Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2286 | 1 Built2go | 1 Php Link Portal | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.php in Built2Go PHP Link Portal 1.79 allows remote attackers to execute arbitrary PHP code via a URL in the full_path_to_db parameter. | |||||
| CVE-2007-2125 | 1 Oracle | 1 Collaboration Suite | 2018-10-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Collaborative Workspace in Oracle Collaboration Suite 10.1.2 has unknown impact and attack vectors, aka OCS01. | |||||
| CVE-2007-2122 | 1 Oracle | 1 Application Server | 2018-10-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Wireless component in Oracle Application Server 9.0.4.3 has unknown impact and attack vectors, aka AS03. | |||||
| CVE-2007-2287 | 1 Comus | 1 Comus | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in accept.php in comus 2.0 Final allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. | |||||
| CVE-2007-2288 | 1 Doruk100.net | 1 Doruk100net | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in info.php in Doruk100.net doruk100net allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | |||||
| CVE-2007-2124 | 1 Oracle | 1 Application Server | 2018-10-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.4.1.0 has unknown impact and remote attack vectors, aka AS05. | |||||
| CVE-2007-2289 | 1 Alexscriptengine | 1 Download-engine | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/includes/spaw/dialogs/insert_link.php in download engine (Download-Engine) 1.4.1 allows remote authenticated users to execute arbitrary PHP code via a URL in the spaw_root parameter, a different vector than CVE-2007-2255. NOTE: this may be an issue in SPAW. | |||||
| CVE-2007-2290 | 1 Cafelog | 1 B2 | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and News Publishing Tool 0.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the b2inc parameter to (1) b2archives.php, (2) b2categories.php, or (3) b2mail.php. NOTE: this may overlap CVE-2002-1466. | |||||
| CVE-2007-2236 | 1 Punbb | 1 Punbb | 2018-10-16 | 6.8 MEDIUM | N/A |
| footer.php in PunBB 1.2.14 and earlier allows remote attackers to include local files in include/user/ via a cross-site scripting (XSS) attack, or via the pun_include tag, as demonstrated by use of admin_options.php to execute PHP code from an uploaded avatar file. | |||||
| CVE-2007-2119 | 1 Oracle | 2 Application Server, Database Server | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the Administration Front End for Oracle Enterprise (Ultra) Search, as used in Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to inject arbitrary HTML or web script via the EXPTYPE parameter, aka SES01. | |||||
| CVE-2007-2147 | 1 Stephen Craton | 1 Chatness | 2018-10-16 | 10.0 HIGH | N/A |
| admin/options.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier does not check for administrative credentials, which allows remote attackers to read and modify the classes/vars.php and classes/varstuff.php configuration files via direct requests. | |||||
| CVE-2007-2201 | 1 Post Revolution | 1 Post Revolution | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Post Revolution 6.6 and 7.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to (1) common.php or (2) themes/default/preview_post_completo.php. | |||||
| CVE-2007-2197 | 1 Brettle Development | 1 Neatupload | 2018-10-16 | 5.0 MEDIUM | N/A |
| Race condition in the NeatUpload ASP.NET component 1.2.11 through 1.2.16, 1.1.18 through 1.1.23, and trunk.379 through trunk.445 allows remote attackers to obtain other clients' HTTP responses via multiple simultaneous requests, which triggers multiple calls to HttpWorkerRequest.FlushResponse for the same HttpWorkerRequest object and causes a buffer to be reused for a different request. | |||||
| CVE-2007-2196 | 2 Joomla, Mambo | 2 Jambook, Jambook | 2018-10-16 | 6.8 MEDIUM | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in jambook.php in the Jambook (com_Jambook) 1.0 beta7 module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by a reliable third party because the jambook.php protects against direct request. | |||||
| CVE-2007-2235 | 1 Punbb | 1 Punbb | 2018-10-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Referer HTTP header to misc.php or the (2) category name when deleting a category in admin_categories.php. | |||||
| CVE-2007-2227 | 1 Microsoft | 5 Outlook Express, Windows 2003 Server, Windows Mail and 2 more | 2018-10-16 | 4.3 MEDIUM | N/A |
| The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability." | |||||
| CVE-2007-2148 | 1 Stephen Craton | 1 Chatness | 2018-10-16 | 6.5 MEDIUM | N/A |
| Direct static code injection vulnerability in admin/save.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.html and foot.html, which are included and executed upon a direct request for index.php. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers. | |||||
| CVE-2007-2190 | 1 Eba News | 1 Eba News | 2018-10-16 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin/public/webpages.php in Eba News 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter. | |||||
| CVE-2007-2149 | 1 Stephen Craton | 1 Chatness | 2018-10-16 | 10.0 HIGH | N/A |
| Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier stores usernames and unencrypted passwords in (1) classes/vars.php and (2) classes/varstuff.php, and recommends 0666 or 0777 permissions for these files, which allows local users to gain privileges by reading the files, and allows remote attackers to obtain credentials via a direct request for admin/options.php. | |||||
| CVE-2007-2234 | 1 Punbb | 1 Punbb | 2018-10-16 | 7.5 HIGH | N/A |
| include/common.php in PunBB 1.2.14 and earlier does not properly handle a disabled ini_get function when checking the register_globals setting, which allows remote attackers to register global parameters, as demonstrated by an SQL injection attack on the search_id parameter to search.php. | |||||