Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-18 | CVE-2007-0314 | Remote File Include vulnerability in Article System Article System 1.0 Multiple PHP remote file inclusion vulnerabilities in Article System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_DIR parameter to (1) forms.php, (2) issue_edit.php, (3) client.php, and (4) classes.php. | 7.5 |
| 2007-01-18 | CVE-2007-0312 | Information Disclosure vulnerability in Wcsimple Poll wcSimple Poll stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password hashes via a direct request for password.txt. | 7.8 |
| 2007-01-18 | CVE-2007-0309 | SQL Injection vulnerability in PHP-Nuke Block-Old_Articles.PHP SQL injection vulnerability in blocks/block-Old_Articles.php in Francisco Burzi PHP-Nuke 7.9 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter. | 7.5 |
| 2007-01-18 | CVE-2007-0307 | Remote File Include vulnerability in Poplar Gedcom Viewer Poplar Gedcom Viewer 1.2.2 PHP remote file inclusion vulnerability in include/common.php in Poplar Gedcom Viewer 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[rootPath] parameter. | 7.5 |
| 2007-01-18 | CVE-2007-0306 | SQL Injection vulnerability in DigiAppz DigiAffiliate Visu_User.ASP SQL injection vulnerability in visu_user.asp in Digiappz DigiAffiliate 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2007-01-18 | CVE-2007-0305 | SQL Injection vulnerability in Okulsistem Okul web Otomasyon Sistemi 4.0.1 SQL injection vulnerability in etkinlikbak.asp in Okul Web Otomasyon Sistemi 4.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2007-01-18 | CVE-2007-0304 | SQL-Injection vulnerability in Haber Sistemi SQL injection vulnerability in duyuru.asp in MiNT Haber Sistemi 2.7 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2007-01-17 | CVE-2007-0299 | Denial-Of-Service vulnerability in Apple mac OS X 10.4.8 Integer overflow in the byte_swap_sbin function in bsd/ufs/ufs/ufs_byte_order.c in Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service (kernel panic) by mounting a crafted Unix File System (UFS) DMG image, which triggers an invalid pointer dereference. network apple | 7.1 |
| 2007-01-17 | CVE-2007-0295 | Multiple vulnerability in Oracle January 2007 Security Update Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13 and 8.47.11 has unknown impact and attack vectors in PeopleTools, aka PSE01. | 7.8 |
| 2007-01-17 | CVE-2007-0292 | Multiple vulnerability in Oracle Enterprise Manager 10.1.0.5 Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 have unknown impact and attack vectors related to Oracle Agent, aka (1) EM01 and (2) EM02. | 7.5 |