Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0600 | 2 Makit, Martyn Kilbryde | 2 Newsposter Script, Newsposter Script | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news_page.asp in Martyn Kilbryde Newsposter Script (aka makit news/blog poster) 3 and earlier allows remote attackers to execute arbitrary SQL commands via the uid parameter. | |||||
| CVE-2007-0517 | 1 Scriptsez | 1 Random Php Quote | 2018-10-16 | 7.5 HIGH | N/A |
| Scriptsez Random PHP Quote 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password information via a direct request for pwd.txt. | |||||
| CVE-2007-0518 | 1 Scriptsez | 1 Smart Php Subscriber | 2018-10-16 | 7.5 HIGH | N/A |
| Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain encoded passwords via a direct request for pwd.txt. | |||||
| CVE-2007-0594 | 1 Siteman | 1 Siteman | 2018-10-16 | 5.0 MEDIUM | N/A |
| Siteman 2.0.x2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for db/siteman/users.MYD. | |||||
| CVE-2007-0597 | 1 Aztek Forum | 1 Aztek Forum | 2018-10-16 | 5.0 MEDIUM | N/A |
| Aztek Forum 4.00 allows remote attackers to obtain sensitive information via a direct request to forum.php with the fid=XD query string, which reveals the path in an error message. | |||||
| CVE-2007-0560 | 1 Asp Edge | 1 Asp Edge | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in user.asp in ASP EDGE 1.2b and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter. | |||||
| CVE-2007-0543 | 1 Zixforum | 1 Zixforum | 2018-10-16 | 9.4 HIGH | N/A |
| ZixForum 1.14 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for Zixforum.mdb. NOTE: a followup post suggests that this issue only occurs if the administrator does not properly follow installation directions. | |||||
| CVE-2007-0526 | 1 Bitweaver | 1 Bitweaver | 2018-10-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the URL (PATH_INFO) to (1) articles/edit.php, (2) articles/list.php, (3) blogs/list_blogs.php, or (4) blogs/rankings.php. | |||||
| CVE-2007-0581 | 1 Eclipsebb | 1 Eclipsebb | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in functions.php in EclipseBB 0.5.0 Lite allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-0651 | 1 Mailenable | 1 Mailenable Professional | 2018-10-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and (c) Forms/VCF/list.asp in mewebmail/base/default/lang/EN/. | |||||
| CVE-2007-0528 | 1 Centrality Communications | 1 Pa168 Chipset | 2018-10-16 | 9.0 HIGH | N/A |
| The admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to existing superuser sessions and obtain sensitive information (passwords and configuration data). | |||||
| CVE-2007-0529 | 1 Php Link Directory | 1 Php Link Directory | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.html (aka the administration page) in PHP Link Directory (phpLD) 3.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted link, which is triggered when the administrator uses the "Validate Links" functionality. | |||||
| CVE-2007-0595 | 1 Designmind | 1 High5 Review Script | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search in High 5 Review Site allows remote attackers to inject arbitrary web script or HTML via the q parameter (aka the search box). | |||||
| CVE-2007-0566 | 1 Asp News | 1 Asp News | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news_detail.asp in ASP NEWS 3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0530 | 1 Advanced Guestbook | 1 Advanced Guestbook | 2018-10-16 | 7.5 HIGH | N/A |
| ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Advanced Guestbook 2.4.2 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) index.php, (2) addentry.php, or (3) picture.php, a different set of vectors than CVE-2006-5804. NOTE: this issue has been disputed by third party researchers, stating that the include_path variable is instantiated before use. | |||||
| CVE-2007-0532 | 1 Tuan Do | 1 Uploader | 2018-10-16 | 5.0 MEDIUM | N/A |
| Tuan Do Uploader (aka php-uploader) 6 beta 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrator password hash via a direct request for userdata/user_1.txt. | |||||
| CVE-2007-0533 | 1 Atozed Software | 1 Intraweb Component | 2018-10-16 | 5.0 MEDIUM | N/A |
| The AToZed IntraWeb component 8.0 and earlier for Borland Delphi and Kylix, and IntraWeb 9.0 before build (9.0.12), allows remote attackers to cause a denial of service (thread hang or CPU consumption) via a crafted HTTP request, related to the OnBeforeDispatch function in the TIWServerController object. | |||||
| CVE-2007-0575 | 1 Stefan Holmberg | 1 Admentor | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the administrative login page (admin/login.asp) in ASPCode.net AdMentor allow remote attackers to execute arbitrary SQL commands via the (1) Userid and (2) Password fields. | |||||
| CVE-2007-0538 | 1 Telligent Systems | 1 Community Server Forums | 2018-10-16 | 5.0 MEDIUM | N/A |
| Telligent Community Server 2.1 and earlier allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to (1) a large file, which triggers a long download session without a timeout constraint; or (2) a file with a binary content type, which is downloaded even though it cannot contain usable pingback data. | |||||
| CVE-2007-0598 | 1 Aztek Forum | 1 Aztek Forum | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forum/load.php in Aztek Forum 4.00 allows remote attackers to execute arbitrary SQL commands via the fid cookie to forum.php. | |||||