Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4360 | 1 Dell | 1 Remote Access Card | 2018-10-15 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Dell Remote Access Card 4 (DRAC4) with firmware 1.50 Build 02.16 allows remote attackers to cause a denial of service (SSH daemon crash) via certain network traffic, as demonstrated by an "nmap -O" scan with nmap 4.03, possibly related to a Mocana (Mocanada) SSH vulnerability. | |||||
| CVE-2007-4359 | 1 Skilmatch Staffing Systems | 1 Joblister3 | 2018-10-15 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in SkilMatch Staffing Systems JobLister3 allow remote attackers to execute arbitrary SQL commands via (1) the search form or (2) the jobid parameter to index.php in a showbyID action. | |||||
| CVE-2007-4318 | 1 Zyxel | 2 Zynos, Zywall 2 | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Forms/General_1 in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to inject arbitrary web script or HTML via the sysSystemName parameter. | |||||
| CVE-2007-4248 | 1 Toolbar Gaming | 1 Toolbar Gaming | 2018-10-15 | 4.3 MEDIUM | N/A |
| The CallCmd function in toolbar_gaming.dll in the Toolbar Gaming toolbar for Internet Explorer allows remote attackers to cause a denial of service (NULL dereference and browser crash) via unspecified vectors. | |||||
| CVE-2007-4330 | 1 Mapos Scripts | 1 Shoutbox | 2018-10-15 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in shoutbox.php in Shoutbox 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. | |||||
| CVE-2007-4249 | 1 Exportnation | 1 Exportnation Toolbar | 2018-10-15 | 4.3 MEDIUM | N/A |
| The isChecked function in Toolbar.DLL in the ExportNation toolbar for Internet Explorer allows remote attackers to cause a denial of service (NULL dereference and browser crash) via unspecified vectors. | |||||
| CVE-2007-4251 | 1 Openoffice | 1 Openoffice | 2018-10-15 | 4.3 MEDIUM | N/A |
| OpenOffice.org (OOo) 2.2 does not properly handle files with multiple extensions, which allows user-assisted remote attackers to cause a denial of service. | |||||
| CVE-2007-4253 | 1 Envolution | 1 Envolution | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the News module in modules.php in Envolution 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2005-4263. | |||||
| CVE-2007-4235 | 1 Vietphp | 1 Vietphp | 2018-10-15 | 9.3 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in VietPHP allow remote attackers to execute arbitrary PHP code via a URL in (1) the dirpath parameter to (a) _functions.php, or (2) the language parameter to (b) admin/index.php or (c) index.php. | |||||
| CVE-2007-4383 | 1 Trackeur | 1 Trackeur | 2018-10-15 | 6.8 MEDIUM | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in tracking.php in Trackeur 1 allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: CVE and a third party dispute this vulnerability because header is defined before use. The researcher is known to be unreliable. | |||||
| CVE-2007-4382 | 1 Counterpath | 1 X-lite | 2018-10-15 | 5.0 MEDIUM | N/A |
| CounterPath X-Lite 3.0 34025, and possibly eyeBeam, allows remote attackers to cause a denial of service (device crash) via a SIP INVITE message without a Content-Type header. | |||||
| CVE-2007-4325 | 1 Mapos Scripts | 1 Gaestebuch | 2018-10-15 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in Gaestebuch 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter. | |||||
| CVE-2007-4329 | 1 Mapos Scripts | 1 Web News | 2018-10-15 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Web News 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php, (2) news.php, or (3) feed.php. | |||||
| CVE-2007-4255 | 1 Php | 1 Php | 2018-10-15 | 7.5 HIGH | N/A |
| Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function. | |||||
| CVE-2007-4313 | 1 Php Blue Dragon | 1 Php Blue Dragon Cms | 2018-10-15 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in public_includes/pub_blocks/activecontent.php in Php Blue Dragon CMS 3.0.0 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter, a different vector than CVE-2006-2392, CVE-2006-3076, and CVE-2006-6958. | |||||
| CVE-2007-4387 | 1 2wire | 2 1701hg Router, 2071 Router | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG and 2071 Gateway routers, with 3.17.5 and 5.29.51 software, allows remote attackers to perform certain configuration changes as administrators. | |||||
| CVE-2007-4259 | 1 Ez Photo Sales | 1 Ez Photo Sales | 2018-10-15 | 5.0 MEDIUM | N/A |
| EZPhotoSales 1.9.3 and earlier allows remote attackers to download arbitrary image files via (1) a direct request for a URL under OnlineViewing/galleries/ or (2) navigation of the gallery user interface with JavaScript disabled. | |||||
| CVE-2007-4196 | 1 Brian Carrier | 1 The Slueth Kit | 2018-10-15 | 4.3 MEDIUM | N/A |
| icat in Brian Carrier The Sleuth Kit (TSK) before 2.09 misinterprets a certain memory location as the holder of a loop iteration count, which allows user-assisted remote attackers to cause a denial of service (long loop) and prevent examination of certain NTFS files via a malformed NTFS image. | |||||
| CVE-2007-4105 | 1 Baidu | 1 Soba Search Bar | 2018-10-15 | 9.3 HIGH | N/A |
| A certain ActiveX control in BaiduBar.dll in Baidu Soba Search Bar 5.4 allows remote attackers to execute arbitrary code via a request containing "a link to download and a file to execute," possibly involving remote file inclusion. | |||||
| CVE-2007-4157 | 1 Phpblogger | 1 Php-blogger | 2018-10-15 | 5.0 MEDIUM | N/A |
| PHPBlogger stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing an admin password hash via a direct request for data/pref.db. NOTE: this can be easily leveraged for administrative access because composing the authentication cookie only requires the password hash, not the cleartext version. | |||||