2007-11-10
2007-11-10 02:46Z
HIGH

CVE-2007-5928 — Openbase_international_ltd Openbase: 10.0.5 and earlier allows remote authenticated users to trigger a free of an

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2007-5928

OpenBase 10.0.5 and earlier allows remote authenticated users to trigger a free of an arbitrary memory location via long strings in a SELECT statement. NOTE: this might be a buffer overflow, but it is not clear. CVSSv3.1 8.1 (HIGH)

CWECWE 20CWECWE 119VNDOpenbase International LtdVNDOpenbaseTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2007-11-01
2007-11-01 16:46Z
CRIT

CVE-2007-5775 — Bitdefender Antivirus: Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2007-5775

Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. NOTE: as of 20071029, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. CVSSv3.1 9.8 (CRITICAL)

CWECWE 94VNDBitdefenderVNDUnspecifiedTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2007-10-18
2007-10-18 21:17Z
CRIT

CVE-2007-5565 — Phpscms Phpscms: PHP remote file inclusion vulnerability in includes/functions.php in phpSCMS 0.0.1-Alpha1 allows remote attackers to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2007-5565

PHP remote file inclusion vulnerability in includes/functions.php in phpSCMS 0.0.1-Alpha1 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue is disputed by CVE because the identified code is in a function that is not accessible via direct request CVSSv3.1 9.8 (CRITICAL)

CWECWE 94VNDPhpscmsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2007-09-26
2007-09-26 22:17Z
CRIT

CVE-2007-5097 — Online_fantasy_football_league Offl: PHP remote file inclusion vulnerability in lib/classes/offl_nflteam.php in Online Fantasy Football League (OFFL) 0.2.6

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2007-5097

PHP remote file inclusion vulnerability in lib/classes/offl_nflteam.php in Online Fantasy Football League (OFFL) 0.2.6 allows remote attackers to execute arbitrary PHP code via a URL in the DOC_ROOT parameter. NOTE: this issue is disputed by CVE because a __FILE__ test protects offl_nflteam.php against direct requests CVSSv3.1 9.8 (CRITICAL)

CWECWE 94VNDOnline Fantasy Football LeagueTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2007-08-28
2007-08-28 01:17Z
CRIT

CVE-2007-4559 — Python Python: Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2007-4559

Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVSSv3.1 9.8 (CRITICAL)

CWECWE 22TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2007-08-09
2007-08-09 21:17Z
CRIT

CVE-2007-4290 — Stadtaus Guestbook_script: Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2007-4290

Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code via a URL in the script_root parameter to (1) delete.php, (2) edit.php, or (3) inc/common.inc.php; or (4) database.php, (5) entries.php, (6) index.php, (7) logout.php, or (8) settings.php in admin/. NOTE: a third party disputes this vulnerability, noting that these scripts defend against direct requests CVSSv3.1 9.8 (CRITICAL)

CWECWE 94VNDStadtausTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2007-07-27
2007-07-27 22:30Z
CRIT

CVE-2007-4039 — Mozilla Mozilla: Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2007-4039

Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670. CVSSv3.1 9.8 (CRITICAL)

CWECWE 79VNDMozillaVNDArgumentTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2007-07-27
2007-07-27 22:30Z
HIGH

CVE-2007-4040 — Microsoft Outlook: Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2007-4040

Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670. CVSSv3.1 8.8 (HIGH)

CWECWE 79VNDMicrosoftVNDArgumentTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2007-07-27
2007-07-27 22:30Z
CRIT

CVE-2007-4043 — Securecomputing Securityreporter: file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2007-4043

file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence. NOTE: a separate traversal vulnerability could be leveraged to download arbitrary files. CVSSv3.1 9.8 (CRITICAL)

CWECWE 287VNDSecurecomputingVNDSecureTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2007-07-16
2007-07-16 22:30Z
CRIT

CVE-2007-3798 — Tcpdump Tcpdump: Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2007-3798

Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value. CVSSv3.1 9.8 (CRITICAL)

CWECWE 252VNDCanonicalVNDTcpdumpTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2007-06-12
2007-06-12 23:30Z
CRIT

CVE-2007-3194 — Mywebland Mybloggie: Multiple PHP remote file inclusion vulnerabilities in myBloggie 2.1.5 allow remote attackers to execute

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2007-3194

Multiple PHP remote file inclusion vulnerabilities in myBloggie 2.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the bloggie_root_path parameter to (1) config.php; (2) db.php, (3) template.php, (4) functions.php, and (5) classes.php in includes/; (6) viewmode.php; and (7) blog_body.php. NOTE: another researcher disputes the vulnerability because the files are protected against direct requests, contain no relevant include statements, or do not exist CVSSv3.1 9.8 (CRITICAL)

VNDMyweblandTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2007-05-09
2007-05-09 00:19Z
CRIT

CVE-2007-2534 — Phphoo3 Phphoo3: Multiple SQL injection vulnerabilities in admin.php in phpHoo3 allow remote attackers to execute arbitrary

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2007-2534

Multiple SQL injection vulnerabilities in admin.php in phpHoo3 allow remote attackers to execute arbitrary SQL commands via the (1) ADMIN_USER (USER) and (2) ADMIN_PASS (PASS) parameters during a login. NOTE: CVE disputes this vulnerability, since ADMIN_USER/ADMIN_PASS are initialized before use CVSSv3.1 9.8 (CRITICAL)

CWECWE 89VNDPhphoo3TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2007-05-02
2007-05-02 00:19Z
CRIT

CVE-2007-2422 — Comdev Modules_builder: Multiple PHP remote file inclusion vulnerabilities in Modules Builder (modbuild) 4.1 for Comdev One

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2007-2422

Multiple PHP remote file inclusion vulnerabilities in Modules Builder (modbuild) 4.1 for Comdev One Admin allow remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter to (1) config-bak.php or (2) config.php. NOTE: CVE disputes this vulnerability because the unmodified scripts set the applicable variable to the empty string; reasonable modified copies would use a fixed pathname string CVSSv3.1 9.8 (CRITICAL)

VNDComdevTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2007-04-12
2007-04-12 19:19Z
CRIT

CVE-2007-2020 — Xodagallery Xodagallery: Unspecified vulnerability in administration.php in xodagallery allows remote attackers to execute arbitrary code via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2007-2020

Unspecified vulnerability in administration.php in xodagallery allows remote attackers to execute arbitrary code via the cmd parameter. NOTE: CVE disputes this vulnerability because administration.php does not use the cmd parameter for inclusion CVSSv3.1 9.8 (CRITICAL)

VNDUnspecifiedVNDXodagalleryTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2007-04-11
2007-04-11 10:19Z
CRIT

CVE-2007-1966 — Exv2 Content_management_system: Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2007-1966

Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie. CVSSv3.1 9.1 (CRITICAL)

CWECWE 287VNDExv2TYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2007-03-10
2007-03-10 00:19Z
CRIT

CVE-2007-1383 — Php Php: Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2007-1383

Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes the same variable to be destroyed twice, a related issue to CVE-2007-1286. CVSSv3.1 9.8 (CRITICAL)

CWECWE 190CWECWE 189TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2007-03-03
2007-03-03 21:19Z
CRIT

CVE-2006-7105 — Smarty Smarty: PHP remote file inclusion vulnerability in libs/Smarty.class.php in Smarty 2.6.9 allows remote attackers to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2006-7105

PHP remote file inclusion vulnerability in libs/Smarty.class.php in Smarty 2.6.9 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter. NOTE: in the original disclosure, filename is used in a function definition, so this report is probably incorrect CVSSv3.1 9.8 (CRITICAL)

