Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2601 | 1 Divx City | 1 Gdivx Zenith Player | 2017-10-10 | 9.3 HIGH | N/A |
| Buffer overflow in a certain ActiveX control in the GDivX Zenith Player AviFixer class in fix.dll 1.0.0.1 allows remote attackers to execute arbitrary code via a long SetInputFile property value. | |||||
| CVE-2007-2600 | 1 Wavelink Media | 1 Tutorialcms | 2017-10-10 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or the (3) search parameter to search.php. | |||||
| CVE-2007-2599 | 1 Wavelink Media | 1 Tutorialcms | 2017-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or (3) the search parameter to search.php. | |||||
| CVE-2007-2598 | 1 Simplenews | 1 Simplenews | 2017-10-10 | 10.0 HIGH | N/A |
| SQL injection vulnerability in print.php in SimpleNews 1.0.0 FINAL allows remote attackers to execute arbitrary SQL commands via the news_id parameter. | |||||
| CVE-2007-2656 | 1 Hp | 1 Hpqvwocx.dll | 2017-10-10 | 7.8 HIGH | N/A |
| Stack-based buffer overflow in the Hewlett-Packard (HP) Magview ActiveX control in hpqvwocx.dll 1.0.0.309 allows remote attackers to cause a denial of service (application crash) and possibly have other impact via a long argument to the DeleteProfile method. | |||||
| CVE-2007-2661 | 1 Drumster | 1 Blogme | 2017-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in archshow.asp in BlogMe 3.0 allows remote attackers to execute arbitrary SQL commands via the var parameter, a different vector than CVE-2006-5976. | |||||
| CVE-2007-2662 | 1 Efestech Haber | 1 Efestech Haber | 2017-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in EfesTECH Haber 5.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to the top-level URI. | |||||
| CVE-2007-2597 | 1 Telltargetcms | 1 Telltarget Cms | 2017-10-10 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in telltarget CMS 1.3.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) ordnertiefe parameter to site_conf.php; or the (2) tt_docroot parameter to (a) class.csv.php, (b) produkte_nach_serie.php, or (c) ref_kd_rubrik.php in functionen/; (d) hg_referenz_jobgalerie.php, (e) surfer_anmeldung_NWL.php, (f) produkte_nach_serie_alle.php, (g) surfer_aendern.php, (h) ref_kd_rubrik.php, or (i) referenz.php in module/; or (j) 1/lay.php or (k) 3/lay.php in standard/. | |||||
| CVE-2007-2596 | 1 Agner Fog | 1 Aforum | 2017-10-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in common/func.php in aForum 1.32 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CommonAbsDir parameter. | |||||
| CVE-2007-2594 | 1 Phpmyportal | 1 Phpmyportal | 2017-10-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/articles.inc.php in phpMyPortal 3.0.0 RC3 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[CHEMINMODULES] parameter. | |||||
| CVE-2007-2663 | 1 Beacon | 1 Beacon | 2017-10-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in language/1/splash.lang.php in Beacon 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the languagePath parameter. | |||||
| CVE-2007-2664 | 1 Tomasz Rekawek | 1 Yet Another Asterisk Panel | 2017-10-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/common.php in Yaap 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, possibly related to the __autoload function. | |||||
| CVE-2007-2665 | 1 Php Firstpost | 1 Php Firstpost | 2017-10-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in block.php in PhpFirstPost 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the Include parameter. | |||||
| CVE-2007-2617 | 1 Sun | 2 Net Connect Software, Solaris | 2017-10-10 | 2.1 LOW | N/A |
| srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options. | |||||
| CVE-2007-2667 | 1 Db Soft Lab | 1 Vimp X | 2017-10-10 | 9.3 HIGH | N/A |
| Buffer overflow in the DB Software Laboratory VImpX ActiveX control in VImpX.ocx 4.7.3 allows remote attackers to execute arbitrary code via a long LogFile parameter. | |||||
| CVE-2007-2672 | 1 Thinc4orce Marketing Group | 1 Php Coupon Script | 2017-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PHP Coupon Script 3.0 allows remote attackers to execute arbitrary SQL commands via the bus parameter in a viewbus page. | |||||
| CVE-2007-3370 | 1 Kim Kyoung Min | 1 Sun Board | 2017-10-10 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Sun Board 1.00.00 Alpha allow remote attackers to execute arbitrary PHP code via a URL in (1) the sunPath parameter to include.php or (2) the dir parameter to skin/board/default/doctype.php. | |||||
| CVE-2007-2717 | 1 Igeneric | 1 Ig Shop | 2017-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the type_id[] parameter, a different vector than CVE-2005-0537. | |||||
| CVE-2007-2674 | 1 Pre Projects | 1 Pre Shopping Mall | 2017-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.php in Pre Shopping Mall 1.0 allows remote attackers to execute arbitrary SQL commands via the prodid parameter. | |||||
| CVE-2007-2576 | 1 East Wind Software | 1 Advdaudio.ocx | 2017-10-10 | 6.8 MEDIUM | N/A |
| Buffer overflow in the East Wind Software advdaudio.ocx 1.5.1.1 ActiveX control allows user-assisted remote attackers to execute arbitrary code via a long OpenDVD property value. NOTE: this issue might be related to CVE-2007-0976. | |||||