Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-02-07 | CVE-2007-0825 | Remote Buffer Overflow vulnerability in Flashfxp 3.4.0Build1145 FlashFXP 3.4.0 build 1145 allows remote servers to cause a denial of service (CPU consumption) via a response to a PWD command that contains a long string with deeply nested directory structure, possibly due to a buffer overflow. | 7.8 |
2007-02-07 | CVE-2007-0824 | Remote File Include vulnerability in Lightro CMS 1Beta PHP remote file inclusion vulnerability in inhalt.php in LightRO CMS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dateien[news] parameter. | 7.5 |
2007-02-07 | CVE-2007-0820 | Remote File Include vulnerability in Cedric Claire Portailphp 2 Multiple PHP remote file inclusion vulnerabilities in Cedric CLAIRE PortailPhp 2 allow remote attackers to execute arbitrary PHP code via a URL in the chemin parameter to (1) mod_news/index.php, (2) mod_news/goodies.php, or (3) mod_search/index.php. | 7.5 |
2007-02-07 | CVE-2006-6974 | SQL-Injection vulnerability in Deskpro Headstart Solutions DeskPRO stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) list files in the includes/ directory; obtain the SQL username and password via a direct request for (2) config.php and (3) config.php.bak in includes/; read files in (4) email/, (5) admin/graphs/, (6) includes/javascript/, and (7) certain other includes/ directories via direct requests; and download SQL database data via direct requests for (8) data.sql, (9) install.sql, (10) settings.sql, and possibly other files in install/v2data/. | 7.5 |
2007-02-07 | CVE-2006-6973 | Remote Security vulnerability in Deskpro Headstart Solutions DeskPRO does not require authentication for certain files and directories associated with administrative activities, which allows remote attackers to (1) reinstall the application via a direct request for install/index.php; (2) delete the database via a do=delete_database QUERY_STRING to a renamed copy of install/index.php; or access the administration system, after guessing a filename, via a direct request for a file in (3) admin/ or (4) tech/. | 7.5 |
2007-02-07 | CVE-2006-6972 | SQL-Injection vulnerability in Btitracker SQL injection in torrents.php in BtitTracker 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) by and (2) order parameters. | 7.5 |
2007-02-07 | CVE-2007-0812 | SQL Injection vulnerability in Woltlab Burning Board Lite Pms.PHP SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) Lite 1.0.2pl3e and earlier allows remote authenticated users to execute arbitrary SQL commands via the pmid[0] parameter. | 7.5 |
2007-02-07 | CVE-2007-0810 | Remote File Include vulnerability in Geeklog 2 PHP remote file inclusion vulnerability in MVCnPHP/BaseView.php in GeekLog 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_libraries] parameter. | 7.5 |
2007-02-07 | CVE-2007-0809 | Remote File Include vulnerability in Ptirhiikmods Mod-Ch 2.1.2 PHP remote file inclusion vulnerability in includes/class_template.php in Categories hierarchy (aka CH or mod-CH) 2.1.2 in ptirhiikmods allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 7.5 |
2007-02-07 | CVE-2007-0808 | Remote Security vulnerability in Mina Ajans Script PHP remote file inclusion vulnerability in Mina Ajans Script allows remote attackers to execute arbitrary PHP code via a URL in the syf parameter to an unspecified PHP script. | 7.5 |