| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-1465 | 0.04 | — | 0.08 | Mar 24, 2007 | Stack-based buffer overflow in dproxy.c for dproxy 0.1 through 0.5 allows remote attackers to execute arbitrary code via a long DNS query packet to UDP port 53. | |||
| CVE-2007-1666 | 0.00 | — | 0.03 | Mar 24, 2007 | The processor_request function in the debugger server for DataRescue IDA Pro 5.0 and 5.1 does not verify that authentication has taken place before invoking the perform_request function, which allows remote attackers to perform unauthorized actions. | |||
| CVE-2007-1658 | 0.06 | — | 0.36 | Mar 24, 2007 | Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as… | |||
| CVE-2007-1657 | 0.03 | — | 0.05 | Mar 24, 2007 | Stack-based buffer overflow in the file_compress function in minigzip (Modules/zlib) in Python 2.5 allows context-dependent attackers to execute arbitrary code via a long file argument. | |||
| CVE-2007-1642 | 0.00 | — | 0.01 | Mar 24, 2007 | Unspecified vulnerability in ManageEngine Firewall Analyzer allows remote authenticated users to "access any common file" via a direct URL request. | |||
| CVE-2007-1643 | 0.04 | — | 0.11 | Mar 24, 2007 | Multiple PHP remote file inclusion vulnerabilities in LAN Management System (LMS) 1.8.9 Vala and earlier allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG[directories][userpanel_dir] parameter to userpanel.php or the (2) _LIB_DIR parameter to… | |||
| CVE-2007-1644 | 0.06 | — | 0.33 | Mar 24, 2007 | The dynamic DNS update mechanism in the DNS Server service on Microsoft Windows does not properly authenticate clients in certain deployments or configurations, which allows remote attackers to change DNS records for a web proxy server and conduct man-in-the-middle (MITM)… | |||
| CVE-2007-1645 | 0.04 | — | 0.14 | Mar 24, 2007 | Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812. | |||
| CVE-2007-1646 | 0.00 | — | 0.01 | Mar 24, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in SubHub 2.3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the searchtext parameter to (a) /search, or the (2) message parameter to (b) /calendar or (c) /subscribe. | |||
| CVE-2007-1647 | 0.03 | — | 0.03 | Mar 24, 2007 | Moodle 1.5.2 and earlier stores sensitive information under the web root with insufficient access control, and provides directory listings, which allows remote attackers to obtain user names, password hashes, and other sensitive information via a direct request for session… | |||
| CVE-2007-1648 | 0.04 | — | 0.07 | Mar 24, 2007 | 0irc 1345 build 20060823 allows remote attackers to cause a denial of service (application crash) by operating an IRC server that sends a long string to a client, which triggers a NULL pointer dereference. | |||
| CVE-2007-1649 | 0.04 | — | 0.07 | Mar 24, 2007 | PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with S:, which does not properly track the number of input bytes being processed. | |||
| CVE-2007-1650 | 0.00 | — | 0.02 | Mar 24, 2007 | pcapsipdump.cpp in pcapsipdump before 0.1.3 allows remote attackers to cause a denial of service (application crash) via a malformed SIP packet, which results in a NULL pointer dereference. | |||
| CVE-2007-1651 | 0.00 | — | 0.01 | Mar 24, 2007 | Cross-site request forgery (CSRF) vulnerability in OpenID allows remote attackers to restore the login session of a user on an OpenID enabled site via unspecified vectors related to an arbitrary remote web site and cached tokens, after the user has signed into an OpenID server,… | |||
| CVE-2007-1652 | 0.00 | — | 0.01 | Mar 24, 2007 | OpenID allows remote attackers to forcibly log a user into an OpenID enabled site, divulge the user's personal information to this site, and add it site to the trusted sites list via a crafted web page, related to cached tokens. | |||
| CVE-2007-1653 | 0.00 | — | 0.01 | Mar 24, 2007 | GlowWorm FW before 1.5.3b4 allows remote attackers to cause a denial of service (kernel panic) via certain DNS responses that trigger infinite recursion in TrueDNS packet parsing, as originally observed with certain login.yahoo.com responses. | |||
| CVE-2007-1654 | 0.00 | — | 0.02 | Mar 24, 2007 | Buffer overflow in the Ne7sshSftp::addOpenHandle function in ne7ssh_sftp.cpp in NetSieben SSH Library (ne7ssh) before 1.2.1 allows user-assisted remote SFTP servers to cause a denial of service (crash) or possibly execute arbitrary code via multiple file transfers, related to… | |||
| CVE-2007-1655 | 0.01 | — | 0.07 | Mar 24, 2007 | Buffer overflow in the fun_ladd function in funmath.cpp in TinyMUX before 20070126 might allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors related to lists of numbers. | |||
| CVE-2007-1656 | 0.00 | — | 0.01 | Mar 24, 2007 | Multiple SQL injection vulnerabilities in index.php in Katalog Plyt Audio 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fraza and (2) litera parameters, different vectors than CVE-2007-1612. NOTE: the provenance of this information is… | |||
| CVE-2007-1638 | 0.00 | — | 0.02 | Mar 23, 2007 | Multiple cross-site request forgery (CSRF) vulnerabilities in the check_csrftoken function in lib/lib.inc.php in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote attackers to perform unauthorized actions as an arbitrary user via the (1) Projects, (2) Contacts,… | |||
| CVE-2007-1639 | 0.00 | — | 0.02 | Mar 23, 2007 | Unrestricted file upload vulnerability in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allows remote authenticated users to upload and execute arbitrary PHP code via a file with an executable extension, which is then accessed by the (1) calendar or (2) file management… | |||
| CVE-2007-1640 | 0.03 | — | 0.05 | Mar 23, 2007 | Multiple PHP remote file inclusion vulnerabilities in ClassWeb 2.03 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the BASE parameter to (1) language.php and (2) phpadmin/survey.php. | |||
| CVE-2007-1641 | 0.03 | — | 0.01 | Mar 23, 2007 | SQL injection vulnerability in index.php in PortailPHP 2.0 allows remote attackers to execute arbitrary SQL commands via the idnews parameter. | |||
| CVE-2007-1634 | 0.03 | — | 0.01 | Mar 23, 2007 | Variable extraction vulnerability in grab_globals.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to conduct SQL injection attacks via the _FILES[DB][tmp_name] parameter to print.php, which overwrites the $DB variable with dynamic variable… | |||
| CVE-2007-1635 | 0.03 | — | 0.03 | Mar 23, 2007 | Static code injection vulnerability in admin/settings.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote authenticated users to inject arbitrary PHP code via the xtop parameter in a "ConfigSave" op to admin.php, which can later be accessed via a "Configure"… | |||
| CVE-2007-1636 | 0.03 | — | 0.03 | Mar 23, 2007 | Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header. | |||
| CVE-2007-1637 | 0.00 | — | 0.06 | Mar 23, 2007 | Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in… | |||
| CVE-2007-1623 | 0.00 | — | 0.01 | Mar 23, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in realGuestbook 5.01, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) bg_color_1, (2) fs_menu, (3) fc_menu, (4) ff_menu, (5) bg_color_2, (6) fs_normal, (7) fc_normal,… | |||
| CVE-2007-1624 | 0.00 | — | 0.01 | Mar 23, 2007 | Multiple SQL injection vulnerabilities in realGuestbook 5.01 allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) homepage, and (4) text parameters to save_entry.php, as reachable through add_entry.php; and possibly other unspecified… | |||
| CVE-2007-1625 | 0.00 | — | 0.01 | Mar 23, 2007 | Cross-site scripting (XSS) vulnerability in save_entry.php in realGuestbook 5.01 allows remote attackers to inject arbitrary web script or HTML via the homepage parameter, as reachable through add_entry.php. NOTE: the original report stated that the vulnerability was in… | |||
| CVE-2007-1626 | 0.03 | — | 0.03 | Mar 23, 2007 | PHP remote file inclusion vulnerability in iframe.php in the iFrame Module for PHP-NUKE allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | |||
| CVE-2007-1628 | 0.03 | — | 0.05 | Mar 23, 2007 | Multiple PHP remote file inclusion vulnerabilities in Study planner (Studiewijzer) 0.15 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the SPL_CFG[dirroot] parameter to (1) service.alert.inc.php or (2)… | |||
| CVE-2007-1629 | 0.03 | — | 0.01 | Mar 23, 2007 | SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Photo Gallery allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||
| CVE-2007-1630 | 0.03 | — | 0.01 | Mar 23, 2007 | SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Link Engine allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||
| CVE-2007-1631 | 0.00 | — | 0.02 | Mar 23, 2007 | PHP remote file inclusion vulnerability in signup.php in CLBOX 1.01 allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: this issue has been disputed by a reliable third party, stating that header is defined through an include file… | |||
| CVE-2007-1632 | 0.00 | — | 0.01 | Mar 23, 2007 | Unspecified vulnerability in TYPOlight webCMS before 2.2 Build 5 has unknown impact and attack vectors related to a "major security hole." | |||
| CVE-2007-1633 | 0.03 | — | 0.03 | Mar 23, 2007 | Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an… | |||
| CVE-2007-1612 | 0.03 | — | 0.01 | Mar 23, 2007 | SQL injection vulnerability in index.php in Katalog Plyt Audio 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the kolumna parameter. | |||
| CVE-2007-1613 | 0.03 | — | 0.02 | Mar 23, 2007 | Directory traversal vulnerability in view.php in MPM Chat 2.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the logi parameter. | |||
| CVE-2007-1614 | 0.01 | — | 0.07 | Mar 23, 2007 | Stack-based buffer overflow in the zzip_open_shared_io function in zzip/file.c in ZZIPlib Library before 0.13.49 allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long filename. | |||
| CVE-2007-1615 | 0.03 | — | 0.02 | Mar 23, 2007 | SQL injection vulnerability in index.php in ScriptMagix Jokes 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||
| CVE-2007-1616 | 0.03 | — | 0.01 | Mar 23, 2007 | SQL injection vulnerability in index.php in ScriptMagix Lyrics 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the recid parameter. | |||
| CVE-2007-1617 | 0.03 | — | 0.01 | Mar 23, 2007 | SQL injection vulnerability in index.php in ScriptMagix Recipes 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||
| CVE-2007-1618 | 0.03 | — | 0.01 | Mar 23, 2007 | SQL injection vulnerability in index.php in ScriptMagix FAQ Builder 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||
| CVE-2007-1619 | 0.03 | — | 0.01 | Mar 23, 2007 | SQL injection vulnerability in viewcomments.php in ScriptMagix Photo Rating 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the phid parameter. | |||
| CVE-2007-1620 | 0.04 | — | 0.11 | Mar 23, 2007 | Multiple PHP remote file inclusion vulnerabilities in PHP DB Designer 1.02 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SESSION[SITE_PATH] parameter to (a) wind/help.php or (b) wind/about.php, or the (2) _SESSION[DRIVER] parameter to (c)… | |||
| CVE-2007-1621 | 0.03 | — | 0.04 | Mar 23, 2007 | PHP remote file inclusion vulnerability in templates/head.php in Active PHP Bookmark Notes (APB) 0.2.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the APB_SETTINGS[template_path] parameter. NOTE: this issue might be related to CVE-2003-1254. | |||
| CVE-2007-1622 | 0.00 | — | 0.06 | Mar 23, 2007 | Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface,… | |||
| CVE-2007-1594 | 0.00 | — | 0.03 | Mar 22, 2007 | The handle_response function in chan_sip.c in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP Response code 0 in a SIP packet. | |||
| CVE-2007-1595 | 0.00 | — | 0.03 | Mar 22, 2007 | The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form. |
- CVE-2007-1465Mar 24, 2007risk 0.04cvss —epss 0.08
Stack-based buffer overflow in dproxy.c for dproxy 0.1 through 0.5 allows remote attackers to execute arbitrary code via a long DNS query packet to UDP port 53.
- CVE-2007-1666Mar 24, 2007risk 0.00cvss —epss 0.03
The processor_request function in the debugger server for DataRescue IDA Pro 5.0 and 5.1 does not verify that authentication has taken place before invoking the perform_request function, which allows remote attackers to perform unauthorized actions.
- CVE-2007-1658Mar 24, 2007risk 0.06cvss —epss 0.36
Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as…
- CVE-2007-1657Mar 24, 2007risk 0.03cvss —epss 0.05
Stack-based buffer overflow in the file_compress function in minigzip (Modules/zlib) in Python 2.5 allows context-dependent attackers to execute arbitrary code via a long file argument.
- CVE-2007-1642Mar 24, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in ManageEngine Firewall Analyzer allows remote authenticated users to "access any common file" via a direct URL request.
- CVE-2007-1643Mar 24, 2007risk 0.04cvss —epss 0.11
Multiple PHP remote file inclusion vulnerabilities in LAN Management System (LMS) 1.8.9 Vala and earlier allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG[directories][userpanel_dir] parameter to userpanel.php or the (2) _LIB_DIR parameter to…
- CVE-2007-1644Mar 24, 2007risk 0.06cvss —epss 0.33
The dynamic DNS update mechanism in the DNS Server service on Microsoft Windows does not properly authenticate clients in certain deployments or configurations, which allows remote attackers to change DNS records for a web proxy server and conduct man-in-the-middle (MITM)…
- CVE-2007-1645Mar 24, 2007risk 0.04cvss —epss 0.14
Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812.
- CVE-2007-1646Mar 24, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in SubHub 2.3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the searchtext parameter to (a) /search, or the (2) message parameter to (b) /calendar or (c) /subscribe.
- CVE-2007-1647Mar 24, 2007risk 0.03cvss —epss 0.03
Moodle 1.5.2 and earlier stores sensitive information under the web root with insufficient access control, and provides directory listings, which allows remote attackers to obtain user names, password hashes, and other sensitive information via a direct request for session…
- CVE-2007-1648Mar 24, 2007risk 0.04cvss —epss 0.07
0irc 1345 build 20060823 allows remote attackers to cause a denial of service (application crash) by operating an IRC server that sends a long string to a client, which triggers a NULL pointer dereference.
- CVE-2007-1649Mar 24, 2007risk 0.04cvss —epss 0.07
PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with S:, which does not properly track the number of input bytes being processed.
- CVE-2007-1650Mar 24, 2007risk 0.00cvss —epss 0.02
pcapsipdump.cpp in pcapsipdump before 0.1.3 allows remote attackers to cause a denial of service (application crash) via a malformed SIP packet, which results in a NULL pointer dereference.
- CVE-2007-1651Mar 24, 2007risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in OpenID allows remote attackers to restore the login session of a user on an OpenID enabled site via unspecified vectors related to an arbitrary remote web site and cached tokens, after the user has signed into an OpenID server,…
- CVE-2007-1652Mar 24, 2007risk 0.00cvss —epss 0.01
OpenID allows remote attackers to forcibly log a user into an OpenID enabled site, divulge the user's personal information to this site, and add it site to the trusted sites list via a crafted web page, related to cached tokens.
- CVE-2007-1653Mar 24, 2007risk 0.00cvss —epss 0.01
GlowWorm FW before 1.5.3b4 allows remote attackers to cause a denial of service (kernel panic) via certain DNS responses that trigger infinite recursion in TrueDNS packet parsing, as originally observed with certain login.yahoo.com responses.
- CVE-2007-1654Mar 24, 2007risk 0.00cvss —epss 0.02
Buffer overflow in the Ne7sshSftp::addOpenHandle function in ne7ssh_sftp.cpp in NetSieben SSH Library (ne7ssh) before 1.2.1 allows user-assisted remote SFTP servers to cause a denial of service (crash) or possibly execute arbitrary code via multiple file transfers, related to…
- CVE-2007-1655Mar 24, 2007risk 0.01cvss —epss 0.07
Buffer overflow in the fun_ladd function in funmath.cpp in TinyMUX before 20070126 might allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors related to lists of numbers.
- CVE-2007-1656Mar 24, 2007risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in index.php in Katalog Plyt Audio 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fraza and (2) litera parameters, different vectors than CVE-2007-1612. NOTE: the provenance of this information is…
- CVE-2007-1638Mar 23, 2007risk 0.00cvss —epss 0.02
Multiple cross-site request forgery (CSRF) vulnerabilities in the check_csrftoken function in lib/lib.inc.php in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote attackers to perform unauthorized actions as an arbitrary user via the (1) Projects, (2) Contacts,…
- CVE-2007-1639Mar 23, 2007risk 0.00cvss —epss 0.02
Unrestricted file upload vulnerability in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allows remote authenticated users to upload and execute arbitrary PHP code via a file with an executable extension, which is then accessed by the (1) calendar or (2) file management…
- CVE-2007-1640Mar 23, 2007risk 0.03cvss —epss 0.05
Multiple PHP remote file inclusion vulnerabilities in ClassWeb 2.03 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the BASE parameter to (1) language.php and (2) phpadmin/survey.php.
- CVE-2007-1641Mar 23, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in PortailPHP 2.0 allows remote attackers to execute arbitrary SQL commands via the idnews parameter.
- CVE-2007-1634Mar 23, 2007risk 0.03cvss —epss 0.01
Variable extraction vulnerability in grab_globals.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to conduct SQL injection attacks via the _FILES[DB][tmp_name] parameter to print.php, which overwrites the $DB variable with dynamic variable…
- CVE-2007-1635Mar 23, 2007risk 0.03cvss —epss 0.03
Static code injection vulnerability in admin/settings.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote authenticated users to inject arbitrary PHP code via the xtop parameter in a "ConfigSave" op to admin.php, which can later be accessed via a "Configure"…
- CVE-2007-1636Mar 23, 2007risk 0.03cvss —epss 0.03
Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
- CVE-2007-1637Mar 23, 2007risk 0.00cvss —epss 0.06
Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in…
- CVE-2007-1623Mar 23, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in realGuestbook 5.01, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) bg_color_1, (2) fs_menu, (3) fc_menu, (4) ff_menu, (5) bg_color_2, (6) fs_normal, (7) fc_normal,…
- CVE-2007-1624Mar 23, 2007risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in realGuestbook 5.01 allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) homepage, and (4) text parameters to save_entry.php, as reachable through add_entry.php; and possibly other unspecified…
- CVE-2007-1625Mar 23, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in save_entry.php in realGuestbook 5.01 allows remote attackers to inject arbitrary web script or HTML via the homepage parameter, as reachable through add_entry.php. NOTE: the original report stated that the vulnerability was in…
- CVE-2007-1626Mar 23, 2007risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in iframe.php in the iFrame Module for PHP-NUKE allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
- CVE-2007-1628Mar 23, 2007risk 0.03cvss —epss 0.05
Multiple PHP remote file inclusion vulnerabilities in Study planner (Studiewijzer) 0.15 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the SPL_CFG[dirroot] parameter to (1) service.alert.inc.php or (2)…
- CVE-2007-1629Mar 23, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Photo Gallery allows remote attackers to execute arbitrary SQL commands via the catid parameter.
- CVE-2007-1630Mar 23, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Link Engine allows remote attackers to execute arbitrary SQL commands via the catid parameter.
- CVE-2007-1631Mar 23, 2007risk 0.00cvss —epss 0.02
PHP remote file inclusion vulnerability in signup.php in CLBOX 1.01 allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: this issue has been disputed by a reliable third party, stating that header is defined through an include file…
- CVE-2007-1632Mar 23, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in TYPOlight webCMS before 2.2 Build 5 has unknown impact and attack vectors related to a "major security hole."
- CVE-2007-1633Mar 23, 2007risk 0.03cvss —epss 0.03
Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an…
- CVE-2007-1612Mar 23, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in Katalog Plyt Audio 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the kolumna parameter.
- CVE-2007-1613Mar 23, 2007risk 0.03cvss —epss 0.02
Directory traversal vulnerability in view.php in MPM Chat 2.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the logi parameter.
- CVE-2007-1614Mar 23, 2007risk 0.01cvss —epss 0.07
Stack-based buffer overflow in the zzip_open_shared_io function in zzip/file.c in ZZIPlib Library before 0.13.49 allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long filename.
- CVE-2007-1615Mar 23, 2007risk 0.03cvss —epss 0.02
SQL injection vulnerability in index.php in ScriptMagix Jokes 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
- CVE-2007-1616Mar 23, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in ScriptMagix Lyrics 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the recid parameter.
- CVE-2007-1617Mar 23, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in ScriptMagix Recipes 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
- CVE-2007-1618Mar 23, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in ScriptMagix FAQ Builder 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
- CVE-2007-1619Mar 23, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in viewcomments.php in ScriptMagix Photo Rating 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the phid parameter.
- CVE-2007-1620Mar 23, 2007risk 0.04cvss —epss 0.11
Multiple PHP remote file inclusion vulnerabilities in PHP DB Designer 1.02 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SESSION[SITE_PATH] parameter to (a) wind/help.php or (b) wind/about.php, or the (2) _SESSION[DRIVER] parameter to (c)…
- CVE-2007-1621Mar 23, 2007risk 0.03cvss —epss 0.04
PHP remote file inclusion vulnerability in templates/head.php in Active PHP Bookmark Notes (APB) 0.2.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the APB_SETTINGS[template_path] parameter. NOTE: this issue might be related to CVE-2003-1254.
- CVE-2007-1622Mar 23, 2007risk 0.00cvss —epss 0.06
Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface,…
- CVE-2007-1594Mar 22, 2007risk 0.00cvss —epss 0.03
The handle_response function in chan_sip.c in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP Response code 0 in a SIP packet.
- CVE-2007-1595Mar 22, 2007risk 0.00cvss —epss 0.03
The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form.