| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-7081 | 0.03 | — | 0.03 | Mar 2, 2007 | Multiple PHP remote file inclusion vulnerabilities in PhpNews 1.0 allow remote attackers to execute arbitrary PHP code via the Include parameter to (1) Include/lib.inc.php3 and (2) Include/variables.php3. | |||
| CVE-2006-7082 | 0.00 | — | 0.03 | Mar 2, 2007 | Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to bypass authentication and upload arbitrary files via direct requests to (1) adm/photos/images.php and (2) adm/down/files.php. | |||
| CVE-2006-7083 | 0.00 | — | 0.01 | Mar 2, 2007 | Directory traversal vulnerability in index.php in Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to read arbitrary files via ".." sequences in the id parameter. | |||
| CVE-2006-7085 | 0.00 | — | 0.01 | Mar 2, 2007 | Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to add arbitrary content and conduct XSS attacks via a direct request to add_art.php. NOTE: this issue was originally reported as SQL injection, but this is not likely. | |||
| CVE-2006-7086 | 0.03 | — | 0.03 | Mar 2, 2007 | The (1) dlback.php and (2) dlback.cgi scripts in Hot Links allow remote attackers to obtain sensitive information and download the database via a direct request with a modified dl parameter. | |||
| CVE-2006-7087 | 0.00 | — | 0.02 | Mar 2, 2007 | CRLF injection vulnerability in the mail function in Dotdeb PHP before 5.2.0 Rev 3 allows remote attackers to bypass the protection scheme and inject arbitrary email headers via CRLF sequences in the query string, which is processed via the PHP_SELF variable. | |||
| CVE-2006-7088 | 0.00 | — | 0.01 | Mar 2, 2007 | Multiple SQL injection vulnerabilities in Simple PHP Forum before 0.4 allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) logon_user.php and (2) update_profile.php. | |||
| CVE-2006-7089 | 0.00 | — | 0.01 | Mar 2, 2007 | SQL injection vulnerability in connexion.php in Ban 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2006-7090 | 0.00 | — | 0.01 | Mar 2, 2007 | PHP remote file inclusion vulnerability in phpbb_security.php in phpBB Security 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the php_root_path parameter. | |||
| CVE-2006-7091 | 0.03 | — | 0.02 | Mar 2, 2007 | PHP remote file inclusion vulnerability in config.php in phpht Topsites FREE 1.022b allows remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… | |||
| CVE-2006-7092 | 0.00 | — | 0.01 | Mar 2, 2007 | SQL injection vulnerability in includes/mambo.php in Mambo LaiThai 4.5.4 SP2 and earlier allows remote attackers to execute arbitrary SQL commands via the usercookie[password] cookie parameter. | |||
| CVE-2006-7093 | 0.00 | — | 0.01 | Mar 2, 2007 | Cross-site scripting (XSS) vulnerability in Mambo LaiThai 4.5.4 Security Patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2006-7094 | 0.00 | — | 0.03 | Mar 2, 2007 | ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bin/ls, which allows remote authenticated users to list arbitrary directories with the privileges of gid 0 and possibly enable additional attack… | |||
| CVE-2006-7095 | 0.00 | — | 0.05 | Mar 2, 2007 | Integer signedness error in the network_receive_packet function in socket.c in dimension 3 engine (dim3) 1.5 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large data_len value, which is cast to a… | |||
| CVE-2006-7096 | 0.00 | — | 0.05 | Mar 2, 2007 | Buffer overflow in the network_host_handle_join function in host.c in dimension 3 engine (dim3) 1.5 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long nickname. | |||
| CVE-2006-7097 | 0.00 | — | 0.01 | Mar 2, 2007 | Multiple unspecified vulnerabilities in TaskFreak! before 0.1.4 have unknown impact and attack vectors. | |||
| CVE-2007-0001 | 0.03 | — | 0.01 | Mar 2, 2007 | The file watch implementation in the audit subsystem (auditctl -w) in the Red Hat Enterprise Linux (RHEL) 4 kernel 2.6.9 allows local users to cause a denial of service (kernel panic) by replacing a watched file, which does not cause the watch on the old inode to be dropped. | |||
| CVE-2007-1005 | 0.01 | — | 0.07 | Mar 2, 2007 | Heap-based buffer overflow in SW3eng.exe in the eID Engine service in CA (formerly Computer Associates) eTrust Intrusion Detection 3.0.5.57 and earlier allows remote attackers to cause a denial of service (application crash) via a long key length value to the remote… | |||
| CVE-2007-1134 | 0.00 | — | 0.01 | Mar 2, 2007 | Unspecified vulnerability in Watchtower (WT) before 0.12 has unknown impact and attack vectors, related to "unauthorized accounts." | |||
| CVE-2007-1135 | 0.00 | — | 0.01 | Mar 2, 2007 | Multiple SQL injection vulnerabilities in WebMplayer before 0.6.1-Alpha allow remote attackers to execute arbitrary SQL commands via the (1) strid parameter to index.php and the (2) id[0] or other id array index parameter to filecheck.php. | |||
| CVE-2007-1136 | 0.00 | — | 0.02 | Mar 2, 2007 | index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to execute arbitrary code via shell metacharacters in an exec function call. NOTE: some sources have referred to this as eval injection in the param parameter, but CVE source inspection suggests that this is… | |||
| CVE-2007-1137 | 0.00 | — | 0.01 | Mar 2, 2007 | putmail.py in Putmail before 1.4 does not detect when a user attempts to use TLS with a server that does not support it, which causes putmail.py to send the username and password in plaintext while the user believes encryption is in use, and allows remote attackers to obtain… | |||
| CVE-2007-1138 | 0.03 | — | 0.03 | Mar 2, 2007 | Absolute path traversal vulnerability in list_main_pages.php in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to list arbitrary directories, and read arbitrary files, via an absolute pathname in the nfolder parameter. | |||
| CVE-2007-1139 | 0.00 | — | 0.02 | Mar 2, 2007 | Unrestricted file upload vulnerability in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to upload arbitrary scripts via a filename with a double extension. | |||
| CVE-2007-1140 | 0.03 | — | 0.03 | Mar 2, 2007 | Directory traversal vulnerability in edit.php in pheap allows remote attackers to read and modify arbitrary files via a .. (dot dot) in the filename parameter. | |||
| CVE-2007-1141 | 0.03 | — | 0.06 | Mar 2, 2007 | PHP remote file inclusion vulnerability in preview.php in Magic News Plus 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the php_script_path parameter. NOTE: This issue may overlap CVE-2006-0723. | |||
| CVE-2007-1142 | 0.03 | — | 0.02 | Mar 2, 2007 | Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the link_parameters parameter in (1) news.php and (2) n_layouts.php. | |||
| CVE-2007-1143 | 0.00 | — | 0.03 | Mar 2, 2007 | Directory traversal vulnerability in pn-menu.php in J-Web Pics Navigator 1.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter. | |||
| CVE-2007-1144 | 0.00 | — | 0.03 | Mar 2, 2007 | Directory traversal vulnerability in jwpn-photos.php in J-Web Pics Navigator 2.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter. | |||
| CVE-2007-1145 | 0.00 | — | 0.02 | Mar 2, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3.00.13 and 3.04.10 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a (1) lostpassword or (2) register action in index.php, (3) unspecified… | |||
| CVE-2007-1146 | 0.00 | — | 0.01 | Mar 2, 2007 | PHP remote file inclusion vulnerability in function.php in arabhost allows remote attackers to execute arbitrary PHP code via a URL in the adminfolder parameter. | |||
| CVE-2007-1147 | 0.00 | — | 0.01 | Mar 2, 2007 | PHP remote file inclusion vulnerability in view.php in hbm allows remote attackers to execute arbitrary PHP code via a URL in the hbmpath parameter. | |||
| CVE-2007-1148 | 0.03 | — | 0.03 | Mar 2, 2007 | PHP remote file inclusion vulnerability in install/index.php in LoveCMS 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter. | |||
| CVE-2007-1149 | 0.03 | — | 0.04 | Mar 2, 2007 | Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the step parameter to install/index.php or (2) the load parameter to the top-level URI. | |||
| CVE-2007-1150 | 0.00 | — | 0.01 | Mar 2, 2007 | Unrestricted file upload vulnerability in LoveCMS 1.4 allows remote authenticated administrators to upload arbitrary files to /modules/content/pictures/tmp/. | |||
| CVE-2007-1151 | 0.03 | — | 0.02 | Mar 2, 2007 | Cross-site scripting (XSS) vulnerability in LoveCMS 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter to the top-level URI, possibly related to a SQL error. | |||
| CVE-2007-1152 | 0.03 | — | 0.03 | Mar 2, 2007 | Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) act or (2) pid parameter to the top-level URI (index.php), or the (3) action parameter to admin/index.php. NOTE: some of these details… | |||
