Search Results (Refine Search)

Search Parameters:
There are 153,882 matching records.
Displaying matches 129,321 through 129,340.
Vuln ID Summary CVSS Severity
CVE-2007-2567

Buffer overflow in the SaveBarCode function in the Taltech Tal Bar Code ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors.

Published: May 09, 2007; 2:19:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-0605

Cross-site scripting (XSS) vulnerability in picture.php in Advanced Guestbook 2.4.2 allows remote attackers to inject arbitrary web script or HTML via the picture parameter.

Published: May 09, 2007; 1:19:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-0608

Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive information via an invalid (1) GB_TBL parameter to (a) lang/codes-english.php or (b) image.php, which reveal the database name; (2) an invalid GB_DB parameter to index.php, coupled with a ../index lang cookie, which reveals the installation path; or (3) a direct request to index.php with no parameters or cookies, which reveals the installation path.

Published: May 09, 2007; 1:19:00 PM -0400
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2007-0609

Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. (dot dot) in a lang cookie, followed by a filename without its .php extension, as demonstrated via a request to index.php.

Published: May 09, 2007; 1:19:00 PM -0400
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2007-2553

Unspecified vulnerability in dop in HP Tru64 UNIX 5.1B-4, 5.1B-3, and 5.1A PK6 allows local users to gain privileges via a large amount of data in the environment, as demonstrated by a long environment variable.

Published: May 09, 2007; 1:19:00 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2007-2554

Associated Press (AP) Newspower 4.0.1 and earlier uses a default blank password for the MySQL root account, which allows remote attackers to insert or modify news articles via shows.tblscript.

Published: May 09, 2007; 1:19:00 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-2555

Unspecified vulnerability in Default.aspx in Podium CMS allows remote attackers to have an unknown impact, possibly session fixation, via a META HTTP-EQUIV Set-cookie expression in the id parameter, related to "cookie manipulation." NOTE: this issue might be cross-site scripting (XSS).

Published: May 09, 2007; 1:19:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-2546

Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

Published: May 09, 2007; 6:19:00 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-2547

Cross-site scripting (XSS) vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 allows remote attackers to inject arbitrary web script or HTML via the l parameter.

Published: May 09, 2007; 6:19:00 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-2548

Unspecified vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 has unknown impact and an l remote attack vector, related to "Cookie Manipulation."

Published: May 09, 2007; 6:19:00 AM -0400
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2007-2549

SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) c or (2) quantity parameter.

Published: May 09, 2007; 6:19:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-2550

Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with "ccSID" to (1) cart.php or (2) index.php.

Published: May 09, 2007; 6:19:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-2551

Cross-site scripting (XSS) vulnerability in usersettings.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter.

Published: May 09, 2007; 6:19:00 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-2552

The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to obtain the names, and possibly revision notes and dates, of private pages via RSS feeds.

Published: May 09, 2007; 6:19:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-1673

unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.

Published: May 08, 2007; 9:19:00 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-2535

WinAce allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.

Published: May 08, 2007; 9:19:00 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-2536

PicoZip allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.

Published: May 08, 2007; 9:19:00 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-2537

Multiple SQL injection vulnerabilities in mainfile.php in NPDS 5.10 and earlier allow remote authenticated users to execute arbitrary SQL commands via a (1) nickname or (2) Id in a cookie, or (3) the X-Forwarded-For (X_FORWARDED_FOR) HTTP header.

Published: May 08, 2007; 9:19:00 PM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2007-2538

SQL injection vulnerability in class/debug/debug_show.php in RunCms 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the executed_queries array parameter.

Published: May 08, 2007; 9:19:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-2539

The show_files function in RunCms 1.5.2 and earlier allows remote attackers to obtain sensitive information (file existence and file metadata) via unspecified vectors.

Published: May 08, 2007; 9:19:00 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH