Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-02-03 | CVE-2007-0678 | SQL Injection vulnerability in FullASPSite ASP Hosting Windows.ASP SQL injection vulnerability in windows.asp in Fullaspsite Asp Hosting Sitesi allows remote attackers to execute arbitrary SQL commands via the kategori_id parameter. | 7.5 |
| 2007-02-03 | CVE-2007-0677 | Remote File Include vulnerability in Cronosys Cadre PHP Framework 22020724 PHP remote file inclusion vulnerability in fw/class.Quick_Config_Browser.php in Cadre PHP Framework 20020724 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][framework_path] parameter. | 7.5 |
| 2007-02-03 | CVE-2007-0675 | Code Injection vulnerability in Microsoft Windows Vista A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer. | 7.6 |
| 2007-02-03 | CVE-2007-0674 | Remote Denial of Service vulnerability in Microsoft Windows Mobile 2003/2003Se/5.0 Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows user-assisted remote attackers to cause a denial of service (device hang) via a malformed JPEG file. network microsoft | 7.1 |
| 2007-02-03 | CVE-2007-0673 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products LGSERVER.EXE in BrightStor ARCserve Backup for Laptops & Desktops r11.1 allows remote attackers to cause a denial of service (daemon crash) via a value of 0xFFFFFFFF at a certain point in an authentication negotiation packet, which results in an out-of-bounds read. | 7.8 |
| 2007-02-03 | CVE-2007-0672 | LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers to cause a denial of service (disk consumption and daemon hang) via a value of 0xFFFFFF7F at a certain point in an authentication negotiation packet, which writes a large amount of data to a .USX file in CA_BABLDdata\Server\data\transfer\. | 7.8 |
| 2007-02-01 | CVE-2007-0663 | SQL-Injection vulnerability in Eclectic Designs Cascadianfaq 4.1 SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the qid parameter, a different vector than CVE-2007-0631. | 7.5 |
| 2007-02-01 | CVE-2007-0662 | Remote File Include vulnerability in Hailboards 1.2.0 PHP remote file inclusion vulnerability in includes/usercp_viewprofile.php in Hailboards 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 7.5 |
| 2007-02-01 | CVE-2007-0657 | Unspecified vulnerability in Alientrap Nexuiz 2.2.2 Unspecified vulnerability in Nexuiz 2.2.2 allows remote attackers to read and overwrite arbitrary files via the gamedir command. | 7.5 |
| 2007-02-01 | CVE-2007-0656 | Remote File Include vulnerability in PHPbb2-Modificat 0.1.0/0.2.0 PHP remote file inclusion vulnerability in includes/functions.php in phpBB2-MODificat 0.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 7.5 |