Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4538 | 1 Mozilla | 1 Bugzilla | 2018-10-15 | 5.0 MEDIUM | N/A |
| email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers to execute arbitrary commands via the -f (From address) option to the Email::Send::Sendmail function, probably involving shell metacharacters. | |||||
| CVE-2007-4260 | 1 Ez Photo Sales | 1 Ez Photo Sales | 2018-10-15 | 5.0 MEDIUM | N/A |
| EZPhotoSales 1.9.3 and earlier has a default "admin" account for galleries, which allows remote attackers to access arbitrary galleries by specifying this username. | |||||
| CVE-2007-4378 | 1 Rndlabs | 1 Babo Violent | 2018-10-15 | 6.8 MEDIUM | N/A |
| Multiple format string vulnerabilities in Babo Violent 2 2.08.00 and earlier allow remote attackers to execute arbitrary code via format string specifiers in (1) a message or (2) certain data associated with an admin login. | |||||
| CVE-2007-4262 | 1 Ez Photo Sales | 1 Ez Photo Sales | 2018-10-15 | 8.5 HIGH | N/A |
| Unrestricted file upload vulnerability in EZPhotoSales 1.9.3 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP code under OnlineViewing/galleries/. | |||||
| CVE-2007-4375 | 1 Diskeeper | 1 Diskeeper | 2018-10-15 | 5.8 MEDIUM | N/A |
| The administrative interface (aka DkService.exe) in Diskeeper 9 Professional, 2007 Pro Premier, and probably other versions exposes a memory comparison function via RPC over TCP, which allows remote attackers to (1) obtain sensitive information (process memory contents), as demonstrated by an attack that obtains module base addresses to defeat Address Space Layout Randomization (ASLR); or (2) cause a denial of service (application crash) via an out-of-bounds address. | |||||
| CVE-2007-4288 | 1 Microsoft | 1 Windows Media Player | 2018-10-15 | 4.3 MEDIUM | N/A |
| Microsoft Windows Media Player 11 (wmplayer.exe) allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .au file that triggers a divide-by-zero error, as demonstrated by iapetus.au. | |||||
| CVE-2007-4334 | 1 Php-stats | 1 Php-stats | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in whois.php in Php-stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the IP parameter. | |||||
| CVE-2007-4243 | 1 Astaro | 1 Security Gateway | 2018-10-15 | 7.8 HIGH | N/A |
| Unspecified vulnerability in pfilter-reporter.pl in Astaro Security Gateway (ASG) 7 allows remote attackers to cause a denial of service (CPU consumption) via certain network traffic, as demonstrated by P2P and iTunes applications that download large amounts of data. | |||||
| CVE-2007-4335 | 1 Qbik | 1 Wingate | 2018-10-15 | 5.0 MEDIUM | N/A |
| Format string vulnerability in the SMTP server component in Qbik WinGate 5.x and 6.x before 6.2.2 allows remote attackers to cause a denial of service (service crash) via format string specifiers in certain unexpected commands, which trigger a crash during error logging. | |||||
| CVE-2007-4376 | 1 Szymon Kosok | 1 Best Top List | 2018-10-15 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in banner-upload.php in Szymon Kosok Best Top List allows remote attackers to upload and execute arbitrary PHP files in banners/. | |||||
| CVE-2007-4327 | 1 Mapos Scripts | 1 File Uploader | 2018-10-15 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in File Uploader 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php or (2) datei.php. | |||||
| CVE-2007-4289 | 1 Sun | 1 Java System Portal Server | 2018-10-15 | 6.8 MEDIUM | N/A |
| Sun Java System Portal Server 7.0 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3715. | |||||
| CVE-2007-4283 | 1 Coppermine | 1 Coppermine Photo Gallery | 2018-10-15 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter. | |||||
| CVE-2007-4326 | 1 Mapos Scripts | 1 Bilder Uploader | 2018-10-15 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Bilder Uploader 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) gruppen.php, (2) bild.php, (3) feed.php, (4) mitglieder.php, (5) online.php, (6) profil.php, and possibly other unspecified PHP scripts. | |||||
| CVE-2007-4284 | 1 Cisco | 1 Meetingplace Web Confrencing | 2018-10-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified MeetingPlace Web Conferencing (MP) 5.3.235.0 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) Success Template (STPL) and (2) Failure Template (FTPL) parameters, which are not properly handled in an error message. | |||||
| CVE-2007-4319 | 1 Zyxel | 2 Zynos, Zywall 2 | 2018-10-15 | 4.0 MEDIUM | N/A |
| The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to cause a denial of service (infinite reboot loop) via invalid configuration data. NOTE: this issue might not cross privilege boundaries, and it might be resultant from CSRF; if so, then it should not be included in CVE. | |||||
| CVE-2007-4331 | 1 Ctw Design | 1 Findnix | 2018-10-15 | 4.3 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in FindNix allows remote attackers to include the contents of arbitrary URLs and conduct cross-site scripting (XSS) attacks via a URL in the page parameter. | |||||
| CVE-2007-4374 | 1 Rndlabs | 1 Babo Violent | 2018-10-15 | 4.0 MEDIUM | N/A |
| Babo Violent 2 2.08.00 does not validate the sender field of a chat message composed by a client, which allows remote authenticated users to spoof messages. | |||||
| CVE-2007-4373 | 1 Rndlabs | 1 Babo Violent | 2018-10-15 | 6.8 MEDIUM | N/A |
| The server in Babo Violent 2 2.08.00 and earlier does not properly implement password protection, which might allow remote attackers to bypass authentication by reconnecting after a connection closes. | |||||
| CVE-2007-4385 | 1 Owasp | 1 Stinger | 2018-10-15 | 6.8 MEDIUM | N/A |
| OWASP Stinger before 2.5 allows remote attackers to bypass input validation routines by using multipart encoded requests instead of form-urlencoded requests. NOTE: this might be used to expose vulnerabilities in applications that would otherwise be protected by the validation routines. | |||||