Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-02-08 | CVE-2007-0848 | Remote Security vulnerability in Maian Recipe Maian Recipe 1.0 PHP remote file inclusion vulnerability in classes/class_mail.inc.php in Maian Recipe 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. | 7.5 |
| 2007-02-08 | CVE-2007-0847 | SQL-Injection vulnerability in Open Tibia Server Cms SQL injection vulnerability in mod/PM/reply.php in Open Tibia Server CMS (OTSCMS) 2.1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to priv.php. | 7.5 |
| 2007-02-08 | CVE-2007-0845 | Information Disclosure vulnerability in Advanced Poll Admin admin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote attackers to bypass authentication and gain administrator privileges by obtaining a valid session identifier and setting the uid parameter to 1. | 7.5 |
| 2007-02-08 | CVE-2007-0819 | Unspecified vulnerability in HP Network Node Manager 7.5 HP Network Node Manager (NNM) Remote Console 7.50, 7.51, and 7.53 assigns Everyone Full Control permission for the %PROGRAMFILES%\HP OpenView directory tree, which allows local users to gain privileges via a Trojan horse executable file or ActiveX component, or a modified bin\ovtrcsvc.exe for the HP Open View Shared Trace Service. | 7.2 |
| 2007-02-08 | CVE-2006-6979 | Improper Input Validation vulnerability in Amarok The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters. | 7.5 |
| 2007-02-08 | CVE-2006-6976 | Code Injection vulnerability in Centipaid PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.2 and earlier allows remote attackers to execute arbitrary code via a URL in the absolute_path parameter. | 7.5 |
| 2007-02-08 | CVE-2007-0839 | Remote File Include vulnerability in Valarsoft Webmatic 2.6 Multiple PHP remote file inclusion vulnerabilities in index/index_album.php in Valarsoft WebMatic 2.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) P_LIB and (2) P_INDEX parameters. | 7.5 |
| 2007-02-08 | CVE-2007-0837 | Remote File Include vulnerability in Agermenu 0.03 PHP remote file inclusion vulnerability in examples/inc/top.inc.php in AgerMenu 0.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter. | 7.5 |
| 2007-02-07 | CVE-2007-0828 | Remote File Include vulnerability in MySQLNewsEngine Affichearticles.PHP3 PHP remote file inclusion vulnerability in affichearticles.php3 in MySQLNewsEngine allows remote attackers to execute arbitrary PHP code via a URL in the newsenginedir parameter. | 7.5 |
| 2007-02-07 | CVE-2007-0826 | SQL Injection vulnerability in Kisisel Site 2007 SQL injection vulnerability in forum.asp in Kisisel Site 2007 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. | 7.5 |