| CVE-2007-1153 | 0.00 | — | 0.01 | Mar 2, 2007 | Multiple PHP remote file inclusion vulnerabilities in CutePHP CuteNews 1.3.6 allow remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE:… | |||
| CVE-2007-1154 | 0.00 | — | 0.01 | Mar 2, 2007 | SQL injection vulnerability in webSPELL allows remote attackers to execute arbitrary SQL commands via a ws_auth cookie, a different vulnerability than CVE-2006-4782. | |||
| CVE-2007-1155 | 0.00 | — | 0.01 | Mar 2, 2007 | Unrestricted file upload vulnerability in webSPELL allows remote authenticated administrators to upload and execute arbitrary PHP code via the add squad feature. NOTE: this issue may be an administrative feature, in which case this CVE may be REJECTED. | |||
| CVE-2007-1156 | 0.04 | — | 0.09 | Mar 2, 2007 | JBrowser allows remote attackers to bypass authentication and access certain administrative capabilities via a direct request for _admin/. | |||
| CVE-2007-1157 | 0.00 | — | 0.01 | Mar 2, 2007 | Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733. | |||
| CVE-2007-1158 | 0.03 | — | 0.04 | Mar 2, 2007 | Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 through 6.3.0 beta 5 module for PostNuke allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. | |||
| CVE-2007-1159 | 0.03 | — | 0.01 | Mar 2, 2007 | Cross-site scripting (XSS) vulnerability in modules/out.php in Pyrophobia 2.1.3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… | |||
| CVE-2007-1160 | 0.00 | — | 0.03 | Mar 2, 2007 | webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782. | |||
| CVE-2007-1161 | 0.00 | — | 0.01 | Mar 2, 2007 | Cross-site scripting (XSS) vulnerability in call_entry.php in Call Center Software 0,93 allows remote attackers to inject arbitrary web script or HTML via the problem_desc parameter, as demonstrated by the ONLOAD attribute of a BODY element. | |||
| CVE-2007-1162 | 0.03 | — | 0.03 | Mar 2, 2007 | A certain ActiveX control in the Common Controls Replacement Project (CCRP) CCRP BrowseDialog Server (ccrpbds6.dll) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) IsFolderAvailable or (2) RootFolder property value, different… | |||
| CVE-2007-1163 | 0.03 | — | 0.01 | Mar 2, 2007 | SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783. | |||
| CVE-2007-1164 | 0.04 | — | 0.09 | Mar 2, 2007 | Multiple PHP remote file inclusion vulnerabilities in DBImageGallery 1.2.2 allow remote attackers to execute arbitrary PHP code via a URL in the donsimg_base_path parameter to (1) attributes.php, (2) images.php, or (3) scan.php in admin/; or (4) attributes.php, (5) db_utils.php,… | |||
| CVE-2007-1165 | 0.03 | — | 0.03 | Mar 2, 2007 | Multiple PHP remote file inclusion vulnerabilities in DBGuestbook 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the dbs_base_path parameter to (1) utils.php, (2) guestbook.php, or (3) views.php in includes/. |
- CVE-2006-7081Mar 2, 2007risk 0.03cvss —epss 0.03
Multiple PHP remote file inclusion vulnerabilities in PhpNews 1.0 allow remote attackers to execute arbitrary PHP code via the Include parameter to (1) Include/lib.inc.php3 and (2) Include/variables.php3.
- CVE-2006-7082Mar 2, 2007risk 0.00cvss —epss 0.03
Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to bypass authentication and upload arbitrary files via direct requests to (1) adm/photos/images.php and (2) adm/down/files.php.
- CVE-2006-7083Mar 2, 2007risk 0.00cvss —epss 0.01
Directory traversal vulnerability in index.php in Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to read arbitrary files via ".." sequences in the id parameter.
- CVE-2006-7085Mar 2, 2007risk 0.00cvss —epss 0.01
Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to add arbitrary content and conduct XSS attacks via a direct request to add_art.php. NOTE: this issue was originally reported as SQL injection, but this is not likely.
- CVE-2006-7086Mar 2, 2007risk 0.03cvss —epss 0.03
The (1) dlback.php and (2) dlback.cgi scripts in Hot Links allow remote attackers to obtain sensitive information and download the database via a direct request with a modified dl parameter.
- CVE-2006-7087Mar 2, 2007risk 0.00cvss —epss 0.02
CRLF injection vulnerability in the mail function in Dotdeb PHP before 5.2.0 Rev 3 allows remote attackers to bypass the protection scheme and inject arbitrary email headers via CRLF sequences in the query string, which is processed via the PHP_SELF variable.
