| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-0539 | 0.00 | — | 0.03 | Jan 29, 2007 | The wp_remote_fopen function in WordPress before 2.1 allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a large file, which triggers a long download session without a timeout… | |||
| CVE-2007-0540 | 0.00 | — | 0.07 | Jan 29, 2007 | WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, which is downloaded even though it cannot contain usable pingback data. | |||
| CVE-2007-0541 | 0.00 | — | 0.03 | Jan 29, 2007 | WordPress allows remote attackers to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes for existing and non-existing… | |||
| CVE-2007-0542 | 0.00 | — | 0.01 | Jan 29, 2007 | Cross-site scripting (XSS) vulnerability in show.php in 212cafe Guestbook 4.00 beta allows remote attackers to inject arbitrary web script or HTML via the user parameter. | |||
| CVE-2007-0543 | 0.00 | — | 0.02 | Jan 29, 2007 | ZixForum 1.14 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for Zixforum.mdb. NOTE: a followup post suggests that this issue only… | |||
| CVE-2007-0544 | 0.00 | — | 0.01 | Jan 29, 2007 | Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949. | |||
| CVE-2007-0545 | 0.00 | — | 0.01 | Jan 29, 2007 | Maxtricity Tagger 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for tagger.mdb. | |||
| CVE-2007-0546 | 0.00 | — | 0.01 | Jan 29, 2007 | Toxiclab Shoutbox 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db.mdb. | |||
| CVE-2007-0547 | 0.00 | — | 0.01 | Jan 29, 2007 | Cross-site scripting (XSS) vulnerability in CGI-RESCUE WebFORM 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2007-0548 | 0.03 | — | 0.03 | Jan 29, 2007 | KarjaSoft Sami HTTP Server 2.0.1 allows remote attackers to cause a denial of service (daemon hang) via a large number of requests for nonexistent objects. | |||
| CVE-2007-0549 | 0.00 | — | 0.01 | Jan 29, 2007 | Cross-site scripting (XSS) vulnerability in list3.php in 212cafeBoard 6.30 Beta allows remote attackers to inject arbitrary web script or HTML via the user parameter. | |||
| CVE-2007-0550 | 0.00 | — | 0.01 | Jan 29, 2007 | Cross-site scripting (XSS) vulnerability in search.php in 212cafeBoard 0.08 Beta allows remote attackers to inject arbitrary web script or HTML via keyword parameter. | |||
| CVE-2007-0551 | 0.00 | — | 0.01 | Jan 29, 2007 | Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php in CMSimple 2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pth[file][config] and (2) pth[file][image] parameters. | |||
| CVE-2007-0552 | 0.00 | — | 0.01 | Jan 29, 2007 | Cross-site scripting (XSS) vulnerability in install/default/error404.html in Oh no! Not another CMS (Onnac) 0.0.8.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the error_url parameter. | |||
| CVE-2007-0553 | 0.00 | — | 0.01 | Jan 29, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in index.inc.php in PHProxy before 0.5 beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) data[realm] and (2) _url parameters, different vectors than CVE-2004-2604. NOTE: some of these details are… | |||
| CVE-2007-0554 | 0.03 | — | 0.02 | Jan 29, 2007 | SQL injection vulnerability in print.asp in Guo Xu Guos Posting System (GPS) 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2006-6953 | 0.00 | — | 0.00 | Jan 29, 2007 | The virtual keyboard implementation in GlobeTrotter Mobility Manager changes the color of a key as it is pressed, which allows local users to capture arbitrary keystrokes, such as for passwords, by shoulder surfing or grabbing periodic screenshots. | |||
| CVE-2006-6954 | 0.00 | — | 0.01 | Jan 29, 2007 | Flock beta 1 0.7 allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723. | |||
| CVE-2006-6955 | 0.00 | — | 0.01 | Jan 29, 2007 | Opera allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723. | |||
| CVE-2006-6956 | 0.01 | — | 0.10 | Jan 29, 2007 | Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723. | |||
| CVE-2006-6957 | 0.00 | — | 0.01 | Jan 29, 2007 | PHP remote file inclusion vulnerability in addons/mod_media/body.php in Docebo 3.0.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_framework] parameter. NOTE: this issue might be resultant… | |||
| CVE-2006-6958 | 0.04 | — | 0.09 | Jan 29, 2007 | Multiple PHP remote file inclusion vulnerabilities in phpBlueDragon 2.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter to (1) team_admin.php, (2) rss_admin.php, (3) manual_admin.php, and (4) forum_admin.php in… | |||
| CVE-2006-6959 | 0.00 | — | 0.00 | Jan 29, 2007 | WebRoot Spy Sweeper 4.5.9 and earlier allows local users to bypass the "Startup-Shield" security restrictions by modifying certain registry keys. | |||
| CVE-2006-6960 | 0.00 | — | 0.01 | Jan 29, 2007 | The Compression Sweep feature in WebRoot Spy Sweeper 4.5.9 and earlier does not handle non-ZIP archives, which allows remote attackers to bypass the malware detection via files with (1) RAR, (2) GZ, (3) TAR, (4) CAB, or (5) ACE compression. | |||
| CVE-2006-6961 | 0.00 | — | 0.01 | Jan 29, 2007 | WebRoot Spy Sweeper 4.5.9 and earlier does not detect malware based on file contents, which allows remote attackers to bypass malware detection by changing a file's name. | |||
| CVE-2006-6962 | 0.03 | — | 0.04 | Jan 29, 2007 | PHP remote file inclusion vulnerability in rsgallery2.html.php in the RS Gallery2 component (com_rsgallery2) 1.11.2 for Joomla! allows attackers to execute arbitrary PHP code via the mosConfig_absolute_path parameter. NOTE: this issue may overlap CVE-2006-5047. | |||
| CVE-2006-6963 | 0.00 | — | 0.02 | Jan 29, 2007 | Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 3.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_lms] parameter to (1) class.module/class.definition.php and (2) modules/scorm/scorm_utils.php. NOTE: this issue may overlap… | |||
| CVE-2006-6964 | 0.00 | — | 0.01 | Jan 29, 2007 | MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source. | |||
| CVE-2007-0463 | 0.04 | — | 0.18 | Jan 29, 2007 | Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X 10.4.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in (1) SWUTMP or (2) SUCATALOG filenames, or using the (3)… | |||
| CVE-2007-0537 | 0.00 | — | 0.02 | Jan 29, 2007 | The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a… | |||
| CVE-2007-0536 | 0.00 | — | 0.00 | Jan 27, 2007 | The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges. | |||
| CVE-2007-0462 | 0.04 | — | 0.07 | Jan 26, 2007 | The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a… | |||
| CVE-2007-0516 | 0.00 | — | 0.01 | Jan 26, 2007 | Yana Framework before 2.8.5a allows remote authenticated users with permissions to modify a guestbook profile to modify or delete arbitrary guestbook profiles via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from… | |||
| CVE-2007-0517 | 0.00 | — | 0.01 | Jan 26, 2007 | Scriptsez Random PHP Quote 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password information via a direct request for pwd.txt. | |||
| CVE-2007-0518 | 0.03 | — | 0.02 | Jan 26, 2007 | Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain encoded passwords via a direct request for pwd.txt. | |||
| CVE-2007-0519 | 0.00 | — | 0.01 | Jan 26, 2007 | Cross-site scripting (XSS) vulnerability in memcp.php in XMB U2U Instant Messenger allows remote authenticated users to inject arbitrary web script or HTML via the recipient field. | |||
| CVE-2007-0520 | 0.00 | — | 0.01 | Jan 26, 2007 | SQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x allows remote attackers to execute arbitrary SQL commands via the bid parameter. | |||
| CVE-2007-0521 | 0.00 | — | 0.01 | Jan 26, 2007 | The Sony Ericsson K700i and W810i phones allow remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push. | |||
