| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-2978 | 0.00 | — | 0.01 | Jun 1, 2007 | Session fixation vulnerability in eggblog 3.1.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | |||
| CVE-2007-2979 | 0.00 | — | 0.02 | Jun 1, 2007 | Techno Dreams Web Directory / Search Engine 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Database.mdb. | |||
| CVE-2007-2980 | 0.03 | — | 0.05 | Jun 1, 2007 | Heap-based buffer overflow in a certain ActiveX control in LEADTOOLS LEAD Raster ISIS Object (LTRIS14e.DLL) 14.5.0.44 allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long DriverName property, a different ActiveX… | |||
| CVE-2007-2981 | 0.04 | — | 0.06 | Jun 1, 2007 | Buffer overflow in a certain ActiveX control in LEAD Technologies LEADTOOLS Raster OCR Document Object Library (ltrdc14e.dll) 14.5.0.44 allows remote attackers to execute arbitrary code via a long DictionaryFileName property. | |||
| CVE-2007-2982 | 0.00 | — | 0.05 | Jun 1, 2007 | Multiple buffer overflows in the British Telecommunications Business Connect webhelper ActiveX control before 1.0.0.7 in btbconnectwebcontrol.dll allow remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2007-0328 | 0.00 | — | 0.05 | Jun 1, 2007 | The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via (1) the Execute method, and obtain the exit status using (2) the GetExitCode method. | |||
| CVE-2007-1362 | 0.04 | — | 0.08 | Jun 1, 2007 | Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name… | |||
| CVE-2007-2867 | 0.00 | — | 0.03 | Jun 1, 2007 | Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related… | |||
| CVE-2007-2868 | 0.00 | — | 0.05 | Jun 1, 2007 | Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly… | |||
| CVE-2007-2869 | 0.00 | — | 0.02 | Jun 1, 2007 | The form autocomplete feature in Mozilla Firefox 1.5.x before 1.5.0.12, 2.x before 2.0.0.4, and possibly earlier versions, allows remote attackers to cause a denial of service (persistent temporary CPU consumption) via a large number of characters in a submitted form. | |||
| CVE-2007-2870 | 0.00 | — | 0.02 | Jun 1, 2007 | Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the addEventListener method to add an event listener for a… | |||
| CVE-2007-2871 | 0.00 | — | 0.02 | Jun 1, 2007 | Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: this issue can be leveraged for… | |||
| CVE-2007-2959 | 0.03 | — | 0.01 | May 31, 2007 | SQL injection vulnerability in manufacturer.php in cpCommerce before 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id_manufacturer parameter. | |||
| CVE-2007-2960 | 0.00 | — | 0.02 | May 31, 2007 | Multiple directory traversal vulnerabilities in Scallywag 2005-04-25 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin_name parameter to template.php in (1) skin/dark/, (2) skin/gold/, or (3) skin/original/, a different vector… | |||
| CVE-2007-2961 | 0.00 | — | 0.02 | May 31, 2007 | Unrestricted file upload vulnerability in FileCloset before 1.1.5 allows remote attackers to upload arbitrary PHP files via unspecified vectors. | |||
| CVE-2007-2962 | 0.03 | — | 0.02 | May 31, 2007 | Cross-site scripting (XSS) vulnerability in search.php in Particle Gallery 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the order parameter. | |||
| CVE-2007-2963 | 0.00 | — | 0.02 | May 31, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4)… | |||
| CVE-2007-2964 | 0.03 | — | 0.04 | May 31, 2007 | The fsmsh.dll host module in F-Secure Policy Manager Server 7.00 and earlier allows remote attackers to cause a denial of service (application crash) via NTFS reserved words in filenames in URLs. | |||
| CVE-2007-2965 | 0.00 | — | 0.00 | May 31, 2007 | Unspecified vulnerability in the Real-time Scanning component in multiple F-Secure products, including Internet Security 2005, 2006 and 2007; Anti-Virus 2005, 2006 and 2007; and Solutions based on F-Secure Protection Service for Consumers 6.40 and earlier allows local users to… | |||
