| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-1794 | 0.00 | — | 0.04 | Apr 2, 2007 | The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: this issue might be related to… | |||
| CVE-2007-1795 | 0.03 | — | 0.03 | Apr 2, 2007 | JCcorp URLshrink 1.3.1 allows remote attackers to execute arbitrary PHP code via the email address field in an HTML link. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||
| CVE-2007-1796 | 0.00 | — | 0.01 | Apr 2, 2007 | Multiple unspecified vulnerabilities in JCcorp URLshrink before 1.3.2 have unspecified attack vectors and impact. | |||
| CVE-2007-1797 | 0.00 | — | 0.04 | Apr 2, 2007 | Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which… | |||
| CVE-2007-1798 | 0.00 | — | 0.00 | Apr 2, 2007 | Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long path name. | |||
| CVE-2007-1799 | 0.00 | — | 0.02 | Apr 2, 2007 | Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.3 only checks for the ".." string, which allows remote attackers to overwrite arbitrary files via modified ".." sequences in a torrent filename, as demonstrated by "../" sequences, due to an incomplete fix… | |||
| CVE-2007-1786 | 0.00 | — | 0.01 | Mar 31, 2007 | SQL injection vulnerability in Hitachi Collaboration - Online Community Management 01-00 through 01-30, as used in Groupmax Collaboration Portal, Groupmax Collaboration Web Client, uCosminexus Collaboration Portal, Cosminexus Collaboration Portal, and uCosminexus Content… | |||
| CVE-2007-1787 | 0.03 | — | 0.05 | Mar 31, 2007 | Multiple PHP remote file inclusion vulnerabilities in lib/timesheet.class.php in Softerra Time-Assistant 6.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) inc_dir or (2) lib_dir parameter. | |||
| CVE-2007-1788 | 0.00 | — | 0.01 | Mar 31, 2007 | Flyspray 0.9.9, when output_buffering is disabled or "set to a low value," allows remote attackers to bypass authentication via a crafted post request. | |||
| CVE-2007-1789 | 0.00 | — | 0.01 | Mar 31, 2007 | Flyspray 0.9.9 allows remote attackers to obtain sensitive information (private project summaries) via direct requests. | |||
| CVE-2007-1790 | 0.04 | — | 0.07 | Mar 31, 2007 | Multiple PHP remote file inclusion vulnerabilities in Kaqoo Auction Software Free Edition allow remote attackers to execute arbitrary PHP code via a URL in the install_root parameter to (1) support.inc.php, (2) function.inc.php, (3) rdal_object.inc.php, (4) rdal_editor.inc.php.… | |||
| CVE-2007-1791 | 0.03 | — | 0.01 | Mar 31, 2007 | SQL injection vulnerability in wall.php in Picture-Engine 1.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||
| CVE-2007-1784 | 0.00 | — | 0.03 | Mar 31, 2007 | The JNILoader ActiveX control (STJNILoader.ocx) 3.1.0.26 in IBM Lotus Notes Sametime before 7.5 allows remote attackers to load arbitrary DLL libraries and execute arbitrary code via arbitrary arguments to the loadLibrary function. | |||
| CVE-2007-1785 | 0.04 | — | 0.15 | Mar 31, 2007 | The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 SP2 build 4237 allows remote attackers to execute arbitrary code via crafted xdr_handle_t data in RPC packets, which is used in calculating an address for a function call, as demonstrated using the 191 (0xbf)… | |||
| CVE-2006-7183 | 0.03 | — | 0.04 | Mar 30, 2007 | PHP remote file inclusion vulnerability in styles.php in Exhibit Engine (EE) 1.22 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter. | |||
| CVE-2006-7184 | 0.03 | — | 0.02 | Mar 30, 2007 | Multiple PHP remote file inclusion vulnerabilities in Exhibit Engine (EE) 1.22, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to (1) fetchsettings.php or (2) fstyles.php. NOTE: the provenance of this information is… | |||
| CVE-2006-7185 | 0.03 | — | 0.03 | Mar 30, 2007 | PHP remote file inclusion vulnerability in includes/user_standard.php in CMSmelborp Beta allows remote attackers to execute arbitrary PHP code via a URL in the relative_root parameter. | |||
| CVE-2007-0038 | 0.09 | — | 0.73 | Mar 30, 2007 | Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI,… | |||
