Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0667 | 2 Ledgersmb, Sql-ledger | 2 Ledgersmb, Sql-ledger | 2018-10-16 | 6.5 MEDIUM | N/A |
| The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2) SQL-Ledger allows remote authenticated users to execute arbitrary code via redirects, related to callbacks, a different issue than CVE-2006-5872. | |||||
| CVE-2007-0677 | 1 Cronosys | 1 Cadre Php Framework | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in fw/class.Quick_Config_Browser.php in Cadre PHP Framework 20020724 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][framework_path] parameter. | |||||
| CVE-2007-0551 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php in CMSimple 2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pth[file][config] and (2) pth[file][image] parameters. | |||||
| CVE-2007-0684 | 1 Cerulean Portal System | 1 Cerulean Portal System | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in portal.php in Cerulean Portal System 0.7b allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-0688 | 1 Hunkaray Duyuru | 1 Scripti | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in oku.asp in Hunkaray Duyuru Scripti allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0689 | 1 Mybb | 1 Mybb | 2018-10-16 | 5.0 MEDIUM | N/A |
| MyBB 1.2.4 allows remote attackers to obtain sensitive information via the (1) action[] parameter to member.php, (2) imagehash[] parameter to captcha.php, and (3) a direct request to inc/datahandlers/event.php, which reveal the installation path in the resulting error message. | |||||
| CVE-2007-0690 | 1 Myevent | 1 Myevent | 2018-10-16 | 5.0 MEDIUM | N/A |
| myEvent 1.6 allows remote attackers to obtain sensitive information via (1) a Log In action without a password to login.php, or an invalid (2) view[] or (3) monthno[] parameter to myevent.php, which reveals the path in various error messages. | |||||
| CVE-2007-0692 | 1 Dgnews | 1 Dgnews | 2018-10-16 | 5.0 MEDIUM | N/A |
| DGNews 2.1 allows remote attackers to obtain sensitive information via a fullnews request to news.php with an invalid newsid parameter, and other unspecified vectors, which reveal the path in various error messages. | |||||
| CVE-2007-0693 | 1 Dian Gemilang | 1 Dgnews | 2018-10-16 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newslist action. NOTE: this issue can produce resultant cross-site scripting (XSS). | |||||
| CVE-2007-0554 | 1 Guo Xu Guos Posting System | 1 Guo Xu Guos Posting System | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in print.asp in Guo Xu Guos Posting System (GPS) 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0556 | 1 Postgresql | 1 Postgresql | 2018-10-16 | 6.6 MEDIUM | N/A |
| The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server. | |||||
| CVE-2007-0599 | 1 Aztek Forum | 1 Aztek Forum | 2018-10-16 | 7.5 HIGH | N/A |
| Variable overwrite vulnerability in common/config.php in Aztek Forum 4.00 allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as copying arbitrary files using index/common_actions.php, via vectors associated with extract operations on the (1) POST, (2) GET, (3) COOKIE, and (4) SERVER superglobal arrays. | |||||
| CVE-2007-0694 | 1 Dian Gemilang | 1 Dgnews | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in footer.php in DGNews 2.1 allows remote attackers to inject arbitrary web script or HTML via the copyright parameter. | |||||
| CVE-2007-0592 | 1 Indexcor | 1 Ezdatabase | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in EzDatabase 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to admin/login.php and the Admin Panel Database. | |||||
| CVE-2007-0596 | 1 Aztek Forum | 1 Aztek Forum | 2018-10-16 | 6.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index/main.php in Aztek Forum 4.00 allows remote authenticated administrators to execute arbitrary PHP code via a URL in the PF[top_url] parameter. | |||||
| CVE-2007-0593 | 1 Siteman | 1 Siteman | 2018-10-16 | 5.0 MEDIUM | N/A |
| Siteman 1.1.11 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for data/members.txt. | |||||
| CVE-2007-0709 | 1 Comodo | 1 Comodo Firewall Pro | 2018-10-16 | 7.2 HIGH | N/A |
| cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.16.174 and earlier does not validate arguments that originate in user mode for the (1) NtCreateSection, (2) NtOpenProcess, (3) NtOpenSection, (4) NtOpenThread, and (5) NtSetValueKey hooked SSDT functions, which allows local users to cause a denial of service (system crash) and possibly gain privileges via invalid arguments. | |||||
| CVE-2007-0497 | 1 Upload-service | 1 Upload-service | 2018-10-16 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in upload/top.php in Upload-Service 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the maindir parameter. | |||||
| CVE-2007-0708 | 1 Comodo | 1 Comodo Firewall Pro | 2018-10-16 | 7.2 HIGH | N/A |
| cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) before 2.4.16.174 does not validate arguments that originate in user mode for the (1) NtConnectPort and (2) NtCreatePort hooked SSDT functions, which allows local users to cause a denial of service (system crash) and possibly gain privileges via invalid arguments. | |||||
| CVE-2007-0623 | 1 Maxdev | 1 Mdpro | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows remote attackers to execute arbitrary SQL commands via the startrow parameter. | |||||