Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-19 | CVE-2007-0385 | Information Disclosure vulnerability in Postnuke Software Foundation Postnuke 0.764 The faq section in PostNuke 0.764 allows remote attackers to obtain sensitive information (the full path) via "unvalidated output" in FAQ/index.php, possibly involving an undefined id_cat variable. | 7.8 |
| 2007-01-19 | CVE-2007-0382 | SQL Injection vulnerability in Letterman 1.2.3 Multiple SQL injection vulnerabilities in letterman.class.php in the Letterman 1.2.3 (com_letterman) component for Joomla! before 1.0.12 allow remote attackers to execute arbitrary SQL commands via the id parameter, related to the (1) lm_sendMail, (2) saveNewsletter, and (3) cancelNewsletter functions. | 7.5 |
| 2007-01-19 | CVE-2007-0381 | SQL-Injection vulnerability in Adaptive Technology Resource Centre Atutor 1.5.3.2 Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. | 7.5 |
| 2007-01-19 | CVE-2007-0378 | SQL-Injection vulnerability in Docman 1.3Rc2 Multiple SQL injection vulnerabilities in DocMan 1.3 RC2 allow attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2007-01-19 | CVE-2007-0377 | SQL Injection vulnerability in Xoops 2.0.16 Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in kernel/group.php in core, (2) the lid parameter in class/table_broken.php in the Weblinks module, and other unspecified vectors. | 7.5 |
| 2007-01-19 | CVE-2007-0374 | SQL Injection vulnerability in Mambo/Joomla CMS ID SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing. | 7.5 |
| 2007-01-19 | CVE-2007-0372 | SQL Injection vulnerability in Francisco Burzi PHP-Nuke 7.9 Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 allow remote attackers to execute arbitrary SQL commands via (1) the active parameter in admin/modules/modules.php; the (2) ad_class, (3) imageurl, (4) clickurl, (5) ad_code, or (6) position parameter in modules/Advertising/admin/index.php; or unspecified vectors in the (7) advertising, (8) weblinks, or (9) reviews section. | 7.5 |
| 2007-01-19 | CVE-2007-0370 | SQL-Injection vulnerability in PHPbp Rc32.204 Unrestricted file upload vulnerability in index.php in phpBP RC3 (2.204) and earlier allows remote administrators to inject arbitrary PHP code into an upload/banners/ file via a banners add operation that uploads the PHP code through an image_form parameter specifying a multiple-extension filename such as .jpg.vil.gif.php, which is stored in upload/banners/ under a different name, and executable via a direct request. | 7.5 |
| 2007-01-19 | CVE-2007-0369 | SQL-Injection vulnerability in PHPbp Rc32.204 SQL injection vulnerability in phpBP RC3 (2.204) and earlier allows remote attackers to execute arbitrary SQL commands via the comment forum. | 7.5 |
| 2007-01-19 | CVE-2006-6944 | Security Bypass vulnerability in phpMyAdmin phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers. | 7.5 |