Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5904 | 1 Linux | 1 Linux Kernel | 2018-10-15 | 6.8 MEDIUM | N/A |
| Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SMB responses that trigger the overflows in the SendReceive function. | |||||
| CVE-2007-5909 | 4 Activepdf, Autonomy, Ibm and 1 more | 6 Docconverter, Keyview Export Sdk, Keyview Filter Sdk and 3 more | 2018-10-15 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, IBM Lotus Notes before 7.0.3, Symantec Mail Security, and other products, allow remote attackers to execute arbitrary code via a crafted (1) AG file to kpagrdr.dll, (2) AW file to awsr.dll, (3) DLL or (4) EXE file to exesr.dll, (5) DOC file to mwsr.dll, (6) MIF file to mifsr.dll, (7) SAM file to lasr.dll, or (8) RTF file to rtfsr.dll. NOTE: the WPD (wp6sr.dll) vector is covered by CVE-2007-5910. | |||||
| CVE-2007-5913 | 1 Jean Charles | 1 Jbc Explorer | 2018-10-15 | 6.8 MEDIUM | N/A |
| dirsys/modules/auth.php in JBC Explorer 7.20 RC1 and earlier does not require authentication, which allows remote attackers to (1) delete auth.inc.php via the suppr parameter, and (2) re-create the auth.inc.php file with contents that specify a new account name and password for JBC Explorer via the login and password parameters. | |||||
| CVE-2007-5914 | 1 Jean Charles | 1 Jbc Explorer | 2018-10-15 | 6.8 MEDIUM | N/A |
| Direct static code injection vulnerability in dirsys/modules/config/post.php in JBC Explorer 7.20 RC1 and earlier allows remote authenticated administrators to inject arbitrary PHP code via the DEBUG parameter, which can be executed by accessing config.inc.php. NOTE: this can be exploited by unauthenticated remote attackers by leveraging CVE-2007-5913. | |||||
| CVE-2007-5915 | 1 Phphelpdesk | 1 Phphelpdesk | 2018-10-15 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in phphelpdesk 0.6.16 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the whattodo parameter. | |||||
| CVE-2007-5916 | 1 Phphelpdesk | 1 Phphelpdesk | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the login page in phphelpdesk 0.6.16 allows remote attackers to execute arbitrary SQL commands via unspecified parameters related to the "login procedures." | |||||
| CVE-2007-5917 | 1 Skalinks | 1 Skalinks | 2018-10-15 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/admin_account.php in Skalinks 1.5 and earlier allows remote attackers to add arbitrary privileged accounts as administrators via the admin_name, admin_password, admin_type, and Add_admin parameters. | |||||
| CVE-2007-5918 | 1 Ms Topsites | 1 Ms Topsites | 2018-10-15 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in edit.php in the MS TopSites add-on for PHP-Nuke does not verify that the uname parameter matches the current account, which allows remote authenticated users to change arbitrary accounts or change the SiteTitleName field as an arbitrary user via a modified uname value in an edit action to modules.php. | |||||
| CVE-2007-5919 | 1 Mywebftp | 1 Mywebftp | 2018-10-15 | 5.0 MEDIUM | N/A |
| MyWebFTP, possibly 5.3.2, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain an MD5 password hash via a direct request for pass/pass.txt. | |||||
| CVE-2007-5922 | 2 Bitchx, Cypress | 2 Bitchx, Cypress | 2018-10-15 | 5.0 MEDIUM | N/A |
| The modules/mdop.m in the Cypress 1.0k script for BitchX, as downloaded from a distribution site in November 2007, contains an externally introduced backdoor that e-mails sensitive information (hostnames, usernames, and shell history) to a fixed address. | |||||
| CVE-2007-5935 | 2 Tetex, Tug | 2 Tetex, Texlive 2007 | 2018-10-15 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute arbitrary code via a DVI file with a long href tag. | |||||
| CVE-2007-5936 | 2 Tetex, Tug | 2 Tetex, Texlive 2007 | 2018-10-15 | 3.6 LOW | N/A |
| dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place. | |||||
| CVE-2007-5937 | 2 Tetex, Tug | 2 Tetex, Texlive 2007 | 2018-10-15 | 6.8 MEDIUM | N/A |
| Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2007 and earlier might allow user-assisted attackers to execute arbitrary code via a crafted DVI input file. | |||||
| CVE-2007-5943 | 1 Simple Machines | 1 Simple Machines Forum | 2018-10-15 | 5.0 MEDIUM | N/A |
| Simple Machines Forum (SMF) 1.1.4 allows remote attackers to read a message in private forums by using the advanced search module with the "show results as messages" option, then searching for possible keywords contained in that message. | |||||
| CVE-2007-5947 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-15 | 4.3 MEDIUM | N/A |
| The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI. | |||||
| CVE-2007-5958 | 1 X.org | 1 Xserver | 2018-10-15 | 5.0 MEDIUM | N/A |
| X.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists. | |||||
| CVE-2007-5959 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-15 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger memory corruption. | |||||
| CVE-2007-5690 | 1 Asterisk | 1 Zaptel | 2018-10-15 | 4.6 MEDIUM | N/A |
