Primary Vendor -- Product | Description | | CVSS Score | Source & Patch Info | AlstraSoft -- Live Support
| AlstraSoft Live Support 1.21 sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request to admin/managesettings.php. | | 10.0 | CVE-2007-2775 MILW0RM
| AlstraSoft -- Template Seller
| AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject a credential variable setting and obtain administrative access via a direct request to admin/changeinfo.php. | | 10.0 | CVE-2007-2776 MILW0RM
| AlstraSoft -- Template Seller
| Unrestricted file upload vulnerability in admin/addsptemplate.php in AlstraSoft Template Seller Pro 3.25 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary .php filename in the zip parameter, which is created under sptemplates/. | | 7.0 | CVE-2007-2777 MILW0RM
| AlstraSoft -- E-Friends
| SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 and earlier allows remote attackers to execute arbitrary SQL commands via the pack parameter in a paypal action for index.php. | | 10.0 | CVE-2007-2824 MILW0RM BID
| com_yanc -- com_yanc
| SQL injection vulnerability in index.php in the com_yanc 1.4 beta Add-on for Mambo allows remote attackers to execute arbitrary SQL commands via the listid parameter. | | 7.0 | CVE-2007-2792 MILW0RM BID
| eSyndicat -- eSyndiCat Pro
| manage-admins.php in eSyndiCat Pro 1.x allows remote attackers to create additional administrative accounts, and have other unspecified impact, via modified username, new_pass, new_pass2, status, super, and certain other parameters in an add action. | | 10.0 | CVE-2007-2785 BUGTRAQ
| file -- file
| Integer overflow in the "file" program 4.20, when running on 32-bit systems, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536. | | 8.0 | CVE-2007-2799 OTHER-REF
| Gazi Download Portal -- Gazi Download Portal
| SQL injection vulnerability in down_indir.asp in Gazi Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 10.0 | CVE-2007-2810 BID SECUNIA
| Geeklog -- Geeklog
| PHP remote file inclusion vulnerability in ImageImageMagick.php in Geeklog 2.x allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_system] parameter. | | 7.0 | CVE-2007-2793 MILW0RM BID
| HP -- Tru64 UNIX
| Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX 5.1B-4 and 5.1B-3 allows remote attackers to identify valid users via unspecified vectors, probably related to timing attacks and AuthInteractiveFailureRandomTimeout. | | 10.0 | CVE-2007-2791 HP BID FRSIRT SECTRACK SECUNIA
| Jetbox -- Jetbox CMS
| Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) login parameter. | | 7.0 | CVE-2007-2685 FULLDISC OTHER-REF OSVDB
| KSign -- KSignSWAT
| Multiple stack-based buffer overflows in the KSign KSignSWAT ActiveX Control (AxKSignSWAT.dll) 2.0.3.3 allow remote attackers to execute arbitrary code via long arguments to the (1) SWAT_Init, (2) SWAT_InitEx, (3) SWAT_InitEx2, (4) SWAT_InitEx3, and (5) SWAT_Login functions. | | 7.0 | CVE-2007-2820 FULLDISC FRSIRT SECUNIA
| LEAD Technologies -- LeadTools JPEG 2000
| Stack-based buffer overflow in the LEAD Technologies LeadTools JPEG 2000 LEADJ2K.LEADJ2K.140 ActiveX control (LTJ2K14.ocx) 14.5.0.35 allows remote attackers to execute arbitrary code via a long BitmapDataPath property. | | 8.0 | CVE-2007-2771 OTHER-REF OTHER-REF CERT-VN SECUNIA
| LEAD Technologies -- LeadTools Raster Thumbnail Object Library
| Stack-based buffer overflow in the BrowseDir function in the (1) lttmb14E.ocx or (2) LTRTM14e.DLL ActiveX control in LeadTools Raster Thumbnail Object Library 14.5.0.44 allows remote attackers to execute arbitrary code via a long argument. | | 7.0 | CVE-2007-2787 MILW0RM MILW0RM OTHER-REF OTHER-REF OTHER-REF OTHER-REF
| LEAD Technologies -- LeadTools ISIS ActiveX Control
| Heap-based buffer overflow in LEAD Technologies LEADTOOLS ISIS ActiveX Control (ltisi14E.ocx) 14.5.0.44 and earlier allows remote attackers to execute arbitrary code via a long DriverName propery. | | 8.0 | CVE-2007-2827 OTHER-REF OTHER-REF FRSIRT SECUNIA
| Libstats -- Libstats
| PHP remote file inclusion vulnerability in template_csv.php in Libstats 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rInfo[content] parameter. | | 7.0 | CVE-2007-2779 MILW0RM BID
| Madirish Webmail -- Madirish Webmail
| PHP remote file inclusion vulnerability in lib/addressbook.php in Madirish Webmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 7.0 | CVE-2007-2826 BID
| MADWifi -- MADWifi
| Array index error in the (1) ieee80211_ioctl_getwmmparams and (2) ieee80211_ioctl_setwmmparams functions in net80211/ieee80211_wireless.c in MadWifi before 0.9.3.1 allow local users to cause a denial of service (system crash), possibly obtain kernel memory contents, and possibly execute arbitrary code via a large negative array index value. | | 10.0 | CVE-2007-2831 OTHER-REF OTHER-REF
| Microsoft -- IIS
