Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4636 | 1 Phpbg | 1 Phpbg | 2017-09-28 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpBG 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to (1) intern/admin/other/backup.php, (2) intern/admin/, (3) intern/clan/member_add.php, (4) intern/config/key_2.php, or (5) intern/config/forum.php. | |||||
| CVE-2007-4732 | 1 Sun | 1 Solaris | 2017-09-28 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the strfreectty function in the Special File System (SPECFS) in Sun Solaris 8 through 10 allows local users to cause a denial of service (system panic), related to passing a NULL pointer to the pgsignal function. | |||||
| CVE-2007-4744 | 1 Anyinventory | 1 Anyinventory | 2017-09-28 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in environment.php in AnyInventory 1.9.1 and 2.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PREFIX parameter. | |||||
| CVE-2007-4757 | 1 Phpmytourney | 1 Phpmytourney | 2017-09-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in menu.php in phpMytourney allows remote attackers to execute arbitrary PHP code via a URL in the functions_file parameter. | |||||
| CVE-2007-4781 | 1 Joomla | 1 Joomla | 2017-09-28 | 6.6 MEDIUM | N/A |
| administrator/index.php in the installer component (com_installer) in Joomla! 1.5 Beta1, Beta2, and RC1 allows remote authenticated administrators to upload arbitrary files to tmp/ via the "Upload Package File" functionality, which is accessible when com_installer is the value of the option parameter. | |||||
| CVE-2007-4911 | 1 Cowon America | 1 Jetcast Server | 2017-09-28 | 5.0 MEDIUM | N/A |
| JSMP3OGGWt.dll in JetCast Server 2.0.0.4308 allows remote attackers to cause a denial of service (daemon crash) via a long .mp3 URI to TCP port 8000. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-4905 | 1 Auracms | 1 Auracms | 2017-09-28 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in mod/contak.php in AuraCMS 2.1 allows remote attackers to upload and execute arbitrary PHP files via the image parameter, which places a file under files/. | |||||
| CVE-2007-4932 | 1 Shop-script | 1 Shop-script | 2017-09-28 | 7.5 HIGH | N/A |
| admin.php in Shop-Script FREE 2.0 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to access the admin panel. | |||||
| CVE-2007-5036 | 1 Airdefense | 1 Airsensor | 2017-09-28 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in the AirDefense Airsensor M520 with firmware 4.3.1.1 and 4.4.1.4 allow remote authenticated users to cause a denial of service (HTTPS service outage) via a crafted query string in an HTTPS request to (1) adLog.cgi, (2) post.cgi, or (3) ad.cgi, related to the "files filter." | |||||
| CVE-2007-5275 | 1 Adobe | 1 Shockwave Player | 2017-09-28 | 5.0 MEDIUM | N/A |
| The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser's DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324. | |||||
| CVE-2007-6207 | 1 Xensource Inc | 1 Xen | 2017-09-28 | 2.1 LOW | N/A |
| Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not check the RID value for mov_to_rr, which allows a VTi domain to read memory of other domains. | |||||
| CVE-2007-6176 | 1 Amensa-soft | 1 K\+b-bestellsystem | 2017-09-28 | 10.0 HIGH | N/A |
| kb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) domain or (2) tld parameter in a check_owner action. | |||||
| CVE-2007-6178 | 1 Easy Hosting Control Panel | 1 Easy Hosting Control Panel | 2017-09-28 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Easy Hosting Control Panel for Ubuntu (EHCP) 0.22.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the confdir parameter to (1) dbutil.bck.php and (2) dbutil.php in config/. | |||||
| CVE-2007-6179 | 1 Kinson Chan Charray | 1 Cms | 2017-09-28 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Charray's CMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the ccms_library_path parameter to (1) markdown.php and (2) gallery.php in decoder/. | |||||
| CVE-2007-6239 | 1 Squid | 1 Squid Web Proxy Cache | 2017-09-28 | 5.0 MEDIUM | N/A |
| The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects. | |||||
| CVE-2007-6325 | 1 Fastpublish | 1 Fastpublish Cms | 2017-09-28 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in adminbereich/designconfig.php in Fastpublish CMS 1.9999 allows remote attackers to execute arbitrary PHP code via a URL in the config[fsBase] parameter, a different vector than CVE-2006-2726. | |||||
| CVE-2007-6326 | 1 Sergey Lyubka | 1 Simple Httpd | 2017-09-28 | 5.0 MEDIUM | N/A |
| Sergey Lyubka Simple HTTPD (shttpd) 1.3 on Windows allows remote attackers to cause a denial of service via a request that includes an MS-DOS device name, as demonstrated by the /aux URI. | |||||
| CVE-2007-6488 | 1 Falcon | 1 Series One Cms | 2017-09-28 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the dir[classes] parameter to sitemap.xml.php or (2) the error parameter to errors.php. | |||||
| CVE-2007-3806 | 1 Php | 1 Php | 2017-09-28 | 6.8 MEDIUM | N/A |
| The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure. | |||||
| CVE-2017-14511 | 1 Sap | 1 E-recruiting | 2017-09-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in SAP E-Recruiting (aka ERECRUIT) 605 through 617. When an external applicant registers to the E-Recruiting application, he/she receives a link by email to confirm access to the provided email address. However, this measure can be bypassed and attackers can register and confirm email addresses that they do not have access to (candidate_hrobject is predictable and corr_act_guid is improperly validated). Furthermore, since an email address can be registered only once, an attacker could prevent other legitimate users from registering. This is SAP Security Note 2507798. | |||||