Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-02-12 | CVE-2007-0873 | Authentication Bypass vulnerability in Nabocorp Nabopoll 1.1/1.2 nabopoll 1.1.2 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) config_edit.php, (2) template_edit.php, or (3) survey_edit.php in admin/. | 7.5 |
2007-02-12 | CVE-2007-0871 | Unspecified vulnerability in Extremepow Extreme File Hosting Unrestricted file upload vulnerability in eXtremePow eXtreme File Hosting allows remote attackers to upload arbitrary PHP code via a filename with a double extension such as (1) .rar.php or (2) .zip.php. | 7.5 |
2007-02-12 | CVE-2006-7001 | Directory Traversal vulnerability in Phpmychat Plus Directory traversal vulnerability in avatar.php in PhpMyChat Plus 1.9 and earlier allows remote attackers to read arbitrary files via a .. network phpmychat-plus | 7.1 |
2007-02-12 | CVE-2006-6993 | SQL-Injection vulnerability in DEV Neuron Blog 1.1 Multiple SQL injection vulnerabilities in pages/addcomment2.php in Neuron Blog 1.1 allow remote attackers to inject arbitrary SQL commands via the (1) commentname, (2) commentmail, (3) commentwebsite, and (4) comment parameters. | 7.5 |
2007-02-11 | CVE-2007-0870 | Remote Code Execution vulnerability in Microsoft Word 2000 Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027. | 7.6 |
2007-02-09 | CVE-2007-0867 | Remote File Include vulnerability in Site-Assistant Menu.PHP PHP remote file inclusion vulnerability in classes/menu.php in Site-Assistant 0990 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the paths[version] parameter. | 7.5 |
2007-02-09 | CVE-2007-0865 | SQL Injection vulnerability in Lushinews 1.00/1.01 SQL injection vulnerability in comments.php in LushiNews 1.01 and earlier allows remote authenticated users to inject arbitrary SQL commands via the id parameter. | 7.5 |
2007-02-09 | CVE-2007-0864 | SQL Injection vulnerability in Lushiwarplaner 1.0 SQL injection vulnerability in register.php in LushiWarPlaner 1.0 allows remote attackers to inject arbitrary SQL commands via the id parameter. | 7.5 |
2007-02-09 | CVE-2006-6992 | Remote Security vulnerability in Gosurf Browser Gosurf Browser 2.62 Cross-domain vulnerability in GoSuRF Browser 2.62 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | 7.8 |
2007-02-09 | CVE-2006-6991 | Remote Security vulnerability in Fast Browser Fast Browser Pro8.1 Cross-domain vulnerability in Fast Browser Pro 8.1 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | 7.8 |