Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1959 | 1 Tinymux | 1 Tinymux | 2011-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the process_cmdent function in command.cpp in TinyMUX before 2.4 has unknown impact and attack vectors, related to lack of the "'other half' of buffer overflow protection." | |||||
| CVE-2007-2309 | 1 Flowers | 1 Flowers | 2011-03-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 allows remote attackers to inject arbitrary web script or HTML via the den parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2177 | 1 Microgaming | 1 Download Helper Activex Control | 2011-03-07 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the Microgaming Download Helper ActiveX control (dlhelper.dll) before 7.2.0.19, and the WebHandler Class control, allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-1958 | 1 Tinymux | 1 Tinymux | 2011-03-07 | 5.0 MEDIUM | N/A |
| Buffer overflow in TinyMUX before 2.4 allows attackers to cause a denial of service via unspecified vectors related to "too many substring matches in a regexp $-command." NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-1881 | 1 Kaspersky Lab | 2 Kaspersky Anti-virus, Kaspersky Internet Security | 2011-03-07 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows local users to gain Ring-0 privileges via unspecified vectors. | |||||
| CVE-2007-2071 | 1 Open-gorotto | 1 Open-gorotto | 2011-03-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Open-gorotto 2.0a 2006/02/08 edition, 2006/03/19 edition, and 2006/04/07 edition before 20070416 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) pub/modules/d/_top.html; (2) /pub/modules/a/_access.html; (3) _circletop.html or (4) _cir66.html in pub/modules/ci/; or (5) _fri66.html, (6) _inv66.html, (7) _top.html, (8) _friends.html, or (9) _fri33.html in pub/modules/f/. | |||||
| CVE-2007-2198 | 1 Lan Management System | 1 Lan Management System | 2011-03-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in LAN Management System (LMS) before 1.6.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably involving the OD parameter to contrib/formularz_przelewu_wplaty/druk.php. | |||||
| CVE-2007-2160 | 1 Drupal | 1 Database Administration Module | 2011-03-07 | 7.5 HIGH | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Database Administration (dba) module 4.6.x-*, and before 4.7.x-1.2 in the 4.7.x-1.* series, for Drupal allow remote attackers to perform unauthorized actions as an arbitrary user, a related issue to CVE-2006-5476. | |||||
| CVE-2007-2316 | 1 Open Business Management | 1 Open Business Management | 2011-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the admin script in Open Business Management (OBM) before 2.0.0 allows remote attackers to have an unknown impact by calling the script "in txt mode from a browser." | |||||
| CVE-2007-2315 | 1 Minishare | 1 Minimal Http Server | 2011-03-07 | 7.8 HIGH | N/A |
| MiniShare 1.5.4, and possibly earlier, allows remote attackers to cause a denial of service (application crash) via a flood of requests for new connections. | |||||
| CVE-2007-2146 | 1 Minigal | 1 Minigal | 2011-03-07 | 7.5 HIGH | N/A |
| The imagecomments function in classes.php in MiniGal b13 allow remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the (1) name or (2) email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2047 | 1 Openads | 1 Openads | 2011-03-07 | 7.5 HIGH | N/A |
| CRLF injection vulnerability in www/delivery/ck.php in Openads 2.3 (aka Max Media Manager, MMM) before 0.3.31-alpha-pr3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the destination parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2042 | 1 Avant-garde Solutions | 1 Mosmedia | 2011-03-07 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite 1.0.6 and earlier module for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) support.html.php or (2) info.html.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2159 | 1 Drupal | 1 Database Administration Module | 2011-03-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Database Administration (dba) module 4.6.x-*, and before 4.7.x-1.2 in the 4.7.x-1.* series, for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors relating to (1) direct display of data from the database and (2) other portions of the user interface. | |||||
| CVE-2007-1622 | 1 Wordpress | 1 Wordpress | 2011-03-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF. | |||||
| CVE-2007-1625 | 1 Realguestbook | 1 Realguestbook | 2011-03-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in save_entry.php in realGuestbook 5.01 allows remote attackers to inject arbitrary web script or HTML via the homepage parameter, as reachable through add_entry.php. NOTE: the original report stated that the vulnerability was in add_entry.php, which does not receive the input data. | |||||
| CVE-2007-1656 | 1 Katalog Plyt Audio | 1 Katalog Plyt Audio | 2011-03-07 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Katalog Plyt Audio 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fraza and (2) litera parameters, different vectors than CVE-2007-1612. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-1637 | 1 Ipswitch | 4 Imail, Imail Plus, Imail Premium and 1 more | 2011-03-07 | 9.3 HIGH | N/A |
| Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailUserCollection control. | |||||
| CVE-2007-1521 | 1 Php | 1 Php | 2011-03-07 | 6.8 MEDIUM | N/A |
| Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation. | |||||
| CVE-2007-1614 | 1 Zziplib | 1 Zziplib | 2011-03-07 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the zzip_open_shared_io function in zzip/file.c in ZZIPlib Library before 0.13.49 allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long filename. | |||||