- CVE-2006-7088Mar 2, 2007risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in Simple PHP Forum before 0.4 allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) logon_user.php and (2) update_profile.php.
- CVE-2006-7089Mar 2, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in connexion.php in Ban 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2006-7090Mar 2, 2007risk 0.00cvss —epss 0.01
PHP remote file inclusion vulnerability in phpbb_security.php in phpBB Security 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the php_root_path parameter.
- CVE-2006-7091Mar 2, 2007risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in config.php in phpht Topsites FREE 1.022b allows remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…
- CVE-2006-7092Mar 2, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in includes/mambo.php in Mambo LaiThai 4.5.4 SP2 and earlier allows remote attackers to execute arbitrary SQL commands via the usercookie[password] cookie parameter.
- CVE-2006-7093Mar 2, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Mambo LaiThai 4.5.4 Security Patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2006-7094Mar 2, 2007risk 0.00cvss —epss 0.03
ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bin/ls, which allows remote authenticated users to list arbitrary directories with the privileges of gid 0 and possibly enable additional attack…
- CVE-2006-7095Mar 2, 2007risk 0.00cvss —epss 0.05
Integer signedness error in the network_receive_packet function in socket.c in dimension 3 engine (dim3) 1.5 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large data_len value, which is cast to a…
- CVE-2006-7096Mar 2, 2007risk 0.00cvss —epss 0.05
Buffer overflow in the network_host_handle_join function in host.c in dimension 3 engine (dim3) 1.5 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long nickname.
- CVE-2006-7097Mar 2, 2007risk 0.00cvss —epss 0.01
Multiple unspecified vulnerabilities in TaskFreak! before 0.1.4 have unknown impact and attack vectors.
- CVE-2007-0001Mar 2, 2007risk 0.03cvss —epss 0.01
The file watch implementation in the audit subsystem (auditctl -w) in the Red Hat Enterprise Linux (RHEL) 4 kernel 2.6.9 allows local users to cause a denial of service (kernel panic) by replacing a watched file, which does not cause the watch on the old inode to be dropped.
- CVE-2007-1005Mar 2, 2007risk 0.01cvss —epss 0.07
Heap-based buffer overflow in SW3eng.exe in the eID Engine service in CA (formerly Computer Associates) eTrust Intrusion Detection 3.0.5.57 and earlier allows remote attackers to cause a denial of service (application crash) via a long key length value to the remote…
- CVE-2007-1134Mar 2, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in Watchtower (WT) before 0.12 has unknown impact and attack vectors, related to "unauthorized accounts."
- CVE-2007-1135Mar 2, 2007risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in WebMplayer before 0.6.1-Alpha allow remote attackers to execute arbitrary SQL commands via the (1) strid parameter to index.php and the (2) id[0] or other id array index parameter to filecheck.php.
- CVE-2007-1136Mar 2, 2007risk 0.00cvss —epss 0.02
index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to execute arbitrary code via shell metacharacters in an exec function call. NOTE: some sources have referred to this as eval injection in the param parameter, but CVE source inspection suggests that this is…
- CVE-2007-1137Mar 2, 2007risk 0.00cvss —epss 0.01
putmail.py in Putmail before 1.4 does not detect when a user attempts to use TLS with a server that does not support it, which causes putmail.py to send the username and password in plaintext while the user believes encryption is in use, and allows remote attackers to obtain…
- CVE-2007-1138Mar 2, 2007risk 0.03cvss —epss 0.03
Absolute path traversal vulnerability in list_main_pages.php in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to list arbitrary directories, and read arbitrary files, via an absolute pathname in the nfolder parameter.
- CVE-2007-1139Mar 2, 2007risk 0.00cvss —epss 0.02
Unrestricted file upload vulnerability in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to upload arbitrary scripts via a filename with a double extension.
- CVE-2007-1140Mar 2, 2007risk 0.03cvss —epss 0.03
Directory traversal vulnerability in edit.php in pheap allows remote attackers to read and modify arbitrary files via a .. (dot dot) in the filename parameter.
- CVE-2007-1141Mar 2, 2007risk 0.03cvss —epss 0.06
PHP remote file inclusion vulnerability in preview.php in Magic News Plus 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the php_script_path parameter. NOTE: This issue may overlap CVE-2006-0723.
- CVE-2007-1142Mar 2, 2007risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the link_parameters parameter in (1) news.php and (2) n_layouts.php.