| The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Server (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw. | | 10.0 | CVE-2007-2815 BUGTRAQ MSKB
| MicroWorld Technologies -- eScan
| Stack-based buffer overflow in the MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan before 9.0.718.1 allows remote attackers to execute arbitrary code via a long command. | | 10.0 | CVE-2007-2687 OTHER-REF FRSIRT SECUNIA
| Ol' Bookmarks -- Ol' Bookmarks
| Multiple PHP remote file inclusion vulnerabilities in ol'bookmarks 0.7.4 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) test1.php, (2) blackorange.php, (3) default.php, (4) frames1.php, (5) frames1_top.php, (6) test1.php, (7) test2.php, (8) test3.php, (9) test4.php, (10) test5.php, (11) test6.php, (12) frames1_left.php, and (13) frames1_center.php in themes/. | | 7.0 | CVE-2007-2816 MILW0RM VIM BID FRSIRT
| Ol' Bookmarks -- Ol' Bookmarks
| SQL injection vulnerability in read/index.php in ol'bookmarks 0.7.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | | 7.0 | CVE-2007-2817 MILW0RM BID
| OPeNDAP -- Hyrax OPeNDAP -- BES
| BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 does not properly handle compressed files, which allows remote attackers to upload arbitrary files or execute arbitrary commands via a crafted compressed file. | | 7.0 | CVE-2007-2769 OTHER-REF CERT-VN BID
| Opera Software -- Opera Web Browser
| Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted torrent file. NOTE: due to the lack of details, it is not clear if this is the same issue as CVE-2007-2274. | | 8.0 | CVE-2007-2809 OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA
| Packeteer -- PacketShaper
| Packeteer PacketShaper uses fixed increments in TCP initial sequence number (ISN) values, which allows remote attackers to predict the ISN value, and perform session hijacking or disruption. | | 7.0 | CVE-2007-2782 BUGTRAQ BID
| Pegasus -- ImagN' ActiveX Control
| Multiple stack-based buffer overflows in the Pegasus ImagN' ActiveX control (IMW32O40.OCX) 4.00.041 allow remote attackers to execute arbitrary code via (1) a long FileName parameter, or unspecified vectors involving the (2) BeginReport, (3) CreatePictureExA, (4) DefineImage, (5) DefineImageEx, (6) DefineImageFox, (7) CopyBufToClipExA, (8) LoadEx, (9) LoadFox, and other functions. | | 7.0 | CVE-2007-2814 OTHER-REF BID FRSIRT SECUNIA
| Qualcomm -- Eudora
| Stack-based buffer overflow in Eudora 7.1 allows user-assisted, remote SMTP servers to execute arbitrary code via a long SMTP reply. NOTE: the user must click through a warning about a possible buffer overflow exploit to trigger this issue. | | 8.0 | CVE-2007-2770 MILW0RM SECUNIA XF
| Rational Software -- Hidden Administrator
| Unspecified vulnerability in Rational Soft Hidden Administrator 1.7 and earlier allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors. NOTE: this issue has no actionable information, and perhaps should not be included in CVE. | | 10.0 | CVE-2007-2783 BUGTRAQ BID
| Sun -- JDK
| Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03, and 1.6.x before 1.6.0_01-b06, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file. | | 8.0 | CVE-2007-2788 OTHER-REF BID FRSIRT SECUNIA XF
| SunLight CMS -- SunLight CMS
| Multiple PHP remote file inclusion vulnerabilities in SunLight CMS 5.3 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) _connect.php or (2) modules/startup.php. | | 7.0 | CVE-2007-2774 MILW0RM BID
| Vizayn Urun -- Tanitim Sitesi
| SQL injection vulnerability in default.asp in Vizayn Urun Tanitim Sitesi 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a haberdetay action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 7.0 | CVE-2007-2803 SECUNIA
| VP-ASP -- VP-ASP Shopping Cart
| Cross-site scripting (XSS) vulnerability in shopcontent.asp in VP-ASP Shopping Cart 6.50, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the type parameter. | | 7.0 | CVE-2007-2790 BUGTRAQ
| Wavelink Media -- TutorialCMS
| TutorialCMS 1.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication via the (1) loggedIn and (2) activated parameters to (a) login.php, (b) headerLinks.php, (c) submit1.php, (d) myFav.php, and (e) userCP.php. | | 8.0 | CVE-2007-2822 MILW0RM OTHER-REF FRSIRT SECUNIA
| WikyBlog -- WikyBlog
| Cross-site scripting (XSS) vulnerability in include/sessionRegister.php in WikyBlog before 1.4.13 allows remote attackers to inject arbitrary web script or HTML, probably via vectors related to a certain data2 array element. | | 7.0 | CVE-2007-2781 OTHER-REF OTHER-REF OTHER-REF SECUNIA
| WordPress -- WordPress
| SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter. | | 8.0 | CVE-2007-2821 OTHER-REF BID FRSIRT SECUNIA XF
| Zomplog -- Zomplog
| SQL injection vulnerability in plugins/mp3playlist/mp3playlist.php in Zomplog 3.8 and earlier allows remote attackers to execute arbitrary SQL commands via the speler parameter. | | 7.0 | CVE-2007-2773 MILW0RM
|