Search Results (Refine Search)

Search Parameters:
There are 153,290 matching records.
Displaying matches 129,301 through 129,320.
Vuln ID Summary CVSS Severity
CVE-2007-1995

bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read.

Published: April 12, 2007; 6:19:00 AM -0400
V3.x:(not available)
V2.0: 6.3 MEDIUM
CVE-2007-1996

PHP remote file inclusion vulnerability in codebreak.php in CodeBreak, probably 1.1.2 and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the process_method parameter.

Published: April 12, 2007; 6:19:00 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-1979

SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the get_blogid_from_postid function in class/PopnupBlogUtils.php. NOTE: later versions such as 3.03 and 3.05 might also be affected.

Published: April 11, 2007; 9:19:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-1980

SQL injection vulnerability in index.php in the Topliste 1.0 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter.

Published: April 11, 2007; 9:19:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-1981

The safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier on Windows allows remote attackers to cause a denial of service (daemon crash) via a long meta list command.

Published: April 11, 2007; 9:19:00 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-1982

Multiple PHP remote file inclusion vulnerabilities in Really Simple PHP and Ajax (RSPA) 2007-03-23 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) __IncludeFilePHPClass, (2) __ClassPath, and (3) __class parameters to (a) rspa/framework/Controller_v5.php, and (b) rspa/framework/Controller_v4.php.

Published: April 11, 2007; 9:19:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-1983

PHP remote file inclusion vulnerability in include/default_header.php in Cyboards PHP Lite 1.21 allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter, a different vector than CVE-2006-2871.

Published: April 11, 2007; 9:19:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-1984

PHP remote file inclusion vulnerability in index.php in lite-cms 0.2.1 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter.

Published: April 11, 2007; 9:19:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-1985

Multiple PHP remote file inclusion vulnerabilities in phpexplorator.php in phpexplorator 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd or (2) lang_path parameter.

Published: April 11, 2007; 9:19:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-1986

Multiple PHP remote file inclusion vulnerabilities in barnraiser AROUNDMe 0.7.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_path_core parameter to inc/core_profile.header.php, the (2) template_path_core parameter to template/barnraiser_01/maint_contact_view.tpl.php, and the (3) template_path parameter to template/barnraiser_01/default.tpl.php. NOTE: this issue might overlap CVE-2006-5533.

Published: April 11, 2007; 9:19:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-1987

** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in PHPEcho CMS 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) _plugin_file parameter to smarty/internals/core.load_pulgins.php or the (2) root_path parameter to index.php. NOTE: CVE disputes (1) because the inclusion occurs within a function that is not called during a direct request. CVE disputes (2) because root_path is defined in config.php before use.

Published: April 11, 2007; 9:19:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-1988

Cross-site scripting (XSS) vulnerability in kernel/filters.inc.php in PHPEcho CMS 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

Published: April 11, 2007; 9:19:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-1974

SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php.

Published: April 11, 2007; 8:19:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-1975

Multiple PHP remote file inclusion vulnerabilities in SLAED CMS 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) path parameter to admin/admin.php or the (2) modpath parameter to index.php.

Published: April 11, 2007; 8:19:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-1976

** DISPUTED ** PHP remote file inclusion vulnerability in index.php in the Virii Info 1.10 and earlier module for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. NOTE: the issue has been disputed by a reliable third party, stating that the application's checkSuperglobals function defends against the attack.

Published: April 11, 2007; 8:19:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-1977

Cross-site scripting (XSS) vulnerability in index_cms.php in holaCMS 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the acuparam parameter.

Published: April 11, 2007; 8:19:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-1978

SQL injection vulnerability in index.php in the Arcade 1.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view_game_list action.

Published: April 11, 2007; 8:19:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-1973

Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 allows local users to modify memory and gain privileges via the temporary \Device\PhysicalMemory section handle, a related issue to CVE-2007-1206.

Published: April 11, 2007; 7:19:00 PM -0400
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2007-1279

Unspecified vulnerability in the installer for Adobe Bridge 1.0.3 update for Apple OS X, when patching with desktop management tools, allows local users to gain privileges via unspecified vectors during installation of the update by a different user who has administrative privileges.

Published: April 11, 2007; 6:19:00 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2007-1363

Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the delete action in (a) search.php or (b) search-pda.php, or the (2) calories parameter in a save action in editlogcal.php.

Published: April 11, 2007; 6:19:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH