| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2007-6587 |
89 |
1
|
Exec Code Sql |
2007-12-28 |
2017-08-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
2 |
CVE-2007-6515 |
94 |
1
|
Exec Code |
2007-12-21 |
2018-10-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
support/dispatch.cgi in SiteScape Forum allows remote attackers to execute arbitrary TCL code via code separator characters in the query string. |
|
3 |
CVE-2007-6032 |
89 |
1
|
Exec Code Sql |
2007-11-20 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in calendar/page.asp in Aleris Web Publishing Server 3.0 allows remote attackers to execute arbitrary SQL commands via the mode parameter. |
|
4 |
CVE-2007-5994 |
94 |
1
|
Exec Code File Inclusion |
2007-11-15 |
2008-11-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in check_noimage.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the config[path_src_include] parameter. |
|
5 |
CVE-2007-5649 |
79 |
1
|
XSS |
2007-10-23 |
2017-07-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in lostpwd.php in Creative Digital Resources SocketMail 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the lost_id parameter. |
|
6 |
CVE-2007-5647 |
79 |
1
|
XSS |
2007-10-23 |
2017-07-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in SocketKB 1.1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) art_id or (2) node parameter in an article action to the default URI. |
|
7 |
CVE-2007-5629 |
79 |
1
|
XSS |
2007-10-23 |
2017-07-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in admin/logon.asp in ShoppingTree CandyPress Store 4.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different vector than CVE-2007-2804. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
8 |
CVE-2007-5222 |
89 |
1
|
Exec Code Sql |
2007-10-05 |
2017-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.76 allows remote attackers to execute arbitrary SQL commands via a "Firefox ID=" substring in a Referer HTTP header. |
|
9 |
CVE-2007-5182 |
79 |
1
|
XSS |
2007-10-03 |
2017-07-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in mail.asp in Netkamp Emlak Scripti allows remote attackers to inject arbitrary web script or HTML via the (1) Email parameter, and possibly the (2) Ad, (3) Soyad, (4) Konu, and (5) Mesaj parameters to iletisim.asp. |
|
10 |
CVE-2007-5181 |
89 |
1
|
Exec Code Sql |
2007-10-03 |
2017-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in detay.asp in Netkamp Emlak Scripti allows remote attackers to execute arbitrary SQL commands via the ilan_id parameter. |
|
11 |
CVE-2007-5180 |
89 |
1
|
Exec Code Sql |
2007-10-03 |
2017-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in Ohesa Emlak Portali allow remote attackers to execute arbitrary SQL commands via the (1) Kategori parameter in satilik.asp and the (2) Emlak parameter in detay.asp. |
|
12 |
CVE-2007-4734 |
119 |
1
|
Exec Code Overflow |
2007-09-06 |
2017-09-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Buffer overflow in Ots Labs OTSTurntables 1.00 allows user-assisted remote attackers to execute arbitrary code via a long file path in an m3u file. |
|
13 |
CVE-2007-3940 |
|
1
|
XSS |
2007-07-21 |
2017-07-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in default.asp in QuickerSite 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the svalue parameter in a search action. NOTE: some of these details are obtained from third party information. |
|
14 |
CVE-2007-3839 |
|
1
|
XSS |
2007-07-17 |
2008-09-05 |
4.0 |
None |
Remote |
High |
Not required |
Partial |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev.NET DR 010306 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the avatar parameter. NOTE: this may be related to the tracker program in the Janitor package. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
15 |
CVE-2007-3838 |
|
1
|
XSS |
2007-07-17 |
2008-09-05 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev.NET DR 11-10-05-BETA-SF1:111005 and earlier allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of a SCRIPT element in the avatar parameter. NOTE: this may be related to the tracker program in the Janitor package. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
16 |
CVE-2007-3823 |
|
1
|
DoS |
2007-07-17 |
2017-07-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The Logging Server (Logsrv.exe) in IPSwitch WS_FTP 7.5.29.0 allows remote attackers to cause a denial of service (daemon crash) by sending a crafted packet containing a long string to port 5151/udp. |
|
17 |
CVE-2007-3812 |
|
1
|
Exec Code Sql |
2007-07-17 |
2017-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in forums.php in CMScout 1.23 and earlier allows remote attackers to execute arbitrary SQL commands via the f parameter in a forums action to index.php. |
|
18 |
CVE-2007-3808 |
|
1
|
Exec Code Sql |
2007-07-17 |
2017-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in includes/search.php in paFileDB 3.6 allows remote attackers to execute arbitrary SQL commands via the categories[] parameter in a search action to index.php, a different vector than CVE-2005-2000. |
|
19 |
CVE-2007-3806 |
20 |
1
|
DoS Exec Code Mem. Corr. |
2007-07-17 |
2017-09-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure. |
|
20 |
CVE-2007-3703 |
|
1
|
Exec Code Overflow |
2007-07-11 |
2017-09-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in a certain ActiveX control in sasatl.dll 1.5.0.531 in Zenturi Program Checker (ProgramChecker) Pro allows remote attackers to execute arbitrary code via a long argument to the Fill method. NOTE: this is probably a different issue than CVE-2007-2987. |
|
21 |
CVE-2007-3655 |
119 |
1
|
Exec Code Overflow |
2007-07-10 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file. |
|
22 |
CVE-2007-3574 |
79 |
1
|
XSS |
2007-07-05 |
2018-10-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3) snmp_getcomm, or (4) snmp_setcomm parameter. |
|
23 |
CVE-2007-3530 |
|
1
|
+Priv |
2007-07-03 |
2018-10-15 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
PHPDirector 0.21 and earlier stores the admin account name and password in config.php, which allows local users to gain privileges by reading this file. |
|
24 |
CVE-2007-3529 |
|
1
|
+Info |
2007-07-03 |
2018-10-15 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
videos.php in PHPDirector 0.21 and earlier allows remote attackers to obtain sensitive information via an empty value of the id[] parameter, which reveals the path in an error message. |
|
25 |
CVE-2007-3340 |
119 |
1
|
DoS Overflow |
2007-06-21 |
2018-10-16 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
BugHunter HTTP SERVER (httpsv.exe) 1.6.2 allows remote attackers to cause a denial of service (application crash) via a large number of requests for nonexistent pages. |
|
26 |
CVE-2007-3162 |
|
1
|
DoS Overflow |
2007-06-11 |
2017-10-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in the NotSafe function in the idaiehlp ActiveX control in idaiehlp.dll 1.9.1.74 in Internet Download Accelerator (ida) 5.2 allows remote attackers to cause a denial of service (Internet Explorer crash) via a long argument. |
|
27 |
CVE-2007-3133 |
|
1
|
Exec Code Sql |
2007-06-08 |
2018-10-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in urunbak.asp in W1L3D4 WEBmarket 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
28 |
CVE-2007-2821 |
|
1
|
Exec Code Sql |
2007-05-22 |
2018-10-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter. |
|
29 |
CVE-2007-2792 |
|
2
|
Exec Code Sql |
2007-05-22 |
2017-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the Yet another Newsletter Component (aka YaNC or com_yanc) component before 1.5 beta 3 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter to index.php. NOTE: some of these details are obtained from third party information. |
|
30 |
CVE-2007-2586 |
863 |
1
|
Exec Code Overflow |
2007-05-10 |
2020-05-22 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have other impact including reading startup-config, as demonstrated by a crafted MKD command that involves access to a VTY device and overflows a buffer, aka bug ID CSCek55259. |
|
31 |
CVE-2007-2583 |
|
1
|
DoS |
2007-05-10 |
2021-11-08 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference. |
|
32 |
CVE-2007-2526 |
|
1
|
Exec Code Overflow |
2007-05-08 |
2017-10-11 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the ConnectAsyncEx function in VNC Viewer ActiveX control (scvncctrl.dll) in the SmartCode VNC Manager 3.6 allows remote attackers to execute arbitrary code via a long argument. |
|
33 |
CVE-2007-2482 |
|
1
|
Dir. Trav. |
2007-05-03 |
2018-10-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in wordtube-button.php in the wordTube 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the wpPATH parameter. |
|
34 |
CVE-2007-2423 |
|
1
|
XSS |
2007-05-02 |
2008-11-13 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in index.php in MoinMoin 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the do parameter in an AttachFile action, a different vulnerability than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
35 |
CVE-2007-2373 |
|
1
|
Exec Code Sql |
2007-04-30 |
2018-10-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in viewcat.php in the WF-Links (wflinks) 1.03 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter. |
|
36 |
CVE-2007-2222 |
119 |
1
|
Exec Code Overflow Mem. Corr. |
2007-06-12 |
2021-07-23 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS. |
|
37 |
CVE-2007-2195 |
|
1
|
DoS |
2007-04-24 |
2008-11-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
aMSN (aka Alvaro's Messenger) 0.96 and earlier allows remote attackers to cause a denial of service (application crash) by sending invalid data to TCP port 31337. |
|
38 |
CVE-2007-1377 |
400 |
1
|
DoS |
2007-03-10 |
2022-02-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236. |
|
39 |
CVE-2007-1162 |
|
1
|
DoS |
2007-03-02 |
2017-10-11 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
A certain ActiveX control in the Common Controls Replacement Project (CCRP) CCRP BrowseDialog Server (ccrpbds6.dll) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) IsFolderAvailable or (2) RootFolder property value, different vectors than CVE-2007-0371. |
|
40 |
CVE-2007-0641 |
|
1
|
Exec Code Overflow |
2007-01-31 |
2008-11-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the EnumPrintersA function in dapcnfsd.dll 0.6.4.0 in Shaffer Solutions (SSC) DiskAccess NFS Client allows remote attackers to execute arbitrary code via a long argument, an issue similar to CVE-2006-5854 and CVE-2007-0444. |
|
41 |
CVE-2007-0444 |
119 |
1
|
Exec Code Overflow |
2007-01-24 |
2018-10-16 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions. |
|
42 |
CVE-2006-7005 |
|
1
|
Exec Code Sql |
2007-02-12 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in item.php in PSY Auction allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
43 |
CVE-2006-7004 |
|
1
|
XSS |
2007-02-12 |
2008-09-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site scripting (XSS) vulnerability in email_request.php in PSY Auction allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
44 |
CVE-2006-6958 |
94 |
1
|
Exec Code File Inclusion |
2007-01-29 |
2018-10-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in phpBlueDragon 2.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter to (1) team_admin.php, (2) rss_admin.php, (3) manual_admin.php, and (4) forum_admin.php in includes/root_modules/, a different set of vectors than CVE-2006-3076. |
