Primary Vendor -- Product | Description | | CVSS Score | Source & Patch Info | | The administrator HTTP interface in Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and Station 7936 3.3(12) and earlier, allows remote attackers to bypass authentication controls via a direct URL request. | | 7.0 | CVE-2007-1062 CISCO FRSIRT
| AbleDesign -- MyCalendar
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in AbleDesign MyCalendar allow remote attackers to inject arbitrary web script or HTML via (1) the go parameter, (2) the search menu in a go=search action, or (3) the username or (4) the password in a go=Login action. | | 7.0 | CVE-2007-1050 BUGTRAQ OTHER-REF
| Aktueldownload -- Aktueldownload Haber Script
| SQL injection vulnerability in HaberDetay.asp in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via the id parameter. | | 10.0 | CVE-2007-1015 MILW0RM FRSIRT XF
| Aktueldownload -- Aktueldownload Haber Script
| SQL injection vulnerability in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via certain vectors related to the HaberDetay.asp and rss.asp components, and the id and kid parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the combination of the HaberDetay.asp component and the id parameter is already covered by another February 2007 CVE candidate. | | 7.0 | CVE-2007-1016 FRSIRT
| Apple -- iChat
| The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows remote attackers to cause a denial of service (persistent application crash) via unspecified vectors, possibly related to CVE-2007-0614. | | 7.0 | CVE-2007-0710 OTHER-REF APPLE SECUNIA
| Apple -- Mac OS X Server Apple -- Mac OS X
| Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image that triggers the overflow during decompression. NOTE: this is a different issue than CVE-2006-3502 and CVE-2006-3503. | | 10.0 | CVE-2007-1071 OTHER-REF BID
| ASPcode.net -- Pollmentor
| SQL injection vulnerability in pollmentorres.asp in PollMentor 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | | 7.0 | CVE-2007-0984 milw0rm BID
| CedStat -- CedStat
| Cross-site scripting (XSS) vulnerability in index.php in CedStat 1.31 allows remote attackers to inject arbitrary web script or HTML via the hier parameter. | | 7.0 | CVE-2007-1020 BUGTRAQ OTHER-REF BID XF
| Cisco -- Unified IP Conference Station 7935 Cisco -- Unified IP Phone 7911G Cisco -- Unified IP Conference Station 7936 Cisco -- Unified IP Phone 7906G Cisco -- Unified IP Phone 7970G Cisco -- Unified IP Phone 7971G Cisco -- Unified IP Phone 7941G Cisco -- Unified IP Phone 7961G
| The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device. | | 10.0 | CVE-2007-1063 CISCO FRSIRT
| Cisco -- Unified IP Phone 7911G Cisco -- Unified IP Phone 7906G Cisco -- Unified IP Phone 7970G Cisco -- Unified IP Phone 7971G Cisco -- Unified IP Phone 7961G Cisco -- Unified IP Phone 7941G
| The command line interface (CLI) in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier allows local users to obtain privileges or cause a denial of service via unspecified vectors. NOTE: this issue can be leveraged remotely via CVE-2007-1063. | | 7.0 | CVE-2007-1072 CISCO CISCO SECUNIA
| CodeAvalanche -- CodeAvalanche News
| SQL injection vulnerability in inc_listnews.asp in CodeAvalanche News 1.x allows remote attackers to execute arbitrary SQL commands via the CAT_ID parameter. | | 10.0 | CVE-2007-1021 MILW0RM BID FRSIRT XF
| Design4Online -- UserPages2
| SQL injection vulnerability in page.asp in Design4Online UserPages2 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 7.0 | CVE-2007-1077 BID
| Distributed Checksum ClearingHouse -- DCC
| Unspecified vulnerability in Distributed Checksum Clearinghouse (DCC) before 1.3.51 allows remote attackers to delete or add hosts in /var/dcc/maps. | | 7.0 | CVE-2007-1047 OTHER-REF BID FRSIRT SECUNIA
| DJI -- NewsBin Pro
| Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x allow user-assisted remote attackers to execute arbitrary code via a long (1) DataPath or (2) DownloadPath attributed in a (a) NBI file, or (3) a long group field in a (b) NZB file. | | 8.0 | CVE-2007-1074 MILW0RM BID SECUNIA XF
| Ekiga -- Ekiga
| Multiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors. | | 10.0 | CVE-2007-1006 SECUNIA
| Ezboo -- Webstats
| Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php. | | 7.0 | CVE-2007-1043 BUGTRAQ OTHER-REF BID XF
| FlashGameScript -- FlashGameScript
| PHP remote file inclusion vulnerability in index.php in FlashGameScript 1.5.4 allows remote attackers to execute arbitrary PHP code via a URL in the func parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 10.0 | CVE-2007-1078 BID
| JBoss -- JBoss Application Server
| The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests. | | 10.0 | CVE-2007-1036 BUGTRAQ BUGTRAQ BUGTRAQ CERT-VN
| Jupiter CMS -- Jupiter CMS
| PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5, when PHP 5.0.0 or later is used, allows remote attackers to execute arbitrary PHP code via an ftp URL in the n parameter. | | 8.0 | CVE-2007-0986 BUGTRAQ BUGTRAQ OTHER-REF OTHER-REF Milw0rm BID
