Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2714 | 1 Matt Mullenweg | 1 Akismet | 2017-07-28 | 10.0 HIGH | N/A |
| Unspecified vulnerability in akismet.php in Matt Mullenweg Akismet before 2.0.2, a WordPress plugin, has unknown impact and attack vectors. | |||||
| CVE-2007-2716 | 1 Eqdkp | 1 Eqdkp | 2017-07-28 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EQdkp 1.3.2c and earlier allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) listmembers.php and (2) stats.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2725 | 1 Db Soft Lab | 1 Dewizardx | 2017-07-28 | 7.5 HIGH | N/A |
| The DB Software Laboratory DeWizardX (DEWizardAX.ocx) ActiveX control allows remote attackers to overwrite arbitrary files via the SaveToFile function. | |||||
| CVE-2007-2739 | 1 Xajax | 1 Xajax | 2017-07-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in xajax before 0.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-2740 | 1 Xajax | 1 Xajax | 2017-07-28 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in xajax before 0.2.5 has unknown impact and attack vectors, not related to XSS. | |||||
| CVE-2007-2741 | 1 Littlecms | 1 Lcms | 2017-07-28 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file. | |||||
| CVE-2007-2742 | 1 Labs.beffa.org | 1 W2box | 2017-07-28 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in labs.beffa.org w2box 4.0.0 Beta4 allows remote attackers to upload arbitrary PHP code via a filename with a double extension such as .php.jpg. | |||||
| CVE-2007-2744 | 1 Precisionid Barcode | 1 Precisionid Barcode | 2017-07-28 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the PrecisionID Barcode 1.9 ActiveX control in PrecisionID_Barcode.dll allows remote attackers to cause a denial of service (Internet Explorer 6 crash), and possibly execute arbitrary code, via a long argument to the SaveBarCode method. NOTE: this issue might overlap CVE-2007-2657. | |||||
| CVE-2007-2745 | 1 Vdesk | 1 Webmail | 2017-07-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in printcal.pl in vDesk Webmail 4.03 allows remote attackers to inject arbitrary web script or HTML via the type parameter. | |||||
| CVE-2007-2747 | 1 Rdiffweb | 1 Rdiffweb | 2017-07-28 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in rdw_helpers.py in rdiffWeb before 0.3.5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to the /browse URI. | |||||
| CVE-2007-2758 | 1 Winimage | 1 Winimage | 2017-07-28 | 9.3 HIGH | N/A |
| Multiple buffer overflows in WinImage 8.0.8000 allow user-assisted remote attackers to execute arbitrary code via a FAT image that contains long directory names in a deeply nested directory structure, which triggers (1) a stack-based buffer overflow during extraction, or (2) a heap-based buffer overflow during traversal. | |||||
| CVE-2007-2759 | 1 Adempiere | 1 Adempiere | 2017-07-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the insert function in the ValuePreference class (grid/ed/ValuePreference.java) in Adempiere before 3.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) m_Attribute or (2) m_Value parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2760 | 1 Adempiere | 1 Adempiere | 2017-07-28 | 9.0 HIGH | N/A |
| The canUpdate function in model/MRole.java in Adempiere before 3.1.6 does not properly validate user roles, which allows remote authenticated read-only users to gain read-write privileges. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2763 | 1 Sienzo | 1 Digital Music Mentor | 2017-07-28 | 10.0 HIGH | N/A |
| Buffer overflow in the UnlockSupport function in the LockModules subsystem in a certain ActiveX control in ltmm15.dll in Sienzo Digital Music Mentor (DMM) 2.6.0.4 allows remote attackers to execute arbitrary code via a long string in the second argument, a different issue than CVE-2007-2564. | |||||
| CVE-2007-2765 | 1 Ac Zoom | 1 Blockhosts | 2017-07-28 | 6.8 MEDIUM | N/A |
| blockhosts.py in BlockHosts before 2.0.3 does not properly parse daemon log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by logging in through ssh using a login name containing certain strings with an IP address, which is not properly handled by a regular expression, a related issue to CVE-2006-6301. | |||||
| CVE-2007-2766 | 1 Backup Manager | 1 Backup Manager | 2017-07-28 | 7.2 HIGH | N/A |
| lib/backup-methods.sh in Backup Manager before 0.7.6 provides the MySQL password as a plaintext command line argument, which allows local users to obtain this password by listing the process and its arguments, related to lib/backup-methods.sh. | |||||
| CVE-2007-2767 | 1 Opendap | 2 Bes, Hyrax | 2017-07-28 | 7.8 HIGH | N/A |
| Unspecified vulnerability in BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 allows remote attackers to list filesystem contents and obtain sensitive information via unknown vectors. | |||||
| CVE-2007-2769 | 1 Opendap | 2 Bes, Hyrax | 2017-07-28 | 7.5 HIGH | N/A |
| BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 does not properly handle compressed files, which allows remote attackers to upload arbitrary files or execute arbitrary commands via a crafted compressed file. | |||||
| CVE-2007-2771 | 1 Lead Technologies | 1 Leadtools Jpeg 2000 | 2017-07-28 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the LEAD Technologies LeadTools JPEG 2000 LEADJ2K.LEADJ2K.140 ActiveX control (LTJ2K14.ocx) 14.5.0.35 allows remote attackers to execute arbitrary code via a long BitmapDataPath property. | |||||
| CVE-2007-2780 | 1 Psychostats | 1 Psychostats | 2017-07-28 | 5.0 MEDIUM | N/A |
| PsychoStats 3.0.6b and earlier allows remote attackers to obtain sensitive information via a request for server.php with a missing or invalid newtheme parameter, which reveals a path in an error message. | |||||