All CVEs — 2007 (Page 3/18)

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0

2007-12-10

Medium

CVE-2007-6305

Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 7 R3.2.0 allow attackers to gain privileges via "some HMC commands."

CVSS: 4.6 CWE: CWE-119

Medium

CVE-2007-6302

Multiple heap-based buffer overflows in avirus.exe in Novell NetMail 3.5.2 before Messaging Architects M+NetMail 3.52f (aka 3.5.2F) allows remote attackers to execute arbitrary code via unspecified A…

CVSS: 6.8 CWE: CWE-119

Medium

CVE-2007-6295

Cross-site scripting (XSS) vulnerability in the WebRunMenuFrame page in the online meeting center template in IBM Lotus Sametime before 8.0 allows remote attackers to inject arbitrary web script or H…

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2007-6301

Cross-site scripting (XSS) vulnerability in compose.php in OpenNewsletter 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter.

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2007-6300

Cross-site request forgery (CSRF) vulnerability in Fusion News 3.9.0 allows remote attackers to perform unauthorized actions via unspecified vectors.

CVSS: 5.0 CWE: CWE-352

High

CVE-2007-6299

Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x before 4.7.9 and 5.x before 5.4 allow remote attackers to execute arbitrary SQL commands via modules that pass input to the taxonom…

CVSS: 7.5 CWE: CWE-20

Medium

CVE-2007-6298

Cross-site scripting (XSS) vulnerability in the Shoutbox module for Drupal 5.x before Shoutbox 5.x-1.1 allows remote authenticated users to inject arbitrary web script or HTML via Shoutbox block mess…

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2007-6296

PHP remote file inclusion vulnerability in users_popupL.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the From parameter.

CVSS: 5.0 CWE: CWE-94

Medium

CVE-2007-6297

Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML via the (1) LIMIT parameter to chat/deluser.php3, the (2) Link pa…

CVSS: 4.3 CWE: CWE-79

High

CVE-2007-6292

SQL injection vulnerability in leggi_commenti.asp in MWOpen 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89

High

CVE-2007-6288

Multiple SQL injection vulnerabilities in TCExam before 5.1.000 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS: 7.5 CWE: CWE-89

Medium

CVE-2007-6287

Cross-site scripting (XSS) vulnerability in the login page in Lxlabs HyperVM 2.0 allows remote attackers to inject arbitrary web script or HTML via the frm_emessage parameter, a different vector than…

CVSS: 4.3 CWE: CWE-79

High

CVE-2007-6291

SQL injection vulnerability in abm.aspx in Xigla Absolute Banner Manager .NET 4.0 allows remote attackers to execute arbitrary SQL commands via the z parameter.

CVSS: 7.5 CWE: CWE-89

Medium

CVE-2007-6289

Multiple PHP remote file inclusion vulnerabilities in SerWeb 2.0.0 dev1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SERWEB[configdir] parameter to load_lang…

CVSS: 6.8 CWE: CWE-94

Medium

CVE-2007-6290

Multiple directory traversal vulnerabilities in js/get_js.php in SERWeb 2.0.0 dev1 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) mod and (2) js parameters.

CVSS: 5.0 CWE: CWE-22

2007-12-07

Medium

CVE-2007-6271

Absolute News Manager.NET 5.1 allows remote attackers to obtain sensitive information via a direct request to getpath.aspx, which reveals the installation path in an error message.

CVSS: 5.0 CWE: CWE-20

Critical

CVE-2007-6278

Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a…

CVSS: 9.3 CWE: CWE-20

Critical

CVE-2007-6277

Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment…

CVSS: 9.3 CWE: CWE-119

High

CVE-2007-6275

SQL injection vulnerability in modules/adresses/ratefile.php in bcoos 1.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the lid parameter, a different vector than CVE-2…

CVSS: 7.5 CWE: CWE-89

Medium

CVE-2007-6274

Multiple cross-site scripting (XSS) vulnerabilities in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the…

CVSS: 4.3 CWE: CWE-79

Critical

CVE-2007-6273

Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string…

CVSS: 9.3 CWE: CWE-134

High

CVE-2007-6272

Multiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 allow remote attackers to execute arbitrary SQL commands via (1) the view parameter to the com_content component, (2) the task p…

CVSS: 7.5 CWE: CWE-89

High

CVE-2007-6269

Multiple SQL injection vulnerabilities in xlaabsolutenm.aspx in Absolute News Manager.NET 5.1 allow remote attackers to execute arbitrary SQL commands via the (1) z, (2) pz, (3) ord, and (4) sort par…

CVSS: 7.5 CWE: CWE-89

Medium

CVE-2007-6268

Directory traversal vulnerability in pages/default.aspx in Absolute News Manager.NET 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.

CVSS: 5.0 CWE: CWE-22

High

CVE-2007-6266

Multiple SQL injection vulnerabilities in bcoos 1.0.10 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the gid parameter to modules/arcade/index.php in a show_stats actio…

CVSS: 7.5 CWE: CWE-89

Medium

CVE-2007-6265

Unspecified vulnerability in avast! 4 Home and Professional Editions before 4.7.1098 allows remote attackers to have an unknown impact via a crafted TAR archive.

CVSS: 6.8 CWE: CWE-119

Critical

CVE-2007-6109

Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integ…

CVSS: 10.0 CWE: CWE-119

Medium

CVE-2007-6270

Multiple cross-site scripting (XSS) vulnerabilities in Absolute News Manager.NET 5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) rmore parameter to xlaabsolutenm.aspx an…

CVSS: 4.3 CWE: CWE-79

2007-12-06

Critical

CVE-2007-5769

Double free vulnerability in the getreply function in ftp.c in netkit ftp (netkit-ftp) 0.17 20040614 and later allows remote FTP servers to cause a denial of service (application crash) and possibly…

CVSS: 10.0 CWE: CWE-119

Critical

CVE-2007-5939

The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact…

CVSS: 10.0 CWE: CWE-119

Critical

CVE-2007-6263

The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, when certain modifications to support SSL have been introduced, calls fclose on an uninitialized file stream, which allows remote at…

CVSS: 9.3 CWE: CWE-20

Critical

CVE-2007-5972

Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operati…

CVSS: 9.0 CWE: CWE-119

Medium

CVE-2007-6262

A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVar…

CVSS: 6.8 CWE: CWE-119

Critical

CVE-2007-4575

HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static…

CVSS: 9.3 CWE: CWE-94

2007-12-05

High

CVE-2007-6014

SQL injection vulnerability in post.php in Beehive Forum 0.7.1 and earlier allows remote attackers to execute arbitrary SQL commands via the t_dedupe parameter.

CVSS: 7.5 CWE: CWE-89

High

CVE-2007-6240

SQL injection vulnerability in active.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the BuildTime parameter.

CVSS: 7.5 CWE: CWE-89

Medium

CVE-2007-5613

Cross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters and cookies.

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2007-5615

CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

CVSS: 5.0 CWE: CWE-94

2007-12-04

High

CVE-2007-6231

Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statis…

CVSS: 7.5 CWE: CWE-94

Medium

CVE-2007-6239

The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP heade…

CVSS: 5.0 CWE: CWE-20

Critical

CVE-2007-6237

cp.php in DeluxeBB 1.09 does not verify that the membercookie parameter corresponds to the authenticated member during a profile update, which allows remote authenticated users to change the e-mail a…

CVSS: 9.0 CWE: CWE-287

Medium

CVE-2007-6235

A certain ActiveX control in RealNetworks RealPlayer 11 allows remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error. NOTE:…

CVSS: 5.0 CWE: CWE-20

Medium

CVE-2007-6224

The RealNetworks RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll, as shipped with RealPlayer 11, allows remote attackers to cause a denial of service (browser crash) via a certain argument…

CVSS: 5.0 CWE: CWE-20

Medium

CVE-2007-6233

Directory traversal vulnerability in index.php in FTP Admin 0.1.0 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in so…

CVSS: 4.9 CWE: CWE-22

Critical

CVE-2007-6234

index.php in FTP Admin 0.1.0 allows remote attackers to bypass authentication and obtain administrative access via a loggedin parameter with a value of true, as demonstrated by adding a user account.

CVSS: 10.0 CWE: CWE-287

High

CVE-2007-6230

Directory traversal vulnerability in common/classes/class_HeaderHandler.lib.php in Rayzz Script 2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the CFG[…

CVSS: 7.5 CWE: CWE-22

High

CVE-2007-6229

PHP remote file inclusion vulnerability in common/classes/class_HeaderHandler.lib.php in Rayzz Script 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the CFG[site][project_path…

CVSS: 7.5 CWE: CWE-94

Medium

CVE-2007-6228

Stack-based buffer overflow in the Helper class in the yt.ythelper.2 ActiveX control in Yahoo! Toolbar 1.4.1 allows remote attackers to cause a denial of service (browser crash) via a long argument t…

CVSS: 6.8 CWE: CWE-119

High

CVE-2007-6227

QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock (code_gen_buffer) buffer, and probably have unspecified other impacts related to an "overflo…

CVSS: 7.2 CWE: CWE-119

High

CVE-2007-6226

The American Power Conversion (APC) AP7932 0u 30amp Switched Rack Power Distribution Unit (PDU), with rpdu 3.5.5 and aos 3.5.6, allows remote attackers to bypass authentication and obtain login acces…

CVSS: 7.1 CWE: CWE-287

Medium

CVE-2007-6232

Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action.

