Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4370 | 1 Racer | 1 Racer | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the (1) client and (2) server in Racer 0.5.3 beta 5 allow remote attackers to execute arbitrary code via a long string to UDP port 26000. | |||||
| CVE-2007-4381 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-29 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself. | |||||
| CVE-2007-4386 | 1 Getmyownarcade | 1 Getmyownarcade | 2017-09-29 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in search.php in GetMyOwnArcade allows remote attackers to execute arbitrary SQL commands via the query parameter. | |||||
| CVE-2007-4420 | 1 Edraw | 1 Office Viewer Component | 2017-09-29 | 9.3 HIGH | N/A |
| Absolute path traversal vulnerability in a certain ActiveX control in officeviewer.ocx 5.1.199.1 in EDraw Office Viewer Component 5.1 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the HttpDownloadFile method, a different vulnerability than CVE-2007-3168 and CVE-2007-3169. | |||||
| CVE-2007-4439 | 1 Lighthouse Development | 1 Squirrelcart | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in popup_window.php in Squirrelcart 1.x.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site_isp_root parameter, probably related to cart.php. | |||||
| CVE-2007-4440 | 1 Pmail | 1 Mercury Mail Transport System | 2017-09-29 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the MercuryS SMTP server in Mercury Mail Transport System, possibly 4.51 and earlier, allows remote attackers to execute arbitrary code via a long AUTH CRAM-MD5 string. NOTE: this might overlap CVE-2006-5961. | |||||
| CVE-2007-4441 | 1 Php | 1 Php | 2017-09-29 | 4.6 MEDIUM | N/A |
| Buffer overflow in php_win32std.dll in the win32std extension for PHP 5.2.0 and earlier allows context-dependent attackers to execute arbitrary code via a long string in the filename argument to the win_browse_file function. | |||||
| CVE-2007-4474 | 1 Ibm | 2 Domino Web Access, Lotus Domino Web Access | 2017-09-29 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attackers to execute arbitrary code, as demonstrated by an overflow from a long General_ServerName property value when calling the InstallBrowserHelperDll function in the Upload Module in the dwa7.dwa7.1 control in dwa7w.dll 7.0.34.1. | |||||
| CVE-2007-4489 | 1 Ecentrex | 1 Voip Client Module | 2017-09-29 | 6.8 MEDIUM | N/A |
| Buffer overflow in the IUAComFormX ActiveX control in uacomx.ocx 2.0.1 in the eCentrex VOIP Client module allows remote attackers to execute arbitrary code via a long Username argument to the ReInit method. | |||||
| CVE-2007-4502 | 1 Joomla | 1 Bibtex | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the BibTeX component (com_jombib) 1.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the afilter parameter. | |||||
| CVE-2007-4503 | 1 Joomla | 1 Nice Talk | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Nice Talk component (com_nicetalk) 0.9.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the tagid parameter. | |||||
| CVE-2007-4504 | 1 Joomla | 1 Rsfiles | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter in a files.display action. | |||||
| CVE-2007-4505 | 2 Mambo, Mamboserver | 2 Remository, Mambo | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the RemoSitory component (com_remository) for Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action. | |||||
| CVE-2007-4506 | 1 Joomla | 1 Neorecruit | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the NeoRecruit component (com_neorecruit) 1.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an offer_view action. | |||||
| CVE-2007-4507 | 1 Php | 1 Php | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 allow context-dependent attackers to cause a denial of service or execute arbitrary code via long arguments to the (1) ntuser_getuserlist, (2) ntuser_getuserinfo, (3) ntuser_getusergroups, or (4) ntuser_getdomaincontroller functions. | |||||
| CVE-2007-4509 | 1 Joomla | 1 Eventlist | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the EventList component (com_eventlist) 0.8 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the did parameter in a details action. | |||||
| CVE-2007-4513 | 1 Ibm | 1 Aix | 2017-09-29 | 7.2 HIGH | N/A |
| Multiple stack-based buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via a long argument to the (1) "-p" option to lqueryvg or (2) the "-V" option to lquerypv. | |||||
| CVE-2007-4528 | 1 Php | 1 Php | 2017-09-29 | 4.3 MEDIUM | N/A |
| The Foreign Function Interface (ffi) extension in PHP 5.0.5 does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code by loading an arbitrary DLL and calling a function, as demonstrated by kernel32.dll and the WinExec function. NOTE: this issue does not cross privilege boundaries in most contexts, so perhaps it should not be included in CVE. | |||||
| CVE-2007-4569 | 1 Kde | 1 Kde | 2017-09-29 | 6.8 MEDIUM | N/A |
| backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors. | |||||
| CVE-2007-4570 | 1 Redhat | 2 Enterprise Linux, Mcstrans | 2017-09-29 | 1.9 LOW | N/A |
| Algorithmic complexity vulnerability in the MCS translation daemon in mcstrans 0.2.3 allows local users to cause a denial of service (temporary daemon outage) via a large range of compartments in sensitivity labels. | |||||
| CVE-2007-4571 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 2.1 LOW | N/A |
| The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc. | |||||
| CVE-2007-4574 | 3 Amd, Intel, Redhat | 3 Amd64, Ia64, Enterprise Linux | 2017-09-29 | 4.7 MEDIUM | N/A |
| Unspecified vulnerability in the "stack unwinder fixes" in kernel in Red Hat Enterprise Linux 5, when running on AMD64 and Intel 64, allows local users to cause a denial of service via unknown vectors. | |||||
| CVE-2007-4575 | 1 Openoffice | 1 Openoffice | 2017-09-29 | 9.3 HIGH | N/A |
| HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods." | |||||
| CVE-2007-4581 | 1 Wbb2-addon | 1 Acrotxt | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in acrotxt.php in WBB2-Addon: Acrotxt 1 allows remote attackers to execute arbitrary SQL commands via the show parameter. | |||||
| CVE-2007-4582 | 1 Acti | 1 Network Video Recorder | 2017-09-29 | 7.5 HIGH | N/A |
| Buffer overflow in the nvUnifiedControl.AUnifiedControl.1 ActiveX control in nvUnifiedControl.dll 1.1.45.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allows remote attackers to execute arbitrary code via a long second argument to the SetText method. | |||||
| CVE-2007-4583 | 1 Acti | 1 Network Video Recorder | 2017-09-29 | 5.0 MEDIUM | N/A |
| Multiple absolute path traversal vulnerabilities in the nvUtility.Utility.1 ActiveX control in nvUtility.dll 1.0.14.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allow remote attackers to (1) create or overwrite arbitrary files via a full pathname in the first argument to the SaveXMLFile method or (2) delete arbitrary files via a full pathname in the argument to the DeleteXMLFile method. | |||||
| CVE-2007-4584 | 1 Bitchx | 1 Bitchx | 2017-09-29 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the p_mode variable. | |||||
| CVE-2007-4585 | 1 2532gigs | 1 2532gigs | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in activateuser.php in 2532|Gigs 1.2.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. | |||||
| CVE-2007-4586 | 1 Php | 1 Php | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple buffer overflows in php_iisfunc.dll in the iisfunc extension for PHP 5.2.0 and earlier allow context-dependent attackers to execute arbitrary code, probably during Unicode conversion, as demonstrated by a long string in the first argument to the iis_getservicestate function, related to the ServiceId argument to the (1) fnStartService, (2) fnGetServiceState, (3) fnStopService, and possibly other functions. | |||||
| CVE-2007-4597 | 1 Turnkey Web Tools | 1 Sunshop Shopping Cart | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 RC 6 allows remote attackers to execute arbitrary SQL commands via the s[cid] parameter in a search_list action, a different vector than CVE-2007-2549. | |||||
| CVE-2007-4602 | 1 Implied By Design | 1 Micro Cms | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in cms/revert-content.php in Implied by Design Micro CMS (Micro-CMS) 3.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-4603 | 1 Altercoder | 1 Acg News | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in ACG News 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the aid parameter in a showarticle action or (2) the catid parameter in a showcat action. | |||||
| CVE-2007-4604 | 1 Dinkumsoft.com | 1 Dl Paycart | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewitem.php in DL PayCart 1.01 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter. | |||||
| CVE-2007-4605 | 1 Vwar | 1 Virtual War | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in convert/mvcw.php in Virtual War (VWar) 1.5.0 R15 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter, a different vector than CVE-2006-1503, CVE-2006-1636, and CVE-2006-1747. | |||||
| CVE-2007-4606 | 1 Phpnuke-clan | 1 Phpnuke-clan | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in convert/mvcw_conver.php in the Virtual War (VWar) module for PHPNuke-Clan (PNC) 4.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter, a different vector than CVE-2006-1602. NOTE: it is possible that this issue stems from a problem in VWar itself. | |||||
| CVE-2007-4619 | 2 Flac, Nullsoft | 2 Libflac, Winamp | 2017-09-29 | 9.3 HIGH | N/A |
| Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow. | |||||
| CVE-2007-5275 | 1 Adobe | 1 Shockwave Player | 2017-09-29 | 5.0 MEDIUM | N/A |
| The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser's DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324. | |||||
| CVE-2007-5278 | 1 Zomplog | 1 Zomplog | 2017-09-29 | 4.3 MEDIUM | N/A |
| Zomplog 3.8.1 and earlier stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to download files that were uploaded by users, as demonstrated by obtaining a directory listing via a direct request to /upload and then retrieving individual files. NOTE: in a non-default configuration, the directory listing is denied, but filenames may be predicable. | |||||
| CVE-2007-4623 | 1 Ibm | 1 Aix | 2017-09-29 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in the sendrmt function in bellmail in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via a long parameter to the m command. | |||||
| CVE-2007-4627 | 1 Algera | 1 Abc Estore | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ABC eStore 3.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2007-4628 | 1 Phpns | 1 Phpns | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shownews.php in phpns 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-4636 | 1 Phpbg | 1 Phpbg | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpBG 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to (1) intern/admin/other/backup.php, (2) intern/admin/, (3) intern/clan/member_add.php, (4) intern/config/key_2.php, or (5) intern/config/forum.php. | |||||
| CVE-2007-4637 | 1 Xgb | 1 Xgb | 2017-09-29 | 6.4 MEDIUM | N/A |
| xGB.php in xGB 2.0 does not require authentication for an admin edit action, which allows remote attackers to make unspecified changes via an unknown series of steps. | |||||
| CVE-2007-4640 | 1 Pakupaku | 1 Pakupaku Cms | 2017-09-29 | 6.4 MEDIUM | N/A |
| Unrestricted file upload vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to upload and execute arbitrary PHP files in uploads/ via an Uploads action. | |||||
| CVE-2007-4641 | 1 Pakupaku | 1 Pakupaku Cms | 2017-09-29 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file. | |||||
| CVE-2007-4645 | 1 Nmdeluxe | 1 Nmdeluxe | 2017-09-29 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in index.php in NMDeluxe 2.0.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a newspost do action, a different vulnerability than CVE-2006-1108. | |||||
| CVE-2007-4646 | 1 Hexamail | 1 Hexamail Server | 2017-09-29 | 10.0 HIGH | N/A |
| Buffer overflow in the pop3 service in Hexamail Server 3.0.0.001 Lite allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long USER command. | |||||
| CVE-2007-4647 | 1 2coolcode | 1 Our Space | 2017-09-29 | 5.0 MEDIUM | N/A |
| newswire/uploadmedia.cgi in 2coolcode Our Space (Ourspace) 2.0.9 allows remote attackers to upload certain files via unspecified vectors, probably involving unrestricted functionality in uploadmedia.cgi. | |||||
| CVE-2007-4653 | 1 Phpbb | 1 Phpbb | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in links.php in the Links MOD 1.2.2 and earlier for phpBB 2.0.22 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter in a search action. | |||||
| CVE-2007-4712 | 1 Enetman | 1 Enetman | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in eNetman 1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||