Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4453 | 1 Jelsoft | 1 Vbulletin | 2018-10-15 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the (1) s parameter to index.php, and the (2) q parameter to (a) faq.php, (b) member.php, (c) memberlist.php, (d) calendar.php, (e) search.php, (f) forumdisplay.php, (g) showgroups.php, (h) online.php, and (i) sendmessage.php. NOTE: these issues have been disputed by the vendor, stating "I can't reproduce a single one of these". The researcher is known to be unreliable. | |||||
| CVE-2007-4454 | 1 Olate | 1 Olatedownload | 2018-10-15 | 6.8 MEDIUM | N/A |
| Eval injection vulnerability in environment.php in Olate Download (od) 3.4.1 allows context-dependent attackers to execute arbitrary code via a crafted version string, as referenced by the (1) PDO::ATTR_SERVER_VERSION or (2) PDO::ATTR_CLIENT_VERSION attribute. | |||||
| CVE-2007-4456 | 2 Mambo, Parkview Consultants | 2 Mambo, Simplefaq | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the SimpleFAQ (com_simplefaq) 2.11 component for Mambo allows remote attackers to execute arbitrary SQL commands via the aid parameter. NOTE: it was later reported that 2.40 is also affected, and that the component can be used in Joomla! in addition to Mambo. | |||||
| CVE-2007-4457 | 1 Florian Mahieu | 1 Dalai Forum | 2018-10-15 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in forumreply.php in Dalai Forum 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the chemin parameter. | |||||
| CVE-2007-4458 | 1 Firesoft | 1 Firesoft | 2018-10-15 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/class/class_tpl.php in Firesoft allows remote attackers to execute arbitrary PHP code via a URL in the cache_file parameter. | |||||
| CVE-2007-4463 | 2 Fransois Gannier, Ghisler | 2 Fileinfo Plugin, Total Commander | 2018-10-15 | 5.0 MEDIUM | N/A |
| The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service (unhandled exception) via an invalid RVA address function pointer in (1) an IMAGE_THUNK_DATA structure, involving the (a) OriginalFirstThunk and (b) FirstThunk IMAGE_IMPORT_DESCRIPTOR fields, or (2) the AddressOfNames IMAGE_EXPORT_DIRECTORY field in a PE file. | |||||
| CVE-2007-4464 | 2 Fransois Gannier, Ghisler | 2 Fileinfo Plugin, Total Commander | 2018-10-15 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to spoof the information in the Image File Header tab via strings with CRLF sequences in the IMAGE_EXPORT_DIRECTORY array in a PE file, which could complicate forensics investigations. | |||||
| CVE-2007-4467 | 1 Oracle | 1 Jinitiator | 2018-10-15 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control (beans.ocx) 1.1.8.16 and earlier, as used by Oracle Forms applications from Oracle and third parties, allow remote attackers to execute arbitrary code via unspecified "initialization parameters." NOTE: it was later reported that 1.1.8.3 through 1.1.8.25, and probably 1.1.5.x and 1.1.7.x, are affected. | |||||
| CVE-2007-4477 | 1 Planet Technology Corp | 1 Vc-200m Vdsl2 | 2018-10-15 | 5.0 MEDIUM | N/A |
| The administration interface in the Planet VC-200M VDSL2 router allows remote attackers to cause a denial of service (administration interface outage) via an HTTP request without a Host header. | |||||
| CVE-2007-4479 | 1 Aleadsoft.com | 1 Search Engine Builder Professional | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.html in Search Engine Builder allows remote attackers to inject arbitrary web script or HTML via the searWords parameter. | |||||
| CVE-2007-4480 | 1 Wordpress | 1 Sirius | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in the Sirius 1.0 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). | |||||
| CVE-2007-4481 | 1 Wordpress | 1 Blix | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in the (1) Blix 0.9.1 and (2) Blix 0.9.1 Rus themes for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). | |||||
| CVE-2007-4482 | 1 Wordpress | 1 Pool | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in the Pool 1.0.7 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). | |||||
| CVE-2007-4483 | 1 Wordpress | 1 Wordpressclassic | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in the WordPress Classic 1.5 theme in WordPress before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). | |||||
| CVE-2007-4484 | 1 My Referer | 1 My Referer | 2018-10-15 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in login.php in My_REFERER 1.08 allows remote attackers to execute arbitrary PHP code via a URL in the value parameter. | |||||
| CVE-2007-4485 | 1 Butterfly | 1 Butterfly | 2018-10-15 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in visitor.php in Butterfly online visitors counter 1.08, when used with certain older versions of PHP with improper SERVER superglobal handling, allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter. NOTE: it could be argued that this vulnerability is caused by a problem in PHP and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Butterfly online visitors counter. | |||||
| CVE-2007-4486 | 1 Linkliste | 1 Linkliste | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in index.php in Linkliste 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) styl[top], (2) url_eintrag, or (3) styl[themen] parameter. | |||||
| CVE-2007-4487 | 1 Dscripting.com | 1 D22-shoutbox | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in D22-Shoutbox for Invision Power Board (IPB or IP.Board) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-4488 | 1 Siemens | 1 Gigaset Se361 Wlan Router | 2018-10-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Siemens Gigaset SE361 WLAN router with firmware 1.00.0 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI immediately following the filename for (1) a GIF filename, which triggers display of the GIF file in text format and an unspecified denial of service (crash); or (2) the login.tri filename, which triggers a continuous loop of the browser attempting to visit the login page. | |||||
| CVE-2007-4491 | 1 Gurur Haber | 1 Gurur Haber | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in uyeler2.php in Gurur haber 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-4508 | 2 Rebellion, Rival Interactive | 2 Rogue Trooper, Prism | 2018-10-15 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in Rebellion Asura engine, as used for the server in Rogue Trooper 1.0 and earlier and Prism 1.1.1.0 and earlier, allows remote attackers to execute arbitrary code via a long string in a 0xf007 packet for the challenge B query. | |||||
| CVE-2007-4511 | 1 Sun | 1 Java System Application Server | 2018-10-15 | 5.0 MEDIUM | N/A |
| The Sun Admin Console in Sun Application Server 9.0_0.1 does not apply certain configuration changes persistently, which causes the (1) SSL and (2) SSL_MutualAuth ORB listener services to enable all protocols and ciphers after the services are restarted, possibly allowing remote attackers to bypass intended policy. | |||||
| CVE-2007-4512 | 1 Sophos | 1 Anti-virus | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Windows 6.x before 6.5.8 and 7.x before 7.0.1 allows remote attackers to inject arbitrary web script or HTML via an archive with a file that matches a virus signature and has a crafted filename that is not properly handled by the print function in SavMain.exe. | |||||
| CVE-2007-4517 | 1 Oracle | 1 Database Server | 2018-10-15 | 6.0 MEDIUM | N/A |
| Buffer overflow in the XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedure in Oracle 10g R2 allows remote authenticated users to execute arbitrary code via a long (1) OWNER or (2) NAME argument. | |||||
| CVE-2007-4521 | 1 Asterisk | 1 Asterisk | 2018-10-15 | 5.0 MEDIUM | N/A |
| Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an IMAP voicemail storage backend, allows remote attackers to cause a denial of service via an e-mail with an "invalid/corrupted" MIME body, which triggers a crash when the recipient listens to voicemail. | |||||
| CVE-2007-4522 | 1 Ripe Website Manager | 1 Ripe Website Manager | 2018-10-15 | 6.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via one or more of the following vectors: the (1) id parameter to (a) pages/delete_page.php, (b) navigation/delete_menu.php, and (c) navigation/delete_item.php in admin/; the (2) menu_id, (3) name, (3) page_id, and (4) url parameters in (d) admin/navigation/do_new_item.php; the (5) new_menuname parameter in (e) admin/navigation/do_new_nav.php; and (6) area1, name, and url parameters to (f) admin/pages/do_new_page.php. NOTE: some vectors might be reachable through the url and name parameters to (g) admin/navigation/new_nav_item.php. NOTE: the original disclosure does not precisely state which vectors are associated with SQL injection versus XSS. | |||||
