Primary Vendor -- Product | Description | | CVSS Score | Source & Patch Info | Adobe -- ColdFusion MX
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm. | | 7.0 | CVE-2006-5859 OTHER-REF
| Adobe -- ColdFusion Server MX Enterprise Adobe -- ColdFusion MX Enterprise Multi-Server Edition Adobe -- JRun
| Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | | 7.0 | CVE-2006-5860 OTHER-REF BID
| Allons_voter -- Allons_voter
| Allons_voter 1.0 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) admin_ajouter.php or (2) admin_supprimer.php. NOTE: this could be leveraged to conduct cross-site scripting (XSS) attacks. | | 7.0 | CVE-2007-0874 BUGTRAQ OTHER-REF BID
| Apache Stats -- Apache Stats
| Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function. | | 7.0 | CVE-2007-0930 OTHER-REF BID FRSIRT
| Aruba -- Mobility Controller OmniAccess -- OmniAccess Wireless
| Buffer overflow in the management interface for Aruba Mobility Controller 200, 800, 2400, and 6000, and OmniAccess Wireless 43xx and 6000, running software after 2.0, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long credential strings. | | 7.0 | CVE-2007-0931 BUGTRAQ FULLDISC CERT-VN
| Aruba -- Mobility Controller OmniAccess -- OmniAccess Wireless
| Unspecified vulnerability in Aruba Mobility Controller 200, 800, 2400, and 6000, and OmniAccess Wireless 43xx and 6000, running software after 2.0, allows remote attackers to gain access to the WLAN or administration interface by using the guest logon name without a password. | | 7.0 | CVE-2007-0932 FULLDISC CERT-VN
| BloggIT -- BloggIT
| admin.php in BloggIT 1.01 and earlier does not properly establish a user session, which allows remote attackers to gain privileges via a direct request. | | 7.0 | CVE-2006-7014 BUGTRAQ FRSIRT SECTRACK SECUNIA XF
| Cisco -- IOS
| The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets. | | 7.0 | CVE-2007-0917 CISCO SECTRACK
| Develooping -- Flash Chat
| ** DISPUTED ** PHP remote file inclusion vulnerability in adminips.php in Develooping Flash Chat allows remote attackers to execute arbitrary PHP code via a URL in the banned_file parameter. NOTE: CVE disputes this vulnerability because banned_file is set to a constant value. | | 7.0 | CVE-2006-7011 VIM BID XF
| eXtremePow -- eXtreme File Hosting
| Unrestricted file upload vulnerability in eXtremePow eXtreme File Hosting allows remote attackers to upload arbitrary PHP code via a filename with a double extension such as (1) .rar.php or (2) .zip.php. | | 7.0 | CVE-2007-0871 BUGTRAQ BID
| Fullaspsite -- ASP Hosting Site
| Cross-site scripting (XSS) vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | | 7.0 | CVE-2007-0950 BUGTRAQ BID
| Fullaspsite -- ASP Hosting Site
| SQL injection vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to execute arbitrary SQL commands via the cat parameter. | | 7.0 | CVE-2007-0951 BUGTRAQ BID
| FusionPhp -- Fusion Polls
| PHP remote file inclusion vulnerability in admin/index.php in Fusion Polls allows remote attackers to execute arbitrary PHP code via a URL in the xtrphome parameter. | | 7.0 | CVE-2006-7003 BUGTRAQ BUGTRAQ
| fx-APP -- fx-APP
| The Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepresent the contents of a web page via an arbitrary URL in the url parameter to a showhtml action for index.php, which causes the URL to be displayed within an iframe. | | 10.0 | CVE-2006-7022 BUGTRAQ BID XF
| Gecad Technologies -- Axigen Mail Server
| Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via certain base64-encoded data on the pop3 port (110/tcp), which triggers an integer overflow. | | 10.0 | CVE-2007-0886 FULLDISC OTHER-REF BID XF
| GraphicsMagick -- GraphicsMagick ImageMagick -- ImageMagick
| Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOTE: this issue is due to an incomplete patch for CVE-2006-5456. | | 8.0 | CVE-2007-0770 BUGTRAQ OTHER-REF MANDRIVA
| Harpia -- Harpia CMS
| Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) func_prog parameter to (a) preload.php and (b) index.php; (2) header_prog parameter to (c) missing.php and (d) email.php, (e) files.php, (f) headlines.php, (g) search.php, (h) topics.php, and (i) users.php in _mods/; (3) theme_root parameter to (j) footer.php, (k) header.php, (l) pfooter.php, and (m) pheader.php in _inc; (4) mod_root parameter to _inc/header.php; and the (5) mod_dir and (6) php_ext parameters to (n) _inc/web_statsConfig.php. | | 7.0 | CVE-2006-7024 MILW0RM BID XF
| HP -- HP-UX
| Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers to overwrite arbitrary files and gain privileges via a crafted RPC request. | | 10.0 | CVE-2007-0915 HP BID SECTRACK
| iTinySoft Studio -- Total Video Player
| Stack-based buffer overflow in iTinySoft Studio Total Video Player 1.03, and possibly earlier, allows remote attackers to execute arbitrary code via a M3U playlist file that contains a long file name. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 10.0 | CVE-2007-0949 BID SECUNIA
| Jobline -- Jobline
| ** DISPUTED ** PHP remote file inclusion vulnerability in admin.jobline.php in Jobline 1.1.1 allows remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path parameter. NOTE: CVE disputes this issue because the script is protected against direct requests. | | 10.0 | CVE-2006-7015 BUGTRAQ VIM XF
| Joomla! -- Joomla!
| Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact and attack vectors, related to "securing mosmsg from misuse." NOTE: it is possible that this issue overlaps CVE-2006-1029. | | 7.0 | CVE-2006-7008 OTHER-REF OSVDB SECUNIA
| Joomla! -- Joomla!
| Joomla! before 1.0.10 allows remote attackers to spoof the frontend submission forms, which has unknown impact and attack vectors. | | 7.0 | CVE-2006-7009 OTHER-REF SECUNIA
| Joomla! -- Joomla!
| The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks. | | 7.0 | CVE-2006-7010 OTHER-REF SECUNIA
| JPortal -- JPortal Web Server
| Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php in Jportal 2.3.1, and possibly earlier, allows remote attackers to perform privileged actions as administrators by tricking the admin into accessing a URL with modified arguments to admin/admin.adm.php. | | 8.0 | CVE-2007-0912 BUGTRAQ
| Jupiter CMS -- Jupiter CMS
| Directory traversal vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot), or an absolute pathname, in the n parameter. | | 7.0 | CVE-2007-0987 BUGTRAQ BUGTRAQ OTHER-REF OTHER-REF OTHER-REF BID
| KvGuestbook -- KvGuestbook
| The dologin function in guestbook.php in KvGuestbook 1.0 Beta allows remote attackers to gain administrative privileges, probably via modified $mysql['pass'] and $gbpass variables. | | 7.0 | CVE-2007-0926 BUGTRAQ
| LightRO -- LightRO CMS
| SQL injection vulnerability in projects.php in LightRO CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter to index.php. | | 7.0 | CVE-2007-0904 OTHER-REF FRSIRT XF
| LizardTech -- DjVu Browser Plug-in
| Multiple buffer overflows in the LizardTech DjVu Browser Plug-in before 6.1.1 allow remote attackers to execute arbitrary code via unspecified vectors. | | 7.0 | CVE-2007-0324 BUGTRAQ OTHER-REF CERT-VN BID SECUNIA
| Matthieu Aubry -- phpMyVisites
| CRLF injection vulnerability in phpMyVisites before 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the url parameter, when the pagename parameter begins with "FILE:". | | 7.0 | CVE-2007-0892 FULLDISC
| McRefer -- McRefer
| SQL injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | | 7.0 | CVE-2007-0875 BUGTRAQ OTHER-REF BID
| Microsoft -- Office 2004 for Mac Microsoft -- Windows 2003 Microsoft -- Windows 2000 Microsoft -- Office 2000 Microsoft -- Office 2003 Microsoft -- Windows XP Microsoft -- Office XP Microsoft -- Learning Essentials
| The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption. | | 8.0 | CVE-2006-1311 MS
| Microsoft -- Step-by-Step Interactive Training
| The Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via crafted bookmark link files, a different issue than CVE-2005-1212. | | 8.0 | CVE-2006-3448 MS
| Microsoft -- Internet Explorer
| Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193. | | 10.0 | CVE-2006-4697 MS
| Microsoft -- Windows Defender Microsoft -- Malware Protection Engine Microsoft -- Windows Antigen Microsoft -- Windows Live OneCare Microsoft -- Windows Forefront Security
| Integer overflow in the Microsoft Malware Protection Engine (mpengine.dll), as used by Windows Live OneCare, Antigen, Defender, and Forefront Security, allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file. | | 8.0 | CVE-2006-5270 MS
| Microsoft -- Visual Studio .NET Microsoft -- Windows Server 2003
| The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2000 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. | | 8.0 | CVE-2007-0025 MS
| Microsoft -- Windows 2003 Microsoft -- Windows 2000 Microsoft -- Windows XP
| The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. | | 8.0 | CVE-2007-0026 MS
| Microsoft -- Word
| Microsoft Word 2002, 2003, and 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code. | | 8.0 | CVE-2007-0208 MS
| Microsoft -- Word
| Microsoft Word 2000, 2002, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption. | | 8.0 | CVE-2007-0209 MS
| Microsoft -- Windows XP
| The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 allows local users to gain privileges via unspecified vectors involving an "unchecked buffer," probably a buffer overflow. | | 7.0 | CVE-2007-0210 MS
| Microsoft -- Windows Server 2003 Microsoft -- Windows XP
| The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware." | | 7.0 | CVE-2007-0211 MS
| Microsoft -- XP Microsoft -- Windows 2000 Microsoft -- Windows XP Microsoft -- Windows 2003
| The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters. | | 8.0 | CVE-2007-0214 MS
| Microsoft -- Internet Explorer
| The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption. | | 10.0 | CVE-2007-0217 MS
| Microsoft -- Internet Explorer
| Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697. | | 10.0 | CVE-2007-0219 MS
| Microsoft -- Word
| Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027. | | 8.0 | CVE-2007-0870 OTHER-REF
| Microsoft -- Powerpoint
| Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues. | | 8.0 | CVE-2007-0913 OTHER-REF
| NaboCorp Softwares -- NaboPoll
| nabopoll 1.1.2 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) config_edit.php, (2) template_edit.php, or (3) survey_edit.php in admin/. | | 7.0 | CVE-2007-0873 BUGTRAQ OTHER-REF BID
| Nicecoder -- indexu
| Multiple PHP remote file inclusion vulnerabilities in Indexu 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the admin_template_path parameter to admin/ scripts (1) app_change_email.php, (2) app_change_pwd.php, (3) app_mod_rewrite.php, (4) app_page_caching.php, (5) app_setup.php, (6) cat_add.php, (7) cat_delete.php, (8) cat_edit.php, (9) cat_path_update.php, (10) cat_search.php, (11) cat_struc.php, (12) cat_view.php, (13) cat_view_hidden.php, (14) cat_view_hierarchy.php, (15) cat_view_registered_only.php, (16) checkurl_web.php, (17) db_alter.php, (18) db_alter_change.php, (19) db_backup.php, (20) db_export.php, (21) db_import.php, (22) editor_add.php, (23) editor_delete.php, (24) editor_validate.php, (25) head.php, (26) index.php, (27) inv_config.php, (28) inv_config_payment.php, (29) inv_create.php, (30) inv_delete.php, (31) inv_edit.php, (32) inv_markpaid.php, (33) inv_markunpaid.php, (34) inv_overdue.php, (35) inv_paid.php, (36) inv_send.php,!
(37) inv_unpaid.php, (38) lang_modify.php, (39) link_add.php, (40) link_bad.php, (41) link_bad_delete.php, (42) link_checkurl.php, (43) link_delete.php, (44) link_duplicate.php, (45) link_edit.php, (46) link_premium_listing.php, (47) link_premium_sponsored.php, (48) link_search.php, (49) link_sponsored_listing.php, (50) link_validate.php, (51) link_validate_edit.php, (52) link_view.php, (53) log_search.php, (54) mail_modify.php, (55) menu.php, (56) message_create.php, (57) message_delete.php, (58) message_edit.php, (59) message_send.php, (60) message_subscriber.php, (61) message_view.php, (62) review_validate.php, (63) review_validate_edit.php, (64) summary.php, (65) template_active.php, (66) template_add_custom.php, (67) template_delete.php, (68) template_delete_file.php, (69) template_duplicate.php, (70) template_export.php, (71) template_import.php, (72) template_manager.php, (73) template_modify.php, (74) template_modify_file.php, (75) template_rename.php, (76) user_ad!
d.php, (77) user_delete.php, (78) user_edit.php, (79) user_sea!
rch.php,
and (80) whos.php. | | 7.0 | CVE-2006-7017 BUGTRAQ SECTRACK SECUNIA XF
| Oliver Georgi -- phpwcms
| phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via a crafted argument to the nome_evento parameter to phpwcms_code_snippets/mail_file_form.php and (2) sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function. | | 10.0 | CVE-2006-7018 OTHER-REF FRSIRT SECUNIA XF
| Philboard -- Philboard
| SQL injection vulnerability in philboard_forum.asp in Philboard 1.14 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter. | | 7.0 | CVE-2007-0920 OTHER-REF BID XF
| PHP -- PHP Trustix -- Secure Linux
| PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383. | | 7.0 | CVE-2007-0905 OTHER-REF OTHER-REF BID FRSIRT SECUNIA
| PHP -- PHP Trustix -- Secure Linux
| Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. | | 7.0 | CVE-2007-0906 OTHER-REF OTHER-REF BID FRSIRT SECUNIA
| PHP -- PHP Trustix -- Secure Linux
| Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function. | | 10.0 | CVE-2007-0909 OTHER-REF OTHER-REF BID FRSIRT SECUNIA
| PHP Script Tools -- PSY Auction
| SQL injection vulnerability in item.php in PSY Auction allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 7.0 | CVE-2006-7005 OTHER-REF BID
| phpjobboard -- phpjobboard
| phpjobboard allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin.php with adminop=job-edit. | | 7.0 | CVE-2006-7016 BUGTRAQ VIM OSVDB XF
| phpwcms -- phpwcms
| phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via crafted arguments to the (1) text_evento and (2) email_eventonome_evento parameters to phpwcms_code_snippets/mail_file_form.php and sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 7.0 | CVE-2006-7019 OTHER-REF FRSIRT SECUNIA XF
| Plume CMS -- Plume CMS
| PHP remote file inclusion vulnerability in manager/tools/link/dbinstall.php in Plume CMS 1.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter. | | 7.0 | CVE-2006-7021 OTHER-REF OTHER-REF BID SECTRACK XF
| Radical Technologies -- Portal Search
| Cross-site scripting (XSS) vulnerability in buscador/buscador.htm in Portal Search allows remote attackers to inject arbitrary web script or HTML via the query string. | | 7.0 | CVE-2007-0922 BUGTRAQ BID
| Rainbow Portal -- Rainbow with the Zen Rainbow Portal -- Rainbow.Zen
| Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter. | | 7.0 | CVE-2007-0885 BUGTRAQ
| Roaring Penguin -- MIMEDefang
| Buffer overflow in Roaring Penguin MIMEDefang 2.59 and 2.60 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors. | | 10.0 | CVE-2007-0884 MLIST SECUNIA
| Robin de Graff -- Somery
| ** DISPUTED ** PHP remote file inclusion vulnerability in upload/admin/team.php in Robin de Graff Somery 0.4.4 allows remote attackers to execute arbitrary PHP code via a URL in the checkauth parameter. NOTE: CVE disputes this vulnerability because the checkauth parameter is only used in conditionals. | | 7.0 | CVE-2006-7006 BUGTRAQ OTHER-REF OTHER-REF VIM BID OSVDB
| S.H.Mohanjith -- MOHA Chat
| MOHA Chat 0.1b7 and earlier does not require authentication for use of the plug in API, which has unknown impact and attack vectors. | | 7.0 | CVE-2007-0954 OTHER-REF FRSIRT
| Sage -- Sage++ Sage -- Sage
| Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "<SCRIPT/='SRC='" sequence in an RSS feed, a different vulnerability than CVE-2006-4712. | | 7.0 | CVE-2007-0896 OTHER-REF OTHER-REF OTHER-REF SECUNIA
| SCart -- SCart
| scart.cgi in SCart 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter of a show_text action. | | 10.0 | CVE-2006-7012 BUGTRAQ MILW0RM OTHER-REF XF
| Scriptsez.net -- Virtual Calendar
| Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net Virtual Calendar allow remote attackers to inject arbitrary web script or HTML via the (1) t and (2) yr parameters, and the (3) sho parameter when the m parameter is outside the intended range. | | 7.0 | CVE-2007-0952 BID SECUNIA XF
| Simple Machines -- Simple Machines Forum
| ** DISPUTED ** QueryString.php in Simple Machines Forum (SMF) 1.0.7 and earlier, and 1.1rc2 and earlier, allows remote attackers to more easily spoof the IP address and evade banning via a modified X-Forwarded-For HTTP header, which is preferred instead of other more reliable sources for the IP address. NOTE: the original researcher claims that the vendor has disputed this issue. | | 7.0 | CVE-2006-7013 BUGTRAQ
| SmidgeonSoft -- PEBrowse
| Buffer overflow in SmidgeonSoft PEBrowse Professional 8.2.1.0 allows user-assisted remote attackers to execute arbitrary code via certain executable files in PE format. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 8.0 | CVE-2007-0879 BID
| Sun -- Solaris Sun -- SunOS
| The telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account. | | 10.0 | CVE-2007-0882 OTHER-REF Milw0rm
| TagIt! -- Tagboard
| Multiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard 2.1.B Build 2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) configpath parameter to (a) tagviewer.php, (b) tag_process.php, and (c) CONFIG/errmsg.inc.php; and (d) addTagmin.php, (e) ban_watch.php, (f) delTagmin.php, (g) delTag.php, (h) editTagmin.php, (i) editTag.php, (j) manageTagmins.php, and (k) verify.php in tagmin/; the (2) adminpath parameter to (l) tagviewer.php, (m) tag_process.php, and (n) tagmin/index.php; and the (3) admin parameter to (o) readconf.php, (p) updateconf.php, (q) updatefilter.php, and (r) wordfilter.php in tagmin/; different vectors than CVE-2006-5249. | | 7.0 | CVE-2007-0900 OTHER-REF FRSIRT
| Till Gerken -- phpPolls
| Till Gerken phpPolls 1.0.3 allows remote attackers to bypass authentication and perform certain administrative actions via a direct request to phpPollAdmin.php3. NOTE: this issue might subsume CVE-2006-3764. | | 7.0 | CVE-2007-0924 BUGTRAQ BID
| uTorrent -- uTorrent
| Heap-based buffer overflow in uTorrent 1.6 allows remote attackers to execute arbitrary code via a torrent file with a crafted announce header. | | 7.0 | CVE-2007-0927 OTHER-REF BID
|