Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in docs/front-end-demo/cart2.php in Advanced Webhost Billing System (AWBS) 2.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the workdir parameter.
Published Apr 25, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Progress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by invoking webutil/_cpyfile.p in the WService parameter to (1) cgiip.exe or (2) wsisa.dll in scripts/, as demonstrated by using the save,editor options to create a new file using the fileName parameter.
Published Apr 25, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cisco Network Services (CNS) NetFlow Collection Engine (NFC) before 6.0 has an nfcuser account with the default password nfcuser, which allows remote attackers to modify the product configuration and, when installed on Linux, obtain login access to the host operating system.
Published Apr 26, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Roles module in Xaraya 1.1.2 and earlier allows attackers to gain privileges via unspecified vectors, probably related to incorrect permission checking in xartemplates/user-view.xd.
Published Apr 25, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in forum.php in EsForum 3.0 allows remote attackers to execute arbitrary SQL commands via the idsalon parameter.
Published Apr 25, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in include/loading.php in Alessandro Lulli wavewoo 0.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_include parameter.
Published Apr 25, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in Sun Cluster 3.1 and Solaris Cluster 3.2 before 20070424 allows remote authenticated users, operating from a different cluster node, to cause a denial of service (data corruption or send_mondo panic) via unspecified vectors, as demonstrated by EMC Symcli backup software 6.2.1.
Published Apr 25, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
admin.php in Phorum before 5.1.22 allows remote attackers to obtain the full path via the module[] parameter.
Published Apr 25, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in the JVTCompEncodeFrame function in Apple Quicktime 7.1.5 and other versions before 7.2 allows remote attackers to execute arbitrary code via a crafted H.264 MOV file.
Published Apr 26, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in you.php in TJSChat 0.95 allows remote attackers to inject arbitrary web script or HTML via the user parameter.
Published Apr 25, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in iconspopup.php in Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain sensitive information via a .. (dot dot) in the icodir parameter.
Published Apr 25, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in top.php3 in SWsoft Plesk for Windows 8.1 and 8.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter.
Published Apr 25, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple PHP remote file inclusion vulnerabilities in bibtex mase beta 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the bibtexrootrel parameter to (1) unavailable.php, (2) source.php, (3) log.php, (4) latex.php, (5) indexinfo.php, (6) index.php, (7) importinfo.php, (8) import.php, (9) examplefile.php, (10) clearinfo.php, (11) clear.php, (12) aboutinfo.php, (13) about.php, and other unspecified files.
Published Apr 25, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
include/common.php in PunBB 1.2.14 and earlier does not properly handle a disabled ini_get function when checking the register_globals setting, which allows remote attackers to register global parameters, as demonstrated by an SQL injection attack on the search_id parameter to search.php.
Published Apr 25, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) eng_dir parameter to addmember.php, (2) lang_path parameter to admin/enginelib/class.phpmailer.php, and the (3) spaw_root parameter to admin/includes/spaw/dialogs/colorpicker.php, different vectors than CVE-2006-5291 and CVE-2006-5459. NOTE: vector 3 might be an issue in SPAW.
Published Apr 25, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in modules/news/article.php in phpMySpace Gold 8.10 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
Published Apr 25, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in espaces/communiques/annotations.php in C-Arbre 0.6PR7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, a different vector than CVE-2007-1721.
Published Apr 25, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in includes/init.inc.php in PHPMyBibli allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter.
Published Apr 25, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple PHP remote file inclusion vulnerabilities in html/php/detail.php in Sinato jmuffin allow remote attackers to execute arbitrary PHP code via a URL in the (1) relPath and (2) folder parameters. NOTE: this product was originally reported as "File117".
Published Apr 25, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods.
Published Apr 16, 2009 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers.
Published Apr 25, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the fieldkey parameter to browse_foreigners.php or (2) certain input to the PMA_sanitize function.
Published Apr 25, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
Published Apr 25, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
cosign-bin/cosign.cgi in Cosign 2.0.2 and earlier allows remote authenticated users to perform unauthorized actions as an arbitrary user by using CR (\r) sequences in the service parameter to inject LOGIN and REGISTER commands with the desired username.
Published Apr 25, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in Adobe Photoshop CS2 and CS3, Illustrator CS3, and GoLive 9 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) BMP, (2) DIB, or (3) RLE file.
Published Apr 25, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
footer.php in PunBB 1.2.14 and earlier allows remote attackers to include local files in include/user/ via a cross-site scripting (XSS) attack, or via the pun_include tag, as demonstrated by use of admin_options.php to execute PHP code from an uploaded avatar file.
Published Apr 25, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Referer HTTP header to misc.php or the (2) category name when deleting a category in admin_categories.php.
Published Apr 25, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The CHECK command in Cosign 2.0.1 and earlier allows remote attackers to bypass authentication requirements via CR (\r) sequences in the cosign cookie parameter.
Published Apr 25, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
Published Apr 25, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in CA Clever Path Portal allows remote authenticated users to execute limited SQL commands and retrieve arbitrary database contents via (1) the ofinterest parameter in a light search query, (2) description parameter in the advanced search query, and possibly other vectors.
Published Apr 25, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in contact/index.php in Ripe Website Manager 0.8.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ripeformpost parameter.
Published Apr 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) month parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published Apr 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in index.php in PHP-Ring Webring System (aka uPHP_ring_website) 0.9 allows remote attackers to execute arbitrary SQL commands via the ring parameter.
Published Apr 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
aMSN (aka Alvaro's Messenger) 0.96 and earlier allows remote attackers to cause a denial of service (application crash) by sending invalid data to TCP port 31337.
Published Apr 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Foxit Reader 2.0 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.
Published Apr 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
A certain ActiveX control in askPopStp.dll in Netsprint Ask IE Toolbar 1.1 allows remote attackers to cause a denial of service (Internet Explorer crash) via a long AddAllowed property value, related to "improper memory handling," possibly a buffer overflow.
Published Apr 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Race condition in the NeatUpload ASP.NET component 1.2.11 through 1.2.16, 1.1.18 through 1.1.23, and trunk.379 through trunk.445 allows remote attackers to obtain other clients' HTTP responses via multiple simultaneous requests, which triggers multiple calls to HttpWorkerRequest.FlushResponse for the same HttpWorkerRequest object and causes a buffer to be reused for a different request.
Published Apr 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in index.php in the Be2004-2 template for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Published Apr 19, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple PHP remote file inclusion vulnerabilities in Post Revolution 6.6 and 7.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to (1) common.php or (2) themes/default/preview_post_completo.php.
Published Apr 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple PHP remote file inclusion vulnerabilities in Supasite 1.23b allow remote attackers to execute arbitrary PHP code via a URL in the supa[db_path] parameter to (1) common_functions.php, (2) admin_auth_cookies.php, (3) admin_mods.php, (4) admin_news.php, (5) admin_topics.php, (6) admin_users.php, (7) admin_utilities.php, (8) site_comment.php, or (9) site_news.php; or the supa[include_path] parameter to (10) admin_settings.php or (11) backend_site.php.
Published Apr 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unrestricted file upload vulnerability in forum_write.php in Maran PHP Forum allows remote attackers to upload and execute arbitrary PHP files via a trailing %00 in a filename in the page parameter.
Published Apr 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Buffer overflow in igcore15d.dll 15.1.2.0 and 15.2.0.0 for AccuSoft ImageGear, as used in Corel Paint Shop Pro Photo 11.20 and possibly other products, allows user-assisted remote attackers to execute arbitrary code via a crafted .CLP file. NOTE: some details were obtained from third party sources.
Published Apr 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in admin/admin_album_otf.php in the MX Smartor Full Album Pack (FAP) 2.0 RC1 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
Published Apr 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in imgsrv.php in jchit counter 1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the acc parameter.
Published Apr 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Big Blue Guestbook allows remote attackers to inject arbitrary web script or HTML via the message field in the guestbook entry submission form.
Published Apr 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an "out of bound access" by the (1) dn_fib_props (dn_fib.c, DECNet) and (2) fib_props (fib_semantics.c, IPv4) functions.
Published Apr 22, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Initialize function in NetscapeFTPHandler in WS_FTP Home and Professional 2007 allows remote attackers to cause a denial of service (NULL dereference and application crash) via unspecified vectors related to "improper arguments."
Published Apr 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple cross-site request forgery (CSRF) vulnerabilities in the Database Administration (dba) module 4.6.x-*, and before 4.7.x-1.2 in the 4.7.x-1.* series, for Drupal allow remote attackers to perform unauthorized actions as an arbitrary user, a related issue to CVE-2006-5476.
Published Apr 22, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving Javascript errors. NOTE: this might be the same issue as CVE-2007-2175.
Published Apr 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple PHP remote file inclusion vulnerabilities in Extreme PHPBB2 3.0 Pre Final allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) functions.php or (2) functions_portal.php in includes/.
Published Apr 24, 2007 · Updated Aug 7, 2024