| CVE-2007-4523 | 1 Ripe Website Manager | 1 Ripe Website Manager | 2018-10-15 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote authenticated users to inject arbitrary web script or HTML via one or more of the following vectors: the (1) id parameter to (a) pages/delete_page.php, (b) navigation/delete_menu.php, and (c) navigation/delete_item.php in admin/; the (2) menu_id, (3) name, (3) page_id, and (4) url parameters in (d) admin/navigation/do_new_item.php; the (5) new_menuname parameter in (e) admin/navigation/do_new_nav.php; and (6) area1, name, and url parameters to (f) admin/pages/do_new_page.php, probably involving the Title or textarea field as reachable through admin/pages/new_page.php. NOTE: the original disclosure does not precisely state which vectors are associated with SQL injection versus XSS. | |||||
| CVE-2007-4524 | 1 Phpress | 1 Phpress | 2018-10-15 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in adisplay.php in PhPress 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter. | |||||
| CVE-2007-4525 | 1 Spip | 1 Spip | 2018-10-15 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelette_cache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by third party researchers, stating that the squelette_cache variable is initialized before use, and is only used within the scope of a function. | |||||
| CVE-2007-4529 | 1 Teamspeak | 1 Web Server | 2018-10-15 | 8.5 HIGH | N/A |
| The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote authenticated users with the ServerAdmin flag to assign Registered users certain privileges, resulting in a privilege set that extends beyond that ServerAdmin's own servers, as demonstrated by the (1) AdminAddServer, (2) AdminDeleteServer, (3) AdminStartServer, and (4) AdminStopServer privileges; and administration of arbitrary virtual servers via a request to a .tscmd URI with a modified serverid parameter, as demonstrated by (a) add_server.tscmd, (b) ask_delete_server.tscmd, (c) start_server.tscmd, and (d) stop_server.tscmd. | |||||
| CVE-2007-4530 | 1 Teamspeak | 1 Web Server | 2018-10-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TeamSpeak Server 2.0.20.1 allow remote attackers to inject arbitrary web script or HTML via (1) the error_text parameter to error_box.html or (2) the ok_title parameter to ok_box.html. | |||||
| CVE-2007-4531 | 1 Michal Marcinkowski | 2 Soldat Dedicated Server, Soldat Game Server | 2018-10-15 | 5.0 MEDIUM | N/A |
| Soldat game server 1.4.2 and earlier, and dedicated server 2.6.2 and earlier, allows remote attackers to cause a client denial of service (crash) via (1) a long string to the file transfer port or (2) a long chat message, or (3) a server denial of service (continuous beep and slowdown) via a string containing many 0x07 or other control characters to the file transfer port. | |||||
| CVE-2007-4532 | 1 Michal Marcinkowski | 2 Soldat Dedicated Server, Soldat Game Server | 2018-10-15 | 7.8 HIGH | N/A |
| Soldat game server 1.4.2 and earlier, and dedicated server 2.6.2 and earlier, allows remote attackers to cause a denial of service (client lockout) via a series of UDP join packets from a spoofed IP address, which triggers temporary blacklisting of this IP address. | |||||
| CVE-2007-4537 | 1 Skulltag Team | 1 Skulltag | 2018-10-15 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the Huffman decompression algorithm implemented in Skulltag 0.97d-beta4.1 and earlier allows remote attackers to execute arbitrary code via a crafted UDP packet. | |||||
| CVE-2007-4538 | 1 Mozilla | 1 Bugzilla | 2018-10-15 | 5.0 MEDIUM | N/A |
| email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers to execute arbitrary commands via the -f (From address) option to the Email::Send::Sendmail function, probably involving shell metacharacters. | |||||
| CVE-2007-4539 | 1 Mozilla | 1 Bugzilla | 2018-10-15 | 5.0 MEDIUM | N/A |
| The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote attackers to obtain sensitive information via certain XML-RPC requests, as demonstrated by the (1) Deadline and (2) Estimated Time fields. | |||||
