Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2302 | 1 Expow | 1 Expow | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in autoindex.php in Expow 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_file parameter. | |||||
| CVE-2007-2304 | 1 Qdblog | 1 Qdblog | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to categories.php and other unspecified files. | |||||
| CVE-2007-2305 | 1 Qdblog | 1 Qdblog | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in authenticate.php in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | |||||
| CVE-2007-2307 | 1 Webkalk2 | 1 Webkalk2 | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in engine/engine.inc.php in WebKalk2 1.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter. | |||||
| CVE-2007-2313 | 1 Mxbb | 1 Mx Shotcast | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in getinfo1.php in the Shotcast 1.0 RC2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter. | |||||
| CVE-2007-2317 | 2 Minibb, Tosmo Mambo | 2 Minibb, Tosmo Mambo | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier, as used by TOSMO/Mambo 4.0.12 and probably other products, allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to bb_plugins.php in (1) components/minibb/ or (2) components/com_minibb, or (3) configuration.php. NOTE: the com_minibb.php vector is already covered by CVE-2006-3690. | |||||
| CVE-2007-2319 | 1 Autostand Category | 1 Autostand Category | 2017-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in the AutoStand 1.1 and earlier module for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to mod_as_category.php in (1) modules/mod_as_category/ or (2) modules/. | |||||
| CVE-2007-2320 | 1 Papoo | 1 Papoo | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in kontakt.php in Papoo 3.02 and earlier allows remote attackers to execute arbitrary SQL commands via the menuid parameter, a different vector than CVE-2005-4478. | |||||
| CVE-2007-2324 | 1 Julmajanne | 1 Julmacms | 2017-10-11 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in file.php in JulmaCMS 1.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2007-2340 | 1 Phporacleview | 1 Phporacleview | 2017-10-11 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in inc/include_all.inc.php in phporacleview allow remote attackers to execute arbitrary PHP code via a URL in the (1) page_dir or (2) inc_dir parameters. | |||||
| CVE-2007-2341 | 1 Phpbandmanager | 1 Phpbandmanager | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in suite/index.php in phpBandManager 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the pg parameter. | |||||
| CVE-2007-2342 | 1 Creascripts | 1 Creadirectory | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in error.asp in CreaScripts CreaDirectory 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-6083. | |||||
| CVE-2007-2345 | 1 Codewand | 1 Phpbrowse | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/include_stream.inc.php in CodeWand phpBrowse allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. | |||||
| CVE-2007-2346 | 1 Php-generics | 1 Php-generics | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PHP-Generics 1.0 beta allow remote attackers to execute arbitrary PHP code via a URL in the _APP_RELATIVE_PATH parameter to (1) include.php, (2) dbcommon/include.php, and (3) exception/include.php. | |||||
| CVE-2007-2347 | 2 Oneclick Cms, Sisplet Cms | 2 Oneclick Cms, Sisplet Cms | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in main/forum/komentar.php in OneClick CMS (aka Sisplet CMS) 05.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter. | |||||
| CVE-2007-2348 | 1 Alexander V. Lukyanov | 1 Lftp | 2017-10-11 | 6.8 MEDIUM | N/A |
| mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as "get" which could overwrite executable files. | |||||
| CVE-2007-2363 | 1 Irfanview | 1 Irfanview | 2017-10-11 | 8.5 HIGH | N/A |
| Buffer overflow in IrfanView 4.00 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted .IFF file. | |||||
| CVE-2007-2364 | 1 Burnstone | 1 Burncms | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in burnCMS 0.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) mysql.class.php or (2) postgres.class.php in lib/db/; or (3) authuser.php, (4) misc.php, or (5) connect.php in lib/. | |||||
| CVE-2007-2365 | 1 Adobe | 4 Golive, Illustrator, Photoshop and 1 more | 2017-10-11 | 9.3 HIGH | N/A |
| Buffer overflow in Adobe Photoshop CS2 and CS3, Photoshop Elements 5.0, Illustrator CS3, and GoLive 9 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file. | |||||
| CVE-2007-2366 | 1 Corel | 1 Paint Shop Pro | 2017-10-11 | 7.4 HIGH | N/A |
| Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file. | |||||
| CVE-2007-2368 | 1 Webspell | 1 Webspell | 2017-10-11 | 5.0 MEDIUM | N/A |
| picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to read arbitrary files via the file parameter. | |||||
| CVE-2007-2369 | 2 Php, Webspell | 2 Php, Webspell | 2017-10-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. | |||||
| CVE-2007-2370 | 1 Xoops | 1 John Mordo Jobs Module | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a jobsview action. NOTE: the module name was originally reported as Job Listings. | |||||
| CVE-2007-2371 | 1 Gregory Kokanosky | 1 Phpmynewsletter | 2017-10-11 | 10.0 HIGH | N/A |
| admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier provides access to configuration modification before login, which allows remote attackers to cause a denial of service (loss of configuration data), and possibly perform direct static code injection, via a saveGlobalconfig action. | |||||
| CVE-2007-2372 | 1 Gregory Kokanosky | 1 Phpmynewsletter | 2017-10-11 | 10.0 HIGH | N/A |
| admin/send_mod.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier prints a Location header but does not exit when administrative credentials are missing, which allows remote attackers to compose an e-mail message via a post with the subject, message, format, and list_id fields; and send the message via a direct request for the MsgId value under admin/. | |||||
| CVE-2007-2424 | 1 The Merchant Project | 1 The Merchant | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in help/index.php in The Merchant (themerchant) 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the show parameter. | |||||
