Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1556 | 1 Thecreativeheads.de | 1 Creative Files | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in kommentare.php in Creative Files 1.2 allows remote attackers to execute arbitrary SQL commands via the dlid parameter. | |||||
| CVE-2007-1560 | 1 Squid | 1 Squid | 2017-10-11 | 5.0 MEDIUM | N/A |
| The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error. | |||||
| CVE-2007-1564 | 1 Kde | 1 Konqueror | 2017-10-11 | 6.8 MEDIUM | N/A |
| The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. | |||||
| CVE-2007-1566 | 1 Netvios | 1 Netvios | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in News/page.asp in NetVIOS Portal allows remote attackers to execute arbitrary SQL commands via the NewsID parameter. NOTE: this issue might be the same as CVE-2006-5954. | |||||
| CVE-2007-1568 | 1 Daansystems | 1 Newsreactor | 2017-10-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in DaanSystems NewsReactor 20070220.21 allows remote attackers to execute arbitrary code via a yEnc (yEncode) encoded article with a long filename. | |||||
| CVE-2007-1569 | 1 Newsbin Pro | 1 Newsbin Pro | 2017-10-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in NewsBin Pro 4.32 allows remote attackers to cause a denial of service or execute arbitrary code via a yEnc (yEncode) encoded article with a long filename, as demonstrated using a .nzb file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-1577 | 1 Geblog | 1 Geblog | 2017-10-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php. | |||||
| CVE-2007-1578 | 1 Atrium Software | 1 Mercur Imapd | 2017-10-11 | 10.0 HIGH | N/A |
| Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD (mcrimap4.exe) 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument that triggers a stack-based buffer overflow. | |||||
| CVE-2007-1579 | 1 Atrium Software | 2 Mercur Imapd, Mercur Messaging 2005 | 2017-10-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command. | |||||
| CVE-2007-1580 | 1 Ftpdmin | 1 Ftpdmin | 2017-10-11 | 6.3 MEDIUM | N/A |
| FTPDMIN 0.96 allows remote attackers to cause a denial of service (daemon crash) via a LIST command for a Windows drive letter, as demonstrated using "//A:". NOTE: this has been reported as a buffer overflow by some sources, but there is not a long argument. | |||||
| CVE-2007-1584 | 1 Php | 1 Php | 2017-10-11 | 6.8 MEDIUM | N/A |
| Buffer underflow in the header function in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by passing an all-whitespace string to this function, which causes it to write '\0' characters in whitespace that precedes the string. | |||||
| CVE-2007-1592 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 4.9 MEDIUM | N/A |
| net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 inadvertently copies the ipv6_fl_socklist from a listening TCP socket to child sockets, which allows local users to cause a denial of service (OOPS) or double free by opening a listening IPv6 socket, attaching a flow label, and connecting to that socket. | |||||
| CVE-2007-1596 | 2 Joomla, Mambo | 2 Nfn Address Book, Nfn Address Book | 2017-10-11 | 9.3 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the NFN Address Book (com_nfn_addressbook) 0.4 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) components/com_nfn_addressbook/nfnaddressbook.php or (2) administrator/components/com_nfn_addressbook/nfnaddressbook.php. | |||||
| CVE-2007-1600 | 1 Digital Eye Gallery | 1 Digital Eye Gallery | 2017-10-11 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in module.php in Digital Eye Gallery 1.1 Beta (aka 0.1.1b) allows remote attackers to execute arbitrary PHP code via a URL in the menu parameter. | |||||
| CVE-2007-1618 | 1 Scriptmagix | 1 Scriptmagix Faq Builder | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ScriptMagix FAQ Builder 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2007-1619 | 1 Scriptmagix | 1 Scriptmagix Photo Rating | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewcomments.php in ScriptMagix Photo Rating 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the phid parameter. | |||||
| CVE-2007-1620 | 1 Php Db Designer | 1 Php Db Designer | 2017-10-11 | 10.0 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PHP DB Designer 1.02 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SESSION[SITE_PATH] parameter to (a) wind/help.php or (b) wind/about.php, or the (2) _SESSION[DRIVER] parameter to (c) db/session.php. | |||||
