| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2007-1133 |
|
|
Exec Code File Inclusion |
2007-02-27 |
2017-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in fcring.php in FCRing 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the s_fuss parameter. |
|
2 |
CVE-2007-1131 |
|
|
Exec Code File Inclusion |
2007-02-27 |
2017-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in sinapis.php in Sinapis Forum 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter. |
|
3 |
CVE-2007-1130 |
|
|
Exec Code File Inclusion |
2007-02-27 |
2017-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in sinagb.php in Sinapis Gastebuch 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter. |
|
4 |
CVE-2007-1129 |
|
|
|
2007-02-27 |
2018-10-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow remote attackers to upload and execute files via (1) an avatar upload in an add_down action, or (2) an add_link action. |
|
5 |
CVE-2007-1128 |
|
|
+Info |
2007-02-27 |
2018-10-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
shopkitplus allows remote attackers to obtain sensitive information via a request to (1) events.php with a curmonth[]=01 query string or (2) enc/stylecss.php with a changetheme[]= query string, which reveals the path in various error messages. |
|
6 |
CVE-2007-1127 |
|
|
Dir. Trav. |
2007-02-27 |
2018-10-16 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Directory traversal vulnerability in enc/stylecss.php in shopkitplus allows remote attackers to read arbitrary files via a .. (dot dot) in the changetheme parameter. |
|
7 |
CVE-2007-1126 |
|
|
Dir. Trav. |
2007-02-27 |
2018-10-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in index.php in xtcommerce allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter. |
|
8 |
CVE-2007-1124 |
|
|
Dir. Trav. |
2007-02-27 |
2018-10-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. |
|
9 |
CVE-2007-1123 |
|
|
Exec Code File Inclusion |
2007-02-27 |
2017-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in ZPanel 2.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the body parameter to templates/ZPanelV2/template.php or (2) the page parameter to zpanel.php. NOTE: the zpanel.php vector may overlap CVE-2005-0793.2. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
10 |
CVE-2007-1122 |
|
|
Exec Code Sql |
2007-02-27 |
2011-03-08 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 and 1.01 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php, a variant of a SQL injection issue that was fixed in 1.01. NOTE: some of these details are obtained from third party information. |
|
11 |
CVE-2007-1121 |
|
|
Exec Code Sql |
2007-02-27 |
2017-07-29 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php. NOTE: some of these details are obtained from third party information. |
|
12 |
CVE-2007-1120 |
|
|
|
2007-02-27 |
2017-07-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The (1) Import.LoadFromURL and (2) Export.asText.SaveToFile functions in TeeChart Pro ActiveX control (TeeChart7.ocx) allow remote attackers to download a crafted .tee file to an arbitrary location. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
13 |
CVE-2007-1119 |
|
|
|
2007-02-27 |
2011-03-08 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in Novell ZENworks 7 Desktop Management Support Pack 1 before Hot patch 3 (ZDM7SP1HP3) allows remote attackers to upload images to certain folders that were not configured in the "Only allow uploads to the following directories" setting via unspecified vectors. |
|
14 |
CVE-2007-1118 |
|
|
Exec Code File Inclusion |
2007-02-27 |
2017-10-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path_to_smf parameter to (1) bridges/SMF/logout.php or (2) get_session_vars.php. |
|
15 |
CVE-2007-1117 |
|
|
Exec Code |
2007-02-27 |
2008-11-15 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source. |
|
16 |
CVE-2007-1116 |
200 |
|
+Info |
2007-02-26 |
2018-10-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The CheckLoadURI function in Mozilla Firefox 1.8 lists the about: URI as a ChromeProtocol and can be loaded via JavaScript, which allows remote attackers to obtain sensitive information by querying the browser's session history. |
|
17 |
CVE-2007-1111 |
|
|
XSS |
2007-02-26 |
2018-10-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the css parameter to (1) flatevents.php, (2) js.php, (3) mysqlevents.php, (4) m_2.php, (5) m_3.php, (6) m_4.php, (7) xmlevents.php, (8) y_2.php, or (9) y_3.php in data/. |
|
18 |
CVE-2007-1110 |
|
|
Dir. Trav. |
2007-02-26 |
2018-10-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in data/showcode.php in ActiveCalendar 1.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. |
|
19 |
CVE-2007-1108 |
|
|
Exec Code File Inclusion |
2007-02-26 |
2017-10-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in index.php in Christian Schneider CS-Gallery 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the album parameter during a securealbum todo action. |
|
20 |
CVE-2007-1107 |
|
|
Exec Code Sql |
2007-02-26 |
2018-10-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using similar cookies. |
|
21 |
CVE-2007-1106 |
|
|
Exec Code File Inclusion |
2007-02-26 |
2017-10-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in includes/functions_nomoketos_rules.php in the NoMoKeTos Rules 0.0.1 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
|
22 |
CVE-2007-1105 |
|
|
Exec Code File Inclusion |
2007-02-26 |
2017-10-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
PHP remote file inclusion vulnerability in functions.php in Extreme phpBB (aka phpBB Extreme) 3.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
|
23 |
CVE-2007-1102 |
|
|
+Info |
2007-02-26 |
2018-10-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Photostand 1.2.0 allows remote attackers to obtain sensitive information via a ' (quote) character in (1) a PHPSESSID cookie or (2) the id parameter in an article action in index.php, which reveal the path in various error messages. |
|
24 |
CVE-2007-1100 |
|
|
Dir. Trav. |
2007-02-26 |
