Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0146 | 1 Fix And Chips Computer Services | 1 Fix And Chips Cms | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) delete-announce.php; the (2) Announcement form field in (b) staff.php; the (3) Client Name, (4) Business Name, (5) Street, (6) Address 2, (7) Town/City, (8) Postcode, (9) Phone Number, (10) Email Address and (11) Website Address form fields in (c) new_customer.php; and unspecified fields in (d) search.php and (e) client-results.php. | ||||
| CVE-2007-2576 | 1 East Wind Software | 1 Advdaudio.ocx | 2025-04-09 | N/A |
| Buffer overflow in the East Wind Software advdaudio.ocx 1.5.1.1 ActiveX control allows user-assisted remote attackers to execute arbitrary code via a long OpenDVD property value. NOTE: this issue might be related to CVE-2007-0976. | ||||
| CVE-2006-5412 | 1 Php Outburst | 1 Easynews | 2025-04-09 | N/A |
| admin.php in PHP Outburst Easynews 4.4.1 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication, and gain the ability to execute arbitrary code, via the en_login_id parameter. | ||||
| CVE-2006-5433 | 1 Timm Maass | 1 Alice Cms | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in modules/guestbook/index.php in ALiCE-CMS 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[local_root] parameter. | ||||
| CVE-2006-5497 | 1 Middlebury College | 1 Segue Cms | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in themes/program/themesettings.inc.php in Segue CMS 1.5.8 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the themesdir parameter. | ||||
| CVE-2006-5241 | 1 Opendock | 1 Easy Gallery | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Gallery 1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) file.php; (2) find_user.php, (3) lib_user.php, (4) lib_form_user.php, and (5) user.php in sw/lib_user/; (6) find_session.php and (7) session.php in sw/lib_session/; (8) comment.php and (9) lib_comment.php in sw/lib_comment/; and other unspecified PHP scripts. | ||||
| CVE-2007-0019 | 1 Maxum Development Corporation | 1 Rumpus Ftp Server | 2025-04-09 | N/A |
| Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earlier (1) allow remote authenticated users to execute arbitrary code via a long LIST command and other unspecified requests to the FTP service, and (2) allow remote attackers to execute arbitrary code via unspecified requests to the HTTP service. | ||||
| CVE-2007-0542 | 1 212cafe | 1 Guestbook | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in show.php in 212cafe Guestbook 4.00 beta allows remote attackers to inject arbitrary web script or HTML via the user parameter. | ||||
| CVE-2007-0356 | 2 Common Controls Replacement Project, Microsoft | 2 Foldertreeview Activex Control, Ie | 2025-04-09 | N/A |
| The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6.ocx) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP.RootFolder property value. | ||||
| CVE-2007-0543 | 1 Zixforum | 1 Zixforum | 2025-04-09 | N/A |
| ZixForum 1.14 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for Zixforum.mdb. NOTE: a followup post suggests that this issue only occurs if the administrator does not properly follow installation directions. | ||||
| CVE-2007-0544 | 1 Mybb | 1 Mybb | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949. | ||||
| CVE-2007-0357 | 1 Fritzdsl | 1 Fritzdsl | 2025-04-09 | N/A |
| Directory traversal vulnerability in the AVM IGD CTRL Service in Fritz!DSL 02.02.29 allows remote attackers to read arbitrary files via ..%5C (URL-encoded dot dot backslash) sequences in a URI requested from the AR7 webserver. | ||||
| CVE-2007-0546 | 1 Toxiclab | 1 Shoutbox | 2025-04-09 | N/A |
| Toxiclab Shoutbox 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db.mdb. | ||||
| CVE-2007-0552 | 1 Oh No Not Another Cms | 1 Oh No Not Another Cms | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in install/default/error404.html in Oh no! Not another CMS (Onnac) 0.0.8.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the error_url parameter. | ||||
| CVE-2007-0553 | 1 Phproxy | 1 Phproxy | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.inc.php in PHProxy before 0.5 beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) data[realm] and (2) _url parameters, different vectors than CVE-2004-2604. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-0554 | 1 Guo Xu Guos Posting System | 1 Guo Xu Guos Posting System | 2025-04-09 | N/A |
| SQL injection vulnerability in print.asp in Guo Xu Guos Posting System (GPS) 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-3572 | 1 Yoggie | 2 Pico, Pico Pro | 2025-04-09 | N/A |
| Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in the web interface on the Yoggie Pico and Pico Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the param parameter, as demonstrated by URL encoded "`" (backtick) characters (%60 sequences). | ||||
| CVE-2007-0371 | 1 Common Controls Replacement Project | 1 Browsedialog Server | 2025-04-09 | N/A |
| A certain ActiveX control in the Common Controls Replacement Project (CCRP) CCRP BrowseDialog Server (ccrpbds6.dll) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP_BDc.SelectedFolder property value. | ||||
| CVE-2007-3579 | 1 Phpids | 1 Phpids | 2025-04-09 | N/A |
| PHPIDS before 20070703 does not properly handle setting the .text property of a SCRIPT element before its attachment to the DOM, which allows remote attackers to inject arbitrary web script. | ||||
| CVE-2007-3581 | 1 Jedox | 1 Palo | 2025-04-09 | N/A |
| The Jedox Palo 1.5 client transmits the password in cleartext, which might allow remote attackers to obtain the password by sniffing the network, as demonstrated by starting Excel with the Palo plugin, opening a cube, and performing an Insert View. | ||||