Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1818 | 1 Forum Picture And Meta Tags | 1 Forum Picture And Meta Tags | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in MOD_forum_fields_parse.php in the Forum picture and META tags 1.7 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-1817 | 1 Lykoszine | 1 Lykos Reviews Module | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Lykos Reviews (lykos_reviews) 1.00 module for Xoops allows remote attackers to execute arbitrary SQL commands via the uid parameter in a u action. | |||||
| CVE-2007-2167 | 1 Aimstats | 1 Aimstats | 2017-10-11 | 7.5 HIGH | N/A |
| Static code injection vulnerability in process.php in AimStats 3.2 allows remote attackers to inject PHP code into config.php via the number parameter in an update action. | |||||
| CVE-2007-2194 | 1 Gentoo | 1 Xnview | 2017-10-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in XnView 1.90.3 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-1895 | 1 Sky Gunning | 1 Myspeach | 2017-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier, when used with PHP 5, allows remote attackers to execute arbitrary PHP code via an ftp URL in a my_ms[root] cookie, a different vector than CVE-2007-0491 and CVE-2006-4630. | |||||
| CVE-2007-3136 | 1 Newssync | 1 Newssync | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/nuke_include.php in newsSync 1.5.0rc6 allows remote attackers to execute arbitrary PHP code via a URL in the newsSync_NUKE_PATH parameter. | |||||
| CVE-2007-1896 | 1 Sky Gunning | 1 Myspeach | 2017-10-11 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) and trailing %00 (NULL) in a my_ms[root] cookie. | |||||
| CVE-2007-2743 | 1 Glossword | 1 Glossword | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in custom_vars.php in GlossWord 1.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the sys[path_addon] parameter. | |||||
| CVE-2007-2193 | 1 Acd Systems | 2 Acdsee, Photo Editor | 2017-10-11 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the ID_X.apl plugin in ACDSee 9.0 Build 108, Pro 8.1 Build 99, and Photo Editor 4.0 Build 195 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2166 | 1 Opensurveypilot | 1 Opensurveypilot | 2017-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in administration/user/lib/group.inc.php in OpenSurveyPilot (osp) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfgPathToProjectAdmin parameter. | |||||
| CVE-2007-2456 | 1 Firefly | 1 Firefly | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in FireFly 1.1.01 allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) localize.php or (2) config.php in modules/admin/include/. | |||||
| CVE-2007-2341 | 1 Phpbandmanager | 1 Phpbandmanager | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in suite/index.php in phpBandManager 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the pg parameter. | |||||
| CVE-2007-2192 | 1 Antonio Da Cruz | 1 Photofiltre Studio | 2017-10-11 | 9.3 HIGH | N/A |
| Buffer overflow in Photofiltre Studio 8.1.1 allows user-assisted remote attackers to execute arbitrary code via a crafted .tif file. | |||||
| CVE-2007-2299 | 1 Frogss | 1 Frogss Cms | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Frogss CMS 0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) dzial parameter to (a) katalog.php, or the (2) t parameter to (b) forum.php or (c) forum/viewtopic.php, different vectors than CVE-2006-4536. | |||||
| CVE-2007-3098 | 1 Castle Rock Computing | 1 Snmpc | 2017-10-11 | 5.0 MEDIUM | N/A |
| The SNMPc Server (crserv.exe) process in Castle Rock Computing SNMPc before 7.0.19 allows remote attackers to cause a denial of service (crash) via a crafted packet to port 165/TCP. | |||||
| CVE-2007-3099 | 1 Redhat | 1 Enterprise Linux | 2017-10-11 | 2.1 LOW | N/A |
| usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service (iscsid exit or iSCSI connection loss). | |||||
| CVE-2007-3100 | 1 Redhat | 2 Enterprise Linux, Open Iscsi | 2017-10-11 | 2.1 LOW | N/A |
| usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 uses a semaphore with insecure permissions (world-writable/world-readable) for managing log messages using shared memory, which allows local users to cause a denial of service (hang) by grabbing the semaphore. | |||||
| CVE-2007-2939 | 1 Mazens Php Chat | 1 Mazens Php Chat | 2017-10-11 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Mazen's PHP Chat 3.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the basepath parameter to (1) ITX.php, (2) IT_Error.php, or (3) IT.php in include/pear/. | |||||
| CVE-2007-2560 | 1 Mentiss Acgv | 1 Acgvannu | 2017-10-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in theme/acgv.php in ACGVannu 1.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the rubrik parameter. | |||||
| CVE-2007-2307 | 1 Webkalk2 | 1 Webkalk2 | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in engine/engine.inc.php in WebKalk2 1.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter. | |||||
| CVE-2007-2158 | 1 Kooijman-design | 1 Jgallery | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in jGallery 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the G_JGALL[inc_path] parameter. | |||||
| CVE-2007-1816 | 1 Xoops | 1 Tutoriais Module | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewcat.php in the Tutoriais module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2007-2342 | 1 Creascripts | 1 Creadirectory | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in error.asp in CreaScripts CreaDirectory 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-6083. | |||||
| CVE-2007-1814 | 1 Xoops | 1 Core Module | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewcat.php in the Core module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-0377. | |||||
| CVE-2007-1900 | 1 Php | 1 Php | 2017-10-11 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent part of the address string. | |||||
| CVE-2007-3006 | 1 Acoustica | 1 Acoustica Mp3 Cd Burner | 2017-10-11 | 6.8 MEDIUM | N/A |
| Buffer overflow in Acoustica MP3 CD Burner 4.32 allows user-assisted remote attackers to execute arbitrary code via a .asx playlist file with a REF element containing a long string in the HREF attribute. NOTE: it was later claimed that 4.51 Build 147 is also affected. | |||||
