ReportizFlow
Filtered by vendor
Subscriptions
Total
29893 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2142 | 1 Ajportal2php | 1 Ajportal2php | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in AjPortal2Php allow remote attackers to execute arbitrary PHP code via a URL in the PagePrefix parameter to (1) begin.inc.php, (2) connection.inc.php, (3) events.inc.php, (4) footer.inc.php, (5) header.inc.php, (6) menuleft.inc.php, or (7) pages.inc.php in includes/. | ||||
| CVE-2007-2148 | 1 Stephen Craton | 1 Chatness | 2025-04-09 | N/A |
| Direct static code injection vulnerability in admin/save.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.html and foot.html, which are included and executed upon a direct request for index.php. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers. | ||||
| CVE-2007-2153 | 1 Atmail | 1 Atmail Webmail | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in atmail.php in @Mail 5.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | ||||
| CVE-2007-2177 | 1 Microgaming | 1 Download Helper Activex Control | 2025-04-09 | N/A |
| Stack-based buffer overflow in the Microgaming Download Helper ActiveX control (dlhelper.dll) before 7.2.0.19, and the WebHandler Class control, allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2007-2178 | 1 Objective Development | 1 Sharity | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in Objective Development Sharity before 3.3 allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors. | ||||
| CVE-2007-0156 | 1 M-core | 1 M-core | 2025-04-09 | N/A |
| M-Core stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to db/uyelik.mdb. | ||||
| CVE-2007-2179 | 1 Raiden Professional Servers | 1 Raidenftpd | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in IXceedCompression in XceddZipLib (RaidenFTPD.dll) in RaidenFTPD 2.4 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving the (1) CalculateCrc, (2) Compress, and (3) Uncompress functions, which result in a NULL pointer dereference. | ||||
| CVE-2007-0362 | 1 Freshreader | 1 Freshreader | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the RSS feed component in FreshReader before 1.0.07010600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to tag attributes. | ||||
| CVE-2007-2191 | 7 Bsd, Freepbx, Hp and 4 more | 8 Bsd, Freepbx, Hp-ux and 5 more | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php. | ||||
| CVE-2007-2203 | 1 Big Blue | 1 Guestbook | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in Big Blue Guestbook allows remote attackers to inject arbitrary web script or HTML via the message field in the guestbook entry submission form. | ||||
| CVE-2007-2221 | 1 Microsoft | 5 Internet Explorer, Windows 2000, Windows 2003 Server and 2 more | 2025-04-09 | N/A |
| Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; or 7 on Windows Vista allows remote attackers to overwrite arbitrary files via unspecified vectors, aka the "Arbitrary File Rewrite Vulnerability." | ||||
| CVE-2007-2239 | 1 Axis | 10 2100 Network Camera, 2110 Network Camera, 2120 Network Camera and 7 more | 2025-04-09 | N/A |
| Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long argument. | ||||
| CVE-2007-2255 | 1 Alexscriptengine | 1 Download-engine | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) eng_dir parameter to addmember.php, (2) lang_path parameter to admin/enginelib/class.phpmailer.php, and the (3) spaw_root parameter to admin/includes/spaw/dialogs/colorpicker.php, different vectors than CVE-2006-5291 and CVE-2006-5459. NOTE: vector 3 might be an issue in SPAW. | ||||
| CVE-2007-2256 | 1 Tjschat | 1 Tjschat | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in you.php in TJSChat 0.95 allows remote attackers to inject arbitrary web script or HTML via the user parameter. | ||||
| CVE-2007-2257 | 1 Fully Modded Phpbb | 1 Fully Modded Phpbb2 | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in subscp.php in Fully Modded phpBB2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2006-6920 | 1 Nucleus Cms | 1 Nucleus Cms | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly involving (1) lib/ADMIN.php and (2) lib/SKIN.php. | ||||
| CVE-2007-2267 | 1 Sun | 1 Cluster | 2025-04-09 | N/A |
| Unspecified vulnerability in Sun Cluster 3.1 and Solaris Cluster 3.2 before 20070424 allows remote authenticated users, operating from a different cluster node, to cause a denial of service (data corruption or send_mondo panic) via unspecified vectors, as demonstrated by EMC Symcli backup software 6.2.1. | ||||
| CVE-2007-0793 | 1 Globalmegacorp | 1 Dvddb | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the config parameter. | ||||
| CVE-2007-2275 | 1 Hp | 3 Storageworks Command View, Storageworks Replication Monitor, Storageworks Tiered Storage Manager | 2025-04-09 | N/A |
| Unspecified vulnerability in HP StorageWorks Command View Advanced Edition for XP before 5.6.0-01, XP Replication Monitor before 5.6.0-01, and XP Tiered Storage Manager before 5.5.0-02 allows local users to access other accounts via unspecified vectors during registration or addition of new users. | ||||
| CVE-2007-0811 | 1 Microsoft | 1 Ie | 2025-04-09 | N/A |
| Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById. | ||||