Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2497 | 1 Realnetworks | 1 Realplayer | 2017-10-11 | 7.8 HIGH | N/A |
| RealNetworks RealPlayer 10 Gold allows remote attackers to cause a denial of service (memory consumption) via a certain .ra file. NOTE: this issue was referred to as a "memory leak," but it is not clear if this is correct. | |||||
| CVE-2007-2738 | 1 Xoops | 1 Xoops Glossaire Module | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the sid parameter in an ImprDef action. | |||||
| CVE-2007-2599 | 1 Wavelink Media | 1 Tutorialcms | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or (3) the search parameter to search.php. | |||||
| CVE-2007-2600 | 1 Wavelink Media | 1 Tutorialcms | 2017-10-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or the (3) search parameter to search.php. | |||||
| CVE-2007-2004 | 1 Inoutmailinglistmanager | 1 Inoutmailinglistmanager | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in InoutMailingListManager 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to changename.php and other unspecified vectors. | |||||
| CVE-2007-2002 | 1 Inoutmailinglistmanager | 1 Inoutmailinglistmanager | 2017-10-11 | 6.8 MEDIUM | N/A |
| InoutMailingListManager 3.1 and earlier allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by setting an arbitrary admin cookie. | |||||
| CVE-2007-2001 | 1 Crea-book | 1 Crea-book | 2017-10-11 | 6.5 MEDIUM | N/A |
| Multiple direct static code injection vulnerabilities in admin/configurer2.php in Crea-Book 1.0 and earlier allow remote authenticated administrators to execute arbitrary PHP code via the "Fond de la page" (background color) field and other unspecified fields, which injects into config.inc.php3. | |||||
| CVE-2007-1999 | 1 Nazarkin.name | 1 Weatimages | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Weatimages 1.7.1 and earlier, when weatimages.ini is missing, allows remote attackers to execute arbitrary PHP code via a URL in the ini[langpack] parameter. | |||||
| CVE-2007-1856 | 2 Gentoo, Paul Vixie | 2 Linux, Vixie Cron | 2017-10-11 | 2.1 LOW | N/A |
| Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure permissions, which allows local users to cause a denial of service (cron failure) by creating hard links, which results in a failed st_nlink check in database.c. | |||||
| CVE-2007-1998 | 1 Hiox India | 1 Guest Book | 2017-10-11 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in HIOX Guest Book (HGB) 4.0 allows remote attackers to inject arbitrary PHP code via the Email field, which results in code execution through a direct request to gb.php. | |||||
| CVE-2007-2601 | 1 Divx City | 1 Gdivx Zenith Player | 2017-10-11 | 9.3 HIGH | N/A |
| Buffer overflow in a certain ActiveX control in the GDivX Zenith Player AviFixer class in fix.dll 1.0.0.1 allows remote attackers to execute arbitrary code via a long SetInputFile property value. | |||||
| CVE-2007-1994 | 1 Hp | 1 Hp-ux | 2017-10-11 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.00 allows local users to cause a denial of service via unknown vectors. NOTE: due to lack of vendor details, it is not clear whether this is the same as CVE-2007-0916. | |||||
| CVE-2007-1992 | 1 Mamboxchange | 1 Com Zoom | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the com_zoom 2.5 beta 2 and earlier module for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) EXIF_Makernote.php or (2) EXIF.php in classes/iptc/. | |||||
| CVE-2007-2658 | 1 Id Automation | 1 Linear Barcode | 2017-10-11 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the ID Automation Linear Barcode 1.6.0.5 ActiveX control in IDAutomationLinear6.dll allows remote attackers to cause a denial of service via a long argument to the SaveEnhWMF method. | |||||
| CVE-2007-2608 | 1 Miplex2 | 1 Miplex2 | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/smarty/SmartyFU.class.php in Miplex2 Alpha 1 allows remote attackers to execute arbitrary PHP code via a URL in the system[smarty][dir] parameter. | |||||
| CVE-2007-2611 | 1 Cgx | 1 Cgx | 2017-10-11 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in CGX 20050314 allow remote attackers to execute arbitrary PHP code via a URL in the pathCGX parameter to (1) mtdialogo.php, (2) ltdialogo.php, (3) login.php, and (4) logingecon.php in inc/; and multiple unspecified files in frm/, sql/, and cns/. | |||||
| CVE-2007-1934 | 1 Php-nuke | 1 Eboard Module | 2017-10-11 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in member.php in the eBoard 1.0.7 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[name] parameter. | |||||
| CVE-2007-2749 | 1 Faqengine | 1 Faqengine | 2017-10-11 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in question.php in FAQEngine 4.16.03 and earlier allows remote attackers to execute arbitrary SQL commands via the questionref parameter in a display action. | |||||
| CVE-2007-1935 | 1 Scar4u.de | 1 Scaradcontroller | 2017-10-11 | 6.8 MEDIUM | N/A |
| PHP file inclusion vulnerability in admin/index.php in ScarAdControl (ScarAdController) 1.1 allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the site parameter, which is accessed by the file_exists function. | |||||
| CVE-2007-1986 | 1 Barnraiser | 1 Aroundme | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in barnraiser AROUNDMe 0.7.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_path_core parameter to inc/core_profile.header.php, the (2) template_path_core parameter to template/barnraiser_01/maint_contact_view.tpl.php, and the (3) template_path parameter to template/barnraiser_01/default.tpl.php. NOTE: this issue might overlap CVE-2006-5533. | |||||
| CVE-2007-1936 | 1 Scar4u.de | 1 Scaradcontroller | 2017-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in scaradcontrol.php in ScarAdControl (ScarAdController) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the sac_config_dir parameter. | |||||
| CVE-2007-1983 | 1 Cyboards | 1 Cyboards Php Lite | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/default_header.php in Cyboards PHP Lite 1.21 allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter, a different vector than CVE-2006-2871. | |||||
| CVE-2007-1982 | 1 Really Simple Php And Ajax | 1 Really Simple Php And Ajax | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Really Simple PHP and Ajax (RSPA) 2007-03-23 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) __IncludeFilePHPClass, (2) __ClassPath, and (3) __class parameters to (a) rspa/framework/Controller_v5.php, and (b) rspa/framework/Controller_v4.php. | |||||
| CVE-2007-2824 | 1 Alstrasoft | 1 E-friends | 2017-10-11 | 10.0 HIGH | N/A |
| SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 and earlier allows remote attackers to execute arbitrary SQL commands via the pack parameter in a paypal action for index.php. | |||||
| CVE-2007-2615 | 1 Crie Sue | 1 Phplojafacil | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Crie seu PHPLojaFacil 0.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the path_local parameter to (1) ftp.php, (2) libs/db.php, and (3) libs/ftp.php. | |||||
| CVE-2007-3461 | 1 Elkagroup | 1 Image Gallery | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in property.php in elkagroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter. | |||||
| CVE-2007-3460 | 1 Eva-web | 1 Eva-web | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in index.php3 in EVA-Web 1.1 through 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) aide or (2) perso parameter. | |||||
| CVE-2007-2778 | 1 Molyx | 1 Molyx Board | 2017-10-11 | 7.8 HIGH | N/A |
| Multiple directory traversal vulnerabilities in MolyX BOARD 2.5.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to index.php and other unspecified PHP scripts. | |||||
| CVE-2007-3452 | 1 Edocstore | 1 Edocstore | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in essentials/minutes/doc.php in eDocStore allows remote attackers to execute arbitrary SQL commands via the doc_id parameter in an inline action. | |||||
| CVE-2007-1980 | 1 Nick Jones | 1 Topliste Module | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Topliste 1.0 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2007-1961 | 1 Phpbb | 1 Mutant | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in mutant_functions.php in the Mutant 0.9.2 portal for phpBB 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-1979 | 1 Xoops | 1 Xoops Popnupblog | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the get_blogid_from_postid function in class/PopnupBlogUtils.php. NOTE: later versions such as 3.03 and 3.05 might also be affected. | |||||
