Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3460 | 1 Eva-web | 1 Eva-web | 2017-10-10 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in index.php3 in EVA-Web 1.1 through 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) aide or (2) perso parameter. | |||||
| CVE-2007-3449 | 1 Gorani Network | 1 6alblog | 2017-10-10 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the newsid parameter. | |||||
| CVE-2007-3446 | 1 Bugmall | 1 Shopping Cart | 2017-10-10 | 7.5 HIGH | N/A |
| BugMall Shopping Cart 2.5 and earlier has a default username "demo" and password "demo," which allows remote attackers to obtain login access. | |||||
| CVE-2007-3401 | 1 B1g | 1 B1gbb | 2017-10-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in footer.inc.php in B1G b1gBB 2.24 allows remote attackers to execute arbitrary PHP code via a URL in the tfooter parameter. | |||||
| CVE-2007-3434 | 1 Netart Media | 1 Pharmacy System | 2017-10-10 | 5.0 MEDIUM | N/A |
| index.php in Pharmacy System 2 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the page parameter, which reveals the table prefix in an error message. | |||||
| CVE-2007-3451 | 1 Gorani Network | 1 6alblog | 2017-10-10 | 6.5 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin/index.php in 6ALBlog allows remote authenticated administrators to execute arbitrary PHP code via a URL in the pg parameter. | |||||
| CVE-2007-3458 | 1 Sun | 1 Solaris | 2017-10-10 | 4.9 MEDIUM | N/A |
| The libsldap library in Sun Solaris 8, 9, and 10 allows local users to cause a denial of service (Name Service Caching Daemon (nscd) crash) via unspecified vectors. | |||||
| CVE-2007-3371 | 1 Powl | 1 Powl | 2017-10-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in plugins/widgets/htmledit/htmledit.php in Powl 0.94 allows remote attackers to execute arbitrary PHP code via a URL in the _POWL[installPath] parameter. | |||||
| CVE-2007-3461 | 1 Elkagroup | 1 Image Gallery | 2017-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in property.php in elkagroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter. | |||||
| CVE-2007-3429 | 1 E107 | 1 E107 | 2017-10-10 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg. | |||||
| CVE-2007-3403 | 1 Dreamlog | 1 Dreamlog | 2017-10-10 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in upload.php in dreamLog (aka dreamblog) 0.5 allows remote attackers to upload and execute arbitrary PHP code in uploads/images/ via the uploadedFile[] parameter. | |||||
| CVE-2007-3404 | 1 Sitedepth | 1 Sitedepth Cms | 2017-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ShowImage.php in SiteDepth CMS 3.44 allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter. | |||||
| CVE-2007-3433 | 1 Netart Media | 1 Pharmacy System | 2017-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Pharmacy System 2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter in an add action. | |||||
| CVE-2007-3431 | 1 Valerio Capello | 1 Dagger - The Cutting Edge | 2017-10-10 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in cal.func.php in Valerio Capello Dagger - The Cutting Edge r23jan2007 allows remote attackers to execute arbitrary PHP code via a URL in the dir_edge_lang parameter. | |||||
| CVE-2007-2204 | 1 Gpl Php Board | 1 Gpl Php Board | 2017-10-10 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in GPL PHP Board (GPB) unstable-2001.11.14-1 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) db.mysql.inc.php or (2) gpb.inc.php in include/, or the (3) theme parameter to themes/ubb/login.php. | |||||
| CVE-2007-2642 | 1 R2k | 1 R2k Gallery | 2017-10-10 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in galeria.php in R2K Gallery 1.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang2 parameter. | |||||
| CVE-2007-2643 | 1 Pinkcrow Designs | 1 Designs Gallery Magazin | 2017-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in phpThumb.php in PinkCrow Designs Gallery or maGAZIn 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter. | |||||
| CVE-2007-2644 | 1 Morovia | 1 Barcode Activex Control | 2017-10-10 | 9.4 HIGH | N/A |
| A certain ActiveX control in Morovia Barcode ActiveX Professional 3.3.1304 allows remote attackers to overwrite arbitrary files by calling the Save method with an arbitrary filename. | |||||
| CVE-2007-2659 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2017-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in PHP Advanced Transfer Manager (phpATM) 1.30 allows remote attackers to read arbitrary files and obtain script source code via a .. (dot dot) in the directory parameter in a downloadfile action. | |||||
| CVE-2007-2660 | 2 Cjg Explorer Pro, Vincent Blavet | 2 Cjg Explorer Pro, Phpconcept Library | 2017-10-10 | 6.8 MEDIUM | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in pcltrace.lib.php in the PclTar module in Vincent Blavet PhpConcept Library, as used in CJG EXPLORER PRO 3.3 and earlier and probably other products, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter. NOTE: CVE disputes this issue since there is no include statement in pcltrace.lib.php. NOTE: the pcltar.lib.php vector is already covered by CVE-2007-2199. | |||||