Total
3303 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4809 | 1 Online Fantasy Football League | 1 Offl | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Online Fantasy Football League (OFFL) 0.2.6 allow remote attackers to execute arbitrary PHP code via a URL in the DOC_ROOT parameter to (1) lib/functions.php or (2) lib/header.php. | |||||
| CVE-2007-4807 | 1 Focus Sis | 1 Focus Sis | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Focus/SIS 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the staticpath parameter to (1) modules/Discipline/CategoryBreakdownTime.php or (2) modules/Discipline/StudentFieldBreakdown.php. | |||||
| CVE-2007-4806 | 1 Focus Sis | 1 Focus Sis | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in modules/Discipline/CategoryBreakdownTime.php in Focus/SIS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the FocusPath parameter. | |||||
| CVE-2007-4763 | 1 Tim Jackson | 1 Phpof | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in dbmodules/DB_adodb.class.php in PHP Object Framework (PHPOF) 20040226 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHPOF_INCLUDE_PATH parameter. | |||||
| CVE-2007-4744 | 1 Anyinventory | 1 Anyinventory | 2017-09-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in environment.php in AnyInventory 1.9.1 and 2.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PREFIX parameter. | |||||
| CVE-2007-4737 | 1 Speedtech | 1 Stphplibrary | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the STPHPLIB_DIR parameter to (1) stphpapplication.php, (2) stphpbtnimage.php, or (3) stphpform.php. | |||||
| CVE-2007-4712 | 1 Enetman | 1 Enetman | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in eNetman 1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
| CVE-2007-4646 | 1 Hexamail | 1 Hexamail Server | 2017-09-29 | 10.0 HIGH | N/A |
| Buffer overflow in the pop3 service in Hexamail Server 3.0.0.001 Lite allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long USER command. | |||||
| CVE-2007-4645 | 1 Nmdeluxe | 1 Nmdeluxe | 2017-09-29 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in index.php in NMDeluxe 2.0.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a newspost do action, a different vulnerability than CVE-2006-1108. | |||||
| CVE-2007-4640 | 1 Pakupaku | 1 Pakupaku Cms | 2017-09-29 | 6.4 MEDIUM | N/A |
| Unrestricted file upload vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to upload and execute arbitrary PHP files in uploads/ via an Uploads action. | |||||
| CVE-2007-4606 | 1 Phpnuke-clan | 1 Phpnuke-clan | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in convert/mvcw_conver.php in the Virtual War (VWar) module for PHPNuke-Clan (PNC) 4.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter, a different vector than CVE-2006-1602. NOTE: it is possible that this issue stems from a problem in VWar itself. | |||||
| CVE-2007-4605 | 1 Vwar | 1 Virtual War | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in convert/mvcw.php in Virtual War (VWar) 1.5.0 R15 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter, a different vector than CVE-2006-1503, CVE-2006-1636, and CVE-2006-1747. | |||||
| CVE-2007-4575 | 1 Openoffice | 1 Openoffice | 2017-09-29 | 9.3 HIGH | N/A |
| HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods." | |||||
| CVE-2007-3586 | 1 Mycms | 1 Mycms | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 and earlier allow remote attackers to inject arbitrary PHP code into (1) a _score.txt file via the score parameter, or (2) a _setby.txt file via a login cookie, which is then included by games.php. NOTE: programs that use games.php might include (a) snakep.php, (b) tetrisp.php, and possibly other site-specific files. | |||||
| CVE-2013-5325 | 2 Adobe, Microsoft | 3 Acrobat, Acrobat Reader, Windows | 2017-09-19 | 9.3 HIGH | N/A |
| Adobe Reader and Acrobat 11.x before 11.0.05 on Windows allow remote attackers to execute arbitrary JavaScript code in a javascript: URL via a crafted PDF document. | |||||
| CVE-2013-2549 | 1 Adobe | 1 Acrobat Reader | 2017-09-19 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Adobe Reader 11.0.02 allows remote attackers to execute arbitrary code via vectors related to a "break into the sandbox," as demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013. | |||||
| CVE-2013-1688 | 1 Mozilla | 1 Firefox | 2017-09-19 | 9.3 HIGH | N/A |
| The Profiler implementation in Mozilla Firefox before 22.0 parses untrusted data during UI rendering, which allows user-assisted remote attackers to execute arbitrary JavaScript code via a crafted web site. | |||||
| CVE-2013-1491 | 1 Oracle | 2 Jdk, Jre | 2017-09-19 | 10.0 HIGH | N/A |
| The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via vectors related to 2D, as demonstrated by Joshua Drake during a Pwn2Own competition at CanSecWest 2013. | |||||
| CVE-2013-1488 | 1 Oracle | 2 Jdk, Jre | 2017-09-19 | 10.0 HIGH | N/A |
| The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James Forshaw during a Pwn2Own competition at CanSecWest 2013. | |||||
| CVE-2013-0618 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2017-09-19 | 10.0 HIGH | N/A |
| Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0607, CVE-2013-0608, CVE-2013-0611, and CVE-2013-0614. | |||||