Total
27865 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-1190 | 1 Bsalsa | 1 Embeddedwb Web Browser | 2008-11-14 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in the EmbeddedWB Web Browser ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2007-1192 | 1 Hyperbook | 1 Guestbook | 2008-11-14 | 5.0 MEDIUM | N/A |
Thomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an admin password hash via a direct request for data/gbconfiguration.dat. | |||||
CVE-2007-1077 | 1 Design4online | 1 Userpages2 | 2008-11-14 | 7.5 HIGH | N/A |
SQL injection vulnerability in page.asp in Design4Online UserPages2 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2007-1197 | 1 Epiware | 1 Epiware | 2008-11-14 | 9.3 HIGH | N/A |
Multiple unspecified vulnerabilities in Epiware before 4.7.5 have unknown impact and attack vectors, possibly related to cross-site scripting (XSS) and other unspecified issues. | |||||
CVE-2007-1117 | 1 Microsoft | 1 Publisher | 2008-11-14 | 10.0 HIGH | N/A |
Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source. | |||||
CVE-2007-0823 | 1 Slackware | 1 Slackware Linux | 2008-11-14 | 1.9 LOW | N/A |
xterm on Slackware Linux 10.2 stores information that had been displayed for a different user account using the same xterm process, which might allow local users to bypass file permissions and read other users' files, or obtain other sensitive information, by reading the xterm process memory. NOTE: it could be argued that this is an expected consequence of multiple users sharing the same interactive process, in which case this is not a vulnerability. | |||||
CVE-2007-0821 | 1 Cedric | 1 Claire Portailphp | 2008-11-14 | 5.0 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in Cedric CLAIRE PortailPhp 2 allow remote attackers to read arbitrary files via a .. (dot dot) in the chemin parameter to (1) mod_news/index.php or (2) mod_news/goodies.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2007-0840 | 1 Hlstats | 1 Hlstats | 2008-11-14 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in HLstats before 1.35 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the search class. NOTE: it is possible that this issue overlaps CVE-2006-4543.3 or CVE-2006-4454. | |||||
CVE-2007-0852 | 1 Techexcel Inc. | 1 Devtrack | 2008-11-14 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote attackers to inject arbitrary web script or HTML via the "Keyword search" form field and unspecified other form fields that populate a public saved query. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2007-0863 | 1 Trevorchan | 1 Trevorchan | 2008-11-14 | 10.0 HIGH | N/A |
** DISPUTED ** PHP remote file inclusion vulnerability in Trevorchan 0.7 and earlier allows remote attackers to execute arbitrary code via the tc_config[rootdir] parameter to (1) upgrade.php, (2) paint_save.php, (3) menu.php, (4) manage.php, and (5) banned.php. NOTE: his issue has been disputed by reliable third parties, who state that the variable is set before use in config.php. | |||||
CVE-2007-0901 | 1 Moinmoin | 1 Moinmoin | 2008-11-14 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Info pages in MoinMoin 1.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) hitcounts and (2) general parameters, different vectors than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2007-0868 | 1 Yahoo | 1 Messenger | 2008-11-14 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the Chat Room functionality in Yahoo! Messenger 8.1.0.239 and earlier allows remote attackers to cause a denial of service via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2007-0869 | 1 Jelsoft | 1 Vbulletin | 2008-11-14 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Attachment Manager (admincp/attachment.php) in Jelsoft vBulletin 3.6.4 allows remote attackers to inject arbitrary web script or HTML via the Extension field. NOTE: this might be a duplicate of CVE-2007-0830.5. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2007-1018 | 1 Virtualsystem | 1 Vs-news-system | 2008-11-14 | 9.3 HIGH | N/A |
PHP remote file inclusion vulnerability in tpl/header.php in VirtualSystem VS-News-System 1.2.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the newsordner parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2007-0877 | 1 March Networks | 5 3108 Dvr, 3204 Dvr, 4210 Dvr and 2 more | 2008-11-14 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in March Networks DVR 3000 and 4000 Digital Video Recorders allows attackers to cause an unspecified denial of service. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2007-0902 | 1 Moinmoin | 1 Moinmoin | 2008-11-14 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the "Show debugging information" feature in MoinMoin 1.5.7 allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2007-0913 | 1 Microsoft | 1 Powerpoint | 2008-11-14 | 9.3 HIGH | N/A |
Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues. | |||||
CVE-2007-0557 | 1 Rmake | 1 Rmake | 2008-11-14 | 7.2 HIGH | N/A |
rMake before 1.0.4 drops root privileges in a way that retains the original supplemental groups, which might allow attackers to gain privileges via a crafted recipe file, a different vulnerability than CVE-2007-0536. | |||||
CVE-2007-0664 | 1 Acme Labs | 1 Thttpd | 2008-11-14 | 5.0 MEDIUM | N/A |
thttpd before 2.25b-r6 in Gentoo Linux is started from the system root directory (/) by the Gentoo baselayout 1.12.6 package, which allows remote attackers to read arbitrary files. | |||||
CVE-2007-0604 | 1 Six Apart Ltd | 1 Movable Type | 2008-11-14 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Movable Type (MT) before 3.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the MTCommentPreviewIsStatic tag, which can open the "comment entry screen," a different vulnerability than CVE-2007-0231. |