Search Results (Refine Search)

Search Parameters:
There are 153,923 matching records.
Displaying matches 129,281 through 129,300.
Vuln ID Summary CVSS Severity
CVE-2007-2627

Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call get_sidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF), a different vulnerability than CVE-2007-1622.

Published: May 11, 2007; 1:19:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-2628

PHP remote file inclusion vulnerability in include/logout.php in Justin Koivisto SecurityAdmin for PHP (aka PHPSecurityAdmin, PSA) 4.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the PSA_PATH parameter.

Published: May 11, 2007; 1:19:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-2629

Bradford CampusManager Network Control Application Server 3.1(6) allows remote attackers to obtain sensitive information (backup, log, and configuration files) via direct request for certain files in (1) /runTime/ or (2) /remediationReports/.

Published: May 11, 2007; 1:19:00 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-2630

Incomplete blacklist vulnerability in filemanager/browser/default/connectors/php/config.php in the FCKeditor module, as used in ActiveCampaign 1-2-All (aka 12All) 4.50 through 4.53.13, and possibly other products, allows remote authenticated administrators to upload and possibly execute .php4 and .php5 files via unspecified vectors. NOTE: this issue is reachable through filemanager/browser/default/browser.html.

Published: May 11, 2007; 1:19:00 PM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2007-2616

Stack-based buffer overflow in the SSL version of the NMDMC.EXE service in Novell NetMail 3.52e FTF2 and probably earlier allows remote attackers to execute arbitrary code via a crafted request.

Published: May 11, 2007; 12:19:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2007-2617

srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options.

Published: May 11, 2007; 12:19:00 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2007-2618

CRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the lang parameter. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports valid until the first official release of Drake CMS."

Published: May 11, 2007; 12:19:00 PM -0400
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2007-2619

Symantec pcAnywhere 11.5.x and 12.0.x retains unencrypted login credentials for the most recent login within process memory, which allows local administrators to obtain the credentials by reading process memory, a different vulnerability than CVE-2006-3785.

Published: May 11, 2007; 12:19:00 PM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2007-2620

PHP remote file inclusion vulnerability in inc/config.inc.php in Jakub Steiner (aka jimmac) original 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the x[1] parameter.

Published: May 11, 2007; 12:19:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-2621

SQL injection vulnerability in event_view.php in Thyme Calendar 1.3 allows remote attackers to execute arbitrary SQL commands via the eid parameter.

Published: May 11, 2007; 12:19:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-2622

Multiple SQL injection vulnerabilities in TaskDriver 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to login.php or (2) the taskid parameter to notes.php.

Published: May 11, 2007; 12:19:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-2623

Multiple buffer overflows in RControl.dll in Remote Display Dev kit 1.2.1.0 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via (1) a long first argument to the connect function or (2) a long InternalServer property value, possibly involving ntdll.dll.

Published: May 11, 2007; 12:19:00 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2006-3456

The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to "crash the control" via unspecified vectors related to content on a web site, and place Internet Explorer into a "defunct state" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting. NOTE: this CVE was inadvertently used for an E-mail Auto-Protect issue, but that issue has been assigned CVE-2007-3771.

Published: May 11, 2007; 6:19:00 AM -0400
V3.x:(not available)
V2.0: 8.5 HIGH
CVE-2007-2594

PHP remote file inclusion vulnerability in inc/articles.inc.php in phpMyPortal 3.0.0 RC3 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[CHEMINMODULES] parameter.

Published: May 11, 2007; 6:19:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-2595

RSAuction 2.73.1.3 allows remote authenticated users to move their own account status from Suspended to Active via a direct request for the activation URL that is provided at the time of account registration. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published: May 11, 2007; 6:19:00 AM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2007-2596

PHP remote file inclusion vulnerability in common/func.php in aForum 1.32 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CommonAbsDir parameter.

Published: May 11, 2007; 6:19:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-2597

Multiple PHP remote file inclusion vulnerabilities in telltarget CMS 1.3.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) ordnertiefe parameter to site_conf.php; or the (2) tt_docroot parameter to (a) class.csv.php, (b) produkte_nach_serie.php, or (c) ref_kd_rubrik.php in functionen/; (d) hg_referenz_jobgalerie.php, (e) surfer_anmeldung_NWL.php, (f) produkte_nach_serie_alle.php, (g) surfer_aendern.php, (h) ref_kd_rubrik.php, or (i) referenz.php in module/; or (j) 1/lay.php or (k) 3/lay.php in standard/.

Published: May 11, 2007; 6:19:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-2598

SQL injection vulnerability in print.php in SimpleNews 1.0.0 FINAL allows remote attackers to execute arbitrary SQL commands via the news_id parameter.

Published: May 11, 2007; 6:19:00 AM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2007-2599

Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or (3) the search parameter to search.php.

Published: May 11, 2007; 6:19:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-2600

Multiple cross-site scripting (XSS) vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or the (3) search parameter to search.php.

Published: May 11, 2007; 6:19:00 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM