Total
29867 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2025 | 1 Phpwiki | 1 Phpwiki | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file. | ||||
| CVE-2007-2036 | 1 Cisco | 1 Wireless Lan Controller Software | 2025-04-09 | N/A |
| The SNMP implementation in the Cisco Wireless LAN Controller (WLC) before 20070419 uses the default read-only community public, and the default read-write community private, which allows remote attackers to read and modify SNMP variables, aka Bug ID CSCse02384. | ||||
| CVE-2007-2042 | 1 Avant-garde Solutions | 1 Mosmedia | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite 1.0.6 and earlier module for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) support.html.php or (2) info.html.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-2068 | 1 Storefront For Gallery | 1 Storefront Gallery | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the StoreFront mods for Gallery allow remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter to (1) mods/business_functions.php or (2) mods/ui_functions.php. | ||||
| CVE-2007-2081 | 1 Myblog | 1 Myblog | 2025-04-09 | N/A |
| MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication requirements via the admin cookie parameter to certain admin files, as demonstrated by admin/settings.php. | ||||
| CVE-2007-2083 | 1 Zonelabs | 1 Zonealarm | 2025-04-09 | N/A |
| vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (system crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateKey and (2) NtDeleteFile functions. | ||||
| CVE-2007-2088 | 1 Sitebar | 1 Sitebar | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Sitebar 3.3.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) writerFile parameter to index.php and the (2) file parameter to Integrator.php. | ||||
| CVE-2007-2090 | 1 Tumusika Evolution | 1 Tumusika Evolution | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in TuMusika Evolution 1.6 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | ||||
| CVE-2007-2092 | 1 Limesoft | 1 Limesoft Guestbook | 2025-04-09 | N/A |
| Direct static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook) allows remote attackers to inject arbitrary PHP code into posts.txt via the name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-2096 | 1 Hinton Design | 1 Phphd Download System | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in common.php in Hinton Design PHPHD Download System (phphd_downloads) allows remote attackers to execute arbitrary PHP code via a URL in the phphd_real_path parameter. NOTE: this issue may be present in versions from 2006. | ||||
| CVE-2007-2100 | 1 Fac Guestbook | 1 Fac Guestbook | 2025-04-09 | N/A |
| FAC Guestbook 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/Gdb.mdb. | ||||
| CVE-2007-2102 | 1 My Little Homepage | 1 My Little Weblog | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vector than CVE-2006-6087. | ||||
| CVE-2007-2105 | 1 Monkey Cms | 1 Monkey Cms | 2025-04-09 | N/A |
| Directory traversal vulnerability in admin/index.php in Monkey CMS 0.0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the admin_skin parameter. | ||||
| CVE-2007-2131 | 1 Oracle | 1 Peoplesoft Enterprise | 2025-04-09 | N/A |
| Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.22.14, 8.47.12, and 8.48.08 has unknown impact and attack vectors, aka PSE01. | ||||
| CVE-2007-2133 | 1 Oracle | 1 Peoplesoft Enterprise | 2025-04-09 | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise Human Capital Management component in Oracle PeopleSoft Enterprise 8.9 has unknown impact and attack vectors, aka PSEHCM01. | ||||
| CVE-2007-2140 | 1 Franklin Huang | 1 Flip-search-add-on | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in everything.php in Franklin Huang Flip (aka Flip-search-add-on) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter. | ||||
| CVE-2007-2143 | 1 Bonoestente | 1 Joomla Template Be2004-2 | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in index.php in the Be2004-2 template for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2007-2145 | 1 Minigal | 1 Minigal | 2025-04-09 | N/A |
| The imagecomments function in classes.php in MiniGal b13 allows remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the input parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-2148 | 1 Stephen Craton | 1 Chatness | 2025-04-09 | N/A |
| Direct static code injection vulnerability in admin/save.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.html and foot.html, which are included and executed upon a direct request for index.php. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers. | ||||
| CVE-2007-2150 | 1 Bluearc | 1 Titan | 2025-04-09 | N/A |
| BlueArc-FTPD in BlueArc Titan 2x00 devices with firmware 4.2.944b allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command, a variant of CVE-1999-0017. | ||||