Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-11 | CVE-2007-0178 | Remote File Include vulnerability in PHP web Scripts Easy Banner PRO 2.8 PHP remote file inclusion vulnerability in info.php in Easy Banner Pro 2.8 allows remote attackers to execute arbitrary PHP code via a URL in the s[phppath] parameter. | 7.5 |
| 2007-01-11 | CVE-2007-0174 | Remote Stack Buffer Overflow vulnerability in Sina Uc2006 Multiple stack-based multiple buffer overflows in the BRWOSSRE2UC.dll ActiveX Control in Sina UC2006 and earlier allow remote attackers to execute arbitrary code via a long string in the (1) astrVerion parameter to the SendChatRoomOpt function or (2) the astrDownDir parameter to the SendDownLoadFile function. | 7.5 |
| 2007-01-11 | CVE-2007-0170 | Remote File Include vulnerability in Allmyphp Allmyvisitors 0.4.0 PHP remote file inclusion vulnerability in index.php in AllMyVisitors 0.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the AMV_serverpath parameter. | 7.5 |
| 2007-01-10 | CVE-2007-0167 | Remote File Include vulnerability in PPC Search Engine INC Parameter Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search Engine), as distributed with other aliases, allow remote attackers to execute arbitrary PHP code via a URL in the INC parameter in (1) config_admin.php, (2) config_main.php, (3) config_member.php, and (4) mysql_config.php in config/; (5) admin.php and (6) index.php in admini/; (7) paypalipn/ipnprocess.php; (8) index.php and (9) registration.php in members/; and (10) ppcbannerclick.php and (11) ppcclick.php in main/. | 7.5 |
| 2007-01-10 | CVE-2007-0165 | Denial of Service vulnerability in Sun Solaris RPC Request Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind. | 7.8 |
| 2007-01-10 | CVE-2007-0164 | Unspecified vulnerability in Camouflage 1.2.1 Camouflage 1.2.1 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing certain bytes of the JPEG image with alternate password information. | 7.8 |
| 2007-01-10 | CVE-2007-0163 | Security Bypass vulnerability in Securekit Steganography 1.7.1/1.8 SecureKit Steganography 1.7.1 and 1.8 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing the last 20 bytes of the JPEG image with alternate password information. | 7.8 |
| 2007-01-10 | CVE-2007-0160 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Centericq Stack-based buffer overflow in the LiveJournal support (hooks/ljhook.cc) in CenterICQ 4.9.11 through 4.21.0, when using unofficial LiveJournal servers, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by adding the victim as a friend and using long (1) username and (2) real name strings. | 7.5 |
| 2007-01-09 | CVE-2007-0156 | Information Disclosure vulnerability in M-Core M-Core stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to db/uyelik.mdb. | 7.5 |
| 2007-01-09 | CVE-2007-0155 | Information Disclosure vulnerability in Harikaonline 2.0 HarikaOnline 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for harikaonline.mdb. | 7.5 |