Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1921 | 1 Nullsoft | 1 Winamp | 2018-10-16 | 9.3 HIGH | N/A |
| LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other products, allows remote attackers to execute arbitrary code via a crafted .MAT file that contains a value that is used as an offset, which triggers memory corruption. | |||||
| CVE-2007-1988 | 1 Phpecho Cms | 1 Phpecho Cms | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in kernel/filters.inc.php in PHPEcho CMS 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2007-1977 | 1 Holacms | 1 Holacms | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index_cms.php in holaCMS 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the acuparam parameter. | |||||
| CVE-2007-1923 | 2 Dws Systems Inc., Ledgersmb | 2 Sql-ledger, Ledgersmb | 2018-10-16 | 7.5 HIGH | N/A |
| (1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. | |||||
| CVE-2007-1975 | 1 Slaed | 1 Slaed Cms | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SLAED CMS 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) path parameter to admin/admin.php or the (2) modpath parameter to index.php. | |||||
| CVE-2007-1924 | 1 Phpcontact | 1 Phpcontact | 2018-10-16 | 6.8 MEDIUM | N/A |
| ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in phpContact allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) contact_business.php or (2) contact_person.php. NOTE: this issue is disputed by CVE and a reliable third party, because include_path is initialized to a fixed value before use. | |||||
| CVE-2007-1926 | 1 Jbmc Software | 1 Directadmin | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via (1) http or (2) ftp requests logged in /var/log/directadmin/security.log; (3) allows context-dependent attackers to inject arbitrary web script or HTML into /var/log/messages via a PHP script that invokes /usr/bin/logger; (4) allows local users to inject arbitrary web script or HTML into /var/log/messages by invoking /usr/bin/logger at the command line; and allows remote attackers to inject arbitrary web script or HTML via remote requests logged in the (5) /var/log/exim/rejectlog, (6) /var/log/exim/mainlog, (7) /var/log/proftpd/auth.log, (8) /var/log/httpd/error_log, (9) /var/log/httpd/access_log, (10) /var/log/directadmin/error.log, and (11) /var/log/directadmin/security.log files. | |||||
| CVE-2007-1927 | 1 Youngzsoft | 1 Cmailserver | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer WebMail 5.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the POP3Mail parameter. | |||||
| CVE-2007-1974 | 2 Wf-sections, Xoops | 3 Wf-sections, Happy Linux Xfsection Module, Zmagazine Module | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php. | |||||
| CVE-2007-1928 | 1 Witshare | 1 Witshare | 2018-10-16 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in witshare 0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the menu parameter. | |||||
| CVE-2007-1873 | 1 Mephisto | 1 Mephisto | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mephisto 0.7.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search script. | |||||
| CVE-2007-1872 | 1 Toenda Software Development | 1 Toendacms | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in toendaCMS 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search id. | |||||
| CVE-2007-1871 | 1 Chcounter | 1 Chcounter | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in chcounter 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the login_name parameter to /stats/. | |||||
| CVE-2007-1870 | 1 Lighttpd | 1 Lighttpd | 2018-10-16 | 7.8 HIGH | N/A |
| lighttpd before 1.4.14 allows attackers to cause a denial of service (crash) via a request to a file whose mtime is 0, which results in a NULL pointer dereference. | |||||
| CVE-2007-1973 | 1 Microsoft | 1 Windows Nt | 2018-10-16 | 6.9 MEDIUM | N/A |
| Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 allows local users to modify memory and gain privileges via the temporary \Device\PhysicalMemory section handle, a related issue to CVE-2007-1206. | |||||
| CVE-2007-1869 | 1 Lighttpd | 1 Lighttpd | 2018-10-16 | 5.0 MEDIUM | N/A |
| lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial of service (cpu and resource consumption) by disconnecting while lighttpd is parsing CRLF sequences, which triggers an infinite loop and file descriptor consumption. | |||||
| CVE-2007-1937 | 1 Dreamcodes | 1 Scorp Book | 2018-10-16 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in smilies.php in Scorp Book 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config parameter. | |||||
| CVE-2007-1969 | 1 Sam Crew | 1 Myblog | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/modify.php in Sam Crew MyBlog remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2007-1942 | 1 Faststone | 1 Image Viewer | 2018-10-16 | 9.3 HIGH | N/A |
| Integer overflow in FastStone Image Viewer 2.9 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted BMP image, as demonstrated by wh3intof.bmp and wh4intof.bmp. | |||||
| CVE-2007-1878 | 1 Parakey Inc. | 1 Firebug | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension before 1.03 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome, as demonstrated via the runFile function, related to lack of HTML escaping in the property name. | |||||