Primary Vendor -- Product | Description | | CVSS Score | Source & Patch Info | | Multiple buffer overflows in RealNetworks GameHouse dldisplay ActiveX control (ghdlctl.dll) allow remote attackers to execute arbitrary code via unknown vectors. | | 8.0 | CVE-2007-2924 CERT-VN
| | Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors, related to "incorrect authorization on a remote interface to the SDO repository." | | 10.0 | CVE-2007-3263 OTHER-REF FRSIRT SECUNIA
| | Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors. | | 10.0 | CVE-2007-3264 OTHER-REF FRSIRT SECUNIA
| | Directory traversal vulnerability in webif.cgi in ifnet WEBIF allows remote attackers to include and execute arbitrary local files a .. (dot dot) in the outconfig parameter. | | 10.0 | CVE-2007-3266 BUGTRAQ OTHER-REF BID
| | PHP remote file inclusion vulnerability in Includes/global.inc.php in phpMyInventory 2.8 allows remote attackers to execute arbitrary PHP code via a URL in the strIncludePrefix parameter. | | 10.0 | CVE-2007-3270 MILW0RM BID
| | PHP remote file inclusion vulnerability in templates/2blue/bodyTemplate.php in YourFreeScreamer 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the serverPath parameter. | | 7.0 | CVE-2007-3271 MILW0RM
| | SQL injection vulnerability in index.cfm in FuseTalk 2.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 7.0 | CVE-2007-3273 BID
| | Unspecified vulnerability in the localization before 1.2 module for WIKINDX allows attackers to access certain administrative capabilities via unknown vectors. | | 10.0 | CVE-2007-3277 OTHER-REF SECUNIA
| | PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1. | | 8.0 | CVE-2007-3278 BUGTRAQ BUGTRAQ OTHER-REF OTHER-REF
| | PostgreSQL 8.1 and probably later versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing attacks, which may evade intrusion detection. | | 10.0 | CVE-2007-3279 BUGTRAQ OTHER-REF OTHER-REF
| Cerulean Studios -- Trillian
| Heap-based buffer overflow in Cerulean Studios Trillian 3.x before 3.1.6.0 allows remote attackers to execute arbitrary code via a message sent through the MSN protocol, or possibly other protocols, with a crafted UTF-8 string, which triggers improper memory allocation for word wrapping when a window width is used as a buffer size, a different vulnerability than CVE-2007-2478. | | 10.0 | CVE-2007-3305 IDEFENSE OTHER-REF BID FRSIRT SECUNIA
| Cybozu Labs -- Musoo
| Multiple PHP remote file inclusion vulnerabilities in Musoo 0.21 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[ini_array][EXTLIB_PATH] parameter to (1) msDb.php, (2) modules/MusooTemplateLite.php, or (3) modules/SoundImporter.php. | | 7.0 | CVE-2007-3297 MILW0RM
| Efstratios Geroulis -- Jasmine CMS
| Multiple SQL injection vulnerabilities in Jasmine CMS 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the login_username parameter to login.php or (2) the item parameter to news.php. | | 7.0 | CVE-2007-3313 MILW0RM BID
| F-Secure -- F-Secure Anti-Virus Linux Client Security F-Secure -- F-Secure Anti-Virus Linux Server Security F-secure -- Solutions based on F-secure Personal Express F-Secure -- Internet Gatekeeper F-Secure -- F-Secure Internet Security F-secure -- F-Secure Anti-Virus
| Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive. | | 8.0 | CVE-2007-3300 OTHER-REF BID FRSIRT SECUNIA
| FuseTalk Inc. -- FuseTalk
| SQL injection vulnerability in forum/include/error/autherror.cfm in FuseTalk allows remote attackers to execute arbitrary SQL commands via the errorcode parameter. NOTE: a patch may have been released privately between April and June 2007. NOTE: this issue may overlap CVE-2007-3273. | | 7.0 | CVE-2007-3301 BUGTRAQ BID
| GNOME -- Evolution
| Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index. | | 10.0 | CVE-2007-3257 OTHER-REF
| LiveCMS -- LiveCMS
| categoria.php in LiveCMS 3.4 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the cid parameter, which reveals the path in a forced SQL error message. | | 8.0 | CVE-2007-3290 MILW0RM
| LiveCMS -- LiveCMS
| Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier allows remote attackers to upload and execute arbitrary PHP code by specifying a PHP file type in a parameter intended for "a small image" associated with an article. | | 7.0 | CVE-2007-3292 MILW0RM
| LiveCMS -- LiveCMS
| SQL injection vulnerability in categoria.php in LiveCMS 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter. | | 7.0 | CVE-2007-3293 MILW0RM
| PHP -- PHP
| Multiple buffer overflows in the Tidy extension for PHP 5.2.3 allow context-dependent attackers to execute arbitrary code via (1) a long second argument to the tidy_parse_string function or (2) an unspecified vector to the tidy_repair_string function. | | 7.0 | CVE-2007-3294 MILW0RM
| Simple Machines -- Simple Machines Forum
| Simple Machines Forum (SMF) 1.1.2 uses a concatenation method with insufficient randomization when creating a WAV file CAPTCHA, which allows remote attackers to pass the CAPTCHA test via an automated brute-force attack. | | 7.0 | CVE-2007-3308 BUGTRAQ OTHER-REF SECTRACK XF
| Simple Machines -- Simple Machines Forum
| Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.2 allows remote attackers to execute arbitrary PHP code during (1) creation or (2) editing of a message. | | 7.0 | CVE-2007-3309 BUGTRAQ OTHER-REF SECTRACK XF
| Solar Empire -- Solar Empire
| SQL injection vulnerability in game_listing.php in Solar Empire 2.9.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header. | | 7.0 | CVE-2007-3307 MILW0RM BID
| Spey -- Spey
| SQL injection vulnerability in Spey before 0.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to MessageProcessor.cc and possibly other components. | | 7.0 | CVE-2007-3298 OTHER-REF OTHER-REF OTHER-REF FRSIRT
| Ultrize -- MiniBill
| PHP remote file inclusion vulnerability in crontab/run_billing.php in MiniBill 1.2.5 allows remote attackers to execute arbitrary PHP code via a URL in the config[include_dir] parameter, a different vector than CVE-2006-4489. | | 7.0 | CVE-2007-3306 MILW0RM
| VideoLAN -- VLC Media Player
| Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for a CD Digital Audio (CDDA) file, or (4) Service Announce Protocol (SAP) multicast packets. | | 8.0 | CVE-2007-3316 OTHER-REF BID FRSIRT SECUNIA
| Xoops -- WiwiMod Module
| PHP remote file inclusion vulnerability in spaw/spaw_control.class.php in the WiwiMod 0.4 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656. | | 7.0 | CVE-2007-3289 MILW0RM
| Xoops -- Articles Module
| SQL injection vulnerability in print.php in the Articles 1.02 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter. | | 7.0 | CVE-2007-3311 BUGTRAQ MILW0RM
| Xunlei -- Web Thunderbolt
| The ThunderServer.webThunder.1 ActiveX control in xunlei Web Thunderbolt 1.7.3.109 allows remote attackers to download arbitrary files and conduct other unauthorized actions by invoking dangerous methods. | | 8.0 | CVE-2007-3296 BID
|