Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2746 | 1 Plain Black | 1 Webgui | 2011-03-07 | 3.5 LOW | N/A |
| The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in Plain Black WebGUI before 7.3.14 does not properly use data structures containing privilege information, which allows remote authenticated users to obtain sensitive information or possibly have other unspecified impact. | |||||
| CVE-2007-1881 | 1 Kaspersky Lab | 2 Kaspersky Anti-virus, Kaspersky Internet Security | 2011-03-07 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows local users to gain Ring-0 privileges via unspecified vectors. | |||||
| CVE-2007-1939 | 1 Daniel Naber | 1 Languagetool | 2011-03-07 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the embedded webserver in Daniel Naber LanguageTool before 0.8.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message, possibly the demultiplex method in HTTPServer.java. | |||||
| CVE-2007-1958 | 1 Tinymux | 1 Tinymux | 2011-03-07 | 5.0 MEDIUM | N/A |
| Buffer overflow in TinyMUX before 2.4 allows attackers to cause a denial of service via unspecified vectors related to "too many substring matches in a regexp $-command." NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-1959 | 1 Tinymux | 1 Tinymux | 2011-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the process_cmdent function in command.cpp in TinyMUX before 2.4 has unknown impact and attack vectors, related to lack of the "'other half' of buffer overflow protection." | |||||
| CVE-2007-1981 | 2 Metamod-p, Microsoft | 2 Metamod-p, All Windows | 2011-03-07 | 7.8 HIGH | N/A |
| The safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier on Windows allows remote attackers to cause a denial of service (daemon crash) via a long meta list command. | |||||
| CVE-2007-1990 | 1 Sam Crew | 1 Myblog | 2011-03-07 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlog, possibly 1.0 through 1.6, allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, a different vector than CVE-2007-1968. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2014 | 1 Mynews | 1 Mynews | 2011-03-07 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/blocks/week_events.php in MyNews 4.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter, a different vector than CVE-2007-0633. | |||||
| CVE-2007-2042 | 1 Avant-garde Solutions | 1 Mosmedia | 2011-03-07 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite 1.0.6 and earlier module for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) support.html.php or (2) info.html.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2046 | 1 Openads | 1 Openads | 2011-03-07 | 7.5 HIGH | N/A |
| Multiple CRLF injection vulnerabilities in adclick.php in (a) Openads (phpAdsNew) 2.0.11 and earlier and (b) Openads for PostgreSQL (phpPgAds) 2.0.11 and earlier allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in (1) the dest parameter and (2) the Referer HTTP header. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2047 | 1 Openads | 1 Openads | 2011-03-07 | 7.5 HIGH | N/A |
| CRLF injection vulnerability in www/delivery/ck.php in Openads 2.3 (aka Max Media Manager, MMM) before 0.3.31-alpha-pr3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the destination parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2051 | 1 Bftpd | 1 Bftpd | 2011-03-07 | 5.0 MEDIUM | N/A |
| Buffer overflow in the parsecmd function in bftpd before 1.8 has unknown impact and attack vectors related to the confstr variable. | |||||
| CVE-2007-2071 | 1 Open-gorotto | 1 Open-gorotto | 2011-03-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Open-gorotto 2.0a 2006/02/08 edition, 2006/03/19 edition, and 2006/04/07 edition before 20070416 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) pub/modules/d/_top.html; (2) /pub/modules/a/_access.html; (3) _circletop.html or (4) _cir66.html in pub/modules/ci/; or (5) _fri66.html, (6) _inv66.html, (7) _top.html, (8) _friends.html, or (9) _fri33.html in pub/modules/f/. | |||||
| CVE-2007-2092 | 1 Limesoft | 1 Limesoft Guestbook | 2011-03-07 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook) allows remote attackers to inject arbitrary PHP code into posts.txt via the name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2107 | 1 Rha7 Downloads | 1 Rha7 Downloads | 2011-03-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-1960. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2146 | 1 Minigal | 1 Minigal | 2011-03-07 | 7.5 HIGH | N/A |
| The imagecomments function in classes.php in MiniGal b13 allow remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the (1) name or (2) email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2159 | 1 Drupal | 1 Database Administration Module | 2011-03-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Database Administration (dba) module 4.6.x-*, and before 4.7.x-1.2 in the 4.7.x-1.* series, for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors relating to (1) direct display of data from the database and (2) other portions of the user interface. | |||||
| CVE-2007-2160 | 1 Drupal | 1 Database Administration Module | 2011-03-07 | 7.5 HIGH | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Database Administration (dba) module 4.6.x-*, and before 4.7.x-1.2 in the 4.7.x-1.* series, for Drupal allow remote attackers to perform unauthorized actions as an arbitrary user, a related issue to CVE-2006-5476. | |||||
| CVE-2007-2177 | 1 Microgaming | 1 Download Helper Activex Control | 2011-03-07 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the Microgaming Download Helper ActiveX control (dlhelper.dll) before 7.2.0.19, and the WebHandler Class control, allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-2198 | 1 Lan Management System | 1 Lan Management System | 2011-03-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in LAN Management System (LMS) before 1.6.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably involving the OD parameter to contrib/formularz_przelewu_wplaty/druk.php. | |||||