Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1502 | 1 Rhapsody Irc | 1 Rhapsody Irc | 2018-10-16 | 6.8 MEDIUM | N/A |
| Multiple buffer overflows in Rhapsody IRC 0.28b allow remote attackers to execute arbitrary code via a (1) long command, (2) long server argument to the (a) connect or (b) server commands, (3) long nick argument to the (c) nick command, or a long (4) nick or (5) message argument to the (d) ctcp, (e) chat, (f) notice, (g) message (msg), or (h) query commands. | |||||
| CVE-2007-1503 | 1 Rhapsody Irc | 1 Rhapsody Irc | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in comm.c in Rhapsody IRC 0.28b allow remote attackers to execute arbitrary code via format string specifiers to the create_ctcp_message function using the message argument to the (1) me or (2) ctcp commands, and possibly related vectors involving the (3) whois, (4) mode, and (5) topic commands. | |||||
| CVE-2007-1506 | 1 Oracle | 1 Application Server Portal | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_warning_screen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the (1) p_oldurl and (2) p_newurl parameters. | |||||
| CVE-2007-1508 | 1 Jbmc Software | 1 Directadmin | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAdmin allows remote attackers to inject arbitrary web script or HTML via the RESULT parameter, a different vector than CVE-2006-5983. | |||||
| CVE-2007-1509 | 1 Holtstraeter | 1 Rot 13 | 2018-10-16 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in enkrypt.php in Sascha Schroeder krypt (aka Holtstraeter Rot 13) allows remote attackers to read arbitrary files via a .. (dot dot) in the datei parameter. | |||||
| CVE-2007-1510 | 1 Particle Blogger | 1 Particle Blogger | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in post.php in Particle Blogger 1.0.0 through 1.2.0 allows remote attackers to execute arbitrary SQL commands via the postid parameter. | |||||
| CVE-2007-1439 | 1 Bitesser | 1 Mysql Commander | 2018-10-16 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in ressourcen/dbopen.php in bitesser MySQL Commander 2.7 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the home parameter. | |||||
| CVE-2007-1232 | 1 Sqlite Manager | 1 Sqlite Manager | 2018-10-16 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in SQLiteManager 1.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in a SQLiteManager_currentTheme cookie. | |||||
| CVE-2007-1254 | 1 Connectix | 1 Connectix Boards | 2018-10-16 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in part.userprofile.php in Connectix Boards 0.7 and earlier allows remote authenticated users to execute arbitrary SQL commands and obtain privileges via the p_skin parameter to index.php. | |||||
| CVE-2007-1326 | 1 Serendipity | 1 Serendipity | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[multiCat][] parameter. | |||||
| CVE-2007-1264 | 1 Enigmail | 1 Enigmail | 2018-10-16 | 5.0 MEDIUM | N/A |
| Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | |||||
| CVE-2007-1305 | 1 Savas Place | 1 Savas Guestbook | 2018-10-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in add2.php in Sava's Guestbook 23.11.2006 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) country, (3) email, and (4) website parameters. | |||||
| CVE-2007-1203 | 1 Microsoft | 2 Excel, Excel Viewer | 2018-10-16 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption. | |||||
| CVE-2007-1332 | 1 Tks Banking Solutions | 1 Eportfolio | 2018-10-16 | 9.3 HIGH | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java allow remote attackers to perform unspecified restricted actions in the context of certain accounts by bypassing the client-side protection scheme. | |||||
| CVE-2007-1263 | 2 Gnu, Gnupg | 2 Gpgme, Gnupg | 2018-10-16 | 5.0 MEDIUM | N/A |
| GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection. | |||||
| CVE-2007-1205 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2018-10-16 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption. | |||||
| CVE-2007-1293 | 1 Rigter Portal System | 1 Rigter Portal System | 2018-10-16 | 5.8 MEDIUM | N/A |
| SQL injection vulnerability in Rigter Portal System (RPS) 6.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the categoria parameter to the top-level URI (index.php), possibly related to ver_descarga.php. | |||||
| CVE-2007-1291 | 1 Tyger | 1 Bug Tracking System | 2018-10-16 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Tyger Bug Tracking System (TygerBT) 1.1.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) Login.php and (2) Register.php. | |||||
| CVE-2007-1244 | 1 Wordpress | 1 Wordpress | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks and steal cookies via the post parameter. | |||||
| CVE-2007-1212 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Vista and 1 more | 2018-10-16 | 6.6 MEDIUM | N/A |
| Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via a crafted Enhanced Metafile (EMF) image format file. | |||||
| CVE-2007-1236 | 1 Sitex | 1 Sitex | 2018-10-16 | 6.4 MEDIUM | N/A |
| sitex allows remote attackers to obtain sensitive information via a request with a numerical value for the (1) sxMonth[] or (2) sxYear[] parameter to calendar.php, or the (3) page[] parameter to calendar_events.php, which reveals the path in various error messages. | |||||
| CVE-2007-1239 | 1 Microsoft | 1 Excel | 2018-10-16 | 4.3 MEDIUM | N/A |
| Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference. | |||||
| CVE-2007-1170 | 1 Simbin | 4 Gt Legends, Gtr - Fia Get Racing Game, Gtr 2 and 1 more | 2018-10-16 | 5.0 MEDIUM | N/A |
| SimBin GTR - FIA GT Racing Game 1.5.0.0 and earlier, GT Legends 1.1.0.0 and earlier, GTR 2 1.1 and earlier, and RACE - The WTCC Game 1.0 and earlier allow remote attackers to cause a denial of service (client disconnection) via an empty UDP packet to the server port. | |||||
| CVE-2007-1337 | 1 Vmware | 1 Workstation | 2018-10-16 | 7.8 HIGH | N/A |
| The virtual machine process (VMX) in VMware Workstation before 5.5.4 does not properly read state information when moving from the ACPI sleep state to the run state, which allows attackers to cause a denial of service (virtual machine reboot) via unknown vectors. | |||||
| CVE-2007-1328 | 1 Bernard Joly | 1 Bj Webring | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in formulaire.php in Bernard JOLY BJ Webring allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter related to the add link menu. | |||||
| CVE-2007-1255 | 1 Connectix | 1 Connectix Boards | 2018-10-16 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated administrators to execute arbitrary PHP code by uploading a crafted GIF smiley image with a .php extension via the uploadimage parameter to admin.php, which can be later accessed via a direct request for the file in smileys/. NOTE: this can be leveraged with a separate SQL injection issue for remote unauthenticated attacks. | |||||
| CVE-2007-1289 | 1 Tyger | 1 Bug Tracking System | 2018-10-16 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in ViewBugs.php in Tyger Bug Tracking System (TygerBT) 1.1.3 allows remote attackers to execute arbitrary SQL commands via the s parameter. | |||||
| CVE-2007-1288 | 1 Webmobo | 1 Wbnews | 2018-10-16 | 10.0 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News 1.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) comment.php, (2) themes.php, (3) directory.php, and (4) sendmsg.php in admin/. | |||||
| CVE-2007-1267 | 1 Sylpheed | 1 Sylpheed | 2018-10-16 | 5.0 MEDIUM | N/A |
| Sylpheed 2.2.7 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Sylpheed from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | |||||
| CVE-2007-1329 | 2 Ledgersmb, Sql-ledger | 2 Ledgersmb, Sql-ledger | 2018-10-16 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting functions that filter these strings and collapse into .. (dot dot) sequences. | |||||
| CVE-2007-1226 | 1 Mcafee | 1 Virex | 2018-10-16 | 4.1 MEDIUM | N/A |
| McAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak permissions (0666) for /Library/Application Support/Virex/VShieldExclude.txt, which allows local users to reconfigure Virex to skip scanning of arbitrary files. | |||||
| CVE-2007-1221 | 1 Microsoft | 1 Xbox 360 | 2018-10-16 | 7.2 HIGH | N/A |
| The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows attackers with physical access to force execution of the hypervisor syscall with a certain register set, which bypasses intended code protection. | |||||
| CVE-2007-1286 | 1 Php | 1 Php | 2018-10-16 | 6.8 MEDIUM | N/A |
| Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter. | |||||
| CVE-2007-1268 | 1 Mutt | 1 Mutt | 2018-10-16 | 5.0 MEDIUM | N/A |
| Mutt 1.5.13 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Mutt from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | |||||
| CVE-2007-1213 | 1 Microsoft | 1 Windows 2000 | 2018-10-16 | 7.2 HIGH | N/A |
| The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer. | |||||
| CVE-2007-1280 | 2 Adobe, Microsoft | 3 Robohelp, Robohelp Server, All Windows | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5, 6, and Server 6 allows remote attackers to inject arbitrary web script or HTML via a URL after a # (hash) in the URL path, as demonstrated using en/frameset-7.html, and possibly other unspecified vectors involving templates and (1) whstart.js and (2) whcsh_home.htm in WebHelp, (3) wf_startpage.js and (4) wf_startqs.htm in FlashHelp, or (5) WindowManager.dll in RoboHelp Server 6. | |||||
| CVE-2007-1269 | 1 Gnu | 1 Gnumail | 2018-10-16 | 5.0 MEDIUM | N/A |
| GNUMail 1.1.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents GNUMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | |||||
| CVE-2007-1266 | 1 Gnome | 1 Evolution | 2018-10-16 | 5.0 MEDIUM | N/A |
| Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | |||||
| CVE-2007-1304 | 1 Savas Place | 1 Savas Guestbook | 2018-10-16 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in add2.php in Sava's Guestbook 23.11.2006, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) country, (3) email, (4) website, and (5) message parameters. | |||||
| CVE-2007-1220 | 1 Microsoft | 1 Xbox 360 | 2018-10-16 | 6.2 MEDIUM | N/A |
| The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not properly verify the parameters passed to the syscall dispatcher, which allows attackers with physical access to bypass code-signing requirements and execute arbitrary code. | |||||
| CVE-2007-1215 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Vista and 1 more | 2018-10-16 | 7.2 HIGH | N/A |
| Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via certain "color-related parameters" in crafted images. | |||||
| CVE-2007-1330 | 1 Comodo | 1 Comodo Firewall Pro | 2018-10-16 | 4.4 MEDIUM | N/A |
| Comodo Firewall Pro (CFP) (formerly Comodo Personal Firewall) 2.4.18.184 and earlier allows local users to bypass driver protections on the HKLM\SYSTEM\Software\Comodo\Personal Firewall registry key by guessing the name of a named pipe under \Device\NamedPipe\OLE and attempting to open it multiple times. | |||||
| CVE-2007-1172 | 1 Nukescripts | 1 Nukesentinel | 2018-10-16 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the "File Disclosure Exploit." | |||||
| CVE-2007-1331 | 1 Tks Banking Solutions | 1 Eportfolio | 2018-10-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java allow remote attackers to inject arbitrary web script or HTML via unspecified vectors that bypass the client-side protection scheme, one of which may be the q parameter to the search program. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-1303 | 1 Rrdbrowse | 1 Rrdbrowse | 2018-10-16 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in rb.cgi in RRDBrowse 1.6 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2007-1265 | 1 Kde | 1 K-mail | 2018-10-16 | 7.8 HIGH | N/A |
| KMail 1.9.5 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents KMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | |||||
| CVE-2007-1129 | 1 Mtcms | 1 Mtcms | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow remote attackers to upload and execute files via (1) an avatar upload in an add_down action, or (2) an add_link action. | |||||
| CVE-2007-1048 | 1 Phpbb Wordsearch | 1 Phpbb Wordsearch | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin_rebuild_search.php in phpbb_wordsearch allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-1090 | 1 Microsoft | 3 Windows 2003 Server, Windows Explorer, Windows Xp | 2018-10-16 | 7.1 HIGH | N/A |
| Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder. | |||||
| CVE-2007-1030 | 1 Niels Provos | 1 Libevent | 2018-10-16 | 7.8 HIGH | N/A |
| Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a denial of service (infinite loop) via a DNS response containing a label pointer that references its own offset. | |||||