Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3376 | 2 Apple, Microsoft | 2 Safari, Windows Xp | 2017-07-29 | 9.3 HIGH | N/A |
| Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long value in the title HTML tag, which triggers the overflow when the user adds the page as a bookmark. | |||||
| CVE-2007-3411 | 1 Clicktech | 1 Clickgallery | 2017-07-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in edit_image.asp in ClickGallery Server 5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the image_id parameter. | |||||
| CVE-2007-3412 | 1 Clicktech | 1 Clickgallery | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in edit_image.asp in ClickGallery Server 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. | |||||
| CVE-2007-3413 | 1 Bitego | 1 Bosdatagrid | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in bosDataGrid 2.50 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) GridSearch, (2) gsearch, or (3) ParentID parameter to an unspecified component. | |||||
| CVE-2007-3414 | 1 Access2asp | 1 Access2asp | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in access2asp 4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) od and (2) search parameters to (a) suppliersList.asp and (b) contactsList.asp. | |||||
| CVE-2007-3445 | 3 Microsoft, Securecomputing, Sj Labs | 3 Windows Mobile, Sch I730 Phone, Sjphone | 2017-07-29 | 4.3 MEDIUM | N/A |
| Buffer overflow in SJ Labs SJphone 1.60.303c, running under Windows Mobile 2003 on the Samsung SCH-i730 phone, allows remote attackers to cause a denial of service (device hang and call termination) via a malformed SIP INVITE message, a different vulnerability than CVE-2007-3351. | |||||
| CVE-2007-3436 | 1 Microsoft | 2 Msn Messenger, Windows Xp | 2017-07-29 | 5.0 MEDIUM | N/A |
| Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to cause a denial of service (resource consumption) via a flood of SIP INVITE requests to the port specified for voice conversation. | |||||
| CVE-2007-3437 | 2 Aol, Microsoft | 2 Instant Messenger, Windows Xp | 2017-07-29 | 7.8 HIGH | N/A |
| AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application crash) via a malformed header value in a SIP INVITE message, a different vulnerability than CVE-2007-3350. | |||||
| CVE-2007-3441 | 1 Aastra Telecom | 1 9112i Sip Phone | 2017-07-29 | 5.0 MEDIUM | N/A |
| Format string vulnerability in the Aastra 9112i SIP Phone with firmware 1.4.0.1048 and boot version 1.1.0.10 allows remote attackers to cause a denial of service (blocked call reception and slow calling) via format string specifiers in an SDP header value, a different vulnerability than CVE-2007-3349. | |||||
| CVE-2007-3442 | 1 Research In Motion Limited | 1 Blackberry 7270 | 2017-07-29 | 2.3 LOW | N/A |
| Format string vulnerability on the Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 allows remote attackers to cause a denial of service (blocked call reception and calling) via format string specifiers in an SIP INVITE message that lacks a host name in the Contact header. | |||||
| CVE-2007-3443 | 1 Research In Motion Limited | 1 Blackberry 7270 | 2017-07-29 | 2.3 LOW | N/A |
| The Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 does not properly manage transaction states, which allows remote attackers to cause a denial of service (temporary device hang) by sending a certain SIP INVITE message, but not providing an ACK when the call is answered. | |||||
| CVE-2007-3483 | 1 Rim | 1 Blackberry Enterprise Server | 2017-07-29 | 10.0 HIGH | N/A |
| Research in Motion BlackBerry Enterprise Server 4.0 through 4.1 has a default configuration that permits installation of arbitrary third-party applications on BlackBerry devices, which might facilitate loading of malware. | |||||
| CVE-2007-3498 | 1 Htmlpurifier | 1 Htmlpurifier | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in smoketests/configForm.php in HTML Purifier before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "unescaped print_r output." | |||||
| CVE-2007-3501 | 1 Directadmin | 1 Directadmin | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAdmin 1.30.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a different vector than CVE-2007-1508. | |||||
| CVE-2007-3502 | 1 Kaspersky Lab | 1 Kaspersky Anti-spam | 2017-07-29 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the web-based product configuration system in Kaspersky Anti-Spam before 3.0 MP1 allows remote attackers to obtain access to certain directories. | |||||
| CVE-2007-3509 | 1 Symantec | 1 Veritas Backup Exec | 2017-07-29 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exec for Windows Servers 10.0, 10d, and 11d allows remote attackers to cause a denial of service (process exit) and possibly execute arbitrary code via crafted ncacn_ip_tcp requests. | |||||
| CVE-2007-3512 | 1 Wakwak | 1 Lhaca File Archiver | 2017-07-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Lhaca File Archiver before 1.22 allows user-assisted remote attackers to execute arbitrary code via a large LHA "Extended Header Size" value in an LZH archive, a different issue than CVE-2007-3375. | |||||
| CVE-2007-3525 | 1 Ripe Website Manager | 1 Ripe Website Manager | 2017-07-29 | 7.8 HIGH | N/A |
| Ripe Website Manager 0.8.9 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-3531 | 1 Gentoo | 2 Linux, Nvclock | 2017-07-29 | 6.6 MEDIUM | N/A |
| The set_default_speeds function in backend/backend.c in NVidia NVClock before 0.8b2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvclock temporary file. | |||||
| CVE-2007-3533 | 1 3com | 1 3cnj220 | 2017-07-29 | 5.0 MEDIUM | N/A |
| The 3Com IntelliJack Switch NJ220 before 2.0.23 allows remote attackers to cause a denial of service (reboot and reporting outage) via a loopback packet with zero in the length field. | |||||
| CVE-2007-3537 | 1 Ibm | 1 Os 400 | 2017-07-29 | 7.8 HIGH | N/A |
| IBM OS/400 (aka i5/OS) V4R2M0 through V5R3M0 on iSeries machines sends responses to TCP SYN-FIN packets, which allows remote attackers to obtain system information and possibly bypass firewall rules. | |||||
| CVE-2007-3538 | 1 Qt-cute | 1 Quicktalk Guestbook | 2017-07-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in qtg_msg_view.php in QuickTalk guestbook 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-3541 | 1 Kurinton | 1 Shttpd | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Kurinton sHTTPd 20070408 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-3546 | 1 Nessus | 1 Nessus | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Windows GUI in Nessus Vulnerability Scanner before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-3572 | 1 Yoggie | 2 Pico, Pico Pro | 2017-07-29 | 9.3 HIGH | N/A |
| Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in the web interface on the Yoggie Pico and Pico Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the param parameter, as demonstrated by URL encoded "`" (backtick) characters (%60 sequences). | |||||
| CVE-2007-3552 | 1 Bbs100 | 1 Bbs100 | 2017-07-29 | 7.8 HIGH | N/A |
| Multiple unspecified vulnerabilities in bbs100 before 3.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving certain v*printf and shift_StringIO functions. NOTE: some details were obtained from third party information. | |||||
| CVE-2007-3553 | 1 Oracle | 2 Application Server, Rapid Install Web Server | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Rapid Install Web Server in Oracle Application Server 11i allows remote attackers to inject arbitrary web script or HTML via a URL to the "Secondary Login Page", as demonstrated using (1) pls/ and (2) pls/MSBEP004/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-3559 | 1 Php-fusion | 1 Php-fusion | 2017-07-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or HTML via the URI, related to the FUSION_QUERY constant. | |||||
| CVE-2007-3560 | 1 Esqlanelapse | 1 Esqlanelapse | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Esqlanelapse before 2.6 have unknown impact and attack vectors. | |||||
| CVE-2007-3561 | 1 Webixir | 1 Efendy Blog | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ara.asp in Efendy Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the ara parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-3564 | 1 Libcurl | 1 Libcurl | 2017-07-29 | 7.5 HIGH | N/A |
| libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions. | |||||
| CVE-2007-3568 | 1 Imlib | 1 Imlib | 2017-07-29 | 5.0 MEDIUM | N/A |
| The _LoadBMP function in imlib 1.9.15 and earlier allows context-dependent attackers to cause a denial of service (infinite loop) via a BMP image with a Bits Per Page (BPP) value of 0. | |||||
| CVE-2007-3571 | 1 Novell | 2 Groupwise, Netware | 2017-07-29 | 4.3 MEDIUM | N/A |
| The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address. | |||||
| CVE-2007-3577 | 1 Phpids | 1 Phpids | 2017-07-29 | 4.3 MEDIUM | N/A |
| PHPIDS before 20070703 does not properly handle use of the substr method in (1) document.location.search and (2) document.referrer; (3) certain use of document.location.hash; (4) certain "window[eval" and similar expressions; (5) certain Function expressions; (6) certain '=' expressions, as demonstrated by a 'whatever="something"' sequence; and (7) certain "with" expressions, which allows remote attackers to inject arbitrary web script. | |||||
| CVE-2007-3578 | 1 Phpids | 1 Phpids | 2017-07-29 | 4.3 MEDIUM | N/A |
