Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0539 | 1 Wordpress | 1 Wordpress | 2018-10-16 | 7.8 HIGH | N/A |
| The wp_remote_fopen function in WordPress before 2.1 allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a large file, which triggers a long download session without a timeout constraint. | |||||
| CVE-2007-0635 | 1 Encapscms | 1 Encapscms | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) config[path] parameter to (a) common_foot.php or (b) blogs.php, or (2) the config[theme] parameter to (c) admin/gallery_head.php. | |||||
| CVE-2007-0540 | 1 Wordpress | 1 Wordpress | 2018-10-16 | 5.0 MEDIUM | N/A |
| WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, which is downloaded even though it cannot contain usable pingback data. | |||||
| CVE-2007-0542 | 1 212cafe | 1 Guestbook | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in show.php in 212cafe Guestbook 4.00 beta allows remote attackers to inject arbitrary web script or HTML via the user parameter. | |||||
| CVE-2007-0544 | 1 Mybb | 1 Mybb | 2018-10-16 | 6.0 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949. | |||||
| CVE-2007-0545 | 1 Maxtricity | 1 Tagger | 2018-10-16 | 7.8 HIGH | N/A |
| Maxtricity Tagger 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for tagger.mdb. | |||||
| CVE-2007-0546 | 1 Toxiclab | 1 Shoutbox | 2018-10-16 | 7.8 HIGH | N/A |
| Toxiclab Shoutbox 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db.mdb. | |||||
| CVE-2007-0652 | 1 Mailenable | 1 Mailenable Professional | 2018-10-16 | 5.1 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag. | |||||
| CVE-2007-0653 | 2 Linux, X Multimedia System | 2 Linux Kernel, X Multimedia System | 2018-10-16 | 9.3 HIGH | N/A |
| Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which triggers memory corruption. | |||||
| CVE-2007-0654 | 1 X Multimedia System | 1 X Multimedia System | 2018-10-16 | 9.3 HIGH | N/A |
| Integer underflow in X MultiMedia System (xmms) 1.2.10 allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which results in a stack-based buffer overflow. | |||||
| CVE-2007-0665 | 1 Ipswitch | 1 Ws Ftp Pro | 2018-10-16 | 6.8 MEDIUM | N/A |
| Format string vulnerability in the SCP module in Ipswitch WS_FTP 2007 Professional might allow remote attackers to execute arbitrary commands via format string specifiers in the filename, related to the SHELL WS_FTP script command. | |||||
| CVE-2007-0549 | 1 212cafe | 1 212cafeboard | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in list3.php in 212cafeBoard 6.30 Beta allows remote attackers to inject arbitrary web script or HTML via the user parameter. | |||||
| CVE-2007-0605 | 1 Advanced Guestbook | 1 Advanced Guestbook | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in picture.php in Advanced Guestbook 2.4.2 allows remote attackers to inject arbitrary web script or HTML via the picture parameter. | |||||
| CVE-2007-0606 | 1 W-agora | 1 W-agora | 2018-10-16 | 5.0 MEDIUM | N/A |
| w-agora 4.2.1 allows remote attackers to obtain sensitive information by via the (1) bn[] array parameter to index.php, which expects a string, and (2) certain parameters to delete_forum.php, which displays the path name in the resulting error message. | |||||
| CVE-2007-0550 | 1 212cafe | 1 212cafeboard | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in 212cafeBoard 0.08 Beta allows remote attackers to inject arbitrary web script or HTML via keyword parameter. | |||||
| CVE-2007-0567 | 1 Interactive-scripts.com | 1 Php Membership Manager | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin.php in Interactive-Scripts.Com PHP Membership Manager 1.5 allows remote attackers to inject arbitrary web script or HTML via the _p parameter. | |||||
| CVE-2007-0607 | 1 W-agora | 1 W-agora | 2018-10-16 | 4.3 MEDIUM | N/A |
| W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores globals.inc under the web document root with insufficient access control, which allows remote attackers to obtain application path information via a direct request. | |||||
| CVE-2007-0666 | 1 Ipswitch | 1 Ws Ftp Server | 2018-10-16 | 6.8 MEDIUM | N/A |
| Ipswitch WS_FTP Server 5.04 allows FTP site administrators to execute arbitrary code on the system via a long input string to the (1) iFTPAddU or (2) iFTPAddH file, or to a (3) edition module. | |||||
| CVE-2007-0561 | 1 Xero Portal | 1 Xero Portal | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Xero Portal 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) admin_linkdb.php, (2) admin_forum_prune.php, (3) admin_extensions.php, (4) admin_board.php, (5) admin_attachments.php, or (6) admin_users.php in admin/. | |||||
| CVE-2007-0608 | 1 Advanced Guestbook | 1 Advanced Guestbook | 2018-10-16 | 7.1 HIGH | N/A |
| Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive information via an invalid (1) GB_TBL parameter to (a) lang/codes-english.php or (b) image.php, which reveal the database name; (2) an invalid GB_DB parameter to index.php, coupled with a ../index lang cookie, which reveals the installation path; or (3) a direct request to index.php with no parameters or cookies, which reveals the installation path. | |||||