Primary Vendor -- Product | Description | | CVSS Score | Source & Patch Info | 3proxy -- 3proxy
| Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, and 0.6b-devel before 20070413, might allow remote attackers to execute arbitrary code via crafted transparent requests. | | 10.0 | CVE-2007-2031 OTHER-REF
| Actionpoll -- Actionpoll
| Multiple PHP remote file inclusion vulnerabilities in Robert Ladstaetter ActionPoll 1.1.0, and possibly 1.1.1, allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_POLLDB parameter to actionpoll.php or (2) the CONFIG_DB parameter to db/DataReaderWriter.php, different vectors than CVE-2001-1297. | | 7.0 | CVE-2007-2064 BUGTRAQ BID BID
| Actionpoll -- Actionpoll
| PHP remote file inclusion vulnerability in db/PollDB.php in Robert Ladstaetter ActionPoll 1.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG_DATAREADERWRITER parameter, a different vector than CVE-2001-1297. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 7.0 | CVE-2007-2065 BID
| Adobe -- Flash Player Opera Software -- Opera Web Browser
| Unspecified vulnerability in the Adobe Macromedia Flash Player 7.x and 9.x plug-in on Opera before 9.20, when running on Linux, Solaris, or FreeBSD platforms, has unspecified impact and remote attack vectors. | | 7.0 | CVE-2007-2022 OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA XF
| Aircrack-ng -- airodump-ng
| Stack-based buffer overflow in aircrack-ng airodump-ng 0.7 allows remote attackers to execute arbitrary code via crafted 802.11 authentication packets. | | 10.0 | CVE-2007-2057 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF
| AjPortal2Php -- AjPortal2Php
| Multiple PHP remote file inclusion vulnerabilities in AjPortal2Php allow remote attackers to execute arbitrary PHP code via a URL in the PagePrefix parameter to (1) begin.inc.php, (2) connection.inc.php, (3) events.inc.php, (4) footer.inc.php, (5) header.inc.php, (6) menuleft.inc.php, or (7) pages.inc.php in includes/. | | 7.0 | CVE-2007-2142 MILW0RM FRSIRT
| Akamai Technologies -- Download Manager
| Stack-based buffer overflow in the GetPrivateProfileSectionW function in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) after 2.0.4.4 but before 2.2.1.0 allows remote attackers to execute arbitrary code, related to misinterpretation of the nSize parameter as a byte count instead of a wide character count. | | 10.0 | CVE-2007-1891 IDEFENSE BUGTRAQ BID
| Akamai Technologies -- Download Manager
| Stack-based buffer overflow in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) before 2.2.1.0 allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2007-1891. | | 10.0 | CVE-2007-1892 BUGTRAQ BID
| Anthologia -- Anthologia
| PHP remote file inclusion vulnerability in index.php in Anthologia 0.5.2 allows remote attackers to execute arbitrary PHP code via a URL in the ads_file parameter. | | 7.0 | CVE-2007-2094 MILW0RM BID
| Antonis Ventouris -- Weather Module
| PHP remote file inclusion vulnerability in mod_weather.php in the Antonis Ventouris Weather module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter. | | 7.0 | CVE-2007-2044 MILW0RM FRSIRT
| APOP Protocol -- APOP Protocol
| The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird, (2) Evolution, (3) mutt, and (4) fetchmail. | | 7.0 | CVE-2007-1558 BUGTRAQ
| Avant-Garde Solutions -- MOSMedia
| Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia (com_mosmedia) 1.08 and earlier module for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) media.tab.php or (2) media.divs.php. | | 7.0 | CVE-2007-2043 MILW0RM BID FRSIRT
| BonoEstente -- Joomla Template Be2004-2
| PHP remote file inclusion vulnerability in index.php in the Be2004-2 template for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | | 7.0 | CVE-2007-2143 MILW0RM
| Cabron Connector -- Cabron Connector
| PHP remote file inclusion vulnerability in services/samples/inclusionService.php in Cabron Connector 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the CabronServiceFolder parameter. | | 7.0 | CVE-2007-2154 MILW0RM BID FRSIRT
| Cisco -- Wireless Control System
| Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded FTP username and password for backup operations, which allows remote attackers to read and modify arbitrary files via unspecified vectors related to "properties of the FTP server," aka Bug ID CSCse93014. | | 7.0 | CVE-2007-2032 CISCO BID FRSIRT SECTRACK SECUNIA XF
| Cisco -- Wireless LAN Controller
| The SNMP implementation in the Cisco Wireless LAN Controller (WLC) before 20070419 uses the default read-only community public, and the default read-write community private, which allows remote attackers to read and modify SNMP variables, aka Bug ID CSCse02384. | | 10.0 | CVE-2007-2036 CISCO BID FRSIRT SECTRACK XF
| Clam Anti-Virus -- ClamAV
| Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow. | | 7.0 | CVE-2007-1997 IDEFENSE OTHER-REF BID FRSIRT SECUNIA XF SECTRACK
| eIQnetworks -- Enterprise Security Analyzer
| Multiple buffer overflows in the ESA protocol implementation in eIQnetworks Enterprise Security Analyzer (ESA) 2.5 allow remote attackers to execute arbitrary code via a long parameter to the (1) DELETESEARCHFOLDER, (2) DELTASK, (3) HMGR_CHECKHOSTSCSV, (4) TASKUPDATEDUSER, (5) VERIFYUSERKEY, or (6) VERIFYPWD command. | | 10.0 | CVE-2007-2059 BUGTRAQ OTHER-REF FRSIRT SECUNIA XF
| FAC Guestbook -- FAC Guestbook
| FAC Guestbook 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/Gdb.mdb. | | 10.0 | CVE-2007-2100 BUGTRAQ BID SECUNIA XF
| FAC Guestbook -- FAC Guestbook
| FAC Guestbook 3.01 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/gbdb.mdb. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 10.0 | CVE-2007-2101 BID SECUNIA XF
| Franklin Huang -- Flip-search-add-on
| PHP remote file inclusion vulnerability in everything.php in Franklin Huang Flip (aka Flip-search-add-on) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter. | | 7.0 | CVE-2007-2140 BUGTRAQ
| Hinton Design -- PHPHD Download System
| PHP remote file inclusion vulnerability in common.php in Hinton Design PHPHD Download System (phphd_downloads) allows remote attackers to execute arbitrary PHP code via a URL in the phphd_real_path parameter. NOTE: this issue may be present in versions from 2006. | | 7.0 | CVE-2007-2096 BUGTRAQ
| Ivan Gallery Script -- Ivan Gallery Script
| ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Ivan Gallery Script 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue has been disputed by third party researchers for 0.3, stating that the dir variable is properly initialized before use. | | 7.0 | CVE-2007-2072 BUGTRAQ VIM BID
| Ivan Gallery Script -- Ivan Gallery Script
| PHP remote file inclusion vulnerability in index.php in Ivan Gallery Script 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the gallery parameter in a new session. | | 7.0 | CVE-2007-2073 VIM
| iXon CMS -- iXon CMS
| Multiple directory traversal vulnerabilities in iXon CMS 0.30 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme_url parameter to (1) index.php, (2) page.php, (3) search.php, (4) single.php, and (5) archives.php. | | 7.0 | CVE-2007-2104 BUGTRAQ XF
| JoomlaPack -- JoomlaPack
| PHP remote file inclusion vulnerability in includes/CAltInstaller.php in the JoomlaPack (com_jpack) 1.0.4a2 RE component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | | 7.0 | CVE-2007-2144 MILW0RM FRSIRT
| Kai Content Management System -- Kai Content Management System
| Directory traversal vulnerability in index.php in Kai Content Management System (K-CMS) 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the current_theme parameter. | | 7.0 | CVE-2007-2106 BUGTRAQ XF
| Kooijman-Design -- jGallery
| PHP remote file inclusion vulnerability in index.php in jGallery 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the G_JGALL[inc_path] parameter. | | 7.0 | CVE-2007-2158 MILW0RM FRSIRT
| LANDesk Software -- LANDesk Management Suite
| Stack-based buffer overflow in the Alert Service (aolnsrvr.exe) in LANDesk Management Suite 8.7 allows remote attackers to execute arbitrary code via a crafted packet to port 65535/UDP. | | 10.0 | CVE-2007-1674 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA
| Limesoft -- Limesoft Guestbook
