Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-03-02 | CVE-2007-1147 | Code Injection vulnerability in HBM PHP remote file inclusion vulnerability in view.php in hbm allows remote attackers to execute arbitrary PHP code via a URL in the hbmpath parameter. | 7.5 |
| 2007-03-02 | CVE-2007-1146 | Remote Security vulnerability in Arabhost PHP remote file inclusion vulnerability in function.php in arabhost allows remote attackers to execute arbitrary PHP code via a URL in the adminfolder parameter. | 7.5 |
| 2007-03-02 | CVE-2007-1143 | Path Traversal vulnerability in Jeunes-Webmasters J-Web Pics Navigator 1.0 Directory traversal vulnerability in pn-menu.php in J-Web Pics Navigator 1.0 allows remote attackers to list arbitrary directories via a .. | 7.8 |
| 2007-03-02 | CVE-2007-1141 | Code Injection vulnerability in Reamday Enterprises Magic News Plus 1.0.2 PHP remote file inclusion vulnerability in preview.php in Magic News Plus 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the php_script_path parameter. | 7.5 |
| 2007-03-02 | CVE-2007-1005 | Heap-based buffer overflow in SW3eng.exe in the eID Engine service in CA (formerly Computer Associates) eTrust Intrusion Detection 3.0.5.57 and earlier allows remote attackers to cause a denial of service (application crash) via a long key length value to the remote administration port (9191/tcp). | 7.8 |
| 2007-03-02 | CVE-2006-7094 | Remote Security vulnerability in Ftpd ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bin/ls, which allows remote authenticated users to list arbitrary directories with the privileges of gid 0 and possibly enable additional attack vectors. | 8.5 |
| 2007-03-02 | CVE-2006-7091 | Remote File Include vulnerability in Hinton Design PHPht Topsites Free 1.022B PHP remote file inclusion vulnerability in config.php in phpht Topsites FREE 1.022b allows remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter. | 7.5 |
| 2007-03-02 | CVE-2006-7089 | SQL Injection vulnerability in BAN 0.1 SQL injection vulnerability in connexion.php in Ban 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2007-03-02 | CVE-2006-7088 | SQL-Injection vulnerability in Simple PHP Forum Simple PHP Forum 0.1/0.2/0.3 Multiple SQL injection vulnerabilities in Simple PHP Forum before 0.4 allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) logon_user.php and (2) update_profile.php. | 7.5 |
| 2007-03-02 | CVE-2006-7082 | File-Upload vulnerability in Rigter Portal System 1.0/2.0/3.0 Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to bypass authentication and upload arbitrary files via direct requests to (1) adm/photos/images.php and (2) adm/down/files.php. | 7.5 |