Medium · CVSS 6.5
Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an "unhandled exception" in mshtml.dll.
Published Feb 23, 2007 · Updated Jan 17, 2025
Critical · CVSS 9.8
PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.3 allows remote attackers to execute arbitrary code via a URL in the class_pwd parameter. NOTE: this issue has been disputed by CVE and multiple third parties, who state that $class_pwd is set to a static value before the relevant include statement
Published Feb 8, 2007 · Updated Jan 17, 2025
Medium · CVSS 5.6
Multiple PHP remote file include vulnerabilities in dotProject 2.0.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary commands via the baseDir parameter in (1) db_adodb.php, (2) db_connect.php, (3) session.php, (4) vw_usr_roles.php, (5) calendar.php, (6) date_format.php, and (7) tasks/gantt.php; and the dPconfig[root_dir] parameter in (8) projects/gantt.php, (9) gantt2.php, and (10) vw_files.php. NOTE: the vendor disputes this issue, stating that the product documentation clearly recommends that the system administrator disable register_globals, and that the check.php script warns against this setting. Also, the vendor says that the protection.php/siteurl vector is incorrect because protection.php does not exist in the product
Published Feb 18, 2006 · Updated Jan 16, 2025
Unknown · CVSS Not scored
Multiple unspecified vulnerabilities in the (1) Filesystem in USErspace (FUSE) client and (2) NOOFS daemon in in Network Object Oriented File System (NOOFS) before 0.9.0 have unspecified impact and attack vectors.
Published Feb 18, 2006 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in a cryptographic feature in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 leads to "weakened authentication security" with unknown impact and attack vectors. NOTE: due to lack of details, it is not clear whether this is the same as CVE-2006-1792.
Published Feb 12, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters.
Published Feb 4, 2006 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Joomla! before 1.0.10 allows remote attackers to spoof the frontend submission forms, which has unknown impact and attack vectors.
Published Feb 12, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Headstart Solutions DeskPRO allows remote attackers to obtain the full path via direct requests to (1) email/mail.php, (2) includes/init.php, (3) certain files in includes/cron/, and (4) jpgraph.php, (5) jpgraph_bar.php, (6) jpgraph_pie.php, and (7) jpgraph_pie3d.php in includes/graph/, which leaks the path in error messages.
Published Feb 12, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact and attack vectors, related to "securing mosmsg from misuse." NOTE: it is possible that this issue overlaps CVE-2006-1029.
Published Feb 12, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in item.php in PSY Auction allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published Feb 12, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial of service (client crash) via an AIM message containing the Mac encoded Rich Text Format (RTF) escape sequences (1) \'d1, (2) \'d2, (3) \'d3, (4) \'d4, and (5) \'d5. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published Feb 4, 2006 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Headstart Solutions DeskPRO stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) list files in the includes/ directory; obtain the SQL username and password via a direct request for (2) config.php and (3) config.php.bak in includes/; read files in (4) email/, (5) admin/graphs/, (6) includes/javascript/, and (7) certain other includes/ directories via direct requests; and download SQL database data via direct requests for (8) data.sql, (9) install.sql, (10) settings.sql, and possibly other files in install/v2data/.
Published Feb 7, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in avatar.php in PhpMyChat Plus 1.9 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the L parameter, a different issue than CVE-2006-5897. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published Feb 12, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
SGI ProPack 3 SP6 kernel displays the frame buffer contents of the last session after a reboot, which might allow local users to obtain sensitive information.
Published Feb 6, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
attachment.php in Headstart Solutions DeskPRO allows remote attackers to read all uploaded files by providing the file number in a modified id parameter.
Published Feb 12, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Headstart Solutions DeskPRO does not require authentication for certain files and directories associated with administrative activities, which allows remote attackers to (1) reinstall the application via a direct request for install/index.php; (2) delete the database via a do=delete_database QUERY_STRING to a renamed copy of install/index.php; or access the administration system, after guessing a filename, via a direct request for a file in (3) admin/ or (4) tech/.
Published Feb 7, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Mozilla Firefox 2.0, possibly only when running on Windows, allows remote attackers to bypass the Phishing Protection mechanism by representing an IP address in (1) dotted-hex, (2) dotted-octal, (3) single decimal integer, (4) single hex integer, or (5) single octal integer format, which is not captured by the blacklist filter.
Published Feb 7, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference.
Published Feb 27, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in admin/index.php in Fusion Polls allows remote attackers to execute arbitrary PHP code via a URL in the xtrphome parameter.
Published Feb 12, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests.
Published Feb 10, 2006 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz.
