| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-0214 | 0.02 | — | 0.26 | Feb 13, 2007 | The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters. | |||
| CVE-2007-0900 | 0.04 | — | 0.10 | Feb 13, 2007 | Multiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard 2.1.B Build 2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) configpath parameter to (a) tagviewer.php, (b) tag_process.php, and (c)… | |||
| CVE-2007-0901 | 0.00 | — | 0.02 | Feb 13, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Info pages in MoinMoin 1.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) hitcounts and (2) general parameters, different vectors than CVE-2007-0857. NOTE: the provenance of this information is… | |||
| CVE-2007-0902 | 0.00 | — | 0.01 | Feb 13, 2007 | Unspecified vulnerability in the "Show debugging information" feature in MoinMoin 1.5.7 allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||
| CVE-2007-0903 | 0.00 | — | 0.02 | Feb 13, 2007 | Unspecified vulnerability in the mod_roster_odbc module in ejabberd before 1.1.3 has unknown impact and attack vectors. | |||
| CVE-2007-0904 | 0.03 | — | 0.01 | Feb 13, 2007 | SQL injection vulnerability in projects.php in LightRO CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter to index.php. | |||
| CVE-2007-0842 | 0.00 | — | 0.06 | Feb 13, 2007 | The 64-bit versions of Microsoft Visual C++ 8.0 standard library (MSVCR80.DLL) time functions, including (1) localtime, (2) localtime_s, (3) gmtime, (4) gmtime_s, (5) ctime, (6) ctime_s, (7) wctime, (8) wctime_s, and (9) fstat, trigger an assertion error instead of a NULL… | |||
| CVE-2007-0896 | 0.03 | — | 0.02 | Feb 13, 2007 | Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "<SCRIPT/=''SRC='" sequence in an RSS feed, a different vulnerability than CVE-2006-4712. | |||
| CVE-2007-0895 | 0.00 | — | 0.00 | Feb 13, 2007 | Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which… | |||
| CVE-2006-7003 | 0.00 | — | 0.01 | Feb 12, 2007 | PHP remote file inclusion vulnerability in admin/index.php in Fusion Polls allows remote attackers to execute arbitrary PHP code via a URL in the xtrphome parameter. | |||
| CVE-2006-7004 | 0.03 | — | 0.02 | Feb 12, 2007 | Cross-site scripting (XSS) vulnerability in email_request.php in PSY Auction allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… | |||
| CVE-2006-7005 | 0.03 | — | 0.01 | Feb 12, 2007 | SQL injection vulnerability in item.php in PSY Auction allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||
| CVE-2006-7006 | 0.00 | — | 0.02 | Feb 12, 2007 | PHP remote file inclusion vulnerability in upload/admin/team.php in Robin de Graff Somery 0.4.4 allows remote attackers to execute arbitrary PHP code via a URL in the checkauth parameter. NOTE: CVE disputes this vulnerability because the checkauth parameter is only used in… | |||
| CVE-2006-7007 | 0.03 | — | 0.04 | Feb 12, 2007 | Buffer overflow in Tiny FTPd 1.4 and earlier allows remote attackers to cause a denial of service (daemon crash) via a long USER command, a different vector than CVE-2000-0133. | |||
| CVE-2006-7008 | 0.00 | — | 0.01 | Feb 12, 2007 | Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact and attack vectors, related to "securing mosmsg from misuse." NOTE: it is possible that this issue overlaps CVE-2006-1029. | |||
| CVE-2006-7009 | 0.00 | — | 0.01 | Feb 12, 2007 | Joomla! before 1.0.10 allows remote attackers to spoof the frontend submission forms, which has unknown impact and attack vectors. | |||
| CVE-2006-7010 | 0.00 | — | 0.01 | Feb 12, 2007 | The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks. | |||
| CVE-2007-0886 | 0.04 | — | 0.09 | Feb 12, 2007 | Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via certain base64-encoded data on the pop3 port (110/tcp), which triggers an integer overflow. | |||
| CVE-2007-0887 | 0.04 | — | 0.10 | Feb 12, 2007 | axigen 1.2.6 through 2.0.0b1 does not properly parse login credentials, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a base64-encoded "*\x00" sequence on the imap port (143/tcp). | |||
| CVE-2007-0888 | 0.03 | — | 0.05 | Feb 12, 2007 | Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET or (2) PUT command. | |||
| CVE-2007-0889 | 0.00 | — | 0.00 | Feb 12, 2007 | Kiwi CatTools before 3.2.0 beta uses weak encryption ("reversible encoding") for passwords, account names, and IP addresses in kiwidb-cattools.kdb, which might allow local users to gain sensitive information by decrypting the file. NOTE: this issue could be leveraged with a… | |||
| CVE-2007-0890 | 0.03 | — | 0.02 | Feb 12, 2007 | Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPanel WebHost Manager (WHM) 11.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the password parameter. | |||
| CVE-2007-0891 | 0.00 | — | 0.01 | Feb 12, 2007 | Cross-site scripting (XSS) vulnerability in the GetCurrentCompletePath function in phpmyvisites.php in phpMyVisites before 2.2 allows remote attackers to inject arbitrary web script or HTML via the query string. | |||
| CVE-2007-0892 | 0.00 | — | 0.01 | Feb 12, 2007 | CRLF injection vulnerability in phpMyVisites before 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the url parameter, when the pagename parameter begins with "FILE:". | |||
| CVE-2007-0893 | 0.00 | — | 0.03 | Feb 12, 2007 | Directory traversal vulnerability in phpMyVisites before 2.2 allows remote attackers to include arbitrary files via leading ".." sequences on the pmv_ck_view COOKIE parameter, which bypasses the protection scheme. | |||
| CVE-2007-0894 | 0.00 | — | 0.02 | Feb 12, 2007 | MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the installation path in the resulting error message. | |||
| CVE-2007-0770 | 0.00 | — | 0.05 | Feb 12, 2007 | Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOTE: this issue is due to an… | |||
| CVE-2007-0878 | 0.02 | — | 0.20 | Feb 12, 2007 | Unspecified vulnerability in Microsoft Internet Explorer on Windows Mobile 5.0 allows remote attackers to cause a denial of service (loss of browser and other device functionality) via a malformed WML page, related to an "overflow state." NOTE: it is possible that this issue is… | |||
| CVE-2007-0879 | 0.00 | — | 0.04 | Feb 12, 2007 | Buffer overflow in SmidgeonSoft PEBrowse Professional 8.2.1.0 allows user-assisted remote attackers to execute arbitrary code via certain executable files in PE format. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… | |||
| CVE-2007-0880 | 0.00 | — | 0.01 | Feb 12, 2007 | Capital Request Forms stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for inc/common_db.inc. | |||
| CVE-2007-0881 | 0.03 | — | 0.03 | Feb 12, 2007 | PHP remote file inclusion vulnerability in the Seitenschutz plugin for OPENi-CMS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the (1) config[oi_dir] and possibly (2) config[openi_dir] parameters to open-admin/plugins/site_protection/index.php. NOTE:… | |||
| CVE-2007-0882 | 0.11 | — | 0.98 | Feb 12, 2007 | Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts,… | |||
| CVE-2007-0883 | 0.03 | — | 0.04 | Feb 12, 2007 | Directory traversal vulnerability in portalgroups/portalgroups/getfile.cgi in IP3 NetAccess before firmware 4.1.9.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | |||
| CVE-2007-0884 | 0.00 | — | 0.03 | Feb 12, 2007 | Buffer overflow in Roaring Penguin MIMEDefang 2.59 and 2.60 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors. | |||
| CVE-2007-0885 | 0.03 | — | 0.05 | Feb 12, 2007 | Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||
| CVE-2006-7001 | 0.00 | — | 0.02 | Feb 12, 2007 | Directory traversal vulnerability in avatar.php in PhpMyChat Plus 1.9 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the L parameter, a different issue than CVE-2006-5897. NOTE: the provenance of this information is unknown; the details are… | |||
| CVE-2006-7002 | 0.00 | — | 0.01 | Feb 12, 2007 | Cross-site scripting (XSS) vulnerability in add_comment.php in Wheatblog (wB) 1.1 allows remote attackers to inject arbitrary web script or HTML via the Email field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… | |||
| CVE-2007-0871 | 0.03 | — | 0.03 | Feb 12, 2007 | Unrestricted file upload vulnerability in eXtremePow eXtreme File Hosting allows remote attackers to upload arbitrary PHP code via a filename with a double extension such as (1) .rar.php or (2) .zip.php. | |||
| CVE-2007-0872 | 0.03 | — | 0.03 | Feb 12, 2007 | Directory traversal vulnerability in the Plain Old Webserver (POW) add-on before 0.0.9 for Mozilla Firefox allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | |||
