| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2007-2967 |
20 |
|
DoS |
2007-05-31 |
2018-10-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files. |
|
2 |
CVE-2007-2966 |
119 |
|
DoS Exec Code Overflow |
2007-05-31 |
2018-10-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the LHA decompression component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335. |
|
3 |
CVE-2007-2965 |
|
|
+Priv |
2007-05-31 |
2017-07-29 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the Real-time Scanning component in multiple F-Secure products, including Internet Security 2005, 2006 and 2007; Anti-Virus 2005, 2006 and 2007; and Solutions based on F-Secure Protection Service for Consumers 6.40 and earlier allows local users to gain privileges via a crafted I/O request packet (IRP), related to IOCTL (Input/Output Control) and "access validation of the address space." |
|
4 |
CVE-2007-2961 |
|
|
|
2007-05-31 |
2017-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unrestricted file upload vulnerability in FileCloset before 1.1.5 allows remote attackers to upload arbitrary PHP files via unspecified vectors. |
|
5 |
CVE-2007-2960 |
|
|
Dir. Trav. |
2007-05-31 |
2017-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple directory traversal vulnerabilities in Scallywag 2005-04-25 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin_name parameter to template.php in (1) skin/dark/, (2) skin/gold/, or (3) skin/original/, a different vector than CVE-2007-2900. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
6 |
CVE-2007-2959 |
|
|
Exec Code Sql |
2007-05-31 |
2018-10-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in manufacturer.php in cpCommerce before 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id_manufacturer parameter. |
|
7 |
CVE-2007-2947 |
|
|
Exec Code File Inclusion |
2007-05-31 |
2017-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in OpenBASE Alpha 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the root_prefix parameter to (1) index.php, (2) email_subscribe.php, (3) download.php, or (4) development.php. |
|
8 |
CVE-2007-2946 |
|
|
DoS Exec Code Overflow |
2007-05-31 |
2017-10-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in a certain ActiveX control in LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL) 14.5.0.44 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long DestinationPath property value. |
|
9 |
CVE-2007-2943 |
|
|
Exec Code File Inclusion |
2007-05-31 |
2017-10-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in class/class.php in Webavis 0.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. |
|
10 |
CVE-2007-2942 |
|
|
Exec Code Sql |
2007-05-31 |
2017-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in user.php in My Little Forum 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
11 |
CVE-2007-2941 |
|
|
Exec Code File Inclusion |
2007-05-31 |
2017-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in the creator in vBulletin Google Yahoo Site Map (vBGSiteMap) 2.41 for vBulletin allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) vbgsitemap/vbgsitemap-config.php or (2) vbgsitemap/vbgsitemap-vbseo.php. |
|
12 |
CVE-2007-2940 |
|
|
Exec Code File Inclusion |
2007-05-31 |
2017-10-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in FlaP 1.0b (1.0 Beta) allow remote attackers to execute arbitrary PHP code via a URL in the pachtofile parameter to (1) skin/html/table.php or (2) login.php. |
|
13 |
CVE-2007-2939 |
|
|
Exec Code File Inclusion |
2007-05-31 |
2017-10-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in Mazen's PHP Chat 3.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the basepath parameter to (1) ITX.php, (2) IT_Error.php, or (3) IT.php in include/pear/. |
|
14 |
CVE-2007-2938 |
|
|
Exec Code Overflow |
2007-05-31 |
2021-07-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoader100.dll) 5.4.0.6, when Internet Explorer 6 is used, allows remote attackers to execute arbitrary code via a long argument to the (1) Send485CMD method, and possibly the (2) SetLoginID, (3) AddSite, (4) SetScreen, and (5) SetVideoServer methods. |
|
15 |
CVE-2007-2937 |
|
|
Exec Code File Inclusion |
2007-05-31 |
2017-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in admin/admin.php in TROforum 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the site_url parameter. |
|
16 |
CVE-2007-2936 |
|
|
Exec Code File Inclusion |
2007-05-31 |
2017-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in Frequency Clock 0.1b (Beta 0.1) allow remote attackers to execute arbitrary PHP code via a URL in the securelib parameter to (1) conf.php or (2) cp2.php. |
|
17 |
CVE-2007-2935 |
|
|
Exec Code |
2007-05-31 |
2017-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
core/spellcheck/spellcheck.php in Fundanemt before 2.2.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dict parameter. |
|
18 |
CVE-2007-2934 |
|
|
Dir. Trav. |
2007-05-31 |
2017-10-11 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Directory traversal vulnerability in skins/common.css.php in Vistered Little 1.6a allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. |
|
19 |
CVE-2007-2933 |
|
|
Exec Code Sql |
2007-05-31 |
2017-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in the Phil-a-Form (com_philaform) 1.2.0.0 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the form_id parameter. |
|
20 |
CVE-2007-2911 |
|
|
Exec Code Sql |
2007-05-30 |
2017-07-29 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached After" field (GPC['search']['datelineafter'] variable), a related issue to CVE-2007-1573. |
|
21 |
CVE-2007-2905 |
|
|
Exec Code Sql |
2007-05-30 |
2018-10-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the post_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
22 |
CVE-2007-2902 |
|
|
Exec Code Sql |
2007-05-30 |
2017-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in main/auth/my_progress.php in Dokeos 1.8.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the course parameter. |
|
23 |
CVE-2007-2900 |
94 |
|
Exec Code File Inclusion |
2007-05-30 |
2017-10-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in Scallywag 2005-04-25 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to template.php in (1) skin/dark/, (2) skin/gold/, or (3) skin/original/. |
|
24 |
CVE-2007-2899 |
94 |
|
|
2007-05-30 |
2017-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Direct static code injection vulnerability in admin_config.php in NavBoard 2.6.0 allows remote attackers to inject arbitrary PHP code into data/config.php via multiple parameters, as demonstrated via the threadperpage parameter in an editconfig action. |
|
25 |
CVE-2007-2898 |
89 |
|
Exec Code Sql |
2007-05-30 |
2018-10-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php. |
|
26 |
CVE-2007-2897 |
|
|
DoS Exec Code Bypass +Info |
2007-05-30 |
2017-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic); and might allow attackers with physical access to execute arbitrary code after connecting a data stream to a device COM port; via requests for a URI containing a '/' immediately before and after the name of a DOS device, as demonstrated by the /AUX/.aspx URI, which bypasses a blacklist for DOS device requests. |
|
27 |
CVE-2007-2895 |
|
|
Exec Code Overflow |
2007-05-30 |
2017-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in a certain ActiveX control in LTRDF14e.DLL 14.5.0.44 in LeadTools Raster Dialog File Object allows remote attackers to execute arbitrary code via a long Directory property value. |
|
28 |
CVE-2007-2893 |
119 |
|
Overflow +Priv |
2007-05-30 |
2020-05-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka "RX Frame heap overflow." |
|
29 |
CVE-2007-2891 |
|
|
Exec Code File Inclusion |
2007-05-30 |
2017-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in FirmWorX 0.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bank_data[root] parameter to modules/bank/includes/design/main.inc.php, or the (2) fm_data[root] parameter to (a) includes/config/master.inc.php or (b) includes/functions/master.inc.php. |
|
30 |
CVE-2007-2890 |
|
|
Exec Code Sql |
2007-05-30 |
2017-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in category.php in cpCommerce 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id_category parameter. |
|
31 |
CVE-2007-2889 |
|
|
Exec Code Sql |
2007-05-30 |
2017-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the scormcontopen parameter. |
|
32 |
CVE-2007-2888 |
|
|
Exec Code Overflow |
2007-05-30 |
2017-10-11 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows user-assisted remote attackers to execute arbitrary code via a long FILE string (filename) in a .cue file, a related issue to CVE-2007-2761. NOTE: some details are obtained from third party information. |
|
33 |
CVE-2007-2884 |
20 |
|
DoS Exec Code Overflow |
2007-05-30 |
2017-10-11 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allow user-assisted remote attackers to cause a denial of service (CPU consumption) or execute arbitrary code via a Visual Basic Project (vbp) file with a long (1) Description or (2) Company Name (VersionCompanyName) field. |
|
34 |
CVE-2007-2881 |
|
|
Exec Code Overflow |
2007-05-29 |
2017-07-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple stack-based buffer overflows in the SOCKS proxy support (sockd) in Sun Java Web Proxy Server before 4.0.5 allow remote attackers to execute arbitrary code via crafted packets during protocol negotiation. |