CWECWE 94VNDSmartyTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2007-03-02
2007-03-02 21:18Z
CRIT

CVE-2006-7079 — Exv2 Content_management_system: Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2006-7079

Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute arbitrary code by modifying the $xoopsOption['pagetype'] variable. CVSSv3.1 9.8 (CRITICAL)

CWECWE 22CWECWE 913VNDExv2VNDVariableTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2007-02-08
2007-02-08 17:28Z
CRIT

CVE-2006-6975 — Centipaid Centipaid: PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.3 allows remote attackers to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2006-6975

PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.3 allows remote attackers to execute arbitrary code via a URL in the class_pwd parameter. NOTE: this issue has been disputed by CVE and multiple third parties, who state that $class_pwd is set to a static value before the relevant include statement CVSSv3.1 9.8 (CRITICAL)

CWECWE 94VNDCentipaidTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2007-02-03
2007-02-03 01:28Z
CRIT

CVE-2007-0681 — Extcalendar_project Extcalendar: profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2007-0681

profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to register.php. CVSSv3.1 9.8 (CRITICAL)

CWECWE 522VNDExtcalendar ProjectVNDExtcalendarTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2007-02-03
2007-02-03 01:28Z
HIGH

CVE-2007-0671 — Microsoft Access: Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2007-0671

Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. CVSSv3.1 8.8 (HIGH)

VNDMicrosoftVNDUnspecifiedTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2006-12-31
2006-12-31 05:00Z
CRIT

CVE-2006-6863 — Enigma Wordpress_bridge: PHP remote file inclusion vulnerability in the Enigma2 plugin (Enigma2.php) in Enigma WordPress Bridge

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2006-6863

PHP remote file inclusion vulnerability in the Enigma2 plugin (Enigma2.php) in Enigma WordPress Bridge allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. NOTE: CVE disputes this issue, since $boarddir is set to a fixed value CVSSv3.1 9.8 (CRITICAL)

VNDEnigmaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2006-11-21
2006-11-21 23:07Z
CRIT

CVE-2006-6024 — Qualcomm Eudora_worldmail: As of 20061118, this disclosure has no actionable information.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2006-6024

Multiple buffer overflows in Eudora Worldmail, possibly Worldmail 3 version 6.1.22.0, have unknown impact and attack vectors, as demonstrated by the (1) "Eudora WorldMail stack overflow" and (2) "Eudora WorldMail heap overflow" modules in VulnDisco Pack. NOTE: Some of these details are obtained from third party information. As of 20061118, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being as CVSSv3.1 9.8 (CRITICAL)

CWECWE 120VNDQualcommVNDEudoraTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2006-11-03
2006-11-03 11:07Z
CRIT

CVE-2006-5678 — J-pierre_dezelus Les_visiteurs: PHP remote file inclusion vulnerability in common/visiteurs/include/library.inc.php in J-Pierre DEZELUS Les Visiteurs 2.0.1, as

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2006-5678

PHP remote file inclusion vulnerability in common/visiteurs/include/library.inc.php in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the lvc_modules_dir parameter. NOTE: CVE disputes this vulnerability, because the inclusion occurs in a function that is not called during a direct request to library.inc.php CVSSv3.1 9.8 (CRITICAL)

VNDJ Pierre DezelusVNDPhpmyconferencesTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2006-10-31
2006-10-31 00:07Z
CRIT

CVE-2006-5610 — Fully_modded_phpbb Fully_modded_phpbb: PHP remote file inclusion vulnerability in player/includes/common.php in Teake Nutma Foing, as modified in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2006-5610

PHP remote file inclusion vulnerability in player/includes/common.php in Teake Nutma Foing, as modified in Fully Modded phpBB (phpbbfm) 2021.4.40, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. CVSSv3.1 9.8 (CRITICAL)

CWECWE 94VNDFully Modded PhpbbTYPVulnerability
9.8
CVSS v3.1
99
Edit Score