| ** DISPUTED ** Buffer overflow in sethdlc.c in the Asterisk Zaptel 1.4.5.1 might allow local users to gain privileges via a long device name (interface name) in the ifr_name field. NOTE: the vendor disputes this issue, stating that the application requires root access, so privilege boundaries are not crossed. | |||||
| CVE-2007-5691 | 1 Mozilla | 1 Firefox | 2018-10-15 | 4.3 MEDIUM | N/A |
| ParseFTPList.cpp in Mozilla Firefox 2.0.0.7 allows remote FTP servers to cause a denial of service (application crash) via a crafted reply to an unspecified listing command, related to "reading from invalid pointer." | |||||
| CVE-2007-5692 | 1 Sitebar | 1 Sitebar | 2018-10-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SiteBar 3.3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter to integrator.php; (2) the token parameter in a New Password action, (3) the nid_acl parameter in a Folder Properties action, or (4) the uid parameter in a Modify User action to command.php; or (5) the target parameter to index.php, different vectors than CVE-2006-3320. | |||||
| CVE-2007-5693 | 1 Sitebar | 1 Sitebar | 2018-10-15 | 6.0 MEDIUM | N/A |
| Eval injection vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492. | |||||
| CVE-2007-5694 | 1 Sitebar | 1 Sitebar | 2018-10-15 | 6.8 MEDIUM | N/A |
| Absolute path traversal vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to read arbitrary files via an absolute path in the dir parameter, a different vulnerability than CVE-2007-5491. | |||||
| CVE-2007-5695 | 1 Sitebar | 1 Sitebar | 2018-10-15 | 6.4 MEDIUM | N/A |
| Open redirect vulnerability in command.php in SiteBar 3.3.8 allows remote attackers to redirect users to arbitrary web sites via a URL in the forward parameter in a Log In action. | |||||
| CVE-2007-5696 | 1 Phpbasic | 1 Phpbasic | 2018-10-15 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes.php in phpBasic allows remote attackers to execute arbitrary PHP code via a URL in the root parameter, possibly related to the Music module. | |||||
| CVE-2007-5702 | 1 Novell | 1 Opensuse Swamp | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in swamp/action/LoginActions (aka the login box) in the Novell OpenSUSE SWAMP Workflow Administration and Management Platform 1.x allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-5703 | 1 Rsa | 1 Keon Registration Authority Web Interface | 2018-10-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) Request-spk.xuda and (2) Add-msie-request.xuda in RSA KEON Registration Authority Web Interface 1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-5704 | 1 Codewidgets | 1 Online Event Registration Template | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CodeWidgets.com Online Event Registration Template allow remote attackers to execute arbitrary SQL commands via the (1) Email Address and (2) Password fields in (a) login.asp and (b) admin_login.asp. | |||||
| CVE-2007-5706 | 1 Jeeblestechnology | 1 Jeebles Directory | 2018-10-15 | 9.3 HIGH | N/A |
| Absolute path traversal vulnerability in download.php in Jeebles Directory 2.9.60 allows remote attackers to read arbitrary files via a full pathname in the query string. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-5710 | 1 Wordpress | 1 Wordpress | 2018-10-15 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in wp-admin/edit-post-rows.php in WordPress 2.3 allows remote attackers to inject arbitrary web script or HTML via the posts_columns array parameter. | |||||
| CVE-2007-5724 | 1 Omnistar Interactive | 1 Omnistar Live | 2018-10-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Omnistar Live allow remote attackers to inject arbitrary web script or HTML via (1) the category_id parameter to users/kb.php, and possibly (3) the Email Box field in profile.php. | |||||
| CVE-2007-5725 | 1 Smart-shop | 1 Smart-shop | 2018-10-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Smart-Shop allow remote attackers to inject arbitrary web script or HTML via (1) the email parameter to index.php; or the command parameter to index.php in (2) the default action for the home page, (3) a currencies action, or (4) a basket action. | |||||
| CVE-2007-5727 | 1 Oneorzero | 1 Oneorzero Helpdesk | 2018-10-15 | 4.3 MEDIUM | N/A |
| Incomplete blacklist vulnerability in the stripScripts function in common.php in OneOrZero Helpdesk 1.6.5.4, 1.6.4.2, and possibly other versions, allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary web script or HTML via XSS sequences without SCRIPT tags in the description parameter to (1) tcreate.php or (2) tupdate.php, as demonstrated using an onmouseover event in a b tag. | |||||
| CVE-2007-5732 | 1 Elouai | 1 Force Download | 2018-10-15 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in downloadfile.php in eLouai's Force Download of media files script, as available on 20071030 and earlier, allows remote attackers to read arbitrary files via the file parameter. NOTE: this issue only occurs in environments where the system administrator has not followed the vendor recommendations that this product should only be used internally. | |||||
