Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-23 | CVE-2007-0022 | Local Privilege Escalation vulnerability in Apple mac OS X 10.4.8 Untrusted search path vulnerability in writeconfig in Apple Mac OS X 10.4.8 allows local users to gain privileges via a modified PATH that points to a malicious launchctl program. | 7.2 |
| 2007-01-23 | CVE-2007-0021 | Remote Format String vulnerability in Apple Ichat 3.1.6 Format string vulnerability in Apple iChat 3.1.6 allows remote attackers to cause a denial of service (null pointer dereference and application crash) and possibly execute arbitrary code via format string specifiers in an aim:// URI. | 7.5 |
| 2007-01-22 | CVE-2007-0403 | SQL-Injection vulnerability in Paypal Subscription Manager SQL injection vulnerability in admin/memberlist.php in Easebay Resources Paypal Subscription Manager allows remote attackers to execute arbitrary SQL commands via the keyword parameter. | 7.5 |
| 2007-01-22 | CVE-2007-0401 | SQL-Injection vulnerability in Easebay Resources Login Manager 3.0 SQL injection vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the init_row parameter. | 7.5 |
| 2007-01-19 | CVE-2007-0396 | Remote Denial Of Service vulnerability in HP Hp-Ux 11.23 Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in combination with PHNE_34474, allows remote attackers to cause a denial of service (system crash) via unspecified vectors. network hp | 7.1 |
| 2007-01-19 | CVE-2007-0395 | Remote File Include vulnerability in Comvironment 4.0 PHP remote file inclusion vulnerability in libraries/grab_globals.lib.php in ComVironment 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter. | 7.5 |
| 2007-01-19 | CVE-2007-0391 | Local Format String vulnerability in Bitdefender Client Professionalplus8.02 Format string vulnerability in the log creation functionality of BitDefender Client Professional Plus 8.02 allows attackers to execute arbitrary code via certain scan job settings. | 7.2 |
| 2007-01-19 | CVE-2007-0389 | Directory Traversal vulnerability in Arsdigita products Directory traversal vulnerability in ArsDigita Community System (ACS) 3.4.10 and earlier, and ArsDigita Community Education Solution (ACES) 1.1, allows remote attackers to read arbitrary files via .%252e/ (double-encoded dot dot slash) sequences in the URI. | 7.8 |
| 2007-01-19 | CVE-2007-0388 | SQL-Injection vulnerability in Burning Board SQL injection vulnerability in search.php in Woltlab Burning Board (wBB) 1.0.2 and earlier, and 2.3.6 and earlier in the 2.x series, allows remote attackers to execute arbitrary SQL commands via the boardids[1] and other boardids[] parameters. | 7.5 |
| 2007-01-19 | CVE-2007-0387 | SQL-Injection vulnerability in Joomla 20070118 SQL injection vulnerability in models/category.php in the Weblinks component for Joomla! SVN 20070118 (com_weblinks) allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |