Total
289055 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1910 | 1 Microsoft | 1 Word | 2024-11-21 | N/A |
| Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc. | ||||
| CVE-2007-1909 | 1 Ryan Haudenschilt | 1 Battle.net Clan Script | 2024-11-21 | N/A |
| SQL injection vulnerability in login.php in Ryan Haudenschilt Battle.net Clan Script for PHP 1.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) pass parameter. | ||||
| CVE-2007-1908 | 1 Php121 | 1 Php121 Instant Messenger | 2024-11-21 | N/A |
| PHP file inclusion vulnerability in php121db.php in PHP121 Instant Messenger 2.2 allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the php121dir parameter, which is accessed by the file_exists function. | ||||
| CVE-2007-1907 | 1 Pathos | 1 Content Management System | 2024-11-21 | N/A |
| PHP remote file inclusion vulnerability in warn.php in Pathos Content Management System (CMS) 0.92-2 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | ||||
| CVE-2007-1906 | 2 Ecardmax.com, Mybb | 2 Hot Editor, Mybb Hot Editor Plugin | 2024-11-21 | N/A |
| Directory traversal vulnerability in richedit/keyboard.php in eCardMAX HotEditor (Hot Editor) 4.0, and the HotEditor plugin for MyBB, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the first parameter. | ||||
| CVE-2007-1905 | 1 Pineapple Technologies | 1 Quizshock | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in auth.php in Pineapple Technologies QuizShock 1.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via encoded special characters in the forward_to parameter, as demonstrated using "<"<". | ||||
| CVE-2007-1904 | 1 Aol | 2 Icq, Instant Messenger | 2024-11-21 | N/A |
| Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .. (dot dot) in a filename in a file transfer operation. | ||||
| CVE-2007-1903 | 1 Sonicbb | 1 Sonicbb | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in SonicBB 1.0 allows remote attackers to inject arbitrary web script or HTML via the part parameter. | ||||
| CVE-2007-1902 | 1 Sonicbb | 1 Sonicbb | 2024-11-21 | N/A |
| Multiple SQL injection vulnerabilities in SonicBB 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) part and (2) by parameters to (a) search.php, or the (2) id parameter to (b) viewforum.php. | ||||
| CVE-2007-1901 | 1 Sonicbb | 1 Sonicbb | 2024-11-21 | N/A |
| SonicBB 1.0 allows remote attackers to obtain sensitive information via the (1) by[] parameter to search.php, (2) p[] parameter to viewforum.php, and the (3) id parameter to (a) viewforum.php or (b) members.php, which reveal the installation path in the resulting error message. | ||||
| CVE-2007-1900 | 1 Php | 1 Php | 2024-11-21 | N/A |
| CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent part of the address string. | ||||
| CVE-2007-1899 | 1 Mywebland | 1 Mybloggie | 2024-11-21 | N/A |
| Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a viewuser action to index.php, and allow remote authenticated administrators to execute arbitrary SQL commands via (2) the post_id parameter in an edit action to admin.php. | ||||
| CVE-2007-1898 | 8 Apple, Hp, Jetbox and 5 more | 16 Mac Os X, Hp-ux, Tru64 and 13 more | 2024-11-21 | N/A |
| formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters. | ||||
| CVE-2007-1897 | 1 Wordpress | 1 Wordpress | 2024-11-21 | N/A |
| SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable. | ||||
| CVE-2007-1896 | 1 Sky Gunning | 1 Myspeach | 2024-11-21 | N/A |
| Directory traversal vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) and trailing %00 (NULL) in a my_ms[root] cookie. | ||||
| CVE-2007-1895 | 1 Sky Gunning | 1 Myspeach | 2024-11-21 | N/A |
| PHP remote file inclusion vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier, when used with PHP 5, allows remote attackers to execute arbitrary PHP code via an ftp URL in a my_ms[root] cookie, a different vector than CVE-2007-0491 and CVE-2006-4630. | ||||
| CVE-2007-1894 | 1 Wordpress | 1 Wordpress | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function. | ||||
| CVE-2007-1893 | 1 Wordpress | 1 Wordpress | 2024-11-21 | N/A |
| xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post." | ||||
| CVE-2007-1892 | 1 Akamai Technologies | 1 Download Manager | 2024-11-21 | N/A |
| Stack-based buffer overflow in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) before 2.2.1.0 allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2007-1891. | ||||
| CVE-2007-1891 | 1 Akamai Technologies | 1 Download Manager | 2024-11-21 | N/A |
| Stack-based buffer overflow in the GetPrivateProfileSectionW function in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) after 2.0.4.4 but before 2.2.1.0 allows remote attackers to execute arbitrary code, related to misinterpretation of the nSize parameter as a byte count instead of a wide character count. | ||||