Total
287172 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3252 | 1 Portalapp | 1 Portalapp | 2024-11-21 | 7.8 HIGH | N/A |
| PortalApp stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for 8691.mdb, a different vector than CVE-2004-1786. | |||||
| CVE-2007-3251 | 1 E-vision | 1 E-vision Cms | 2024-11-21 | 7.8 HIGH | N/A |
| Multiple directory traversal vulnerabilities in e-Vision CMS 2.02 and earlier allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the adminlang cookie to admin/functions.php or (2) read arbitrary local files via the img parameter to admin/show_img.php. | |||||
| CVE-2007-3250 | 1 Elxis | 1 Elxis Cms | 2024-11-21 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mod_banners.php in Elxis CMS before 2006.4 20070613 allows remote attackers to execute arbitrary SQL commands via the mb_tracker cookie. NOTE: the product was patched without updating the version number; later downloads of 2006.4 are not affected. | |||||
| CVE-2007-3249 | 1 Joomla | 1 Letterman Subscriber | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mod_lettermansubscribe.php in the Letterman Subscriber (mod_letterman) before 1.2.5 module for Joomla! allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter. | |||||
| CVE-2007-3248 | 1 Sun | 1 Solaris | 2024-11-21 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Sun Solaris 10 before 20070614, when IPv6 interfaces are present but not configured for IPsec, allows remote attackers to cause a denial of service (system crash) via certain network traffic. | |||||
| CVE-2007-3247 | 1 Virtuemart | 1 Virtuemart | 2024-11-21 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in VirtueMart before 1.0.11 allows remote attackers to execute arbitrary SQL commands via unspecified parameters, possibly related to improper input validation of the PATH_INFO (PHP_SELF) by virtuemart_parser.php. | |||||
| CVE-2007-3246 | 1 Irc Services | 1 Irc Services | 2024-11-21 | 5.0 MEDIUM | N/A |
| The do_set_password function in modules/chanserv/set.c in IRC Services before 5.0.60 preserves channel founder privileges across a channel password change (ChanServ SET PASSWORD), which allows remote authenticated users to obtain the new password through automated e-mail, or perform privileged actions without knowing the new password. | |||||
| CVE-2007-3245 | 1 Irc Services | 1 Irc Services | 2024-11-21 | 5.0 MEDIUM | N/A |
| IRC Services before 5.0.62, and 5.1 before 5.1pre3, allows remote attackers to disconnect users with guest nicknames by linking a guest nickname to a nickname that is already registered. | |||||
| CVE-2007-3244 | 1 Bbpress | 1 Bbpress | 2024-11-21 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bb-includes/formatting-functions.php in bbPress before 0.8.1 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors to forums/bb-edit.php, as demonstrated by a PRE element, aka the "quircky slashes bug." | |||||
| CVE-2007-3243 | 1 Bbpress | 1 Bbpress | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in bb-login.php in bbPress 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the re parameter. NOTE: exploitation may require forcing the client to send a certain Referer header. | |||||
| CVE-2007-3242 | 2 Web-app.net, Web-app.org | 2 Webapp, Webapp | 2024-11-21 | 7.5 HIGH | N/A |
| The Menu Manager Mod for (1) web-app.net WebAPP (aka WebAPP NE) 0.9.9.3.3 through 0.9.9.8, and (2) web-app.org WebAPP before 0.9.9.6, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the titles of items in a personal menu. | |||||
| CVE-2007-3241 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in blogroll.php in the cordobo-green-park theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI. | |||||
| CVE-2007-3240 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in 404.php in the Vistered-Little theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI) that accesses index.php. NOTE: this can be leveraged for PHP code execution in an administrative session. | |||||
| CVE-2007-3239 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in searchform.php in the AndyBlue theme before 20070607 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to index.php. NOTE: this can be leveraged for PHP code execution in an administrative session. | |||||
| CVE-2007-3238 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 6.0 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability. | |||||
| CVE-2007-3237 | 1 Xoops | 1 Tinycontent Module | 2024-11-21 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin/spaw/spaw_control.class.php in the TinyContent 1.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656. | |||||
| CVE-2007-3236 | 1 Xoops | 1 Horoscope Module | 2024-11-21 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in footer.php in the Horoscope 1.0 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. | |||||
| CVE-2007-3235 | 1 Fuzzylime Forum | 1 Fuzzylime Forum | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.0 allows remote attackers to inject arbitrary web script or HTML via the topic parameter. NOTE: this might be resultant from SQL injection. | |||||
| CVE-2007-3234 | 1 Fuzzylime Forum | 1 Fuzzylime Forum | 2024-11-21 | 7.5 HIGH | N/A |
| SQL injection vulnerability in low.php in Fuzzylime Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the topic parameter. | |||||
| CVE-2007-3233 | 1 Tec-it | 1 Tbarcode Ocx | 2024-11-21 | 5.0 MEDIUM | N/A |
| The TEC-IT TBarCode OCX ActiveX control (TBarCode7.ocx) 7.0.2.3524 allows remote attackers to overwrite arbitrary files via the SaveImage method. | |||||