Search Results (Refine Search)

Search Parameters:
There are 155,570 matching records.
Displaying matches 129,481 through 129,500.
Vuln ID Summary CVSS Severity
CVE-2007-4112

Multiple SQL injection vulnerabilities in Advanced Webhost Billing System (AWBS) before 2.6.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged for XSS attacks that "bypass AWBS's anti-XSS input validation."

Published: July 31, 2007; 6:17:00 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-4113

Unspecified vulnerability in Advanced Webhost Billing System (AWBS) before 2.6.0 allows remote authenticated users to obtain configuration data about other dedicated servers via unspecified vectors.

Published: July 31, 2007; 6:17:00 AM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2007-4114

Multiple SQL injection vulnerabilities in unuttum.asp in SuskunDuygular Uyelik Sistemi 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) kadi or (2) email parameter. NOTE: some of these details are obtained from third party information.

Published: July 31, 2007; 6:17:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-4115

Multiple cross-site scripting (XSS) vulnerabilities in IT!CMS (itcms) 0.2 allow remote attackers to inject arbitrary web script or HTML via the wndtitle parameter to (1) lang-en.php, (2) menu-ed.php, or (3) titletext-ed.php.

Published: July 31, 2007; 6:17:00 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-4116

SQL injection vulnerability in philboard_forum.asp in Metyus Forum Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: this might be related to CVE-2007-0920 or CVE-2007-3884.

Published: July 31, 2007; 6:17:00 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-3387

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.

Published: July 30, 2007; 7:17:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-4096

Buffer overflow in Tor before 0.1.2.15, when using BSD natd support, allows remote attackers to cause a denial of service via unspecified vectors.

Published: July 30, 2007; 5:17:00 PM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2007-4097

Tor before 0.1.2.15 sends "destroy cells" containing the reason for tearing down a circuit, which allows remote attackers to obtain sensitive information, contrary to specifications.

Published: July 30, 2007; 5:17:00 PM -0400
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2007-4098

Tor before 0.1.2.15 does not properly distinguish "streamids from different exits," which might allow remote attackers with control over Tor routers to inject cells into arbitrary streams.

Published: July 30, 2007; 5:17:00 PM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2007-4099

Tor before 0.1.2.15 can select a guard node beyond the first listed never-before-connected-to guard node, which allows remote attackers with control of certain guard nodes to obtain sensitive information and possibly leverage further attacks.

Published: July 30, 2007; 5:17:00 PM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2007-4092

Directory traversal vulnerability in index.php in iFoto 1.0.1 and earlier allows remote attackers to list arbitrary directories, and possibly download arbitrary photos, via a .. (dot dot) in the dir parameter.

Published: July 30, 2007; 4:17:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-4093

Minb Is Not a Blog (minb) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing usernames and encrypted passwords via a direct request for db/users.db.

Published: July 30, 2007; 4:17:00 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-4094

PHP remote file inclusion vulnerability in library/authorize.php in IDevSpot PhpHostBot allows remote attackers to execute arbitrary PHP code via a URL in the login_form parameter, a different vector than CVE-2006-3776.

Published: July 30, 2007; 4:17:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-4095

SQL injection vulnerability in BSM Store Dependent Forums 1.02 allows remote attackers to execute arbitrary SQL commands via a Username field in an unspecified component, probably the FrmUserName parameter in login.asp.

Published: July 30, 2007; 4:17:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-3911

Multiple heap-based buffer overflows in (1) clsscheduler.exe (aka scheduler client) and (2) srvscheduler.exe (aka scheduler server) in BakBone NetVault Reporter 3.5 before Update4 allow remote attackers to execute arbitrary code via long filename arguments in HTTP requests.

Published: July 30, 2007; 1:30:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2007-4053

SQL injection vulnerability in include/img_view.class.php in LinPHA 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the order parameter to new_images.php.

Published: July 30, 2007; 1:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-4054

SQL injection vulnerability in category.php in PHP123 Top Sites allows remote attackers to execute arbitrary SQL commands via the cat parameter.

Published: July 30, 2007; 1:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-4055

SQL injection vulnerability in comments_get.asp in SimpleBlog 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this may be related to CVE-2006-4300.

Published: July 30, 2007; 1:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-4056

SQL injection vulnerability in directory.php in Prozilla Adult Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. NOTE: the original report indicated that this was the "photo" SourceForge project (aka Maan Bsat Photo Collection), but that was incorrect.

Published: July 30, 2007; 1:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-4057

Unrestricted file upload vulnerability in pfs.php in Neocrome Seditio 121 and earlier allows remote authenticated users to upload arbitrary PHP code via a filename ending with (1) .php.gif, (2) .php.jpg, or (3) .php.png.

Published: July 30, 2007; 1:30:00 PM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM