Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-16 | CVE-2007-0251 | Unspecified vulnerability in Snort 2.6.1.2 Integer underflow in the DecodeGRE function in src/decode.c in Snort 2.6.1.2 allows remote attackers to trigger dereferencing of certain memory locations via crafted GRE packets, which may cause corruption of log files or writing of sensitive information into log files. | 7.8 |
| 2007-01-16 | CVE-2006-6933 | Information Disclosure vulnerability in EFS Software Easy Chat Server 2.1 Easy Chat Server 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download certain files via direct requests to files such as (1) ServerKey.pem and (2) AcceptIP.txt. | 7.8 |
| 2007-01-16 | CVE-2006-6932 | SQL Injection vulnerability in Image Gallery with Access Database Multiple SQL injection vulnerabilities in Image Gallery with Access Database allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to (a) dispimage.asp, or the (2) order or (3) page parameter to (b) default.asp. | 7.5 |
| 2007-01-16 | CVE-2006-6767 | Reachable Assertion vulnerability in Time-Travellers Oftpd oftpd before 0.3.7 allows remote attackers to cause a denial of service (daemon abort) via a (1) LPRT or (2) LPASV command with an unsupported address family, which triggers an assertion failure. | 7.5 |
| 2007-01-16 | CVE-2006-5876 | Remote Denial of Service vulnerability in Libsoup 2.2.98 The soup_headers_parse function in soup-headers.c for libsoup HTTP library before 2.2.99 allows remote attackers to cause a denial of service (crash) via malformed HTTP headers, probably involving missing fields or values. | 7.8 |
| 2007-01-13 | CVE-2007-0233 | SQL Injection vulnerability in WordPress Wp-trackback.PHP wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the tb_id parameter. | 7.5 |
| 2007-01-13 | CVE-2007-0232 | Remote File Include vulnerability in Jshop E-Commerce Jshop Server 1.3 PHP remote file inclusion vulnerability in routines/fieldValidation.php in Jshop Server 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the jssShopFileSystem parameter. | 7.5 |
| 2007-01-13 | CVE-2007-0229 | Numeric Errors vulnerability in multiple products Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. | 7.2 |
| 2007-01-13 | CVE-2007-0226 | SQL Injection vulnerability in uniForum WBSearch.ASPX SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier allows remote attackers to execute arbitrary SQL commands via the "by User" field (aka the TXbyuser parameter). | 7.5 |
| 2007-01-13 | CVE-2007-0224 | SQL-Injection vulnerability in Virtual Programming Vp-Asp 6.09 SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginLastname parameter. | 7.5 |