- CVE-2007-1143Mar 2, 2007risk 0.00cvss —epss 0.03
Directory traversal vulnerability in pn-menu.php in J-Web Pics Navigator 1.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter.
- CVE-2007-1144Mar 2, 2007risk 0.00cvss —epss 0.03
Directory traversal vulnerability in jwpn-photos.php in J-Web Pics Navigator 2.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter.
- CVE-2007-1145Mar 2, 2007risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3.00.13 and 3.04.10 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a (1) lostpassword or (2) register action in index.php, (3) unspecified…
- CVE-2007-1146Mar 2, 2007risk 0.00cvss —epss 0.01
PHP remote file inclusion vulnerability in function.php in arabhost allows remote attackers to execute arbitrary PHP code via a URL in the adminfolder parameter.
- CVE-2007-1147Mar 2, 2007risk 0.00cvss —epss 0.01
PHP remote file inclusion vulnerability in view.php in hbm allows remote attackers to execute arbitrary PHP code via a URL in the hbmpath parameter.
- CVE-2007-1148Mar 2, 2007risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in install/index.php in LoveCMS 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter.
- CVE-2007-1149Mar 2, 2007risk 0.03cvss —epss 0.04
Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the step parameter to install/index.php or (2) the load parameter to the top-level URI.
- CVE-2007-1150Mar 2, 2007risk 0.00cvss —epss 0.01
Unrestricted file upload vulnerability in LoveCMS 1.4 allows remote authenticated administrators to upload arbitrary files to /modules/content/pictures/tmp/.
- CVE-2007-1151Mar 2, 2007risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in LoveCMS 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter to the top-level URI, possibly related to a SQL error.
- CVE-2007-1152Mar 2, 2007risk 0.03cvss —epss 0.03
Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) act or (2) pid parameter to the top-level URI (index.php), or the (3) action parameter to admin/index.php. NOTE: some of these details…
- CVE-2007-1153Mar 2, 2007risk 0.00cvss —epss 0.01
Multiple PHP remote file inclusion vulnerabilities in CutePHP CuteNews 1.3.6 allow remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE:…
- CVE-2007-1154Mar 2, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in webSPELL allows remote attackers to execute arbitrary SQL commands via a ws_auth cookie, a different vulnerability than CVE-2006-4782.
- CVE-2007-1155Mar 2, 2007risk 0.00cvss —epss 0.01
Unrestricted file upload vulnerability in webSPELL allows remote authenticated administrators to upload and execute arbitrary PHP code via the add squad feature. NOTE: this issue may be an administrative feature, in which case this CVE may be REJECTED.
- CVE-2007-1156Mar 2, 2007risk 0.04cvss —epss 0.09
JBrowser allows remote attackers to bypass authentication and access certain administrative capabilities via a direct request for _admin/.
- CVE-2007-1157Mar 2, 2007risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733.
- CVE-2007-1158Mar 2, 2007risk 0.03cvss —epss 0.04
Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 through 6.3.0 beta 5 module for PostNuke allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
- CVE-2007-1159Mar 2, 2007risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in modules/out.php in Pyrophobia 2.1.3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…
- CVE-2007-1160Mar 2, 2007risk 0.00cvss —epss 0.03
webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782.
- CVE-2007-1161Mar 2, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in call_entry.php in Call Center Software 0,93 allows remote attackers to inject arbitrary web script or HTML via the problem_desc parameter, as demonstrated by the ONLOAD attribute of a BODY element.
- CVE-2007-1162Mar 2, 2007risk 0.03cvss —epss 0.03
A certain ActiveX control in the Common Controls Replacement Project (CCRP) CCRP BrowseDialog Server (ccrpbds6.dll) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) IsFolderAvailable or (2) RootFolder property value, different…
- CVE-2007-1163Mar 2, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783.
- CVE-2007-1164Mar 2, 2007risk 0.04cvss —epss 0.09
Multiple PHP remote file inclusion vulnerabilities in DBImageGallery 1.2.2 allow remote attackers to execute arbitrary PHP code via a URL in the donsimg_base_path parameter to (1) attributes.php, (2) images.php, or (3) scan.php in admin/; or (4) attributes.php, (5) db_utils.php,…
- CVE-2007-1165Mar 2, 2007risk 0.03cvss —epss 0.03
Multiple PHP remote file inclusion vulnerabilities in DBGuestbook 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the dbs_base_path parameter to (1) utils.php, (2) guestbook.php, or (3) views.php in includes/.