| CVE-2007-2425 | 1 Blackdot | 1 Imageview | 2017-10-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in fileview.php in Imageview 5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the album parameter. | |||||
| CVE-2007-2426 | 1 Wildbits | 1 Mygallery | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in myfunctions/mygallerybrowser.php in the myGallery 1.4b4 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the myPath parameter. | |||||
| CVE-2007-2427 | 1 Pnflashgames | 1 Pnflashgames | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the pnFlashGames 1.5 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2007-2430 | 1 Tecnick.com | 1 Tcexam | 2017-10-11 | 7.8 HIGH | N/A |
| shared/code/tce_tmx.php in TCExam 4.0.011 and earlier allows remote attackers to create arbitrary PHP files in cache/ by placing file contents and directory traversal manipulations into a SessionUserLang cookie to public/code/index.php. | |||||
| CVE-2007-2431 | 1 Tecnick.com | 1 Tcexam | 2017-10-11 | 6.8 MEDIUM | N/A |
| Dynamic variable evaluation vulnerability in shared/config/tce_config.php in TCExam 4.0.011 and earlier allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks by modifying critical variables such as $_SERVER, as demonstrated by injecting web script via the _SERVER[SCRIPT_NAME] parameter. | |||||
| CVE-2007-2435 | 1 Sun | 3 Java Enterprise System, Jre, Sdk | 2017-10-11 | 10.0 HIGH | N/A |
| Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files. | |||||
| CVE-2007-2456 | 1 Firefly | 1 Firefly | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in FireFly 1.1.01 allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) localize.php or (2) config.php in modules/admin/include/. | |||||
| CVE-2007-2458 | 1 Pixaria | 1 Pixaria Gallery | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Pixaria Gallery before 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg[sys][base_path] parameter to psg.smarty.lib.php and certain include and library scripts, a different vector than CVE-2007-2457. | |||||
| CVE-2007-2485 | 1 Ruben Boelinger | 1 Myflash | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in myflash-button.php in the myflash 1.00 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter. | |||||
| CVE-2007-2486 | 1 Motobit | 1 Motobit | 2017-10-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download.asp in Motobit 1.3 and 1.5 (aka PStruh-CZ) allows remote attackers to read arbitrary files via a .. (dot dot) in the File parameter. | |||||
| CVE-2007-2493 | 1 Mxbb | 2 Mxbb Faq, Mxbb Rules | 2017-10-11 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in faq.php in the FAQ & RULES 2.0.0 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | |||||
| CVE-2007-2494 | 1 Office Ocx | 1 Powerpoint Viewer Ocx | 2017-10-11 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in the PowerPointOCX ActiveX control in PowerPointViewer.ocx 3.1.0.3 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) Save, (6) SaveWebFile, (7) HttpDownloadFile, (8) Open, or (9) OpenWebFile property value. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2495 | 1 Office Ocx | 1 Excel Viewer Ocx | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in the ExcelOCX ActiveX control in ExcelViewer.ocx 3.1.0.6 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) Save, (6) SaveWebFile, (7) HttpDownloadFile, (8) Open, or (9) OpenWebFile property value. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2497 | 1 Realnetworks | 1 Realplayer | 2017-10-11 | 7.8 HIGH | N/A |
| RealNetworks RealPlayer 10 Gold allows remote attackers to cause a denial of service (memory consumption) via a certain .ra file. NOTE: this issue was referred to as a "memory leak," but it is not clear if this is correct. | |||||
| CVE-2007-2498 | 1 Nullsoft | 1 Winamp | 2017-10-11 | 9.3 HIGH | N/A |
| libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary code via a certain .MP4 file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2507 | 1 Treble Designs | 1 1024 Cms | 2017-10-11 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in includes/download.php in Treble Designs 1024 CMS 0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the item parameter. | |||||
| CVE-2007-2521 | 1 E-gads | 1 E-gads | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in common.php in E-GADS! before 2.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the locale parameter. | |||||
| CVE-2007-2525 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 4.9 MEDIUM | N/A |
| Memory leak in the PPP over Ethernet (PPPoE) socket implementation in the Linux kernel before 2.6.21-git8 allows local users to cause a denial of service (memory consumption) by creating a socket using connect, and releasing it before the PPPIOCGCHAN ioctl is initialized. | |||||
| CVE-2007-2526 | 1 Smartcode | 1 Vnc Manager | 2017-10-11 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the ConnectAsyncEx function in VNC Viewer ActiveX control (scvncctrl.dll) in the SmartCode VNC Manager 3.6 allows remote attackers to execute arbitrary code via a long argument. | |||||
| CVE-2007-2530 | 1 Tropicalm | 1 Tropicalm Crowell Resource | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Tropicalm Crowell Resource 4.5.2 allow remote attackers to execute arbitrary PHP code via a URL in the RESPATH parameter to (1) dosearch.php or (2) printfriendly.php. | |||||
| CVE-2007-2531 | 1 Berylium | 1 Berylium2 | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in berylium-classes.php in Berylium2 2003-08-18 allows remote attackers to execute arbitrary PHP code via a URL in the beryliumroot parameter. | |||||
| CVE-2007-2540 | 1 Pmecms | 1 Pmecms | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PMECMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[pathMod] parameter to index.php in (1) mod/image/, (2) mod/liens/, (3) mod/liste/, (4) mod/special/, or (5) mod/texte/. | |||||
| CVE-2007-2541 | 1 Versado Cms | 1 Versado Cms | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/ajax_listado.php in Versado CMS 1.07 allows remote attackers to execute arbitrary PHP code via a URL in the urlModulo parameter. | |||||
| CVE-2007-2542 | 1 Workbench Survival Guide | 1 Workbench Survival Guide | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in header.php in workbench survival guide 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||