| Direct static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook) allows remote attackers to inject arbitrary PHP code into posts.txt via the name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 7.0 | CVE-2007-2092 FRSIRT
| Limesoft -- Limesoft Guestbook
| Direct static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook) 1.0 allows remote attackers to inject arbitrary PHP code into posts.txt via the message parameter. | | 7.0 | CVE-2007-2093 BUGTRAQ MILW0RM BID FRSIRT SECUNIA XF
| Maian -- Search
| PHP remote file inclusion vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, but confirmed by the vendor, stating "this issue was fixed last year and [no] is longer a problem." | | 7.0 | CVE-2007-2077 BUGTRAQ BUGTRAQ VIM
| McAfee -- VirusScan Enterprise
| Buffer overflow in the On-Access Scanner in McAfee VirusScan Enterprise before 8.0i Patch 12 allows user-assisted remote attackers to execute arbitrary code via a long filename containing multi-byte (Unicode) characters. | | 8.0 | CVE-2007-2152 IDEFENSE OTHER-REF BID FRSIRT SECTRACK SECUNIA
| Microsoft -- Windows 2003 Microsoft -- Windows 2000
| Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via via a long zone name containing character constants represented by escape sequences. | | 10.0 | CVE-2007-1748 OTHER-REF OTHER-REF CERT-VN SECUNIA OTHER-REF CERT BID FRSIRT SECTRACK XF
| MiniGal -- MiniGal
| The imagecomments function in classes.php in MiniGal b13 allows remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the input parameter. NOTE: some of these details are obtained from third party information. | | 7.0 | CVE-2007-2145 MILW0RM FRSIRT
| MiniGal -- MiniGal
| The imagecomments function in classes.php in MiniGal b13 allow remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the (1) name or (2) email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 7.0 | CVE-2007-2146 FRSIRT
| Monkey CMS -- Monkey CMS
| Directory traversal vulnerability in admin/index.php in Monkey CMS 0.0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the admin_skin parameter. | | 7.0 | CVE-2007-2105 BUGTRAQ XF
| my little homepage -- My Little Weblog
| Cross-site scripting (XSS) vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vector than CVE-2006-6087. | | 7.0 | CVE-2007-2102 BUGTRAQ
| my little homepage -- my little forum
| Multiple PHP remote file inclusion vulnerabilities in my little forum 1.7 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) admin.php and (2) timedifference.php. | | 7.0 | CVE-2007-2103 BUGTRAQ
| MyBlog -- MyBlog
| MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication requirements via the admin cookie parameter to certain admin files, as demonstrated by admin/settings.php. | | 7.0 | CVE-2007-2081 BUGTRAQ BID
| MySpeach -- MySpeach
| PHP remote file inclusion vulnerability in chat.php in MySpeach 1.9 allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter, a different vector than CVE-2007-0498. | | 7.0 | CVE-2007-2095 BUGTRAQ
| Openads -- Openads
| Multiple CRLF injection vulnerabilities in adclick.php in (a) Openads (phpAdsNew) 2.0.11 and earlier and (b) Openads for PostgreSQL (phpPgAds) 2.0.11 and earlier allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in (1) the dest parameter and (2) the Referer HTTP header. NOTE: some of these details are obtained from third party information. | | 7.0 | CVE-2007-2046 OTHER-REF OTHER-REF OTHER-REF FRSIRT SECUNIA
| Openads -- Openads
| CRLF injection vulnerability in www/delivery/ck.php in Openads 2.3 (aka Max Media Manager, MMM) before 0.3.31-alpha-pr3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the destination parameter. NOTE: some of these details are obtained from third party information. | | 7.0 | CVE-2007-2047 OTHER-REF FRSIRT
| OpenConcept -- Back-End CMS
| Multiple PHP remote file inclusion vulnerabilities in OpenConcept Back-End CMS 0.4.7 allow remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter to (1) click.php or (2) pollcollector.php in htdocs/; or (3) index.php, (4) articlepages.php, (5) articles.php, (6) articleform.php, (7) articlesections.php, (8) createArticlesPage.php, (9) guestbook.php, (10) helpguide.php, (11) helpguideeditor.php, (12) links.php, (13) upload.php, (14) sitestatistics.php, (15) nav.php, (16) tpl_upload.php, (17) linksections, or (18) pophelp.php in htdocs/site-admin/; different vectors than CVE-2006-5076. | | 7.0 | CVE-2007-2097 BUGTRAQ XF
