Total
277657 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-6468 | 1 Hammer Of Thyrion | 1 Hammer Of Thyrion | 2024-11-21 | N/A |
| Buffer overflow in the HuffDecode function in hw_utils/hwrcon/huffman.c and hexenworld/Client/huffman.c in Hammer of Thyrion 1.4.2 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted huffman encoded packet. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-6467 | 1 Mkportal | 1 Mkportal | 2024-11-21 | N/A |
| SQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows remote attackers to execute arbitrary SQL commands via the ida parameter in a gallery foto_show action. | ||||
| CVE-2007-6466 | 1 Freewebshop | 1 Freewebshop | 2024-11-21 | N/A |
| Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the prod parameter in a details action, (2) the cat parameter in a browse list action, or (3) the group parameter in a categories action. NOTE: it was later reported that MOG - Web Shop (MOG-WebShop), a product based on the same code, is also affected. | ||||
| CVE-2007-6465 | 1 Ganglia | 1 Ganglia | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in Ganglia before 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) c and (2) h parameters to (a) web/host_gmetrics.php; the (3) G, (4) me, (5) x, (6) n, (7) v, (8) l, (9) vl, and (10) st parameters to (b) web/graph.php; and the (11) c, (12) G, (13) h, (14) r, (15) m, (16) s, (17) cr, (18) hc, (19) sh, (20) p, (21) t, (22) jr, (23) js, (24) gw, (25) z, and (26) gs parameters to (c) web/get_context.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-6464 | 1 Form Tools | 1 Form Tools | 2024-11-21 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Form tools 1.5.0b allow remote attackers to execute arbitrary PHP code via a URL in the g_root_dir parameter to (1) admin_page_open.php and (2) client_page_open.php in global/templates/. | ||||
| CVE-2007-6463 | 1 Php Real Estate Script | 1 Classifieds | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in PHP Real Estate Classifieds allow remote attackers to inject arbitrary web script or HTML via unspecified "text areas/boxes." | ||||
| CVE-2007-6462 | 1 Php Real Estate Classifieds | 1 Php Real Estate Classifieds Premium Plus | 2024-11-21 | N/A |
| SQL injection vulnerability in fullnews.php in PHP Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-6461 | 1 Flyspray | 1 Flyspray | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flyspray 0.9.9 through 0.9.9.3 allow remote attackers to inject arbitrary web script or HTML via (1) the query string in an index action, related to the savesearch JavaScript function; and (2) the details parameter in a details action, related to the History tab and the getHistory JavaScript function. | ||||
| CVE-2007-6460 | 1 Anon Proxy Server | 1 Anon Proxy Server | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Anon Proxy Server before 0.101 allow remote attackers to inject arbitrary web script or HTML via the URI, which is later displayed by (1) log.php or (2) logerror.php, a different vulnerability than CVE-2007-6459. | ||||
| CVE-2007-6459 | 1 Anon Proxy Server | 1 Anon Proxy Server | 2024-11-21 | N/A |
| Anon Proxy Server 0.100, and probably 0.101, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the host parameter to diagdns.php, and (2) the host parameter and possibly (3) the port parameter to diagconnect.php, a different vulnerability than CVE-2007-6460. | ||||
| CVE-2007-6458 | 1 My123tkshop | 1 E-commerce-suite | 2024-11-21 | N/A |
| SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php. | ||||
| CVE-2007-6457 | 1 Netwin | 1 Surgemail | 2024-11-21 | N/A |
| Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header. | ||||
| CVE-2007-6456 | 1 Planamesa | 1 Neooffice | 2024-11-21 | N/A |
| Unspecified vulnerability in OpenOffice.org code in Planamesa NeoOffice 2.2.2 before Patch 4 has unknown impact and attack vectors related to MacOS 10.3.9 .odb files. NOTE: it is not clear whether this issue is a vulnerability. | ||||
| CVE-2007-6455 | 1 Mambo | 1 Mambo | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Itemid parameter in a com_frontpage option and the (2) option parameter. | ||||
| CVE-2007-6454 | 1 Peercast | 1 Peercast | 2024-11-21 | N/A |
| Heap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request. | ||||
| CVE-2007-6453 | 1 Raiden Professional Servers | 1 Raidenhttpd | 2024-11-21 | N/A |
| Directory traversal vulnerability in raidenhttpd-admin/workspace.php in RaidenHTTPD 2.0.19, when the WebAdmin function is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ulang parameter. | ||||
| CVE-2007-6452 | 1 Google | 1 Web Toolkit | 2024-11-21 | N/A |
| Unspecified vulnerability in the benchmark reporting system in Google Web Toolkit (GWT) before 1.4.61 has unknown impact and attack vectors, possibly related to cross-site scripting (XSS). | ||||
| CVE-2007-6451 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2024-11-21 | N/A |
| Unspecified vulnerability in the CIP dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger allocation of large amounts of memory. | ||||
| CVE-2007-6450 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2024-11-21 | N/A |
| The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. | ||||
| CVE-2007-6441 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2024-11-21 | N/A |
| The WiMAX dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors related to "unaligned access on some platforms." | ||||