Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2134 | 1 Oracle | 1 Enterpriseone | 2018-10-16 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the HTML Server in Oracle JD Edwards EnterpriseOne SP23_Q1 and 8.96.I1 has unknown impact and local attack vectors, aka JDE01. | |||||
| CVE-2007-2256 | 1 Tjschat | 1 Tjschat | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in you.php in TJSChat 0.95 allows remote attackers to inject arbitrary web script or HTML via the user parameter. | |||||
| CVE-2007-2135 | 1 Oracle | 1 E-business Suite | 2018-10-16 | 7.8 HIGH | N/A |
| The ADI_BINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FND_DOCUMENTS table via the ADI_DISPLAY_REPORT function, when passed a certain parameter. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128. | |||||
| CVE-2007-2136 | 1 Bmc | 1 Patrol Perform Agent | 2018-10-16 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in bgs_sdservice.exe in BMC Patrol PerformAgent allows remote attackers to execute arbitrary code by connecting to TCP port 10128 and sending certain XDR data, which is not properly parsed. | |||||
| CVE-2007-2137 | 1 Ibm | 1 Tivoli Monitoring Express | 2018-10-16 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in kde.dll in IBM Tivoli Monitoring Express 6.1.0 before Fix Pack 2, as used in Tivoli Universal Agent, Windows OS Monitoring agent, and Enterprise Portal Server, allows remote attackers to execute arbitrary code by sending a long string to a certain TCP port. | |||||
| CVE-2007-2208 | 1 Extreme Phpbb | 1 Extreme Phpbb | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Extreme PHPBB2 3.0 Pre Final allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) functions.php or (2) functions_portal.php in includes/. | |||||
| CVE-2007-2207 | 1 Ripe Website Manager | 1 Ripe Website Manager | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in contact/index.php in Ripe Website Manager 0.8.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ripeformpost parameter. | |||||
| CVE-2007-2231 | 1 Dovecot | 1 Dovecot | 2018-10-16 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name. | |||||
| CVE-2007-2140 | 1 Franklin Huang | 1 Flip-search-add-on | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in everything.php in Franklin Huang Flip (aka Flip-search-add-on) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter. | |||||
| CVE-2007-2261 | 1 Realink | 1 C-arbre | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in espaces/communiques/annotations.php in C-Arbre 0.6PR7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, a different vector than CVE-2007-1721. | |||||
| CVE-2007-2265 | 1 Phpee | 1 Ya Book | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in YA Book 0.98-alpha allows remote attackers to inject arbitrary web script or HTML via the City field in a sign action in index.php. | |||||
| CVE-2007-2266 | 1 Progress | 1 Webspeed Messenger | 2018-10-16 | 10.0 HIGH | N/A |
| Progress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by invoking webutil/_cpyfile.p in the WService parameter to (1) cgiip.exe or (2) wsisa.dll in scripts/, as demonstrated by using the save,editor options to create a new file using the fileName parameter. | |||||
| CVE-2007-2278 | 1 Dcp-portal | 1 Dcp-portal | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DCP-Portal 6.1.1 allow remote attackers to execute arbitrary PHP code via a URL in (1) the path parameter to library/adodb/adodb.inc.php, (2) the abs_path_editor parameter to library/editor/editor.php, or (3) the cfgfile_to_load parameter to admin/phpMyAdmin/libraries/common.lib.php. | |||||
| CVE-2007-2214 | 1 Dmcms | 1 Dmcms | 2018-10-16 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in includes/upload_file.php in DmCMS allows remote attackers to upload arbitrary PHP scripts by placing a script's contents in both the File2 and File3 parameters, and sending a ok.php?do=act Referer. | |||||
| CVE-2007-2205 | 1 Lan Management System | 1 Lan Management System | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in modules/rtmessageadd.php in LAN Management System (LMS) 1.5.3, and possibly 1.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643. | |||||
| CVE-2007-2141 | 1 Shoutpro | 1 Shoutpro | 2018-10-16 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in shoutbox.php in ShoutPro 1.5.2 allows remote attackers to inject arbitrary PHP code into shouts.php via the shout parameter. | |||||
| CVE-2007-2203 | 1 Big Blue | 1 Guestbook | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Big Blue Guestbook allows remote attackers to inject arbitrary web script or HTML via the message field in the guestbook entry submission form. | |||||
| CVE-2007-2202 | 1 Acvsws | 1 Acvsws Php5 | 2018-10-16 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in inc_ACVS/SOAP/Transport.php in Accueil et Conseil en Visites et Sejours Web Services (ACVSWS) PHP5 (ACVSWS_PHP5) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the CheminInclude parameter. | |||||
| CVE-2007-2257 | 1 Fully Modded Phpbb | 1 Fully Modded Phpbb2 | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in subscp.php in Fully Modded phpBB2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-2237 | 1 Microsoft | 1 Windows Xp | 2018-10-16 | 7.1 HIGH | N/A |
| Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error. | |||||