Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-18 | CVE-2007-0339 | SQL-Injection vulnerability in Scriptme SME Filemailer 1.21 SQL injection vulnerability in index.php (aka the login form) in Scriptme SMe FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the Password field (ps parameter). | 7.5 |
| 2007-01-18 | CVE-2007-0338 | Remote Security vulnerability in Dreamftp Server Heap-based buffer overflow in Dream FTP Server allows remote attackers to execute arbitrary code via a USER command with a large number of format string specifiers, which triggers the overflow during processing of the Server Log. | 7.5 |
| 2007-01-18 | CVE-2007-0337 | Local File Include vulnerability in KGB Directory traversal vulnerability in sesskglogadmin.php in KGB 1.9 and earlier allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
| 2007-01-18 | CVE-2007-0334 | Authentication Replay vulnerability in InGate Firewall And SIParator Unspecified vulnerability in the SIP module in InGate Firewall and SIParator before 4.5.1 allows remote attackers to conduct replay attacks on the authentication mechanism via unknown vectors. | 7.5 |
| 2007-01-18 | CVE-2007-0333 | Local Privilege Escalation vulnerability in Agnitum Outpost Firewall 4.0 Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access restrictions and insert Trojan horse drivers into the product's installation directory by creating links using FileLinkInformation requests with the ZwSetInformationFile function, as demonstrated by modifying SandBox.sys. | 7.2 |
| 2007-01-18 | CVE-2007-0332 | Unspecified vulnerability in Xentraz Liens Dynamiques 2.1 (1) admin/adminlien.php3 and (2) admin/modif.php3 in liens_dynamiques 2.1 do not require authentication, which allows remote attackers to perform unauthorized administrative actions using a direct request. | 7.5 |
| 2007-01-18 | CVE-2007-0330 | Local Memory Corruption vulnerability in Ipswitch WS FTP PRO 2007 Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch WS_FTP 2007 Professional allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long ftp:// URL in an HTML document, and possibly other vectors. | 7.5 |
| 2007-01-18 | CVE-2007-0318 | Denial-Of-Service vulnerability in Apple mac OS X 10.4.8 The do_hfs_truncate function in Mac OS X 10.4.8 allows context-dependent attackers to cause a denial of service (kernel panic) via a crafted HFS+ filesystem in a DMG image, which causes an access of an invalid vnode structure during file removal. | 7.8 |
| 2007-01-18 | CVE-2007-0317 | Remote Format String vulnerability in Filezilla 3.0.0Beta1/3.0.0Beta2 Format string vulnerability in the LogMessage function in FileZilla before 3.0.0-beta5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted arguments. | 7.5 |
| 2007-01-18 | CVE-2007-0316 | SQL Injection vulnerability in All In One Control Panel Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.010 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) xuser_name parameter to shared/code/cp_authorization.php, and the (2) did parameter to public/code/cp_downloads.php, different vectors than CVE-2007-0223. | 7.5 |