| CVE-2007-0522 | 0.00 | — | 0.01 | Jan 26, 2007 | The Motorola MOTORAZR V3 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push. | |||
| CVE-2007-0523 | 0.00 | — | 0.01 | Jan 26, 2007 | The Nokia N70 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push. | |||
| CVE-2007-0524 | 0.00 | — | 0.01 | Jan 26, 2007 | The LG Chocolate KG800 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push. | |||
| CVE-2007-0525 | 0.00 | — | 0.01 | Jan 26, 2007 | Multiple buffer overflows in Nickolas Grigoriadis Mini Web server (MiniWebsvr) before 0.05 have unknown impact and attack vectors. | |||
| CVE-2007-0526 | 0.00 | — | 0.01 | Jan 26, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the URL (PATH_INFO) to (1) articles/edit.php, (2) articles/list.php, (3) blogs/list_blogs.php, or (4) blogs/rankings.php. | |||
| CVE-2007-0527 | 0.00 | — | 0.01 | Jan 26, 2007 | SQL injection vulnerability in the is_remembered function in class.login.php in Website Baker 2.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the REMEMBER_KEY cookie parameter. NOTE: some of these details are obtained from third party information. | |||
| CVE-2007-0528 | 0.03 | — | 0.04 | Jan 26, 2007 | The admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to… | |||
| CVE-2007-0529 | 0.00 | — | 0.01 | Jan 26, 2007 | Cross-site scripting (XSS) vulnerability in index.html (aka the administration page) in PHP Link Directory (phpLD) 3.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted link, which is triggered when the administrator uses the "Validate… | |||
| CVE-2007-0530 | 0.00 | — | 0.01 | Jan 26, 2007 | Multiple PHP remote file inclusion vulnerabilities in Advanced Guestbook 2.4.2 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) index.php, (2) addentry.php, or (3) picture.php, a different set of vectors than CVE-2006-5804. … | |||
| CVE-2007-0531 | 0.00 | — | 0.02 | Jan 26, 2007 | PHP remote file inclusion vulnerability in includes/login.php in FreeWebShop 2.2.3 and 2.2.4 before 20070123 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter. | |||
| CVE-2007-0532 | 0.00 | — | 0.01 | Jan 26, 2007 | Tuan Do Uploader (aka php-uploader) 6 beta 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrator password hash via a direct request for userdata/user_1.txt. | |||
| CVE-2007-0533 | 0.00 | — | 0.03 | Jan 26, 2007 | The AToZed IntraWeb component 8.0 and earlier for Borland Delphi and Kylix, and IntraWeb 9.0 before build (9.0.12), allows remote attackers to cause a denial of service (thread hang or CPU consumption) via a crafted HTTP request, related to the OnBeforeDispatch function in the… |
- CVE-2007-0539Jan 29, 2007risk 0.00cvss —epss 0.03
The wp_remote_fopen function in WordPress before 2.1 allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a large file, which triggers a long download session without a timeout…
- CVE-2007-0540Jan 29, 2007risk 0.00cvss —epss 0.07
WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, which is downloaded even though it cannot contain usable pingback data.
- CVE-2007-0541Jan 29, 2007risk 0.00cvss —epss 0.03
WordPress allows remote attackers to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes for existing and non-existing…
- CVE-2007-0542Jan 29, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in show.php in 212cafe Guestbook 4.00 beta allows remote attackers to inject arbitrary web script or HTML via the user parameter.
- CVE-2007-0543Jan 29, 2007risk 0.00cvss —epss 0.02
ZixForum 1.14 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for Zixforum.mdb. NOTE: a followup post suggests that this issue only…
- CVE-2007-0544Jan 29, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949.
- CVE-2007-0545Jan 29, 2007risk 0.00cvss —epss 0.01
Maxtricity Tagger 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for tagger.mdb.
- CVE-2007-0546Jan 29, 2007risk 0.00cvss —epss 0.01
Toxiclab Shoutbox 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db.mdb.
