Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2302 | 1 Expow | 1 Expow | 2017-10-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in autoindex.php in Expow 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_file parameter. | |||||
| CVE-2007-1895 | 1 Sky Gunning | 1 Myspeach | 2017-10-10 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier, when used with PHP 5, allows remote attackers to execute arbitrary PHP code via an ftp URL in a my_ms[root] cookie, a different vector than CVE-2007-0491 and CVE-2006-4630. | |||||
| CVE-2007-1896 | 1 Sky Gunning | 1 Myspeach | 2017-10-10 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) and trailing %00 (NULL) in a my_ms[root] cookie. | |||||
| CVE-2007-1900 | 1 Php | 1 Php | 2017-10-10 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent part of the address string. | |||||
| CVE-2007-2301 | 1 Arash | 1 Audiocms | 2017-10-10 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in audioCMS arash 0.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the arashlib_dir parameter to (1) edit.inc.php and (2) list_features.inc.php in arash_lib/include, and (3) arash_gadmin.class.php and (4) arash_sadmin.class.php in arash_lib/class/. | |||||
| CVE-2007-1907 | 1 Pathos | 1 Content Management System | 2017-10-10 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in warn.php in Pathos Content Management System (CMS) 0.92-2 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | |||||
| CVE-2007-1908 | 1 Php121 | 1 Php121 Instant Messenger | 2017-10-10 | 6.8 MEDIUM | N/A |
| PHP file inclusion vulnerability in php121db.php in PHP121 Instant Messenger 2.2 allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the php121dir parameter, which is accessed by the file_exists function. | |||||
| CVE-2007-1909 | 1 Ryan Haudenschilt | 1 Battle.net Clan Script | 2017-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in Ryan Haudenschilt Battle.net Clan Script for PHP 1.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) pass parameter. | |||||
| CVE-2007-1911 | 1 Microsoft | 1 Word | 2017-10-10 | 7.1 HIGH | N/A |
| Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption) via crafted documents, as demonstrated by (1) file798-1.doc and (2) file613-1.doc, possibly related to a buffer overflow. | |||||
| CVE-2007-1912 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2017-10-10 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file. | |||||
| CVE-2007-1936 | 1 Scar4u.de | 1 Scaradcontroller | 2017-10-10 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in scaradcontrol.php in ScarAdControl (ScarAdController) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the sac_config_dir parameter. | |||||
| CVE-2007-3199 | 1 American Financing | 1 Link Request Contact Form | 2017-10-10 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in Link Request Contact Form 3.4 allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension and an image content type, as demonstrated by image/jpeg. | |||||
| CVE-2007-2200 | 1 Pagode | 1 Pagode | 2017-10-10 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in navigator/navigator_ok.php in Pagode 0.5.8 allows remote attackers to read and possibly delete arbitrary files via a .. (dot dot) in the asolute parameter. | |||||
| CVE-2007-1929 | 1 Gna | 1 Beryo | 2017-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in downloadpic.php in Beryo 2.0, and possibly other versions including 2.4, allows remote attackers to read arbitrary files via a .. (dot dot) in the chemin parameter. | |||||
| CVE-2007-1930 | 1 Cattadoc | 1 Cattadoc | 2017-10-10 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in download2.php in cattaDoc 2.21, and possibly other versions including 3.0, allows remote attackers to read arbitrary files via a .. (dot dot) in the fn1 parameter. | |||||
| CVE-2007-1931 | 1 Smodcms | 1 Smodcms | 2017-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the slownik module in SmodCMS 2.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ssid parameter. | |||||
| CVE-2007-1932 | 1 Scar4u | 1 Scarnews | 2017-10-10 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in scarnews.inc.php in ScarNews 1.2.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sn_admin_dir parameter. | |||||
| CVE-2007-1933 | 1 Dreamcodes | 1 Pcp-guestbook | 2017-10-10 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in PcP-Guestbook (PcP-Book) 3.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) index.php, (2) gb.php, or (3) faq.php. | |||||
| CVE-2007-1934 | 1 Php-nuke | 1 Eboard Module | 2017-10-10 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in member.php in the eBoard 1.0.7 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[name] parameter. | |||||
| CVE-2007-1935 | 1 Scar4u.de | 1 Scaradcontroller | 2017-10-10 | 6.8 MEDIUM | N/A |
| PHP file inclusion vulnerability in admin/index.php in ScarAdControl (ScarAdController) 1.1 allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the site parameter, which is accessed by the file_exists function. | |||||