Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2677 | 1 Phpchess | 1 Phpchess | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpChess Community Edition 2.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the config parameter to includes/language.php, or the Root_Path parameter to (2) layout_admin_cfg.php, (3) layout_cfg.php, or (4) layout_t_top.php in skins/phpchess/. NOTE: vector 1 has been disputed by CVE, since the code is defined within a function that is not called from within includes/language.php. | |||||
| CVE-2007-2683 | 1 Mutt | 1 Mutt | 2017-10-11 | 3.5 LOW | N/A |
| Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion. | |||||
| CVE-2007-2706 | 1 Geeklog | 1 Media Gallery | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in maint/ftpmedia.php in Media Gallery 1.4.8a and earlier for Geeklog allows remote attackers to execute arbitrary PHP code via a URL in the _MG_CONF[path_html] parameter. | |||||
| CVE-2007-2707 | 1 Linksnet | 1 Newsfeed | 2017-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in linksnet_linkslog_rss.php in Linksnet Newsfeed 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dirpath_linksnet_newsfeed parameter. | |||||
| CVE-2007-2708 | 1 Feindt Computerservice | 1 News-script | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in newsadmin.php in Feindt Computerservice News (News-Script) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the action parameter. | |||||
| CVE-2007-2709 | 1 Nagiosql | 1 Nagiosql 2005 | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in functions/prepend_adm.php in NagiosQL 2005 2.00 allows remote attackers to execute arbitrary PHP code via a URL in the SETS[path][physical] parameter. | |||||
| CVE-2007-2711 | 1 Tinyirc | 1 Tinyidentd | 2017-10-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in TinyIdentD 2.2 and earlier allows remote attackers to execute arbitrary code via a long string to TCP port 113. | |||||
| CVE-2007-2715 | 1 Snaps Gallery | 1 Snaps Gallery | 2017-10-11 | 10.0 HIGH | N/A |
| Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers to change arbitrary usernames and passwords via the (1) username, or the (2) password and password2 parameters in an edit action. | |||||
| CVE-2007-2717 | 1 Igeneric | 1 Ig Shop | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the type_id[] parameter, a different vector than CVE-2005-0537. | |||||
| CVE-2007-2721 | 1 Jasper Jpeg-2000 | 1 Jasper Jpeg-2000 | 2017-10-11 | 4.3 MEDIUM | N/A |
| The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert. | |||||
| CVE-2007-2722 | 1 Newzcrawler | 1 Newzcrawler | 2017-10-11 | 7.8 HIGH | N/A |
| Unspecified vulnerability in NewzCrawler 1.8 allows remote attackers to cause a denial of service (application instability) via certain invalid strings in the URL attribute of an ENCLOSURE element, as demonstrated by a "%s" sequence, a "%Y" sequence, a "%%" sequence, and an "n," sequence. | |||||
| CVE-2007-2726 | 1 Bitscast | 1 Bitscast | 2017-10-11 | 7.8 HIGH | N/A |
| BitsCast 0.13.0 allows remote attackers to cause a denial of service (application crash) via an RSS 2.0 feed item with certain invalid strings in a pubDate element, as demonstrated by repeated "../A" or "A/../" patterns. | |||||
| CVE-2007-2735 | 1 Touteresa | 1 Resmanager | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in edit_day.php in the ResManager 1.2.1 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id_reserv parameter. | |||||
| CVE-2007-2736 | 9 Achievo, Apple, Hp and 6 more | 18 Achievo, A Ux, Mac Os X and 15 more | 2017-10-11 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter. | |||||
| CVE-2007-2738 | 1 Xoops | 1 Xoops Glossaire Module | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the sid parameter in an ImprDef action. | |||||
| CVE-2007-2743 | 1 Glossword | 1 Glossword | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in custom_vars.php in GlossWord 1.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the sys[path_addon] parameter. | |||||
| CVE-2007-2749 | 1 Faqengine | 1 Faqengine | 2017-10-11 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in question.php in FAQEngine 4.16.03 and earlier allows remote attackers to execute arbitrary SQL commands via the questionref parameter in a display action. | |||||
| CVE-2007-2750 | 1 Simpnews | 1 Simpnews | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in print.php in SimpNews 2.40.01 and earlier allows remote attackers to execute arbitrary SQL commands via the newsnr parameter. | |||||
| CVE-2007-2751 | 1 Phpglossar | 1 Phpglossar | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PHPGlossar 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the format_menue parameter to (1) admin/inc/change_action.php or (2) admin/inc/add.php. | |||||
| CVE-2007-2752 | 1 Runawaysoft | 1 Haber Portal | 2017-10-11 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in devami.asp in RunawaySoft Haber portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-2753 | 1 Runawaysoft | 1 Haber Portal | 2017-10-11 | 5.0 MEDIUM | N/A |
| RunawaySoft Haber portal 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/xice.mdb. | |||||
| CVE-2007-2755 | 1 Precisionid Barcode | 1 Precisionid Barcode | 2017-10-11 | 10.0 HIGH | N/A |
| The PrecisionID Barcode 1.9 ActiveX control in PrecisionID_Barcode.dll, when Internet Explorer 6 is used, allows remote attackers to overwrite arbitrary files via a full pathname to the SaveToFile function, a different vulnerability than CVE-2007-2744. | |||||
| CVE-2007-2756 | 1 Libgd | 1 Libgd | 2017-10-11 | 4.3 MEDIUM | N/A |
| The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng. | |||||
| CVE-2007-2762 | 1 Build It Fast | 1 Build It Fast | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Build it Fast (bif3) 0.4.1 allow remote attackers to execute arbitrary PHP code via a URL in (1) the pear_dir parameter to Base/Application.php, or the (2) sys_dir parameter to (a) Footer.php, (b) widget.BifContainer.php, (c) widget.BifRoot.php, (d) widget.BifRoot2.php, (e) widget.BifRoot3.php, or (f) widget.BifWarning.php in Widgets/Base/. | |||||
| CVE-2007-2773 | 1 Zomplog | 1 Zomplog | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in plugins/mp3playlist/mp3playlist.php in Zomplog 3.8 and earlier allows remote attackers to execute arbitrary SQL commands via the speler parameter. | |||||
| CVE-2007-2774 | 1 Sunlight Cms | 1 Sunlight Cms | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SunLight CMS 5.3 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) _connect.php or (2) modules/startup.php. | |||||
| CVE-2007-2775 | 1 Alstrasoft | 1 Live Support | 2017-10-11 | 10.0 HIGH | N/A |
| AlstraSoft Live Support 1.21 sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request to admin/managesettings.php. | |||||
| CVE-2007-2776 | 1 Alstrasoft | 1 Template Seller | 2017-10-11 | 10.0 HIGH | N/A |
| AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject a credential variable setting and obtain administrative access via a direct request to admin/changeinfo.php. | |||||
| CVE-2007-2777 | 1 Alstrasoft | 1 Template Seller | 2017-10-11 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in admin/addsptemplate.php in AlstraSoft Template Seller Pro 3.25 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary .php filename in the zip parameter, which is created under sptemplates/. | |||||
| CVE-2007-2778 | 1 Molyx | 1 Molyx Board | 2017-10-11 | 7.8 HIGH | N/A |
| Multiple directory traversal vulnerabilities in MolyX BOARD 2.5.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to index.php and other unspecified PHP scripts. | |||||
| CVE-2007-2779 | 1 Libstats | 1 Libstats | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in template_csv.php in Libstats 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rInfo[content] parameter. | |||||
| CVE-2007-2787 | 1 Lead Technologies | 1 Leadtools Raster Thumbnail Object Library | 2017-10-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the BrowseDir function in the (1) lttmb14E.ocx or (2) LTRTM14e.DLL ActiveX control in LeadTools Raster Thumbnail Object Library 14.5.0.44 allows remote attackers to execute arbitrary code via a long argument. | |||||
| CVE-2007-2792 | 1 Com Yanc | 1 Com Yanc | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Yet another Newsletter Component (aka YaNC or com_yanc) component before 1.5 beta 3 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2793 | 1 Geeklog | 1 Geeklog | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in ImageImageMagick.php in Geeklog 2.x allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_system] parameter. | |||||
| CVE-2007-2803 | 1 Vizayn Urun | 1 Tanitim Sitesi | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in Vizayn Urun Tanitim Sitesi 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a haberdetay action. | |||||
| CVE-2007-2813 | 1 Cisco | 1 Ios Transmission Control Protocol | 2017-10-11 | 7.8 HIGH | N/A |
| Cisco IOS 12.4 and earlier, when using the crypto packages and SSL support is enabled, allows remote attackers to cause a denial of service via a malformed (1) ClientHello, (2) ChangeCipherSpec, or (3) Finished message during an SSL session. | |||||
| CVE-2007-2816 | 1 Ol Bookmarks | 1 Ol Bookmarks | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ol'bookmarks 0.7.4 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) test1.php, (2) blackorange.php, (3) default.php, (4) frames1.php, (5) frames1_top.php, (7) test2.php, (8) test3.php, (9) test4.php, (10) test5.php, (11) test6.php, (12) frames1_left.php, and (13) frames1_center.php in themes/. | |||||
| CVE-2007-2817 | 1 Ol Bookmarks | 1 Ol Bookmarks | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in read/index.php in ol'bookmarks 0.7.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-2822 | 1 Wavelink Media | 1 Tutorialcms | 2017-10-11 | 9.3 HIGH | N/A |
| TutorialCMS 1.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication via the (1) loggedIn and (2) activated parameters to (a) login.php, (b) headerLinks.php, (c) submit1.php, (d) myFav.php, and (e) userCP.php. | |||||
| CVE-2007-2824 | 1 Alstrasoft | 1 E-friends | 2017-10-11 | 10.0 HIGH | N/A |
| SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 and earlier allows remote attackers to execute arbitrary SQL commands via the pack parameter in a paypal action for index.php. | |||||
| CVE-2007-2826 | 1 Madirish Webmail | 1 Madirish Webmail | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/addressbook.php in Madirish Webmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter. | |||||
| CVE-2007-2851 | 1 Lead Technologies | 1 Leadtools Raster Variant Object Library | 2017-10-11 | 7.5 HIGH | N/A |
| A certain ActiveX control in LeadTools Raster Variant Object Library (LTRVR14e.dll) 14.5.0.44 allows remote attackers to overwrite arbitrary files via the WriteDataToFile method. | |||||
| CVE-2007-2853 | 1 H\+h | 2 Vcdapilibapi Activex Control, Virtual Cd | 2017-10-11 | 10.0 HIGH | N/A |
| The VCDAPILibApi ActiveX control in vc9api.DLL 9.0.0.57 in Virtual CD 9.0.0.2 allows remote attackers to execute arbitrary commands via a command line in the first argument to the VCDLaunchAndWait function. | |||||
| CVE-2007-2854 | 1 Bti-tracker | 1 Bti-tracker | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in account_change.php in BtiTracker 1.4.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) style or (2) langue parameter. | |||||
| CVE-2007-2873 | 1 Spamassassin | 1 Spamassassin | 2017-10-11 | 1.9 LOW | N/A |
| SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as root in unusual configurations using vpopmail or virtual users, allows local users to cause a denial of service (corrupt arbitrary files) via a symlink attack on a file that is used by spamd. | |||||
| CVE-2007-2878 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 4.9 MEDIUM | N/A |
| The VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run on a 64-bit system, allow local users to corrupt a kernel_dirent struct and cause a denial of service (system crash) via unknown vectors. | |||||
| CVE-2007-2884 | 1 Microsoft | 1 Visual Basic | 2017-10-11 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allow user-assisted remote attackers to cause a denial of service (CPU consumption) or execute arbitrary code via a Visual Basic Project (vbp) file with a long (1) Description or (2) Company Name (VersionCompanyName) field. | |||||
| CVE-2007-2888 | 1 Ezb Systems | 1 Ultraiso | 2017-10-11 | 7.6 HIGH | N/A |
| Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows user-assisted remote attackers to execute arbitrary code via a long FILE string (filename) in a .cue file, a related issue to CVE-2007-2761. NOTE: some details are obtained from third party information. | |||||
| CVE-2007-2889 | 1 Dokeos | 1 Open Source Learning And Knowledge Management Tool | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the scormcontopen parameter. | |||||
| CVE-2007-2890 | 1 Cpcommerce | 1 Cpcommerce | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in category.php in cpCommerce 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id_category parameter. | |||||