Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-05-31 | CVE-2007-2964 | Remote Denial of Service vulnerability in F-Secure Policy Manager FSMSH.DLL The fsmsh.dll host module in F-Secure Policy Manager Server 7.00 and earlier allows remote attackers to cause a denial of service (application crash) via NTFS reserved words in filenames in URLs. | 5.0 |
2007-05-31 | CVE-2007-2963 | Cross-Site Scripting vulnerability in Invision Power Board Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. network invision-power-services | 4.3 |
2007-05-31 | CVE-2007-2962 | Cross-Site Scripting vulnerability in Particle Soft Particle Gallery 1.0.0/1.0.1 Cross-site scripting (XSS) vulnerability in search.php in Particle Gallery 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the order parameter. network particle-soft | 4.3 |
2007-05-31 | CVE-2007-2961 | Arbitrary File Upload vulnerability in Filecloset 1.1.5 Unrestricted file upload vulnerability in FileCloset before 1.1.5 allows remote attackers to upload arbitrary PHP files via unspecified vectors. | 7.5 |
2007-05-31 | CVE-2007-2960 | File-Upload vulnerability in Scallywag.Org Scallywag 20050425 Multiple directory traversal vulnerabilities in Scallywag 2005-04-25 allow remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2007-05-31 | CVE-2007-2959 | SQL Injection vulnerability in CPCommerce Manufacturer.PHP SQL injection vulnerability in manufacturer.php in cpCommerce before 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id_manufacturer parameter. | 7.5 |
2007-05-31 | CVE-2007-2947 | Remote File Include vulnerability in David Branco Openbase 0.6Alpha Multiple PHP remote file inclusion vulnerabilities in OpenBASE Alpha 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the root_prefix parameter to (1) index.php, (2) email_subscribe.php, (3) download.php, or (4) development.php. | 7.5 |
2007-05-31 | CVE-2007-2946 | Buffer Overflow vulnerability in Lead Technologies Leadtools Raster Dialog File Object 14.5.0.44 Buffer overflow in a certain ActiveX control in LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL) 14.5.0.44 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long DestinationPath property value. | 10.0 |
2007-05-31 | CVE-2007-2945 | Information Disclosure vulnerability in Rmforum RMForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for rmforum.mdb. | 5.0 |
2007-05-31 | CVE-2007-2944 | Permissions, Privileges, and Access Controls vulnerability in Wabcms 1.0 WabCMS 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/wabcmsn.mdb. | 5.0 |