| CVE-2007-0873 | 0.04 | — | 0.08 | Feb 12, 2007 | nabopoll 1.1.2 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) config_edit.php, (2) template_edit.php, or (3) survey_edit.php in admin/. | |||
| CVE-2007-0874 | 0.00 | — | 0.03 | Feb 12, 2007 | Allons_voter 1.0 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) admin_ajouter.php or (2) admin_supprimer.php. NOTE: this could be leveraged to conduct cross-site scripting (XSS) attacks. | |||
| CVE-2007-0875 | 0.00 | — | 0.02 | Feb 12, 2007 | SQL injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this issue has been disputed by a third party, stating that the file does not use a SQL database | |||
| CVE-2007-0876 | 0.00 | — | 0.01 | Feb 12, 2007 | Cross-site scripting (XSS) vulnerability in Quick Digital Image Gallery (Qdig) 1.2.9.3 and devel-20060624 allows remote attackers to inject arbitrary web script or HTML via the Qwd parameter to the top-level URI. | |||
| CVE-2007-0877 | 0.00 | — | 0.01 | Feb 12, 2007 | Unspecified vulnerability in March Networks DVR 3000 and 4000 Digital Video Recorders allows attackers to cause an unspecified denial of service. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||
| CVE-2006-6998 | 0.00 | — | 0.01 | Feb 12, 2007 | install/loader_help.php in Headstart Solutions DeskPRO allows remote attackers to obtain configuration information via a q=phpinfo QUERY_STRING, which calls the phpinfo function. | |||
| CVE-2006-6999 | 0.00 | — | 0.01 | Feb 12, 2007 | attachment.php in Headstart Solutions DeskPRO allows remote attackers to read all uploaded files by providing the file number in a modified id parameter. | |||
| CVE-2006-7000 | 0.00 | — | 0.01 | Feb 12, 2007 | Headstart Solutions DeskPRO allows remote attackers to obtain the full path via direct requests to (1) email/mail.php, (2) includes/init.php, (3) certain files in includes/cron/, and (4) jpgraph.php, (5) jpgraph_bar.php, (6) jpgraph_pie.php, and (7) jpgraph_pie3d.php in… | |||
| CVE-2006-6993 | 0.00 | — | 0.01 | Feb 12, 2007 | Multiple SQL injection vulnerabilities in pages/addcomment2.php in Neuron Blog 1.1 allow remote attackers to inject arbitrary SQL commands via the (1) commentname, (2) commentmail, (3) commentwebsite, and (4) comment parameters. NOTE: the provenance of this information is… | |||
| CVE-2006-6994 | 0.00 | — | 0.02 | Feb 12, 2007 | Unrestricted file upload vulnerability in add.asp in OzzyWork Gallery, possibly 2.0 and earlier, allows remote attackers to upload and execute arbitrary ASP files by removing the client-side security checks. | |||
| CVE-2006-6995 | 0.03 | — | 0.02 | Feb 12, 2007 | mycontacts.php in V3 Chat allows remote authenticated users to gain privileges as other users via a modified membername parameter. |
- CVE-2007-0214Feb 13, 2007risk 0.02cvss —epss 0.26
The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.
- CVE-2007-0900Feb 13, 2007risk 0.04cvss —epss 0.10
Multiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard 2.1.B Build 2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) configpath parameter to (a) tagviewer.php, (b) tag_process.php, and (c)…
- CVE-2007-0901Feb 13, 2007risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Info pages in MoinMoin 1.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) hitcounts and (2) general parameters, different vectors than CVE-2007-0857. NOTE: the provenance of this information is…
- CVE-2007-0902Feb 13, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in the "Show debugging information" feature in MoinMoin 1.5.7 allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2007-0903Feb 13, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in the mod_roster_odbc module in ejabberd before 1.1.3 has unknown impact and attack vectors.
- CVE-2007-0904Feb 13, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in projects.php in LightRO CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter to index.php.
- CVE-2007-0842Feb 13, 2007risk 0.00cvss —epss 0.06
The 64-bit versions of Microsoft Visual C++ 8.0 standard library (MSVCR80.DLL) time functions, including (1) localtime, (2) localtime_s, (3) gmtime, (4) gmtime_s, (5) ctime, (6) ctime_s, (7) wctime, (8) wctime_s, and (9) fstat, trigger an assertion error instead of a NULL…
- CVE-2007-0896Feb 13, 2007risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "<SCRIPT/=''SRC='" sequence in an RSS feed, a different vulnerability than CVE-2006-4712.
