Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-17 | CVE-2007-0280 | Multiple vulnerability in Oracle products Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN01. | 7.5 |
| 2007-01-17 | CVE-2007-0279 | Multiple vulnerability in Oracle January 2007 Security Update Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka (1) OHS01, (2) OHS02, (3) OHS05, (4) OHS06, and (5) OHS07. | 7.5 |
| 2007-01-17 | CVE-2007-0272 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Oracle Database Server Multiple buffer overflows in MDSYS.MD in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via unspecified vectors involving certain public procedures, aka DB05. | 8.5 |
| 2007-01-17 | CVE-2006-6937 | Input Validation vulnerability in Pensacola web Designs Xtremeasp Photogallery 2.0 SQL injection vulnerability in displaypic.asp in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary SQL commands via the sortorder parameter. | 7.5 |
| 2007-01-16 | CVE-2007-0266 | Cross-Site Scripting vulnerability in Ezboxx Portal System Beta0.7.6 SQL injection vulnerability in boxx/ShowAppendix.asp in Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the iid parameter. | 7.5 |
| 2007-01-16 | CVE-2007-0263 | Unspecified vulnerability in Total Commander Total Commander Unspecified vulnerability in Total Commander before 6.5.6 allows user-assisted remote attackers to delete arbitrary files and corrupt a filesystem via a crafted RAR file. | 7.1 |
| 2007-01-16 | CVE-2007-0262 | Information Disclosure vulnerability in Wordpress 2.0.6/2.1 WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify that the m parameter value has the string data type, which allows remote attackers to obtain sensitive information via an invalid m[] parameter, as demonstrated by obtaining the path, and obtaining certain SQL information such as the table prefix. | 7.8 |
| 2007-01-16 | CVE-2007-0259 | Information Exposure vulnerability in Ezboxx Portal System Beta0.7.6 Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to obtain sensitive information via an invalid cat parameter to boxx/knowledgebase.asp, which reveals the path in an error message. | 7.8 |
| 2007-01-16 | CVE-2007-0256 | Denial Of Service vulnerability in Videolan VLC Media Player 0.8.6A VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file. | 7.8 |
| 2007-01-16 | CVE-2007-0252 | Remote Security vulnerability in Easy-Content Filemanager Unspecified vulnerability in easy-content filemanager allows remote attackers to upload or modify arbitrary files via unspecified vectors. | 7.5 |