# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
89701 |
CVE-2007-2349 |
|
|
XSS |
2007-04-30 |
2017-07-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows remote attackers to inject arbitrary web script or HTML by uploading crafted images or PDF files. |
89702 |
CVE-2007-2348 |
|
|
Exec Code |
2007-04-27 |
2017-10-10 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as "get" which could overwrite executable files. |
89703 |
CVE-2007-2347 |
|
|
Exec Code File Inclusion |
2007-04-27 |
2017-10-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
PHP remote file inclusion vulnerability in main/forum/komentar.php in OneClick CMS (aka Sisplet CMS) 05.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter. |
89704 |
CVE-2007-2346 |
|
|
Exec Code File Inclusion |
2007-04-27 |
2017-10-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple PHP remote file inclusion vulnerabilities in PHP-Generics 1.0 beta allow remote attackers to execute arbitrary PHP code via a URL in the _APP_RELATIVE_PATH parameter to (1) include.php, (2) dbcommon/include.php, and (3) exception/include.php. |
89705 |
CVE-2007-2345 |
|
|
Exec Code File Inclusion |
2007-04-27 |
2017-10-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
PHP remote file inclusion vulnerability in include/include_stream.inc.php in CodeWand phpBrowse allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. |
89706 |
CVE-2007-2344 |
|
|
DoS |
2007-04-27 |
2008-11-13 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
The BOOTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, on Windows allows remote attackers to cause a denial of service (daemon crash) via a UDP packet that contains an invalid "packet type" field. |
89707 |
CVE-2007-2343 |
|
|
Exec Code Overflow |
2007-04-27 |
2008-11-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Stack-based buffer overflow in the TFTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, allows remote attackers to execute arbitrary code via crafted request packets that contain long file names. |
89708 |
CVE-2007-2342 |
|
|
Exec Code Sql |
2007-04-27 |
2017-10-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in error.asp in CreaScripts CreaDirectory 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-6083. |
89709 |
CVE-2007-2341 |
|
|
Exec Code File Inclusion |
2007-04-27 |
2017-10-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
PHP remote file inclusion vulnerability in suite/index.php in phpBandManager 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the pg parameter. |
89710 |
CVE-2007-2340 |
94 |
|
Exec Code File Inclusion |
2007-04-27 |
2017-10-10 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple PHP remote file inclusion vulnerabilities in inc/include_all.inc.php in phporacleview allow remote attackers to execute arbitrary PHP code via a URL in the (1) page_dir or (2) inc_dir parameters. |
89711 |
CVE-2007-2339 |
|
|
Exec Code Sql |
2007-04-27 |
2018-10-16 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow remote attackers to execute arbitrary SQL commands via (1) a modified recipients parameter name in (a) pm.php; (2) the curr parameter to the (b) badwords (aka censorlist) or (c) banlist module in admin.php; or (3) the "Edit groups / Add group" field in the (d) groups module in admin.php. |
89712 |
CVE-2007-2338 |
|
|
CSRF |
2007-04-27 |
2018-10-16 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Cross-site request forgery (CSRF) vulnerability in include/admin/banlist.php in Phorum before 5.1.22 allows remote attackers to perform unauthorized banlist deletions as an administrator via the delete parameter. |
89713 |
CVE-2007-2337 |
79 |
|
XSS |
2007-04-27 |
2017-07-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS 0.96.6 Alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (b) magpie_simple.php in external/magpierss/scripts/, the (2) rss_url parameter to (c) magpie_slashbox.php in external/magpierss/scripts/, and the (3) body parameter to the (d) weblogmodule (aka Weblog Comments) module. |
89714 |
CVE-2007-2336 |
|
|
DoS |
2007-04-27 |
2017-07-28 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in InterVations NaviCOPA Web Server 2.01 20070323 allows remote attackers to cause a denial of service (daemon crash) via crafted HTTP requests, as demonstrated by long requests containing '\A' characters, probably a different issue than CVE-2006-5112 and CVE-2007-1733. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
89715 |
CVE-2007-2335 |
|
|
XSS |
2007-04-27 |
2017-07-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the RSS feed reader functionality in Lunascape 4.1.3 build2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
89716 |
CVE-2007-2334 |
|
|
|
2007-04-27 |
2008-11-13 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 has two template HTML files lacking certain verification tags, which allows remote attackers to access the administration interface and change the device configuration via certain requests. |
89717 |
CVE-2007-2333 |
|
|
|
2007-04-27 |
2008-11-13 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 includes the FIPSecryptedtest1219 and FIPSunecryptedtest1219 default accounts in the LDAP template, which might allow remote attackers to access the private network. |
89718 |
CVE-2007-2332 |
|
|
|
2007-04-27 |
2008-09-05 |
9.0 |
Admin |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 6_05.140 uses a fixed DES key to encrypt passwords, which allows remote authenticated users to obtain a password via a brute force attack on a hash from the LDAP store. |
89719 |
CVE-2007-2331 |
|
|
Exec Code File Inclusion |
2007-04-26 |
2018-10-16 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
PHP remote file inclusion vulnerability in cart.php in Shop-Script 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the lang_list parameter. |
89720 |
CVE-2007-2330 |
|
|
Exec Code File Inclusion |
2007-04-26 |
2018-10-16 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
PHP remote file inclusion vulnerability in includes_handler.php in DynaTracker 151 allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter. |
89721 |
CVE-2007-2329 |
|
|
Exec Code File Inclusion |
2007-04-26 |
2018-10-16 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
PHP remote file inclusion vulnerability in searchbot.php in Searchactivity allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. |
89722 |
CVE-2007-2328 |
|
|
Exec Code File Inclusion |
2007-04-26 |
2018-10-16 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
PHP remote file inclusion vulnerability in addvip.php in phpMYTGP 1.4b allows remote attackers to execute arbitrary PHP code via a URL in the msetstr[PROGSDIR] parameter. |
89723 |
CVE-2007-2327 |
|
|
Exec Code File Inclusion |
2007-04-26 |
2018-10-16 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
PHP remote file inclusion vulnerability in _editor.php in HTMLeditbox 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the settings[app_dir] parameter. |
89724 |
CVE-2007-2326 |
|
|
Exec Code File Inclusion |
2007-04-26 |
2018-10-16 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple PHP remote file inclusion vulnerabilities in HYIP Manager Pro allow remote attackers to execute arbitrary PHP code via a URL in the plugin_file parameter to (1) Smarty.class.php and (2) Smarty_Compiler.class.php in inc/libs/; (3) core.display_debug_console.php, (4) core.load_plugins.php, (5) core.load_resource_plugin.php, (6) core.process_cached_inserts.php, (7) core.process_compiled_include.php, and (8) core.read_cache_file.php in inc/libs/core/; and other unspecified files. NOTE: (1) and (2) might be incorrectly reported vectors in Smarty. |
89725 |
CVE-2007-2325 |
|
|
Exec Code File Inclusion |
2007-04-26 |
2018-10-16 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
PHP remote file inclusion vulnerability in include.php in MyNewsGroups :) allows remote attackers to execute arbitrary PHP code via a URL in the myng_root parameter. |
89726 |
CVE-2007-2324 |
|
|
Dir. Trav. |
2007-04-26 |
2017-10-10 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
Directory traversal vulnerability in file.php in JulmaCMS 1.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. |
89727 |
CVE-2007-2323 |
|
|
Exec Code Overflow |
2007-04-26 |
2017-07-28 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Multiple buffer overflows in the WinDVDX ActiveX control in InterVideo Home Theater 2.1.13.0 and 2.5.13.58 allow remote attackers to execute arbitrary code via a long string argument to the (1) GetDiscType or (2) AddFileList method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
89728 |
CVE-2007-2322 |
20 |
|
DoS |
2007-04-26 |
2017-07-28 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
NMMediaServer.exe in Nero MediaHome 2.5.5.0 and CE 1.3.0.4 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted packet that contains two CRLF sequences. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
89729 |
CVE-2007-2321 |
|
|
|
2007-04-26 |
2017-07-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the search functionality in SilverStripe 2.0.0 has unknown impact and attack vectors. |
89730 |
CVE-2007-2320 |
|
|
Exec Code Sql |
2007-04-26 |
2017-10-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in kontakt.php in Papoo 3.02 and earlier allows remote attackers to execute arbitrary SQL commands via the menuid parameter, a different vector than CVE-2005-4478. |
89731 |
CVE-2007-2319 |
94 |
|
Exec Code File Inclusion |
2007-04-26 |
2017-10-10 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
PHP remote file inclusion vulnerability in the AutoStand 1.1 and earlier module for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to mod_as_category.php in (1) modules/mod_as_category/ or (2) modules/. |
89732 |
CVE-2007-2318 |
|
|
Exec Code |
2007-04-26 |
2008-11-13 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Multiple format string vulnerabilities in FileZilla before 2.2.32 allow remote attackers to execute arbitrary code via format string specifiers in (1) FTP server responses or (2) data sent by an FTP server. NOTE: some of these details are obtained from third party information. |
89733 |
CVE-2007-2317 |
|
|
Exec Code File Inclusion |
2007-04-26 |
2017-10-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier, as used by TOSMO/Mambo 4.0.12 and probably other products, allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to bb_plugins.php in (1) components/minibb/ or (2) components/com_minibb, or (3) configuration.php. NOTE: the com_minibb.php vector is already covered by CVE-2006-3690. |
