Max CVSS | 9.3 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2007-1456 | 7.5 |
PHP remote file inclusion vulnerability in common.php in PHP Photo Album allows remote attackers to execute arbitrary PHP code via a URL in the db_file parameter. NOTE: CVE disputes this vulnerability, because versions 0.3.2.6 and 0.4.1beta do not c
|
17-05-2024 - 00:33 | 14-03-2007 - 18:19 | |
CVE-2007-1477 | 7.5 |
Directory traversal vulnerability in index.php in PHP Point Of Sale for osCommerce 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cfg_language parameter. NOTE: this issue has been disputed by CVE, s
|
17-05-2024 - 00:33 | 16-03-2007 - 21:19 | |
CVE-2006-3693 | 4.6 |
Rocks Clusters 4.1 and earlier allows local users to gain privileges via commands enclosed with escaped backticks (\`) in an argument to the (1) mount-loop (mount-loop.c) or (2) umount-loop (umount-loop.c) command, which is not filtered in a system f
|
18-10-2018 - 16:48 | 21-07-2006 - 14:03 | |
CVE-2007-1446 | 7.5 |
Multiple PHP remote file inclusion vulnerabilities in Open Education System (OES) 0.1beta allow remote attackers to execute arbitrary PHP code via a URL in the CONF_INCLUDE_PATH parameter to (1) lib-account.inc.php, (2) lib-file.inc.php, (3) lib-grou
|
16-10-2018 - 16:38 | 14-03-2007 - 00:19 | |
CVE-2007-1469 | 7.5 |
SQL injection vulnerability in gallery.asp in Absolute Image Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action.
|
16-10-2018 - 16:38 | 16-03-2007 - 21:19 | |
CVE-2007-1473 | 4.3 |
Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to
|
16-10-2018 - 16:38 | 16-03-2007 - 21:19 | |
CVE-2007-1455 | 9.0 |
Multiple absolute path traversal vulnerabilities in Fantastico, as used with cPanel 10.x, allow remote authenticated users to include and execute arbitrary local files via (1) the userlanguage parameter to includes/load_language.php or (2) the fantas
|
16-10-2018 - 16:38 | 14-03-2007 - 18:19 | |
CVE-2007-1443 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in register.php in Woltlab Burning Board (wBB) 2.3.6 and Burning Board Lite 1.0.2pl3e allow remote attackers to inject arbitrary web script or HTML via the (1) r_username, (2) r_email, (3) r_passwor
|
16-10-2018 - 16:38 | 14-03-2007 - 00:19 | |
CVE-2007-1439 | 9.3 |
PHP remote file inclusion vulnerability in ressourcen/dbopen.php in bitesser MySQL Commander 2.7 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the home parameter. Successful exploita
|
16-10-2018 - 16:38 | 13-03-2007 - 23:19 | |
CVE-2007-1472 | 6.8 |
Variable overwrite vulnerability in groupit/base/groupit.start.inc in Groupit 2.00b5 allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via arguments that are written to $_GLOBALS, as demonstrated using a
|
16-10-2018 - 16:38 | 16-03-2007 - 21:19 | |
CVE-2007-1483 | 7.5 |
Multiple PHP remote file inclusion vulnerabilities in WebCalendar 0.9.45 allow remote attackers to execute arbitrary PHP code via a URL in the includedir parameter to (1) login.php, (2) get_reminders.php, or (3) get_events.php.
|
16-10-2018 - 16:38 | 16-03-2007 - 21:19 | |
CVE-2007-0924 | 7.5 |
Till Gerken phpPolls 1.0.3 allows remote attackers to bypass authentication and perform certain administrative actions via a direct request to phpPollAdmin.php3. NOTE: this issue might subsume CVE-2006-3764.
|
16-10-2018 - 16:35 | 14-02-2007 - 11:28 | |
CVE-2007-5508 | 6.5 |
Multiple SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text component (CTX_DOC) in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) THEMES, (2) GI
|
15-10-2018 - 21:45 | 17-10-2007 - 23:17 | |
CVE-2011-1423 | 4.3 |
Cross-site scripting (XSS) vulnerability in RSA Data Loss Prevention (DLP) Enterprise Manager 8.x before 8.5 SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
09-10-2018 - 19:30 | 05-05-2011 - 02:39 | |
CVE-2008-4048 | 6.8 |
Heap-based buffer overflow in a certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to execute arbitrary code via a long third argument to the CreateURLShortcut method.
|
29-09-2017 - 01:31 | 11-09-2008 - 21:06 | |
CVE-2005-3661 | 5.0 |
Dell TrueMobile 2300 Wireless Broadband Router running firmware 3.0.0.8 and 5.1.1.6, and possibly other versions, allows remote attackers to reset authentication credentials, then change configuration or firmware, via a direct request to apply.cgi wi
|
11-07-2017 - 01:33 | 08-12-2005 - 11:03 |