Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-02-13 | CVE-2007-0911 | Remote Denial of Service vulnerability in PHP 5.2.1 Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash). | 7.8 |
| 2007-02-13 | CVE-2007-0909 | Multiple vulnerability in PHP 5.2.0 and Prior Versions Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function. | 7.5 |
| 2007-02-13 | CVE-2007-0906 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. | 7.5 |
| 2007-02-13 | CVE-2007-0905 | Multiple vulnerability in PHP 5.2.0 and Prior Versions PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. | 7.5 |
| 2007-02-13 | CVE-2007-0904 | SQL-Injection vulnerability in Lightro CMS 1.0 SQL injection vulnerability in projects.php in LightRO CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter to index.php. | 7.5 |
| 2007-02-13 | CVE-2007-0900 | Remote File Include vulnerability in TagIt! TagBoard Multiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard 2.1.B Build 2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) configpath parameter to (a) tagviewer.php, (b) tag_process.php, and (c) CONFIG/errmsg.inc.php; and (d) addTagmin.php, (e) ban_watch.php, (f) delTagmin.php, (g) delTag.php, (h) editTagmin.php, (i) editTag.php, (j) manageTagmins.php, and (k) verify.php in tagmin/; the (2) adminpath parameter to (l) tagviewer.php, (m) tag_process.php, and (n) tagmin/index.php; and the (3) admin parameter to (o) readconf.php, (p) updateconf.php, (q) updatefilter.php, and (r) wordfilter.php in tagmin/; different vectors than CVE-2006-5249. | 7.5 |
| 2007-02-13 | CVE-2007-0211 | Privilege Escalation vulnerability in Microsoft Windows 2003 Server and Windows XP The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware." | 7.2 |
| 2007-02-13 | CVE-2007-0210 | Privilege Escalation vulnerability in Microsoft Windows Image Acquisition Service The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 allows local users to gain privileges via unspecified vectors involving an "unchecked buffer," probably a buffer overflow. | 7.2 |
| 2007-02-13 | CVE-2007-0026 | Remote Code Execution vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. | 7.6 |
| 2007-02-12 | CVE-2007-0892 | Crlf Injection vulnerability in Matthieu Aubry PHPmyvisites CRLF injection vulnerability in phpMyVisites before 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the url parameter, when the pagename parameter begins with "FILE:". | 7.5 |