| CVE-2007-1978 | 1 Php Fusion | 1 Arcade Module | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Arcade 1.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view_game_list action. | |||||
| CVE-2007-1976 | 1 Xoops | 1 Xoops Virii Info Module | 2017-10-11 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in the Virii Info 1.10 and earlier module for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. NOTE: the issue has been disputed by a reliable third party, stating that the application's checkSuperglobals function defends against the attack. | |||||
| CVE-2007-2003 | 1 Inoutmailinglistmanager | 1 Inoutmailinglistmanager | 2017-10-11 | 6.8 MEDIUM | N/A |
| InoutMailingListManager 3.1 and earlier sends a Location redirect header but does not exit after an authorization check fails, which allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by ignoring the redirect. | |||||
| CVE-2007-3451 | 1 Gorani Network | 1 6alblog | 2017-10-11 | 6.5 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin/index.php in 6ALBlog allows remote authenticated administrators to execute arbitrary PHP code via a URL in the pg parameter. | |||||
| CVE-2007-3449 | 1 Gorani Network | 1 6alblog | 2017-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the newsid parameter. | |||||
| CVE-2007-2498 | 1 Nullsoft | 1 Winamp | 2017-10-11 | 9.3 HIGH | N/A |
| libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary code via a certain .MP4 file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2736 | 9 Achievo, Apple, Hp and 6 more | 18 Achievo, A Ux, Mac Os X and 15 more | 2017-10-11 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter. | |||||
| CVE-2007-2942 | 1 My Little Homepage | 1 My Little Forum | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in user.php in My Little Forum 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-2735 | 1 Touteresa | 1 Resmanager | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in edit_day.php in the ResManager 1.2.1 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id_reserv parameter. | |||||
| CVE-2007-2726 | 1 Bitscast | 1 Bitscast | 2017-10-11 | 7.8 HIGH | N/A |
| BitsCast 0.13.0 allows remote attackers to cause a denial of service (application crash) via an RSS 2.0 feed item with certain invalid strings in a pubDate element, as demonstrated by repeated "../A" or "A/../" patterns. | |||||
| CVE-2007-3446 | 1 Bugmall | 1 Shopping Cart | 2017-10-11 | 7.5 HIGH | N/A |
| BugMall Shopping Cart 2.5 and earlier has a default username "demo" and password "demo," which allows remote attackers to obtain login access. | |||||
| CVE-2007-2817 | 1 Ol Bookmarks | 1 Ol Bookmarks | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in read/index.php in ol'bookmarks 0.7.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-2298 | 1 Gforge | 1 Garennes | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Garennes 0.6.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertoire_config parameter to index.php in (1) cpe/, (2) direction/, or (3) professeurs/. | |||||
| CVE-2007-2851 | 1 Lead Technologies | 1 Leadtools Raster Variant Object Library | 2017-10-11 | 7.5 HIGH | N/A |
| A certain ActiveX control in LeadTools Raster Variant Object Library (LTRVR14e.dll) 14.5.0.44 allows remote attackers to overwrite arbitrary files via the WriteDataToFile method. | |||||
| CVE-2007-2722 | 1 Newzcrawler | 1 Newzcrawler | 2017-10-11 | 7.8 HIGH | N/A |
| Unspecified vulnerability in NewzCrawler 1.8 allows remote attackers to cause a denial of service (application instability) via certain invalid strings in the URL attribute of an ENCLOSURE element, as demonstrated by a "%s" sequence, a "%Y" sequence, a "%%" sequence, and an "n," sequence. | |||||
| CVE-2007-2715 | 1 Snaps Gallery | 1 Snaps Gallery | 2017-10-11 | 10.0 HIGH | N/A |
| Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers to change arbitrary usernames and passwords via the (1) username, or the (2) password and password2 parameters in an edit action. | |||||
| CVE-2007-2969 | 1 Wanewsletter | 1 Wanewsletter | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in newsletter.php in WAnewsletter 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the waroot parameter. | |||||
| CVE-2007-2617 | 1 Sun | 2 Net Connect Software, Solaris | 2017-10-11 | 2.1 LOW | N/A |
| srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options. | |||||