Published Feb 28, 2006 · Updated Sep 16, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in cmpro.intern/login.inc.php for Clan Manager Pro (CMPRO) 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published Feb 24, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The Internet Key Exchange version 1 (IKEv1) implementation in Avaya VSU 100, 2000, 7500, 10000, and CSU 5000, when running IPSec, allows remote attackers to cause a denial of service (crash) via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
Published Feb 15, 2006 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) clarolineRepositorySys parameter to (a) atutor.inc.php (b) db-generic.inc.php (c) docebo.inc.php (d) dokeos.1.6.inc.php (e) dokeos.inc.php (f) ganesha.inc.php (g) mambo.inc.php (h) moodle.inc.php (i) phpnuke.inc.php (j) postnuke.inc.php and (k) spip.inc.php in claroline/auth/extauth/drivers/; (2) includePath parameter in mambo.inc.php, postnuke.inc.php, and (l) inc/lib/event/init_event_manager.inc.php; and (3) rootSys parameter in (m) inc/lib/export_exe_tracking.class.php, a different set of vectors than CVE-2006-2284.
Published Feb 24, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in config.php in phpht Topsites FREE 1.022b allows remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published Feb 28, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in upload/admin/team.php in Robin de Graff Somery 0.4.4 allows remote attackers to execute arbitrary PHP code via a URL in the checkauth parameter. NOTE: CVE disputes this vulnerability because the checkauth parameter is only used in conditionals
Published Feb 12, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
install/loader_help.php in Headstart Solutions DeskPRO allows remote attackers to obtain configuration information via a q=phpinfo QUERY_STRING, which calls the phpinfo function.
Published Feb 12, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message.
Published Feb 29, 2012 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in display.asp in Civica Software Civica allows remote attackers to execute arbitrary SQL commands via the Entry parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published Feb 13, 2008 · Updated Aug 7, 2024
Unknown · CVSS Not scored
sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY.
Published Feb 26, 2008 · Updated Aug 7, 2024
Unknown · CVSS Not scored
phpGraphy before 0.9.13a does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a config.php file via the pictures[] parameter to index.php. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpGraphy.
Published Feb 4, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bin/ls, which allows remote authenticated users to list arbitrary directories with the privileges of gid 0 and possibly enable additional attack vectors.
Published Feb 28, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The IMAP4 service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a message with a long subject field.
Published Feb 23, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-domain vulnerability in NetCaptor 4.5.7 Personal Edition allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.
Published Feb 9, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Scriptsez.net E-Dating System stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read private messages and leverage them for cross-site scripting (XSS) attacks.
Published Feb 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute arbitrary code by modifying the $xoopsOption['pagetype'] variable.
Published Feb 27, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection in torrents.php in BtitTracker 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) by and (2) order parameters. NOTE: it is not clear whether this issue is exploitable.
Published Feb 7, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in Professional Home Page Tools Login Script, as of July 2006, allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) vorname, and (3) nachname parameters in the register script. NOTE: some details have been obtained from third party sources.
Published Feb 27, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in Arkoon FAST360 UTM appliances 3.0 through 3.0/29, 3.1, 3.2, and 3.3 allows remote attackers to bypass keyword filtering in the FAST HTTP module, and signatures in the IDPS HTTP module, via crafted URLs that are "misinterpreted."
Published Feb 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
CRLF injection vulnerability in the mail function in Dotdeb PHP before 5.2.0 Rev 3 allows remote attackers to bypass the protection scheme and inject arbitrary email headers via CRLF sequences in the query string, which is processed via the PHP_SELF variable.
Published Feb 28, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in Sphider before 1.3.1c allow remote attackers to inject arbitrary web script or HTML via the catid parameter to (1) templates/standard/search_form.html and (2) templates/dark/search_form.html. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published Feb 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple PHP remote file inclusion vulnerabilities in DreamCost HostAdmin 3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) functions.php and (2) members.php. NOTE: the index.php vector is covered by CVE-2006-0791.
Published Feb 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net E-Dating System allow remote attackers to inject arbitrary web script or HTML via encoded entities (') in IMG tags to (1) messages, (2) profile fields, or (3) the id parameter in a dologin operation to cindex.php.
Published Feb 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
include.php in Shoutpro 1.0 might allow remote attackers to bypass IP ban restrictions via a URL in the path parameter that points to an alternate bannedips.php file. NOTE: this issue was originally reported as remote file inclusion, but CVE analysis suggests that this cannot be used for code execution.
Published Feb 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in includes/mambo.php in Mambo LaiThai 4.5.4 SP2 and earlier allows remote attackers to execute arbitrary SQL commands via the usercookie[password] cookie parameter.
Published Feb 28, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to execute arbitrary SQl commands via the entry parameter.
Published Feb 27, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in profile.php in TinyPHPforum 3.6 and earlier allows remote attackers to include and execute arbitrary files via ".." sequences in the uname parameter.
Published Feb 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The sys_timer_create function in posix-timers.c for Linux kernel 2.6.x allows local users to cause a denial of service (memory consumption) and possibly bypass memory limits or cause other processes to be killed by creating a large number of posix timers, which are allocated in kernel memory but are not treated as part of the process' memory.
Published Feb 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in Clan Manager Pro (CMPRO) 1.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the (1) rootpath and possibly (2) sitepath parameters to (a) cmpro.ext/comment.core.inc.php and (b) cmpro.intern/comment.core.inc.php. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
Published Feb 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in smarty_config.php in Socketwiz Bookmarks 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the root_dir parameter.
Published Feb 27, 2007 · Updated Aug 7, 2024