Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0996 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-16 | 5.8 MEDIUM | N/A |
| The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set. | |||||
| CVE-2007-1020 | 1 Cedstat | 1 Cedstat | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in CedStat 1.31 allows remote attackers to inject arbitrary web script or HTML via the hier parameter. | |||||
| CVE-2007-1051 | 1 Comodo | 1 Comodo Firewall Pro | 2018-10-16 | 4.6 MEDIUM | N/A |
| Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.17.183 and earlier uses a weak cryptographic hashing function (CRC32) to identify trusted modules, which allows local users to bypass security protections by substituting modified modules that have the same CRC32 value. | |||||
| CVE-2007-1052 | 1 Pblang | 1 Pblang | 2018-10-16 | 10.0 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in PBLang (PBL) 4.60 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the dbpath parameter, a different vector than CVE-2006-5062. NOTE: this issue has been disputed by a reliable third party for 4.65, stating that the dbpath variable is initialized in an included file that is created upon installation. | |||||
| CVE-2007-1009 | 1 Macrovision | 1 Installanywhere | 2018-10-16 | 4.6 MEDIUM | N/A |
| Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallScript.iap_xml configuration file without integrity protection to verify authorization for installing an application, which allows local users to perform unauthorized installations by removing the (1) password or (2) serial number verification sections from this file. | |||||
| CVE-2007-1125 | 1 Xeroxer | 1 Simple One-file Gallery | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to inject arbitrary web script or HTML via the f parameter. | |||||
| CVE-2007-1124 | 1 Xeroxer | 1 Simple One-file Gallery | 2018-10-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. | |||||
| CVE-2007-0912 | 1 Jportal | 1 Jportal Web Server | 2018-10-16 | 9.3 HIGH | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php in Jportal 2.3.1, and possibly earlier, allows remote attackers to perform privileged actions as administrators by tricking the admin into accessing a URL with modified arguments to admin/admin.adm.php. | |||||
| CVE-2007-0928 | 1 Virtual Calendar | 1 Virtual Calendar | 2018-10-16 | 5.0 MEDIUM | N/A |
| Virtual Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an encoded password via a direct request for pwd.txt. | |||||
| CVE-2007-0969 | 1 Webtester | 1 Webtester | 2018-10-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to POST parameters to multiple files. | |||||
| CVE-2007-0927 | 1 Utorrent | 1 Utorrent | 2018-10-16 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in uTorrent 1.6 allows remote attackers to execute arbitrary code via a torrent file with a crafted announce header. | |||||
| CVE-2007-0973 | 1 Jupiter Cms | 1 Jupiter Cms | 2018-10-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Jupiter CMS 1.1.5 allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header and certain other HTTP headers, which are displayed without proper sanitization when an administrator performs a Logged Guest action. | |||||
| CVE-2007-0921 | 1 Radical Technologies | 1 Portal Search | 2018-10-16 | 9.4 HIGH | N/A |
| Portal Search allows remote attackers to redirect a URL to an arbitrary web site by placing the URL in the query string to the top-level URI. | |||||
| CVE-2007-0926 | 1 Kvguestbook | 1 Kvguestbook | 2018-10-16 | 7.5 HIGH | N/A |
| The dologin function in guestbook.php in KvGuestbook 1.0 Beta allows remote attackers to gain administrative privileges, probably via modified $mysql['pass'] and $gbpass variables. | |||||
| CVE-2007-0894 | 1 Mediawiki | 1 Mediawiki | 2018-10-16 | 5.0 MEDIUM | N/A |
| MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the installation path in the resulting error message. | |||||
| CVE-2007-0890 | 1 Cpanel | 1 Webhost Manager | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPanel WebHost Manager (WHM) 11.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the password parameter. | |||||
| CVE-2007-0925 | 1 Communityserver.org | 1 Community Server | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search/SearchResults.aspx in Community Server allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2007-0876 | 1 Qdig | 1 Qdig | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Quick Digital Image Gallery (Qdig) 1.2.9.3 and devel-20060624 allows remote attackers to inject arbitrary web script or HTML via the Qwd parameter to the top-level URI. | |||||
| CVE-2007-0889 | 1 Kiwi Enterprises | 1 Kiwi Cattools | 2018-10-16 | 4.6 MEDIUM | N/A |
| Kiwi CatTools before 3.2.0 beta uses weak encryption ("reversible encoding") for passwords, account names, and IP addresses in kiwidb-cattools.kdb, which might allow local users to gain sensitive information by decrypting the file. NOTE: this issue could be leveraged with a directory traversal vulnerability for a remote attack vector. | |||||
| CVE-2007-0888 | 1 Kiwi Enterprises | 1 Kiwi Cattools | 2018-10-16 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET or (2) PUT command. | |||||