Total
2906 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5780 | 1 Telematic Lab | 1 Teatro | 2018-10-15 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in pub/pub08_comments.php in teatro 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter. | |||||
| CVE-2007-5772 | 1 Flatnuke3 | 1 Flatnuke3 | 2018-10-15 | 6.0 MEDIUM | N/A |
| Direct static code injection vulnerability in the download module in Flatnuke 3 allows remote authenticated administrators to inject arbitrary PHP code into a description.it.php file in a subdirectory of Download/ by saving a description and setting fneditmode to 1. NOTE: unauthenticated remote attackers can exploit this by leveraging a cookie manipulation issue. | |||||
| CVE-2007-5741 | 1 Plone | 1 Plone | 2018-10-15 | 7.5 HIGH | N/A |
| Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes. | |||||
| CVE-2007-5737 | 1 Ghlab | 1 Korean Ghboard | 2018-10-15 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in component/upload.jsp in Korean GHBoard allows remote attackers to upload arbitrary files via unspecified vectors, probably involving a direct request. | |||||
| CVE-2007-5733 | 1 Japanese Php Gallery Hosting | 1 Japanese Php Gallery Hosting | 2018-10-15 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in upload/upload.php in Japanese PHP Gallery Hosting, when Open directory mode is enabled, allows remote attackers to upload and execute arbitrary PHP code via a ServerPath parameter specifying a filename with a double extension. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-5696 | 1 Phpbasic | 1 Phpbasic | 2018-10-15 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes.php in phpBasic allows remote attackers to execute arbitrary PHP code via a URL in the root parameter, possibly related to the Music module. | |||||
| CVE-2007-5693 | 1 Sitebar | 1 Sitebar | 2018-10-15 | 6.0 MEDIUM | N/A |
| Eval injection vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492. | |||||
| CVE-2007-5822 | 1 Scribe | 1 Scribe | 2018-10-15 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in forum.php in Ben Ng Scribe 0.2 and earlier allows remote attackers to inject arbitrary PHP code into a certain file in regged/ via the username parameter in a Register action, possibly related to the register function in forumfunctions.php. | |||||
| CVE-2007-5631 | 1 Peopleaggregator | 1 Peopleaggregator | 2018-10-15 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PeopleAggregator 1.2pre6, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the current_blockmodule_path parameter to (1) AudiosMediaGalleryModule/AudiosMediaGalleryModule.php, (2) ImagesMediaGalleryModule/ImagesMediaGalleryModule.php, (3) MembersFacewallModule/MembersFacewallModule.php, (4) NewestGroupsModule/NewestGroupsModule.php, (5) UploadMediaModule/UploadMediaModule.php, and (6) VideosMediaGalleryModule/VideosMediaGalleryModule.php in BetaBlockModules/; and (7) the path_prefix parameter to several components. | |||||
| CVE-2007-5492 | 1 Sitebar | 1 Sitebar | 2018-10-15 | 4.6 MEDIUM | N/A |
| Static code injection vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the value parameter. | |||||
| CVE-2007-5457 | 2 Joomla, Michael Dempfle | 2 Joomla, Joomla Flash Uploader | 2018-10-15 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Michael Dempfle Joomla Flash Uploader (com_jfu or com_joomla_flash_uploader) 2.5.1 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) install.joomla_flash_uploader.php and (2) uninstall.joomla_flash_uploader.php. | |||||
| CVE-2007-5425 | 1 Interspire | 1 Activekb | 2018-10-15 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in admin/index.php in Interspire ActiveKB 1.5 allows remote attackers to execute arbitrary SQL commands via the questId parameter in a hideQuestion ToDo action. NOTE: the catId vector is already covered by CVE-2007-5131. | |||||
| CVE-2007-5423 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2018-10-15 | 7.5 HIGH | N/A |
| tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function. | |||||
| CVE-2007-5418 | 1 Care2x | 1 2g | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in CARE2X 2G 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) en_copyrite.php, (2) vi_copyrite.php, and (3) ar_copyrite.php in language/ directories; (4) class_access.php, (5) class_department.php, (6) class_config.php, (7) class_image.php, (8) class_ward.php, and (9) class_product.php in include/care_api_classes/; (10) gui/smarty_template/smarty_care.class.php; and possibly other components, different vectors than CVE-2007-1458. | |||||
| CVE-2007-5410 | 2 Joomla, Webmaster-tips | 2 Joomla, Flash Rss Reader | 2018-10-15 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin.wmtrssreader.php in the webmaster-tips.net Flash RSS Reader (com_wmtrssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | |||||
| CVE-2007-5389 | 2 Joomla, Swmenupro | 2 Joomla, Swmenufree | 2018-10-15 | 6.8 MEDIUM | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in preview.php in the swMenuFree (com_swmenufree) 4.6 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: a reliable third party disputes this issue because preview.php tests a certain constant to prevent direct requests. | |||||
| CVE-2007-5351 | 1 Microsoft | 1 Windows Vista | 2018-10-15 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability." | |||||
| CVE-2007-5307 | 1 Yannick Tanguy | 1 Else If Cms | 2018-10-15 | 7.5 HIGH | N/A |
| ELSEIF CMS Beta 0.6 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a .php file via externe/swfupload/upload.php. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in ELSEIF CMS. | |||||
| CVE-2007-5305 | 1 Yannick Tanguy | 1 Else If Cms | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ELSEIF CMS Beta 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) contenus parameter to (a) contenus.php; the (2) tpelseifportalrepertoire parameter to (b) votes.php, (c) espaceperso.php, (d) enregistrement.php, (e) commentaire.php, and (f) coeurusr.php in utilisateurs/, and (g) articles/fonctions.php and (h) depot/fonctions.php in moduleajouter/; the (3) corpsdesign parameter to (i) articles/usrarticles.php and (j) depot/usrdepot.php in moduleajouter/; and possibly other files. | |||||
| CVE-2007-5298 | 1 Creamotion | 1 Creamotion | 2018-10-15 | 6.4 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in CMS Creamotion allow remote attackers to execute arbitrary PHP code via a URL in the cfg[document_uri] parameter to (1) _administration/securite.php and (2) _administration/gestion_configurations/save_config.php. | |||||