89734 |
CVE-2007-2316 |
|
|
|
2007-04-26 |
2008-11-13 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the admin script in Open Business Management (OBM) before 2.0.0 allows remote attackers to have an unknown impact by calling the script "in txt mode from a browser." |
89735 |
CVE-2007-2315 |
|
|
DoS |
2007-04-26 |
2008-11-15 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
MiniShare 1.5.4, and possibly earlier, allows remote attackers to cause a denial of service (application crash) via a flood of requests for new connections. |
89736 |
CVE-2007-2314 |
|
|
Exec Code Sql |
2007-04-26 |
2008-09-05 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple SQL injection vulnerabilities in Crea-Book 1.0, and possibly earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) pseudo or (2) passe parameter to (a) configurer.php, (b) connect.php, (c) delete.php, (d) delete2.php, (e) index.php, (f) infos.php, (g) membres.php, (h) modif-infos.php, (i) modif-message.php, (j) modif.php, (k) uninstall.php, or (l) uninstall_table.php in admin/, different vectors than CVE-2007-2000. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
89737 |
CVE-2007-2313 |
|
|
Exec Code File Inclusion |
2007-04-26 |
2017-10-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
PHP remote file inclusion vulnerability in getinfo1.php in the Shotcast 1.0 RC2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter. |
89738 |
CVE-2007-2312 |
|
|
Exec Code Sql |
2007-04-26 |
2018-10-16 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 R15 module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the n parameter to extra/online.php and other unspecified scripts in extra/. NOTE: this might be same vulnerability as CVE-2006-4142; however, there is an intervening vendor fix announcement. |
89739 |
CVE-2007-2311 |
|
|
Exec Code File Inclusion |
2007-04-26 |
2018-10-16 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
** DISPUTED ** PHP remote file inclusion vulnerability in install/index.php in BlooFoxCMS 0.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the content_php parameter. NOTE: this issue has been disputed by a reliable third party, stating that content_php is initialized before use. |
89740 |
CVE-2007-2310 |
|
|
XSS |
2007-04-26 |
2018-10-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in plugins/spaw/img_popup.php in BloofoxCMS 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the img_url parameter. |
89741 |
CVE-2007-2309 |
|
|
XSS |
2007-04-26 |
2008-11-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 allows remote attackers to inject arbitrary web script or HTML via the den parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
89742 |
CVE-2007-2308 |
|
|
XSS |
2007-04-26 |
2018-10-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 allows remote attackers to inject arbitrary web script or HTML via the rok parameter. |
89743 |
CVE-2007-2307 |
|
|
Exec Code File Inclusion |
2007-04-26 |
2017-10-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
PHP remote file inclusion vulnerability in engine/engine.inc.php in WebKalk2 1.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter. |
89744 |
CVE-2007-2306 |
|
|
XSS |
2007-04-26 |
2018-10-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in the Virtual War (VWar) 1.5.0 R15 and earlier module for PHP-Nuke, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) memberlist parameter to extra/login.php and the (2) title parameter to extra/today.php. |
89745 |
CVE-2007-2305 |
|
|
Exec Code Sql |
2007-04-26 |
2017-10-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple SQL injection vulnerabilities in authenticate.php in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. |
89746 |
CVE-2007-2304 |
|
|
Dir. Trav. |
2007-04-26 |
2017-10-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple directory traversal vulnerabilities in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to categories.php and other unspecified files. |
89747 |
CVE-2007-2303 |
|
|
Dir. Trav. |
2007-04-26 |
2017-10-18 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Directory traversal vulnerability in includes/footer.php in News Manager Deluxe (NMDeluxe) 1.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter. |
89748 |
CVE-2007-2302 |
|
|
Exec Code File Inclusion |
2007-04-26 |
2017-10-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
PHP remote file inclusion vulnerability in autoindex.php in Expow 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_file parameter. |
89749 |
CVE-2007-2301 |
|
|
Exec Code File Inclusion |
2007-04-26 |
2017-10-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple PHP remote file inclusion vulnerabilities in audioCMS arash 0.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the arashlib_dir parameter to (1) edit.inc.php and (2) list_features.inc.php in arash_lib/include, and (3) arash_gadmin.class.php and (4) arash_sadmin.class.php in arash_lib/class/. |
89750 |
CVE-2007-2300 |
|
|
XSS |
2007-04-26 |
2018-10-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto Surat kabar / News Management Online (aka phpwebnews) 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the m_txt parameter to (1) iklan.php, (2) index.php, or (3) bukutamu.php. |