SQL injection vulnerability in search.php in SiteX CMS 0.7.3 Beta allows remote attackers to execute arbitrary SQL commands via the search parameter.
Max CVSS
6.8
EPSS Score
0.10%
Published
2007-09-28
Updated
2018-10-15
PHP remote file inclusion vulnerability in includes/archive/archive_topic.php in IntegraMOD Nederland 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
Max CVSS
6.8
EPSS Score
6.30%
Published
2007-09-28
Updated
2017-09-29
PHP remote file inclusion vulnerability in admin/include/header.php in chupix 0.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the repertoire parameter.
Max CVSS
6.8
EPSS Score
2.69%
Published
2007-09-28
Updated
2017-09-29
PHP remote file inclusion vulnerability in forum/forum.php in lustig.cms BETA 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the view parameter.
Max CVSS
6.8
EPSS Score
2.69%
Published
2007-09-28
Updated
2017-09-29
Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl (Tcl/Tk) 8.4.13 through 8.4.15 allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the first. NOTE: this issue is due to an incorrect patch for CVE-2007-5378.
Max CVSS
6.8
EPSS Score
34.65%
Published
2007-09-28
Updated
2017-09-29
Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.
Max CVSS
6.8
EPSS Score
57.58%
Published
2007-09-27
Updated
2018-10-15
Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service (CPU consumption) via a certain PNG file with a large tEXt chunk that possibly triggers an integer overflow in PNG chunk size handling, as demonstrated by badlycrafted.png.
Max CVSS
7.1
EPSS Score
19.03%
Published
2007-09-27
Updated
2021-07-07
SQL injection vulnerability in index.php in Interspire ActiveKB NX 2.x allows remote attackers to execute arbitrary SQL commands via the catId parameter in a browse action. NOTE: it was separately reported that ActiveKB 1.5 is also affected.
Max CVSS
7.5
EPSS Score
0.13%
Published
2007-09-27
Updated
2018-10-15
Unspecified vulnerability in the client in Symantec Veritas Backup Exec for Windows Servers 11d has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
Max CVSS
10.0
EPSS Score
0.15%
Published
2007-09-27
Updated
2008-11-15
The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.5.3.12 and earlier allows remote attackers to execute arbitrary code via unspecified web script or HTML in an instant message, related to AIM's filtering of "specific tags and attributes" and the lack of Local Machine Zone lockdown. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4901.
Max CVSS
6.8
EPSS Score
0.78%
Published
2007-09-27
Updated
2018-10-15
SQL injection vulnerability in notas.asp in Novus 1.0 allows remote attackers to execute arbitrary SQL commands via the nota_id parameter.
Max CVSS
7.5
EPSS Score
0.08%
Published
2007-09-27
Updated
2017-09-29
SQL injection vulnerability in store_info.php in SoftBiz Classifieds PLUS allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
0.16%
Published
2007-09-27
Updated
2017-09-29
Multiple PHP remote file inclusion vulnerabilities in FrontAccounting (FA) 1.13, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter to (1) access/login.php and (2) includes/lang/language.php, different vectors than CVE-2007-4279.
Max CVSS
9.3
EPSS Score
5.84%
Published
2007-09-27
Updated
2017-10-19
Multiple PHP remote file inclusion vulnerabilities in Ekke Doerre Contenido 42VariablVersion (42VV10) in contenido_hacks in Mods 4 Xoops Contenido eZ publish (pdf4cms) allow remote attackers to execute arbitrary PHP code via a URL in the cfgPathInc parameter to (1) main_upl.php, (2) main_con_editside.php, (3) main_news_rcp.php, (4) main_mod.php, (5) main_tplinput_edit.php, (6) main_con.php, (7) main_tpl.php, (8) main_con_sidelist.php, (9) main_str.php, (10) main_news.php, (11) main_tplinput.php, (12) main_lang.php, (13) main_mod_edit.php, (14) main_lay.php, (15) main_lay_edit.php, (16) main_news_send.php, (17) main_con_edittpl.php, (18) main_stat.php, (19) main_tpl_edit.php, (20) main_news_edit.php, or (21) inc/upl_show_uploads.inc.php; the (a) cfgPathContenido or (b) cfgPathTpl parameter to (22) con_show_sidelist.inc.php, (23) mod_show_modules.inc.php, (24) con_edit_form.inc.php, (25) lay_show_layouts.inc.php, (26) con_show_tree.inc.php, (27) news_show_newsletters.inc.php, (28) str_show_tree.inc.php, (29) tpl_show_templates.inc.php, (30) stat_show_tree.inc.php, (31) con_editcontent.inc.php, or (32) news_show_recipients.inc.php in inc/; or the cfgPathTpl parameter to (33) main_user_md5.php3, or (34) actions_mod.php, (35) actions_lay.php, (36) actions_upl.php, (37) actions_stat.php, (38) actions_news.php, (39) actions_str.php, (40) header.php, (41) actions_con_sidelist.php, (42) main_top.inc.php, (43) actions_tpl.php, or (44) actions_con.php in tpl/. NOTE: vectors 21, 24, 26, 27, 32, 34, 35, 36, 37, 38, 39, 40, 41, 43, and 44 are disputed by CVE because PHP encounters a fatal function-call error on a direct request for the file, before reaching the include statement.
Max CVSS
7.5
EPSS Score
0.44%
Published
2007-09-26
Updated
2017-07-29
PHP remote file inclusion vulnerability in include/plugin/block.t.php in Peter Schmidt phpmyProfiler 0.9.6b allows remote attackers to execute arbitrary PHP code via a URL in the pmp_rel_path parameter. NOTE: this issue is disputed by CVE because the applicable require_once is in a function that is not called on a direct request
Max CVSS
6.8
EPSS Score
0.33%
Published
2007-09-26
Updated
2024-03-21
Absolute path traversal vulnerability in the EbCrypt.eb_c_PRNGenerator.1 ActiveX control in EBCRYPT.DLL 2.0.0.2087 and earlier in EB Design ebCrypt allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveToFile method. NOTE: some of these details are obtained from third party information.
Max CVSS
7.5
EPSS Score
4.91%
Published
2007-09-26
Updated
2017-09-29
Unspecified vulnerability in IAC Search & Media ask.com toolbar has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. NOTE: this might be the same issue as CVE-2007-5107.
Max CVSS
10.0
EPSS Score
0.26%
Published
2007-09-26
Updated
2018-10-15

CVE-2007-5107

Public exploit
Stack-based buffer overflow in the AskJeevesToolBar.SettingsPlugin.1 ActiveX control in askBar.dll in IAC Search & Media ask.com Ask Toolbar 4.0.2.53 and earlier allows remote attackers to execute arbitrary code via a long ShortFormat property value. NOTE: some of these details are obtained from third party information. NOTE: the researcher claims that this is the same as CVE-2007-5108, but there is insufficient detail for CVE-2007-5108 to be certain.
Max CVSS
9.3
EPSS Score
85.93%
Published
2007-09-26
Updated
2018-10-15
SQL injection vulnerability in index.php in the Arcade module in bcoos 1.0.10 allows remote attackers to execute arbitrary SQL commands via the gid parameter in a play_game action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.17%
Published
2007-09-26
Updated
2017-07-29
Directory traversal vulnerability in config.inc.php in Wordsmith 1.0 RC1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _path parameter.
Max CVSS
6.8
EPSS Score
0.75%
Published
2007-09-26
Updated
2017-09-29
PHP remote file inclusion vulnerability in config.inc.php in Wordsmith 1.0 RC1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the _path parameter.
Max CVSS
6.8
EPSS Score
1.29%
Published
2007-09-26
Updated
2017-10-19
ChironFS before 1.0 RC7 sets user/group ownership to the mounter account instead of the creator account when files are created, which allows local users to gain privileges.
Max CVSS
7.2
EPSS Score
0.04%
Published
2007-09-26
Updated
2017-07-29
Multiple PHP remote file inclusion vulnerabilities in phpBB Plus 1.53, and 1.53a before 20070922, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) language/lang_german/lang_admin_album.php, (2) language/lang_english/lang_main_album.php, and (3) language/lang_english/lang_admin_album.php, different vectors than CVE-2007-5009.
Max CVSS
6.8
EPSS Score
2.07%
Published
2007-09-26
Updated
2011-03-08
PHP remote file inclusion vulnerability in show.php in David Watters Helplink 0.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
Max CVSS
7.5
EPSS Score
6.30%
Published
2007-09-26
Updated
2017-10-19
Multiple PHP remote file inclusion vulnerabilities in DFD Cart 1.1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the set_depth parameter to (1) app.lib/product.control/core.php/product.control.config.php, or (2) customer.browse.list.php or (3) customer.browse.search.php in app.lib/product.control/core.php/customer.area/.
Max CVSS
6.8
EPSS Score
30.44%
Published
2007-09-26
Updated
2017-09-29
251 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!