Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-06-11 | CVE-2007-3141 | Remote Security vulnerability in PHPwebthings 1.5.2 PHP remote file inclusion vulnerability in core/editor.php in phpWebThings 1.5.2 allows remote attackers to execute arbitrary PHP code via a URL in the editor_insert_top parameter. network phpwebthings | 6.8 |
| 2007-06-08 | CVE-2007-1685 | Remote Buffer Overflow vulnerability in Bluecoat K9 web Protection 3.2.36 Buffer overflow in k9filter.exe in BlueCoat K9 Web Protection 3.2.36, and probably other versions before 3.2.44, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request to port 2372. | 10.0 |
| 2007-06-08 | CVE-2007-3140 | SQL Injection vulnerability in Wordpress 2.2 SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897. | 6.5 |
| 2007-06-08 | CVE-2007-3139 | Remote Security vulnerability in Quick.Cart config/general.php in Quick.Cart 2.2 and earlier uses a default username and password, which allows remote attackers to access the application via a login action to admin.php. network open-solution | 6.8 |
| 2007-06-08 | CVE-2007-3138 | Local File Include vulnerability in Quick.Cart Directory traversal vulnerability in index.php in Open Solution Quick.Cart 2.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
| 2007-06-08 | CVE-2007-3137 | Cross-Site Scripting vulnerability in Webmaster Solutions Wmscms 2.0 Multiple cross-site scripting (XSS) vulnerabilities in 4print.asp in WmsCMS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sbl, (2) sbr, or (3) search parameter. | 4.3 |
| 2007-06-08 | CVE-2007-3136 | Remote File Include vulnerability in Newssync 1.5.0Rc6 PHP remote file inclusion vulnerability in inc/nuke_include.php in newsSync 1.5.0rc6 allows remote attackers to execute arbitrary PHP code via a URL in the newsSync_NUKE_PATH parameter. | 7.5 |
| 2007-06-08 | CVE-2007-3135 | Input Validation vulnerability in Atom PhotoBlog AtomPhotoBlog.PHP Cross-site scripting (XSS) vulnerability in atomPhotoBlog.php in Atom Photoblog 1.0.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the tag parameter. network atom | 4.3 |
| 2007-06-08 | CVE-2007-3134 | Cross-Site Scripting vulnerability in Photoblog Multiple cross-site scripting (XSS) vulnerabilities in atomPhotoBlog.php in Atom PhotoBlog 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Your Name, (2) Your Homepage, and (3) Your Comment fields, when using "Approve Comments." network atom | 4.3 |
| 2007-06-08 | CVE-2007-3133 | SQL Injection vulnerability in W1L3D4 Webmarket 0.1 SQL injection vulnerability in urunbak.asp in W1L3D4 WEBmarket 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. network w1l3d4 | 6.8 |