Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-29 | CVE-2007-0554 | SQL Injection vulnerability in GUO XU Guos Posting System GUO XU Guos Posting System 1.2 SQL injection vulnerability in print.asp in Guo Xu Guos Posting System (GPS) 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2007-01-29 | CVE-2007-0551 | Remote Security vulnerability in Cmsmadesimple CMS Made Simple 2.7 Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php in CMSimple 2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pth[file][config] and (2) pth[file][image] parameters. | 7.5 |
| 2007-01-29 | CVE-2007-0546 | Information Disclosure vulnerability in Toxiclab Shoutbox 1 Toxiclab Shoutbox 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db.mdb. | 7.8 |
| 2007-01-29 | CVE-2007-0545 | Information Disclosure vulnerability in Maxtricity Tagger 0.1 Maxtricity Tagger 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for tagger.mdb. | 7.8 |
| 2007-01-29 | CVE-2007-0539 | Denial-Of-Service vulnerability in WordPress The wp_remote_fopen function in WordPress before 2.1 allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a large file, which triggers a long download session without a timeout constraint. | 7.8 |
| 2007-01-29 | CVE-2006-6963 | Remote Security vulnerability in Docebo 3.0.3 Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 3.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_lms] parameter to (1) class.module/class.definition.php and (2) modules/scorm/scorm_utils.php. | 7.5 |
| 2007-01-29 | CVE-2006-6958 | Code Injection vulnerability in PHPbluedragon CMS 2.9.1 Multiple PHP remote file inclusion vulnerabilities in phpBlueDragon 2.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter to (1) team_admin.php, (2) rss_admin.php, (3) manual_admin.php, and (4) forum_admin.php in includes/root_modules/, a different set of vectors than CVE-2006-3076. | 7.5 |
| 2007-01-27 | CVE-2007-0536 | Local Security vulnerability in Rpath Linux 1 The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges. | 7.2 |
| 2007-01-26 | CVE-2007-0535 | Remote Security vulnerability in Vote Pro Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly earlier, allow remote attackers to execute arbitrary code via requests to unspecified PHP scripts with the poll_id parameter, which is supplied to eval function calls, a different set of vectors than CVE-2007-0504. | 7.5 |
| 2007-01-26 | CVE-2007-0531 | Remote Security vulnerability in Freewebshop 2.2.3/2.2.4 PHP remote file inclusion vulnerability in includes/login.php in FreeWebShop 2.2.3 and 2.2.4 before 20070123 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter. | 7.5 |