Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2422 | 1 Comdev | 1 Modules Builder | 2018-10-16 | 7.5 HIGH | N/A |
| ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Modules Builder (modbuild) 4.1 for Comdev One Admin allow remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter to (1) config-bak.php or (2) config.php. NOTE: CVE disputes this vulnerability because the unmodified scripts set the applicable variable to the empty string; reasonable modified copies would use a fixed pathname string. | |||||
| CVE-2007-2300 | 1 Surat Kabar | 1 Phpwebnews | 2018-10-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto Surat kabar / News Management Online (aka phpwebnews) 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the m_txt parameter to (1) iklan.php, (2) index.php, or (3) bukutamu.php. | |||||
| CVE-2007-2325 | 1 Mynewsgroup | 1 Mynewsgroup | 2018-10-16 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in include.php in MyNewsGroups :) allows remote attackers to execute arbitrary PHP code via a URL in the myng_root parameter. | |||||
| CVE-2007-2411 | 1 Sphider | 1 Sphider | 2018-10-16 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Sphider 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter. NOTE: a third party disputes this vulnerability, stating that "the application is not vulnerable to this issue." | |||||
| CVE-2007-2293 | 1 Asterisk | 1 Asterisk | 2018-10-16 | 7.6 HIGH | N/A |
| Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP INVITE. | |||||
| CVE-2007-2358 | 1 B2evolution | 1 B2evolution | 2018-10-16 | 7.5 HIGH | N/A |
| ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in b2evolution allow remote attackers to execute arbitrary PHP code via a URL in the (1) inc_path parameter to (a) a_noskin.php, (b) a_stub.php, (c) admin.php, (d) contact.php, (e) default.php, (f) index.php, and (g) multiblogs.php in blogs/; the (2) view_path and (3) control_path parameters to blogs/admin.php; and the (4) skins_path parameter to (h) blogs/contact.php and (i) blogs/multiblogs.php. NOTE: this issue is disputed by CVE, since the inc_path, view_path, control_path, and skins_path variables are all initialized in conf/_advanced.php before they are used. | |||||
| CVE-2007-2311 | 1 Bloofoxcms | 1 Bloofoxcms | 2018-10-16 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in install/index.php in BlooFoxCMS 0.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the content_php parameter. NOTE: this issue has been disputed by a reliable third party, stating that content_php is initialized before use. | |||||
| CVE-2007-2419 | 1 Macrovision | 2 Flexnet Connect, Update Service | 2018-10-16 | 10.0 HIGH | N/A |
| Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the AddFileEx method, a different vulnerability than CVE-2007-0328. | |||||
| CVE-2007-2294 | 1 Asterisk | 1 Asterisk | 2018-10-16 | 7.8 HIGH | N/A |
| The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference. | |||||
| CVE-2007-2327 | 1 Labs4 | 1 Htmleditbox | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in _editor.php in HTMLeditbox 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the settings[app_dir] parameter. | |||||
| CVE-2007-2326 | 1 Goldcoders | 1 Hyip Manager Pro | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in HYIP Manager Pro allow remote attackers to execute arbitrary PHP code via a URL in the plugin_file parameter to (1) Smarty.class.php and (2) Smarty_Compiler.class.php in inc/libs/; (3) core.display_debug_console.php, (4) core.load_plugins.php, (5) core.load_resource_plugin.php, (6) core.process_cached_inserts.php, (7) core.process_compiled_include.php, and (8) core.read_cache_file.php in inc/libs/core/; and other unspecified files. NOTE: (1) and (2) might be incorrectly reported vectors in Smarty. | |||||
| CVE-2007-2155 | 1 Phpfaber | 1 Topsites | 2018-10-16 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in template.php in in phpFaber TopSites 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the modify parameter in a template action to admin/index.php. | |||||
| CVE-2007-2232 | 1 Cosign | 1 Cosign | 2018-10-16 | 7.5 HIGH | N/A |
| The CHECK command in Cosign 2.0.1 and earlier allows remote attackers to bypass authentication requirements via CR (\r) sequences in the cosign cookie parameter. | |||||
| CVE-2007-2219 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2018-10-16 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function. | |||||
| CVE-2007-2171 | 1 Novell | 1 Groupwise | 2018-10-16 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the base64_decode function in GWINTER.exe in Novell GroupWise (GW) WebAccess before 7.0 SP2 allows remote attackers to execute arbitrary code via long base64 content in an HTTP Basic Authentication request. | |||||
| CVE-2007-2162 | 2 Gnu, Mozilla | 2 Iceweasel, Firefox | 2018-10-16 | 7.8 HIGH | N/A |
| (1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote attackers to cause a denial of service (browser crash or system hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. | |||||
| CVE-2007-2170 | 1 Oracle | 1 E-business Suite | 2018-10-16 | 9.4 HIGH | N/A |
| The APPLSYS.FND_DM_NODES package in Oracle E-Business Suite does not check for valid sessions, which allows remote attackers to delete arbitrary nodes. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128. | |||||
| CVE-2007-2163 | 1 Apple | 1 Safari | 2018-10-16 | 5.0 MEDIUM | N/A |
| Apple Safari allows remote attackers to cause a denial of service (browser crash) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. | |||||
| CVE-2007-2126 | 1 Oracle | 1 E-business Suite | 2018-10-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle E-Business Suite 11.5.10CU2 has unknown impact and remote attack vectors in the (1) Common Applications (APPS01) and (2) iProcurement (APPS02). | |||||
| CVE-2007-2228 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Vista and 1 more | 2018-10-16 | 7.8 HIGH | N/A |
| rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak. | |||||