Primary Vendor -- Product | Description | | CVSS Score | Source & Patch Info | 212cafe -- 212cafeboard
| Cross-site scripting (XSS) vulnerability in list3.php in 212cafeBoard 6.30 Beta allows remote attackers to inject arbitrary web script or HTML via the user parameter. | | 7.0 | CVE-2007-0549 BUGTRAQ XF
| 212cafe -- 212cafeBoard
| Cross-site scripting (XSS) vulnerability in search.php in 212cafeBoard 0.08 Beta allows remote attackers to inject arbitrary web script or HTML via keyword parameter. | | 7.0 | CVE-2007-0550 BUGTRAQ XF
| ACGVclick -- ACGVclick
| PHP remote file inclusion vulnerability in function.inc.php in ACGVclick 0.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | | 7.0 | CVE-2007-0577 OTHER-REF BID FRSIRT SECUNIA
| Alientrap -- Nexuiz
| Unspecified vulnerability in Nexuiz 2.2.2 allows remote attackers to read and overwrite arbitrary files via the gamedir command. | | 7.0 | CVE-2007-0657 OTHER-REF FRSIRT SECUNIA
| Apple -- Mac OS X Apple -- Apple Installer
| Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4.8 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a (1) PKG, (2) DISTZ, or (3) MPKG package filename. | | 8.0 | CVE-2007-0465 OTHER-REF BID
| Apple -- Mac OS X Apple -- Quicktime
| The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. NOTE: this issue might overlap CVE-2007-0462. | | 10.0 | CVE-2007-0588 OTHER-REF BID
| ASP EDGE -- ASP EDGE
| SQL injection vulnerability in user.asp in ASP EDGE 1.2b and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter. | | 7.0 | CVE-2007-0560 OTHER-REF
| ASP EDGE -- ASP EDGE
| SQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via a username cookie, a different vector than CVE-2007-0560. | | 7.0 | CVE-2007-0632 FRSIRT
| ASP NEWS -- ASP NEWS
| SQL injection vulnerability in news_detail.asp in ASP NEWS 3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | | 7.0 | CVE-2007-0566 OTHER-REF
| Aztek Forum -- Aztek Forum
| SQL injection vulnerability in forum/load.php in Aztek Forum 4.00 allows remote attackers to execute arbitrary SQL commands via the fid cookie to forum.php. | | 7.0 | CVE-2007-0598 BUGTRAQ BUGTRAQ OTHER-REF
| Aztek Forum -- Aztek Forum
| Variable overwrite vulnerability in common/config.php in Aztek Forum 4.00 allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as copying arbitrary files using index/common_actions.php, via vectors associated with extract operations on the (1) POST, (2) GET, (3) COOKIE, and (4) SERVER superglobal arrays. | | 7.0 | CVE-2007-0599 BUGTRAQ BUGTRAQ OTHER-REF
| Aztek Forum -- Aztek Forum
| common/safety.php in Aztek Forum 4.00 allows remote attackers to enter certain data containing %22 sequences (URL encoded double quotes) and other potentially dangerous manipulations by sending a cookie, which bypasses the blacklist matching against the GET and PUT superglobal arrays. | | 7.0 | CVE-2007-0601 BUGTRAQ BUGTRAQ OTHER-REF
| CGI-RESCUE -- Shopping Basket Professional
| CGI-Rescue Shopping Basket Professional 7.50 and earlier allows remote attackers to inject arbitrary operating system commands via in unspecified vectors. | | 7.0 | CVE-2007-0565 OTHER-REF SECUNIA
| ChernobiLe -- ChernobiLe
| SQL injection vulnerability in default.asp in ChernobiLe 1.0 allows remote attackers to execute arbitrary SQL commands via the User (username) field. | | 7.0 | CVE-2007-0582 Milw0rm BID
| chmlib -- chmlib
| chmlib before 0.39 allows user-assisted remote attackers to execute arbitrary code via a crafted page block length in a CHM file, which triggers memory corruption. | | 10.0 | CVE-2007-0619 IDEFENSE OTHER-REF SECTRACK SECUNIA
| CMSimple -- CMSimple
| Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php in CMSimple 2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pth[file][config] and (2) pth[file][image] parameters. | | 7.0 | CVE-2007-0551 BUGTRAQ XF
| CMSimple -- CMSimple
| Cross-site scripting (XSS) vulnerability in the mailform feature in CMSimple 2.7 fix1 allows remote attackers to inject arbitrary web script or HTML via the sender parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | | 7.0 | CVE-2007-0610 SECUNIA
| Docebo -- Docebo
| Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 3.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_lms] parameter to (1) class.module/class.definition.php and (2) modules/scorm/scorm_utils.php. NOTE: this issue may overlap CVE-2006-2577. | | 7.0 | CVE-2006-6963 BUGTRAQ OTHER-REF OSVDB OSVDB XF
| DotNetNuke -- DotNetNuke IFrame
| Cross-site scripting (XSS) vulnerability in the IFrame module before 03.02.01 for DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "Pass through values." | | 7.0 | CVE-2007-0660 OTHER-REF FRSIRT
| Drunken:Golem -- Gaming Portal
| PHP remote file inclusion vulnerability in include/irc/phpIRC.php in Drunken:Golem Gaming Portal 0.5.1 Alpha 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | | 7.0 | CVE-2007-0572 OTHER-REF FRSIRT
| Eclectic Designs -- CascadianFAQ
| SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | | 7.0 | CVE-2007-0631 Milw0rm BID
| Eclectic Designs -- CascadianFAQ
| SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the qid parameter, a different vector than CVE-2007-0631. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | | 7.0 | CVE-2007-0663 FRSIRT
| EclipseBB -- EclipseBB
| PHP remote file inclusion vulnerability in functions.php in EclipseBB 0.5.0 Lite allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | | 7.0 | CVE-2007-0581 OTHER-REF BID
| EncapsCMS -- EncapsCMS
| Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) config[path] parameter to (a) common_foot.php or (b) blogs.php, or (2) the config[theme] parameter to (c) admin/gallery_head.php. | | 7.0 | CVE-2007-0635 BUGTRAQ BID XF
| Forum Livre -- Forum Livre
| SQL injection vulnerability in Forum Livre 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to info_user.asp. | | 7.0 | CVE-2007-0589 OTHER-REF
| Forum Livre -- Forum Livre
| Cross-site scripting (XSS) vulnerability in busca2.asp in Forum Livre 1.0 remote attackers to inject arbitrary web script or HTML via the palavra parameter. | | 7.0 | CVE-2007-0590 OTHER-REF
| Free LAN In(tra|ter)net Portal -- Free LAN In(tra|ter)net Portal
| Multiple cross-site scripting (XSS) vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) inc.page.php and (2) inc.text.php. | | 7.0 | CVE-2007-0611 OTHER-REF FRSIRT
| g-neric -- PHP Generic Library and Framework
| PHP remote file inclusion vulnerability in membres/membreManager.php in PhP Generic Library & Framework for comm (g-neric) allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. | | 7.0 | CVE-2007-0584 OTHER-REF BID FRSIRT
| Galeria Zdjec -- Galeria Zdjec
| Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php. | | 7.0 | CVE-2007-0637 OTHER-REF BID XF
| Guo Xu Guos Posting System -- Guo Xu Guos Posting System
| SQL injection vulnerability in print.asp in Guo Xu Guos Posting System (GPS) 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | | 7.0 | CVE-2007-0554 BUGTRAQ
| GuppY -- GuppY
| Multiple static code injection vulnerabilities in error.php in GuppY 4.5.16 and earlier allow remote attackers to inject arbitrary PHP code into a .inc file in the data/ directory via (1) a REMOTE_ADDR cookie or (2) a cookie specifying an element of the msg array with an error number in the first dimension and 0 in the second dimension, as demonstrated by msg[999][0]. | | 7.0 | CVE-2007-0639 OTHER-REF OTHER-REF SECTRACK SECUNIA XF
| hailBoards -- hailBoards
| PHP remote file inclusion vulnerability in includes/usercp_viewprofile.php in Hailboards 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | | 7.0 | CVE-2007-0662 OTHER-REF BID
| IBM -- AIX
| Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability." | | 7.0 | CVE-2007-0618 AIXAPAR OTHER-REF BID FRSIRT SECUNIA
| Inter7 -- vHostAdmin
| PHP remote file inclusion vulnerability in modules/mail/main.php in Inter7 vHostAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the MODULES_DIR parameter. | | 7.0 | CVE-2007-0558 OTHER-REF FRSIRT
| Interactive-Scripts.Com -- PHP Membership Manager
| Cross-site scripting (XSS) vulnerability in admin.php in Interactive-Scripts.Com PHP Membership Manager 1.5 allows remote attackers to inject arbitrary web script or HTML via the _p parameter. | | 7.0 | CVE-2007-0567 BUGTRAQ BID
| Johannes Gijsbers -- Ad Fundum Integratable News Script
| PHP remote file inclusion vulnerability in ains_main.php in Johannes Gijsbers (aka Taradino) Ad Fundum Integratable News Script (AINS) 0.02b allows remote attackers to execute arbitrary PHP code via a URL in the ains_path parameter. | | 7.0 | CVE-2007-0570 OTHER-REF BID FRSIRT XF
| Joomla! -- RS Gallery2
| PHP remote file inclusion vulnerability in rsgallery2.html.php in the RS Gallery2 component (com_rsgallery2) 1.11.2 for Joomla! allows attackers to execute arbitrary PHP code via the mosConfig_absolute_path parameter. NOTE: this issue may overlap CVE-2006-5047. | | 7.0 | CVE-2006-6962 OTHER-REF BID FRSIRT XF
| Makit -- Newsposter Script Martyn Kilbryde -- Newsposter Script
| SQL injection vulnerability in news_page.asp in Martyn Kilbryde Newsposter Script (aka makit news/blog poster) 3 and earlier allows remote attackers to execute arbitrary SQL commands via the uid parameter. | | 7.0 | CVE-2007-0600 BUGTRAQ OTHER-REF BID XF
| MAXdev -- MDPro
| SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows remote attackers to execute arbitrary SQL commands via the startrow parameter. | | 7.0 | CVE-2007-0623 BUGTRAQ BID SECUNIA
| Microsoft -- Word
| Unspecified vulnerability in Microsoft Word 2003 has unknown impact and user-assisted attack vectors, as detected as Trojan.Mdropper.X in targeted zero-day attacks, but possibly different from CVE-2007-0515, CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561. NOTE: this identifier has been assigned for tracking purposes. Due to lack of details, it cannot be conclusively determined whether it is different from the other CVEs. | | 8.0 | CVE-2007-0621 OTHER-REF OTHER-REF BID
| MODxCMS -- FileDownload
| download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials. | | 7.0 | CVE-2007-0659 OTHER-REF OTHER-REF BID FRSIRT SECUNIA
| MyBB -- MyBB MyBulletinBoard -- MyBulletinBoard
| Cross-site request forgery (CSRF) vulnerability in MyBB (aka MyBulletinBoard) 1.2.2 allows remote attackers to send messages to arbitrary users. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 8.0 | CVE-2007-0622 SECUNIA
| MyPHPCommander -- MyPHPCommander
| PHP remote file inclusion vulnerability in system/lib/package.php in MyPHPCommander 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the gl_root parameter. | | 7.0 | CVE-2007-0568 OTHER-REF BID FRSIRT SECUNIA
| nsGalPHP -- nsGalPHP
| PHP remote file inclusion vulnerability in includes/config.inc.php in nsGalPHP 0.41 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the racineTBS parameter. | | 7.0 | CVE-2007-0573 OTHER-REF MLIST BID FRSIRT SECUNIA
| Oh no! Not another CMS -- Oh no! Not another CMS
| Cross-site scripting (XSS) vulnerability in install/default/error404.html in Oh no! Not another CMS (Onnac) 0.0.8.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the error_url parameter. | | 7.0 | CVE-2007-0552 OTHER-REF OTHER-REF FRSIRT
| phpBB2-MODificat -- phpBB2-MODificat
| PHP remote file inclusion vulnerability in includes/functions.php in phpBB2-MODificat 0.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | | 7.0 | CVE-2007-0656 OTHER-REF BID FRSIRT
| phpMyReports -- phpMyReports
| PHP remote file inclusion vulnerability in include/lib/lib_head.php in phpMyReports 3.0.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfgPathModule parameter. | | 7.0 | CVE-2007-0571 OTHER-REF FRSIRT
| PHProxy -- PHProxy
| Multiple cross-site scripting (XSS) vulnerabilities in index.inc.php in PHProxy before 0.5 beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) data[realm] and (2) _url parameters, different vectors than CVE-2004-2604. NOTE: some of these details are obtained from third party information. | | 7.0 | CVE-2007-0553 OTHER-REF FRSIRT
| RBL -- tForum
| SQL injection vulnerability in tForum 2.00 in the Raymond BERTHOU script collection (aka RBL - ASP allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) pass to user_confirm.asp. | | 7.0 | CVE-2007-0642 BUGTRAQ BUGTRAQ OTHER-REF VIM XF
| Red Hat -- Red Hat Enterprise Linux AS Red Hat -- Red Hat Enterprise Linux ES Red Hat -- Red Hat Enterprise Linux WS Linux -- Linux kernel Red Hat -- Red Hat Desktop
| Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is present, allows local users to cause a denial of service (data corruption) and possibly gain privileges via unknown vectors. | | 7.0 | CVE-2006-5753 REDHAT
| rMake -- rMake
| rMake before 1.0.4 drops root privileges in a way that retains the original supplemental groups, which might allow attackers to gain privileges via a crafted recipe file, a different vulnerability than CVE-2007-0536. | | 7.0 | CVE-2007-0557 OTHER-REF
| RP World -- RP World
| PHP remote file inclusion vulnerability in config.php in RPW 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the sql_language parameter. | | 7.0 | CVE-2007-0559 OTHER-REF FRSIRT
| Shaffer Solutions Corp -- dapcnfsd.dll
| Buffer overflow in the EnumPrintersA function in dapcnfsd.dll 0.6.4.0 in Shaffer Solutions (SSC) DiskAccess NFS Client allows remote attackers to execute arbitrary code via a long argument, an issue similar to CVE-2006-5854 and CVE-2007-0444. | | 7.0 | CVE-2007-0641 OTHER-REF BID
| Six Apart Ltd -- Movable Type
| Cross-site scripting (XSS) vulnerability in Movable Type (MT) before 3.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the MTCommentPreviewIsStatic tag, which can open the "comment entry screen," a different vulnerability than CVE-2007-0231. | | 7.0 | CVE-2007-0604 OTHER-REF
| SpoonLabs -- Vivvo Article Management CMS
| SQL injection vulnerability in rss/show_webfeed.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.40 allows remote attackers to execute arbitrary SQL commands via the wcHeadlines parameter, a different vector than CVE-2006-4715. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | | 7.0 | CVE-2007-0574 BID
| Stefan Holmberg -- AdMentor
| Multiple SQL injection vulnerabilities in the administrative login page in ASPCode.net AdMentor allow remote attackers to execute arbitrary SQL commands via the (1) Userid and (2) Password fields. | | 7.0 | CVE-2007-0575 BUGTRAQ OTHER-REF BID
| Sun -- Java System Access Manager
| Cross-site scripting (XSS) vulnerability in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | | 7.0 | CVE-2007-0628 SUNALERT BID FRSIRT SECUNIA
| T-Systems Solutions for Research GmbH -- MyNews
| PHP remote file inclusion vulnerability in include/themes/themefunc.php in MyNews 4.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter. | | 7.0 | CVE-2007-0633 OTHER-REF BID
| Telestream -- Flip4Mac Windows Media Components for Quicktime
| Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 allows remote attackers to execute arbitrary code via a crafted ASF_File_Properties_Object size field in a WMV file, which triggers memory corruption. | | 10.0 | CVE-2007-0466 OTHER-REF BID FRSIRT SECUNIA
| Vu Le An -- Virtual Path
| PHP remote file inclusion vulnerability in configure.php in Vu Le An Virtual Path (VirtualPath) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | | 7.0 | CVE-2007-0591 OTHER-REF
| Webfwlog -- Webfwlog
| include/debug.php in Webfwlog 0.92 and earlier, when register_globals is enabled, allows remote attackers to obtain source code of files via the conffile parameter. NOTE: some of these details are obtained from third party information. It is likely that this issue can be exploited to conduct directory traversal attacks. | | 8.0 | CVE-2007-0585 OTHER-REF FRSIRT
| X-dev -- xNews
| SQL injection vulnerability in xNews.php in xNews 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a shownews action. | | 7.0 | CVE-2007-0569 OTHER-REF BID SECUNIA
| X-dev -- xNews
| Multiple SQL injection vulnerabilities in the generate_csv function in classes/class.news.php in X-dev xNews 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) from, and (3) q parameters, different vectors than CVE-2007-0569. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | | 7.0 | CVE-2007-0630 FRSIRT
| Xero Portal -- Xero Portal
| Multiple PHP remote file inclusion vulnerabilities in Xero Portal 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) admin_linkdb.php, (2) admin_forum_prune.php, (3) admin_extensions.php, (4) admin_board.php, (5) admin_attachments.php, or (6) admin_users.php in admin/. | | 7.0 | CVE-2007-0561 OTHER-REF
| Xt-Stats -- Xt-Stats
| PHP remote file inclusion vulnerability in xt_counter.php in Xt-Stats 2.3.x up to 2.4.0.b3 allows remote attackers to execute arbitrary PHP code via a URL in the server_base_dir parameter. | | 7.0 | CVE-2007-0576 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF
| ZABBIX -- ZABBIX
| Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses." | | 7.0 | CVE-2007-0640 OTHER-REF BID FRSIRT
|