| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2007-0642 |
89 |
|
Exec Code Sql |
2007-01-31 |
2018-10-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in tForum 2.00 in the Raymond BERTHOU script collection (aka RBL - ASP) allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) pass to user_confirm.asp. |
|
2 |
CVE-2007-0641 |
|
1
|
Exec Code Overflow |
2007-01-31 |
2008-11-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the EnumPrintersA function in dapcnfsd.dll 0.6.4.0 in Shaffer Solutions (SSC) DiskAccess NFS Client allows remote attackers to execute arbitrary code via a long argument, an issue similar to CVE-2006-5854 and CVE-2007-0444. |
|
3 |
CVE-2007-0640 |
|
|
Overflow |
2007-01-31 |
2017-07-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses." |
|
4 |
CVE-2007-0639 |
|
|
|
2007-01-31 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple static code injection vulnerabilities in error.php in GuppY 4.5.16 and earlier allow remote attackers to inject arbitrary PHP code into a .inc file in the data/ directory via (1) a REMOTE_ADDR cookie or (2) a cookie specifying an element of the msg array with an error number in the first dimension and 0 in the second dimension, as demonstrated by msg[999][0]. |
|
5 |
CVE-2007-0637 |
|
|
Dir. Trav. |
2007-01-31 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php. |
|
6 |
CVE-2007-0635 |
|
|
Exec Code File Inclusion |
2007-01-31 |
2018-10-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) config[path] parameter to (a) common_foot.php or (b) blogs.php, or (2) the config[theme] parameter to (c) admin/gallery_head.php. |
|
7 |
CVE-2007-0634 |
|
|
DoS |
2007-01-31 |
2017-10-11 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets. |
|
8 |
CVE-2007-0633 |
|
|
Exec Code File Inclusion |
2007-01-31 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in include/themes/themefunc.php in MyNews 4.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter. |
|
9 |
CVE-2007-0632 |
|
|
Exec Code Sql |
2007-01-31 |
2011-03-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via a username cookie, a different vector than CVE-2007-0560. |
|
10 |
CVE-2007-0631 |
|
|
Exec Code Sql |
2007-01-31 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. |
|
11 |
CVE-2007-0630 |
|
|
Exec Code Sql |
2007-01-31 |
2011-03-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in the generate_csv function in classes/class.news.php in X-dev xNews 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) from, and (3) q parameters, different vectors than CVE-2007-0569. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
|
12 |
CVE-2007-0623 |
|
|
Exec Code Sql |
2007-01-31 |
2018-10-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows remote attackers to execute arbitrary SQL commands via the startrow parameter. |
|
13 |
CVE-2007-0619 |
|
|
Exec Code Mem. Corr. |
2007-01-31 |
2011-03-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
chmlib before 0.39 allows user-assisted remote attackers to execute arbitrary code via a crafted page block length in a CHM file, which triggers memory corruption. |
|
14 |
CVE-2007-0618 |
|
|
|
2007-01-31 |
2017-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability." |
|
15 |
CVE-2007-0616 |
|
|
Dir. Trav. |
2007-01-31 |
2017-07-29 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Directory traversal vulnerability in zen/template-functions.php in zenphoto 1.0.4 up to 1.0.6 allows remote attackers to list arbitrary directories via ".." sequences in the album parameter to index.php. |
|
16 |
CVE-2007-0615 |
|
|
DoS |
2007-01-31 |
2017-07-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in Hitachi JP1/HIBUN Advanced Edition Management Server and Log Server before 20070124 allows remote attackers to cause a denial of service (application stop) via unexpected data. |
|
17 |
CVE-2007-0614 |
|
|
DoS |
2007-01-31 |
2008-09-05 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (persistent application crash) via a crafted phsh hash attribute in a TXT key. |
|
18 |
CVE-2007-0612 |
|
|
DoS |
2007-01-31 |
2021-07-23 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll; or the (12) TriEditDocument.TriEditDocument or (13) TriEditDocument.TriEditDocument.1 objects in (b) triedit.dll, which cause a NULL pointer dereference. |
|
19 |
CVE-2007-0603 |
|
|
Exec Code +Priv |
2007-01-30 |
2018-10-16 |
7.1 |
None |
Remote |
High |
??? |
Complete |
Complete |
Complete |
|
PGP Desktop before 9.5.1 does not validate data objects received over the (1) \pipe\pgpserv named pipe for PGPServ.exe or the (2) \pipe\pgpsdkserv named pipe for PGPsdkServ.exe, which allows remote authenticated users to gain privileges by sending a data object representing an absolute pointer, which causes code execution at the corresponding address. |
|
20 |
CVE-2007-0601 |
|
|
Bypass |
2007-01-30 |
2018-10-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
common/safety.php in Aztek Forum 4.00 allows remote attackers to enter certain data containing %22 sequences (URL encoded double quotes) and other potentially dangerous manipulations by sending a cookie, which bypasses the blacklist matching against the GET and PUT superglobal arrays. |
|
21 |
CVE-2007-0600 |
|
|
Exec Code Sql |
2007-01-30 |
2018-10-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in news_page.asp in Martyn Kilbryde Newsposter Script (aka makit news/blog poster) 3 and earlier allows remote attackers to execute arbitrary SQL commands via the uid parameter. |
|
22 |
CVE-2007-0599 |
|
|
|
2007-01-30 |
2018-10-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Variable overwrite vulnerability in common/config.php in Aztek Forum 4.00 allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as copying arbitrary files using index/common_actions.php, via vectors associated with extract operations on the (1) POST, (2) GET, (3) COOKIE, and (4) SERVER superglobal arrays. |
|
23 |
CVE-2007-0598 |
|
|
Exec Code Sql |
2007-01-30 |
2018-10-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in forum/load.php in Aztek Forum 4.00 allows remote attackers to execute arbitrary SQL commands via the fid cookie to forum.php. |
|
24 |
CVE-2007-0591 |
|
|
Exec Code File Inclusion |
2007-01-30 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in configure.php in Vu Le An Virtual Path (VirtualPath) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
|
25 |
CVE-2007-0589 |
|
|
Exec Code Sql |
2007-01-30 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in Forum Livre 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to info_user.asp. |
|
26 |
CVE-2007-0588 |
|
|
DoS Exec Code Mem. Corr. |
2007-01-30 |
2013-08-15 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. NOTE: this issue might overlap CVE-2007-0462. |
|
27 |
CVE-2007-0585 |
|
|
Dir. Trav. |
2007-01-30 |
2018-08-13 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
include/debug.php in Webfwlog 0.92 and earlier, when register_globals is enabled, allows remote attackers to obtain source code of files via the conffile parameter. NOTE: some of these details are obtained from third party information. It is likely that this issue can be exploited to conduct directory traversal attacks. |
|
28 |
CVE-2007-0584 |
|
|
Exec Code File Inclusion |
2007-01-30 |
2018-10-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in membres/membreManager.php in PhP Generic Library & Framework for comm (g-neric) allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. |
|
29 |
CVE-2007-0582 |
89 |
|
Exec Code Sql |
2007-01-30 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in default.asp in ChernobiLe 1.0 allows remote attackers to execute arbitrary SQL commands via the User (username) field. |
|
30 |
CVE-2007-0581 |
|
|
Exec Code File Inclusion |
2007-01-30 |
2018-10-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in functions.php in EclipseBB 0.5.0 Lite allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
|
31 |
CVE-2007-0577 |
|
|
Exec Code File Inclusion |
2007-01-30 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in function.inc.php in ACGVclick 0.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. |
|
32 |
CVE-2007-0576 |
|
|
Exec Code File Inclusion |
2007-01-30 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in xt_counter.php in Xt-Stats 2.3.x up to 2.4.0.b3 allows remote attackers to execute arbitrary PHP code via a URL in the server_base_dir parameter. |
|
33 |
CVE-2007-0575 |
|
|
Exec Code Sql |
2007-01-30 |
2018-10-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in the administrative login page (admin/login.asp) in ASPCode.net AdMentor allow remote attackers to execute arbitrary SQL commands via the (1) Userid and (2) Password fields. |