| Jupiter CMS -- Jupiter CMS
| Directory traversal vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot), or an absolute pathname, in the n parameter. | | 7.0 | CVE-2007-0987 BUGTRAQ BUGTRAQ OTHER-REF OTHER-REF OTHER-REF BID
| mAlbum -- mAlbum
| mAlbum 0.3 has default accunts (1) "login"/"pass" for its administrative account and (2) "dqsfg"/"sdfg", which allows remote attackers to gain privileges. | | 10.0 | CVE-2007-1045 BUGTRAQ OTHER-REF XF
| Marcello Vitagliano -- Meganoide's News
| PHP remote file inclusion vulnerability in include.php in Meganoide's news 1.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter. | | 10.0 | CVE-2007-1024 BUGTRAQ BID XF
| McRefer -- McRefer
| Static code injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary PHP code via the bgcolor parameter, which is inserted into mcrconf.inc.php. | | 10.0 | CVE-2007-1073 BUGTRAQ
| MediaWiki -- MediaWiki
| Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.9.x before 1.9.0rc2, and 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the rs parameter. NOTE: this issue might be a duplicate of CVE-2007-0177. | | 7.0 | CVE-2007-1055 BUGTRAQ OTHER-REF OTHER-REF
| Meetinghouse -- AEGIS SecureConnect Client Cisco -- Trust Agent Cisco -- Security Agent Cisco -- Secure Services Client
| Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1, and the Meetinghouse AEGIS SecureConnect Client do not properly parse commands, which allows local users to gain privileges via unspecified vectors, aka CSCsh30624. | | 7.0 | CVE-2007-1067 CISCO
| Microsoft -- Internet Explorer
| Stack-based buffer overflow in News File Grabber 4.1.0.1 and earlier allows remote attackers to execute arbitrary code via a .nzb file with a long subject field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 8.0 | CVE-2007-1037 BID FRSIRT
| Online Web Building -- Online Web Building
| SQL injection vulnerability in user_pages/page.asp in Online Web Building 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter. | | 7.0 | CVE-2007-1058 MILW0RM FRSIRT SECUNIA
| PBLang -- PBLang
| ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in PBLang (PBL) 4.60 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the dbpath parameter, a different vector than CVE-2006-5062. NOTE: this issue has been disputed by a reliable third party for 4.65, stating that the dbpath variable is initialized in an included file that is created upon installation. | | 10.0 | CVE-2007-1052 BUGTRAQ VIM
| PHP-Nuke -- PHP-Nuke Emporium Module
| SQL injection vulnerability in modules.php in the Emporium 2.3.0 and earlier module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | | 7.0 | CVE-2007-1034 MILW0RM BID
| phpbb_wordsearch -- phpbb_wordsearch
| PHP remote file inclusion vulnerability in admin_rebuild_search.php in phpbb_wordsearch allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | | 7.0 | CVE-2007-1048 BUGTRAQ XF
| phpCC -- phpCC
| SQL injection vulnerability in nickpage.php in phpCC 4.2 beta and earlier allows remote attackers to execute arbitrary SQL commands via the npid parameter in a sign_gb action. | | 7.0 | CVE-2007-0985 Milw0rm BID
| phpTrafficA -- phpTrafficA
| Multiple directory traversal vulnerabilities in phpTrafficA 1.4.1, and possibly earlier, allow remote attackers to include arbitrary local files via a .. (dot dot) in the (1) file parameter to plotStat.php and the (2) lang parameter to banref.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 7.0 | CVE-2007-1076 BID SECUNIA
| Quicksoft -- EasyMail Objects
| Stack-based buffer overflow in the Connect method in the IMAP4 component in Quiksoft EasyMail Objects before 6.5 allows remote attackers to execute arbitrary code via a long host name. | | 10.0 | CVE-2007-1029 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF
| Red Hat -- Red Hat Enterprise Linux AS Red Hat -- Red Hat Enterprise Linux ES Red Hat -- Red Hat Enterprise Linux WS Ekiga -- Ekiga Red Hat -- Red Hat Desktop
| Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function. | | 10.0 | CVE-2007-1007 OTHER-REF REDHAT SECUNIA
| S&H Computer Systems -- News Rover
| Multiple stack-based buffer overflows in S&H Computer Systems News Rover 12.1 Rev 1 allow remote attackers to execute arbitrary code via a .nzb file with a long (1) group or (2) subject string. | | 8.0 | CVE-2007-1041 MILW0RM BID FRSIRT SECUNIA
| Sangwan Kim -- Bookmark4U
| SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and 2.1 allows remote attackers to inject arbitrary SQL command via the sqlcmd parameter. | | 7.0 | CVE-2006-7025 FULLDISC VIM FRSIRT OSVDB SECUNIA XF
| ScriptDungeon -- XLAtunes
| SQL injection vulnerability in view.php in XLAtunes 0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in view mode. NOTE: some of these details are obtained from third party information. | | 7.0 | CVE-2007-1026 MILW0RM BID FRSIRT
| Snitz Communications -- Snitz Forums 2000
| SQL injection vulnerability in pop_profile.asp in Snitz Forums 2000 3.1 SR4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | | 7.0 | CVE-2007-1023 MILW0RM BID XF
| Snort -- Snort
| Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic. | | 10.0 | CVE-2006-5276 ISS OTHER-REF CERT XF
| Symantec -- Automated Support Assistant Symantec -- Norton Internet Security SupportSoft -- SmartIssue Symantec -- Norton System Works Symantec -- Norton Antivirus SupportSoft -- ScriptRunner
| Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message. | | 10.0 | CVE-2006-6490 IDEFENSE OTHER-REF CERT-VN
| Trend Micro -- Client/Server/Messaging Security Trend Micro -- OfficeScan Corporate Edition
| Multiple buffer overflows in the Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX control in OfficeScanSetupINI.dll, as used in OfficeScan 7.0 before Build 1344, OfficeScan 7.3 before Build 1241, and Client / Server / Messaging Security 3.0 before Build 1197, allow remote attackers to execute arbitrary code via a crafted HTML document. | | 8.0 | CVE-2007-0325 OTHER-REF OTHER-REF CERT-VN BID FRSIRT SECTRACK SECUNIA
| Trend Micro -- ServerProtect
| Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll. | | 10.0 | CVE-2007-1070 OTHER-REF OTHER-REF OTHER-REF OTHER-REF
| Turuncu Portal -- Turuncu Portal
| SQL injection vulnerability in h_goster.asp in Turuncu Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 7.0 | CVE-2007-1022 BID SECUNIA
| TYPO3 -- TYPO3
| The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. NOTE: some details were obtained from third party information. | | 7.0 | CVE-2007-1081 OTHER-REF FRSIRT
| VicFTPS -- VicFTPS
| Stack-based buffer overflow in VicFTPS before 5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long CWD command. | | 10.0 | CVE-2007-1014 MILW0RM OTHER-REF BID FRSIRT SECUNIA
| VirtualSystem -- Htaccess Passwort Generator
| PHP remote file inclusion vulnerability in generate.php in VirtualSystem Htaccess Passwort Generator 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the ht_pfad parameter. | | 10.0 | CVE-2007-1013 MILW0RM BID FRSIRT
| VirtualSystem -- VS-News-System
| PHP remote file inclusion vulnerability in show_news_inc.php in VirtualSystem VS-News-System 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the newsordner parameter. | | 8.0 | CVE-2007-1017 MILW0RM BID SECUNIA XF
| VirtualSystem -- VS-News-System
| PHP remote file inclusion vulnerability in tpl/header.php in VirtualSystem VS-News-System 1.2.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the newsordner parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 8.0 | CVE-2007-1018 SECUNIA
| VirtualSystem -- VS-Link-Partner
| PHP remote file inclusion vulnerability in inc/functions_inc.php in VS-Link-Partner 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gb_pfad, or possibly script_pfad, parameter. | | 7.0 | CVE-2007-1025 MILW0RM BID FRSIRT XF
| VMWare -- VMWare Workstation
| VMware Workstation 5.5.3 build 34685 does not provide per-user restrictions on certain privileged actions, which allows local users to perform restricted operations such as changing system time, accessing hardware components, and stop the "VMware tools service" service. NOTE: exploitation is simplified via (1) weak file permisssions (Users = Read & Execute) for %PROGRAMFILES%\VMware; and weak registry key permissions (access by Users) for (2) vmmouse, (3) vmscsi, (4) VMTools, (5) vmx_svga, and (6) vmxnet in HKLM\SYSTEM\CurrentControlSet\Services\; which allows local users to perform various privileged actions outside of the guest OS by executing certain files under %PROGRAMFILES%\VMware\VMware Tools, as demonstrated by (a) VMControlPanel.cpl and (b) vmwareservice.exe. | | 7.0 | CVE-2007-1056 BUGTRAQ
| VS-Gastebuch -- VS-Gastebuch
| PHP remote file inclusion vulnerability in functions_inc.php in VS-Gastebuch 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gb_pfad parameter. | | 7.0 | CVE-2007-1011 OTHER-REF BID FRSIRT SECUNIA
| Warped Systems -- phpXmms
| ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in phpXmms 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the tcmdp parameter to (1) phpxmmsb.php or (2) phpxmmst.php. NOTE: this issue has been disputed by a reliable third party, stating that the tcmdp variable is initialized by config.php. | | 10.0 | CVE-2007-1053 BUGTRAQ VIM
| Xpression News -- Xpression News
| Directory traversal vulnerability in archives.php in Xpression News (X-News) 1.0.1 allows remote attackers to include arbitrary files or obtain sensitive information via a .. (dot dot) in the xnews-template parameter. | | 7.0 | CVE-2007-1040 MILW0RM BID FRSIRT SECUNIA XF
| Xpression News -- Xpression News
| Directory traversal vulnerability in news.php in Xpression News (X-News) 1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to include arbitrary files or obtain sensitive information via a .. (dot dot) in the xnews-template parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 8.0 | CVE-2007-1042 SECUNIA XF
|