|
35 |
CVE-2007-2877 |
|
|
Overflow +Priv |
2007-05-29 |
2017-07-29 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in tcl/win/tclWinReg.c in Tcl (Tcl/Tk) before 8.5a6 allows local users to gain privileges via long registry key paths. |
|
36 |
CVE-2007-2866 |
|
|
Exec Code Sql |
2007-05-25 |
2011-03-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in modules/admin/modules/gallery.php in PHPEcho CMS 2.0-rc1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter and possibly other parameters. NOTE: some of these details are obtained from third party information. |
|
37 |
CVE-2007-2865 |
|
|
XSS |
2007-05-25 |
2017-07-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter. |
|
38 |
CVE-2007-2862 |
|
|
Exec Code Sql |
2007-05-24 |
2018-10-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow remote attackers to execute arbitrary SQL commands via an unspecified parameter to cart.inc.php and certain other files in an include directory, related to missing sanitization of the $option variable and possibly cookie modification. |
|
39 |
CVE-2007-2861 |
|
|
Exec Code File Inclusion |
2007-05-24 |
2018-10-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in Simple Accessible XHTML Online News (SAXON) 4.6 allow remote attackers to execute arbitrary PHP code via a URL in the template parameter to (1) news.php, (2) preview.php, or (3) archive-display.php. |
|
40 |
CVE-2007-2860 |
|
|
+Priv |
2007-05-24 |
2018-10-16 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
user.php in BoastMachine 3.0 platinum allows remote authenticated users to gain privileges via a modified id parameter, as demonstrated by an edit_post action. |
|
41 |
CVE-2007-2859 |
|
|
Exec Code File Inclusion |
2007-05-24 |
2018-10-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in SimpGB 1.46.0 allow remote attackers to execute arbitrary PHP code via a URL in the path_simpgb parameter to (1) guestbook.php, (2) search.php, (3) mailer.php, (4) avatars.php, (5) ccode.php, (6) comments.php, (7) emoticons.php, (8) gbdownload.php, and possibly other PHP scripts. |
|
42 |
CVE-2007-2858 |
|
|
Exec Code Sql |
2007-05-24 |
2018-10-16 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the IP-Search functionality in the IP-Tracking Mod for phpBB 2.0.x allows remote authenticated administrators to execute arbitrary SQL commands via the Search Query field. |
|
43 |
CVE-2007-2857 |
|
|
Exec Code File Inclusion |
2007-05-24 |
2018-10-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in sample/xls2mysql in ABC Excel Parser Pro 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the parser_path parameter. |
|
44 |
CVE-2007-2856 |
119 |
|
Exec Code Overflow |
2007-05-24 |
2018-10-16 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Dart Communications PowerTCP ZIP Compression ActiveX control in DartZip.dll 1.8.5.3, when Internet Explorer 6 is used, allows user-assisted remote attackers to execute arbitrary code via a long first argument to the QuickZip function, a related issue to CVE-2007-2855. |
|
45 |
CVE-2007-2855 |
119 |
|
Exec Code Overflow |
2007-05-24 |
2017-07-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in a certain ActiveX control in DartZipLite.dll 1.8.5.3 in Dart ZipLite Compression for ActiveX allows user-assisted remote attackers to execute arbitrary code via a long first argument to the QuickZip function, a related issue to CVE-2007-2856. |
|
46 |
CVE-2007-2854 |
|
|
Exec Code Sql |
2007-05-24 |
2017-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in account_change.php in BtiTracker 1.4.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) style or (2) langue parameter. |
|
47 |
CVE-2007-2853 |
|
|
Exec Code |
2007-05-24 |
2017-10-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The VCDAPILibApi ActiveX control in vc9api.DLL 9.0.0.57 in Virtual CD 9.0.0.2 allows remote attackers to execute arbitrary commands via a command line in the first argument to the VCDLaunchAndWait function. |
|
48 |
CVE-2007-2852 |
|
|
Exec Code Overflow |
2007-05-24 |
2018-10-16 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple stack-based buffer overflows in ESET NOD32 Antivirus before 2.70.37.0 allow remote attackers to execute arbitrary code during (1) delete/disinfect or (2) rename operations via a crafted directory name. |
|
49 |
CVE-2007-2851 |
|
|
|
2007-05-24 |
2017-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A certain ActiveX control in LeadTools Raster Variant Object Library (LTRVR14e.dll) 14.5.0.44 allows remote attackers to overwrite arbitrary files via the WriteDataToFile method. |
|
50 |
CVE-2007-2850 |
|
|
Bypass |
2007-05-24 |
2017-07-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a modified address:port string. |
