Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-06-06 | CVE-2007-2514 | Remote Buffer Overflow vulnerability in Multiple Vendor XFERWAN.EXE Filename Stack-based buffer overflow in XferWan.exe as used in multiple products including (1) Symantec Discovery 6.5, (2) Numara Asset Manager 8.0, and (3) Centennial UK Ltd Discovery 2006 Feature Pack, allows remote attackers to execute arbitrary code via a long request. | 9.3 |
| 2007-06-06 | CVE-2007-2419 | Unspecified vulnerability in Macrovision Flexnet Connect and Update Service Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the AddFileEx method, a different vulnerability than CVE-2007-0328. | 10.0 |
| 2007-06-06 | CVE-2007-0067 | Remote Denial of Service vulnerability in IBM Lotus Domino Web Server Unspecified vulnerability in the Lotus Domino Web Server 6.0, 6.5.x before 6.5.6, and 7.0.x before 7.0.3 allows remote attackers to cause a denial of service (daemon crash) via requests for URLs that reference certain files. | 7.8 |
| 2007-06-06 | CVE-2007-3068 | Buffer Overflow vulnerability in DVD X Studios DVD X Player 4.1 Stack-based buffer overflow in DVD X Player 4.1 Professional allows remote attackers to execute arbitrary code via a PLF playlist containing a long filename. network dvd-x-studios | 6.8 |
| 2007-06-06 | CVE-2007-3067 | Cross-Site Scripting vulnerability in Attunement And Key Cross-site scripting (XSS) vulnerability in the Attunement and Key Tracker 0.95 and earlier plugin for EQdkp allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the (1) keyshow, (2) sortkey, and (3) show parameters to index.php. network eqdkp | 4.3 |
| 2007-06-06 | CVE-2007-3066 | Remote Security vulnerability in Phpreactor Multiple PHP remote file inclusion vulnerabilities in php(Reactor) 1.2.7 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter to (1) view.inc.php, (2) users.inc.php, (3) updatecms.inc.php, and (4) polls.inc.php in inc/; and other unspecified files, different vectors than CVE-2006-3983. | 7.5 |
| 2007-06-06 | CVE-2007-3065 | SQL Injection vulnerability in Particle Soft Particle Gallery 1.0.0/1.0.1 SQL injection vulnerability in viewimage.php in Particle Soft Particle Gallery 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the editcomment parameter, a different version and vector than CVE-2006-2862. | 7.5 |
| 2007-06-06 | CVE-2007-3064 | Cross-Site Scripting vulnerability in Mealex MY Datebook Cross-site scripting (XSS) vulnerability in diary.php in My Databook allows remote attackers to inject arbitrary web script or HTML via the year parameter. | 4.3 |
| 2007-06-06 | CVE-2007-3063 | SQL Injection vulnerability in Mealex MY Databook NIL SQL injection vulnerability in diary.php in My Databook allows remote attackers to execute arbitrary SQL commands via the delete parameter. | 7.5 |
| 2007-06-06 | CVE-2007-3062 | Cross Site Scripting vulnerability in HP System Management Homepage (SMH) Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.2 running on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network hp | 4.3 |