Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2891 | 1 Firmworx | 1 Firmworx | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in FirmWorX 0.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bank_data[root] parameter to modules/bank/includes/design/main.inc.php, or the (2) fm_data[root] parameter to (a) includes/config/master.inc.php or (b) includes/functions/master.inc.php. | |||||
| CVE-2007-2899 | 1 Navboard | 1 Navboard | 2017-10-11 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in admin_config.php in NavBoard 2.6.0 allows remote attackers to inject arbitrary PHP code into data/config.php via multiple parameters, as demonstrated via the threadperpage parameter in an editconfig action. | |||||
| CVE-2007-2900 | 1 Scallywag.org | 1 Scallywag | 2017-10-11 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Scallywag 2005-04-25 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to template.php in (1) skin/dark/, (2) skin/gold/, or (3) skin/original/. | |||||
| CVE-2007-2901 | 1 Dokeos | 1 Dokeos | 2017-10-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the img parameter to main/inc/lib/fckeditor/editor/plugins/ImageManager/editor.php and other unspecified vectors. | |||||
| CVE-2007-2902 | 1 Dokeos | 1 Dokeos | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in main/auth/my_progress.php in Dokeos 1.8.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the course parameter. | |||||
| CVE-2007-2933 | 1 Phil-a-form | 1 Phil-a-form | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Phil-a-Form (com_philaform) 1.2.0.0 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the form_id parameter. | |||||
| CVE-2007-2934 | 1 Windy Road | 1 Vistered Little | 2017-10-11 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in skins/common.css.php in Vistered Little 1.6a allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. | |||||
| CVE-2007-2935 | 1 Fundanemt | 1 Fundanemt | 2017-10-11 | 7.5 HIGH | N/A |
| core/spellcheck/spellcheck.php in Fundanemt before 2.2.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dict parameter. | |||||
| CVE-2007-2936 | 1 Frequency Clock | 1 Frequency Clock | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Frequency Clock 0.1b (Beta 0.1) allow remote attackers to execute arbitrary PHP code via a URL in the securelib parameter to (1) conf.php or (2) cp2.php. | |||||
| CVE-2007-2937 | 1 Troforum | 1 Troforum | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/admin.php in TROforum 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the site_url parameter. | |||||
| CVE-2007-2939 | 1 Mazens Php Chat | 1 Mazens Php Chat | 2017-10-11 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Mazen's PHP Chat 3.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the basepath parameter to (1) ITX.php, (2) IT_Error.php, or (3) IT.php in include/pear/. | |||||
| CVE-2007-2940 | 1 Flap | 1 Flap | 2017-10-11 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in FlaP 1.0b (1.0 Beta) allow remote attackers to execute arbitrary PHP code via a URL in the pachtofile parameter to (1) skin/html/table.php or (2) login.php. | |||||
| CVE-2007-2941 | 1 Michael Brandon | 1 Vbgsitemap | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the creator in vBulletin Google Yahoo Site Map (vBGSiteMap) 2.41 for vBulletin allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) vbgsitemap/vbgsitemap-config.php or (2) vbgsitemap/vbgsitemap-vbseo.php. | |||||
| CVE-2007-2942 | 1 My Little Homepage | 1 My Little Forum | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in user.php in My Little Forum 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-2943 | 1 Webavis | 1 Webavis | 2017-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in class/class.php in Webavis 0.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. | |||||
| CVE-2007-2946 | 1 Lead Technologies | 1 Leadtools Raster Dialog File Object | 2017-10-11 | 10.0 HIGH | N/A |
| Buffer overflow in a certain ActiveX control in LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL) 14.5.0.44 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long DestinationPath property value. | |||||
| CVE-2007-2947 | 1 David Branco | 1 Openbase | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in OpenBASE Alpha 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the root_prefix parameter to (1) index.php, (2) email_subscribe.php, (3) download.php, or (4) development.php. | |||||
| CVE-2007-2969 | 1 Wanewsletter | 1 Wanewsletter | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in newsletter.php in WAnewsletter 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the waroot parameter. | |||||
| CVE-2007-2985 | 1 Pheap | 1 Pheap | 2017-10-11 | 10.0 HIGH | N/A |
| Pheap 2.0 allows remote attackers to bypass authentication by setting a pheap_login cookie value to the administrator's username, which can be used to (1) obtain sensitive information, including the administrator password, via settings.php or (2) upload and execute arbitrary PHP code via an update_doc action in edit.php. | |||||
| CVE-2007-2986 | 1 Nexen | 1 Adminbot Mx | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/live_status.lib.php in AdminBot MX 9.0.5 allows remote attackers to execute arbitrary PHP code via a URL in the ROOT parameter. | |||||
| CVE-2007-2989 | 1 Sun | 1 Solaris | 2017-10-11 | 7.8 HIGH | N/A |
| The libike library in Sun Solaris 9 before 20070529 contains a logic error related to a certain pointer, which allows remote attackers to cause a denial of service (in.iked daemon crash) by sending certain UDP packets with a source port different from 500. NOTE: this issue might overlap CVE-2006-2298. | |||||
| CVE-2007-2990 | 1 Sun | 1 Solaris | 2017-10-11 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in inetd in Sun Solaris 10 before 20070529 allows local users to cause a denial of service (daemon termination) via unspecified manipulations of the /var/run/.inetd.uds Unix domain socket file. | |||||
| CVE-2007-3006 | 1 Acoustica | 1 Acoustica Mp3 Cd Burner | 2017-10-11 | 6.8 MEDIUM | N/A |
| Buffer overflow in Acoustica MP3 CD Burner 4.32 allows user-assisted remote attackers to execute arbitrary code via a .asx playlist file with a REF element containing a long string in the HREF attribute. NOTE: it was later claimed that 4.51 Build 147 is also affected. | |||||
| CVE-2007-3052 | 1 Postnuke Software Foundation | 1 Pnphpbb | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the PNphpBB2 1.2i and earlier module for PostNuke allows remote attackers to execute arbitrary SQL commands via the c parameter. | |||||
| CVE-2007-3057 | 1 Xoops | 1 Icontent Module | 2017-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in include/wysiwyg/spaw_control.class.php in the icontent 4.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656. | |||||
| CVE-2007-3065 | 1 Particle Soft | 1 Particle Gallery | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewimage.php in Particle Soft Particle Gallery 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the editcomment parameter, a different version and vector than CVE-2006-2862. | |||||
| CVE-2007-3069 | 1 Sun | 1 Solaris | 2017-10-11 | 4.6 MEDIUM | N/A |
| xscreensaver in Sun Solaris 10 before 20070604, when a GNOME session with Assistive Technology support is running, allows attackers with physical access to take control of the session after entering an Alt-Tab sequence. | |||||
| CVE-2007-3077 | 1 Eqdkp | 1 Eqdkp | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in listmembers.php in EQdkp 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the rank parameter. | |||||
| CVE-2007-3082 | 1 Sendcard | 1 Sendcard | 2017-10-11 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sc_language parameter. | |||||
| CVE-2007-3098 | 1 Castle Rock Computing | 1 Snmpc | 2017-10-11 | 5.0 MEDIUM | N/A |
| The SNMPc Server (crserv.exe) process in Castle Rock Computing SNMPc before 7.0.19 allows remote attackers to cause a denial of service (crash) via a crafted packet to port 165/TCP. | |||||
| CVE-2007-3099 | 1 Redhat | 1 Enterprise Linux | 2017-10-11 | 2.1 LOW | N/A |
| usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service (iscsid exit or iSCSI connection loss). | |||||
| CVE-2007-3100 | 1 Redhat | 2 Enterprise Linux, Open Iscsi | 2017-10-11 | 2.1 LOW | N/A |
| usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 uses a semaphore with insecure permissions (world-writable/world-readable) for managing log messages using shared memory, which allows local users to cause a denial of service (hang) by grabbing the semaphore. | |||||
| CVE-2007-3102 | 2 Fedora Project, Openbsd | 2 Fedora Core, Openssh | 2017-10-11 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-3104 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2017-10-11 | 4.9 MEDIUM | N/A |
| The sysfs_readdir function in the Linux kernel 2.6, as used in Red Hat Enterprise Linux (RHEL) 4.5 and other distributions, allows users to cause a denial of service (kernel OOPS) by dereferencing a null pointer to an inode in a dentry. | |||||
| CVE-2007-3105 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 4.6 MEDIUM | N/A |
| Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size, which triggers writing random numbers to the stack by the pool transfer function involving "bound check ordering". NOTE: this issue might only cross privilege boundaries in environments that have granular assignment of privileges for root. | |||||
| CVE-2007-3107 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 2.1 LOW | N/A |
| The signal handling in the Linux kernel before 2.6.22, including 2.6.2, when running on PowerPC systems using HTX, allows local users to cause a denial of service via unspecified vectors involving floating point corruption and concurrency, related to clearing of MSR bits. | |||||
| CVE-2007-3118 | 1 K-letter | 1 K-letter | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Kravchuk letter (K-letter) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the scdir parameter to (1) action.php, (2) subs.php, or (3) unsubs.php. | |||||
| CVE-2007-3119 | 1 Kartli Alisveris Sistemi | 1 Kartli Alisveris Sistemi | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.asp in Kartli Alisveris Sistemi (aka Free-PayPal-Shopping-Cart) 1.0 allows remote attackers to execute arbitrary SQL commands via the news_id parameter. | |||||
| CVE-2007-3136 | 1 Newssync | 1 Newssync | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/nuke_include.php in newsSync 1.5.0rc6 allows remote attackers to execute arbitrary PHP code via a URL in the newsSync_NUKE_PATH parameter. | |||||
| CVE-2007-3138 | 1 Open Solution | 1 Quick.cart | 2017-10-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in Open Solution Quick.Cart 2.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in an sLanguage cookie, which is used to define a value in config/general.php. | |||||
| CVE-2007-3139 | 1 Open Solution | 1 Quick.cart | 2017-10-11 | 6.8 MEDIUM | N/A |
| config/general.php in Quick.Cart 2.2 and earlier uses a default username and password, which allows remote attackers to access the application via a login action to admin.php. NOTE: this can be leveraged to upload and execute arbitrary code. | |||||
| CVE-2007-3159 | 1 Miniweb Http Server | 1 Miniweb Http Server | 2017-10-11 | 5.0 MEDIUM | N/A |
| http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a denial of service (application crash) via a negative value in the Content-Length HTTP header. | |||||
| CVE-2007-3160 | 1 Php Real Estate Classifieds | 1 Php Real Estate Classifieds | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/header.php in PHP Real Estate Classifieds Premium Plus allows remote attackers to execute arbitrary PHP code via a URL in the loc parameter. | |||||
| CVE-2007-3161 | 1 Visicom Media | 1 Ace-ftp | 2017-10-11 | 6.8 MEDIUM | N/A |
| Buffer overflow in Ace-FTP Client 1.24a allows user-assisted, remote FTP servers to execute arbitrary code via a long response. | |||||
| CVE-2007-3162 | 1 Westbyte | 1 Internet Download Accelerator | 2017-10-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in the NotSafe function in the idaiehlp ActiveX control in idaiehlp.dll 1.9.1.74 in Internet Download Accelerator (ida) 5.2 allows remote attackers to cause a denial of service (Internet Explorer crash) via a long argument. | |||||
| CVE-2007-3166 | 1 Qualcomm | 1 Eudora | 2017-10-11 | 6.8 MEDIUM | N/A |
| Buffer overflow in Qualcomm Eudora 7.1.0.9 allows user-assisted, remote IMAP servers to execute arbitrary code via a long FLAGS response to a SELECT INBOX command. | |||||
| CVE-2007-3167 | 1 Vivotek | 1 Mjpegcontrol | 2017-10-11 | 7.6 HIGH | N/A |
| Stack-based buffer overflow in the Vivotek Motion Jpeg ActiveX control (aka MjpegControl) in MjpegDecoder.dll 2.0.0.13 allows remote attackers to execute arbitrary code via a long PtzUrl property value. | |||||
| CVE-2007-3168 | 1 Edraw | 1 Office Viewer Component | 2017-10-11 | 7.8 HIGH | N/A |
| A certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to delete arbitrary files via the DeleteLocalFile method. | |||||
| CVE-2007-3169 | 1 Edraw | 1 Office Viewer Component | 2017-10-11 | 9.3 HIGH | N/A |
| Buffer overflow in a certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long first argument to the HttpDownloadFile method. | |||||
| CVE-2007-3199 | 1 American Financing | 1 Link Request Contact Form | 2017-10-11 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in Link Request Contact Form 3.4 allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension and an image content type, as demonstrated by image/jpeg. | |||||