| CVE-2006-7181 | 0.00 | — | 0.02 | Mar 30, 2007 | Multiple PHP remote file inclusion vulnerabilities in Morcego CMS 0.9.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) fichero parameter to morcegoCMS.php or the (2) path parameter to adodb/adodb.inc.php. NOTE: vector 1 has been disputed… | |||
| CVE-2006-7182 | 0.00 | — | 0.02 | Mar 30, 2007 | PHP remote file inclusion vulnerability in noticias.php in MNews 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter. | |||
| CVE-2007-1780 | 0.00 | — | 0.01 | Mar 30, 2007 | Cross-site scripting (XSS) vulnerability in the DHT shell (owdhtshell) in Overlay Weaver 0.5.9 to 0.5.11, when invoked with the -x option, allows remote attackers to inject arbitrary web script or HTML via fields in certain input forms. | |||
| CVE-2007-1781 | 0.00 | — | 0.00 | Mar 30, 2007 | Minna De Office 1.x and 2.x does not properly restrict user access to certain privileged actions, which allows local users to change the configuration or have other unspecified impact. NOTE: some of these details are obtained from third party information. | |||
| CVE-2007-1782 | 0.00 | — | 0.00 | Mar 30, 2007 | CruiseWorks 1.09e and earlier does not properly restrict user access to certain privileged actions, which allows local users to change the configuration or have other unspecified impact. NOTE: some of these details are obtained from third party information. | |||
| CVE-2006-7177 | 0.00 | — | 0.02 | Mar 30, 2007 | MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a denial of service (system crash) via unspecified vectors that lead to a kernel panic in the ieee80211_input function, related to "packets coming from a 'malicious' WinXP system." | |||
| CVE-2006-7178 | 0.00 | — | 0.03 | Mar 30, 2007 | MadWifi before 0.9.3 does not properly handle reception of an AUTH frame by an IBSS node, which allows remote attackers to cause a denial of service (system crash) via a certain AUTH frame. | |||
| CVE-2006-7179 | 0.00 | — | 0.03 | Mar 30, 2007 | ieee80211_input.c in MadWifi before 0.9.3 does not properly process Channel Switch Announcement Information Elements (CSA IEs), which allows remote attackers to cause a denial of service (loss of communication) via a Channel Switch Count less than or equal to one, triggering a… | |||
| CVE-2006-7180 | 0.00 | — | 0.02 | Mar 30, 2007 | ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets before WPA authentication succeeds, which allows remote attackers to obtain sensitive information (related to network structure), and possibly cause a denial of service (disrupted authentication) and conduct… | |||
| CVE-2007-1768 | 0.00 | — | 0.01 | Mar 30, 2007 | Cross-site scripting (XSS) vulnerability in app/helpers/application_helper.rb in Mephisto 0.7.3 and Mephisto Edge 20070325 allows remote attackers to inject arbitrary web script or HTML via the author name field in a comment. | |||
| CVE-2007-1770 | 0.04 | — | 0.17 | Mar 30, 2007 | Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via… | |||
| CVE-2007-1771 | 0.03 | — | 0.05 | Mar 30, 2007 | PHP remote file inclusion vulnerability in manage/javascript/formjavascript.php in Ay System Solutions Web Content System (WCS) 2.7.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[JavascriptEdit] parameter. | |||
| CVE-2007-1772 | 0.03 | — | 0.03 | Mar 30, 2007 | The FTP service in HP JetDirect print servers allows remote attackers to cause a denial of service (engine crash) via a RETR command with a long pathname. | |||
| CVE-2007-1773 | 0.03 | — | 0.03 | Mar 30, 2007 | Multiple directory traversal vulnerabilities in aBitWhizzy allow remote attackers to list arbitrary directories via a .. (dot dot) in the d parameter to (1) whizzery/whizzypic.php or (2) whizzery/whizzylink.php, different vectors than CVE-2006-6384. | |||
| CVE-2007-1774 | 0.00 | — | 0.01 | Mar 30, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in aBitWhizzy allow remote attackers to inject arbitrary web script or HTML via the d parameter to (1) whizzery/whizzypic.php or (2) whizzery/whizzylink.php. | |||
| CVE-2007-1775 | 0.00 | — | 0.01 | Mar 30, 2007 | Unrestricted file upload vulnerability in upload.php3 in JBrowser 2.4 and earlier allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… | |||
