| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-2006 | 0.03 | — | 0.01 | Apr 12, 2007 | Multiple SQL injection vulnerabilities in login.php in pL-PHP beta 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) pass parameter. | |||
| CVE-2007-2007 | 0.03 | — | 0.03 | Apr 12, 2007 | admin.php in pL-PHP beta 0.9 allows remote attackers to bypass authentication by setting the is_admin parameter to 1. | |||
| CVE-2007-2008 | 0.03 | — | 0.02 | Apr 12, 2007 | Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | |||
| CVE-2007-2009 | 0.03 | — | 0.03 | Apr 12, 2007 | PHP remote file inclusion vulnerability in index.php in SimpCMS Light 04.10.2007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site parameter. | |||
| CVE-2007-2010 | 0.00 | — | 0.02 | Apr 12, 2007 | Double free vulnerability in bftpd before 1.8 allows remote authenticated users to cause a denial of service (daemon crash) via a (1) get or (2) mget command. | |||
| CVE-2007-2011 | 0.03 | — | 0.02 | Apr 12, 2007 | Cross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||
| CVE-2007-2012 | 0.00 | — | 0.01 | Apr 12, 2007 | Multiple directory traversal vulnerabilities in MimarSinan CompreXX 4.1 allow remote attackers to create files in arbitrary directories via a .. (dot dot) in a (1) .rar, (2) .jar or (3) .zip archive. | |||
| CVE-2007-2013 | 0.03 | — | 0.02 | Apr 12, 2007 | Cross-site scripting (XSS) vulnerability in index.php in JEx-Treme Einfacher Passworschutz allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||
| CVE-2007-2014 | 0.03 | — | 0.02 | Apr 12, 2007 | PHP remote file inclusion vulnerability in include/blocks/week_events.php in MyNews 4.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter, a different vector than CVE-2007-0633. | |||
| CVE-2007-2015 | 0.03 | — | 0.03 | Apr 12, 2007 | PHP remote file inclusion vulnerability in index.php in Request It 1.0b allows remote attackers to execute arbitrary PHP code via a URL in the id parameter. | |||
| CVE-2007-2016 | 0.00 | — | 0.01 | Apr 12, 2007 | Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the lang[] parameter. | |||
| CVE-2007-2017 | 0.00 | — | 0.02 | Apr 12, 2007 | siteadmin/useredit.php in AlstraSoft Video Share Enterprise does not check authentication, which allows remote attackers to obtain or modify user information via a direct request. | |||
| CVE-2007-2018 | 0.00 | — | 0.01 | Apr 12, 2007 | SQL injection vulnerability in msg.php in AlstraSoft Video Share Enterprise allows remote authenticated users to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2007-2019 | 0.03 | — | 0.03 | Apr 12, 2007 | PHP remote file inclusion vulnerability in init.gallery.php in phpGalleryScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the include_class parameter. | |||
| CVE-2007-2020 | Cri | 0.64 | 9.8 | 0.03 | Apr 12, 2007 | Unspecified vulnerability in administration.php in xodagallery allows remote attackers to execute arbitrary code via the cmd parameter. NOTE: CVE disputes this vulnerability because administration.php does not use the cmd parameter for inclusion | ||
| CVE-2007-2021 | 0.00 | — | 0.01 | Apr 12, 2007 | Multiple PHP remote file inclusion vulnerabilities in Pineapple Technologies Lore 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang_path parameter to third_party/phpmailer/class.phpmailer.php or the (2) get_plugin_file_path parameter to… | |||
| CVE-2007-1989 | 0.03 | — | 0.02 | Apr 12, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in DotClear before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post_id parameter to ecrire/trackback.php or the (2) tool_url parameter to tools/thememng/index.php. NOTE: some of these… | |||
| CVE-2007-1990 | 0.00 | — | 0.01 | Apr 12, 2007 | PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlog, possibly 1.0 through 1.6, allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, a different vector than CVE-2007-1968. NOTE: the provenance of this information is unknown;… | |||
| CVE-2007-1991 | 0.00 | — | 0.01 | Apr 12, 2007 | Cross-site scripting (XSS) vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927. | |||
