Unknown · CVSS Not scored
SQL injection vulnerability in Profile.php in ttCMS 2.2 and ttForum allows remote attackers to execute arbitrary SQL commands via the member name.
Published Oct 23, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Petitforum stores the liste.txt data file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as e-mail addresses and encrypted passwords.
Published Oct 20, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in variables.php in Goldlink 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) vadmin_login or (2) vadmin_pass cookie in a request to goldlink.php.
Published Oct 25, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
message.php in Petitforum does not properly authenticate users, which allows remote attackers to impersonate forum users via a modified connect cookie.
Published Oct 20, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module.
Published Oct 23, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Gallery 1.3.3 creates directories with insecure permissions, which allows local users to read, modify, or delete photos.
Published Oct 20, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the non-SSL web agent in various HP Management Agent products allows local users or remote attackers to gain privileges or cause a denial of service via unknown attack vectors.
Published Oct 25, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in the launch_bcrelay function in pptpctrl.c in PoPToP 1.1.4-b1 through PoPToP 1.1.4-b3 allow local users to execute arbitrary code.
Published Oct 23, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message.
Published Oct 24, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
upload.php in Truegalerie 1.0 allows remote attackers to read arbitrary files by specifying the target filename in the file cookie in form.php, then downloading the file from the image gallery.
Published Oct 24, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in AOL Instant Messenger (AIM) 5.2.3292 allows remote attackers to execute arbitrary code via an aim:getfile URL with a long screen name.
Published Oct 25, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The (1) verif_admin.php and (2) check_admin.php scripts in Truegalerie 1.0 allow remote attackers to gain administrator access via a request to admin.php without the connect parameter and with the loggedin parameter set to any value, such as 1.
Published Oct 24, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in IMAP service in MDaemon 6.7.5 and earlier allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via a CREATE command with a long mailbox name.
Published Oct 24, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php.
Published Oct 17, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) by creating a DHTML link that uses the AnchorClick "A" object with a blank href attribute.
Published Oct 24, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Untrusted search path vulnerability in Qualcomm qpopper 4.0 through 4.05 allows local users to execute arbitrary code by modifying the PATH environment variable to reference a malicious smbpasswd program.
Published Oct 23, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager.
Published Oct 14, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
mod_survey 3.0.0 through 3.0.15-pre6 does not check whether a survey exists before creating a subdirectory for it, which allows remote attackers to cause a denial of service (disk consumption and possible crash).
Published Oct 24, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
NetCharts XBRL Server 4.0.0 allows remote attackers to obtain sensitive information via an HTTP request with an invalid chunked transfer encoding specification.
Published Oct 20, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Memory leak in the Windows 2000 kernel allows remote attackers to cause a denial of service (SMB request hang) via a NetBIOS continuation packet.
Published Oct 23, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SpamProbe 0.8a allows remote attackers to cause a denial of service (crash) via HTML e-mail with newline characters within an href tag, which is not properly handled by certain regular expressions.
Published Oct 23, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the save_into_file function in save.c for Rogue 5.2-2 allows local users to execute arbitrary code with games group privileges by setting a long HOME environment variable and invoking the save game function with a ~ (tilde).
Published Oct 23, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in download.php in Phorum 3.4 through 3.4.2 allows remote attackers to read arbitrary files.
Published Oct 24, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the MytextSanitizer function in XOOPS 1.3.5 through 1.3.9 and XOOPS 2.0 through 2.0.1 allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in an IMG tag.
Published Oct 23, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
PGPi PGPDisk 6.0.2i does not unmount a PGP partition when the switch user function in Windows XP is used, which could allow local users to access data on another user's PGP partition.
Published Oct 25, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in _functions.php in cpCommerce 0.5f allows remote attackers to execute arbitrary code via the prefix parameter.
Published Oct 25, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Symantec Norton AntiVirus 2002 allows remote attackers to execute arbitrary code via an e-mail attachment with a compressed ZIP file that contains a file with a long filename.
Published Oct 23, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
foo.php3 in DotBr 0.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function.
Published Oct 20, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full path of the web server via an incorrect HTTP request to (1) smileys.php, (2) quick_listrss.php, (3) purge.php, (4) news.php, (5) memberlist.php, (6) forum_listrss.php, (7) forum_list_rdf.php, (8) forum_list.php, or (9) move.php, which leaks the information in an error message.
Published Oct 24, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) by creating a web page or HTML e-mail with a textarea in a div element whose scrollbar-base-color is modified by a CSS style, which is then moved.
Published Oct 25, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in My Photo Gallery 3.5, and possibly earlier versions, has unknown impact and attack vectors.
Published Oct 25, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in webcamXP 1.02.432 and 1.02.535 allows remote attackers to inject arbitrary web script or HTML via the message field.
Published Oct 24, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
MDaemon POP server 6.0.7 and earlier allows remote authenticated users to cause a denial of service (crash) via a (1) DELE or (2) UIDL with a negative number.
Published Oct 24, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in example scripts in Caucho Technology Resin 2.0 through 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) env.jsp, (2) form.jsp, (3) session.jsp, (4) the move parameter to tictactoe.jsp, or the (5) name or (6) comment fields to guestbook.jsp.
Published Oct 25, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Memory leak in HP OpenView Network Node Manager (NNM) 6.2 and 6.4 allows remote attackers to cause a denial of service (memory exhaustion) via crafted TCP packets.
Published Oct 24, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
eMule 0.29c allows remote attackers to cause a denial of service (crash) via a long password, possibly due to a buffer overflow.
Published Oct 25, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Bajie Java HTTP Server 0.95 through 0.95zxv4 allows remote attackers to inject arbitrary web script or HTML via (1) the query string to test.txt, (2) the guestName parameter to the custMsg servlet, or (3) the cookiename parameter to the CookieExample servlet.
Published Oct 25, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Vivisimo clustering engine allows remote attackers to inject arbitrary web script or HTML via the query parameter to the search program.
Published Oct 25, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in FuzzyMonkey My Classifieds 2.11 allows remote attackers to execute arbitrary SQL commands via the email parameter.
Published Oct 25, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in HP OpenView Network Node Manager (NNM) 6.2 and 6.4 allows remote attackers to cause a denial of service (CPU consumption) via a crafted TCP packet.
Published Oct 24, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
TinyWeb 1.9 allows remote attackers to cause a denial of service (CPU consumption) via a ".%00." in an HTTP GET request to the cgi-bin directory.
Published Oct 25, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID).
Published Oct 20, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to obtain sensitive information via an HTTP request to /support/messages, which displays the server's /var/log/messages file.
Published Oct 19, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Secure Internet Live Conferencing (SILC) 0.9.11 and 0.9.12 stores passwords and sessions in plaintext in memory, which could allow local users to obtain sensitive information.
Published Oct 23, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function.
Published Oct 20, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter.
Published Oct 20, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user.
Published Oct 23, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The web administration page for the Ericsson HM220dp ADSL modem does not require authentication, which could allow remote attackers to gain access from the LAN side.
Published Oct 23, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification).
Published Oct 19, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
BisonFTP Server 4 release 2 allows remote attackers to cause a denial of service (CPU consumption) via a long (1) ls or (2) cwd command.
Published Oct 20, 2007 · Updated Aug 8, 2024