Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0206 | 1 Hp | 1 Openview Network Node Manager | 2018-10-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allows remote attackers to read arbitrary files via unknown vectors. | |||||
| CVE-2007-0215 | 1 Microsoft | 3 Excel, Excel Viewer, Office | 2018-10-16 | 7.6 HIGH | N/A |
| Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption. | |||||
| CVE-2007-0191 | 1 Mkportal | 1 Mkportal | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin.php in MKPortal allows remote attackers to inject arbitrary web script or HTML via two certain fields in a contents_new operation in the ad_contents section. | |||||
| CVE-2007-0190 | 1 Edit-x | 1 Ecommerce | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in edit_address.php in edit-x ecommerce allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter. | |||||
| CVE-2007-0222 | 1 Oracle | 1 Application Server | 2018-10-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably "\.." sequences in the beanId parameter. NOTE: this is likely a duplicate of another CVE that Oracle addressed in CPU Jan 2007, but due to lack of details by Oracle, it is unclear which BugID this issue is associated with, so the other CVE cannot be determined. Possibilities include EM02 (CVE-2007-0292) or EM05 (CVE-2007-0293). | |||||
| CVE-2007-0148 | 1 Omnigroup | 1 Omniweb | 2018-10-16 | 6.8 MEDIUM | N/A |
| Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the Javascript alert function. | |||||
| CVE-2007-0149 | 1 Ememberspro | 1 Ememberspro | 2018-10-16 | 7.5 HIGH | N/A |
| EMembersPro 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for users.mdb. | |||||
| CVE-2007-0109 | 1 Wordpress | 1 Wordpress | 2018-10-16 | 5.0 MEDIUM | N/A |
| wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks. | |||||
| CVE-2007-0226 | 1 Uniforum | 1 Uniforum | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier allows remote attackers to execute arbitrary SQL commands via the "by User" field (aka the TXbyuser parameter). | |||||
| CVE-2007-0150 | 1 Dayfox Designs | 1 Dayfox Blog | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in index.php in Dayfox Blog allow remote attackers to execute arbitrary PHP code via a URL in the (1) page, (2) subject, and (3) q parameters. | |||||
| CVE-2007-0227 | 1 Slocate | 1 Slocate | 2018-10-16 | 5.0 MEDIUM | N/A |
| slocate 3.1 does not properly manage database entries that specify names of files in protected directories, which allows local users to obtain the names of private files. NOTE: another researcher reports that the issue is not present in slocate 2.7. | |||||
| CVE-2007-0163 | 1 Securekit | 1 Securekit Steganography | 2018-10-16 | 7.8 HIGH | N/A |
| SecureKit Steganography 1.7.1 and 1.8 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing the last 20 bytes of the JPEG image with alternate password information. | |||||
| CVE-2007-0232 | 1 Jshop E-commerce | 1 Jshop Server | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in routines/fieldValidation.php in Jshop Server 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the jssShopFileSystem parameter. | |||||
| CVE-2007-0093 | 1 Cms-center | 1 Simple Web Cms | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in page.php in Simple Web Content Management System allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0151 | 1 Mitisoft | 1 Mitisoft | 2018-10-16 | 7.5 HIGH | N/A |
| MitiSoft stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for access_MS/MitiSoft.mdb. | |||||
| CVE-2007-0122 | 1 Coppermine | 1 Coppermine Photo Gallery | 2018-10-16 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions. | |||||
| CVE-2007-0116 | 1 Digger Solutions | 1 Intranet Open Source | 2018-10-16 | 7.5 HIGH | N/A |
| Digger Solutions Intranet Open Source (IOS) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for data/intranet.mdb. | |||||
| CVE-2007-0115 | 1 Coppermine | 1 Coppermine Photo Gallery | 2018-10-16 | 6.0 MEDIUM | N/A |
| Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php. | |||||
| CVE-2007-0113 | 1 Packeteer | 1 Packetwise | 2018-10-16 | 6.8 MEDIUM | N/A |
| Buffer overflow in Packeteer PacketShaper PacketWise 8.x allows remote authenticated users to cause a denial of service (reset or reboot) via (1) a long traffic class argument to the "class show" command or (2) a long POLICY parameter value in clastree.htm. | |||||
| CVE-2007-0112 | 1 Createauction | 1 Createauction | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cats.asp in createauction allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||