Primary Vendor -- Product | Description | | CVSS Score | Source & Patch Info | 2z Project -- 2z Project
| SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the rating parameter. | | 7.0 | CVE-2007-2898 BUGTRAQ OTHER-REF FRSIRT
| 2z Project -- 2z Project
| SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the post_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 7.0 | CVE-2007-2905 BUGTRAQ OTHER-REF FRSIRT
| Apache Software Foundation -- Tomcat JK Web Server Connector
| mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directly traversal, a related issue to CVE-2007-0450. | | 7.0 | CVE-2007-1860 OTHER-REF OTHER-REF SECUNIA
| Authentium -- Command Antivirus
| Multiple buffer overflows in a certain ActiveX control in odapi.dll in Authentium Command Antivirus before 4.93.8 allow remote attackers to execute arbitrary code via unspecified vectors. | | 8.0 | CVE-2007-2917 CERT-VN
| BoastMachine -- BoastMachine
| Cross-site scripting (XSS) vulnerability in index.php in BoastMachine allows remote attackers to inject arbitrary web script or HTML via the blog parameter in a content search action. | | 10.0 | CVE-2007-2932 BUGTRAQ BID XF
| Bochs -- Bochs
| Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in emulated NE2000 device in Bochs 2.3 does not prevent TXCNT register values from exceeding the device memory size, which allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system, aka "RX Frame heap overflow." | | 7.0 | CVE-2007-2893 OTHER-REF FRSIRT
| cpCommerce -- cpCommerce
| SQL injection vulnerability in category.php in cpCommerce 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id_category parameter. | | 7.0 | CVE-2007-2890 MILW0RM BID
| cpCommerce -- cpCommerce
| SQL injection vulnerability in manufacturer.php in cpCommerce before 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id_manufacturer parameter. | | 7.0 | CVE-2007-2959 BUGTRAQ BID
| David Branco -- OpenBASE
| Multiple PHP remote file inclusion vulnerabilities in OpenBASE Alpha 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the root_prefix parameter to (1) index.php, (2) email_subscribe.php, (3) download.php, or (4) development.php. | | 7.0 | CVE-2007-2947 MILW0RM BID FRSIRT
| Dian Gemilang -- DGNews
| SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newslist action. NOTE: this issue can produce resultant cross-site scripting (XSS). | | 7.0 | CVE-2007-0693 BUGTRAQ BID OSVDB
| DigiAppz -- DigiRez
| Multiple cross-site scripting (XSS) vulnerabilities in Digirez 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Room_name parameter to room/info_book.asp or the (2) curYear parameter to room/week.asp. | | 10.0 | CVE-2007-2880 BUGTRAQ
| Dokeos -- Open Source Learning & Knowledge Management Tool
| SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the scormcontopen parameter. | | 7.0 | CVE-2007-2889 MILW0RM BID XF
| Dokeos -- Dokeos
| SQL injection vulnerability in main/auth/my_progress.php in Dokeos 1.8.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the course parameter. | | 7.0 | CVE-2007-2902 MILW0RM
| EZB Systems -- UltraISO
| Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows user-assisted remote attackers to execute arbitrary code via a long FILE string (filename) in a .cue file, a related issue to CVE-2007-2761. NOTE: some details are obtained from third party information. | | 8.0 | CVE-2007-2888 MILW0RM BID SECUNIA
| F-Secure -- F-Secure Protection Service F-Secure -- F-Secure Anti-Virus Linux Server Security F-Secure -- F-Secure Internet Security F-Secure -- F-Secure Anti-Virus Linux Client Security F-Secure -- Internet Gatekeeper F-Secure -- F-Secure Anti-Virus Client Security F-secure -- F-Secure Anti-Virus
| Unspecified vulnerability in the Real-time Scanning component in multiple F-Secure products, including Internet Security 2005, 2006 and 2007; Anti-Virus 2005, 2006 and 2007; and Solutions based on F-Secure Protection Service for Consumers 6.40 and earlier allows local users to gain privileges via a crafted I/O request packet (IRP), related to IOCTL (Input/Output Control) and "access validation of the address space." | | 7.0 | CVE-2007-2965 OTHER-REF FRSIRT SECUNIA
| F-Secure -- F-Secure Protection Service F-Secure -- F-Secure Anti-Virus Linux Server Security F-Secure -- F-Secure Internet Security F-Secure -- F-Secure Anti-Virus Linux Client Security F-Secure -- Internet Gatekeeper F-Secure -- F-Secure Anti-Virus Client Security F-secure -- F-Secure Anti-Virus
| Buffer overflow in the LHA decompresion component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, a similar issue to CVE-2006-4335. | | 7.0 | CVE-2007-2966 OTHER-REF FRSIRT SECUNIA
| F-Secure -- F-Secure Protection Service F-Secure -- F-Secure Anti-Virus Linux Server Security F-Secure -- F-Secure Internet Security F-Secure -- F-Secure Anti-Virus Linux Client Security F-Secure -- Internet Gatekeeper F-Secure -- F-Secure Anti-Virus Client Security F-secure -- F-Secure Anti-Virus
| Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) archives or (2) packed executables. | | 10.0 | CVE-2007-2967 OTHER-REF FRSIRT
| FileCloset -- FileCloset
| Unrestricted file upload vulnerability in FileCloset before 1.1.5 allows remote attackers to upload arbitrary PHP files via unspecified vectors. | | 7.0 | CVE-2007-2961 OTHER-REF OTHER-REF BID SECUNIA
| FirmWorX -- FirmWorX
| Multiple PHP remote file inclusion vulnerabilities in FirmWorX 0.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bank_data[root] parameter to modules/bank/includes/design/main.inc.php, or the (2) fm_data[root] parameter to (a) includes/config/master.inc.php or (b) includes/functions/master.inc.php. | | 7.0 | CVE-2007-2891 MILW0RM BID
| Frequency Clock -- Frequency Clock
| Multiple PHP remote file inclusion vulnerabilities in Frequency Clock 0.1b (Beta 0.1) allow remote attackers to execute arbitrary PHP code via a URL in the securelib parameter to (1) conf.php or (2) cp2.php. | | 7.0 | CVE-2007-2936 MILW0RM BID
| Fundanemt -- Fundanemt
| core/spellcheck/spellcheck.php in Fundanemt before 2.2.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dict parameter. | | 7.0 | CVE-2007-2935 MILW0RM OTHER-REF BID SECUNIA
| GNUTurk -- GNUTurk Portal System
| Cross-site scripting (XSS) vulnerability in mods.php in GTP GNUTurk Portal System 3G allows remote attackers to inject arbitrary web script or HTML via the month parameter. | | 10.0 | CVE-2007-2879 BUGTRAQ BID
| Jelsoft -- vBulletin
| Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.6.7 PL1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_367_xss_fix_plugin.xml update, a related issue to CVE-2007-????. | | 10.0 | CVE-2007-2910 OTHER-REF
| LEAD Technologies -- LeadTools Raster Dialog File Object
| Buffer overflow in a certain ActiveX control in LTRDF14e.DLL 14.5.0.44 in LeadTools Raster Dialog File Object allows remote attackers to execute arbitrary code via a long Directory property value. | | 10.0 | CVE-2007-2895 OTHER-REF OTHER-REF OTHER-REF BID SECUNIA XF
| LEAD Technologies -- LeadTools Raster Dialog File Object
| Buffer overflow in a certain ActiveX control in LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL) 14.5.0.44 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long DestinationPath property value. | | 10.0 | CVE-2007-2946 MILW0RM OTHER-REF OTHER-REF BID SECUNIA XF
| Macrovision -- Update Service Macrovision -- FLEXnet Connect
| The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via the Execute method. | | 8.0 | CVE-2007-0328 CERT-VN OTHER-REF
| Michael Brandon -- vBGSiteMap
| Multiple PHP remote file inclusion vulnerabilities in the creator in vBulletin Google Yahoo Site Map (vBGSiteMap) 2.41 for vBulletin allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) vbgsitemap/vbgsitemap-config.php or (2) vbgsitemap/vbgsitemap-vbseo.php. | | 7.0 | CVE-2007-2941 MILW0RM BID
| Microsoft -- Visual Basic
| Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allow user-assisted remote attackers to cause a denial of service (CPU consumption) or execute arbitrary code via a Visual Basic Project (vbp) file with a long (1) Description or (2) Company Name (VersionCompanyName) field. | | 8.0 | CVE-2007-2884 MILW0RM MILW0RM BID BID XF XF
| Microsoft -- IIS
| Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic); and might allow attackers with physical access to execute arbitrary code after connecting a data stream to a device COM port; via requests for a URI containing a '/' immediately before and after the name of a DOS device, as demonstrated by the /AUX/.aspx URI, which bypasses a blacklist for DOS device requests. | | 7.0 | CVE-2007-2897 FULLDISC FULLDISC XF
| Microsoft -- Internet Explorer Honeywell -- Ademco ATNBaseLoader100 Module
| Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoader100.dll) 5.4.0.6, when Internet Explorer 6 is used, allows remote attackers to execute arbitrary code via a long argument to the (1) Send485CMD method, and possibly the (2) SetLoginID, (3) AddSite, (4) SetScreen, and (5) SetVideoServer methods. | | 10.0 | CVE-2007-2938 MILW0RM BID FRSIRT SECUNIA
| Mozilla -- SeaMonkey Mozilla -- Firefox Mozilla -- Thunderbird
| Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger memory corruption. | | 7.0 | CVE-2007-2868 OTHER-REF
| my little homepage -- my little forum
| SQL injection vulnerability in user.php in My Little Forum 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | | 7.0 | CVE-2007-2942 MILW0RM BID FRSIRT SECUNIA
| Navboard -- Navboard
| Direct static code injection vulnerability in admin_config.php in NavBoard 2.6.0 allows remote attackers to inject arbitrary PHP code into data/config.php via multiple parameters, as demonstrated via the threadperpage parameter in an editconfig action. | | 7.0 | CVE-2007-2899 MILW0RM BID
| Phil-a-Form -- Phil-a-Form
| SQL injection vulnerability in index.php in the Phil-a-Form (com_philaform) 1.2.0.0 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the form_id parameter. | | 7.0 | CVE-2007-2933 MILW0RM
| PHPEcho CMS -- PHPEcho CMS
| Multiple SQL injection vulnerabilities in modules/admin/modules/gallery.php in PHPEcho CMS 2.0-rc1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter and possibly other parameters. NOTE: some of these details are obtained from third party information. | | 7.0 | CVE-2007-2866 OTHER-REF FRSIRT
| phpPgAdmin -- phpPgAdmin
| Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter. | | 8.0 | CVE-2007-2865 FULLDISC BID XF
| Scallywag.org -- Scallywag
| Multiple directory traversal vulnerabilities in Scallywag 2005-04-25 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin_name parameter to template.php in (1) skin/dark/, (2) skin/gold/, or (3) skin/original/, a different vector than CVE-2007-2900. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 7.0 | CVE-2007-2960 FRSIRT
| Sun -- Java Web Proxy Server
| Multiple stack-based buffer overflows in the SOCKS proxy support (sockd) in Sun Java Web Proxy Server before 4.0.5 allow remote attackers to execute arbitrary code via crafted packets during protocol negotiation. | | 10.0 | CVE-2007-2881 IDEFENSE SUNALERT
| Tcl_Tk -- Tcl_Tk
| Buffer overflow in tcl/win/tclWinReg.c in Tcl (Tcl/Tk) before 8.5a6 allows local users to gain privileges via long registry key paths. | | 7.0 | CVE-2007-2877 OTHER-REF OTHER-REF SECUNIA
| TROforum -- TROforum
| PHP remote file inclusion vulnerability in admin/admin.php in TROforum 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the site_url parameter. | | 7.0 | CVE-2007-2937 MILW0RM BID
|