Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0020 | 1 Panic Transmit | 1 Panic Transmit | 2017-10-18 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the SFTP protocol handler for Panic Transmit (Transmit.app) up to 3.5.5 allows remote attackers to execute arbitrary code via a long ftps:// URL. | |||||
| CVE-2007-0496 | 1 Neon Labs | 1 Neon Labs Website | 2017-10-18 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the g_strRootDir parameter. | |||||
| CVE-2007-0359 | 1 Uberghey | 1 Cms | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in frontpage.php in Uberghey CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter. | |||||
| CVE-2007-0098 | 1 Verliadmin | 1 Verliadmin | 2017-10-18 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php. | |||||
| CVE-2007-0170 | 1 Allmyphp | 1 Allmyvisitors | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in AllMyVisitors 0.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the AMV_serverpath parameter. | |||||
| CVE-2007-0369 | 1 Phpbp | 1 Phpbp | 2017-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in phpBP RC3 (2.204) and earlier allows remote attackers to execute arbitrary SQL commands via the comment forum. | |||||
| CVE-2007-0015 | 1 Apple | 1 Quicktime | 2017-10-18 | 6.8 MEDIUM | N/A |
| Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI. | |||||
| CVE-2007-0225 | 1 Virtual Programming | 1 Vp-asp | 2017-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
| CVE-2007-0329 | 1 Joonas Viljanen | 1 Jv2 Folder Gallery | 2017-10-18 | 5.0 MEDIUM | N/A |
| download.php in Joonas Viljanen JV2 Folder Gallery allows remote attackers to read sensitive files via a relative pathname in the file parameter, as demonstrated by config/gallerysetup.php. NOTE: this issue might be resultant from a directory traversal vulnerability. | |||||
| CVE-2007-0361 | 1 Comscripts | 1 Phpmyphorum | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in mep/frame.php in PHPMyphorum 1.5a allows remote attackers to execute arbitrary PHP code via a URL in the chem parameter. | |||||
| CVE-2007-0171 | 1 Voice Of Web | 1 Allmylinks | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in AllMyLinks 0.5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AML_opensite parameter. | |||||
| CVE-2007-0049 | 1 Geckovich | 2 Tasktracker, Tasktracker Pro | 2017-10-18 | 7.5 HIGH | N/A |
| Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to add administrative or other accounts via an Add action with a modified GroupID in a direct request to Customize.asp. | |||||
| CVE-2007-0304 | 1 Mint | 1 Haber Sistemi | 2017-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in duyuru.asp in MiNT Haber Sistemi 2.7 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0306 | 1 Digiappz | 1 Digiaffiliate | 2017-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in visu_user.asp in Digiappz DigiAffiliate 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0495 | 1 Phpsherpa | 1 Phpsherpa | 2017-10-18 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/config.inc.php in PhpSherpa allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter. | |||||
| CVE-2007-0172 | 1 Voice Of Web | 1 Allmyguests | 2017-10-18 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the AMG_serverpath parameter to (1) comments.php and (2) signin.php; and possibly via a URL in unspecified parameters to (3) include/submit.inc.php, (4) admin/index.php, (5) include/cm_submit.inc.php, and (6) index.php. | |||||
| CVE-2007-0370 | 1 Phpbp | 1 Phpbp | 2017-10-18 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in index.php in phpBP RC3 (2.204) and earlier allows remote administrators to inject arbitrary PHP code into an upload/banners/ file via a banners add operation that uploads the PHP code through an image_form parameter specifying a multiple-extension filename such as .jpg.vil.gif.php, which is stored in upload/banners/ under a different name, and executable via a direct request. NOTE: a separate SQL injection issue could be leveraged to make this vulnerability reachable by remote unauthenticated attackers. | |||||
| CVE-2007-0429 | 1 Divx | 1 Divx Player | 2017-10-18 | 5.0 MEDIUM | N/A |
| DivXBrowserPlugin (aka DivX Web Player) npdivx32.dll, as distributed with DivX Player 6.4.1, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the GoWindowed method for a certain instance of the ActiveX object. | |||||
| CVE-2007-0052 | 1 Vizayn Haber | 1 Vizayn Haber | 2017-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in haberdetay.asp in Vizayn Haber allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0261 | 1 Snews | 1 Snews | 2017-10-18 | 10.0 HIGH | N/A |
| snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter. | |||||