Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-31 | CVE-2007-0633 | Remote File Include vulnerability in MyNews Themefunc.PHP PHP remote file inclusion vulnerability in include/themes/themefunc.php in MyNews 4.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter. | 7.5 |
| 2007-01-31 | CVE-2007-0632 | SQL-Injection vulnerability in ASP EDGE SQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via a username cookie, a different vector than CVE-2007-0560. | 7.5 |
| 2007-01-31 | CVE-2007-0631 | SQL Injection vulnerability in CascadianFaq SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |
| 2007-01-31 | CVE-2007-0630 | SQL-Injection vulnerability in Xnews Multiple SQL injection vulnerabilities in the generate_csv function in classes/class.news.php in X-dev xNews 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) from, and (3) q parameters, different vectors than CVE-2007-0569. | 7.5 |
| 2007-01-31 | CVE-2007-0623 | SQL Injection vulnerability in Maxdev Mdpro 1.0.76 SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows remote attackers to execute arbitrary SQL commands via the startrow parameter. | 7.5 |
| 2007-01-31 | CVE-2007-0618 | Authentication Bypass vulnerability in IBM AIX 5.3.0 Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability." | 7.5 |
| 2007-01-31 | CVE-2007-0616 | Unspecified vulnerability in Zenphoto 1.0.4/1.0.5/1.0.6 Directory traversal vulnerability in zen/template-functions.php in zenphoto 1.0.4 up to 1.0.6 allows remote attackers to list arbitrary directories via ".." sequences in the album parameter to index.php. | 7.8 |
| 2007-01-31 | CVE-2007-0615 | Remote Denial of Service vulnerability in Hitachi products Unspecified vulnerability in Hitachi JP1/HIBUN Advanced Edition Management Server and Log Server before 20070124 allows remote attackers to cause a denial of service (application stop) via unexpected data. | 7.8 |
| 2007-01-31 | CVE-2007-0614 | Remote Denial of Service vulnerability in Apple Ichat, Instant Message Framework and mac OS X The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (persistent application crash) via a crafted phsh hash attribute in a TXT key. | 7.8 |
| 2007-01-31 | CVE-2007-0612 | Unspecified vulnerability in Microsoft IE and Internet Explorer Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll; or the (12) TriEditDocument.TriEditDocument or (13) TriEditDocument.TriEditDocument.1 objects in (b) triedit.dll, which cause a NULL pointer dereference. | 7.8 |