| CVE-2007-5733 | 1 Japanese Php Gallery Hosting | 1 Japanese Php Gallery Hosting | 2018-10-15 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in upload/upload.php in Japanese PHP Gallery Hosting, when Open directory mode is enabled, allows remote attackers to upload and execute arbitrary PHP code via a ServerPath parameter specifying a filename with a double extension. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-5734 | 1 Efileman | 1 Efileman | 2018-10-15 | 6.4 MEDIUM | N/A |
| Unrestricted file upload vulnerability in eFileMan 7.1.0.87-88 allows remote attackers to upload arbitrary files, with "uploads/upload_file." destination filenames, via unspecified vectors to upload.cgi, accessed from upload.html. | |||||
| CVE-2007-5735 | 1 Efileman | 1 Efileman | 2018-10-15 | 5.0 MEDIUM | N/A |
| eFileMan 7.1.0.87-88 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain unspecified user information via a direct request for cgi-bin/efileman/efileman_config.pm. | |||||
| CVE-2007-5736 | 1 Seeblick | 1 Seeblick | 2018-10-15 | 6.4 MEDIUM | N/A |
| Unrestricted file upload vulnerability in upload.php in SeeBlick 1.0 Beta allows remote attackers to upload arbitrary files via unspecified vectors. NOTE: these files are stored with .html extensions, so the scope of the attack might be limited to resource consumption and possibly XSS. | |||||
| CVE-2007-5737 | 1 Ghlab | 1 Korean Ghboard | 2018-10-15 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in component/upload.jsp in Korean GHBoard allows remote attackers to upload arbitrary files via unspecified vectors, probably involving a direct request. | |||||
| CVE-2007-5738 | 1 Ghlab | 1 Korean Ghboard | 2018-10-15 | 6.8 MEDIUM | N/A |
| The FlashUpload component in Korean GHBoard uses a client-side protection mechanism to prevent uploading of dangerous file extensions, which allows remote attackers to bypass restrictions and upload arbitrary files via a modified copy of component/flashupload/upload.html. | |||||
| CVE-2007-5739 | 1 Ghlab | 1 Korean Ghboard | 2018-10-15 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in component/flashupload/download.jsp in the FlashUpload component in Korean GHBoard allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter. | |||||
| CVE-2007-5740 | 1 Vergenet | 1 Perdition Mail Retrieval Proxy | 2018-10-15 | 7.5 HIGH | N/A |
| The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism. | |||||
| CVE-2007-5741 | 1 Plone | 1 Plone | 2018-10-15 | 7.5 HIGH | N/A |
| Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes. | |||||
| CVE-2007-5752 | 1 Agtc Websolutions | 1 Php-agtc Membership System | 2018-10-15 | 7.5 HIGH | N/A |
| adduser.php in PHP-AGTC Membership (AGTC-Membership) System 1.1a does not require authentication, which allows remote attackers to create accounts via a modified form, as demonstrated by an account with admin (userlevel 4) privileges. | |||||
| CVE-2007-5760 | 2 X.org, Xfree86 Project | 2 Xserver, Xfree86-misc | 2018-10-15 | 9.3 HIGH | N/A |
| Array index error in the XFree86-Misc extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via a PassMessage request containing a large array index. | |||||
| CVE-2007-5766 | 1 Oracle | 1 E-business Suite | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in okxLOV.jsp in Oracle E-Business Suite 11 and 12 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: this is probably the same issue as CVE-2007-5527 or CVE-2007-5528, but there are insufficient details to be sure. | |||||
| CVE-2007-5771 | 1 Flatnuke3 | 1 Flatnuke3 | 2018-10-15 | 7.5 HIGH | N/A |
| Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain administrative access via a myforum%00 cookie. | |||||
| CVE-2007-5772 | 1 Flatnuke3 | 1 Flatnuke3 | 2018-10-15 | 6.0 MEDIUM | N/A |
| Direct static code injection vulnerability in the download module in Flatnuke 3 allows remote authenticated administrators to inject arbitrary PHP code into a description.it.php file in a subdirectory of Download/ by saving a description and setting fneditmode to 1. NOTE: unauthenticated remote attackers can exploit this by leveraging a cookie manipulation issue. | |||||
| CVE-2007-5776 | 1 Blue-collar Productions | 1 I-gallery | 2018-10-15 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in igallery.asp in Blue-Collar Productions i-Gallery 3.4 allows remote attackers to read arbitrary files via encoded backslash sequences in the d parameter, as demonstrated by a "%5c../../%5c" sequence. | |||||
| CVE-2007-5777 | 1 Blue-collar Productions | 1 I-gallery | 2018-10-15 | 5.0 MEDIUM | N/A |
| Blue-Collar Productions i-Gallery 3.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a base64-encoded password via a direct request for igallery.mdb. | |||||
| CVE-2007-5778 | 1 Mobile-spy | 1 Mobile-spy | 2018-10-15 | 6.4 MEDIUM | N/A |
| Mobile Spy (1) stores login credentials in cleartext under the RetinaxStudios registry key, and (2) sends login credentials and log data over a cleartext HTTP connection, which allows attackers to obtain sensitive information by reading the registry or sniffing the network. | |||||