U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
There are 168,852 matching records.
Displaying matches 145,541 through 145,560.
Vuln ID Summary CVSS Severity
CVE-2006-7154

Iono allows remote attackers to obtain the full server path via certain requests to (1) templates/iono/admin/denied.tpl.php, (2) templates/iono/admin/index.tpl.php, and (a) other unspecified files in templates/.

Published: March 07, 2007; 3:19:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-7155

Novell BorderManager 3.8 SP4 generates the same ISAKMP cookies for the same source IP and port number during the same day, which allows remote attackers to conduct denial of service and replay attacks. NOTE: this issue might be related to CVE-2006-5286.

Published: March 07, 2007; 3:19:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-7156

PHP remote file inclusion vulnerability in addon_keywords.php in Keyword Replacer (keyword_replacer) 1.0 and earlier, a module for miniBB, allows remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter.

Published: March 07, 2007; 3:19:00 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2006-7157

Buffer overflow in Google Earth v4.0.2091 (beta) allows remote user-assisted attackers to cause a denial of service (crash) via a KML or KMZ file with a long href element.

Published: March 07, 2007; 3:19:00 PM -0500
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2006-7158

Cross-site scripting (XSS) vulnerability in Oracle Application Express (APEX) before 2.2.1, aka Oracle HTML DB, allows remote attackers to inject arbitrary web script or HTML via the NOTIFICATION_MSG parameter. NOTE: it is likely that this issue overlaps one of the identifiers in CVE-2006-5351.

Published: March 07, 2007; 3:19:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-7159

Directory traversal vulnerability in include/prune_torrents.php in BTI-Tracker 1.3.2 (aka btitracker) allows remote attackers to delete arbitrary files via ".." sequences in the TORRENTSDIR parameter in a prune action.

Published: March 07, 2007; 3:19:00 PM -0500
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2006-7160

The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly earlier versions, does not validate arguments to hooked SSDT functions, which allows local users to cause a denial of service (crash) via invalid arguments to the (1) NtAssignProcessToJobObject,, (2) NtCreateKey, (3) NtCreateThread, (4) NtDeleteFile, (5) NtLoadDriver, (6) NtOpenProcess, (7) NtProtectVirtualMemory, (8) NtReplaceKey, (9) NtTerminateProcess, (10) NtTerminateThread, (11) NtUnloadDriver, and (12) NtWriteVirtualMemory functions.

Published: March 07, 2007; 3:19:00 PM -0500
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2006-7161

SQL injection vulnerability in giris_yap.asp in Hazir Site 2.0 allows remote attackers to bypass authentication via the (1) k_a class or (2) sifre parameter.

Published: March 07, 2007; 3:19:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-7135

PHP remote file inclusion vulnerability in lib/functions.inc.php in PHP Poll Creator (phpPC) 1.04 allows remote attackers to execute arbitrary PHP code via a URL in the relativer_pfad parameter, a different vector and version than CVE-2005-1755. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published: March 06, 2007; 7:19:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-7136

Multiple PHP remote file inclusion vulnerabilities in PHP Poll Creator (phpPC) 1.04 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the relativer_pfad parameter to (1) poll.php, (2) poll_kommentar.php, and (3) poll_sm.php, different vectors and version than CVE-2005-1755.

Published: March 06, 2007; 7:19:00 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2006-7137

Cross-site scripting (XSS) vulnerability in TinyPortal before 0.8.6 allows remote attackers to inject arbitrary web script or HTML via the shoutbox.

Published: March 06, 2007; 7:19:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-1288

Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News 1.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) comment.php, (2) themes.php, (3) directory.php, and (4) sendmsg.php in admin/.

Published: March 06, 2007; 7:19:00 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2007-1289

SQL injection vulnerability in ViewBugs.php in Tyger Bug Tracking System (TygerBT) 1.1.3 allows remote attackers to execute arbitrary SQL commands via the s parameter.

Published: March 06, 2007; 7:19:00 PM -0500
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2007-1290

SQL injection vulnerability in ViewReport.php in Tyger Bug Tracking System (TygerBT) 1.1.3 allows remote attackers to execute arbitrary SQL commands via the bug parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published: March 06, 2007; 7:19:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-1291

Multiple cross-site scripting (XSS) vulnerabilities in Tyger Bug Tracking System (TygerBT) 1.1.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) Login.php and (2) Register.php.

Published: March 06, 2007; 7:19:00 PM -0500
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2007-1292

SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances "almost impossible to achieve."

Published: March 06, 2007; 7:19:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-1293

SQL injection vulnerability in Rigter Portal System (RPS) 6.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the categoria parameter to the top-level URI (index.php), possibly related to ver_descarga.php.

Published: March 06, 2007; 7:19:00 PM -0500
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2007-1294

A certain ActiveX control in the DivXBrowserPlugin (npdivx32.dll) in DivX Web Player, as distributed with DivX Player 1.3.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via large values to DivxWP.Resize, related to resizing images.

Published: March 06, 2007; 7:19:00 PM -0500
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-1295

SQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the td_id parameter.

Published: March 06, 2007; 7:19:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-1296

SQL injection vulnerability in postingdetails.php in AJ Classifieds 1.0 allows remote attackers to execute arbitrary SQL commands via the postingid parameter.

Published: March 06, 2007; 7:19:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH