Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2011 | 1 Deskpro | 1 Deskpro | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||
| CVE-2007-1985 | 1 Phpexplorator | 1 Phpexplorator | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpexplorator.php in phpexplorator 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd or (2) lang_path parameter. | |||||
| CVE-2007-2016 | 1 Phpmyadmin | 1 Phpmyadmin | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the lang[] parameter. | |||||
| CVE-2007-2019 | 1 Tomex | 1 Phpgalleryscript | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in init.gallery.php in phpGalleryScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the include_class parameter. | |||||
| CVE-2007-2020 | 1 Xodagallery | 1 Xodagallery | 2018-10-16 | 7.5 HIGH | N/A |
| ** DISPUTED ** Unspecified vulnerability in administration.php in xodagallery allows remote attackers to execute arbitrary code via the cmd parameter. NOTE: CVE disputes this vulnerability because administration.php does not use the cmd parameter for inclusion. | |||||
| CVE-2007-2021 | 1 Pineapple Technologies | 1 Lore | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Pineapple Technologies Lore 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang_path parameter to third_party/phpmailer/class.phpmailer.php or the (2) get_plugin_file_path parameter to third_party/smarty/libs/plugins/function.html_checkboxes.php. NOTE: the affected files might be from other software packages, so this might not be a vulnerability in Lore itself. NOTE: (1) might be the same issue as CVE-2006-5734.4. | |||||
| CVE-2007-2024 | 1 Phpwiki | 1 Phpwiki | 2018-10-16 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.x allows remote attackers to upload arbitrary PHP files with a (1) php3, (2) php4, or (3) php5 extension. | |||||
| CVE-2007-2026 | 2 Amavis, Gentoo | 2 Virus Scanner, File | 2018-10-16 | 7.8 HIGH | N/A |
| The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS. | |||||
| CVE-2007-2031 | 1 3proxy | 1 3proxy | 2018-10-16 | 10.0 HIGH | N/A |
| Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, and 0.6b-devel before 20070413, might allow remote attackers to execute arbitrary code via crafted transparent requests. | |||||
| CVE-2007-2048 | 1 Webmethods | 1 Glue | 2018-10-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in /console in the Management Console in webMethods Glue 6.5.1 and earlier allows remote attackers to read arbitrary system files via a .. (dot dot) in the resource parameter. | |||||
| CVE-2007-2053 | 1 Afflib | 1 Afflib | 2018-10-16 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB. | |||||
| CVE-2007-2054 | 1 Afflib | 1 Afflib | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls in (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/aimage.cpp, (f) aimage/imager.cpp, and (g) tools/afxml.cpp. NOTE: the aimage.cpp vector (e) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB. | |||||
| CVE-2007-2055 | 1 Afflib | 1 Afflib | 2018-10-16 | 7.5 HIGH | N/A |
| AFFLIB 2.2.8 and earlier allows attackers to execute arbitrary commands via shell metacharacters involving (1) certain command line parameters in tools/afconvert.cpp and (2) arguments to the get_parameter function in aimage/ident.cpp. NOTE: it is unknown if the get_parameter vector (2) is ever called. | |||||
| CVE-2007-2057 | 1 Aircrack-ng | 1 Airodump-ng | 2018-10-16 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in aircrack-ng airodump-ng 0.7 allows remote attackers to execute arbitrary code via crafted 802.11 authentication packets. | |||||
| CVE-2007-2062 | 1 Vcdgear | 1 Vcdgear | 2018-10-16 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in VCDGear 3.55 and 3.56 BETA allows user-assisted remote attackers to execute arbitrary code via a long FILE argument in a CUE file. | |||||
| CVE-2007-2064 | 1 Actionpoll | 1 Actionpoll | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Robert Ladstaetter ActionPoll 1.1.0, and possibly 1.1.1, allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_POLLDB parameter to actionpoll.php or (2) the CONFIG_DB parameter to db/DataReaderWriter.php, different vectors than CVE-2001-1297. | |||||
| CVE-2007-2072 | 1 Ivan Gallery Script | 1 Ivan Gallery Script | 2018-10-16 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Ivan Gallery Script 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue has been disputed by third party researchers for 0.3, stating that the dir variable is properly initialized before use. | |||||
| CVE-2007-2076 | 1 Maian | 1 Gallery | 2018-10-16 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in Maian Gallery 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, but confirmed by the vendor, stating "this problem existed only briefly in v1.0." | |||||
| CVE-2007-2077 | 1 Maian | 1 Search | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, but confirmed by the vendor, stating "this issue was fixed last year and [no] is longer a problem." | |||||
| CVE-2007-2078 | 1 Maian | 1 Weblog | 2018-10-16 | 6.8 MEDIUM | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Maian Weblog 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, since the path_to_folder variable is initialized before use. | |||||