Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4213 | 2 Palm, Treo | 5 Palm Os, 650, 680 and 2 more | 2018-10-15 | 7.1 HIGH | N/A |
| Palm OS on Treo 650, 680, 700p, and 755p Smart phones allows remote attackers to cause a denial of service (device reset or hang) via a flood of large ICMP echo requests. NOTE: this is probably a different vulnerability than CVE-2003-0293. | |||||
| CVE-2007-4092 | 1 Ifoto | 1 Ifoto | 2018-10-15 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in iFoto 1.0.1 and earlier allows remote attackers to list arbitrary directories, and possibly download arbitrary photos, via a .. (dot dot) in the dir parameter. | |||||
| CVE-2007-4093 | 1 Minb | 1 Minb Is Not A Blog | 2018-10-15 | 7.8 HIGH | N/A |
| Minb Is Not a Blog (minb) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing usernames and encrypted passwords via a direct request for db/users.db. | |||||
| CVE-2007-4094 | 1 Idevspot | 1 Phphostbot | 2018-10-15 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in library/authorize.php in IDevSpot PhpHostBot allows remote attackers to execute arbitrary PHP code via a URL in the login_form parameter, a different vector than CVE-2006-3776. | |||||
| CVE-2007-4091 | 1 Rsync | 1 Rsync | 2018-10-15 | 6.8 MEDIUM | N/A |
| Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function. | |||||
| CVE-2007-4108 | 1 Codewidgets | 1 Online Event Registration Template | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sign_in.aspx in WebEvents (Online Event Registration Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter. | |||||
| CVE-2007-4073 | 1 Tincan | 1 Webbler Cms | 2018-10-15 | 5.0 MEDIUM | N/A |
| Webbler CMS before 3.1.6 does not properly restrict use of "mail a friend" forms, which allows remote attackers to send arbitrary amounts of forged e-mail. NOTE: this could be leveraged for spam or phishing attacks. | |||||
| CVE-2007-4072 | 1 Tincan | 1 Webbler Cms | 2018-10-15 | 5.0 MEDIUM | N/A |
| Webbler CMS before 3.1.6 provides the full installation path within HTML comments in certain documents, which allows remote attackers to obtain sensitive information by viewing the HTML source, as demonstrated by viewing the source generated from index.php. | |||||
| CVE-2007-4071 | 1 Tincan | 1 Webbler Cms | 2018-10-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in uploader/index.php in Webbler CMS before 3.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) login parameter. | |||||
| CVE-2007-4048 | 1 Phpsysinfo | 1 Phpsysinfo | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo 2.5.4-dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||||
| CVE-2007-4047 | 1 Geoblog | 1 Geoblog | 2018-10-15 | 6.4 MEDIUM | N/A |
| geoBlog (aka BitDamaged) 1 does not require authentication for (1) deletecomment.php, (2) deleteblog.php, and (3) listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request with a valid id parameter. | |||||
| CVE-2007-4101 | 1 Global Centre | 1 Aplomb Poll | 2018-10-15 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Madoa Poll 1.1 allow remote attackers to execute arbitrary PHP code via the Madoa parameter to (1) index.php, (2) vote.php, and (3) admin.php. | |||||
| CVE-2007-4102 | 1 Sblog | 1 Sblog | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php for sBlog 0.7.3 Beta allows remote attackers to inject arbitrary HTML and web script via a leading '"/></> sequence in the search string. | |||||
| CVE-2007-4103 | 1 Digium | 3 Asterisk, Asterisk Appliance Developer Kit, Asterisknow Pre-release | 2018-10-15 | 7.8 HIGH | N/A |
| The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of calls that do not complete a 3-way handshake, which causes an ast_channel to be allocated but not released. | |||||
| CVE-2007-4035 | 1 Guidance Software | 1 Encase | 2018-10-15 | 5.0 MEDIUM | N/A |
| ** DISPUTED ** Guidance Software EnCase does not properly handle (1) certain malformed MBR partition tables with many entries, which allows remote attackers to prevent logical collection of a disk image; (2) NTFS filesystems with directory loops, which allows remote attackers to prevent examination of certain directory contents; and (3) certain other malformed NTFS filesystems, which allows remote attackers to prevent examination of corrupted records. NOTE: the vendor disputes the significance of these issues, because physical collection can be used instead, because the vendor believes that relevant attackers typically do not corrupt an MBR or a filesystem, and because detection of a loop is valuable on its own. | |||||
| CVE-2007-4156 | 1 Woliocms | 1 Woliocms | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in wolioCMS allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to member.php in a page action, related to a SELECT statement in common.php; and the (2) loginid parameter (uid variable), and possibly the (3) pwd parameter, to admin/index.php. | |||||
| CVE-2007-4106 | 1 Codewidgets | 2 Pay Roll - Time Sheet, Punch Card | 2018-10-15 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in login.asp in CodeWidgets Pay Roll - Time Sheet and Punch Card Application With Web Interface allows remote attackers to execute arbitrary SQL commands via the Password parameter. | |||||
| CVE-2007-4109 | 1 Codewidgets | 1 Online Event Registration Template | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sign_in.aspx in WebStore (Online Store Application Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter. | |||||
| CVE-2007-4110 | 1 Codewidgets | 1 Threaded Discussion Forum Application | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sign_in.aspx in Message Board / Threaded Discussion Forum Application Template allows remote attackers to execute arbitrary SQL commands via the Password parameter. | |||||
| CVE-2007-4111 | 1 Codewidgets | 1 Real Estate Listing Website Application Template | 2018-10-15 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the login script in Real Estate listing website application template, when logging in as user or manager, allows remote attackers to execute arbitrary SQL commands via the Password parameter. | |||||