| CVE-2007-4540 | 1 Olate | 1 Olatedownload | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in download.php in Olate Download (od) 3.4.2 allow remote attackers to execute arbitrary SQL commands via the (1) HTTP_REFERER or (2) HTTP_USER_AGENT HTTP header. | |||||
| CVE-2007-4226 | 1 Bluecat Networks | 1 Adonis | 2018-10-15 | 7.1 HIGH | N/A |
| Directory traversal vulnerability in the BlueCat Networks Proteus IPAM appliance 2.0.2.0 (Adonis DNS/DHCP appliance 5.0.2.8) allows remote authenticated administrators, with certain TFTP privileges, to create and overwrite arbitrary files via a .. (dot dot) in a pathname. NOTE: this can be leveraged for administrative access by overwriting /etc/shadow. | |||||
| CVE-2007-4229 | 1 Kde | 1 Konqueror | 2018-10-15 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows remote attackers to cause a denial of service (failed assertion and application crash) via certain malformed HTML, as demonstrated by a document containing TEXTAREA, BUTTON, BR, BDO, PRE, FRAMESET, and A tags. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-4230 | 1 Jems Scripts | 1 Bellabiblio | 2018-10-15 | 7.5 HIGH | N/A |
| ** DISPUTED ** BellaBiblio allows remote attackers to gain administrative privileges via a bellabiblio cookie with the value "administrator." NOTE: this issue is disputed by CVE and multiple third parties because the cookie value must be an MD5 hash. | |||||
| CVE-2007-4235 | 1 Vietphp | 1 Vietphp | 2018-10-15 | 9.3 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in VietPHP allow remote attackers to execute arbitrary PHP code via a URL in (1) the dirpath parameter to (a) _functions.php, or (2) the language parameter to (b) admin/index.php or (c) index.php. | |||||
| CVE-2007-4239 | 1 C-sam | 1 Onewallet | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in user/forgotPassStep2.jsp in the admin interface in C-SAM oneWallet 210_07062007;1.0 allows remote attackers to inject arbitrary web script or HTML via the loginID parameter. | |||||
| CVE-2007-4242 | 1 Astaro | 1 Security Gateway | 2018-10-15 | 5.0 MEDIUM | N/A |
| The pop3 Proxy in Astaro Security Gateway (ASG) 7 does not perform virus scanning of attachments that exceed the maximum attachment size, and passes these attachments, which allows remote attackers to bypass this scanning via a large attachment. | |||||
| CVE-2007-4243 | 1 Astaro | 1 Security Gateway | 2018-10-15 | 7.8 HIGH | N/A |
| Unspecified vulnerability in pfilter-reporter.pl in Astaro Security Gateway (ASG) 7 allows remote attackers to cause a denial of service (CPU consumption) via certain network traffic, as demonstrated by P2P and iTunes applications that download large amounts of data. | |||||
| CVE-2007-4244 | 1 Joomla | 1 J Reactions | 2018-10-15 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in langset.php in J! Reactions (com_jreactions) 1.8.1 and earlier, a Joomla! component, allows remote attackers to execute arbitrary PHP code via a URL in the comPath parameter. | |||||
| CVE-2007-4245 | 1 Dimema | 1 Contentdm | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Search.php in DiMeMa CONTENTdm (CDM) allows remote attackers to inject arbitrary web script or HTML via a search, probably related to the CISOBOX1 parameter to results.php in CDM 4.2. | |||||
| CVE-2007-4247 | 1 Microsoft | 1 Windows Vista | 2018-10-15 | 4.3 MEDIUM | N/A |
| Windows Calendar on Microsoft Windows Vista allows remote attackers to cause a denial of service (NULL dereference and persistent application crash) via a malformed ICS file. | |||||
| CVE-2007-4248 | 1 Toolbar Gaming | 1 Toolbar Gaming | 2018-10-15 | 4.3 MEDIUM | N/A |
| The CallCmd function in toolbar_gaming.dll in the Toolbar Gaming toolbar for Internet Explorer allows remote attackers to cause a denial of service (NULL dereference and browser crash) via unspecified vectors. | |||||
| CVE-2007-4249 | 1 Exportnation | 1 Exportnation Toolbar | 2018-10-15 | 4.3 MEDIUM | N/A |
| The isChecked function in Toolbar.DLL in the ExportNation toolbar for Internet Explorer allows remote attackers to cause a denial of service (NULL dereference and browser crash) via unspecified vectors. | |||||
| CVE-2007-4250 | 1 Advanced Searchbar | 1 Advanced Searchbar | 2018-10-15 | 5.0 MEDIUM | N/A |
| The isChecked function in Toolbar.DLL in Advanced Searchbar before 3.33 allows remote attackers to cause a denial of service (NULL dereference and browser crash) via unspecified vectors. | |||||