Search Results (Refine Search)

Search Parameters:
There are 155,392 matching records.
Displaying matches 129,561 through 129,580.
Vuln ID Summary CVSS Severity
CVE-2007-3824

SQL injection vulnerability in katgoster.asp in MzK Blog (tr) allows remote attackers to execute arbitrary SQL commands via the katID parameter.

Published: July 16, 2007; 9:30:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2007-3017

The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to admin/worklist/worklist_edit.asp.

Published: July 16, 2007; 8:30:00 PM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2007-3018

activeWeb contentserver CMS before 5.6.2964 does not limit the file-creation ability of editors who have restricted accounts, which allows these editors to create files in arbitrary directories.

Published: July 16, 2007; 8:30:00 PM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2007-3806

The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure.

Published: July 16, 2007; 8:30:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-3807

Multiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum before 7.3 allow remote attackers to inject arbitrary web script or HTML via the user name field in the login procedure, and other unspecified vectors.

Published: July 16, 2007; 8:30:00 PM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2007-3808

SQL injection vulnerability in includes/search.php in paFileDB 3.6 allows remote attackers to execute arbitrary SQL commands via the categories[] parameter in a search action to index.php, a different vector than CVE-2005-2000.

Published: July 16, 2007; 8:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-3809

Multiple SQL injection vulnerabilities in Prozilla Directory Script allow remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action to directory.php, and other unspecified vectors.

Published: July 16, 2007; 8:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-3810

SQL injection vulnerability in index.php in Realtor 747 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter.

Published: July 16, 2007; 8:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-3811

Multiple SQL injection vulnerabilities in eSyndiCat allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php or (2) the name parameter to page.php.

Published: July 16, 2007; 8:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-3812

SQL injection vulnerability in forums.php in CMScout 1.23 and earlier allows remote attackers to execute arbitrary SQL commands via the f parameter in a forums action to index.php.

Published: July 16, 2007; 8:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-3813

PHP remote file inclusion vulnerability in include/user.php in the NoBoard BETA module for MKPortal allows remote attackers to execute arbitrary PHP code via a URL in the MK_PATH parameter.

Published: July 16, 2007; 8:30:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-3814

Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the idurlo field in the delete_urlo function in (a) index.php in the urlobox module; the iden field in the (2) update_file and (3) del_file functions in (b) index.php in the reviews module; the (4) idnews field in the delete_news function and the (5) idcomm field in the del_comment function in (c) index.php in the news module; the (6) idcomm field in the delete_comments function in (d) index.php in the gallery module; the iden field in the (7) edit_file, (8) update_file, and (9) del_file functions in index.php in the gallery module; the (10) ide and (11) cat fields in the slide_update function in index.php in the gallery module; the iden field in the (12) update_file and (13) del_file functions in (d) index.php in the downloads module; and other unspecified vectors.

Published: July 16, 2007; 8:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-3815

Buffer overflow in pirs32.exe in Poslovni informator Republike Slovenije (PIRS) 2007 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long search string in certain fields in the GUI. NOTE: this may cross privilege boundaries if PIRS is used by data-entry workers who do not have full access to the underlying Windows environment.

Published: July 16, 2007; 8:30:00 PM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2007-3816

** DISPUTED ** JWIG might allow context-dependent attackers to cause a denial of service (service degradation) via loops of references to external templates. NOTE: this issue has been disputed by multiple third parties who state that only the application developer can trigger the issue, so no privilege boundaries are crossed. However, it seems possible that this is a vulnerability class to which an JWIG application may be vulnerable if template contents can be influenced, but this would be an issue in the application itself, not JWIG.

Published: July 16, 2007; 8:30:00 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-3800

Unspecified vulnerability in the Real-time scanner (RTVScan) component in Symantec AntiVirus Corporate Edition 9.0 through 10.1 and Client Security 2.0 through 3.1, when the Notification Message window is enabled, allows local users to gain privileges via crafted code.

Published: July 16, 2007; 7:30:00 PM -0400
V3.x:(not available)
V2.0: 6.0 MEDIUM
CVE-2007-3803

The SMTP ALG in Clavister CorePlus before 8.80.04, and 8.81.00, does not properly parse SMTP commands in certain circumstances, which allows remote attackers to bypass address blacklists.

Published: July 16, 2007; 7:30:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2007-3804

The AntiVirus engine in the HTTP-ALG in Clavister CorePlus before 8.81.00 and 8.80.03 might allow remote attackers to bypass scanning via small files.

Published: July 16, 2007; 7:30:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-3805

The IKE implementation in Clavister CorePlus before 8.80.03, and 8.80.00, does not properly validate certificates during IKE negotiation, which allows remote attackers to cause a denial of service (gateway stop) via certain certificates.

Published: July 16, 2007; 7:30:00 PM -0400
V3.x:(not available)
V2.0: 5.4 MEDIUM
CVE-2007-3798

Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.

Published: July 16, 2007; 6:30:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-3799

The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207.

Published: July 16, 2007; 6:30:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM