Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-09 | CVE-2007-0154 | Information Disclosure vulnerability in Webulas Webulas stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/db.mdb. | 7.5 |
| 2007-01-09 | CVE-2007-0153 | Information Disclosure vulnerability in Adam Jarret Ajlogin 3.5 AJLogin 3.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for ajlogin.mdb. | 7.5 |
| 2007-01-09 | CVE-2007-0152 | Information Disclosure vulnerability in Ohhasp OhhASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/OhhASP.mdb. | 7.5 |
| 2007-01-09 | CVE-2007-0151 | Information Disclosure vulnerability in Mitisoft MitiSoft stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for access_MS/MitiSoft.mdb. | 7.5 |
| 2007-01-09 | CVE-2007-0150 | Remote Security vulnerability in Dayfox Designs Dayfox Blog 4 Multiple PHP remote file inclusion vulnerabilities in index.php in Dayfox Blog allow remote attackers to execute arbitrary PHP code via a URL in the (1) page, (2) subject, and (3) q parameters. | 7.5 |
| 2007-01-09 | CVE-2007-0149 | Information Disclosure vulnerability in Ememberspro 1.0 EMembersPro 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for users.mdb. | 7.5 |
| 2007-01-09 | CVE-2007-0145 | Remote Security vulnerability in Bingo News Bingo News 3.01 PHP remote file inclusion vulnerability in bn_smrep1.php in BinGoPHP News (BP News) 3.01 allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter, a different vector than CVE-2006-4648 and CVE-2006-4649. | 7.5 |
| 2007-01-09 | CVE-2007-0142 | SQL Injection vulnerability in Shopstorenow E-commerce Shopping Cart Orange.ASP SQL injection vulnerability in orange.asp in ShopStoreNow E-commerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the CatID parameter. | 7.5 |
| 2007-01-09 | CVE-2007-0140 | SQL Injection vulnerability in Kolayindir Download Down.ASP SQL injection vulnerability in down.asp in Kolayindir Download (Yenionline) allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2007-01-09 | CVE-2007-0139 | Remote Security vulnerability in HP Openvms 7.3/7.32 Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in DECnet/OSI 7.3-2 for OpenVMS ALPHA, and the DECnet-Plus 7.3 feature in DECnet/OSI 7.3 for OpenVMS VAX, allows attackers to obtain "unintended privileged access to data and system resources" via unspecified vectors, related to (1) [SYSEXE]CTF$UI.EXE, (2) [SYSMSG]CTF$MESSAGES.EXE, (3) [SYSHLP]CTF$HELP.HLB, and (4) [SYSMGR]CTF$STARTUP.COM. | 7.5 |