|
34 |
CVE-2007-0574 |
|
|
Exec Code Sql |
2007-01-30 |
2008-11-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in rss/show_webfeed.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.40 allows remote attackers to execute arbitrary SQL commands via the wcHeadlines parameter, a different vector than CVE-2006-4715. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
|
35 |
CVE-2007-0573 |
|
|
Exec Code File Inclusion |
2007-01-30 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in includes/config.inc.php in nsGalPHP 0.41 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the racineTBS parameter. |
|
36 |
CVE-2007-0572 |
|
|
Exec Code File Inclusion |
2007-01-30 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in include/irc/phpIRC.php in Drunken:Golem Gaming Portal 0.5.1 Alpha 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
|
37 |
CVE-2007-0571 |
|
|
Exec Code File Inclusion |
2007-01-30 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in include/lib/lib_head.php in phpMyReports 3.0.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfgPathModule parameter. |
|
38 |
CVE-2007-0570 |
|
|
Exec Code File Inclusion |
2007-01-30 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in ains_main.php in Johannes Gijsbers (aka Taradino) Ad Fundum Integratable News Script (AINS) 0.02b allows remote attackers to execute arbitrary PHP code via a URL in the ains_path parameter. |
|
39 |
CVE-2007-0569 |
|
|
Exec Code Sql |
2007-01-30 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in xNews.php in xNews 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a shownews action. |
|
40 |
CVE-2007-0568 |
|
|
Exec Code File Inclusion |
2007-01-30 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in system/lib/package.php in MyPHPCommander 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the gl_root parameter. |
|
41 |
CVE-2007-0566 |
|
|
Exec Code Sql |
2007-01-30 |
2018-10-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in news_detail.asp in ASP NEWS 3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
42 |
CVE-2007-0565 |
|
|
|
2007-01-30 |
2008-11-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
CGI-Rescue Shopping Basket Professional 7.50 and earlier allows remote attackers to inject arbitrary operating system commands via unspecified vectors. |
|
43 |
CVE-2007-0561 |
|
|
Exec Code File Inclusion |
2007-01-30 |
2018-10-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in Xero Portal 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) admin_linkdb.php, (2) admin_forum_prune.php, (3) admin_extensions.php, (4) admin_board.php, (5) admin_attachments.php, or (6) admin_users.php in admin/. |
|
44 |
CVE-2007-0560 |
|
|
Exec Code Sql |
2007-01-30 |
2018-10-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in user.asp in ASP EDGE 1.2b and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter. |
|
45 |
CVE-2007-0559 |
|
|
Exec Code File Inclusion |
2007-01-30 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in config.php in RPW 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the sql_language parameter. |
|
46 |
CVE-2007-0558 |
|
|
Exec Code File Inclusion |
2007-01-30 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in modules/mail/main.php in Inter7 vHostAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the MODULES_DIR parameter. |
|
47 |
CVE-2007-0557 |
|
|
+Priv |
2007-01-29 |
2008-11-15 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
rMake before 1.0.4 drops root privileges in a way that retains the original supplemental groups, which might allow attackers to gain privileges via a crafted recipe file, a different vulnerability than CVE-2007-0536. |
|
48 |
CVE-2007-0554 |
|
|
Exec Code Sql |
2007-01-29 |
2018-10-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in print.asp in Guo Xu Guos Posting System (GPS) 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
49 |
CVE-2007-0551 |
|
|
Exec Code File Inclusion |
2007-01-29 |
2018-10-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php in CMSimple 2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pth[file][config] and (2) pth[file][image] parameters. |
|
50 |
CVE-2007-0546 |
|
|
|
2007-01-29 |
2018-10-16 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Toxiclab Shoutbox 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db.mdb. |
