Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2007-02-12 CVE-2007-0887 Null Pointer Dereference vulnerability in Gecad Technologies Axigen Mail Server 1.2.6/2.0.0B1
axigen 1.2.6 through 2.0.0b1 does not properly parse login credentials, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a base64-encoded "*\x00" sequence on the imap port (143/tcp).
network
low complexity
gecad-technologies CWE-476
7.8
2007-02-12 CVE-2006-7010 SQL-Injection vulnerability in Joomla
The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks.
network
low complexity
joomla
7.5
2007-02-12 CVE-2006-7009 Remote Security vulnerability in Joomla
Joomla! before 1.0.10 allows remote attackers to spoof the frontend submission forms, which has unknown impact and attack vectors.
network
low complexity
joomla
7.5
2007-02-12 CVE-2006-7008 Remote Security vulnerability in Joomla
Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact and attack vectors, related to "securing mosmsg from misuse." NOTE: it is possible that this issue overlaps CVE-2006-1029.
network
low complexity
joomla
7.5
2007-02-12 CVE-2006-7007 Denial-Of-Service vulnerability in Tiny Ftpd
Buffer overflow in Tiny FTPd 1.4 and earlier allows remote attackers to cause a denial of service (daemon crash) via a long USER command, a different vector than CVE-2000-0133.
network
low complexity
h-nomura
7.8
2007-02-12 CVE-2006-7005 SQL-Injection vulnerability in PSY Auction
SQL injection vulnerability in item.php in PSY Auction allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
php-script-tools
7.5
2007-02-12 CVE-2006-7003 Remote Security vulnerability in Fusion Polls
PHP remote file inclusion vulnerability in admin/index.php in Fusion Polls allows remote attackers to execute arbitrary PHP code via a URL in the xtrphome parameter.
network
low complexity
fusionphp
7.5
2007-02-12 CVE-2007-0884 Remote Buffer Overflow vulnerability in Roaring Penguin Software Mimedefang 2.59/2.60
Buffer overflow in Roaring Penguin MIMEDefang 2.59 and 2.60 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors.
network
low complexity
roaring-penguin
7.5
2007-02-12 CVE-2007-0880 Information Disclosure vulnerability in Capital Request Forms
Capital Request Forms stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for inc/common_db.inc.
network
low complexity
capital-request-forms
7.8
2007-02-12 CVE-2007-0878 Remote WML Content Denial of Service vulnerability in Microsoft Windows Mobile 5.0
Unspecified vulnerability in Microsoft Internet Explorer on Windows Mobile 5.0 allows remote attackers to cause a denial of service (loss of browser and other device functionality) via a malformed WML page, related to an "overflow state." NOTE: it is possible that this issue is related to CVE-2007-0685.
network
low complexity
microsoft
7.8