Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1516 | 1 Cicoandcico | 1 Ccmail | 2017-10-10 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in functions/update.php in Cicoandcico CcMail 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the functions_dir parameter. | |||||
| CVE-2007-1806 | 1 Red Mexico | 1 Rm\+soft Gallery | 2017-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in categos.php in the RM+Soft Gallery (rmgallery) 1.0 module for Xoops allows remote attackers to execute arbitrary SQL commands via the idcat parameter. | |||||
| CVE-2007-1807 | 1 Peak Xoops | 1 Myalbum P | 2017-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/myalbum/viewcat.php in the myAlbum-P 2.0 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2007-1808 | 1 Camportail | 1 Camportail | 2017-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in show.php in the Camportail 1.1 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the camid parameter in a showcam action. | |||||
| CVE-2007-1809 | 1 Grafx Software | 1 Company Website Builder | 2017-10-10 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in GraFX Company WebSite Builder (CWB) PRO 1.5 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_PATH parameter to (1) cls_headline_prod.php, (2) cls_listorders.php, or (3) cls_viewpastorders.php in include/, different vectors than CVE-2007-1513. | |||||
| CVE-2006-7032 | 1 Tufat | 1 Flashbb | 2017-10-10 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in phpbb/getmsg.php in FlashBB 1.1.5 and earlier allows remote attackers to execute arbitrary code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-1810 | 1 Kaotik | 1 Kshop | 2017-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in product_details.php in the Kshop 1.17 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-1811 | 1 Chapi | 1 Tiny Event | 2017-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action. | |||||
| CVE-2007-1393 | 1 Geo Soft | 1 Magic Cms | 2017-10-10 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in mysave.php in Magic CMS 4.2.747 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | |||||
| CVE-2007-1392 | 1 Netforo | 1 Netforo | 2017-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in down.php in netForo! 0.1g allows remote attackers to read arbitrary files via a .. (dot dot) in the file_to_download parameter. | |||||
| CVE-2007-1225 | 1 Grok Developments | 1 Netproxy | 2017-10-10 | 10.0 HIGH | N/A |
| The connection log file implementation in Grok Developments NetProxy 4.03 does not record requests that omit http:// in a URL, which might allow remote attackers to conduct unauthorized activities and avoid detection. | |||||
| CVE-2007-1130 | 1 Scipter.ch | 1 Gastebuch | 2017-10-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in sinagb.php in Sinapis Gastebuch 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter. | |||||
| CVE-2007-1294 | 1 Divx | 1 Divx Web Player | 2017-10-10 | 7.8 HIGH | N/A |
| A certain ActiveX control in the DivXBrowserPlugin (npdivx32.dll) in DivX Web Player, as distributed with DivX Player 1.3.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via large values to DivxWP.Resize, related to resizing images. | |||||
| CVE-2007-1131 | 1 Scripter.ch | 1 Sinapis Forum | 2017-10-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in sinapis.php in Sinapis Forum 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter. | |||||
| CVE-2007-1501 | 1 Avant Force | 1 Avant Browser | 2017-10-10 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Avant Browser 11.0 build 26 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Content-Type HTTP header. | |||||
| CVE-2007-1497 | 1 Linux | 1 Linux Kernel | 2017-10-10 | 5.0 MEDIUM | N/A |
| nf_conntrack in netfilter in the Linux kernel before 2.6.20.3 does not set nfctinfo during reassembly of fragmented packets, which leaves the default value as IP_CT_ESTABLISHED and might allow remote attackers to bypass certain rulesets using IPv6 fragments. | |||||
| CVE-2007-1133 | 1 Scripter.ch | 1 Fcring | 2017-10-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in fcring.php in FCRing 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the s_fuss parameter. | |||||
| CVE-2007-1382 | 2 Microsoft, Php | 2 All Windows, Com Extensions | 2017-10-10 | 6.8 MEDIUM | N/A |
| The PHP COM extensions for PHP on Windows systems allow context-dependent attackers to execute arbitrary code via a WScript.Shell COM object, as demonstrated by using the Run method of this object to execute cmd.exe, which bypasses PHP's safe mode. | |||||
| CVE-2007-1162 | 1 Common Controls Replacement Project | 1 Browsedialog Server | 2017-10-10 | 7.8 HIGH | N/A |
| A certain ActiveX control in the Common Controls Replacement Project (CCRP) CCRP BrowseDialog Server (ccrpbds6.dll) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) IsFolderAvailable or (2) RootFolder property value, different vectors than CVE-2007-0371. | |||||
| CVE-2007-1496 | 1 Linux | 1 Linux Kernel | 2017-10-10 | 4.9 MEDIUM | N/A |
| nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows attackers to cause a denial of service (crash) via unspecified vectors involving the (1) nfulnl_recv_config function, (2) using "multiple packets per netlink message", and (3) bridged packets, which trigger a NULL pointer dereference. | |||||