Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3547 | 1 Qt-cute | 1 Quickticket | 2017-09-28 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in qti_checkname.php in QuickTicket 1.2 allows remote attackers to include and execute arbitrary local files a .. (dot dot) in the lang parameter. | |||||
| CVE-2007-3548 | 1 W3filer | 1 W3filer | 2017-09-28 | 7.1 HIGH | N/A |
| Stack-based buffer overflow in W3Filer 2.1.3 allows remote FTP servers to cause a denial of service (application hang or crash) and possibly execute arbitrary code by sending a large banner to a client that is sending a file. | |||||
| CVE-2007-3549 | 1 Vastal I-tech | 1 Buddy Zone | 2017-09-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2007-3582 | 1 Inforest Communications | 1 Supercali | 2017-09-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in SuperCali PHP Event Calendar 0.4.0 allows remote attackers to execute arbitrary SQL commands via the o parameter. | |||||
| CVE-2007-3583 | 1 Girlserv | 1 Girlserv Ads | 2017-09-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in details_news.php in Girlserv ads 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the idnew parameter. | |||||
| CVE-2007-3589 | 1 B1g | 1 B1gbb | 2017-09-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in b1gbb 2.24.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showthread.php or (2) showboard.php. | |||||
| CVE-2007-3590 | 1 B1g | 1 B1gbb | 2017-09-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in visitenkarte.php in b1gBB 2.24.0 allows remote attackers to inject arbitrary web script or HTML via the user parameter. | |||||
| CVE-2007-3606 | 1 Sap | 1 Enjoysap | 2017-09-28 | 7.6 HIGH | N/A |
| Heap-based buffer overflow in the rfcguisink.rfcguisink.1 ActiveX control in the EnjoySAP SAP GUI, on systems using ASCII versions, allows remote attackers to execute arbitrary code via a long first argument to the LaunchGui function. | |||||
| CVE-2007-3609 | 1 Emeeting | 1 Online Dating Software | 2017-09-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in eMeeting Online Dating Software 5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) b.php and (2) account/gallery.php, and other unspecified vectors. | |||||
| CVE-2007-3610 | 1 Vastal I-tech | 1 Phpvid | 2017-09-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in categories_type.php in phpVID 0.9.9 allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2007-3611 | 1 Vrnews | 1 Vrnews | 2017-09-28 | 9.3 HIGH | N/A |
| admin.php in VRNews 1.1.1, and possibly other 1.x versions, does not require authentication, which allows remote attackers to perform certain administrative actions via a direct request with a (1) edit, (2) add, (3) config, or (4) del value in the act parameter. | |||||
| CVE-2007-3612 | 1 Visual Irc | 1 Visual Irc | 2017-09-28 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Visual IRC (ViRC) 2.0 allows remote IRC servers to execute arbitrary code via a long response to a JOIN command. | |||||
| CVE-2007-3630 | 1 Av Scripts | 1 Av Tutorial Script | 2017-09-28 | 6.4 MEDIUM | N/A |
| changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter. | |||||
| CVE-2007-3631 | 1 Gamesitescript | 1 Gamesitescript | 2017-09-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in GameSiteScript (gss) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the params parameter, related to missing input validation of the id field. | |||||
| CVE-2007-3632 | 1 Limesurvey | 1 Limesurvey | 2017-09-28 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka PHPSurveyor) 1.49RC2 allow remote attackers to execute arbitrary PHP code via a URL in the homedir parameter to (1) OLE/PPS/File.php, (2) OLE/PPS/Root.php, (3) Spreadsheet/Excel/Writer.php, or (4) OLE/PPS.php in admin/classes/pear/; or (5) Worksheet.php, (6) Parser.php, (7) Workbook.php, (8) Format.php, or (9) BIFFwriter.php in admin/classes/pear/Spreadsheet/Excel/Writer/. | |||||
| CVE-2007-3633 | 1 Chilkat Software | 1 Chilkat Zip Activex Control | 2017-09-28 | 6.4 MEDIUM | N/A |
| Absolute path traversal vulnerability in the Chilkat Software Chilkat Zip ActiveX control in ChilkatZip2.dll 12.4.2.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveLastError method and probably the (2) WriteExe method. | |||||
| CVE-2007-3649 | 1 Hp | 1 Photo Digital Imaging Activex Control | 2017-09-28 | 6.8 MEDIUM | N/A |
| Absolute path traversal vulnerability in a certain ActiveX control in hpqvwocx.dll 2.1.0.556 in Hewlett-Packard (HP) Digital Imaging allows remote attackers to create or overwrite arbitrary files via the second argument to the SaveToFile method. | |||||
| CVE-2007-3682 | 1 Openld | 1 Openld | 2017-09-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in OpenLD 1.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-3702 | 1 Mail Machine | 1 Mail Machine | 2017-09-28 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the load function in cgi-bin/mail/mailmachine.cgi in Mail Machine 3.989 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the archives parameter in a Load action. | |||||
| CVE-2007-3703 | 1 Zenturi | 1 Zenturi Programchecker | 2017-09-28 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in a certain ActiveX control in sasatl.dll 1.5.0.531 in Zenturi Program Checker (ProgramChecker) Pro allows remote attackers to execute arbitrary code via a long argument to the Fill method. NOTE: this is probably a different issue than CVE-2007-2987. | |||||