SQL injection vulnerability in philboard_forum.asp in Metyus Forum Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: this might be related to CVE-2007-0920 or CVE-2007-3884.
Max CVSS
6.8
EPSS Score
0.43%
Published
2007-07-31
Updated
2018-10-15
Multiple cross-site scripting (XSS) vulnerabilities in IT!CMS (itcms) 0.2 allow remote attackers to inject arbitrary web script or HTML via the wndtitle parameter to (1) lang-en.php, (2) menu-ed.php, or (3) titletext-ed.php.
Max CVSS
4.3
EPSS Score
0.80%
Published
2007-07-31
Updated
2018-10-15
Multiple SQL injection vulnerabilities in unuttum.asp in SuskunDuygular Uyelik Sistemi 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) kadi or (2) email parameter. NOTE: some of these details are obtained from third party information.
Max CVSS
7.5
EPSS Score
0.40%
Published
2007-07-31
Updated
2018-10-15
Unspecified vulnerability in Advanced Webhost Billing System (AWBS) before 2.6.0 allows remote authenticated users to obtain configuration data about other dedicated servers via unspecified vectors.
Max CVSS
3.5
EPSS Score
0.16%
Published
2007-07-31
Updated
2008-11-15
Multiple SQL injection vulnerabilities in Advanced Webhost Billing System (AWBS) before 2.6.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged for XSS attacks that "bypass AWBS's anti-XSS input validation."
Max CVSS
6.8
EPSS Score
0.30%
Published
2007-07-31
Updated
2017-07-29
SQL injection vulnerability in the login script in Real Estate listing website application template, when logging in as user or manager, allows remote attackers to execute arbitrary SQL commands via the Password parameter.
Max CVSS
6.8
EPSS Score
1.07%
Published
2007-07-31
Updated
2018-10-15
SQL injection vulnerability in sign_in.aspx in Message Board / Threaded Discussion Forum Application Template allows remote attackers to execute arbitrary SQL commands via the Password parameter.
Max CVSS
7.5
EPSS Score
0.31%
Published
2007-07-31
Updated
2018-10-15
SQL injection vulnerability in sign_in.aspx in WebStore (Online Store Application Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter.
Max CVSS
7.5
EPSS Score
0.31%
Published
2007-07-31
Updated
2018-10-15
SQL injection vulnerability in sign_in.aspx in WebEvents (Online Event Registration Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter.
Max CVSS
7.5
EPSS Score
1.04%
Published
2007-07-31
Updated
2018-10-15
SQL injection vulnerability in editpost.php in phpMyForum before 4.1.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information.
Max CVSS
7.5
EPSS Score
0.64%
Published
2007-07-31
Updated
2011-03-08
SQL injection vulnerability in login.asp in CodeWidgets Pay Roll - Time Sheet and Punch Card Application With Web Interface allows remote attackers to execute arbitrary SQL commands via the Password parameter.
Max CVSS
6.8
EPSS Score
0.70%
Published
2007-07-31
Updated
2018-10-15
A certain ActiveX control in BaiduBar.dll in Baidu Soba Search Bar 5.4 allows remote attackers to execute arbitrary code via a request containing "a link to download and a file to execute," possibly involving remote file inclusion.
Max CVSS
9.3
EPSS Score
12.60%
Published
2007-07-31
Updated
2018-10-15
Multiple cross-site scripting (XSS) vulnerabilities in the WP-FeedStats before 2.4 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, one of which involves an rss2 feed with an invalid or missing blog with an XSS sequence in the query string.
Max CVSS
4.3
EPSS Score
1.48%
Published
2007-07-31
Updated
2017-07-29
The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of calls that do not complete a 3-way handshake, which causes an ast_channel to be allocated but not released.
Max CVSS
7.8
EPSS Score
34.70%
Published
2007-07-31
Updated
2024-02-08
Cross-site scripting (XSS) vulnerability in search.php for sBlog 0.7.3 Beta allows remote attackers to inject arbitrary HTML and web script via a leading '"/></> sequence in the search string.
Max CVSS
4.3
EPSS Score
0.30%
Published
2007-07-31
Updated
2018-10-15
Multiple PHP remote file inclusion vulnerabilities in Madoa Poll 1.1 allow remote attackers to execute arbitrary PHP code via the Madoa parameter to (1) index.php, (2) vote.php, and (3) admin.php.
Max CVSS
6.8
EPSS Score
13.86%
Published
2007-07-31
Updated
2018-10-15
MLDonkey before 2.9.0 does not load certain code from $MLDONKEY/web_infos/ before the network modules become active, which allows remote attackers to bypass the IP blocklist.
Max CVSS
5.0
EPSS Score
1.99%
Published
2007-07-31
Updated
2017-07-29
Tor before 0.1.2.15 can select a guard node beyond the first listed never-before-connected-to guard node, which allows remote attackers with control of certain guard nodes to obtain sensitive information and possibly leverage further attacks.
Max CVSS
5.8
EPSS Score
1.32%
Published
2007-07-30
Updated
2011-03-08
Tor before 0.1.2.15 does not properly distinguish "streamids from different exits," which might allow remote attackers with control over Tor routers to inject cells into arbitrary streams.
Max CVSS
5.8
EPSS Score
0.78%
Published
2007-07-30
Updated
2011-03-08
Tor before 0.1.2.15 sends "destroy cells" containing the reason for tearing down a circuit, which allows remote attackers to obtain sensitive information, contrary to specifications.
Max CVSS
6.4
EPSS Score
1.32%
Published
2007-07-30
Updated
2011-03-08
Buffer overflow in Tor before 0.1.2.15, when using BSD natd support, allows remote attackers to cause a denial of service via unspecified vectors.
Max CVSS
5.8
EPSS Score
1.27%
Published
2007-07-30
Updated
2011-03-08
SQL injection vulnerability in BSM Store Dependent Forums 1.02 allows remote attackers to execute arbitrary SQL commands via a Username field in an unspecified component, probably the FrmUserName parameter in login.asp.
Max CVSS
7.5
EPSS Score
0.07%
Published
2007-07-30
Updated
2018-10-15
PHP remote file inclusion vulnerability in library/authorize.php in IDevSpot PhpHostBot allows remote attackers to execute arbitrary PHP code via a URL in the login_form parameter, a different vector than CVE-2006-3776.
Max CVSS
7.5
EPSS Score
0.69%
Published
2007-07-30
Updated
2018-10-15
Minb Is Not a Blog (minb) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing usernames and encrypted passwords via a direct request for db/users.db.
Max CVSS
7.8
EPSS Score
0.55%
Published
2007-07-30
Updated
2018-10-15
Directory traversal vulnerability in index.php in iFoto 1.0.1 and earlier allows remote attackers to list arbitrary directories, and possibly download arbitrary photos, via a .. (dot dot) in the dir parameter.
Max CVSS
5.0
EPSS Score
1.86%
Published
2007-07-30
Updated
2018-10-15
571 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!