Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1619 | 1 Xensource Inc | 1 Xen | 2017-09-29 | 4.3 MEDIUM | N/A |
| The ssm_i emulation in Xen 5.1 on IA64 architectures allows attackers to cause a denial of service (dom0 panic) via certain traffic, as demonstrated using an FTP stress test tool. | |||||
| CVE-2008-1623 | 1 Lotus Web Studios Inc | 1 Smoothflash | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin_view_image.php in Smoothflash allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2008-1624 | 1 Whorl Ltd | 1 Jshop Server | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in v2demo/page.php in Jshop Server 1.x through 2.x allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xPage parameter. | |||||
| CVE-2008-1635 | 1 Raven Php Scripts | 1 Keep It Simple Guest Book | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in view_private.php in Keep It Simple Guest Book (KISGB) 5.0.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tmp_theme parameter. NOTE: 5.1.1 is also reportedly affected. | |||||
| CVE-2008-1639 | 1 Neat Web | 1 Neat-web | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Neat weblog 0.2 allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a show action, probably related to the showArticle function in lib/lib_article.include.php. | |||||
| CVE-2008-1640 | 1 Jgs-xa | 1 Jgs Treffen | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in jgs_treffen.php in the JGS-XA JGS-Treffen 2.0.2 and earlier addon for Woltlab Burning Board (wBB) allows remote attackers to execute arbitrary SQL commands via the view_id parameter in an ansicht action. | |||||
| CVE-2007-3469 | 1 Sun | 1 Solaris | 2017-09-29 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the TCP Loopback/Fusion implementation in Sun Solaris 10 allows local users to cause a denial of service (resource exhaustion and service hang) via unspecified vectors. | |||||
| CVE-2007-3470 | 1 Sun | 1 Solaris | 2017-09-29 | 7.8 HIGH | N/A |
| Multiple unspecified vulnerabilities in the KSSL kernel module in Sun Solaris 10, when configured with the KSSL proxy, allow remote attackers to cause a denial of service (kernel panic) via unspecified vectors related to "memory buffers" of Secure Socket Layer (SSL) records. | |||||
| CVE-2007-3471 | 1 Sun | 1 Solaris | 2017-09-29 | 7.2 HIGH | N/A |
| Buffer overflow in the dtsession Common Desktop Environment (CDE) Session Manager in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-3488 | 1 Sony | 1 Sony Network Camera Snc-p5 | 2017-09-29 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the viewer ActiveX control in Sony Network Camera SNC-RZ25N before 1.30; SNC-P1 and SNC-P5 before 1.29; SNC-CS10 and SNC-CS11 before 1.06; SNC-DF40N and SNC-DF70N before 1.18; SNC-RZ50N and SNC-CS50N before 2.22; SNC-DF85N, SNC-DF80N, and SNC-DF50N before 1.12; and SNC-RX570N/W, SNC-RX570N/B, SNC-RX550N/W, SNC-RX550N/B, SNC-RX530N/W, and SNC-RX530N/B 3.00 and 2.x before 2.31; allows remote attackers to execute arbitrary code via a long first argument to the PrmSetNetworkParam method. | |||||
| CVE-2007-3490 | 1 Microsoft | 1 Excel | 2017-09-29 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls. | |||||
| CVE-2007-3513 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 4.9 MEDIUM | N/A |
| The lcd_write function in drivers/usb/misc/usblcd.c in the Linux kernel before 2.6.22-rc7 does not limit the amount of memory used by a caller, which allows local users to cause a denial of service (memory consumption). | |||||
| CVE-2007-3515 | 1 Sweetphp | 1 Totalcalendar | 2017-09-29 | 10.0 HIGH | N/A |
| SQL injection vulnerability in view_event.php in TotalCalendar 2.402 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-3518 | 1 Hispah | 1 Youtube Clone Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in msg.php in HispaH YouTube Clone Script (youtubeclone) allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-3519 | 1 Wesmo | 1 Phpeventcalendar | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in eventdisplay.php in phpEventCalendar 0.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-3520 | 1 Easybe | 1 1-2-3 Music Store | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in process.php in Easybe 1-2-3 Music Store allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter. | |||||
| CVE-2007-3521 | 1 Arcadebuilder | 1 Game Portal Manager | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ArcadeBuilder Game Portal Manager 1.7 allows remote attackers to execute arbitrary SQL commands via a usercookie cookie. | |||||
| CVE-2007-3522 | 1 Sphpell | 1 Sphpell | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in sPHPell 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the SpellIncPath parameter to (1) spellcheckpageinc.php, (2) spellchecktext.php, (3) spellcheckwindow.php, or (4) spellcheckwindowframeset.php. | |||||
| CVE-2007-3523 | 1 Groupeclan.free.fr | 1 Xcms | 2017-09-29 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Module/Galerie.php in XCMS 1.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) Ent or (2) Lang parameter. | |||||
| CVE-2007-3524 | 1 Ripe Website Manager | 1 Ripe Website Manager | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the level parameter to (1) admin/includes/author_panel_header.php or (2) admin/includes/admin_header.php. | |||||
| CVE-2007-3526 | 1 Vastal I-tech | 1 Buddy Zone | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the news_id parameter to view_news.php, (2) the cat_id parameter to view_events.php, or (3) the member_id parameter to video_gallery.php. | |||||
| CVE-2007-3534 | 1 Daniel Toma | 1 Webchat | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in WebChat 0.78 allows remote attackers to execute arbitrary SQL commands via the rid parameter. | |||||
| CVE-2007-3535 | 1 Frank Karau | 1 Gl-sh Deaf Forum | 2017-09-29 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) FORUM_LANGUAGE parameter to functions.php or the (2) style parameter to bottom.php. | |||||
| CVE-2007-3536 | 1 Amx | 1 Netlinx Vnc Activex Control | 2017-09-29 | 7.6 HIGH | N/A |
| Multiple buffer overflows in the AMX NetLinx VNC (AmxVnc) ActiveX control in AmxVnc.dll 1.0.13.0 allow remote attackers to execute arbitrary code via long (1) Host, (2) Password, or (3) LogFile property values. | |||||
| CVE-2007-3539 | 1 Qt-cute | 2 Quicktalk Forum, Quickticket | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in QuickTicket 1.2 build:20070621 and QuickTalk Forum 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) t and (2) f parameters in (a) qti_ind_post.php and (b) qti_ind_post_prt.php; (3) dir and (4) order parameters in qti_ind_member.php; (5) id parameter in qti_usr.php; and the (6) f parameter in qti_ind_topic.php. NOTE: it was later reported that vector 5 also affects 1.4, 1.5, and 1.5.0.3. | |||||
| CVE-2007-3542 | 1 Pluxml | 1 Pluxml | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
| CVE-2007-3547 | 1 Qt-cute | 1 Quickticket | 2017-09-29 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in qti_checkname.php in QuickTicket 1.2 allows remote attackers to include and execute arbitrary local files a .. (dot dot) in the lang parameter. | |||||
| CVE-2007-3548 | 1 W3filer | 1 W3filer | 2017-09-29 | 7.1 HIGH | N/A |
| Stack-based buffer overflow in W3Filer 2.1.3 allows remote FTP servers to cause a denial of service (application hang or crash) and possibly execute arbitrary code by sending a large banner to a client that is sending a file. | |||||
| CVE-2007-3549 | 1 Vastal I-tech | 1 Buddy Zone | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2007-3582 | 1 Inforest Communications | 1 Supercali | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in SuperCali PHP Event Calendar 0.4.0 allows remote attackers to execute arbitrary SQL commands via the o parameter. | |||||
| CVE-2007-3583 | 1 Girlserv | 1 Girlserv Ads | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in details_news.php in Girlserv ads 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the idnew parameter. | |||||
| CVE-2007-3584 | 1 Postnuke Software Foundation | 1 Pnphpbb2 | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i and earlier for Postnuke allows remote attackers to execute arbitrary SQL commands via the order parameter. | |||||
| CVE-2007-3585 | 1 Mycms | 1 Mycms | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in games.php in MyCMS 0.9.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the id parameter. | |||||
| CVE-2007-3586 | 1 Mycms | 1 Mycms | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 and earlier allow remote attackers to inject arbitrary PHP code into (1) a _score.txt file via the score parameter, or (2) a _setby.txt file via a login cookie, which is then included by games.php. NOTE: programs that use games.php might include (a) snakep.php, (b) tetrisp.php, and possibly other site-specific files. | |||||
| CVE-2007-3589 | 1 B1g | 1 B1gbb | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in b1gbb 2.24.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showthread.php or (2) showboard.php. | |||||
| CVE-2007-3590 | 1 B1g | 1 B1gbb | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in visitenkarte.php in b1gBB 2.24.0 allows remote attackers to inject arbitrary web script or HTML via the user parameter. | |||||
| CVE-2007-3606 | 1 Sap | 1 Enjoysap | 2017-09-29 | 7.6 HIGH | N/A |
| Heap-based buffer overflow in the rfcguisink.rfcguisink.1 ActiveX control in the EnjoySAP SAP GUI, on systems using ASCII versions, allows remote attackers to execute arbitrary code via a long first argument to the LaunchGui function. | |||||
| CVE-2007-3609 | 1 Emeeting | 1 Online Dating Software | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in eMeeting Online Dating Software 5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) b.php and (2) account/gallery.php, and other unspecified vectors. | |||||
| CVE-2007-3610 | 1 Vastal I-tech | 1 Phpvid | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in categories_type.php in phpVID 0.9.9 allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2007-3611 | 1 Vrnews | 1 Vrnews | 2017-09-29 | 9.3 HIGH | N/A |
| admin.php in VRNews 1.1.1, and possibly other 1.x versions, does not require authentication, which allows remote attackers to perform certain administrative actions via a direct request with a (1) edit, (2) add, (3) config, or (4) del value in the act parameter. | |||||
| CVE-2007-3612 | 1 Visual Irc | 1 Visual Irc | 2017-09-29 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Visual IRC (ViRC) 2.0 allows remote IRC servers to execute arbitrary code via a long response to a JOIN command. | |||||
| CVE-2007-3630 | 1 Av Scripts | 1 Av Tutorial Script | 2017-09-29 | 6.4 MEDIUM | N/A |
| changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter. | |||||
| CVE-2007-3631 | 1 Gamesitescript | 1 Gamesitescript | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in GameSiteScript (gss) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the params parameter, related to missing input validation of the id field. | |||||
| CVE-2007-3632 | 1 Limesurvey | 1 Limesurvey | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka PHPSurveyor) 1.49RC2 allow remote attackers to execute arbitrary PHP code via a URL in the homedir parameter to (1) OLE/PPS/File.php, (2) OLE/PPS/Root.php, (3) Spreadsheet/Excel/Writer.php, or (4) OLE/PPS.php in admin/classes/pear/; or (5) Worksheet.php, (6) Parser.php, (7) Workbook.php, (8) Format.php, or (9) BIFFwriter.php in admin/classes/pear/Spreadsheet/Excel/Writer/. | |||||
| CVE-2007-3633 | 1 Chilkat Software | 1 Chilkat Zip Activex Control | 2017-09-29 | 6.4 MEDIUM | N/A |
| Absolute path traversal vulnerability in the Chilkat Software Chilkat Zip ActiveX control in ChilkatZip2.dll 12.4.2.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveLastError method and probably the (2) WriteExe method. | |||||
| CVE-2007-3649 | 1 Hp | 1 Photo Digital Imaging Activex Control | 2017-09-29 | 6.8 MEDIUM | N/A |
| Absolute path traversal vulnerability in a certain ActiveX control in hpqvwocx.dll 2.1.0.556 in Hewlett-Packard (HP) Digital Imaging allows remote attackers to create or overwrite arbitrary files via the second argument to the SaveToFile method. | |||||
| CVE-2007-3682 | 1 Openld | 1 Openld | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in OpenLD 1.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-3687 | 1 Infernotechnologies | 1 Rpg Inferno | 2017-09-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in inferno.php in the Inferno Technologies RPG Inferno 2.4 and earlier, a vBulletin module, allows remote authenticated attackers to execute arbitrary SQL commands via the id parameter in a ScanMember do action. | |||||
| CVE-2007-3702 | 1 Mail Machine | 1 Mail Machine | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the load function in cgi-bin/mail/mailmachine.cgi in Mail Machine 3.989 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the archives parameter in a Load action. | |||||
| CVE-2007-3703 | 1 Zenturi | 1 Zenturi Programchecker | 2017-09-29 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in a certain ActiveX control in sasatl.dll 1.5.0.531 in Zenturi Program Checker (ProgramChecker) Pro allows remote attackers to execute arbitrary code via a long argument to the Fill method. NOTE: this is probably a different issue than CVE-2007-2987. | |||||