Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2007-04-11 CVE-2007-1961 Remote File Include vulnerability in PHPbb Mutant 0.9.2
PHP remote file inclusion vulnerability in mutant_functions.php in the Mutant 0.9.2 portal for phpBB 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
network
low complexity
phpbb
7.5
2007-04-11 CVE-2007-1960 SQL Injection vulnerability in Xoops Rha7 Downloads Module 1.0/1.10
SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS, and possibly other versions up to 1.10, allows remote attackers to execute arbitrary SQL commands via the lid parameter.
network
low complexity
xoops CWE-89
7.5
2007-04-11 CVE-2007-1959 Remote Security vulnerability in TinyMUX
Unspecified vulnerability in the process_cmdent function in command.cpp in TinyMUX before 2.4 has unknown impact and attack vectors, related to lack of the "'other half' of buffer overflow protection."
network
low complexity
tinymux
critical
10.0
2007-04-11 CVE-2007-1958 Denial-Of-Service vulnerability in TinyMUX
Buffer overflow in TinyMUX before 2.4 allows attackers to cause a denial of service via unspecified vectors related to "too many substring matches in a regexp $-command." NOTE: some of these details are obtained from third party information.
network
low complexity
tinymux
5.0
2007-04-11 CVE-2007-1957 Remote Security vulnerability in Web Php
Multiple PHP remote file inclusion vulnerabilities in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allow remote attackers to execute arbitrary PHP code via a URL in the pageAll parameter to index.php in (1) template/Vert/, or (2) template/Noir/.
6.8
2007-04-11 CVE-2007-1956 SQL Injection vulnerability in UBB.Threads UBBThreads.PHP
SQL injection vulnerability in ubbthreads.php in Groupee UBB.threads 6.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the C parameter.
network
low complexity
ubbcentral
7.5
2007-04-11 CVE-2007-1955 Buffer Overflow vulnerability in Signkorea Skcommax Activex Control 5.4.1.2
Multiple stack-based buffer overflows in the SignKorea SKCrypAX ActiveX control module 5.4.1.2 allow remote attackers to execute arbitrary code via a long string in unspecified arguments to the (1) DownloadCert, (2) DecryptFileByKey, and (3) EncryptFileByKey functions, a different module and vectors than CVE-2007-1722.
network
low complexity
signkorea
critical
10.0
2007-04-11 CVE-2007-1954 Directory Traversal vulnerability in Archivexpert 2.02Build80
Multiple directory traversal vulnerabilities in ArchiveXpert 2.02 build 80 allow remote attackers to create files in arbitrary directories via a ..
network
low complexity
archivexpert
7.5
2007-04-11 CVE-2007-1953 Improper Authentication vulnerability in Onelook Courts Online
Session fixation vulnerability in onelook courts on-line allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.
network
low complexity
onelook CWE-287
7.5
2007-04-11 CVE-2007-1952 Improper Authentication vulnerability in Onelook Onebyone CMS
Session fixation vulnerability in onelook onebyone CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.
network
low complexity
onelook CWE-287
7.5