Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0861 | 1 Phpcoin | 1 Phpcoin | 2018-10-16 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in modules/mail/index.php in phpCOIN RC-1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _CCFG['_PKG_PATH_MDLS'] parameter. NOTE: this issue has been disputed by a reliable third party, who states that a fatal error occurs before the relevant code is reached. | |||||
| CVE-2007-0866 | 1 Hp | 1 Openview Storage Data Protector | 2018-10-16 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in HP OpenView Storage Data Protector on HP-UX B.11.00, B.11.11, or B.11.23 allows local users to execute arbitrary code via unknown vectors. | |||||
| CVE-2007-0870 | 1 Microsoft | 1 Word | 2018-10-16 | 7.6 HIGH | N/A |
| Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027. | |||||
| CVE-2007-0871 | 1 Extremepow | 1 Extreme File Hosting | 2018-10-16 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in eXtremePow eXtreme File Hosting allows remote attackers to upload arbitrary PHP code via a filename with a double extension such as (1) .rar.php or (2) .zip.php. | |||||
| CVE-2007-0768 | 1 Yahoo | 1 Messenger | 2018-10-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0769 | 1 Phorum | 1 Phorum | 2018-10-16 | 6.8 MEDIUM | N/A |
| ** DISPUTED ** Cross-site scripting (XSS) vulnerability in register.php in Phorum 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the vendor disputes this vulnerability, stating that "The characters are escaped properly." | |||||
| CVE-2007-0770 | 2 Graphicsmagick, Imagemagick | 2 Graphicsmagick, Imagemagick | 2018-10-16 | 9.3 HIGH | N/A |
| Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOTE: this issue is due to an incomplete patch for CVE-2006-5456. | |||||
| CVE-2007-0779 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-16 | 6.4 MEDIUM | N/A |
| GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 allows remote attackers to spoof certain user interface elements, such as the host name or security indicators, via the CSS3 hotspot property with a large, transparent, custom cursor. | |||||
| CVE-2007-0784 | 1 Rbl | 1 Tpassword | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp for tPassword in the Raymond BERTHOU script collection (aka RBL - ASP) allows remote attackers to execute arbitrary SQL commands via the (1) User and (2) Password parameters. | |||||
| CVE-2007-0791 | 1 Mozilla | 1 Bugzilla | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla 2.20.3, 2.22.1, and 2.23.3, and earlier versions down to 2.20.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-0792 | 1 Mozilla | 1 Bugzilla | 2018-10-16 | 7.5 HIGH | N/A |
| The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file. | |||||
| CVE-2007-0793 | 1 Globalmegacorp | 1 Dvddb | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the config parameter. | |||||
| CVE-2007-0799 | 1 Uapplication | 1 Ublog | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in badword.asp in Ublog Reload 1.0.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2007-0795 | 1 Wap | 1 Wap Portal Server | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Wap Portal Server 1.x allow remote attackers to execute arbitrary PHP code via a URL in the language parameter to (1) index.php and (2) admin/index.php. | |||||
| CVE-2007-0798 | 1 Uapplication | 1 Ublog Reload | 2018-10-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login.asp; and allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters to (2) badword.asp, (3) polls.asp, and (4) users.asp. | |||||
| CVE-2007-0800 | 1 Mozilla | 1 Firefox | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup. | |||||
| CVE-2007-0805 | 1 Hp | 1 Tru64 | 2018-10-16 | 2.1 LOW | N/A |
| The ps (/usr/ucb/ps) command on HP Tru64 UNIX 5.1 1885 allows local users to obtain sensitive information, including environment variables of arbitrary processes, via the "auxewww" argument, a similar issue to CVE-1999-1587. | |||||
| CVE-2007-0624 | 1 Maxdev | 1 Mdpro | 2018-10-16 | 5.0 MEDIUM | N/A |
| user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the full path via a ' (quote) character, and possibly other invalid values, in the uname parameter in a userinfo operation. | |||||
| CVE-2007-0713 | 1 Apple | 1 Quicktime | 2018-10-16 | 5.8 MEDIUM | N/A |
| Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file. | |||||
| CVE-2007-0601 | 1 Aztek Forum | 1 Aztek Forum | 2018-10-16 | 7.5 HIGH | N/A |
| common/safety.php in Aztek Forum 4.00 allows remote attackers to enter certain data containing %22 sequences (URL encoded double quotes) and other potentially dangerous manipulations by sending a cookie, which bypasses the blacklist matching against the GET and PUT superglobal arrays. | |||||