| CVE-2007-1847 | 1 Xoops | 1 Repository Module | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewcat.php in the Repository module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2007-1907 | 1 Pathos | 1 Content Management System | 2017-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in warn.php in Pathos Content Management System (CMS) 0.92-2 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | |||||
| CVE-2007-1908 | 1 Php121 | 1 Php121 Instant Messenger | 2017-10-11 | 6.8 MEDIUM | N/A |
| PHP file inclusion vulnerability in php121db.php in PHP121 Instant Messenger 2.2 allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the php121dir parameter, which is accessed by the file_exists function. | |||||
| CVE-2007-1813 | 1 Inconnueteam | 1 Ecal | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in display.php in the eCal 2.24 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the katid parameter. | |||||
| CVE-2007-2157 | 1 Zomplog | 1 Zomplog | 2017-10-11 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in upload/force_download.php in Zomplog 3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2007-1909 | 1 Ryan Haudenschilt | 1 Battle.net Clan Script | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in Ryan Haudenschilt Battle.net Clan Script for PHP 1.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) pass parameter. | |||||
| CVE-2007-1911 | 1 Microsoft | 1 Word | 2017-10-11 | 7.1 HIGH | N/A |
| Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption) via crafted documents, as demonstrated by (1) file798-1.doc and (2) file613-1.doc, possibly related to a buffer overflow. | |||||
| CVE-2007-3077 | 1 Eqdkp | 1 Eqdkp | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in listmembers.php in EQdkp 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the rank parameter. | |||||
| CVE-2007-2156 | 1 Rezervi Generic | 1 Rezervi Generic | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Rezervi Generic 0.9 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) datumVonDatumBis.inc.php, (2) footer.inc.php, (3) header.inc.php, and (4) stylesheets.php in templates/; and (5) wochenuebersicht.inc.php, (6) monatsuebersicht.inc.php, (7) jahresuebersicht.inc.php, and (8) tagesuebersicht.inc.php in belegungsplan/. | |||||
| CVE-2007-2569 | 1 Practical Creative And Code | 1 Friendly | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Friendly 1.0d1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the friendly_path parameter to (1) core/data/yaml.inc.php, or _load.php in (2) core/data/, (3) core/display/, or (4) core/support/. | |||||
| CVE-2007-2154 | 1 Cabron Connector | 1 Cabron Connector | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in services/samples/inclusionService.php in Cabron Connector 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the CabronServiceFolder parameter. | |||||
| CVE-2007-1912 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2017-10-11 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file. | |||||
| CVE-2007-2145 | 1 Minigal | 1 Minigal | 2017-10-11 | 7.5 HIGH | N/A |
| The imagecomments function in classes.php in MiniGal b13 allows remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the input parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2431 | 1 Tecnick.com | 1 Tcexam | 2017-10-11 | 6.8 MEDIUM | N/A |
| Dynamic variable evaluation vulnerability in shared/config/tce_config.php in TCExam 4.0.011 and earlier allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks by modifying critical variables such as $_SERVER, as demonstrated by injecting web script via the _SERVER[SCRIPT_NAME] parameter. | |||||
| CVE-2007-2430 | 1 Tecnick.com | 1 Tcexam | 2017-10-11 | 7.8 HIGH | N/A |
| shared/code/tce_tmx.php in TCExam 4.0.011 and earlier allows remote attackers to create arbitrary PHP files in cache/ by placing file contents and directory traversal manipulations into a SessionUserLang cookie to public/code/index.php. | |||||
| CVE-2007-1929 | 1 Gna | 1 Beryo | 2017-10-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in downloadpic.php in Beryo 2.0, and possibly other versions including 2.4, allows remote attackers to read arbitrary files via a .. (dot dot) in the chemin parameter. | |||||
| CVE-2007-2345 | 1 Codewand | 1 Phpbrowse | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/include_stream.inc.php in CodeWand phpBrowse allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. | |||||
| CVE-2007-1930 | 1 Cattadoc | 1 Cattadoc | 2017-10-11 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in download2.php in cattaDoc 2.21, and possibly other versions including 3.0, allows remote attackers to read arbitrary files via a .. (dot dot) in the fn1 parameter. | |||||
| CVE-2007-2143 | 1 Bonoestente | 1 Joomla Template Be2004-2 | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in the Be2004-2 template for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2007-2142 | 1 Ajportal2php | 1 Ajportal2php | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in AjPortal2Php allow remote attackers to execute arbitrary PHP code via a URL in the PagePrefix parameter to (1) begin.inc.php, (2) connection.inc.php, (3) events.inc.php, (4) footer.inc.php, (5) header.inc.php, (6) menuleft.inc.php, or (7) pages.inc.php in includes/. | |||||
| CVE-2007-2890 | 1 Cpcommerce | 1 Cpcommerce | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in category.php in cpCommerce 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id_category parameter. | |||||
| CVE-2007-3159 | 1 Miniweb Http Server | 1 Miniweb Http Server | 2017-10-11 | 5.0 MEDIUM | N/A |
| http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a denial of service (application crash) via a negative value in the Content-Length HTTP header. | |||||
| CVE-2007-2570 | 1 Guilain Omont | 1 Wikivi5 | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in handlers/page/show.php in Wikivi5 allows remote attackers to execute arbitrary PHP code via a URL in the sous_rep parameter. | |||||
| CVE-2007-2607 | 1 Lavague | 1 Lavague | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in views/print/printbar.php in LaVague 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the views_path parameter. | |||||