| CVE-2007-1776 | 0.03 | — | 0.01 | Mar 30, 2007 | SQL injection vulnerability in index.php in the DesignForJoomla.com D4J eZine (com_ezine) 2.8 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in a read action. | |||
| CVE-2007-1777 | 0.04 | — | 0.15 | Mar 30, 2007 | Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, triggering a heap overflow. | |||
| CVE-2007-1778 | 0.03 | — | 0.04 | Mar 30, 2007 | PHP remote file inclusion vulnerability in db/mysql.php in the Eve-Nuke 0.1 (EN-Forums) module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||
| CVE-2007-1779 | 0.00 | — | 0.01 | Mar 30, 2007 | Multiple SQL injection vulnerabilities in the MySQL back-end in Advanced Website Creator (AWC) before 1.9.0 might allow remote attackers to execute arbitrary SQL commands via unspecified parameters, related to use of mysql_escape_string instead of mysql_real_escape_string. | |||
| CVE-2007-1349 | 0.01 | — | 0.10 | Mar 30, 2007 | PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI. | |||
| CVE-2007-1677 | 0.00 | — | 0.00 | Mar 30, 2007 | Multiple buffer overflows in the ISO network protocol support in the NetBSD kernel 2.0 through 4.0_BETA2, and NetBSD-current before 20070329, allow local users to execute arbitrary code via long parameters to certain functions, as demonstrated by a long sockaddr structure… | |||
| CVE-2007-1762 | 0.00 | — | 0.01 | Mar 30, 2007 | Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs before checking them against the phishing site blacklist, which allows remote attackers to bypass phishing protection via multiple / (slash) characters in the URL. | |||
| CVE-2007-1763 | 0.01 | — | 0.18 | Mar 30, 2007 | The ATI kernel driver (atikmdag.sys) in Microsoft Windows Vista allows user-assisted remote attackers to cause a denial of service (crash) via a crafted JPG image, as demonstrated by a slideshow, possibly due to a buffer overflow. | |||
| CVE-2007-1764 | 0.00 | — | 0.02 | Mar 30, 2007 | Stack-based buffer overflow in FastStone Image Viewer 2.8 allows user-assisted remote attackers to execute arbitrary code via a crafted JPG image. | |||
| CVE-2007-1765 | 0.07 | — | 0.54 | Mar 30, 2007 | Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and… | |||
| CVE-2007-1766 | 0.03 | — | 0.05 | Mar 30, 2007 | PHP remote file inclusion vulnerability in login/engine/db/profiledit.php in Advanced Login 0.76 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. | |||
| CVE-2007-1767 | 0.00 | — | 0.02 | Mar 30, 2007 | Unspecified vulnerability in (1) Deskbar.dll and (2) Toolbar.dll in AOL 9.0 before February 2007 allows remote attackers to cause a denial of service (browser crash) via unknown vectors. | |||
| CVE-2006-4843 | 0.00 | — | 0.01 | Mar 29, 2007 | Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified "code sequences" that bypass the protection scheme. | |||
| CVE-2007-1733 | 0.04 | — | 0.11 | Mar 28, 2007 | Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remote attackers to execute arbitrary code via a long (1) /cgi-bin/ or (2) /cgi/ pathname in an HTTP GET request, probably a different issue than CVE-2006-5112. | |||
| CVE-2007-1734 | 0.03 | — | 0.01 | Mar 28, 2007 | The DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later does not verify the upper bounds of the optlen value, which allows local users running on certain architectures to read kernel memory or cause a denial of service (oops), a… | |||
| CVE-2007-1735 | 0.04 | — | 0.09 | Mar 28, 2007 | Stack-based buffer overflow in Corel WordPerfect Office X3 (13.0.0.565) allows user-assisted remote attackers to execute arbitrary code via a long printer selection (PRS) name in a Wordperfect document. |
- CVE-2007-1794Apr 2, 2007risk 0.00cvss —epss 0.04
The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: this issue might be related to…
- CVE-2007-1795Apr 2, 2007risk 0.03cvss —epss 0.03
JCcorp URLshrink 1.3.1 allows remote attackers to execute arbitrary PHP code via the email address field in an HTML link. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2007-1796Apr 2, 2007risk 0.00cvss —epss 0.01
Multiple unspecified vulnerabilities in JCcorp URLshrink before 1.3.2 have unspecified attack vectors and impact.
- CVE-2007-1797Apr 2, 2007risk 0.00cvss —epss 0.04
Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which…
- CVE-2007-1798Apr 2, 2007risk 0.00cvss —epss 0.00
Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long path name.
- CVE-2007-1799Apr 2, 2007risk 0.00cvss —epss 0.02
Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.3 only checks for the ".." string, which allows remote attackers to overwrite arbitrary files via modified ".." sequences in a torrent filename, as demonstrated by "../" sequences, due to an incomplete fix…
- CVE-2007-1786Mar 31, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in Hitachi Collaboration - Online Community Management 01-00 through 01-30, as used in Groupmax Collaboration Portal, Groupmax Collaboration Web Client, uCosminexus Collaboration Portal, Cosminexus Collaboration Portal, and uCosminexus Content…
- CVE-2007-1787Mar 31, 2007risk 0.03cvss —epss 0.05
Multiple PHP remote file inclusion vulnerabilities in lib/timesheet.class.php in Softerra Time-Assistant 6.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) inc_dir or (2) lib_dir parameter.
- CVE-2007-1788Mar 31, 2007risk 0.00cvss —epss 0.01
Flyspray 0.9.9, when output_buffering is disabled or "set to a low value," allows remote attackers to bypass authentication via a crafted post request.
- CVE-2007-1789Mar 31, 2007risk 0.00cvss —epss 0.01
Flyspray 0.9.9 allows remote attackers to obtain sensitive information (private project summaries) via direct requests.
- CVE-2007-1790Mar 31, 2007risk 0.04cvss —epss 0.07
Multiple PHP remote file inclusion vulnerabilities in Kaqoo Auction Software Free Edition allow remote attackers to execute arbitrary PHP code via a URL in the install_root parameter to (1) support.inc.php, (2) function.inc.php, (3) rdal_object.inc.php, (4) rdal_editor.inc.php.…
- CVE-2007-1791Mar 31, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in wall.php in Picture-Engine 1.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter.
- CVE-2007-1784Mar 31, 2007risk 0.00cvss —epss 0.03
The JNILoader ActiveX control (STJNILoader.ocx) 3.1.0.26 in IBM Lotus Notes Sametime before 7.5 allows remote attackers to load arbitrary DLL libraries and execute arbitrary code via arbitrary arguments to the loadLibrary function.
- CVE-2007-1785Mar 31, 2007risk 0.04cvss —epss 0.15
The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 SP2 build 4237 allows remote attackers to execute arbitrary code via crafted xdr_handle_t data in RPC packets, which is used in calculating an address for a function call, as demonstrated using the 191 (0xbf)…
- CVE-2006-7183Mar 30, 2007risk 0.03cvss —epss 0.04
PHP remote file inclusion vulnerability in styles.php in Exhibit Engine (EE) 1.22 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter.
- CVE-2006-7184Mar 30, 2007risk 0.03cvss —epss 0.02
Multiple PHP remote file inclusion vulnerabilities in Exhibit Engine (EE) 1.22, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to (1) fetchsettings.php or (2) fstyles.php. NOTE: the provenance of this information is…
- CVE-2006-7185Mar 30, 2007risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in includes/user_standard.php in CMSmelborp Beta allows remote attackers to execute arbitrary PHP code via a URL in the relative_root parameter.
- CVE-2007-0038Mar 30, 2007risk 0.09cvss —epss 0.73
Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI,…
- CVE-2006-7181Mar 30, 2007risk 0.00cvss —epss 0.02
Multiple PHP remote file inclusion vulnerabilities in Morcego CMS 0.9.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) fichero parameter to morcegoCMS.php or the (2) path parameter to adodb/adodb.inc.php. NOTE: vector 1 has been disputed…
- CVE-2006-7182Mar 30, 2007risk 0.00cvss —epss 0.02
PHP remote file inclusion vulnerability in noticias.php in MNews 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter.
- CVE-2007-1780Mar 30, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the DHT shell (owdhtshell) in Overlay Weaver 0.5.9 to 0.5.11, when invoked with the -x option, allows remote attackers to inject arbitrary web script or HTML via fields in certain input forms.
- CVE-2007-1781Mar 30, 2007risk 0.00cvss —epss 0.00
Minna De Office 1.x and 2.x does not properly restrict user access to certain privileged actions, which allows local users to change the configuration or have other unspecified impact. NOTE: some of these details are obtained from third party information.
- CVE-2007-1782Mar 30, 2007risk 0.00cvss —epss 0.00
CruiseWorks 1.09e and earlier does not properly restrict user access to certain privileged actions, which allows local users to change the configuration or have other unspecified impact. NOTE: some of these details are obtained from third party information.
- CVE-2006-7177Mar 30, 2007risk 0.00cvss —epss 0.02
MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a denial of service (system crash) via unspecified vectors that lead to a kernel panic in the ieee80211_input function, related to "packets coming from a 'malicious' WinXP system."
- CVE-2006-7178Mar 30, 2007risk 0.00cvss —epss 0.03
MadWifi before 0.9.3 does not properly handle reception of an AUTH frame by an IBSS node, which allows remote attackers to cause a denial of service (system crash) via a certain AUTH frame.
- CVE-2006-7179Mar 30, 2007risk 0.00cvss —epss 0.03
ieee80211_input.c in MadWifi before 0.9.3 does not properly process Channel Switch Announcement Information Elements (CSA IEs), which allows remote attackers to cause a denial of service (loss of communication) via a Channel Switch Count less than or equal to one, triggering a…
- CVE-2006-7180Mar 30, 2007risk 0.00cvss —epss 0.02
ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets before WPA authentication succeeds, which allows remote attackers to obtain sensitive information (related to network structure), and possibly cause a denial of service (disrupted authentication) and conduct…
- CVE-2007-1768Mar 30, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in app/helpers/application_helper.rb in Mephisto 0.7.3 and Mephisto Edge 20070325 allows remote attackers to inject arbitrary web script or HTML via the author name field in a comment.
- CVE-2007-1770Mar 30, 2007risk 0.04cvss —epss 0.17
Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via…
- CVE-2007-1771Mar 30, 2007risk 0.03cvss —epss 0.05
PHP remote file inclusion vulnerability in manage/javascript/formjavascript.php in Ay System Solutions Web Content System (WCS) 2.7.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[JavascriptEdit] parameter.
- CVE-2007-1772Mar 30, 2007risk 0.03cvss —epss 0.03
The FTP service in HP JetDirect print servers allows remote attackers to cause a denial of service (engine crash) via a RETR command with a long pathname.
- CVE-2007-1773Mar 30, 2007risk 0.03cvss —epss 0.03
Multiple directory traversal vulnerabilities in aBitWhizzy allow remote attackers to list arbitrary directories via a .. (dot dot) in the d parameter to (1) whizzery/whizzypic.php or (2) whizzery/whizzylink.php, different vectors than CVE-2006-6384.
- CVE-2007-1774Mar 30, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in aBitWhizzy allow remote attackers to inject arbitrary web script or HTML via the d parameter to (1) whizzery/whizzypic.php or (2) whizzery/whizzylink.php.
- CVE-2007-1775Mar 30, 2007risk 0.00cvss —epss 0.01
Unrestricted file upload vulnerability in upload.php3 in JBrowser 2.4 and earlier allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…
- CVE-2007-1776Mar 30, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the DesignForJoomla.com D4J eZine (com_ezine) 2.8 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in a read action.
- CVE-2007-1777Mar 30, 2007risk 0.04cvss —epss 0.15
Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, triggering a heap overflow.
- CVE-2007-1778Mar 30, 2007risk 0.03cvss —epss 0.04
PHP remote file inclusion vulnerability in db/mysql.php in the Eve-Nuke 0.1 (EN-Forums) module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
- CVE-2007-1779Mar 30, 2007risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in the MySQL back-end in Advanced Website Creator (AWC) before 1.9.0 might allow remote attackers to execute arbitrary SQL commands via unspecified parameters, related to use of mysql_escape_string instead of mysql_real_escape_string.
- CVE-2007-1349Mar 30, 2007risk 0.01cvss —epss 0.10
PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
- CVE-2007-1677Mar 30, 2007risk 0.00cvss —epss 0.00
Multiple buffer overflows in the ISO network protocol support in the NetBSD kernel 2.0 through 4.0_BETA2, and NetBSD-current before 20070329, allow local users to execute arbitrary code via long parameters to certain functions, as demonstrated by a long sockaddr structure…
- CVE-2007-1762Mar 30, 2007risk 0.00cvss —epss 0.01
Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs before checking them against the phishing site blacklist, which allows remote attackers to bypass phishing protection via multiple / (slash) characters in the URL.
- CVE-2007-1763Mar 30, 2007risk 0.01cvss —epss 0.18
The ATI kernel driver (atikmdag.sys) in Microsoft Windows Vista allows user-assisted remote attackers to cause a denial of service (crash) via a crafted JPG image, as demonstrated by a slideshow, possibly due to a buffer overflow.
- CVE-2007-1764Mar 30, 2007risk 0.00cvss —epss 0.02
Stack-based buffer overflow in FastStone Image Viewer 2.8 allows user-assisted remote attackers to execute arbitrary code via a crafted JPG image.
- CVE-2007-1765Mar 30, 2007risk 0.07cvss —epss 0.54
Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and…
- CVE-2007-1766Mar 30, 2007risk 0.03cvss —epss 0.05
PHP remote file inclusion vulnerability in login/engine/db/profiledit.php in Advanced Login 0.76 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
- CVE-2007-1767Mar 30, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in (1) Deskbar.dll and (2) Toolbar.dll in AOL 9.0 before February 2007 allows remote attackers to cause a denial of service (browser crash) via unknown vectors.
- CVE-2006-4843Mar 29, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified "code sequences" that bypass the protection scheme.
- CVE-2007-1733Mar 28, 2007risk 0.04cvss —epss 0.11
Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remote attackers to execute arbitrary code via a long (1) /cgi-bin/ or (2) /cgi/ pathname in an HTTP GET request, probably a different issue than CVE-2006-5112.
- CVE-2007-1734Mar 28, 2007risk 0.03cvss —epss 0.01
The DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later does not verify the upper bounds of the optlen value, which allows local users running on certain architectures to read kernel memory or cause a denial of service (oops), a…
- CVE-2007-1735Mar 28, 2007risk 0.04cvss —epss 0.09
Stack-based buffer overflow in Corel WordPerfect Office X3 (13.0.0.565) allows user-assisted remote attackers to execute arbitrary code via a long printer selection (PRS) name in a Wordperfect document.