- CVE-2007-0547Jan 29, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in CGI-RESCUE WebFORM 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2007-0548Jan 29, 2007risk 0.03cvss —epss 0.03
KarjaSoft Sami HTTP Server 2.0.1 allows remote attackers to cause a denial of service (daemon hang) via a large number of requests for nonexistent objects.
- CVE-2007-0549Jan 29, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in list3.php in 212cafeBoard 6.30 Beta allows remote attackers to inject arbitrary web script or HTML via the user parameter.
- CVE-2007-0550Jan 29, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in search.php in 212cafeBoard 0.08 Beta allows remote attackers to inject arbitrary web script or HTML via keyword parameter.
- CVE-2007-0551Jan 29, 2007risk 0.00cvss —epss 0.01
Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php in CMSimple 2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pth[file][config] and (2) pth[file][image] parameters.
- CVE-2007-0552Jan 29, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in install/default/error404.html in Oh no! Not another CMS (Onnac) 0.0.8.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the error_url parameter.
- CVE-2007-0553Jan 29, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in index.inc.php in PHProxy before 0.5 beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) data[realm] and (2) _url parameters, different vectors than CVE-2004-2604. NOTE: some of these details are…
- CVE-2007-0554Jan 29, 2007risk 0.03cvss —epss 0.02
SQL injection vulnerability in print.asp in Guo Xu Guos Posting System (GPS) 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2006-6953Jan 29, 2007risk 0.00cvss —epss 0.00
The virtual keyboard implementation in GlobeTrotter Mobility Manager changes the color of a key as it is pressed, which allows local users to capture arbitrary keystrokes, such as for passwords, by shoulder surfing or grabbing periodic screenshots.
- CVE-2006-6954Jan 29, 2007risk 0.00cvss —epss 0.01
Flock beta 1 0.7 allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723.
- CVE-2006-6955Jan 29, 2007risk 0.00cvss —epss 0.01
Opera allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723.
- CVE-2006-6956Jan 29, 2007risk 0.01cvss —epss 0.10
Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723.
- CVE-2006-6957Jan 29, 2007risk 0.00cvss —epss 0.01
PHP remote file inclusion vulnerability in addons/mod_media/body.php in Docebo 3.0.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_framework] parameter. NOTE: this issue might be resultant…
- CVE-2006-6958Jan 29, 2007risk 0.04cvss —epss 0.09
Multiple PHP remote file inclusion vulnerabilities in phpBlueDragon 2.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter to (1) team_admin.php, (2) rss_admin.php, (3) manual_admin.php, and (4) forum_admin.php in…
- CVE-2006-6959Jan 29, 2007risk 0.00cvss —epss 0.00
WebRoot Spy Sweeper 4.5.9 and earlier allows local users to bypass the "Startup-Shield" security restrictions by modifying certain registry keys.
- CVE-2006-6960Jan 29, 2007risk 0.00cvss —epss 0.01
The Compression Sweep feature in WebRoot Spy Sweeper 4.5.9 and earlier does not handle non-ZIP archives, which allows remote attackers to bypass the malware detection via files with (1) RAR, (2) GZ, (3) TAR, (4) CAB, or (5) ACE compression.
- CVE-2006-6961Jan 29, 2007risk 0.00cvss —epss 0.01
WebRoot Spy Sweeper 4.5.9 and earlier does not detect malware based on file contents, which allows remote attackers to bypass malware detection by changing a file's name.
- CVE-2006-6962Jan 29, 2007risk 0.03cvss —epss 0.04
PHP remote file inclusion vulnerability in rsgallery2.html.php in the RS Gallery2 component (com_rsgallery2) 1.11.2 for Joomla! allows attackers to execute arbitrary PHP code via the mosConfig_absolute_path parameter. NOTE: this issue may overlap CVE-2006-5047.
- CVE-2006-6963Jan 29, 2007risk 0.00cvss —epss 0.02
Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 3.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_lms] parameter to (1) class.module/class.definition.php and (2) modules/scorm/scorm_utils.php. NOTE: this issue may overlap…
- CVE-2006-6964Jan 29, 2007risk 0.00cvss —epss 0.01
MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source.