2018-10-16 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Directory traversal vulnerability in download.php in Ahmet Sacan Pickle before 20070301 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. |
|
25 |
CVE-2007-1099 |
|
|
|
2007-02-26 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which might allow remote attackers to conduct man-in-the-middle attacks. |
|
26 |
CVE-2007-1098 |
|
|
DoS |
2007-02-26 |
2008-11-15 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Multiple unspecified vulnerabilities in ScryMUD before 2.1.11 have unknown impact and attack vectors, possibly related to denial of service caused by a search that begins with a .* sequence. |
|
27 |
CVE-2007-1097 |
20 |
|
Exec Code |
2007-02-26 |
2017-07-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unrestricted file upload vulnerability in the onAttachFiles function in the upload tool (inc/lib/attachment.lib.php) in Wiclear before 0.11.1 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to filename validation. NOTE: some details were obtained from third party information. |
|
28 |
CVE-2007-1096 |
|
|
XSS |
2007-02-26 |
2018-08-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart before 20070116 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue might overlap CVE-2007-0376. |
|
29 |
CVE-2007-1095 |
|
|
|
2007-02-26 |
2018-10-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client. |
|
30 |
CVE-2007-1094 |
|
|
DoS |
2007-02-26 |
2021-12-13 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (NULL dereference and application crash) via JavaScript onUnload handlers that modify the structure of a document. |
|
31 |
CVE-2007-1093 |
94 |
|
DoS Exec Code |
2007-02-26 |
2017-07-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager (NNM) before 07-10-05, and before 08-00-02 in the 08-x series, allow remote attackers to execute arbitrary code, cause a denial of service, or trigger invalid Web utility behavior. |
|
32 |
CVE-2007-1092 |
|
|
Exec Code Mem. Corr. |
2007-02-26 |
2018-10-16 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects. |
|
33 |
CVE-2007-1091 |
|
|
|
2007-02-26 |
2021-07-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers. |
|
34 |
CVE-2007-1090 |
|
|
DoS |
2007-02-26 |
2018-10-16 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder. |
|
35 |
CVE-2007-1089 |
|
|
|
2007-02-23 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1 allows local users with table SELECT privileges to perform unauthorized UPDATE and DELETE SQL commands via unknown vectors. |
|
36 |
CVE-2007-1088 |
119 |
|
Exec Code Overflow |
2007-02-23 |
2019-05-23 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables. |
|
37 |
CVE-2007-1087 |
119 |
|
Exec Code Overflow |
2007-02-23 |
2019-05-23 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow. |
|
38 |
CVE-2007-1086 |
|
|
|
2007-02-23 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allow local users to create or modify arbitrary files via unspecified environment variables related to "unsafe file access." |
|
39 |
CVE-2007-1085 |
|
|
XSS Bypass |
2007-02-23 |
2018-10-16 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulnerability in google.com to extract the signature for the internal web server, then calling the "under" parameter in Advanced Search with the proper signature. |
|
40 |
CVE-2007-1084 |
16 |
|
Bypass |
2007-02-23 |
2018-10-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page. |
|
41 |
CVE-2007-1083 |
119 |
|
Exec Code Overflow |
2007-02-23 |
2017-07-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method. |
|
42 |
CVE-2007-1082 |
399 |
|
DoS |
2007-02-22 |
2017-10-11 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
FTP Explorer 1.0.1 Build 047, and other versions before 1.0.1.52, allows remote servers to cause a denial of service (CPU consumption) via a long response to a PWD command. |
|
43 |
CVE-2007-1081 |
|
|
|
2007-02-22 |
2017-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. NOTE: some details were obtained from third party information. |
|
44 |
CVE-2007-1080 |
|
|
DoS Overflow |
2007-02-22 |
2017-10-11 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Multiple heap-based buffer overflows in TurboFTP 5.30 Build 572 allow remote servers to cause a denial of service via (1) long filename in a response to a LIST command, and (2) a long response to a CWD command. |
|
45 |
CVE-2007-1079 |
|
|
DoS Overflow |
2007-02-22 |
2017-10-11 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Stack-based buffer overflow in Rhino Software, Inc. FTP Voyager 14.0.0.3 and earlier allows remote servers to cause a denial of service (crash) via a long response to a CWD command, which triggers the overflow when the user aborts the command. |
|
46 |
CVE-2007-1078 |
94 |
|
Exec Code File Inclusion |
2007-02-22 |
2018-10-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in index.php in FlashGameScript 1.5.4 allows remote attackers to execute arbitrary PHP code via a URL in the func parameter. |
|
47 |
CVE-2007-1077 |
|
|
Exec Code Sql |
2007-02-22 |
2008-11-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in page.asp in Design4Online UserPages2 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
48 |
CVE-2007-1076 |
22 |
|
Dir. Trav. |
2007-02-22 |
2017-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple directory traversal vulnerabilities in phpTrafficA 1.4.1, and possibly earlier, allow remote attackers to include arbitrary local files via a .. (dot dot) in the (1) file parameter to plotStat.php and the (2) lang parameter to banref.php. |
|
49 |
CVE-2007-1075 |
|
|
DoS |
2007-02-22 |
2017-10-11 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
TurboFTP 5.30 Build 572 allows remote servers to cause a denial of service (CPU consumption) via a response with a large number of newline characters. |
|
50 |
CVE-2007-1074 |
|
|
Exec Code Overflow |
2007-02-22 |
2017-10-11 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x allow user-assisted remote attackers to execute arbitrary code via a long (1) DataPath or (2) DownloadPath attributed in a (a) NBI file, or (3) a long group field in a (b) NZB file. |