| CVE-2007-1992 | 0.03 | — | 0.06 | Apr 12, 2007 | Multiple PHP remote file inclusion vulnerabilities in the com_zoom 2.5 beta 2 and earlier module for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) EXIF_Makernote.php or (2) EXIF.php in classes/iptc/. | |||
| CVE-2007-1993 | 0.01 | — | 0.08 | Apr 12, 2007 | Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File System (PFS) in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to execute arbitrary code by sending "a call to procedure 5, followed by a crafted payload to procedure 2." | |||
| CVE-2007-1994 | 0.00 | — | 0.00 | Apr 12, 2007 | Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.00 allows local users to cause a denial of service via unknown vectors. NOTE: due to lack of vendor details, it is not clear whether this is the same as… | |||
| CVE-2007-1995 | 0.00 | — | 0.02 | Apr 12, 2007 | bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages… | |||
| CVE-2007-1996 | 0.03 | — | 0.02 | Apr 12, 2007 | PHP remote file inclusion vulnerability in codebreak.php in CodeBreak, probably 1.1.2 and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the process_method parameter. | |||
| CVE-2007-1979 | 0.03 | — | 0.02 | Apr 12, 2007 | SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the get_blogid_from_postid function in class/PopnupBlogUtils.php. NOTE: later… | |||
| CVE-2007-1980 | 0.03 | — | 0.01 | Apr 12, 2007 | SQL injection vulnerability in index.php in the Topliste 1.0 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||
| CVE-2007-1981 | 0.00 | — | 0.02 | Apr 12, 2007 | The safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier on Windows allows remote attackers to cause a denial of service (daemon crash) via a long meta list command. | |||
| CVE-2007-1982 | 0.04 | — | 0.10 | Apr 12, 2007 | Multiple PHP remote file inclusion vulnerabilities in Really Simple PHP and Ajax (RSPA) 2007-03-23 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) __IncludeFilePHPClass, (2) __ClassPath, and (3) __class parameters to (a)… | |||
| CVE-2007-1983 | 0.03 | — | 0.03 | Apr 12, 2007 | PHP remote file inclusion vulnerability in include/default_header.php in Cyboards PHP Lite 1.21 allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter, a different vector than CVE-2006-2871. | |||
| CVE-2007-1984 | 0.00 | — | 0.01 | Apr 12, 2007 | PHP remote file inclusion vulnerability in index.php in lite-cms 0.2.1 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter. | |||
| CVE-2007-1985 | 0.00 | — | 0.01 | Apr 12, 2007 | Multiple PHP remote file inclusion vulnerabilities in phpexplorator.php in phpexplorator 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd or (2) lang_path parameter. | |||
| CVE-2007-1986 | 0.03 | — | 0.04 | Apr 12, 2007 | Multiple PHP remote file inclusion vulnerabilities in barnraiser AROUNDMe 0.7.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_path_core parameter to inc/core_profile.header.php, the (2) template_path_core parameter to… | |||
| CVE-2007-1987 | 0.00 | — | 0.01 | Apr 12, 2007 | Multiple PHP remote file inclusion vulnerabilities in PHPEcho CMS 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) _plugin_file parameter to smarty/internals/core.load_pulgins.php or the (2) root_path parameter to index.php. NOTE: CVE disputes (1)… | |||
| CVE-2007-1988 | 0.00 | — | 0.01 | Apr 12, 2007 | Cross-site scripting (XSS) vulnerability in kernel/filters.inc.php in PHPEcho CMS 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||
| CVE-2007-1974 | 0.03 | — | 0.06 | Apr 12, 2007 | SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute… | |||
| CVE-2007-1975 | 0.00 | — | 0.02 | Apr 12, 2007 | Multiple PHP remote file inclusion vulnerabilities in SLAED CMS 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) path parameter to admin/admin.php or the (2) modpath parameter to index.php. | |||
| CVE-2007-1976 | 0.00 | — | 0.02 | Apr 12, 2007 | PHP remote file inclusion vulnerability in index.php in the Virii Info 1.10 and earlier module for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. NOTE: the issue has been disputed by a reliable third party, stating… | |||
| CVE-2007-1977 | 0.00 | — | 0.01 | Apr 12, 2007 | Cross-site scripting (XSS) vulnerability in index_cms.php in holaCMS 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the acuparam parameter. | |||
| CVE-2007-1978 | 0.03 | — | 0.01 | Apr 12, 2007 | SQL injection vulnerability in index.php in the Arcade 1.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view_game_list action. | |||
| CVE-2007-1973 | 0.00 | — | 0.01 | Apr 11, 2007 | Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 allows local users to modify memory and gain privileges via the temporary \Device\PhysicalMemory section handle, a related issue to CVE-2007-1206. | |||
| CVE-2007-1279 | 0.00 | — | 0.01 | Apr 11, 2007 | Unspecified vulnerability in the installer for Adobe Bridge 1.0.3 update for Apple OS X, when patching with desktop management tools, allows local users to gain privileges via unspecified vectors during installation of the update by a different user who has administrative… | |||
| CVE-2007-1363 | 0.03 | — | 0.01 | Apr 11, 2007 | Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the delete action in (a) search.php or (b) search-pda.php, or the (2) calories parameter in a save action in editlogcal.php. | |||
| CVE-2007-1364 | 0.03 | — | 0.02 | Apr 11, 2007 | DropAFew before 0.2.1 does not require authorization for certain privileged actions, which allows remote attackers to (1) view the logged calorie information of arbitrary users via the id parameter in editlogcal.php, (2) add arbitrary links via links.php, or (3) create arbitrary… | |||
| CVE-2007-1559 | 0.06 | — | 0.32 | Apr 11, 2007 | Multiple stack-based buffer overflows in SonicDVDDashVRNav.dll in Roxio CinePlayer 3.2 allow remote attackers to execute arbitrary code via (1) unspecified long property values to SonicMediaPlayer.dll or (2) long arguments to unspecified methods in SonicMediaPlayer.dll. | |||
| CVE-2007-1874 | 0.00 | — | 0.01 | Apr 11, 2007 | Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the (1) CFMX7DreamWeaverExtensions.mxp, (2) CFReportBuilderInstaller.exe, (3)… | |||
| CVE-2007-1958 | 0.00 | — | 0.01 | Apr 11, 2007 | Buffer overflow in TinyMUX before 2.4 allows attackers to cause a denial of service via unspecified vectors related to "too many substring matches in a regexp $-command." NOTE: some of these details are obtained from third party information. | |||
| CVE-2007-1959 | 0.00 | — | 0.01 | Apr 11, 2007 | Unspecified vulnerability in the process_cmdent function in command.cpp in TinyMUX before 2.4 has unknown impact and attack vectors, related to lack of the "'other half' of buffer overflow protection." | |||
| CVE-2007-1960 | 0.03 | — | 0.01 | Apr 11, 2007 | SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS, and possibly other versions up to 1.10, allows remote attackers to execute arbitrary SQL commands via the lid parameter. | |||
| CVE-2007-1961 | 0.03 | — | 0.02 | Apr 11, 2007 | PHP remote file inclusion vulnerability in mutant_functions.php in the Mutant 0.9.2 portal for phpBB 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||
| CVE-2007-1962 | 0.03 | — | 0.01 | Apr 11, 2007 | SQL injection vulnerability in index.php in the WF-Snippets 1.02 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action. |
- CVE-2007-2006Apr 12, 2007risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in login.php in pL-PHP beta 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) pass parameter.
- CVE-2007-2007Apr 12, 2007risk 0.03cvss —epss 0.03
admin.php in pL-PHP beta 0.9 allows remote attackers to bypass authentication by setting the is_admin parameter to 1.
- CVE-2007-2008Apr 12, 2007risk 0.03cvss —epss 0.02
Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
- CVE-2007-2009Apr 12, 2007risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in index.php in SimpCMS Light 04.10.2007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site parameter.
- CVE-2007-2010Apr 12, 2007risk 0.00cvss —epss 0.02
Double free vulnerability in bftpd before 1.8 allows remote authenticated users to cause a denial of service (daemon crash) via a (1) get or (2) mget command.
- CVE-2007-2011Apr 12, 2007risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
- CVE-2007-2012Apr 12, 2007risk 0.00cvss —epss 0.01
Multiple directory traversal vulnerabilities in MimarSinan CompreXX 4.1 allow remote attackers to create files in arbitrary directories via a .. (dot dot) in a (1) .rar, (2) .jar or (3) .zip archive.
- CVE-2007-2013Apr 12, 2007risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in index.php in JEx-Treme Einfacher Passworschutz allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
- CVE-2007-2014Apr 12, 2007risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in include/blocks/week_events.php in MyNews 4.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter, a different vector than CVE-2007-0633.
- CVE-2007-2015Apr 12, 2007risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in index.php in Request It 1.0b allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.
- CVE-2007-2016Apr 12, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the lang[] parameter.
- CVE-2007-2017Apr 12, 2007risk 0.00cvss —epss 0.02
siteadmin/useredit.php in AlstraSoft Video Share Enterprise does not check authentication, which allows remote attackers to obtain or modify user information via a direct request.
- CVE-2007-2018Apr 12, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in msg.php in AlstraSoft Video Share Enterprise allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
- CVE-2007-2019Apr 12, 2007risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in init.gallery.php in phpGalleryScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the include_class parameter.
- risk 0.64cvss 9.8epss 0.03
Unspecified vulnerability in administration.php in xodagallery allows remote attackers to execute arbitrary code via the cmd parameter. NOTE: CVE disputes this vulnerability because administration.php does not use the cmd parameter for inclusion
- CVE-2007-2021Apr 12, 2007risk 0.00cvss —epss 0.01
Multiple PHP remote file inclusion vulnerabilities in Pineapple Technologies Lore 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang_path parameter to third_party/phpmailer/class.phpmailer.php or the (2) get_plugin_file_path parameter to…
- CVE-2007-1989Apr 12, 2007risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in DotClear before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post_id parameter to ecrire/trackback.php or the (2) tool_url parameter to tools/thememng/index.php. NOTE: some of these…
- CVE-2007-1990Apr 12, 2007risk 0.00cvss —epss 0.01
PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlog, possibly 1.0 through 1.6, allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, a different vector than CVE-2007-1968. NOTE: the provenance of this information is unknown;…
- CVE-2007-1991Apr 12, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927.
- CVE-2007-1992Apr 12, 2007risk 0.03cvss —epss 0.06
Multiple PHP remote file inclusion vulnerabilities in the com_zoom 2.5 beta 2 and earlier module for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) EXIF_Makernote.php or (2) EXIF.php in classes/iptc/.
- CVE-2007-1993Apr 12, 2007risk 0.01cvss —epss 0.08
Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File System (PFS) in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to execute arbitrary code by sending "a call to procedure 5, followed by a crafted payload to procedure 2."
- CVE-2007-1994Apr 12, 2007risk 0.00cvss —epss 0.00
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.00 allows local users to cause a denial of service via unknown vectors. NOTE: due to lack of vendor details, it is not clear whether this is the same as…
- CVE-2007-1995Apr 12, 2007risk 0.00cvss —epss 0.02
bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages…
- CVE-2007-1996Apr 12, 2007risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in codebreak.php in CodeBreak, probably 1.1.2 and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the process_method parameter.
- CVE-2007-1979Apr 12, 2007risk 0.03cvss —epss 0.02
SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the get_blogid_from_postid function in class/PopnupBlogUtils.php. NOTE: later…
- CVE-2007-1980Apr 12, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the Topliste 1.0 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter.
- CVE-2007-1981Apr 12, 2007risk 0.00cvss —epss 0.02
The safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier on Windows allows remote attackers to cause a denial of service (daemon crash) via a long meta list command.
- CVE-2007-1982Apr 12, 2007risk 0.04cvss —epss 0.10
Multiple PHP remote file inclusion vulnerabilities in Really Simple PHP and Ajax (RSPA) 2007-03-23 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) __IncludeFilePHPClass, (2) __ClassPath, and (3) __class parameters to (a)…
- CVE-2007-1983Apr 12, 2007risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in include/default_header.php in Cyboards PHP Lite 1.21 allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter, a different vector than CVE-2006-2871.
- CVE-2007-1984Apr 12, 2007risk 0.00cvss —epss 0.01
PHP remote file inclusion vulnerability in index.php in lite-cms 0.2.1 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter.