| CVE-2007-1621 | 1 Lbstone | 1 Active Php Bookmark Notes | 2017-10-11 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in templates/head.php in Active PHP Bookmark Notes (APB) 0.2.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the APB_SETTINGS[template_path] parameter. NOTE: this issue might be related to CVE-2003-1254. | |||||
| CVE-2007-1626 | 1 Php-nuke | 1 Iframe Module | 2017-10-11 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in iframe.php in the iFrame Module for PHP-NUKE allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | |||||
| CVE-2007-1629 | 1 Active Web Softwares | 1 Active Photo Gallery | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Photo Gallery allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2007-1630 | 1 Active Web Softwares | 1 Active Link Engine | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Link Engine allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2007-1633 | 1 Giorgio Ciranni | 1 Splatt Forum | 2017-10-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php. | |||||
| CVE-2007-1636 | 1 Roseonlinecms | 1 Roseonlinecms | 2017-10-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header. | |||||
| CVE-2007-1640 | 1 Classweb | 1 Classweb | 2017-10-11 | 10.0 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ClassWeb 2.03 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the BASE parameter to (1) language.php and (2) phpadmin/survey.php. | |||||
| CVE-2007-1641 | 1 Portailphp | 1 Portailphp | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PortailPHP 2.0 allows remote attackers to execute arbitrary SQL commands via the idnews parameter. | |||||
| CVE-2007-1643 | 1 Lan Management System | 1 Lan Management System | 2017-10-11 | 10.0 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in LAN Management System (LMS) 1.8.9 Vala and earlier allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG[directories][userpanel_dir] parameter to userpanel.php or the (2) _LIB_DIR parameter to welcome.php. | |||||
| CVE-2007-1644 | 1 Microsoft | 1 All Windows | 2017-10-11 | 10.0 HIGH | N/A |
| The dynamic DNS update mechanism in the DNS Server service on Microsoft Windows does not properly authenticate clients in certain deployments or configurations, which allows remote attackers to change DNS records for a web proxy server and conduct man-in-the-middle (MITM) attacks on web traffic, conduct pharming attacks by poisoning DNS records, and cause a denial of service (erroneous name resolution). | |||||
| CVE-2007-1645 | 2 Futuresoft, Microsoft | 2 Tftp Server 2000, Windows 2000 | 2017-10-11 | 10.0 HIGH | N/A |
| Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812. | |||||
| CVE-2007-1647 | 1 Moodle | 1 Moodle | 2017-10-11 | 7.8 HIGH | N/A |
| Moodle 1.5.2 and earlier stores sensitive information under the web root with insufficient access control, and provides directory listings, which allows remote attackers to obtain user names, password hashes, and other sensitive information via a direct request for session (sess_*) files in moodledata/sessions/. | |||||
| CVE-2007-1648 | 1 Dev0.de | 1 0irc | 2017-10-11 | 7.8 HIGH | N/A |
| 0irc 1345 build 20060823 allows remote attackers to cause a denial of service (application crash) by operating an IRC server that sends a long string to a client, which triggers a NULL pointer dereference. | |||||
| CVE-2007-1696 | 1 Active Web Softwares | 1 Active Newsletter | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ViewNewspapers.asp in Active Newsletter 4.3 and earlier allows remote attackers to execute arbitrary SQL commands via the NewsPaperID parameter. | |||||
| CVE-2007-1697 | 1 Philex | 1 Philex | 2017-10-11 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in header.inc.php in Philex 0.2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CssFile parameter. | |||||
| CVE-2007-1698 | 1 Philex | 1 Philex | 2017-10-11 | 5.0 MEDIUM | N/A |
| download.php in Philex 0.2.3 and earlier allows remote attackers to read arbitrary files and source code, and obtain sensitive information via the file parameter. | |||||
| CVE-2007-1699 | 2 Joomla, Mambo | 2 Swmenu Component, Swmenu Component | 2017-10-11 | 10.0 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the SWmenu (com_swmenupro and com_swmenufree) 4.0 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to ImageManager/Classes/ImageManager.php under the (1) components/ or (2) administrator/components/ directory trees. | |||||
| CVE-2007-1702 | 1 Mambo | 1 Flatmenu | 2017-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in mod_flatmenu.php in the Flatmenu 1.07 and earlier Mambo module allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2007-1703 | 1 Joomla | 1 Rwcards Component | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the RWCards (com_rwcards) 2.4.3 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | |||||
| CVE-2007-1704 | 1 Joomla | 1 Car Manager | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Car Manager (com_resman) 1.1 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-1705 | 1 Active Trade | 1 Active Trade | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in Active Trade 2 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2007-1706 | 1 Ewebquiz | 1 Ewebquiz | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in eWebQuiz.asp in eWebQuiz 8 allows remote attackers to execute arbitrary SQL commands via the QuizID parameter. | |||||
| CVE-2007-1707 | 1 Net-side.net | 1 Net Side Content Management System | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Net Side Content Management System (Net-Side.net CMS) allows remote attackers to execute arbitrary PHP code via a URL in the cms parameter. | |||||
| CVE-2007-1708 | 1 Ttcms | 1 Ttforum | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/db/ez_sql.php in ttCMS 4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lib_path parameter. | |||||
| CVE-2007-1710 | 1 Php | 1 Php | 2017-10-11 | 4.3 MEDIUM | N/A |
| The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a filename preceded a "php://../../" sequence. | |||||
| CVE-2007-1715 | 1 Free Php Scripts | 1 Free Image Hosting | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in frontpage.php in Free Image Hosting 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: the forgot_pass.php vector is already covered by CVE-2006-5670, and the login.php vector overlaps CVE-2006-5763. | |||||
| CVE-2007-1716 | 1 Redhat | 1 Enterprise Linux | 2017-10-11 | 3.4 LOW | N/A |
| pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges. | |||||
| CVE-2007-1719 | 2 Freebsd, Jason W. Bacon | 2 Freebsd, Mcweject | 2017-10-11 | 7.2 HIGH | N/A |
| Buffer overflow in eject.c in Jason W. Bacon mcweject 0.9 on FreeBSD, and possibly other versions, allows local users to execute arbitrary code via a long command line argument, possibly involving the device name. | |||||
| CVE-2007-1720 | 1 Sb-websoft | 1 Addressbook | 2017-10-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file. | |||||
| CVE-2007-1771 | 1 Ay System Solutions | 1 Web Content System | 2017-10-11 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in manage/javascript/formjavascript.php in Ay System Solutions Web Content System (WCS) 2.7.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[JavascriptEdit] parameter. | |||||
| CVE-2007-1776 | 1 Design For Joomla | 1 D4j Ezine | 2017-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in the DesignForJoomla.com D4J eZine (com_ezine) 2.8 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in a read action. | |||||
| CVE-2007-1778 | 1 Eve-nuke | 1 Eve-nuke Forum | 2017-10-11 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in db/mysql.php in the Eve-Nuke 0.1 (EN-Forums) module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-1790 | 1 Kaqoo | 1 Kaqoo Auction Software | 2017-10-11 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Kaqoo Auction Software Free Edition allow remote attackers to execute arbitrary PHP code via a URL in the install_root parameter to (1) support.inc.php, (2) function.inc.php, (3) rdal_object.inc.php, (4) rdal_editor.inc.php. (5) login.inc.php, (6) request.inc.php, and (7) categories.inc.php in include/core/; (8) save.inc.php, (9) preview.inc.php, (10) edit_item.inc.php, (11) new_item.inc.php, and (12) item_info.inc.php in include/display/item/; (13) search.inc.php, (14) item_edit.inc.php, (15) register_succsess.inc.php, (16) context_menu.inc.php, (17) item_repost.inc.php, (18) balance.inc.php, (19) featured.inc.php, (20) user.inc.php, (21) buynow.inc.php, (22) install_complete.inc.php, (23) fees_info.inc.php, (24) user_feedback.inc.php, (25) admin_balance.inc.php, (26) activate.inc.php, (27) user_info.inc.php, (28) member.inc.php, (29) add_bid.inc.php, (30) items_filter.inc.php, (31) my_info.inc.php, (32) register.inc.php, (33) leave_feedback.inc.php, and (34) user_auctions.inc.php in include/display/; and (35) design/form.inc.php, (36) processor.inc.php, (37) interfaces.inc.php (38) left_menu.inc.php, (39) login.inc.php, and (40) categories.inc.php in include/. | |||||