Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-03-03 | CVE-2007-1233 | Code Injection vulnerability in Stwc-Counter PHP remote file inclusion vulnerability in downloadcounter.php in STWC-Counter 3.4.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the stwc_counter_verzeichniss parameter. | 7.5 |
| 2007-03-02 | CVE-2007-1222 | Local Security vulnerability in Parallels Desktop for Mac OS X Parallels Desktop for Mac before 20070216 implements Drag and Drop by sharing the entire host filesystem as the .psf share, which allows local users of the guest operating system to write arbitrary files to the host filesystem, and execute arbitrary code via launchd by writing a plist file to a LaunchAgents directory. | 7.2 |
| 2007-03-02 | CVE-2007-1221 | Privilege Escalation vulnerability in Microsoft Xbox 360 4532/4548 The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows attackers with physical access to force execution of the hypervisor syscall with a certain register set, which bypasses intended code protection. | 7.2 |
| 2007-03-02 | CVE-2007-1219 | Remote File Include vulnerability in Admin Phorum Admin Phorum 3.3.1A PHP remote file inclusion vulnerability in actions/del.php in Admin Phorum 3.3.1a allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. | 7.5 |
| 2007-03-02 | CVE-2007-1195 | Unspecified vulnerability in Dxmsoft XM Easy Personal FTP Server 5.0.1/5.2.1/5.3 Multiple buffer overflows in XM Easy Personal FTP Server 5.3.0 allow remote attackers to execute arbitrary code via unspecified vectors. | 7.5 |
| 2007-03-02 | CVE-2007-1189 | Local Integer Overflow vulnerability in Plan 9 Integer overflow in the envwrite function in the Alcatel-Lucent Bell Labs Plan 9 kernel allows local users to overwrite certain memory addresses with kernel memory via a large n argument, as demonstrated by (1) modifying the iseve function to gain privileges and (2) making the devpermcheck function grant unrestricted device permissions. | 7.2 |
| 2007-03-02 | CVE-2007-1188 | Remote vulnerability in Webapp.Org Webapp WebAPP before 0.9.9.5 allows remote attackers to submit Search form input that is not checked for (1) composition or (2) length, which has unknown impact, possibly related to "search form hijacking". | 7.5 |
| 2007-03-02 | CVE-2007-1183 | Remote vulnerability in Webapp.Org Webapp WebAPP before 0.9.9.5 allows remote authenticated users to spoof another user's Real Name via whitespace, which has unknown impact and attack vectors. | 7.5 |
| 2007-03-02 | CVE-2007-1178 | Remote vulnerability in Webapp.Org Webapp WebAPP before 0.9.9.5 does not check access in certain contexts related to (1) Calendar Administration, (2) Instant Messages Administration, and (3) the Image Uploader, which has unknown impact and attack vectors. | 7.5 |
| 2007-03-02 | CVE-2007-1171 | SQL Injection vulnerability in Nukescripts Nukesentinel SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie. | 7.5 |