Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2106 | 1 Kai Content Management System | 1 Kai Content Management System | 2018-10-16 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in Kai Content Management System (K-CMS) 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the current_theme parameter. | |||||
| CVE-2007-1894 | 1 Wordpress | 1 Wordpress | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function. | |||||
| CVE-2007-1848 | 1 Drake Team | 1 Drake Cms | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/classes/ui.dta.php in Drake CMS allows remote attackers to inject arbitrary web script or HTML via the desc[][title] field. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports valid until the first official release of Drake CMS." | |||||
| CVE-2007-1670 | 1 Panda | 6 Panda Activescan, Panda Antivirus, Panda Platinum 2006 Internet Security and 3 more | 2018-10-16 | 7.8 HIGH | N/A |
| Panda Software Antivirus before 20070402 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | |||||
| CVE-2007-1689 | 1 Symantec | 2 Norton Internet Security, Norton Personal Firewall | 2018-10-16 | 10.0 HIGH | N/A |
| Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL for Norton Personal Firewall 2004 and Internet Security 2004 allows remote attackers to execute arbitrary code via long arguments to the (1) Get and (2) Set functions. | |||||
| CVE-2007-1850 | 1 Drake Team | 1 Drake Cms | 2018-10-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in classes/captcha/captcha.jpg.php in Drake CMS allows remote attackers to read arbitrary files or list arbitrary directories, and obtain the installation path, via a .. (dot dot) in the d_private parameter. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports valid until the first official release of Drake CMS." | |||||
| CVE-2007-1852 | 1 Ben3w | 1 2bgal | 2018-10-16 | 6.8 MEDIUM | N/A |
| ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in 2BGal 3.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the lang_filename parameter to (1) index.php or (2) backupdb.inc.php in admin/, or other unspecified files, different vectors than CVE-2006-5505. NOTE: this issue has been disputed by CVE, since the lang_filename variable is defined before it is used. | |||||
| CVE-2007-1855 | 1 Webasyst Llc | 1 Shop-script | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in smarty/smarty_class.php in Shop-Script FREE allow remote attackers to execute arbitrary PHP code via a URL in the (1) _smarty_compile_path, (2) smarty_compile_path, (3) get_plugin_filepath, (4) smarty_dir, and (5) filename parameters. NOTE: this issue might be related to CVE-2006-7105. | |||||
| CVE-2007-1695 | 1 Phpbb Group | 1 Phpbb | 2018-10-16 | 10.0 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in includes/usercp_register.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file checks for a global constant and cannot be accessed directly. | |||||
| CVE-2007-1728 | 1 Sony | 2 Playstation 3, Playstation Portable | 2018-10-16 | 7.8 HIGH | N/A |
| The Remote Play feature in Sony Playstation 3 (PS3) 1.60 and Playstation Portable (PSP) 3.10 OE-A allows remote attackers to cause a denial of service via a flood of UDP packets. | |||||
| CVE-2007-1671 | 1 Avira | 1 Antivir Personal | 2018-10-16 | 7.8 HIGH | N/A |
| avpack32.dll before 7.3.0.6 in Avira AntiVir allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | |||||
| CVE-2007-1678 | 1 Fizzle | 1 Fizzle | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Fizzle 0.5 extension for Firefox allows remote attackers to inject arbitrary web script or HTML via RSS feeds, which are executed by the chrome: URI handler. | |||||
| CVE-2007-1766 | 1 Msxstudios | 1 Advanced Login | 2018-10-16 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in login/engine/db/profiledit.php in Advanced Login 0.76 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. | |||||
| CVE-2007-1787 | 1 Softerra | 1 Time-assistant | 2018-10-16 | 9.3 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in lib/timesheet.class.php in Softerra Time-Assistant 6.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) inc_dir or (2) lib_dir parameter. | |||||
| CVE-2007-1680 | 1 Yahoo | 1 Messenger | 2018-10-16 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before 20070313 allows remote attackers to execute arbitrary code via long (1) socksHostname and (2) hostname properties. | |||||
| CVE-2007-1685 | 1 Bluecoat | 1 K9 Web Protection | 2018-10-16 | 10.0 HIGH | N/A |
| Buffer overflow in k9filter.exe in BlueCoat K9 Web Protection 3.2.36, and probably other versions before 3.2.44, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request to port 2372. | |||||
| CVE-2007-1768 | 1 Mephisto | 2 Mephisto, Mephisto Edge | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in app/helpers/application_helper.rb in Mephisto 0.7.3 and Mephisto Edge 20070325 allows remote attackers to inject arbitrary web script or HTML via the author name field in a comment. | |||||
| CVE-2007-1681 | 1 Sun | 2 Java Web Console, Solaris | 2018-10-16 | 7.5 HIGH | N/A |
| Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog. | |||||
| CVE-2007-1733 | 1 Intervations | 1 Navicopa Web Server | 2018-10-16 | 10.0 HIGH | N/A |
| Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remote attackers to execute arbitrary code via a long (1) /cgi-bin/ or (2) /cgi/ pathname in an HTTP GET request, probably a different issue than CVE-2006-5112. | |||||
| CVE-2007-1762 | 1 Mozilla | 1 Firefox | 2018-10-16 | 5.0 MEDIUM | N/A |
| Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs before checking them against the phishing site blacklist, which allows remote attackers to bypass phishing protection via multiple / (slash) characters in the URL. | |||||