Vulnerabilities (CVE)

Total 287172 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-1421 1 Premod Subdog 1 Premod Subdog 2024-11-21 10.0 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in Premod SubDog 2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) functions_kb.php, (2) themen_portal_mitte.php, or (3) logger_engine.php in includes/.
CVE-2007-1420 2 Mysql, Oracle 2 Mysql, Mysql 2024-11-21 2.1 LOW N/A
MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function.
CVE-2007-1419 1 Sun 1 Java Dynamic Management Kit 2024-11-21 4.3 MEDIUM N/A
The Java Management Extensions Remote API Remote Method Invocation over Internet Inter-ORB Protocol (JMX RMI-IIOP) API in Java Dynamic Management Kit 5.1 before 20070309 does not properly enforce the java.policy, which allows local users to obtain certain MBeans data access by operating a server application accessed by a privileged remote authenticated user.
CVE-2007-1418 1 Mindtouch 1 Dekiwiki 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in skins/ace/popup-notopic.php in MindTouch OpenGarden DekiWiki before Gooseberry++ allows remote attackers to inject arbitrary web script or HTML via the message parameter.
CVE-2007-1417 1 Hc Design 1 Newssystem 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in index.php in HC NEWSSYSTEM 1.0-4 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a komm aktion.
CVE-2007-1416 1 Jccorp 1 Urlshrink 2024-11-21 10.0 HIGH N/A
PHP remote file inclusion vulnerability in createurl.php in JCcorp (aka James Coyle) URLshrink allows remote attackers to execute arbitrary PHP code via a URL in the formurl parameter.
CVE-2007-1415 1 Pmb Services 1 Pmb Services 2024-11-21 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in PMB Services 3.0.13 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) class_path parameter to (a) includes/resa_func.inc.php (b) admin/notices/perso.inc.php, or (c) admin/quotas/main.inc.php; the (2) base_path parameter to (d) opac_css/rec_panier.php or (e) opac_css/includes/author_see.inc.php; or the (3) include_path parameter to (f) bull_info.inc.php or (g) misc.inc.php in includes/; (h) options_date_box.php, (i) options_file_box.php, (j) options_list.php, (k) options_query_list.php, or (l) options_text.php in includes/options/; (m) options.php, (n) options_comment.php, (o) options_date_box.php, (p) options_list.php, (q) options_query_list.php, or (r) options_text.php in includes/options_empr/; or (s) admin/import/iimport_expl.php, (t) admin/netbase/clean.php, (u) admin/param/param_func.inc.php, (v) admin/sauvegarde/lieux.inc.php, (w) autorites.php, (x) account.php, (y) cart.php, or (z) edit.php.
CVE-2007-1414 1 Coppermine 1 Coppermine Photo Gallery 2024-11-21 10.0 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter to (c) include/functions.php, (d) include/plugin_api.inc.php, (e) index.php, or (f) pluginmgr.php.
CVE-2007-1413 1 Php 1 Php 2024-11-21 7.5 HIGH N/A
Buffer overflow in the snmpget function in the snmp extension in PHP 5.2.3 and earlier, including PHP 4.4.6 and probably other PHP 4 versions, allows context-dependent attackers to execute arbitrary code via a long value in the third argument (object id).
CVE-2007-1412 1 Php 1 Php 2024-11-21 7.8 HIGH N/A
The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 allows context-dependent attackers to obtain sensitive information (script source code) via a long string in the second argument.
CVE-2007-1411 1 Php 1 Php 2024-11-21 6.8 MEDIUM N/A
Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 versions, allows local and possibly remote attackers to execute arbitrary code via long server name arguments to the (1) mssql_connect and (2) mssql_pconnect functions.
CVE-2007-1410 1 Gaziyapboz 1 Game Portal 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in kategori.asp in GaziYapBoz Game Portal allows remote attackers to execute arbitrary SQL commands via the kategori parameter.
CVE-2007-1409 1 Wordpress 1 Wordpress 2024-11-21 5.0 MEDIUM N/A
WordPress allows remote attackers to obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message.
CVE-2007-1408 1 Vallheru 1 Vallheru 2024-11-21 10.0 HIGH N/A
Multiple vulnerabilities in (1) bank.php, (2) landfill.php, (3) outposts.php, (4) tribes.php, (5) house.php, (6) tribearmor.php, (7) tribeastral.php, (8) tribeware.php, and (9) includes/head.php in Bartek Jasicki Vallheru before 1.3 beta have unknown impact and remote attack vectors, probably related to large integer values containing more than 15 digits. NOTE: the original vendor report is for integer overflows, but this is probably an incorrect usage of the term.
CVE-2007-1407 1 Open Solution 1 Quick.cart 2024-11-21 7.5 HIGH N/A
Unspecified vulnerability in OpenSolution Quick.Cart before 2.1 has unknown impact and attack vectors, related to a "low critical exploit."
CVE-2007-1406 1 Edgewall Software 1 Trac 2024-11-21 10.0 HIGH N/A
Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors.
CVE-2007-1405 1 Edgewall Software 1 Trac 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
CVE-2007-1404 1 Prosysinfo 1 Tftp Server Tftpdwin 2024-11-21 7.3 HIGH N/A
tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 allows remote attackers to cause a denial of service via a long UDP packet that is not properly handled in a recv_from call. NOTE: this issue might be related to CVE-2006-4948.
CVE-2007-1403 1 Macromedia 1 Shockwave 2024-11-21 7.5 HIGH N/A
Multiple stack-based buffer overflows in an ActiveX control in SwDir.dll 10.1.4.20 in Macromedia Shockwave allow remote attackers to cause a denial of service (Internet Explorer 7 crash) and possibly execute arbitrary code via a long (1) BGCOLOR, (2) SRC, (3) AutoStart, (4) Sound, (5) DrawLogo, or (6) DrawProgress property value, different vectors than CVE-2006-6885.
CVE-2007-1402 1 Rediff 1 Toolbar 2024-11-21 7.5 HIGH N/A
The Rediff Toolbar 2.0 ActiveX control in redifftoolbar.dll allows remote attackers to cause a denial of service via unspecified manipulations, possibly involving improper initialization or blank arguments.