVE-2007-2211 | 1 Mybulletinboard | 1 Mybulletinboard | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action. | |||||
| CVE-2007-2317 | 2 Minibb, Tosmo Mambo | 2 Minibb, Tosmo Mambo | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier, as used by TOSMO/Mambo 4.0.12 and probably other products, allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to bb_plugins.php in (1) components/minibb/ or (2) components/com_minibb, or (3) configuration.php. NOTE: the com_minibb.php vector is already covered by CVE-2006-3690. | |||||
| CVE-2007-2209 | 2 Accusoft, Corel | 2 Imagegear, Paint Shop Pro | 2017-10-11 | 6.8 MEDIUM | N/A |
| Buffer overflow in igcore15d.dll 15.1.2.0 and 15.2.0.0 for AccuSoft ImageGear, as used in Corel Paint Shop Pro Photo 11.20 and possibly other products, allows user-assisted remote attackers to execute arbitrary code via a crafted .CLP file. NOTE: some details were obtained from third party sources. | |||||
| CVE-2007-2525 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 4.9 MEDIUM | N/A |
| Memory leak in the PPP over Ethernet (PPPoE) socket implementation in the Linux kernel before 2.6.21-git8 allows local users to cause a denial of service (memory consumption) by creating a socket using connect, and releasing it before the PPPIOCGCHAN ioctl is initialized. | |||||
| CVE-2007-2204 | 1 Gpl Php Board | 1 Gpl Php Board | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in GPL PHP Board (GPB) unstable-2001.11.14-1 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) db.mysql.inc.php or (2) gpb.inc.php in include/, or the (3) theme parameter to themes/ubb/login.php. | |||||
| CVE-2007-2200 | 1 Pagode | 1 Pagode | 2017-10-11 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in navigator/navigator_ok.php in Pagode 0.5.8 allows remote attackers to read and possibly delete arbitrary files via a .. (dot dot) in the asolute parameter. | |||||
| CVE-2007-2526 | 1 Smartcode | 1 Vnc Manager | 2017-10-11 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the ConnectAsyncEx function in VNC Viewer ActiveX control (scvncctrl.dll) in the SmartCode VNC Manager 3.6 allows remote attackers to execute arbitrary code via a long argument. | |||||
| CVE-2007-2941 | 1 Michael Brandon | 1 Vbgsitemap | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the creator in vBulletin Google Yahoo Site Map (vBGSiteMap) 2.41 for vBulletin allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) vbgsitemap/vbgsitemap-config.php or (2) vbgsitemap/vbgsitemap-vbseo.php. | |||||
| CVE-2007-2902 | 1 Dokeos | 1 Dokeos | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in main/auth/my_progress.php in Dokeos 1.8.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the course parameter. | |||||
| CVE-2007-2189 | 1 Mx Smartor | 1 Full Album Pack | 2017-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin/admin_album_otf.php in the MX Smartor Full Album Pack (FAP) 2.0 RC1 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-2530 | 1 Tropicalm | 1 Tropicalm Crowell Resource | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Tropicalm Crowell Resource 4.5.2 allow remote attackers to execute arbitrary PHP code via a URL in the RESPATH parameter to (1) dosearch.php or (2) printfriendly.php. | |||||
| CVE-2007-2756 | 1 Libgd | 1 Libgd | 2017-10-11 | 4.3 MEDIUM | N/A |
| The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng. | |||||
| CVE-2007-2302 | 1 Expow | 1 Expow | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in autoindex.php in Expow 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_file parameter. | |||||
| CVE-2007-2531 | 1 Berylium | 1 Berylium2 | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in berylium-classes.php in Berylium2 2003-08-18 allows remote attackers to execute arbitrary PHP code via a URL in the beryliumroot parameter. | |||||
| CVE-2007-3107 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 2.1 LOW | N/A |
| The signal handling in the Linux kernel before 2.6.22, including 2.6.2, when running on PowerPC systems using HTX, allows local users to cause a denial of service via unspecified vectors involving floating point corruption and concurrency, related to clearing of MSR bits. | |||||
| CVE-2007-2187 | 1 Extremail | 1 Extremail | 2017-10-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in eXtremail 2.1.1 and earlier allows remote attackers to execute arbitrary code via a long DNS response. NOTE: this might be related to CVE-2006-6926. | |||||
| CVE-2007-2320 | 1 Papoo | 1 Papoo | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in kontakt.php in Papoo 3.02 and earlier allows remote attackers to execute arbitrary SQL commands via the menuid parameter, a different vector than CVE-2005-4478. | |||||
| CVE-2007-2540 | 1 Pmecms | 1 Pmecms | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PMECMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[pathMod] parameter to index.php in (1) mod/image/, (2) mod/liens/, (3) mod/liste/, (4) mod/special/, or (5) mod/texte/. | |||||
| CVE-2007-2186 | 2 Foxit, Microsoft | 9 Pdf Reader, Windows 2000, Windows 2003 Server and 6 more | 2017-10-11 | 5.0 MEDIUM | N/A |
| Foxit Reader 2.0 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. | |||||
| CVE-2007-2755 | 1 Precisionid Barcode | 1 Precisionid Barcode | 2017-10-11 | 10.0 HIGH | N/A |
| The PrecisionID Barcode 1.9 ActiveX control in PrecisionID_Barcode.dll, when Internet Explorer 6 is used, allows remote attackers to overwrite arbitrary files via a full pathname to the SaveToFile function, a different vulnerability than CVE-2007-2744. | |||||
| CVE-2007-3139 | 1 Open Solution | 1 Quick.cart | 2017-10-11 | 6.8 MEDIUM | N/A |
| config/general.php in Quick.Cart 2.2 and earlier uses a default username and password, which allows remote attackers to access the application via a login action to admin.php. NOTE: this can be leveraged to upload and execute arbitrary code. | |||||
| CVE-2007-2184 | 1 Jchit | 1 Counter | 2017-10-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in imgsrv.php in jchit counter 1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the acc parameter. | |||||
| CVE-2007-2183 | 1 Php-ring | 1 Webring System | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PHP-Ring Webring System (aka uPHP_ring_website) 0.9 allows remote attackers to execute arbitrary SQL commands via the ring parameter. | |||||
| CVE-2007-2182 | 1 Maran | 1 Php Forum | 2017-10-11 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in forum_write.php in Maran PHP Forum allows remote attackers to upload and execute arbitrary PHP files via a trailing %00 in a filename in the page parameter. | |||||
| CVE-2007-2181 | 1 Webinsta | 1 Fm Manager | 2017-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin/login.php in Webinsta FM Manager 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter, a different product and vector than CVE-2005-0748. | |||||
| CVE-2007-2541 | 1 Versado Cms | 1 Versado Cms | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/ajax_listado.php in Versado CMS 1.07 allows remote attackers to execute arbitrary PHP code via a URL in the urlModulo parameter. | |||||
| CVE-2007-3168 | 1 Edraw | 1 Office Viewer Component | 2017-10-11 | 7.8 HIGH | N/A |
| A certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to delete arbitrary files via the DeleteLocalFile method. | |||||
| CVE-2007-2542 | 1 Workbench Survival Guide | 1 Workbench Survival Guide | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in header.php in workbench survival guide 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||
| CVE-2007-2301 | 1 Arash | 1 Audiocms | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in audioCMS arash 0.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the arashlib_dir parameter to (1) edit.inc.php and (2) list_features.inc.php in arash_lib/include, and (3) arash_gadmin.class.php and (4) arash_sadmin.class.php in arash_lib/class/. | |||||
| CVE-2007-2543 | 1 Xoops | 1 Flashgames Module | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in game.php in the Flashgames 1.0.1 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter. | |||||
| CVE-2007-3138 | 1 Open Solution | 1 Quick.cart | 2017-10-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in Open Solution Quick.Cart 2.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in an sLanguage cookie, which is used to define a value in config/general.php. | |||||
| CVE-2007-2169 | 1 Mozzers Subsystem | 1 Mozzers Subsystem | 2017-10-11 | 7.5 HIGH | N/A |
| Static code injection vulnerability in add.php in Mozzers SubSystem 1.0 allows remote attackers to inject PHP code into subs.php via the (1) Sub-name or (2) Sub-url field. NOTE: an earlier report indicated that the add action can be reached through a request to index.php. | |||||
| CVE-2007-2324 | 1 Julmajanne | 1 Julmacms | 2017-10-11 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in file.php in JulmaCMS 1.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2007-2544 | 1 Php Toptree Bbs | 1 Php Toptree Bbs | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in templates/default/tpl_message.php in PHP TopTree BBS 2.0.1a and earlier allows remote attackers to execute arbitrary PHP code via a URL in the right_file parameter. | |||||
| CVE-2007-2545 | 1 Persism Cms | 1 Persism Cms | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Persism CMS 0.9.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the system[path] parameter to (1) blocks/headerfile.php, (2) files/blocks/latest_files.php, (3) filters/headerfile.php, (4) forums/blocks/latest_posts.php, (5) groups/headerfile.php, (6) links/blocks/links.php, (7) menu/headerfile.php, (8) news/blocks/latest_news.php, (9) settings/headerfile.php, or (10) users/headerfile.php, in modules/. | |||||