Unspecified vulnerability in inotify before 0.3.5 has unknown impact and attack vectors, related to "access rights to watched files." Date published : 2007-01-31 http://www.securityfocus.com/bid/22305 http://inotify.aiken.cz/?section=incron&page=changelog
Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) config[path] parameter to (a) common_foot.php or (b) blogs.php, or (2) the...
Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets. Date published : 2007-01-31 http://www.securityfocus.com/bid/22323 http://www.kb.cert.org/vuls/id/967236
PHP remote file inclusion vulnerability in include/themes/themefunc.php in MyNews 4.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter. Date published : 2007-01-31 http://www.securityfocus.com/bid/22313 https://www.exploit-db.com/exploits/3228
SQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via a username cookie, a different vector than CVE-2007-0560. Date published : 2007-01-31 http://osvdb.org/36634 http://www.vupen.com/english/advisories/2007/0341
SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. Date published : 2007-01-31 http://www.securityfocus.com/bid/22314 https://www.exploit-db.com/exploits/3227
Multiple SQL injection vulnerabilities in the generate_csv function in classes/class.news.php in X-dev xNews 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) from, and (3) q parameters,...
The www_purgeList method in Plain Black WebGUI before 7.3.8 does not properly check user permissions, which allows attackers to delete unauthorized assets. NOTE: some of these details are obtained from third party information. Date...
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the...
Michael Still gtalkbot before 1.2 places username and password arguments on the command line, which allows local users to obtain sensitive information by listing the process. Date published : 2007-01-31 http://www.securityfocus.com/bid/22322 http://www.stillhq.com/gtalkbot/
The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing...
nxconfigure.sh in NoMachine NX Server before 2.1.0-18 does not validate the invoking user, which allows local users to modify server configuration keys in /usr/NX/etc/server.cfg, resulting in an unspecified denial of service. Date published :...
user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the full path via a ‘ (quote) character, and possibly other invalid values, in the uname parameter in a userinfo operation. Date published :...
SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows remote attackers to execute arbitrary SQL commands via the startrow parameter. Date published : 2007-01-31 http://www.securityfocus.com/bid/22293 http://www.securityfocus.com/archive/1/458438/100/0/threaded