Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-26 | CVE-2007-0525 | Remote Security vulnerability in Mini Web Server Multiple buffer overflows in Nickolas Grigoriadis Mini Web server (MiniWebsvr) before 0.05 have unknown impact and attack vectors. | 7.5 |
| 2007-01-26 | CVE-2007-0520 | SQL Injection vulnerability in Unique ADS Unique ADS 1.0 SQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x allows remote attackers to execute arbitrary SQL commands via the bid parameter. | 7.5 |
| 2007-01-26 | CVE-2007-0518 | Information Disclosure vulnerability in Smart PHP Subscriber Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain encoded passwords via a direct request for pwd.txt. | 7.5 |
| 2007-01-26 | CVE-2007-0517 | Information Disclosure vulnerability in Scriptsez Random PHP Quote 1.0 Scriptsez Random PHP Quote 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password information via a direct request for pwd.txt. | 7.5 |
| 2007-01-26 | CVE-2007-0508 | Remote Security vulnerability in Bbclone 0.31 PHP remote file inclusion vulnerability in lib/selectlang.php in BBClone 0.31 allows remote attackers to execute arbitrary PHP code via a URL in the BBC_LANGUAGE_PATH parameter. | 7.5 |
| 2007-01-26 | CVE-2007-0505 | Multiple vulnerability in Drupal Project and Project Issues Tracking Modules Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 through 5.x before 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue. network drupal | 8.5 |
| 2007-01-25 | CVE-2007-0502 | SQL Injection vulnerability in Webspell 4.01.02 SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows remote attackers to execute arbitrary SQL commands via the picID parameter, a different vector than CVE-2007-0492. | 7.5 |
| 2007-01-25 | CVE-2007-0500 | Remote Security vulnerability in bradabra PHP remote file inclusion vulnerability in include/includes.php in Bradabra 2.0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. | 7.5 |
| 2007-01-25 | CVE-2007-0498 | Remote Security vulnerability in SKY Gunning Myspeach 2.1Beta PHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter. | 7.5 |
| 2007-01-25 | CVE-2007-0492 | SQL-Injection vulnerability in webSPELL Multiple SQL injection vulnerabilities in gallery.php in webSPELL 4.01.02 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) galleryID parameter. | 7.5 |