Primary Vendor -- Product | Description | | CVSS Score | Source & Patch Info | Agnitum -- Outpost Firewall PRO
| Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access restrictions and insert Trojan horse drivers into the product's installation directory by creating links using FileLinkInformation requests with the ZwSetInformationFile function, as demonstrated by modifying SandBox.sys. | | 7.0 | CVE-2007-0333 BUGTRAQ OTHER-REF BID
| All In One Control Panel -- All In One Control Panel
| Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.010 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) xuser_name parameter to shared/code/cp_authorization.php, and the (2) did parameter to public/code/cp_downloads.php, different vectors than CVE-2007-0223. | | 7.0 | CVE-2007-0316 BUGTRAQ BUGTRAQ BID FRSIRT SECUNIA
| Apple -- Mac OS X Server Apple -- Mac OS X FreeBSD -- FreeBSD
| Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem. | | 7.0 | CVE-2007-0229 OTHER-REF OTHER-REF BID FRSIRT SECUNIA MLIST XF
| Apple -- Mac OS X
| Double-free vulnerability in the _ATPsndrsp function in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (kernel panic) and possibly execute arbitrary code via a crafted AppleTalk request that triggers a heap-based buffer overflow. | | 10.0 | CVE-2007-0236 OTHER-REF BID FRSIRT SECTRACK SECUNIA
| Apple -- Mac OS X Apple -- Minimal SLP Service Agent
| Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in Mac OS X 10.4.8 and earlier allows local users, and possibly remote attackers, to gain privileges and possibly execute arbitrary code via a registration request with an invalid attr-list field. | | 7.0 | CVE-2007-0355 OTHER-REF OTHER-REF
| Article System -- Article System
| Multiple PHP remote file inclusion vulnerabilities in Article System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_DIR parameter to (1) forms.php, (2) issue_edit.php, (3) client.php, and (4) classes.php. | | 7.0 | CVE-2007-0314 OTHER-REF BID XF
| BolinTech -- DreamFTP Server
| Heap-based buffer overflow in Dream FTP Server allows remote attackers to execute arbitrary code via a USER command with a large number of format string specifiers, which triggers the overflow during processing of the Server Log. | | 7.0 | CVE-2007-0338 OTHER-REF SECUNIA
| Colloquy -- Colloquy
| Multiple format string vulnerabilities in (1) _invitedToRoom: and (2) _invitedToDirectChat: in Colloquy 2.1 and earlier allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the room name of an INVITE request, related to the implementation of AlertSheet and AlertPanel in Apple AppKit. | | 7.0 | CVE-2007-0344 OTHER-REF BID SECUNIA
| Computer Associates -- Protection Suites Computer Associates -- Brightstor ARCserve Backup Computer Associates -- Enterprise Backup
| Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe Overflow," a different vulnerability than CVE-2006-5172. | | 10.0 | CVE-2006-5171 ISS OTHER-REF BID FRSIRT SECUNIA XF SECTRACK
| Computer Associates -- Brightstor ARCserve Backup Computer Associates -- Brightstor Enterprise Backup Computer Associates -- Protection Suites
| Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe String Handling Overflow," a different vulnerability than CVE-2006-5171. | | 10.0 | CVE-2006-5172 OTHER-REF ISS BID FRSIRT SECUNIA XF SECTRACK
| ComScripts -- PHPMyphorum
| PHP remote file inclusion vulnerability in mep/frame.php in PHPMyphorum 1.5a allows remote attackers to execute arbitrary PHP code via a URL in the chem parameter. | | 7.0 | CVE-2007-0361 OTHER-REF FRSIRT
| Digiappz -- DigiAffiliate
| SQL injection vulnerability in visu_user.asp in Digiappz DigiAffiliate 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | | 7.0 | CVE-2007-0306 OTHER-REF BID FRSIRT SECUNIA
| Easy-content filemanager -- Easy-content filemanager
| Unspecified vulnerability in easy-content filemanager allows remote attackers to upload or modify arbitrary files via unspecified vectors. | | 7.0 | CVE-2007-0252 BUGTRAQ
| Ezboxx -- Ezboxx Portal System
| SQL injection vulnerability in boxx/ShowAppendix.asp in Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the iid parameter. | | 7.0 | CVE-2007-0266 BUGTRAQ
| F5 -- FirePass SSL VPN
| Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN allow remote attackers to inject arbitrary web script or HTML via (1) the xcho parameter to my.logon.php3; the (2) topblue, (3) midblue, (4) wtopblue, and certain other Custom color parameters in a per action to vdesk/admincon/index.php; the (5) h321, (6) h311, (7) h312, and certain other Front Door custom text color parameters in a per action to vdesk/admincon/index.php; the (8) ua parameter in a bro action to vdesk/admincon/index.php; the (9) app_param and (10) app_name parameters to webyfiers.php; (11) double eval functions; (12) JavaScript contained in an <FP_DO_NOT_TOUCH> element; and (13) the vhost parameter to my.activation.php. NOTE: it is possible that this candidate overlaps CVE-2006-3550. | | 7.0 | CVE-2007-0186 OTHER-REF OTHER-REF OTHER-REF BID FULLDISC SECUNIA SECUNIA
| FileZilla -- FileZilla
| Multiple buffer overflows in FileZilla before 2.2.30a allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors related to (1) Options.cpp when sotring settings in the registry, and (2) the transfer queue (QueueCtrl.cpp). NOTE: some of these details are obtained from third party information. | | 10.0 | CVE-2007-0315 OTHER-REF BID FRSIRT XF
| FileZilla -- FileZilla
| Format string vulnerability in the LogMessage function in FileZilla before 3.0.0-beta5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted arguments. NOTE: some of these details are obtained from third party information. | | 7.0 | CVE-2007-0317 OTHER-REF BID FRSIRT XF
| Francisco Burzi -- PHP-Nuke
| SQL injection vulnerability in blocks/block-Old_Articles.php in Francisco Burzi PHP-Nuke 7.9 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter. | | 7.0 | CVE-2007-0309 BUGTRAQ OTHER-REF BID SECTRACK
| FreshReader -- FreshReader
| Cross-site scripting (XSS) vulnerability in the RSS feed component in FreshReader before 1.0.07010600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to tag attributes. | | 7.0 | CVE-2007-0362 OTHER-REF OTHER-REF SECUNIA
| Grsecurity -- Grsecurity Kernel Patch
| ** DISPUTED ** Unspecified vulnerability in the grsecurity patch has unspecified impact and remote attack vectors, a different vulnerability than the expand_stack vulnerability from the Digital Armaments 20070110 pre-advisory. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven. | | 7.0 | CVE-2007-0253 OTHER-REF OTHER-REF OTHER-REF
| Grsecurity -- Grsecurity Kernel Patch
| ** DISPUTED ** Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven. | | 7.0 | CVE-2007-0257 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECUNIA BUGTRAQ OTHER-REF SECTRACK
| Image gallery with Access Database -- Image gallery with Access Database
| Multiple SQL injection vulnerabilities in Image Gallery with Access Database allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to (a) dispimage.asp, or the (2) order or (3) page parameter to (b) default.asp. | | 7.0 | CVE-2006-6932 BUGTRAQ BID
| InGate -- Firewall and SIParator
| Unspecified vulnerability in the SIP module in InGate Firewall and SIParator before 4.5.1 allows remote attackers to conduct replay attacks on the authentication mechanism via unknown vectors. | | 7.0 | CVE-2007-0334 OTHER-REF BID SECUNIA FRSIRT
| Ipswitch -- WS_FTP
| Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch WS_FTP 2007 Professional allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long ftp:// URL in an HTML document, and possibly other vectors. | | 7.0 | CVE-2007-0330 BUGTRAQ BUGTRAQ BUGTRAQ BID
| KGB -- KGB
| Directory traversal vulnerability in sesskglogadmin.php in KGB 1.9 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skinnn parameter, as demonstrated by invoking kg.php with a postek parameter containing PHP code, which is injected into a file in the kg directory, and then included by sesskglogadmin.php. | | 7.0 | CVE-2007-0337 OTHER-REF BID
| libgtop -- libgtop
| Stack-based buffer overflow in the glibtop_get_proc_map_s function in libgtop before 2.14.6 (libgtop2) allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a process with a long filename that is mapped in its address space, which triggers the overflow in gnome-system-monitor. | | 7.0 | CVE-2007-0235 OTHER-REF OTHER-REF OTHER-REF UBUNTU FRSIRT FRSIRT SECUNIA SECUNIA
| MGB -- OpenSource Guestbook
| SQL injection vulnerability in email.php in MGB OpenSource Guestbook 0.5.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | | 7.0 | CVE-2007-0354 OTHER-REF OTHER-REF VIM BID
| Michiel Broek -- mbse-bbs
| Stack-based buffer overflow in mbse-bbs 0.70 and earlier allows local users to execute arbitrary code via a long string in the MBSE_ROOT environment variable. | | 10.0 | CVE-2007-0368 OTHER-REF OTHER-REF BID
| Microsoft -- Help Workshop
| Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a crafted .cnt file composed of lines that begin with an integer followed by a space and a long string. | | 8.0 | CVE-2007-0352 BUGTRAQ OTHER-REF OTHER-REF
| MiNT -- Haber Sistemi 2.7
| SQL injection vulnerability in duyuru.asp in MiNT Haber Sistemi 2.7 allows remote attackers to execute arbitrary SQL commands via the id parameter. | | 7.0 | CVE-2007-0304 OTHER-REF FRSIRT SECUNIA
| myWebland -- myBloggie
| Cross-site scripting (XSS) vulnerability in (1) index.php and (2) login.php in myBloggie 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO string. | | 7.0 | CVE-2007-0353 BUGTRAQ OTHER-REF BID
| Naig -- Naig
| ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Naig 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the this_path parameter. NOTE: a reliable third party disputes this vulnerability because this_path is defined before use. | | 7.0 | CVE-2007-0260 BUGTRAQ VIM
| nicecoder -- INDEXU
| Multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com INDEXU 5.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to (a) suggest_category.php; the (2) u parameter to (b) user_detail.php; the (3) friend_name, (4) friend_email, (5) error_msg, (6) my_name, (7) my_email, and (8) id parameters to (c) tell_friend.php; the (9) error_msg, (10) email, (11) name, and (12) subject parameters to (d) sendmail.php; the (13) email, (14) error_msg, and (15) username parameters to (e) send_pwd.php; the (16) keyword parameter to (f) search.php; the (17) error_msg, (18) username, (19) password, (20) password2, and (21) email parameters to (g) register.php; the (22) url, (23) contact_name, and (24) email parameters to (h) power_search.php; the (25) path and (26) total parameters to (i) new.php; the (27) query parameter to (j) modify.php; the (28) error_msg parameter to (k) login.php; the (29) error_msg and (30) email !
parameters to (l) mailing_list.php; the (31) gateway parameter to (m) upgrade.php; and another unspecified vector. | | 7.0 | CVE-2007-0364 BUGTRAQ BID SECUNIA
| Nicola Asuni -- All In One Control Panel
| Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.009 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this is probably a different vulnerability than CVE-2006-5830. | | 7.0 | CVE-2007-0365 OTHER-REF FRSIRT SECUNIA XF
| NWOM -- NWOM Topsites
| Cross-site scripting (XSS) vulnerability in index.php in Nwom topsites 3.0 allows remote attackers to inject arbitrary web script or HTML via the o parameter. | | 7.0 | CVE-2007-0249 BUGTRAQ BID
| Okulsistem Okul Web -- Otomasyon Sistemi
| SQL injection vulnerability in etkinlikbak.asp in Okul Web Otomasyon Sistemi 4.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | | 7.0 | CVE-2007-0305 BUGTRAQ OTHER-REF BID SECUNIA
| Openads -- Openads
| Cross-site scripting (XSS) vulnerability in admin-search.php in (1) Openads for PostgreSQL (aka phpPgAds) before 2.0.10 and (2) Openads (aka phpAdsNew) before 2.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | | 7.0 | CVE-2007-0363 OTHER-REF OTHER-REF SECUNIA
| OpenSolution -- Quick.Car Fastilo -- Fastilo
| Cross-site scripting (XSS) vulnerability in index.php in (1) Fastilo 2.0 and (2) Open Solution Quick.Cart 2.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: some of these details are obtained from third party information. | | 7.0 | CVE-2007-0258 OTHER-REF BID SECUNIA SECUNIA
| Oracle -- Oracle E-Business Suite and Applications Oracle -- Oracle HTTP Server
| Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka (1) OHS01, (2) OHS02, (3) OHS05, (4) OHS06, and (5) OHS07. | | 7.0 | CVE-2007-0279 OTHER-REF CERT SECUNIA
| Oracle -- Oracle Enterprise Manager
| Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 have unknown impact and attack vectors related to Oracle Agent, aka (1) EM01 and (2) EM02. | | 7.0 | CVE-2007-0292 OTHER-REF CERT SECUNIA
| Oreon Project -- Oreon
| PHP remote file inclusion vulnerability in lang/index.php in Oreon 1.2.3 RC4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | | 7.0 | CVE-2007-0360 OTHER-REF FRSIRT
| OWA -- OWA
| Buffer overflow in the ParseHeader function in clsOWA.cls in POP3/SMTP to OWA (pop2owa) 1.1.3 allows remote attackers to execute arbitrary code via a long header in an e-mail message. | | 10.0 | CVE-2006-6940 OTHER-REF OTHER-REF FRSIRT
| Pancake.org -- Zina
| Multiple unspecified vulnerabilities in Zina 1.0rc1 and earlier have unknown impact and attack vectors related to "Potential security bugs." | | 7.0 | CVE-2007-0303 OTHER-REF BID FRSIRT
| Pensacola Web Designs -- XtremeASP PhotoGallery
| Cross-site scripting (XSS) vulnerability in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary HTML or web script via (1) the catname parameter to displaypic.asp or (2) the search field. | | 7.0 | CVE-2006-6936 BUGTRAQ BID XF
| Pensacola Web Designs -- XtremeASP PhotoGallery
| SQL injection vulnerability in displaypic.asp in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary SQL commands via the sortorder parameter. | | 7.0 | CVE-2006-6937 BUGTRAQ BID XF
| phpMyAdmin -- phpMyAdmin
| Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php. | | 7.0 | CVE-2006-6942 BUGTRAQ OTHER-REF
| phpMyAdmin -- phpMyAdmin
| phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers. | | 7.0 | CVE-2006-6944 OTHER-REF
| Plain Black -- WebGUI
| Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.3.4 (beta) allows remote attackers to inject arbitrary web script or HTML via Wiki Page titles. | | 7.0 | CVE-2007-0308 OTHER-REF BID SECUNIA
| Poplar Gedcom Viewer -- Poplar Gedcom Viewer
| PHP remote file inclusion vulnerability in include/common.php in Poplar Gedcom Viewer 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[rootPath] parameter. | | 7.0 | CVE-2007-0307 OTHER-REF BID FRSIRT SECUNIA
| Portix-PHP -- Portix-PHP
| SQL injection vulnerability in the login component in Portix-PHP 0.4.2 allows remote attackers to execute arbitrary SQL commands via the username and passwd (password) fields. | | 7.0 | CVE-2006-6935 BUGTRAQ BID XF
| Scriptme -- SMe FileMailer
| SQL injection vulnerability in index.php (aka the login form) in Scriptme SMe FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the Password field (ps parameter). NOTE: some of these details are obtained from third party information. | | 7.0 | CVE-2007-0339 BUGTRAQ VIM SECUNIA
| SmE -- FileMailer
| SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the us parameter. | | 7.0 | CVE-2007-0346 VIM FRSIRT
| SmE -- FileMailer
| Multiple SQL injection vulnerabilities in (a) index.php and (b) dl.php in SmE FileMailer 1.21 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ps, (2) us, (3) f, or (4) code parameter. NOTE: the us vector in index.php is already covered by CVE-2007-0346. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | | 7.0 | CVE-2007-0350 FRSIRT
| sNews -- sNews
| snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter. | | 10.0 | CVE-2007-0261 OTHER-REF BID SECUNIA
| Sun -- JDK Sun -- SDK Sun -- JRE
| Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption. | | 8.0 | CVE-2007-0243 OTHER-REF SUNALERT BUGTRAQ CERT-VN FRSIRT SECUNIA
| ThWboard -- ThWboard
| SQL injection vulnerability in inc/header.inc.php in ThWboard 3.0b2.84-php5 and earlier allows remote attackers to execute arbitrary SQL commands via the board[styleid] parameter to index.php. | | 7.0 | CVE-2007-0340 OTHER-REF SECUNIA
| Uberghey -- CMS
| PHP remote file inclusion vulnerability in frontpage.php in Uberghey CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter. | | 7.0 | CVE-2007-0359 OTHER-REF VIM FRSIRT
| Virtuemart -- Virtuemart
| SQL injection vulnerability in Virtuemart 1.0.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) Itemid, (2) product_id, and category_id parameters as handled in virtuemart_parser.php. | | 7.0 | CVE-2006-6945 FULLDISC OTHER-REF OTHER-REF BID
| WinZip -- WinZip
| Buffer overflow in Winzip32.exe in WinZip 9.0 SR-1 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long command line argument. NOTE: this issue may cross privilege boundaries if an application automatically invokes Winzip32.exe for untrusted input filenames, as in the case of a file upload application. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | | 8.0 | CVE-2007-0264 BID
| Xentraz -- liens_dynamiques
| Cross-site scripting (XSS) vulnerability in liens.php3 in liens_dynamiques 2.1 allows remote attackers to inject arbitrary web script or HTML by using the ajouter=1 query string and the add menu. | | 7.0 | CVE-2007-0331 BUGTRAQ BID
| Xentraz -- liens_dynamiques
| (1) admin/adminlien.php3 and (2) admin/modif.php3 in liens_dynamiques 2.1 do not require authentication, which allows remote attackers to perform unauthorized administrative actions using a direct request. | | 7.0 | CVE-2007-0332 BUGTRAQ BID
| xine -- xine-ui
| Format string vulnerability in the errors_create_window function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors. | | 10.0 | CVE-2007-0254 BUGTRAQ BID SECUNIA XF
| XINE -- XINE
| XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017. | | 8.0 | CVE-2007-0255 BUGTRAQ
|