Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2297 | 1 Asterisk | 1 Asterisk | 2018-10-16 | 7.8 HIGH | N/A |
| The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash). | |||||
| CVE-2007-2310 | 1 Bloofoxcms | 1 Bloofoxcms | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in plugins/spaw/img_popup.php in BloofoxCMS 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the img_url parameter. | |||||
| CVE-2007-2354 | 1 Progress | 1 Webspeed Messenger | 2018-10-16 | 7.8 HIGH | N/A |
| Progress Webspeed Messenger allows remote attackers to obtain sensitive information via a WService parameter containing "wsbroker1/webutil/about.r", which reveals the operating system and product information. | |||||
| CVE-2007-2329 | 1 Searchactivity | 1 Searchactivity | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in searchbot.php in Searchactivity allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||
| CVE-2007-2352 | 1 Afflib | 1 Afflib | 2018-10-16 | 10.0 HIGH | N/A |
| Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls, possibly involving (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/imager.cpp, and (f) tools/afxml.cpp. NOTE: this identifier is intended to address the vectors that were not fixed in CVE-2007-2054, but the unfixed vectors were not explicitly listed. | |||||
| CVE-2007-2339 | 1 Phorum | 1 Phorum | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow remote attackers to execute arbitrary SQL commands via (1) a modified recipients parameter name in (a) pm.php; (2) the curr parameter to the (b) badwords (aka censorlist) or (c) banlist module in admin.php; or (3) the "Edit groups / Add group" field in the (d) groups module in admin.php. | |||||
| CVE-2007-2308 | 1 Flowers | 1 Flowers | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 allows remote attackers to inject arbitrary web script or HTML via the rok parameter. | |||||
| CVE-2007-2328 | 1 Phpmytgp | 1 Phpmytgp | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in addvip.php in phpMYTGP 1.4b allows remote attackers to execute arbitrary PHP code via a URL in the msetstr[PROGSDIR] parameter. | |||||
| CVE-2007-2357 | 1 Sinecms | 1 Sinecms | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mods/Core/result.php in SineCms 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the stringa parameter. | |||||
| CVE-2007-2447 | 1 Samba | 1 Samba | 2018-10-16 | 6.0 MEDIUM | N/A |
| The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management. | |||||
| CVE-2007-2330 | 1 Dynatracker | 1 Dynatracker | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes_handler.php in DynaTracker 151 allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter. | |||||
| CVE-2007-2412 | 1 Seir Anphin | 1 Seir Anphin | 2018-10-16 | 7.8 HIGH | N/A |
| ** DISPUTED ** Directory traversal vulnerability in modules/file.php in Seir Anphin allows remote attackers to obtain sensitive information via a .. (dot dot) in the a[filepath] parameter. NOTE: a third party has disputed this issue because the a array is populated by a database query before use. | |||||
| CVE-2007-2416 | 1 E-annu | 1 E-annu | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in home.php in E-Annu allows remote attackers to execute arbitrary SQL commands via the a parameter. | |||||
| CVE-2007-2312 | 1 Vwar | 1 Virtual War | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 R15 module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the n parameter to extra/online.php and other unspecified scripts in extra/. NOTE: this might be same vulnerability as CVE-2006-4142; however, there is an intervening vendor fix announcement. | |||||
| CVE-2007-2367 | 1 Wserve Http Server | 1 Wserve Http Server | 2018-10-16 | 10.0 HIGH | N/A |
| Buffer overflow in wserve_console.exe in Wserve HTTP Server (whttp) 4.6 allows remote attackers to cause a denial of service (forced application exit) via a long directory name in the URI. | |||||
| CVE-2007-2398 | 2 Apple, Microsoft | 2 Safari, Windows 2003 Server | 2018-10-16 | 7.1 HIGH | N/A |
| Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks. | |||||
| CVE-2007-2438 | 2 Foresight Linux, Vim Development Group | 2 Foresight Linux, Vim | 2018-10-16 | 7.6 HIGH | N/A |
| The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines. | |||||
| CVE-2007-2306 | 1 Vwar | 1 Virtual War | 2018-10-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Virtual War (VWar) 1.5.0 R15 and earlier module for PHP-Nuke, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) memberlist parameter to extra/login.php and the (2) title parameter to extra/today.php. | |||||
| CVE-2007-2373 | 1 Wf-links | 1 Wf-links | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewcat.php in the WF-Links (wflinks) 1.03 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2007-2420 | 1 Burak Yilmaz | 1 Burak Yilmaz Blog | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bry.asp in Burak Yilmaz Blog 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||