Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1817 | 1 Lykoszine | 1 Lykos Reviews Module | 2017-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Lykos Reviews (lykos_reviews) 1.00 module for Xoops allows remote attackers to execute arbitrary SQL commands via the uid parameter in a u action. | |||||
| CVE-2007-1818 | 1 Forum Picture And Meta Tags | 1 Forum Picture And Meta Tags | 2017-10-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in MOD_forum_fields_parse.php in the Forum picture and META tags 1.7 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-2371 | 1 Gregory Kokanosky | 1 Phpmynewsletter | 2017-10-10 | 10.0 HIGH | N/A |
| admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier provides access to configuration modification before login, which allows remote attackers to cause a denial of service (loss of configuration data), and possibly perform direct static code injection, via a saveGlobalconfig action. | |||||
| CVE-2007-2370 | 1 Xoops | 1 John Mordo Jobs Module | 2017-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a jobsview action. NOTE: the module name was originally reported as Job Listings. | |||||
| CVE-2007-2369 | 2 Php, Webspell | 2 Php, Webspell | 2017-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. | |||||
| CVE-2007-2368 | 1 Webspell | 1 Webspell | 2017-10-10 | 5.0 MEDIUM | N/A |
| picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to read arbitrary files via the file parameter. | |||||
| CVE-2007-1839 | 1 Codebb | 1 Codebb | 2017-10-10 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in CodeBB 1.1b3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) pass_code.php or (2) lang_select. | |||||
| CVE-2007-3360 | 1 Bitchx | 1 Bitchx | 2017-10-10 | 9.3 HIGH | N/A |
| hook.c in BitchX 1.1-final allows remote IRC servers to execute arbitrary commands by sending a client certain data containing NICK and EXEC strings, which exceeds the bounds of a hash table, and injects an EXEC hook function that receives and executes shell commands. | |||||
| CVE-2007-1842 | 1 Jsboard | 1 Jsboard | 2017-10-10 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019. | |||||
| CVE-2007-1847 | 1 Xoops | 1 Repository Module | 2017-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewcat.php in the Repository module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2007-3358 | 1 Iptel | 1 Serweb | 2017-10-10 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in html/load_lang.php in SerWeb 0.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _SERWEB[serwebdir] parameter. | |||||
| CVE-2007-1851 | 1 Really Simple Php And Ajax | 1 Really Simple Php And Ajax | 2017-10-10 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Really Simple PHP and Ajax (RSPA) 2007-03-23 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the __class parameter to (1) Controller_v4.php or (2) Controller_v5.php. | |||||
| CVE-2007-1856 | 2 Gentoo, Paul Vixie | 2 Linux, Vixie Cron | 2017-10-10 | 2.1 LOW | N/A |
| Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure permissions, which allows local users to cause a denial of service (cron failure) by creating hard links, which results in a failed st_nlink check in database.c. | |||||
| CVE-2007-3159 | 1 Miniweb Http Server | 1 Miniweb Http Server | 2017-10-10 | 5.0 MEDIUM | N/A |
| http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a denial of service (application crash) via a negative value in the Content-Length HTTP header. | |||||
| CVE-2007-3160 | 1 Php Real Estate Classifieds | 1 Php Real Estate Classifieds | 2017-10-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/header.php in PHP Real Estate Classifieds Premium Plus allows remote attackers to execute arbitrary PHP code via a URL in the loc parameter. | |||||
| CVE-2007-3161 | 1 Visicom Media | 1 Ace-ftp | 2017-10-10 | 6.8 MEDIUM | N/A |
| Buffer overflow in Ace-FTP Client 1.24a allows user-assisted, remote FTP servers to execute arbitrary code via a long response. | |||||
| CVE-2007-3162 | 1 Westbyte | 1 Internet Download Accelerator | 2017-10-10 | 5.0 MEDIUM | N/A |
| Buffer overflow in the NotSafe function in the idaiehlp ActiveX control in idaiehlp.dll 1.9.1.74 in Internet Download Accelerator (ida) 5.2 allows remote attackers to cause a denial of service (Internet Explorer crash) via a long argument. | |||||
| CVE-2007-3166 | 1 Qualcomm | 1 Eudora | 2017-10-10 | 6.8 MEDIUM | N/A |
| Buffer overflow in Qualcomm Eudora 7.1.0.9 allows user-assisted, remote IMAP servers to execute arbitrary code via a long FLAGS response to a SELECT INBOX command. | |||||
| CVE-2007-3167 | 1 Vivotek | 1 Mjpegcontrol | 2017-10-10 | 7.6 HIGH | N/A |
| Stack-based buffer overflow in the Vivotek Motion Jpeg ActiveX control (aka MjpegControl) in MjpegDecoder.dll 2.0.0.13 allows remote attackers to execute arbitrary code via a long PtzUrl property value. | |||||
| CVE-2007-3168 | 1 Edraw | 1 Office Viewer Component | 2017-10-10 | 7.8 HIGH | N/A |
| A certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to delete arbitrary files via the DeleteLocalFile method. | |||||