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2007-6218

Multiple PHP remote file inclusion vulnerabilities in Ossigeno CMS 2.2 pre1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) level parameter to (a) install_module.php and (b)…

CVSS: 5.0 CWE: CWE-20

Medium

CVE-2007-6219

Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool Security Manager 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79

High

CVE-2007-6221

TuMusika Evolution 1.7R5 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information i…

CVSS: 7.8 CWE: CWE-200

High

CVE-2007-6223

SQL injection vulnerability in garage.php in phpBB Garage 1.2.0 Beta3 allows remote attackers to execute arbitrary SQL commands via the make_id parameter in a search action in browse mode.

CVSS: 7.5 CWE: CWE-89

Medium

CVE-2007-6215

Multiple directory traversal vulnerabilities in play.php in Web-MeetMe 3.0.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) roomNo and possibly the (2) bookid parameter.

CVSS: 5.0 CWE: CWE-22

High

CVE-2007-6217

Multiple SQL injection vulnerabilities in login.asp in Irola My-Time (aka Timesheet) 3.5 allow remote attackers to execute arbitrary SQL commands via the (1) login (aka Username) and (2) password par…

CVSS: 7.5 CWE: CWE-89

Medium

CVE-2007-6216

Race condition in the Fibre Channel protocol (fcp) driver and Devices filesystem (devfs) in Sun Solaris 10 allows local users to cause a denial of service (system hang) via some programs that access…

CVSS: 4.7 CWE: CWE-362

Medium

CVE-2007-6214

Directory traversal vulnerability in include/file_download.php in LearnLoop 2.0 beta7 allows remote attackers to read arbitrary files via a .. (dot dot) in the sFilePath parameter. NOTE: exploitatio…

CVSS: 4.3 CWE: CWE-22

Medium

CVE-2007-6212

Directory traversal vulnerability in region.php in KML share 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the layer parameter.

CVSS: 5.0 CWE: CWE-22

Medium

CVE-2007-6213

Multiple directory traversal vulnerabilities in mod/chat/index.php in WebED 0.0.9 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) Root and (2) Path parameters.

CVSS: 5.0 CWE: CWE-22

Low

CVE-2007-6206

The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process cre…

CVSS: 2.1 CWE: CWE-200

Low

CVE-2007-6207

Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not check the RID value for mov_to_rr, which allows a VTi domain to read memory of other domains.

CVSS: 2.1 CWE: CWE-20

Low

CVE-2007-6208

sylprint.pl in claws mail tools (claws-mail-tools) allows local users to overwrite arbitrary files via a symlink attack on the sylprint.[USER].[PID] temporary file.

CVSS: 3.6 CWE: CWE-59

2007-12-03

Medium

CVE-2007-6203

Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might all…

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2006-7225

Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to cause a denial of service (error or crash) via a regular expression that involves a "malformed POSIX…

CVSS: 4.3 CWE: CWE-20

2007-12-01

Critical

CVE-2007-5742

Directory traversal vulnerability in the WML engine preprocessor for Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows remote attackers to read arbitrary files via ".." sequences in unknown…

CVSS: 9.0 CWE: CWE-22

Medium

CVE-2007-6196

Cross-site scripting (XSS) vulnerability in util.php in Calacode @Mail before 5.2 allows remote attackers to inject arbitrary web script or HTML via the func parameter.

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2007-6197

The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source o…

CVSS: 5.0 CWE: CWE-200

Medium

CVE-2007-6202

SQL injection vulnerability in plugins/search/search.php in Neocrome Seditio CMS 121 and earlier allows remote attackers to execute arbitrary SQL commands via the pag_sub[] parameter to plug.php.

CVSS: 6.8 CWE: CWE-89

2007-11-30

Critical

CVE-2007-6189

A certain ActiveX control in (1) OScan8.ocx and (2) Oscan81.ocx in BitDefender Online Anti-Virus Scanner 8.0 allows remote attackers to execute arbitrary code via a long argument to the InitX method…

CVSS: 9.3 CWE: CWE-119

Medium

CVE-2007-6193

The web management interface in Citrix NetScaler 8.0 build 47.8 stores the device's primary IP address in a cookie, which might allow remote attackers to obtain sensitive network configuration inform…

CVSS: 5.0 CWE: CWE-200

Medium

CVE-2007-6191

Multiple PHP remote file inclusion vulnerabilities in Armin Burger p.mapper 3.2.0 beta3 allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[PM_INCPHP] parameter to (1) incp…

CVSS: 6.8 CWE: CWE-94

Low

CVE-2007-6190

The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on t…

CVSS: 3.5 CWE: CWE-200

Medium

CVE-2007-6170

SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows r…

CVSS: 6.5 CWE: CWE-89

High

CVE-2007-6188

Multiple directory traversal vulnerabilities in TuMusika Evolution 1.7R5 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) langua…

CVSS: 7.5 CWE: CWE-22

Medium

CVE-2007-6187

Multiple directory traversal vulnerabilities in PHP Content Architect (aka NoAh) 0.9 pre 1.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the filepath parameter to…

CVSS: 5.0 CWE: CWE-22

High

CVE-2007-6171

SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via…

CVSS: 7.5 CWE: CWE-89

Low

CVE-2007-6150

The "internal state tracking" code for the random and urandom devices in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local users to obtain portions of previously-accessed random values, which…

CVSS: 2.1 CWE: CWE-200

High

CVE-2007-6185

Directory traversal vulnerability in users/files.php in Eurologon CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a download action, as demonstrated by…

CVSS: 7.5 CWE: CWE-22

High

CVE-2007-6184

Directory traversal vulnerability in index.php in Project Alumni 1.0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter.

CVSS: 7.5 CWE: CWE-22

Medium

CVE-2007-6183

Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attac…

CVSS: 6.8 CWE: CWE-134

High

CVE-2007-6181

Heap-based buffer overflow in cygwin1.dll in Cygwin 1.5.7 and earlier allows context-dependent attackers to execute arbitrary code via a filename with a certain length, as demonstrated by a remote au…

CVSS: 8.5 CWE: CWE-119

High

CVE-2007-6180

Race condition in the Remote Procedure Call kernel module (rpcmod) in Sun Solaris 8 through 10 allows local users to cause a denial of service (NULL dereference and panic) via unspecified vectors.

CVSS: 7.6 CWE: CWE-362

High

CVE-2007-6179

Multiple PHP remote file inclusion vulnerabilities in Charray's CMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the ccms_library_path parameter to (1) markdown.php and (2)…

CVSS: 7.5 CWE: CWE-20

High

CVE-2007-6178

Multiple PHP remote file inclusion vulnerabilities in Easy Hosting Control Panel for Ubuntu (EHCP) 0.22.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the confdir par…

CVSS: 7.5 CWE: CWE-20

High

CVE-2007-6177

PHP remote file inclusion vulnerability in Exchange/include.php in PHP_CON 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the webappcfg[APPPATH] parameter.

CVSS: 7.5 CWE: CWE-94

Medium

CVE-2007-6175

Buffer overflow in Lhaplus 1.55 and earlier allows remote attackers to execute arbitrary code via a crafted LZH archive, a different vector than CVE-2007-5048.

CVSS: 6.6 CWE: CWE-119

Medium

CVE-2007-6173

Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Enterprise Portal 4.3.1 allows remote attackers to inject arbitrary web script or HTML via the emailAddress parameter in a Send N…

CVSS: 4.3 CWE: CWE-79

Critical

CVE-2007-6172

Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewimage.php and (2) comments.php.

CVSS: 10.0 CWE: CWE-89

Critical

CVE-2007-6176

kb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) domain or (2) tld parameter in a check_owner action.

CVSS: 10.0 CWE: CWE-20

2007-11-29

Medium

CVE-2007-6162

Cross-site scripting (XSS) vulnerability in index.php in FMDeluxe 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a category action.

CVSS: 4.3 CWE: CWE-79

High

CVE-2007-6169

SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the uname parameter, a different vector than CVE-2007-6163. NOTE: th…

CVSS: 7.5 CWE: CWE-89

High

CVE-2007-6168

SQL injection vulnerability in default.asp in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the username parameter, a different vector than CVE-2007-6143. NOTE: the p…

CVSS: 7.5 CWE: CWE-89

Critical

CVE-2007-6166

Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arb…

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2007-6165

Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource…

CVSS: 9.3 CWE: CWE-20

High

CVE-2007-6164

Multiple SQL injection vulnerabilities in Eurologon CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) reviews.php, (2) links.php and (3) articles.php.

CVSS: 7.5 CWE: CWE-89

High

CVE-2007-6163

SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the pword (aka Password) parameter. NOTE: some of these details are…

CVSS: 7.5 CWE: CWE-89

Medium

CVE-2007-6161

index.php in Tilde CMS 4.x and earlier allows remote attackers to obtain sensitive information via a certain search parameter value in a search action, which reveals the path.

CVSS: 5.0 CWE: CWE-200

Medium

CVE-2007-6160

Cross-site scripting (XSS) vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to inject arbitrary web script or HTML via the aarstal parameter in a yeardetail action.

CVSS: 4.3 CWE: CWE-79

High

CVE-2007-6159

SQL injection vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to execute arbitrary SQL commands via the aarstal parameter in a yeardetail action, a different vector th…

CVSS: 7.5 CWE: CWE-89

High

CVE-2007-6158

Multiple SQL injection vulnerabilities in caladmin.inc.php in Proverbs Web Calendar 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) loginname (aka Username) and (…

CVSS: 7.5 CWE: CWE-89

Medium

CVE-2007-6157

Cross-site scripting (XSS) vulnerability in index.php in SimpleGallery 0.1.3 allows remote attackers to inject arbitrary web script or HTML via the album parameter.

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2007-6156

Multiple cross-site scripting (XSS) vulnerabilities in base_qry_main.php in Base Analysis and Security Engine (BASE) before 1.3.9 allow remote attackers to inject arbitrary web script or HTML via the…

CVSS: 4.3 CWE: CWE-79

2007-11-27

Medium

CVE-2007-6141

Cross-site scripting (XSS) vulnerability in vBTube.php in vBTube 1.1 Beta allows remote attackers to inject arbitrary web script or HTML via the search parameter.

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2007-6147

Multiple PHP remote file inclusion vulnerabilities in IAPR COMMENCE 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the (a) php_root_path and sometimes the (b) privilege_root_pa…

CVSS: 6.8 CWE: CWE-94

Medium

CVE-2007-6146

Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-02 on Windows might allow remote attackers to cause a denial of service (service stop) via a "specific file" argument to an FTP command.

CVSS: 5.0 CWE: CWE-20

Medium

CVE-2007-6145

Unspecified vulnerability in Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-01 allows remote attackers to bypass authentication and "view files" via unspecified vectors.

CVSS: 5.0 CWE: CWE-287

Medium

CVE-2007-6144

Heap-based buffer overflow in the PPlayer.XPPlayer.1 ActiveX control in pplayer.dll_1_work in Xunlei Thunder 5.7.4.401 allows remote attackers to execute arbitrary code via a long string in a FlvPlay…

CVSS: 6.0 CWE: CWE-119

High

CVE-2007-6143

SQL injection vulnerability in default.asp (aka the Login Page) in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the password parameter.

CVSS: 7.5 CWE: CWE-89

Medium

CVE-2007-6142

Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) show parameter to in…

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2007-6139

PHP remote file inclusion vulnerability in index.php in Mp3 ToolBox 1.0 beta 5 allows remote attackers to execute arbitrary PHP code via a URL in the skin_file parameter.

CVSS: 6.8 CWE: CWE-94

High

CVE-2007-6140

Multiple SQL injection vulnerabilities in Dora Emlak 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) emlak_detay.asp and (b) haber_detay.asp, the (2) kate…

CVSS: 7.5 CWE: CWE-89

High

CVE-2007-6138

SQL injection vulnerability in redir.asp in VU Mass Mailer allows remote attackers to execute arbitrary SQL commands via the password parameter to Default.asp (aka the Login Page). NOTE: some of the…

CVSS: 7.5 CWE: CWE-89

High

CVE-2007-6137

SQL injection vulnerability in news.php in Content Injector 1.52 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php. NOTE: some of these details are obtaine…

CVSS: 7.5 CWE: CWE-89

Medium

CVE-2007-6136

Multiple cross-site scripting (XSS) vulnerabilities in index.php in M2Scripts MySpace Scripts Poll Creator allow remote attackers to inject arbitrary web script or HTML via the (1) title, (2) intro,…

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2007-6135

Cross-site scripting (XSS) vulnerability in phpslideshow.php in PHPSlideShow 0.9.9.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the directory parameter.…

CVSS: 4.3 CWE: CWE-79

High

CVE-2007-6134

SQL injection vulnerability in pkinc/public/article.php in PHPKIT 1.6.4pl1 allows remote attackers to execute arbitrary SQL commands via the contentid parameter in an article action to include.php, a…

CVSS: 7.5 CWE: CWE-89

Medium

CVE-2007-6133

PHP remote file inclusion vulnerability in admin/kfm/initialise.php in DevMass Shopping Cart 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the kfm_base_path param…

CVSS: 5.8 CWE: CWE-20

2007-11-26

Medium

CVE-2007-5960

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script,…

CVSS: 4.3 CWE: CWE-22