- CVE-2007-0463Jan 29, 2007risk 0.04cvss —epss 0.18
Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X 10.4.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in (1) SWUTMP or (2) SUCATALOG filenames, or using the (3)…
- CVE-2007-0537Jan 29, 2007risk 0.00cvss —epss 0.02
The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a…
- CVE-2007-0536Jan 27, 2007risk 0.00cvss —epss 0.00
The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges.
- CVE-2007-0462Jan 26, 2007risk 0.04cvss —epss 0.07
The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a…
- CVE-2007-0516Jan 26, 2007risk 0.00cvss —epss 0.01
Yana Framework before 2.8.5a allows remote authenticated users with permissions to modify a guestbook profile to modify or delete arbitrary guestbook profiles via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from…
- CVE-2007-0517Jan 26, 2007risk 0.00cvss —epss 0.01
Scriptsez Random PHP Quote 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password information via a direct request for pwd.txt.
- CVE-2007-0518Jan 26, 2007risk 0.03cvss —epss 0.02
Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain encoded passwords via a direct request for pwd.txt.
- CVE-2007-0519Jan 26, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in memcp.php in XMB U2U Instant Messenger allows remote authenticated users to inject arbitrary web script or HTML via the recipient field.
- CVE-2007-0520Jan 26, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x allows remote attackers to execute arbitrary SQL commands via the bid parameter.
- CVE-2007-0521Jan 26, 2007risk 0.00cvss —epss 0.01
The Sony Ericsson K700i and W810i phones allow remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.
- CVE-2007-0522Jan 26, 2007risk 0.00cvss —epss 0.01
The Motorola MOTORAZR V3 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.
- CVE-2007-0523Jan 26, 2007risk 0.00cvss —epss 0.01
The Nokia N70 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.
- CVE-2007-0524Jan 26, 2007risk 0.00cvss —epss 0.01
The LG Chocolate KG800 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.
- CVE-2007-0525Jan 26, 2007risk 0.00cvss —epss 0.01
Multiple buffer overflows in Nickolas Grigoriadis Mini Web server (MiniWebsvr) before 0.05 have unknown impact and attack vectors.
- CVE-2007-0526Jan 26, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the URL (PATH_INFO) to (1) articles/edit.php, (2) articles/list.php, (3) blogs/list_blogs.php, or (4) blogs/rankings.php.
- CVE-2007-0527Jan 26, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in the is_remembered function in class.login.php in Website Baker 2.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the REMEMBER_KEY cookie parameter. NOTE: some of these details are obtained from third party information.
- CVE-2007-0528Jan 26, 2007risk 0.03cvss —epss 0.04
The admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to…
- CVE-2007-0529Jan 26, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in index.html (aka the administration page) in PHP Link Directory (phpLD) 3.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted link, which is triggered when the administrator uses the "Validate…
- CVE-2007-0530Jan 26, 2007risk 0.00cvss —epss 0.01
Multiple PHP remote file inclusion vulnerabilities in Advanced Guestbook 2.4.2 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) index.php, (2) addentry.php, or (3) picture.php, a different set of vectors than CVE-2006-5804. …
- CVE-2007-0531Jan 26, 2007risk 0.00cvss —epss 0.02
PHP remote file inclusion vulnerability in includes/login.php in FreeWebShop 2.2.3 and 2.2.4 before 20070123 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter.
- CVE-2007-0532Jan 26, 2007risk 0.00cvss —epss 0.01
Tuan Do Uploader (aka php-uploader) 6 beta 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrator password hash via a direct request for userdata/user_1.txt.
- CVE-2007-0533Jan 26, 2007risk 0.00cvss —epss 0.03
The AToZed IntraWeb component 8.0 and earlier for Borland Delphi and Kylix, and IntraWeb 9.0 before build (9.0.12), allows remote attackers to cause a denial of service (thread hang or CPU consumption) via a crafted HTTP request, related to the OnBeforeDispatch function in the…