| OpenConcept -- Back-End CMS
| Cross-site scripting (XSS) vulnerability in htdocs/php.php in OpenConcept Back-End CMS 0.4.7 allows remote attackers to inject arbitrary web script or HTML via the page[] parameter. | | 7.0 | CVE-2007-2099 BUGTRAQ XF
| openMairie -- openMairie
| Directory traversal vulnerability in scr/soustab.php in openMairie 1.11 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dsn[phptype] parameter. | | 7.0 | CVE-2007-2069 MILW0RM BID
| Oracle -- Oracle Database
| Unspecified vulnerability in the Core RDBMS component Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote attackers to have an unknown impact, aka DB01. | | 7.0 | CVE-2007-2108 OTHER-REF
| Oracle -- Oracle Database
| Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5 and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03. | | 7.0 | CVE-2007-2110 OTHER-REF
| Oracle -- Oracle Database
| SQL injection vulnerability in the Upgrade/Downgrade component (DBMS_UPGRADE_INTERNAL) for Oracle Database 10.1.0.5 allows remote authenticated users to execute arbitrary SQL commands via unknown vectors, aka DB07. | | 7.0 | CVE-2007-2113 OTHER-REF
| Oracle -- Oracle Application Server Oracle -- Oracle Database
| Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the Administration Front End for Oracle Enterprise (Ultra) Search, as used in Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to inject arbitrary HTML or web script via the EXPTYPE parameter, aka SES01. | | 7.0 | CVE-2007-2119 OTHER-REF OTHER-REF
| Oracle -- Oracle Application Server
| Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.3 up to 10.1.3.2.0, 10.1.2 up to 10.1.2.2.0, and 9.0.4.3 has unknown impact and attack vectors, aka AS04. | | 7.0 | CVE-2007-2123 OTHER-REF
| Oracle -- Oracle Application Server
| Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.4.1.0 has unknown impact and remote attack vectors, aka AS05. | | 7.0 | CVE-2007-2124 OTHER-REF
| Oracle -- E-Business Suite
| Unspecified vulnerability in Oracle E-Business Suite 11.5.10CU2 has unknown impact and remote attack vectors in the (1) Common Applications (APPS01) and (2) iProcurement (APPS02). | | 7.0 | CVE-2007-2126 OTHER-REF
| Oracle -- E-Business Suite
| Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.0 have unknown impact and remote attack vectors via (1) Application Object Library (APPS04), iStore (2) APPS05 and (3) APPS06, (4) iSupport (APPS07), (5) Trade Management (APPS09), and Applications Manager (APPS10). | | 7.0 | CVE-2007-2127 OTHER-REF
| Oracle -- Enterprise Manager
| Unspecified vulnerability in the Agent component in Oracle Enterprise Manager 9.2.0.8 has unknown impact and remote attack vectors, aka EM01. | | 7.0 | CVE-2007-2129 OTHER-REF
| Oracle -- PeopleSoft Enterprise
| Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.22.14, 8.47.12, and 8.48.08 has unknown impact and attack vectors, aka PSE01. | | 7.0 | CVE-2007-2131 OTHER-REF
| Oracle -- PeopleSoft Enterprise
| Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise 8.47.12 and 8.48.08 has unknown impact and attack vectors, aka PSE02. | | 7.0 | CVE-2007-2132 OTHER-REF
| Oracle -- PeopleSoft Enterprise
| Unspecified vulnerability in the PeopleSoft Enterprise Human Capital Management component in Oracle PeopleSoft Enterprise 8.9 has unknown impact and attack vectors, aka PSEHCM01. | | 7.0 | CVE-2007-2133 OTHER-REF
| PhpWiki -- PhpWiki
| Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file. | | 7.0 | CVE-2007-2025 MLIST OTHER-REF
| Rezervi Generic -- Rezervi Generic
| Multiple PHP remote file inclusion vulnerabilities in Rezervi Generic 0.9 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) datumVonDatumBis.inc.php, (2) footer.inc.php, (3) header.inc.php, and (4) stylesheets.php in templates/; and (5) wochenuebersicht.inc.php, (6) monatsuebersicht.inc.php, (7) jahresuebersicht.inc.php, and (8) tagesuebersicht.inc.php in belegungsplan/. | | 7.0 | CVE-2007-2156 MILW0RM FRSIRT
| Rha7 Downloads -- Rha7 Downloads
| SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-1960. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 7.0 | CVE-2007-2107 FRSIRT
| Secustick -- Secustick USB flash drive
| USB20.dll in Secustick USB flash drive decouples the authorization and file access routines, which allows local users to bypass authentication requirements by altering the return value of the VerifyPassWord function. | | 7.0 | CVE-2007-2023 OTHER-REF OTHER-REF
| ShoutPro -- ShoutPro
| Direct static code injection vulnerability in shoutbox.php in ShoutPro 1.5.2 allows remote attackers to inject arbitrary PHP code into shouts.php via the shout parameter. | | 7.0 | CVE-2007-2141 BUGTRAQ MILW0RM BID FRSIRT
| SiteBar -- SiteBar
| Multiple PHP remote file inclusion vulnerabilities in Sitebar 3.3.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) writerFile parametere to index.php and the (2) file parameter to Integrator.php. | | 7.0 | CVE-2007-2088 BUGTRAQ XF
| Stephen Craton -- Chatness
| admin/options.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier does not check for administrative credentials, which allows remote attackers to read and modify the classes/vars.php and classes/varstuff.php configuration files via direct requests. | | 10.0 | CVE-2007-2147 BUGTRAQ FRSIRT SECUNIA
| Stephen Craton -- Chatness
| Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier stores usernames and unencrypted passwords in (1) classes/vars.php and (2) classes/varstuff.php, and recommends 0666 or 0777 permissions for these files, which allows local users to gain privileges by reading the files, and allows remote attackers to obtain credentials via a direct request for admin/options.php. | | 10.0 | CVE-2007-2149 BUGTRAQ FRSIRT SECUNIA
| Sun -- Solaris Sun -- Java Web Console x86 Sun -- Java Web Console
| Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog. | | 10.0 | CVE-2007-1681 BUGTRAQ OTHER-REF SUNALERT BID FRSIRT
| Tsdisplay4xoops -- Tsdisplay4xoops
| PHP remote file inclusion vulnerability in blocks/tsdisplay4xoops_block2.php in tsdisplay4xoops (TSD4XOOPS) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the xoops_url parameter. | | 7.0 | CVE-2007-2091 MILW0RM BID FRSIRT
| TuMusika Evolution -- TuMusika Evolution
| Cross-site scripting (XSS) vulnerability in index.php in TuMusika Evolution 1.6 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | | 7.0 | CVE-2007-2090 BUGTRAQ FRSIRT SECUNIA XF
| Turnkey Web Tools -- SunShop Shopping Cart
| Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart 3.5 and 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php or (2) checkout.php. | | 7.0 | CVE-2007-2070 MILW0RM BID
| VCDGear -- VCDGear
| Stack-based buffer overflow in VCDGear 3.55 and 3.56 BETA allows user-assisted remote attackers to execute arbitrary code via a long FILE argument in a CUE file. | | 8.0 | CVE-2007-2062 BUGTRAQ MILW0RM BID SECUNIA XF
| Wabbit -- Wabbit PHP Gallery
| Multiple cross-site scripting (XSS) vulnerabilities in showpic.php in Wabbit PHP Gallery 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) pic and (2) gal parameters. | | 7.0 | CVE-2007-2098 BUGTRAQ
| WebSlider -- WebSlider
| Multiple PHP remote file inclusion vulnerabilities in Marco Antonio Islas Cruz Web Slider (WebSlider) 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) index.php, (2) modules/pdf.php, (3) plugins/highlight.php, or (4) include/modules.php. | | 7.0 | CVE-2007-2067 MILW0RM FRSIRT XF
| XAMPP -- Apache Distribution
| The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer overflow and execute arbitrary code via a long host parameter, or have other unspecified impact. NOTE: it could be argued that this is an issue in mssql_connect (CVE-2007-1411.1) in PHP, or an issue in the ADOdb Library, and the proper fix should be in one of these products; if so, then this should not be treated as a vulnerability in XAMPP. | | 10.0 | CVE-2007-2079 MILW0RM BID XF
| XAMPP -- Apache Distribution
| Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows allow remote attackers to execute arbitrary SQL commands via unspecified vectors in certain test scripts. | | 7.0 | CVE-2007-2080 MILW0RM
|