Total
277587 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2007-0604 | 1 Six Apart Ltd | 1 Movable Type | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in Movable Type (MT) before 3.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the MTCommentPreviewIsStatic tag, which can open the "comment entry screen," a different vulnerability than CVE-2007-0231. | ||||
CVE-2007-0603 | 1 Pgp | 1 Corporate Desktop | 2024-11-21 | N/A |
PGP Desktop before 9.5.1 does not validate data objects received over the (1) \pipe\pgpserv named pipe for PGPServ.exe or the (2) \pipe\pgpsdkserv named pipe for PGPsdkServ.exe, which allows remote authenticated users to gain privileges by sending a data object representing an absolute pointer, which causes code execution at the corresponding address. | ||||
CVE-2007-0602 | 1 Trend Micro | 1 Viruswall | 2024-11-21 | N/A |
Buffer overflow in libvsapi.so in the VSAPI library in Trend Micro VirusWall 3.81 for Linux, as used by IScan.BASE/vscan, allows local users to gain privileges via a long command line argument, a different vulnerability than CVE-2005-0533. | ||||
CVE-2007-0601 | 1 Aztek Forum | 1 Aztek Forum | 2024-11-21 | N/A |
common/safety.php in Aztek Forum 4.00 allows remote attackers to enter certain data containing %22 sequences (URL encoded double quotes) and other potentially dangerous manipulations by sending a cookie, which bypasses the blacklist matching against the GET and PUT superglobal arrays. | ||||
CVE-2007-0600 | 2 Makit, Martyn Kilbryde | 2 Newsposter Script, Newsposter Script | 2024-11-21 | N/A |
SQL injection vulnerability in news_page.asp in Martyn Kilbryde Newsposter Script (aka makit news/blog poster) 3 and earlier allows remote attackers to execute arbitrary SQL commands via the uid parameter. | ||||
CVE-2007-0599 | 1 Aztek Forum | 1 Aztek Forum | 2024-11-21 | N/A |
Variable overwrite vulnerability in common/config.php in Aztek Forum 4.00 allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as copying arbitrary files using index/common_actions.php, via vectors associated with extract operations on the (1) POST, (2) GET, (3) COOKIE, and (4) SERVER superglobal arrays. | ||||
CVE-2007-0598 | 1 Aztek Forum | 1 Aztek Forum | 2024-11-21 | N/A |
SQL injection vulnerability in forum/load.php in Aztek Forum 4.00 allows remote attackers to execute arbitrary SQL commands via the fid cookie to forum.php. | ||||
CVE-2007-0597 | 1 Aztek Forum | 1 Aztek Forum | 2024-11-21 | N/A |
Aztek Forum 4.00 allows remote attackers to obtain sensitive information via a direct request to forum.php with the fid=XD query string, which reveals the path in an error message. | ||||
CVE-2007-0596 | 1 Aztek Forum | 1 Aztek Forum | 2024-11-21 | N/A |
PHP remote file inclusion vulnerability in index/main.php in Aztek Forum 4.00 allows remote authenticated administrators to execute arbitrary PHP code via a URL in the PF[top_url] parameter. | ||||
CVE-2007-0595 | 1 Designmind | 1 High5 Review Script | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in search in High 5 Review Site allows remote attackers to inject arbitrary web script or HTML via the q parameter (aka the search box). | ||||
CVE-2007-0594 | 1 Siteman | 1 Siteman | 2024-11-21 | N/A |
Siteman 2.0.x2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for db/siteman/users.MYD. | ||||
CVE-2007-0593 | 1 Siteman | 1 Siteman | 2024-11-21 | N/A |
Siteman 1.1.11 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for data/members.txt. | ||||
CVE-2007-0592 | 1 Indexcor | 1 Ezdatabase | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in EzDatabase 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to admin/login.php and the Admin Panel Database. | ||||
CVE-2007-0591 | 1 Vu Le An | 1 Virtual Path | 2024-11-21 | N/A |
PHP remote file inclusion vulnerability in configure.php in Vu Le An Virtual Path (VirtualPath) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
CVE-2007-0590 | 1 Forum Livre | 1 Forum Livre | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in busca2.asp in Forum Livre 1.0 remote attackers to inject arbitrary web script or HTML via the palavra parameter. | ||||
CVE-2007-0589 | 1 Forum Livre | 1 Forum Livre | 2024-11-21 | N/A |
SQL injection vulnerability in Forum Livre 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to info_user.asp. | ||||
CVE-2007-0588 | 1 Apple | 2 Mac Os X, Quicktime | 2024-11-21 | N/A |
The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. NOTE: this issue might overlap CVE-2007-0462. | ||||
CVE-2007-0585 | 1 Webfwlog | 1 Webfwlog | 2024-11-21 | N/A |
include/debug.php in Webfwlog 0.92 and earlier, when register_globals is enabled, allows remote attackers to obtain source code of files via the conffile parameter. NOTE: some of these details are obtained from third party information. It is likely that this issue can be exploited to conduct directory traversal attacks. | ||||
CVE-2007-0584 | 1 G-neric | 1 Php Generic Library And Framework | 2024-11-21 | N/A |
PHP remote file inclusion vulnerability in membres/membreManager.php in PhP Generic Library & Framework for comm (g-neric) allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. | ||||
CVE-2007-0583 | 1 Http Commander | 1 Http Commander | 2024-11-21 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in HTTP Commander 6.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) LogoffMessage parameter to logofflast.aspx or the (2) txtUsername parameter to Default.aspx. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |