Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-10-01 | CVE-2007-5146 | Code Injection vulnerability in DER Dirigent DER Dirigent 1.0 Multiple PHP remote file inclusion vulnerabilities in dedi-group Der Dirigent 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the dedi_path parameter to (1) inc.generate_code.php, (2) fnc.type_forms.php, or (3) fnc.type.php in backend/inc/, or (4) frontend.php or (5) backend.php in projekt01/cms/inc/; or (6) the this_dir parameter to backend/inc/class.filemanager.php. | 6.8 |
| 2007-10-01 | CVE-2007-5145 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Windows XP Multiple buffer overflows in system DLL files in Microsoft Windows XP, as used by Microsoft Windows Explorer (explorer.exe) 6.00.2900.2180, Don Ho Notepad++, unspecified Adobe Macromedia applications, and other programs, allow user-assisted remote attackers to cause a denial of service (application crash) via long strings in the (1) author, (2) title, (3) subject, and (4) comment Properties fields of a file, possibly involving improper handling of extended file attributes by the (a) NtQueryInformationFile, (b) NtQueryDirectoryFile, (c) NtSetInformationFile, (d) FileAllInformation, (e) FileNameInformation, and other FILE_INFORMATION_CLASS functions in ntdll.dll and the (f) GetFileAttributesExW and (g) GetFileAttributesW functions in kernel32.dll, a related issue to CVE-2007-1347. | 4.3 |
| 2007-10-01 | CVE-2007-5144 | Buffer Errors vulnerability in Microsoft Windows Live Messenger 8.1 Buffer overflow in the GDI engine in Windows Live Messenger, as used for Windows MSN Live 8.1, allows user-assisted remote attackers to cause a denial of service (application crash or system crash) and possibly execute arbitrary code by placing a malformed file in a new folder under the Sharing Folders path, and triggering a synchronize operation through the Windows MSN Live online service, possibly related to extended file attributes and possibly related to an incomplete fix for MS07-046, as demonstrated by a (1) .jpg, (2) .gif, (3) .wmf, (4) .doc, or (5) .ico file. | 4.3 |
| 2007-10-01 | CVE-2007-5143 | Unspecified vulnerability in F-Secure Anti-Virus 7.00 F-Secure Anti-Virus for Windows Servers 7.0 64-bit edition allows local users to bypass virus scanning by using the system32 directory to store a crafted (1) archive or (2) packed executable. | 1.9 |
| 2007-09-28 | CVE-2007-5142 | Cross-Site Scripting vulnerability in Solidweb Novus 1.0 Cross-site scripting (XSS) vulnerability in buscar.asp in Solidweb Novus 1.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. | 4.3 |
| 2007-09-28 | CVE-2007-5141 | SQL Injection vulnerability in Sitex CMS 0.7.3Beta SQL injection vulnerability in search.php in SiteX CMS 0.7.3 Beta allows remote attackers to execute arbitrary SQL commands via the search parameter. | 6.8 |
| 2007-09-28 | CVE-2007-5140 | Code Injection vulnerability in Integramod Nederland 1.4.2 PHP remote file inclusion vulnerability in includes/archive/archive_topic.php in IntegraMOD Nederland 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 6.8 |
| 2007-09-28 | CVE-2007-5139 | Code Injection vulnerability in Chupix CMS 0.2.3 PHP remote file inclusion vulnerability in admin/include/header.php in chupix 0.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the repertoire parameter. | 6.8 |
| 2007-09-28 | CVE-2007-5138 | Code Injection vulnerability in Lustig Lustig.Cms 2.5Beta PHP remote file inclusion vulnerability in forum/forum.php in lustig.cms BETA 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the view parameter. | 6.8 |
| 2007-09-28 | CVE-2007-5137 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in TCL TK TCL TK 8.4.13/8.4.14/8.4.15 Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl (Tcl/Tk) 8.4.13 through 8.4.15 allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the first. | 6.8 |