| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-6576 | 0.03 | — | 0.01 | Dec 28, 2007 | Multiple SQL injection vulnerabilities in Adult Script 1.6.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) videolink_count.php or (2) links.php. | |||
| CVE-2007-6577 | 0.03 | — | 0.01 | Dec 28, 2007 | Multiple SQL injection vulnerabilities in index.php in zBlog 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the categ parameter in a categ action or (2) the article parameter in an articles action. | |||
| CVE-2007-6578 | 0.03 | — | 0.01 | Dec 28, 2007 | SQL injection vulnerability in go.php in PHP ZLink 0.3 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2007-6579 | 0.03 | — | 0.02 | Dec 28, 2007 | Multiple SQL injection vulnerabilities in Ip Reg 0.3 allow remote attackers to execute arbitrary SQL commands via the vlan_id parameter to (1) vlanview.php, (2) vlanedit.php, and (3) vlandel.php; the (4) assetclassgroup_id parameter to assetclassgroupview.php; the (5) subnet_id… | |||
| CVE-2007-6580 | 0.03 | — | 0.01 | Dec 28, 2007 | Multiple SQL injection vulnerabilities in Wallpaper Site 1.0.09 allow remote attackers to execute arbitrary SQL commands via (1) the catid parameter to category.php or (2) the groupid parameter to editadgroup.php. | |||
| CVE-2007-6581 | 0.03 | — | 0.04 | Dec 28, 2007 | Multiple directory traversal vulnerabilities in Social Engine 2.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the global_lang parameter to (1) header_album.php, (2) header_blog.php, or (3) header_group.php; or (4)… | |||
| CVE-2007-6582 | — | 0.03 | — | 0.02 | Dec 28, 2007 | Directory traversal vulnerability in index.php in mBlog 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter in a page mode action. | ||
| CVE-2007-6583 | 0.03 | — | 0.02 | Dec 28, 2007 | SQL injection vulnerability in admin/ops/findip/ajax/search.php in 1024 CMS 1.3.1 allows remote attackers to execute arbitrary SQL commands via the ip parameter. | |||
| CVE-2007-6584 | 0.04 | — | 0.09 | Dec 28, 2007 | Multiple directory traversal vulnerabilities in 1024 CMS 1.3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang parameter to pages/print/default/ops/news.php or (2) the theme_dir parameter to… | |||
| CVE-2007-6585 | 0.03 | — | 0.03 | Dec 28, 2007 | PHP remote file inclusion vulnerability in confirmUnsubscription.php in NmnNewsletter 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the output parameter. | |||
| CVE-2007-6586 | 0.03 | — | 0.01 | Dec 28, 2007 | SQL injection vulnerability in sezione_news.php in nicLOR-CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a sezione page action to index.php. | |||
| CVE-2007-6587 | 0.03 | — | 0.03 | Dec 28, 2007 | SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2007-6588 | 0.00 | — | 0.01 | Dec 28, 2007 | Cross-site scripting (XSS) vulnerability in PHCDownload 1.10 allows remote attackers to inject arbitrary web script or HTML via the username field in an unspecified component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… | |||
| CVE-2007-6589 | 0.00 | — | 0.01 | Dec 28, 2007 | The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a… | |||
| CVE-2007-6591 | 0.00 | — | 0.01 | Dec 28, 2007 | KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the… | |||
| CVE-2007-6592 | 0.00 | — | 0.01 | Dec 28, 2007 | Apple Safari 2, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into… | |||
| CVE-2007-6593 | 0.04 | — | 0.06 | Dec 28, 2007 | Multiple stack-based buffer overflows in l123sr.dll in Autonomy (formerly Verity) KeyView SDK, as used by IBM Lotus Notes 5.x through 8.x, allow user-assisted remote attackers to execute arbitrary code via the (1) Length and (2) Value fields for certain Types in a Lotus 1-2-3… | |||
| CVE-2007-6594 | 0.00 | — | 0.00 | Dec 28, 2007 | IBM Lotus Notes 8 for Linux before 8.0.1 uses (1) unspecified weak permissions for the installation kit obtained through a Notes 8 download and (2) 0777 permissions for the installdata file that is created by setup.sh, which allows local users to gain privileges via a Trojan… | |||
| CVE-2007-6543 | 0.03 | — | 0.01 | Dec 28, 2007 | SQL injection vulnerability in suggest-link.php in eSyndiCat Link Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2007-6544 | 0.03 | — | 0.04 | Dec 28, 2007 | Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6)… | |||
| CVE-2007-6545 | 0.03 | — | 0.04 | Dec 28, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in RunCMS before 1.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) the subject parameter to modules/news/submit.php; (2) the PATH_INFO to modules/news/index.php, possibly related to the XoopsPageNav… | |||
| CVE-2007-6546 | 0.03 | — | 0.03 | Dec 28, 2007 | RunCMS before 1.6.1 uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id. | |||
| CVE-2007-6547 | 0.03 | — | 0.02 | Dec 28, 2007 | RunCMS before 1.6.1 does not require entry of the old password during a password change, which allows context-dependent attackers to change passwords upon obtaining temporary access to a session. | |||
| CVE-2007-6548 | 0.04 | — | 0.08 | Dec 28, 2007 | Multiple direct static code injection vulnerabilities in RunCMS before 1.6.1 allow remote authenticated administrators to inject arbitrary PHP code via the (1) header and (2) footer parameters to modules/system/admin.php in a meta-generator action, (3) the disclaimer parameter… | |||
| CVE-2007-6549 | 0.00 | — | 0.01 | Dec 28, 2007 | Unspecified vulnerability in RunCMS before 1.6.1 has unknown impact and attack vectors, related to "pagetype using." | |||
| CVE-2007-6550 | 0.04 | — | 0.07 | Dec 28, 2007 | form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter. | |||
| CVE-2007-6551 | 0.03 | — | 0.01 | Dec 28, 2007 | SQL injection vulnerability in showMsg.php in MailMachine Pro 2.2.4, and other versions before 2.2.6, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2007-6552 | 0.03 | — | 0.02 | Dec 28, 2007 | Directory traversal vulnerability in index.php in AuraCMS 2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the act parameter, possibly involving the news pilih component; as demonstrated by including admin/admin_users.php… | |||
| CVE-2007-6553 | 0.03 | — | 0.04 | Dec 28, 2007 | Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONF[app_root] parameter to (1) tcuser.class.php, (2) absencecount.inc.php, (3) avatar.inc.php, (4) csvhandler.class.php,… | |||
| CVE-2007-6554 | 0.04 | — | 0.07 | Dec 28, 2007 | Multiple directory traversal vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) index.php, (2) register.php, (3) login.php, or (4) statistics.php. | |||
| CVE-2007-6555 | 0.03 | — | 0.06 | Dec 28, 2007 | PHP remote file inclusion vulnerability in modules/mod_pxt_latest.php in the mosDirectory (com_directory) 2.3.2 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter. | |||
| CVE-2007-6556 | 0.03 | — | 0.02 | Dec 28, 2007 | Multiple SQL injection vulnerabilities in websihirbazi 5.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to default.asp in a news page action or (2) the pageid parameter to default.asp. | |||
| CVE-2007-6557 | 0.03 | — | 0.02 | Dec 28, 2007 | Multiple SQL injection vulnerabilities in MeGaCheatZ 1.1 allow remote attackers to execute arbitrary SQL commands via the ItemID parameter to (1) comments.php, (2) view.php, (3) siteadmin/ViewItem.php, and unspecified other vectors. | |||
| CVE-2007-6558 | 0.03 | — | 0.06 | Dec 28, 2007 | TotalPlayer 3.0 allows user-assisted remote attackers to cause a denial of service (application crash) via a large .m3u file. NOTE: this might be a duplicate of CVE-2006-6288. | |||
| CVE-2007-6559 | 0.03 | — | 0.01 | Dec 28, 2007 | Multiple SQL injection vulnerabilities in Logaholic before 2.0 RC8 allow remote attackers to execute arbitrary SQL commands via (1) the from parameter to index.php or (2) the page parameter to update.php. | |||
| CVE-2007-6560 | 0.03 | — | 0.02 | Dec 28, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Logaholic before 2.0 RC8 allow remote attackers to inject arbitrary web script or HTML via (1) the newconfname parameter to profiles.php or (2) the conf parameter to index.php. | |||
| CVE-2007-6561 | 0.04 | — | 0.07 | Dec 28, 2007 | Multiple stack-based buffer overflows in PDFLib allow user-assisted remote attackers to execute arbitrary code via a long filename argument to the PDF_load_image function that results in an overflow in the pdc_fsearch_fopen function, and possibly other vectors. | |||
| CVE-2007-6562 | 0.00 | — | 0.02 | Dec 28, 2007 | Multiple stack-based buffer overflows in the use of FD_SET in TCPreen before 1.4.4 allow remote attackers to cause a denial of service via multiple concurrent connections, which result in overflows in the (1) SocketAddress::Connect function in libsolve/sockprot.cpp and (2)… | |||
| CVE-2007-6563 | 0.00 | — | 0.06 | Dec 28, 2007 | Heap-based buffer overflow in WinAce 2.65 and earlier, and possibly other versions before 2.69, allows user-assisted remote attackers to execute arbitrary code via a long filename in a compressed UUE archive. | |||
| CVE-2007-6564 | 0.03 | — | 0.02 | Dec 28, 2007 | Cross-site scripting (XSS) vulnerability in admin.php in Limbo CMS 1.0.4.2 allows remote attackers to inject arbitrary web script or HTML via the com_option parameter. | |||
| CVE-2007-6533 | 0.04 | — | 0.12 | Dec 27, 2007 | Buffer overflow in Zoom Player 6.00 beta 2 and earlier allows user-assisted remote attackers to execute arbitrary code via an HTTP link to a PLS file in a crafted ZPL file, which causes an overflow in Unicode handling when generating an error message. | |||
| CVE-2007-6534 | 0.01 | — | 0.11 | Dec 27, 2007 | Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart. | |||
| CVE-2007-6535 | 0.00 | — | 0.02 | Dec 27, 2007 | Buffer overflow in the YShortcut ActiveX control in YShortcut.dll 2006.8.15.1 in Yahoo! Toolbar might allow attackers to execute arbitrary code via a long string to the IsTaggedBM method. | |||
| CVE-2007-6536 | 0.00 | — | 0.01 | Dec 27, 2007 | The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, which makes it easier for remote attackers to spoof domain names and trick users… | |||
| CVE-2007-6537 | 0.04 | — | 0.06 | Dec 27, 2007 | Stack-based buffer overflow in the zfile_gunzip function in zfile.c in WinUAE 1.4.4 and earlier allows user-assisted remote attackers to execute arbitrary code via a long filename in a gzipped archive, such as a (1) gz, (2) adz, (3) roz, or (4) hdz archive in a compressed floppy… | |||
| CVE-2007-6538 | 0.03 | — | 0.04 | Dec 27, 2007 | SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2007-6539 | 0.03 | — | 0.02 | Dec 27, 2007 | PHP local file inclusion vulnerability in index.php in IDevspot iSupport 1.8 allows remote attackers to include local files via the include_file parameter. | |||
| CVE-2007-6540 | 0.00 | — | 0.01 | Dec 27, 2007 | SQL injection vulnerability in neuron news 1.0 allows remote attackers to execute arbitrary SQL commands via the q parameter to the default URI in patch/. | |||
| CVE-2007-6541 | 0.00 | — | 0.01 | Dec 27, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in neuron news 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the topic parameter in a viewtopic action, or the (2) newsyear or (3) newsmonth parameter in a newsarchive action to the default URI in… | |||
| CVE-2007-6542 | 0.03 | — | 0.06 | Dec 27, 2007 | PHP remote file inclusion vulnerability in admin/frontpage_right.php in Arcadem LE 2.04 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter. |
- CVE-2007-6576Dec 28, 2007risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in Adult Script 1.6.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) videolink_count.php or (2) links.php.
- CVE-2007-6577Dec 28, 2007risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in index.php in zBlog 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the categ parameter in a categ action or (2) the article parameter in an articles action.
- CVE-2007-6578Dec 28, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in go.php in PHP ZLink 0.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2007-6579Dec 28, 2007risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in Ip Reg 0.3 allow remote attackers to execute arbitrary SQL commands via the vlan_id parameter to (1) vlanview.php, (2) vlanedit.php, and (3) vlandel.php; the (4) assetclassgroup_id parameter to assetclassgroupview.php; the (5) subnet_id…
- CVE-2007-6580Dec 28, 2007risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in Wallpaper Site 1.0.09 allow remote attackers to execute arbitrary SQL commands via (1) the catid parameter to category.php or (2) the groupid parameter to editadgroup.php.
- CVE-2007-6581Dec 28, 2007risk 0.03cvss —epss 0.04
Multiple directory traversal vulnerabilities in Social Engine 2.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the global_lang parameter to (1) header_album.php, (2) header_blog.php, or (3) header_group.php; or (4)…
- CVE-2007-6582Dec 28, 2007risk 0.03cvss —epss 0.02
Directory traversal vulnerability in index.php in mBlog 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter in a page mode action.
- CVE-2007-6583Dec 28, 2007risk 0.03cvss —epss 0.02
SQL injection vulnerability in admin/ops/findip/ajax/search.php in 1024 CMS 1.3.1 allows remote attackers to execute arbitrary SQL commands via the ip parameter.
- CVE-2007-6584Dec 28, 2007risk 0.04cvss —epss 0.09
Multiple directory traversal vulnerabilities in 1024 CMS 1.3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang parameter to pages/print/default/ops/news.php or (2) the theme_dir parameter to…
- CVE-2007-6585Dec 28, 2007risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in confirmUnsubscription.php in NmnNewsletter 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the output parameter.
- CVE-2007-6586Dec 28, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in sezione_news.php in nicLOR-CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a sezione page action to index.php.
- CVE-2007-6587Dec 28, 2007risk 0.03cvss —epss 0.03
SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2007-6588Dec 28, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in PHCDownload 1.10 allows remote attackers to inject arbitrary web script or HTML via the username field in an unspecified component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…
- CVE-2007-6589Dec 28, 2007risk 0.00cvss —epss 0.01
The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a…
- CVE-2007-6591Dec 28, 2007risk 0.00cvss —epss 0.01
KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the…
- CVE-2007-6592Dec 28, 2007risk 0.00cvss —epss 0.01
Apple Safari 2, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into…
- CVE-2007-6593Dec 28, 2007risk 0.04cvss —epss 0.06
Multiple stack-based buffer overflows in l123sr.dll in Autonomy (formerly Verity) KeyView SDK, as used by IBM Lotus Notes 5.x through 8.x, allow user-assisted remote attackers to execute arbitrary code via the (1) Length and (2) Value fields for certain Types in a Lotus 1-2-3…
- CVE-2007-6594Dec 28, 2007risk 0.00cvss —epss 0.00
IBM Lotus Notes 8 for Linux before 8.0.1 uses (1) unspecified weak permissions for the installation kit obtained through a Notes 8 download and (2) 0777 permissions for the installdata file that is created by setup.sh, which allows local users to gain privileges via a Trojan…
- CVE-2007-6543Dec 28, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in suggest-link.php in eSyndiCat Link Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2007-6544Dec 28, 2007risk 0.03cvss —epss 0.04
Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6)…
- CVE-2007-6545Dec 28, 2007risk 0.03cvss —epss 0.04
Multiple cross-site scripting (XSS) vulnerabilities in RunCMS before 1.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) the subject parameter to modules/news/submit.php; (2) the PATH_INFO to modules/news/index.php, possibly related to the XoopsPageNav…
- CVE-2007-6546Dec 28, 2007risk 0.03cvss —epss 0.03
RunCMS before 1.6.1 uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id.
- CVE-2007-6547Dec 28, 2007risk 0.03cvss —epss 0.02
RunCMS before 1.6.1 does not require entry of the old password during a password change, which allows context-dependent attackers to change passwords upon obtaining temporary access to a session.
- CVE-2007-6548Dec 28, 2007risk 0.04cvss —epss 0.08
Multiple direct static code injection vulnerabilities in RunCMS before 1.6.1 allow remote authenticated administrators to inject arbitrary PHP code via the (1) header and (2) footer parameters to modules/system/admin.php in a meta-generator action, (3) the disclaimer parameter…
- CVE-2007-6549Dec 28, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in RunCMS before 1.6.1 has unknown impact and attack vectors, related to "pagetype using."
- CVE-2007-6550Dec 28, 2007risk 0.04cvss —epss 0.07
form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter.
- CVE-2007-6551Dec 28, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in showMsg.php in MailMachine Pro 2.2.4, and other versions before 2.2.6, allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2007-6552Dec 28, 2007risk 0.03cvss —epss 0.02
Directory traversal vulnerability in index.php in AuraCMS 2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the act parameter, possibly involving the news pilih component; as demonstrated by including admin/admin_users.php…
- CVE-2007-6553Dec 28, 2007risk 0.03cvss —epss 0.04
Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONF[app_root] parameter to (1) tcuser.class.php, (2) absencecount.inc.php, (3) avatar.inc.php, (4) csvhandler.class.php,…
- CVE-2007-6554Dec 28, 2007risk 0.04cvss —epss 0.07
Multiple directory traversal vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) index.php, (2) register.php, (3) login.php, or (4) statistics.php.
- CVE-2007-6555Dec 28, 2007risk 0.03cvss —epss 0.06
PHP remote file inclusion vulnerability in modules/mod_pxt_latest.php in the mosDirectory (com_directory) 2.3.2 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter.
- CVE-2007-6556Dec 28, 2007risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in websihirbazi 5.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to default.asp in a news page action or (2) the pageid parameter to default.asp.
- CVE-2007-6557Dec 28, 2007risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in MeGaCheatZ 1.1 allow remote attackers to execute arbitrary SQL commands via the ItemID parameter to (1) comments.php, (2) view.php, (3) siteadmin/ViewItem.php, and unspecified other vectors.
- CVE-2007-6558Dec 28, 2007risk 0.03cvss —epss 0.06
TotalPlayer 3.0 allows user-assisted remote attackers to cause a denial of service (application crash) via a large .m3u file. NOTE: this might be a duplicate of CVE-2006-6288.
- CVE-2007-6559Dec 28, 2007risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in Logaholic before 2.0 RC8 allow remote attackers to execute arbitrary SQL commands via (1) the from parameter to index.php or (2) the page parameter to update.php.
- CVE-2007-6560Dec 28, 2007risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Logaholic before 2.0 RC8 allow remote attackers to inject arbitrary web script or HTML via (1) the newconfname parameter to profiles.php or (2) the conf parameter to index.php.
- CVE-2007-6561Dec 28, 2007risk 0.04cvss —epss 0.07
Multiple stack-based buffer overflows in PDFLib allow user-assisted remote attackers to execute arbitrary code via a long filename argument to the PDF_load_image function that results in an overflow in the pdc_fsearch_fopen function, and possibly other vectors.
- CVE-2007-6562Dec 28, 2007risk 0.00cvss —epss 0.02
Multiple stack-based buffer overflows in the use of FD_SET in TCPreen before 1.4.4 allow remote attackers to cause a denial of service via multiple concurrent connections, which result in overflows in the (1) SocketAddress::Connect function in libsolve/sockprot.cpp and (2)…
- CVE-2007-6563Dec 28, 2007risk 0.00cvss —epss 0.06
Heap-based buffer overflow in WinAce 2.65 and earlier, and possibly other versions before 2.69, allows user-assisted remote attackers to execute arbitrary code via a long filename in a compressed UUE archive.
- CVE-2007-6564Dec 28, 2007risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in admin.php in Limbo CMS 1.0.4.2 allows remote attackers to inject arbitrary web script or HTML via the com_option parameter.
- CVE-2007-6533Dec 27, 2007risk 0.04cvss —epss 0.12
Buffer overflow in Zoom Player 6.00 beta 2 and earlier allows user-assisted remote attackers to execute arbitrary code via an HTTP link to a PLS file in a crafted ZPL file, which causes an overflow in Unicode handling when generating an error message.
- CVE-2007-6534Dec 27, 2007risk 0.01cvss —epss 0.11
Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart.
- CVE-2007-6535Dec 27, 2007risk 0.00cvss —epss 0.02
Buffer overflow in the YShortcut ActiveX control in YShortcut.dll 2006.8.15.1 in Yahoo! Toolbar might allow attackers to execute arbitrary code via a long string to the IsTaggedBM method.
- CVE-2007-6536Dec 27, 2007risk 0.00cvss —epss 0.01
The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, which makes it easier for remote attackers to spoof domain names and trick users…
- CVE-2007-6537Dec 27, 2007risk 0.04cvss —epss 0.06
Stack-based buffer overflow in the zfile_gunzip function in zfile.c in WinUAE 1.4.4 and earlier allows user-assisted remote attackers to execute arbitrary code via a long filename in a gzipped archive, such as a (1) gz, (2) adz, (3) roz, or (4) hdz archive in a compressed floppy…
- CVE-2007-6538Dec 27, 2007risk 0.03cvss —epss 0.04
SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2007-6539Dec 27, 2007risk 0.03cvss —epss 0.02
PHP local file inclusion vulnerability in index.php in IDevspot iSupport 1.8 allows remote attackers to include local files via the include_file parameter.
- CVE-2007-6540Dec 27, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in neuron news 1.0 allows remote attackers to execute arbitrary SQL commands via the q parameter to the default URI in patch/.
- CVE-2007-6541Dec 27, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in neuron news 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the topic parameter in a viewtopic action, or the (2) newsyear or (3) newsmonth parameter in a newsarchive action to the default URI in…
- CVE-2007-6542Dec 27, 2007risk 0.03cvss —epss 0.06
PHP remote file inclusion vulnerability in admin/frontpage_right.php in Arcadem LE 2.04 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter.