SQL injection vulnerability in philboard_forum.asp in Metyus Forum Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: this might be related to CVE-2007-0920 or CVE-2007-3884.
Max CVSS
6.8
EPSS Score
0.43%
Published
2007-07-31
Updated
2018-10-15
Multiple SQL injection vulnerabilities in unuttum.asp in SuskunDuygular Uyelik Sistemi 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) kadi or (2) email parameter. NOTE: some of these details are obtained from third party information.
Max CVSS
7.5
EPSS Score
0.40%
Published
2007-07-31
Updated
2018-10-15
Multiple SQL injection vulnerabilities in Advanced Webhost Billing System (AWBS) before 2.6.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged for XSS attacks that "bypass AWBS's anti-XSS input validation."
Max CVSS
6.8
EPSS Score
0.30%
Published
2007-07-31
Updated
2017-07-29
SQL injection vulnerability in the login script in Real Estate listing website application template, when logging in as user or manager, allows remote attackers to execute arbitrary SQL commands via the Password parameter.
Max CVSS
6.8
EPSS Score
1.07%
Published
2007-07-31
Updated
2018-10-15
SQL injection vulnerability in sign_in.aspx in Message Board / Threaded Discussion Forum Application Template allows remote attackers to execute arbitrary SQL commands via the Password parameter.
Max CVSS
7.5
EPSS Score
0.31%
Published
2007-07-31
Updated
2018-10-15
SQL injection vulnerability in sign_in.aspx in WebStore (Online Store Application Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter.
Max CVSS
7.5
EPSS Score
0.31%
Published
2007-07-31
Updated
2018-10-15
SQL injection vulnerability in sign_in.aspx in WebEvents (Online Event Registration Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter.
Max CVSS
7.5
EPSS Score
1.04%
Published
2007-07-31
Updated
2018-10-15
SQL injection vulnerability in editpost.php in phpMyForum before 4.1.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information.
Max CVSS
7.5
EPSS Score
0.64%
Published
2007-07-31
Updated
2011-03-08
SQL injection vulnerability in login.asp in CodeWidgets Pay Roll - Time Sheet and Punch Card Application With Web Interface allows remote attackers to execute arbitrary SQL commands via the Password parameter.
Max CVSS
6.8
EPSS Score
0.70%
Published
2007-07-31
Updated
2018-10-15
A certain ActiveX control in BaiduBar.dll in Baidu Soba Search Bar 5.4 allows remote attackers to execute arbitrary code via a request containing "a link to download and a file to execute," possibly involving remote file inclusion.
Max CVSS
9.3
EPSS Score
12.60%
Published
2007-07-31
Updated
2018-10-15
The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of calls that do not complete a 3-way handshake, which causes an ast_channel to be allocated but not released.
Max CVSS
7.8
EPSS Score
34.70%
Published
2007-07-31
Updated
2024-02-08
Multiple PHP remote file inclusion vulnerabilities in Madoa Poll 1.1 allow remote attackers to execute arbitrary PHP code via the Madoa parameter to (1) index.php, (2) vote.php, and (3) admin.php.
Max CVSS
6.8
EPSS Score
13.86%
Published
2007-07-31
Updated
2018-10-15
Tor before 0.1.2.15 sends "destroy cells" containing the reason for tearing down a circuit, which allows remote attackers to obtain sensitive information, contrary to specifications.
Max CVSS
6.4
EPSS Score
1.32%
Published
2007-07-30
Updated
2011-03-08
SQL injection vulnerability in BSM Store Dependent Forums 1.02 allows remote attackers to execute arbitrary SQL commands via a Username field in an unspecified component, probably the FrmUserName parameter in login.asp.
Max CVSS
7.5
EPSS Score
0.07%
Published
2007-07-30
Updated
2018-10-15
PHP remote file inclusion vulnerability in library/authorize.php in IDevSpot PhpHostBot allows remote attackers to execute arbitrary PHP code via a URL in the login_form parameter, a different vector than CVE-2006-3776.
Max CVSS
7.5
EPSS Score
0.69%
Published
2007-07-30
Updated
2018-10-15
Minb Is Not a Blog (minb) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing usernames and encrypted passwords via a direct request for db/users.db.
Max CVSS
7.8
EPSS Score
0.55%
Published
2007-07-30
Updated
2018-10-15
Multiple SQL injection vulnerabilities in AlstraSoft Video Share Enterprise allow remote attackers to execute arbitrary SQL commands via (1) the gid parameter to gmembers.php, or (2) the UID parameter to (a) uvideos.php, (b) ugroups.php, (c) uprofile.php, (d) ufavour.php, (e) ufriends.php, or (f) uplaylist.php.
Max CVSS
6.8
EPSS Score
0.72%
Published
2007-07-30
Updated
2008-11-15
Multiple SQL injection vulnerabilities in AlstraSoft AskMe Pro allow remote attackers to execute arbitrary SQL commands via the (1) que_id parameter to forum_answer.php or (2) the cat_id parameter to search.php.
Max CVSS
6.8
EPSS Score
0.14%
Published
2007-07-30
Updated
2009-04-14
Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to execute arbitrary SQL commands via (1) the pgmid parameter in an uploadProducts action to merchants/index.php and possibly (2) the rowid parameter to merchants/temp.php.
Max CVSS
7.5
EPSS Score
0.15%
Published
2007-07-30
Updated
2008-11-15
Cross-site scripting (XSS) vulnerability in index.php AlstraSoft E-Friends allows remote attackers to inject arbitrary web script or HTML via the p_id parameter in a people_card action. NOTE: this might overlap CVE-2006-2564.
Max CVSS
6.4
EPSS Score
0.46%
Published
2007-07-30
Updated
2008-11-15
Multiple SQL injection vulnerabilities in index.asp in Alisveris Sitesi Scripti allow remote attackers to execute arbitrary SQL commands via the (1) product_id or (2) cat_id parameter in a product mod action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.10%
Published
2007-07-30
Updated
2008-11-15
The default configuration of Centre for Speech Technology Research (CSTR) Festival 1.95 beta (aka 2.0 beta) on Gentoo Linux, SUSE Linux, and possibly other distributions, is run locally with elevated privileges without requiring authentication, which allows local and remote attackers to execute arbitrary commands via the local daemon on port 1314, a different vulnerability than CVE-2001-0956. NOTE: this issue is local in some environments, but remote on others.
Max CVSS
10.0
EPSS Score
1.61%
Published
2007-07-30
Updated
2018-10-15
SQL injection vulnerability in show_cat.php in IndexScript 2.8 and earlier allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
Max CVSS
7.5
EPSS Score
1.42%
Published
2007-07-30
Updated
2017-09-29
Absolute path traversal vulnerability in the clInetSuiteX6.clWebDav ActiveX control in CLINETSUITEX6.OCX in Clever Internet ActiveX Suite 6.2 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the GetToFile method. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
9.21%
Published
2007-07-30
Updated
2017-09-29
The SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to delete arbitrary files via unspecified vectors involving the deleteNessusRC method, probably a directory traversal vulnerability.
Max CVSS
7.8
EPSS Score
0.32%
Published
2007-07-30
Updated
2017-07-29
344 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!