Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-02-07 | CVE-2007-0806 | Security Bypass vulnerability in LES News LES News 2.2 Les News 2.2 allows remote attackers to bypass authentication and gain administrative access via a direct request for adminews/index_fr.php3, and possibly the adminews index documents for other localizations. | 7.5 |
| 2007-02-07 | CVE-2007-0804 | Remote PHP Code Execution vulnerability in Ggcms 1.1.0Rc1 Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 RC1 and earlier allows remote attackers to inject arbitrary PHP code into arbitrary files via ".." sequences in the subpageName parameter, as demonstrated by injecting PHP code into a template file. | 7.5 |
| 2007-02-07 | CVE-2007-0803 | Classic Buffer Overflow vulnerability in Stlport Project Stlport 5.0.0/5.0.1/5.0.2 Multiple buffer overflows in STLport before 5.0.3 allow remote attackers to execute arbitrary code via unspecified vectors relating to (1) "print floats" and (2) a missing null termination in the "rope constructor." | 7.5 |
| 2007-02-06 | CVE-2007-0799 | SQL-Injection vulnerability in Uapplication Ublog Reload1.0.5 SQL injection vulnerability in badword.asp in Ublog Reload 1.0.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2007-02-06 | CVE-2007-0797 | Remote File Include vulnerability in Bluevirus-Design Sma-Db 0.3.9 PHP remote file inclusion vulnerability in theme/settings.php in bluevirus-design SMA-DB 0.3.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pfad_z parameter. | 7.5 |
| 2007-02-06 | CVE-2007-0796 | Remote Heap Overflow vulnerability in Bluecoat Winproxy 6.0/6.1 Blue Coat Systems WinProxy 6.1a and 6.0 r1c, and possibly earlier, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP CONNECT request, which triggers heap corruption. | 7.5 |
| 2007-02-06 | CVE-2007-0795 | Remote Security vulnerability in WAP Portal Server 1.X Multiple PHP remote file inclusion vulnerabilities in Wap Portal Server 1.x allow remote attackers to execute arbitrary PHP code via a URL in the language parameter to (1) index.php and (2) admin/index.php. | 7.5 |
| 2007-02-06 | CVE-2007-0793 | Remote Security vulnerability in Globalmegacorp Dvddb 0.6 PHP remote file inclusion vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the config parameter. | 7.5 |
| 2007-02-06 | CVE-2007-0792 | HTML Injection And Information disclosure vulnerability in Mozilla Bugzilla 2.23.3 The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file. | 7.5 |
| 2007-02-06 | CVE-2007-0790 | Buffer Errors vulnerability in Smartftp 2.0.1002 Heap-based buffer overflow in SmartFTP 2.0.1002 allows remote FTP servers to execute arbitrary code via a large banner. | 7.5 |