- CVE-2007-0895Feb 13, 2007risk 0.00cvss —epss 0.00
Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which…
- CVE-2006-7003Feb 12, 2007risk 0.00cvss —epss 0.01
PHP remote file inclusion vulnerability in admin/index.php in Fusion Polls allows remote attackers to execute arbitrary PHP code via a URL in the xtrphome parameter.
- CVE-2006-7004Feb 12, 2007risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in email_request.php in PSY Auction allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…
- CVE-2006-7005Feb 12, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in item.php in PSY Auction allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2006-7006Feb 12, 2007risk 0.00cvss —epss 0.02
PHP remote file inclusion vulnerability in upload/admin/team.php in Robin de Graff Somery 0.4.4 allows remote attackers to execute arbitrary PHP code via a URL in the checkauth parameter. NOTE: CVE disputes this vulnerability because the checkauth parameter is only used in…
- CVE-2006-7007Feb 12, 2007risk 0.03cvss —epss 0.04
Buffer overflow in Tiny FTPd 1.4 and earlier allows remote attackers to cause a denial of service (daemon crash) via a long USER command, a different vector than CVE-2000-0133.
- CVE-2006-7008Feb 12, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact and attack vectors, related to "securing mosmsg from misuse." NOTE: it is possible that this issue overlaps CVE-2006-1029.
- CVE-2006-7009Feb 12, 2007risk 0.00cvss —epss 0.01
Joomla! before 1.0.10 allows remote attackers to spoof the frontend submission forms, which has unknown impact and attack vectors.
- CVE-2006-7010Feb 12, 2007risk 0.00cvss —epss 0.01
The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks.
- CVE-2007-0886Feb 12, 2007risk 0.04cvss —epss 0.09
Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via certain base64-encoded data on the pop3 port (110/tcp), which triggers an integer overflow.
- CVE-2007-0887Feb 12, 2007risk 0.04cvss —epss 0.10
axigen 1.2.6 through 2.0.0b1 does not properly parse login credentials, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a base64-encoded "*\x00" sequence on the imap port (143/tcp).
- CVE-2007-0888Feb 12, 2007risk 0.03cvss —epss 0.05
Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET or (2) PUT command.
- CVE-2007-0889Feb 12, 2007risk 0.00cvss —epss 0.00
Kiwi CatTools before 3.2.0 beta uses weak encryption ("reversible encoding") for passwords, account names, and IP addresses in kiwidb-cattools.kdb, which might allow local users to gain sensitive information by decrypting the file. NOTE: this issue could be leveraged with a…
- CVE-2007-0890Feb 12, 2007risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPanel WebHost Manager (WHM) 11.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the password parameter.
- CVE-2007-0891Feb 12, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the GetCurrentCompletePath function in phpmyvisites.php in phpMyVisites before 2.2 allows remote attackers to inject arbitrary web script or HTML via the query string.
- CVE-2007-0892Feb 12, 2007risk 0.00cvss —epss 0.01
CRLF injection vulnerability in phpMyVisites before 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the url parameter, when the pagename parameter begins with "FILE:".
- CVE-2007-0893Feb 12, 2007risk 0.00cvss —epss 0.03
Directory traversal vulnerability in phpMyVisites before 2.2 allows remote attackers to include arbitrary files via leading ".." sequences on the pmv_ck_view COOKIE parameter, which bypasses the protection scheme.
- CVE-2007-0894Feb 12, 2007risk 0.00cvss —epss 0.02
MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the installation path in the resulting error message.
- CVE-2007-0770Feb 12, 2007risk 0.00cvss —epss 0.05
Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOTE: this issue is due to an…
- CVE-2007-0878Feb 12, 2007risk 0.02cvss —epss 0.20
Unspecified vulnerability in Microsoft Internet Explorer on Windows Mobile 5.0 allows remote attackers to cause a denial of service (loss of browser and other device functionality) via a malformed WML page, related to an "overflow state." NOTE: it is possible that this issue is…
- CVE-2007-0879Feb 12, 2007risk 0.00cvss —epss 0.04
Buffer overflow in SmidgeonSoft PEBrowse Professional 8.2.1.0 allows user-assisted remote attackers to execute arbitrary code via certain executable files in PE format. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…
- CVE-2007-0880Feb 12, 2007risk 0.00cvss —epss 0.01
Capital Request Forms stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for inc/common_db.inc.
- CVE-2007-0881Feb 12, 2007risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in the Seitenschutz plugin for OPENi-CMS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the (1) config[oi_dir] and possibly (2) config[openi_dir] parameters to open-admin/plugins/site_protection/index.php. NOTE:…
- CVE-2007-0882Feb 12, 2007risk 0.11cvss —epss 0.98
Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts,…
- CVE-2007-0883Feb 12, 2007risk 0.03cvss —epss 0.04
Directory traversal vulnerability in portalgroups/portalgroups/getfile.cgi in IP3 NetAccess before firmware 4.1.9.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
- CVE-2007-0884Feb 12, 2007risk 0.00cvss —epss 0.03
Buffer overflow in Roaring Penguin MIMEDefang 2.59 and 2.60 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors.
- CVE-2007-0885Feb 12, 2007risk 0.03cvss —epss 0.05
Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter.
- CVE-2006-7001Feb 12, 2007risk 0.00cvss —epss 0.02
Directory traversal vulnerability in avatar.php in PhpMyChat Plus 1.9 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the L parameter, a different issue than CVE-2006-5897. NOTE: the provenance of this information is unknown; the details are…
- CVE-2006-7002Feb 12, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in add_comment.php in Wheatblog (wB) 1.1 allows remote attackers to inject arbitrary web script or HTML via the Email field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…
- CVE-2007-0871Feb 12, 2007risk 0.03cvss —epss 0.03
Unrestricted file upload vulnerability in eXtremePow eXtreme File Hosting allows remote attackers to upload arbitrary PHP code via a filename with a double extension such as (1) .rar.php or (2) .zip.php.
- CVE-2007-0872Feb 12, 2007risk 0.03cvss —epss 0.03
Directory traversal vulnerability in the Plain Old Webserver (POW) add-on before 0.0.9 for Mozilla Firefox allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
- CVE-2007-0873Feb 12, 2007risk 0.04cvss —epss 0.08
nabopoll 1.1.2 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) config_edit.php, (2) template_edit.php, or (3) survey_edit.php in admin/.
- CVE-2007-0874Feb 12, 2007risk 0.00cvss —epss 0.03
Allons_voter 1.0 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) admin_ajouter.php or (2) admin_supprimer.php. NOTE: this could be leveraged to conduct cross-site scripting (XSS) attacks.
- CVE-2007-0875Feb 12, 2007risk 0.00cvss —epss 0.02
SQL injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this issue has been disputed by a third party, stating that the file does not use a SQL database
- CVE-2007-0876Feb 12, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Quick Digital Image Gallery (Qdig) 1.2.9.3 and devel-20060624 allows remote attackers to inject arbitrary web script or HTML via the Qwd parameter to the top-level URI.
- CVE-2007-0877Feb 12, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in March Networks DVR 3000 and 4000 Digital Video Recorders allows attackers to cause an unspecified denial of service. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2006-6998Feb 12, 2007risk 0.00cvss —epss 0.01
install/loader_help.php in Headstart Solutions DeskPRO allows remote attackers to obtain configuration information via a q=phpinfo QUERY_STRING, which calls the phpinfo function.
- CVE-2006-6999Feb 12, 2007risk 0.00cvss —epss 0.01
attachment.php in Headstart Solutions DeskPRO allows remote attackers to read all uploaded files by providing the file number in a modified id parameter.
- CVE-2006-7000Feb 12, 2007risk 0.00cvss —epss 0.01
Headstart Solutions DeskPRO allows remote attackers to obtain the full path via direct requests to (1) email/mail.php, (2) includes/init.php, (3) certain files in includes/cron/, and (4) jpgraph.php, (5) jpgraph_bar.php, (6) jpgraph_pie.php, and (7) jpgraph_pie3d.php in…
- CVE-2006-6993Feb 12, 2007risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in pages/addcomment2.php in Neuron Blog 1.1 allow remote attackers to inject arbitrary SQL commands via the (1) commentname, (2) commentmail, (3) commentwebsite, and (4) comment parameters. NOTE: the provenance of this information is…
- CVE-2006-6994Feb 12, 2007risk 0.00cvss —epss 0.02
Unrestricted file upload vulnerability in add.asp in OzzyWork Gallery, possibly 2.0 and earlier, allows remote attackers to upload and execute arbitrary ASP files by removing the client-side security checks.
- CVE-2006-6995Feb 12, 2007risk 0.03cvss —epss 0.02
mycontacts.php in V3 Chat allows remote authenticated users to gain privileges as other users via a modified membername parameter.