| CVE-2007-2966 | 0.00 | — | 0.05 | May 31, 2007 | Buffer overflow in the LHA decompression component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer… | |||
| CVE-2007-2967 | 0.00 | — | 0.05 | May 31, 2007 | Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files. | |||
| CVE-2007-2932 | 0.03 | — | 0.04 | May 31, 2007 | Cross-site scripting (XSS) vulnerability in index.php in BoastMachine allows remote attackers to inject arbitrary web script or HTML via the blog parameter in a content search action. | |||
| CVE-2007-2933 | 0.03 | — | 0.01 | May 31, 2007 | SQL injection vulnerability in index.php in the Phil-a-Form (com_philaform) 1.2.0.0 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the form_id parameter. | |||
| CVE-2007-2934 | 0.03 | — | 0.03 | May 31, 2007 | Directory traversal vulnerability in skins/common.css.php in Vistered Little 1.6a allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. | |||
| CVE-2007-2935 | 0.04 | — | 0.10 | May 31, 2007 | core/spellcheck/spellcheck.php in Fundanemt before 2.2.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dict parameter. | |||
| CVE-2007-2936 | 0.04 | — | 0.07 | May 31, 2007 | Multiple PHP remote file inclusion vulnerabilities in Frequency Clock 0.1b (Beta 0.1) allow remote attackers to execute arbitrary PHP code via a URL in the securelib parameter to (1) conf.php or (2) cp2.php. | |||
| CVE-2007-2937 | 0.08 | — | 0.64 | May 31, 2007 | PHP remote file inclusion vulnerability in admin/admin.php in TROforum 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the site_url parameter. | |||
| CVE-2007-2938 | 0.06 | — | 0.41 | May 31, 2007 | Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoader100.dll) 5.4.0.6, when Internet Explorer 6 is used, allows remote attackers to execute arbitrary code via a long argument to the (1) Send485CMD method, and possibly the (2)… | |||
| CVE-2007-2939 | 0.08 | — | 0.64 | May 31, 2007 | Multiple PHP remote file inclusion vulnerabilities in Mazen's PHP Chat 3.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the basepath parameter to (1) ITX.php, (2) IT_Error.php, or (3) IT.php in include/pear/. | |||
| CVE-2007-2940 | 0.04 | — | 0.07 | May 31, 2007 | Multiple PHP remote file inclusion vulnerabilities in FlaP 1.0b (1.0 Beta) allow remote attackers to execute arbitrary PHP code via a URL in the pachtofile parameter to (1) skin/html/table.php or (2) login.php. | |||
| CVE-2007-2941 | 0.04 | — | 0.07 | May 31, 2007 | Multiple PHP remote file inclusion vulnerabilities in the creator in vBulletin Google Yahoo Site Map (vBGSiteMap) 2.41 for vBulletin allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) vbgsitemap/vbgsitemap-config.php or (2)… | |||
| CVE-2007-2942 | 0.03 | — | 0.03 | May 31, 2007 | SQL injection vulnerability in user.php in My Little Forum 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2007-2943 | 0.03 | — | 0.03 | May 31, 2007 | PHP remote file inclusion vulnerability in class/class.php in Webavis 0.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. | |||
| CVE-2007-2944 | 0.00 | — | 0.01 | May 31, 2007 | WabCMS 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/wabcmsn.mdb. NOTE: this issue was originally reported for "webCMS," but this was an error by an… | |||
| CVE-2007-2945 | 0.00 | — | 0.01 | May 31, 2007 | RMForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for rmforum.mdb. | |||
| CVE-2007-2946 | 0.04 | — | 0.09 | May 31, 2007 | Buffer overflow in a certain ActiveX control in LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL) 14.5.0.44 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long DestinationPath property value. | |||
| CVE-2007-2947 | 0.04 | — | 0.09 | May 31, 2007 | Multiple PHP remote file inclusion vulnerabilities in OpenBASE Alpha 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the root_prefix parameter to (1) index.php, (2) email_subscribe.php, (3) download.php, or (4) development.php. | |||
| CVE-2007-0690 | 0.00 | — | 0.01 | May 30, 2007 | myEvent 1.6 allows remote attackers to obtain sensitive information via (1) a Log In action without a password to login.php, or an invalid (2) view[] or (3) monthno[] parameter to myevent.php, which reveals the path in various error messages. | |||
| CVE-2007-0692 | 0.00 | — | 0.01 | May 30, 2007 | DGNews 2.1 allows remote attackers to obtain sensitive information via a fullnews request to news.php with an invalid newsid parameter, and other unspecified vectors, which reveal the path in various error messages. | |||
| CVE-2007-0693 | 0.03 | — | 0.02 | May 30, 2007 | SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newslist action. NOTE: this issue can produce resultant cross-site scripting (XSS). | |||
| CVE-2007-0694 | 0.03 | — | 0.02 | May 30, 2007 | Cross-site scripting (XSS) vulnerability in footer.php in DGNews 2.1 allows remote attackers to inject arbitrary web script or HTML via the copyright parameter. | |||
| CVE-2007-2897 | 0.06 | — | 0.74 | May 30, 2007 | Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic); and might allow attackers with physical access to execute… | |||
| CVE-2007-2898 | 0.00 | — | 0.01 | May 30, 2007 | SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php. | |||
| CVE-2007-2899 | 0.03 | — | 0.02 | May 30, 2007 | Direct static code injection vulnerability in admin_config.php in NavBoard 2.6.0 allows remote attackers to inject arbitrary PHP code into data/config.php via multiple parameters, as demonstrated via the threadperpage parameter in an editconfig action. | |||
| CVE-2007-2900 | 0.03 | — | 0.03 | May 30, 2007 | Multiple PHP remote file inclusion vulnerabilities in Scallywag 2005-04-25 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to template.php in (1) skin/dark/, (2) skin/gold/, or (3) skin/original/. | |||
| CVE-2007-2901 | 0.03 | — | 0.02 | May 30, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the img parameter to main/inc/lib/fckeditor/editor/plugins/ImageManager/editor.php and other unspecified vectors. | |||
| CVE-2007-2902 | 0.03 | — | 0.01 | May 30, 2007 | SQL injection vulnerability in main/auth/my_progress.php in Dokeos 1.8.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the course parameter. | |||
| CVE-2007-2903 | 0.05 | — | 0.29 | May 30, 2007 | Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear… | |||
| CVE-2007-2904 | 0.00 | — | 0.02 | May 30, 2007 | Cross-site scripting (XSS) vulnerability in Sun Java System Messaging Server 6.0 through 6.3, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a related issue to CVE-2006-5653. | |||
| CVE-2007-2905 | 0.00 | — | 0.01 | May 30, 2007 | SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the post_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
- CVE-2007-2978Jun 1, 2007risk 0.00cvss —epss 0.01
Session fixation vulnerability in eggblog 3.1.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
- CVE-2007-2979Jun 1, 2007risk 0.00cvss —epss 0.02
Techno Dreams Web Directory / Search Engine 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Database.mdb.
- CVE-2007-2980Jun 1, 2007risk 0.03cvss —epss 0.05
Heap-based buffer overflow in a certain ActiveX control in LEADTOOLS LEAD Raster ISIS Object (LTRIS14e.DLL) 14.5.0.44 allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long DriverName property, a different ActiveX…
- CVE-2007-2981Jun 1, 2007risk 0.04cvss —epss 0.06
Buffer overflow in a certain ActiveX control in LEAD Technologies LEADTOOLS Raster OCR Document Object Library (ltrdc14e.dll) 14.5.0.44 allows remote attackers to execute arbitrary code via a long DictionaryFileName property.
- CVE-2007-2982Jun 1, 2007risk 0.00cvss —epss 0.05
Multiple buffer overflows in the British Telecommunications Business Connect webhelper ActiveX control before 1.0.0.7 in btbconnectwebcontrol.dll allow remote attackers to execute arbitrary code via unspecified vectors.
- CVE-2007-0328Jun 1, 2007risk 0.00cvss —epss 0.05
The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via (1) the Execute method, and obtain the exit status using (2) the GetExitCode method.
- CVE-2007-1362Jun 1, 2007risk 0.04cvss —epss 0.08
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name…
- CVE-2007-2867Jun 1, 2007risk 0.00cvss —epss 0.03
Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related…
- CVE-2007-2868Jun 1, 2007risk 0.00cvss —epss 0.05
Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly…
- CVE-2007-2869Jun 1, 2007risk 0.00cvss —epss 0.02
The form autocomplete feature in Mozilla Firefox 1.5.x before 1.5.0.12, 2.x before 2.0.0.4, and possibly earlier versions, allows remote attackers to cause a denial of service (persistent temporary CPU consumption) via a large number of characters in a submitted form.
- CVE-2007-2870Jun 1, 2007risk 0.00cvss —epss 0.02
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the addEventListener method to add an event listener for a…
- CVE-2007-2871Jun 1, 2007risk 0.00cvss —epss 0.02
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: this issue can be leveraged for…
- CVE-2007-2959May 31, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in manufacturer.php in cpCommerce before 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id_manufacturer parameter.
- CVE-2007-2960May 31, 2007risk 0.00cvss —epss 0.02
Multiple directory traversal vulnerabilities in Scallywag 2005-04-25 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin_name parameter to template.php in (1) skin/dark/, (2) skin/gold/, or (3) skin/original/, a different vector…
- CVE-2007-2961May 31, 2007risk 0.00cvss —epss 0.02
Unrestricted file upload vulnerability in FileCloset before 1.1.5 allows remote attackers to upload arbitrary PHP files via unspecified vectors.
- CVE-2007-2962May 31, 2007risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in search.php in Particle Gallery 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the order parameter.
- CVE-2007-2963May 31, 2007risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4)…
- CVE-2007-2964May 31, 2007risk 0.03cvss —epss 0.04
The fsmsh.dll host module in F-Secure Policy Manager Server 7.00 and earlier allows remote attackers to cause a denial of service (application crash) via NTFS reserved words in filenames in URLs.
- CVE-2007-2965May 31, 2007risk 0.00cvss —epss 0.00
Unspecified vulnerability in the Real-time Scanning component in multiple F-Secure products, including Internet Security 2005, 2006 and 2007; Anti-Virus 2005, 2006 and 2007; and Solutions based on F-Secure Protection Service for Consumers 6.40 and earlier allows local users to…
- CVE-2007-2966May 31, 2007risk 0.00cvss —epss 0.05
Buffer overflow in the LHA decompression component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer…
- CVE-2007-2967May 31, 2007risk 0.00cvss —epss 0.05
Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files.
- CVE-2007-2932May 31, 2007risk 0.03cvss —epss 0.04
Cross-site scripting (XSS) vulnerability in index.php in BoastMachine allows remote attackers to inject arbitrary web script or HTML via the blog parameter in a content search action.
- CVE-2007-2933May 31, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the Phil-a-Form (com_philaform) 1.2.0.0 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the form_id parameter.
- CVE-2007-2934May 31, 2007risk 0.03cvss —epss 0.03
Directory traversal vulnerability in skins/common.css.php in Vistered Little 1.6a allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter.
- CVE-2007-2935May 31, 2007risk 0.04cvss —epss 0.10
core/spellcheck/spellcheck.php in Fundanemt before 2.2.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dict parameter.
- CVE-2007-2936May 31, 2007risk 0.04cvss —epss 0.07
Multiple PHP remote file inclusion vulnerabilities in Frequency Clock 0.1b (Beta 0.1) allow remote attackers to execute arbitrary PHP code via a URL in the securelib parameter to (1) conf.php or (2) cp2.php.
- CVE-2007-2937May 31, 2007risk 0.08cvss —epss 0.64
PHP remote file inclusion vulnerability in admin/admin.php in TROforum 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the site_url parameter.
- CVE-2007-2938May 31, 2007risk 0.06cvss —epss 0.41
Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoader100.dll) 5.4.0.6, when Internet Explorer 6 is used, allows remote attackers to execute arbitrary code via a long argument to the (1) Send485CMD method, and possibly the (2)…
- CVE-2007-2939May 31, 2007risk 0.08cvss —epss 0.64
Multiple PHP remote file inclusion vulnerabilities in Mazen's PHP Chat 3.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the basepath parameter to (1) ITX.php, (2) IT_Error.php, or (3) IT.php in include/pear/.
- CVE-2007-2940May 31, 2007risk 0.04cvss —epss 0.07
Multiple PHP remote file inclusion vulnerabilities in FlaP 1.0b (1.0 Beta) allow remote attackers to execute arbitrary PHP code via a URL in the pachtofile parameter to (1) skin/html/table.php or (2) login.php.
- CVE-2007-2941May 31, 2007risk 0.04cvss —epss 0.07
Multiple PHP remote file inclusion vulnerabilities in the creator in vBulletin Google Yahoo Site Map (vBGSiteMap) 2.41 for vBulletin allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) vbgsitemap/vbgsitemap-config.php or (2)…
- CVE-2007-2942May 31, 2007risk 0.03cvss —epss 0.03
SQL injection vulnerability in user.php in My Little Forum 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2007-2943May 31, 2007risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in class/class.php in Webavis 0.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
- CVE-2007-2944May 31, 2007risk 0.00cvss —epss 0.01
WabCMS 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/wabcmsn.mdb. NOTE: this issue was originally reported for "webCMS," but this was an error by an…
- CVE-2007-2945May 31, 2007risk 0.00cvss —epss 0.01
RMForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for rmforum.mdb.
- CVE-2007-2946May 31, 2007risk 0.04cvss —epss 0.09
Buffer overflow in a certain ActiveX control in LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL) 14.5.0.44 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long DestinationPath property value.
- CVE-2007-2947May 31, 2007risk 0.04cvss —epss 0.09
Multiple PHP remote file inclusion vulnerabilities in OpenBASE Alpha 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the root_prefix parameter to (1) index.php, (2) email_subscribe.php, (3) download.php, or (4) development.php.
- CVE-2007-0690May 30, 2007risk 0.00cvss —epss 0.01
myEvent 1.6 allows remote attackers to obtain sensitive information via (1) a Log In action without a password to login.php, or an invalid (2) view[] or (3) monthno[] parameter to myevent.php, which reveals the path in various error messages.
- CVE-2007-0692May 30, 2007risk 0.00cvss —epss 0.01
DGNews 2.1 allows remote attackers to obtain sensitive information via a fullnews request to news.php with an invalid newsid parameter, and other unspecified vectors, which reveal the path in various error messages.
- CVE-2007-0693May 30, 2007risk 0.03cvss —epss 0.02
SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newslist action. NOTE: this issue can produce resultant cross-site scripting (XSS).
- CVE-2007-0694May 30, 2007risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in footer.php in DGNews 2.1 allows remote attackers to inject arbitrary web script or HTML via the copyright parameter.
- CVE-2007-2897May 30, 2007risk 0.06cvss —epss 0.74
Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic); and might allow attackers with physical access to execute…
- CVE-2007-2898May 30, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php.
- CVE-2007-2899May 30, 2007risk 0.03cvss —epss 0.02
Direct static code injection vulnerability in admin_config.php in NavBoard 2.6.0 allows remote attackers to inject arbitrary PHP code into data/config.php via multiple parameters, as demonstrated via the threadperpage parameter in an editconfig action.
- CVE-2007-2900May 30, 2007risk 0.03cvss —epss 0.03
Multiple PHP remote file inclusion vulnerabilities in Scallywag 2005-04-25 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to template.php in (1) skin/dark/, (2) skin/gold/, or (3) skin/original/.
- CVE-2007-2901May 30, 2007risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the img parameter to main/inc/lib/fckeditor/editor/plugins/ImageManager/editor.php and other unspecified vectors.
- CVE-2007-2902May 30, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in main/auth/my_progress.php in Dokeos 1.8.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the course parameter.
- CVE-2007-2903May 30, 2007risk 0.05cvss —epss 0.29
Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear…
- CVE-2007-2904May 30, 2007risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Sun Java System Messaging Server 6.0 through 6.3, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a related issue to CVE-2006-5653.
- CVE-2007-2905May 30, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the post_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.