Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by NVD-CWE-Other
Total 27865 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-1190 1 Bsalsa 1 Embeddedwb Web Browser 2008-11-14 6.8 MEDIUM N/A
Unspecified vulnerability in the EmbeddedWB Web Browser ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1192 1 Hyperbook 1 Guestbook 2008-11-14 5.0 MEDIUM N/A
Thomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an admin password hash via a direct request for data/gbconfiguration.dat.
CVE-2007-1077 1 Design4online 1 Userpages2 2008-11-14 7.5 HIGH N/A
SQL injection vulnerability in page.asp in Design4Online UserPages2 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1197 1 Epiware 1 Epiware 2008-11-14 9.3 HIGH N/A
Multiple unspecified vulnerabilities in Epiware before 4.7.5 have unknown impact and attack vectors, possibly related to cross-site scripting (XSS) and other unspecified issues.
CVE-2007-1117 1 Microsoft 1 Publisher 2008-11-14 10.0 HIGH N/A
Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
CVE-2007-0823 1 Slackware 1 Slackware Linux 2008-11-14 1.9 LOW N/A
xterm on Slackware Linux 10.2 stores information that had been displayed for a different user account using the same xterm process, which might allow local users to bypass file permissions and read other users' files, or obtain other sensitive information, by reading the xterm process memory. NOTE: it could be argued that this is an expected consequence of multiple users sharing the same interactive process, in which case this is not a vulnerability.
CVE-2007-0821 1 Cedric 1 Claire Portailphp 2008-11-14 5.0 MEDIUM N/A
Multiple directory traversal vulnerabilities in Cedric CLAIRE PortailPhp 2 allow remote attackers to read arbitrary files via a .. (dot dot) in the chemin parameter to (1) mod_news/index.php or (2) mod_news/goodies.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0840 1 Hlstats 1 Hlstats 2008-11-14 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in HLstats before 1.35 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the search class. NOTE: it is possible that this issue overlaps CVE-2006-4543.3 or CVE-2006-4454.
CVE-2007-0852 1 Techexcel Inc. 1 Devtrack 2008-11-14 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote attackers to inject arbitrary web script or HTML via the "Keyword search" form field and unspecified other form fields that populate a public saved query. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0863 1 Trevorchan 1 Trevorchan 2008-11-14 10.0 HIGH N/A
** DISPUTED ** PHP remote file inclusion vulnerability in Trevorchan 0.7 and earlier allows remote attackers to execute arbitrary code via the tc_config[rootdir] parameter to (1) upgrade.php, (2) paint_save.php, (3) menu.php, (4) manage.php, and (5) banned.php. NOTE: his issue has been disputed by reliable third parties, who state that the variable is set before use in config.php.
CVE-2007-0901 1 Moinmoin 1 Moinmoin 2008-11-14 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Info pages in MoinMoin 1.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) hitcounts and (2) general parameters, different vectors than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0868 1 Yahoo 1 Messenger 2008-11-14 5.0 MEDIUM N/A
Unspecified vulnerability in the Chat Room functionality in Yahoo! Messenger 8.1.0.239 and earlier allows remote attackers to cause a denial of service via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0869 1 Jelsoft 1 Vbulletin 2008-11-14 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Attachment Manager (admincp/attachment.php) in Jelsoft vBulletin 3.6.4 allows remote attackers to inject arbitrary web script or HTML via the Extension field. NOTE: this might be a duplicate of CVE-2007-0830.5. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1018 1 Virtualsystem 1 Vs-news-system 2008-11-14 9.3 HIGH N/A
PHP remote file inclusion vulnerability in tpl/header.php in VirtualSystem VS-News-System 1.2.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the newsordner parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0877 1 March Networks 5 3108 Dvr, 3204 Dvr, 4210 Dvr and 2 more 2008-11-14 5.0 MEDIUM N/A
Unspecified vulnerability in March Networks DVR 3000 and 4000 Digital Video Recorders allows attackers to cause an unspecified denial of service. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0902 1 Moinmoin 1 Moinmoin 2008-11-14 5.0 MEDIUM N/A
Unspecified vulnerability in the "Show debugging information" feature in MoinMoin 1.5.7 allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0913 1 Microsoft 1 Powerpoint 2008-11-14 9.3 HIGH N/A
Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues.
CVE-2007-0557 1 Rmake 1 Rmake 2008-11-14 7.2 HIGH N/A
rMake before 1.0.4 drops root privileges in a way that retains the original supplemental groups, which might allow attackers to gain privileges via a crafted recipe file, a different vulnerability than CVE-2007-0536.
CVE-2007-0664 1 Acme Labs 1 Thttpd 2008-11-14 5.0 MEDIUM N/A
thttpd before 2.25b-r6 in Gentoo Linux is started from the system root directory (/) by the Gentoo baselayout 1.12.6 package, which allows remote attackers to read arbitrary files.
CVE-2007-0604 1 Six Apart Ltd 1 Movable Type 2008-11-14 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Movable Type (MT) before 3.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the MTCommentPreviewIsStatic tag, which can open the "comment entry screen," a different vulnerability than CVE-2007-0231.