Total
29870 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0518 | 1 Scriptsez | 1 Smart Php Subscriber | 2025-04-09 | N/A |
| Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain encoded passwords via a direct request for pwd.txt. | ||||
| CVE-2006-6850 | 1 Shadowed Works | 1 Shadowed Portal | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in include.php in the Roster Module (character_roster) in Shadowed Portal 5.7 allows remote attackers to execute arbitrary PHP code via a URL in the mod_root parameter. | ||||
| CVE-2007-0368 | 1 Michiel Broek | 1 Mbse-bbs | 2025-04-09 | N/A |
| Stack-based buffer overflow in mbse-bbs 0.70 and earlier allows local users to execute arbitrary code via a long string in the MBSE_ROOT environment variable. | ||||
| CVE-2007-0365 | 1 Nicola Asuni | 1 All In One Control Panel | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.009 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this is probably a different vulnerability than CVE-2006-5830. | ||||
| CVE-2007-0321 | 1 Macrovision | 1 Flexnet Connect | 2025-04-09 | N/A |
| Buffer overflow in the Update Service Agent ActiveX Control in isusweb.dll for Macrovision FLEXnet Connect (formerly InstallShield Update Service) allows remote attackers to execute arbitrary code via the Download method. | ||||
| CVE-2007-4626 | 1 Polipo | 1 Polipo | 2025-04-09 | N/A |
| Unspecified vulnerability in Polipo before 1.0.2 allows remote attackers to cause a denial of service (daemon crash) via certain network traffic associated with entities larger than 2 Gb. | ||||
| CVE-2007-0329 | 1 Joonas Viljanen | 1 Jv2 Folder Gallery | 2025-04-09 | N/A |
| download.php in Joonas Viljanen JV2 Folder Gallery allows remote attackers to read sensitive files via a relative pathname in the file parameter, as demonstrated by config/gallerysetup.php. NOTE: this issue might be resultant from a directory traversal vulnerability. | ||||
| CVE-2007-0334 | 1 Ingate | 1 Firewall And Siparator | 2025-04-09 | N/A |
| Unspecified vulnerability in the SIP module in InGate Firewall and SIParator before 4.5.1 allows remote attackers to conduct replay attacks on the authentication mechanism via unknown vectors. | ||||
| CVE-2007-0343 | 1 Openbsd | 1 Openbsd | 2025-04-09 | N/A |
| OpenBSD before 20070116 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via certain IPv6 ICMP (aka ICMP6) echo request packets. | ||||
| CVE-2007-0349 | 1 Nicecoder | 1 Indexu | 2025-04-09 | N/A |
| Directory traversal vulnerability in upgrade.php in nicecoder.com INDEXU 5.x allows remote attackers to include arbitrary local files via a .. (dot dot) in the gateway parameter. | ||||
| CVE-2007-0351 | 2 Microsoft, Zonelabs | 3 Windows 2003 Server, Windows Xp, Zonealarm | 2025-04-09 | N/A |
| Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user. | ||||
| CVE-2007-0354 | 1 Mgb | 1 Opensource Guestbook | 2025-04-09 | N/A |
| SQL injection vulnerability in email.php in MGB OpenSource Guestbook 0.5.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-0361 | 1 Comscripts | 1 Phpmyphorum | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in mep/frame.php in PHPMyphorum 1.5a allows remote attackers to execute arbitrary PHP code via a URL in the chem parameter. | ||||
| CVE-2007-0362 | 1 Freshreader | 1 Freshreader | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the RSS feed component in FreshReader before 1.0.07010600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to tag attributes. | ||||
| CVE-2007-0319 | 1 Motive Incorporated | 2 Self Service Manager, Service Activation Manager | 2025-04-09 | N/A |
| Multiple stack-based buffer overflows in the Motive ActiveEmailTest.EmailData (ActiveUtils EmailData) ActiveX control in ActiveUtils.dll in Motive Service Activation Manager 5.1 and Self Service Manager 5.1 and earlier allow remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2007-0317 | 1 Filezilla | 1 Filezilla | 2025-04-09 | N/A |
| Format string vulnerability in the LogMessage function in FileZilla before 3.0.0-beta5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted arguments. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-0316 | 1 All In One Control Panel | 1 All In One Control Panel | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.010 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) xuser_name parameter to shared/code/cp_authorization.php, and the (2) did parameter to public/code/cp_downloads.php, different vectors than CVE-2007-0223. | ||||
| CVE-2007-0309 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-09 | N/A |
| SQL injection vulnerability in blocks/block-Old_Articles.php in Francisco Burzi PHP-Nuke 7.9 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter. | ||||
| CVE-2007-0303 | 1 Pancake.org | 1 Zina | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in Zina 1.0rc1 and earlier have unknown impact and attack vectors related to "Potential security bugs." | ||||
| CVE-2007-0302 | 1 Instantasp | 1 Instantasp | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in InstantASP 4.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to (a) Logon.aspx, and the (2) Username and (3) Update parameters to (b) Members1.aspx. | ||||