| PHPIDS before 20070703 does not properly handle (1) arithmetic expressions and (2) unclosed comments, which allows remote attackers to inject arbitrary web script. | |||||
| CVE-2007-3579 | 1 Phpids | 1 Phpids | 2017-07-29 | 4.3 MEDIUM | N/A |
| PHPIDS before 20070703 does not properly handle setting the .text property of a SCRIPT element before its attachment to the DOM, which allows remote attackers to inject arbitrary web script. | |||||
| CVE-2007-3580 | 1 Phpids | 1 Phpids | 2017-07-29 | 4.3 MEDIUM | N/A |
| PHPIDS does not properly handle certain code containing newlines, as demonstrated by a try/catch block within a loop, which allows user-assisted remote attackers to inject arbitrary web script. | |||||
| CVE-2007-3591 | 1 Elite Bulletin Board | 1 Elite Bulletin Board | 2017-07-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Profile.php in Elite Bulletin Board before 1.0.10 allows remote attackers to modify profile information via unspecified vectors related to "a remote form," probably related to direct requests and missing authorization checks. | |||||
| CVE-2007-3592 | 1 Elite Bulletin Board | 1 Elite Bulletin Board | 2017-07-29 | 6.5 MEDIUM | N/A |
| PM.php in Elite Bulletin Board before 1.0.10 allows remote authenticated users to delete arbitrary PM messages and conduct other attacks via modified id fields. | |||||
| CVE-2007-3594 | 1 Adventnet | 1 Manageengine Netflow Analyzer | 2017-07-29 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in map/; the (2) reportName, (3) displayName, and (4) selectedNode parameters to (c) reports/ReportViewAction.do; the (5) operation parameter to (d) admin/ServiceConfiguration.do; and the (6) selectedNode and (7) selectedTab parameters to (e) admin/DeviceAssociation.do. NOTE: the searchTerm parameter in Search.do is already covered by CVE-2006-2343. | |||||
| CVE-2007-3596 | 1 Izzysoft | 1 Phpvideopro | 2017-07-29 | 4.3 MEDIUM | N/A |
| inc/vul_check.inc in phpVideoPro before 0.8.8 permits non-alphanumeric characters in the sess_id parameter, which has unknown impact and remote attack vectors, probably cross-site scripting (XSS). | |||||
| CVE-2007-3700 | 1 Sun | 1 Java System Access Manager | 2017-07-29 | 1.7 LOW | N/A |
| Sun Java System Access Manager (formerly Java System Identity Server) before 20070710, when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.properties, logs cleartext login passwords, which allows local users to gain privileges by reading /var/opt/SUNWam/debug/amAuth. | |||||
| CVE-2007-3622 | 1 Alt-n | 1 Mdaemon | 2017-07-29 | 2.6 LOW | N/A |
| Unspecified vulnerability in DomainPOP in Alt-N Technologies MDaemon before 9.61 allows remote attackers to cause a denial of service (crash) via malformed messages. | |||||
| CVE-2007-3623 | 1 Hitachi | 4 Jp1-hicommand Device Manager, Jp1-hicommand Global Link Availability Manager, Jp1-hicommand Replication Monitor and 1 more | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Hitachi JP1/HiCommand Device Manager, Tiered Storage Manager, Replication Monitor, and GlobalLink Availability Manager before 20070528 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. | |||||
| CVE-2007-3624 | 1 Sap | 1 Sap Message Server | 2017-07-29 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the Message HTTP Server in SAP Message Server allows remote attackers to execute arbitrary code via a long string in the group parameter to /msgserver/html/group. | |||||
| CVE-2007-3625 | 1 Citrix | 1 Metaframe Presentation Server | 2017-07-29 | 5.0 MEDIUM | N/A |
| The Program Neighborhood Agent in Citrix Presentation Server Clients for 32-bit Windows before 10.100 allows remote attackers to cause a denial of service (agent exit) via a certain request that uses content redirection and a long pathname. | |||||
| CVE-2007-3629 | 1 Levent Veysi Portal | 1 Levent Veysi Portal | 2017-07-29 | 10.0 HIGH | N/A |
| SQL injection vulnerability in oku.asp in Levent Veysi Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-3641 | 1 Freebsd | 1 Libarchive | 2017-07-29 | 9.3 HIGH | N/A |
| archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow. | |||||
| CVE-2007-3644 | 1 Freebsd | 1 Libarchive | 2017-07-29 | 4.3 MEDIUM | N/A |
| archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (infinite loop) via (1) an end-of-file condition within a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive. | |||||
| CVE-2007-3645 | 1 Freebsd | 1 Libarchive | 2017-07-29 | 4.3 MEDIUM | N/A |
| archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (crash) via (1) an end-of-file condition within a tar header that follows a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive, which results in a NULL pointer dereference, a different issue than CVE-2007-3644. | |||||