- CVE-2007-1985Apr 12, 2007risk 0.00cvss —epss 0.01
Multiple PHP remote file inclusion vulnerabilities in phpexplorator.php in phpexplorator 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd or (2) lang_path parameter.
- CVE-2007-1986Apr 12, 2007risk 0.03cvss —epss 0.04
Multiple PHP remote file inclusion vulnerabilities in barnraiser AROUNDMe 0.7.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_path_core parameter to inc/core_profile.header.php, the (2) template_path_core parameter to…
- CVE-2007-1987Apr 12, 2007risk 0.00cvss —epss 0.01
Multiple PHP remote file inclusion vulnerabilities in PHPEcho CMS 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) _plugin_file parameter to smarty/internals/core.load_pulgins.php or the (2) root_path parameter to index.php. NOTE: CVE disputes (1)…
- CVE-2007-1988Apr 12, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in kernel/filters.inc.php in PHPEcho CMS 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
- CVE-2007-1974Apr 12, 2007risk 0.03cvss —epss 0.06
SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute…
- CVE-2007-1975Apr 12, 2007risk 0.00cvss —epss 0.02
Multiple PHP remote file inclusion vulnerabilities in SLAED CMS 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) path parameter to admin/admin.php or the (2) modpath parameter to index.php.
- CVE-2007-1976Apr 12, 2007risk 0.00cvss —epss 0.02
PHP remote file inclusion vulnerability in index.php in the Virii Info 1.10 and earlier module for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. NOTE: the issue has been disputed by a reliable third party, stating…
- CVE-2007-1977Apr 12, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in index_cms.php in holaCMS 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the acuparam parameter.
- CVE-2007-1978Apr 12, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the Arcade 1.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view_game_list action.
- CVE-2007-1973Apr 11, 2007risk 0.00cvss —epss 0.01
Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 allows local users to modify memory and gain privileges via the temporary \Device\PhysicalMemory section handle, a related issue to CVE-2007-1206.
- CVE-2007-1279Apr 11, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in the installer for Adobe Bridge 1.0.3 update for Apple OS X, when patching with desktop management tools, allows local users to gain privileges via unspecified vectors during installation of the update by a different user who has administrative…
- CVE-2007-1363Apr 11, 2007risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the delete action in (a) search.php or (b) search-pda.php, or the (2) calories parameter in a save action in editlogcal.php.
- CVE-2007-1364Apr 11, 2007risk 0.03cvss —epss 0.02
DropAFew before 0.2.1 does not require authorization for certain privileged actions, which allows remote attackers to (1) view the logged calorie information of arbitrary users via the id parameter in editlogcal.php, (2) add arbitrary links via links.php, or (3) create arbitrary…
- CVE-2007-1559Apr 11, 2007risk 0.06cvss —epss 0.32
Multiple stack-based buffer overflows in SonicDVDDashVRNav.dll in Roxio CinePlayer 3.2 allow remote attackers to execute arbitrary code via (1) unspecified long property values to SonicMediaPlayer.dll or (2) long arguments to unspecified methods in SonicMediaPlayer.dll.
- CVE-2007-1874Apr 11, 2007risk 0.00cvss —epss 0.01
Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the (1) CFMX7DreamWeaverExtensions.mxp, (2) CFReportBuilderInstaller.exe, (3)…
- CVE-2007-1958Apr 11, 2007risk 0.00cvss —epss 0.01
Buffer overflow in TinyMUX before 2.4 allows attackers to cause a denial of service via unspecified vectors related to "too many substring matches in a regexp $-command." NOTE: some of these details are obtained from third party information.
- CVE-2007-1959Apr 11, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in the process_cmdent function in command.cpp in TinyMUX before 2.4 has unknown impact and attack vectors, related to lack of the "'other half' of buffer overflow protection."
- CVE-2007-1960Apr 11, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS, and possibly other versions up to 1.10, allows remote attackers to execute arbitrary SQL commands via the lid parameter.
- CVE-2007-1961Apr 11, 2007risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in mutant_functions.php in the Mutant 0.9.2 portal for phpBB 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
- CVE-2007-1962Apr 11, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the WF-Snippets 1.02 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action.