Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2950 | 3 Centennial, Numara, Symantec | 3 Discovery, Asset Manager, Discovery | 2017-07-29 | 7.2 HIGH | N/A |
| Centennial Discovery 2006 Feature Pack 1, which is used by (1) Numara Asset Manager 8.0 and (2) Symantec Discovery 6.5, uses insecure permissions on certain directories, which allows local users to gain privileges. | |||||
| CVE-2007-2955 | 1 Symantec | 3 Norton Antivirus, Norton Internet Security, Norton System Works | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple unspecified "input validation error" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006, allows remote attackers to execute arbitrary code via (1) the AnomalyList property to AxSysListView32 and (2) Anomaly property to AxSysListView32OAA. | |||||
| CVE-2007-2948 | 1 Mplayer | 1 Mplayer | 2017-07-29 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in stream/stream_cddb.c in MPlayer before 1.0rc1try3 allow remote attackers to execute arbitrary code via a CDDB entry with a long (1) album title or (2) category. | |||||
| CVE-2007-2965 | 1 F-secure | 7 F-secure Anti-virus, F-secure Anti-virus Client Security, F-secure Anti-virus Linux Client Security and 4 more | 2017-07-29 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the Real-time Scanning component in multiple F-Secure products, including Internet Security 2005, 2006 and 2007; Anti-Virus 2005, 2006 and 2007; and Solutions based on F-Secure Protection Service for Consumers 6.40 and earlier allows local users to gain privileges via a crafted I/O request packet (IRP), related to IOCTL (Input/Output Control) and "access validation of the address space." | |||||
| CVE-2007-2850 | 1 Citrix | 2 Access Essentials, Metaframe | 2017-07-29 | 10.0 HIGH | N/A |
| The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a modified address:port string. | |||||
| CVE-2007-2838 | 2 Debian, Gsambad | 2 Debian Linux, Gsambad | 2017-07-29 | 7.2 HIGH | N/A |
| The populate_conns function in src/populate_conns.c in GSAMBAD 0.1.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gsambadtmp temporary file. | |||||
| CVE-2007-3042 | 1 Meneame | 1 Meneame | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Meneame before 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-2178 | 1 Objective Development | 1 Sharity | 2017-07-29 | 7.8 HIGH | N/A |
| Multiple unspecified vulnerabilities in Objective Development Sharity before 3.3 allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors. | |||||
| CVE-2007-3043 | 1 Hitachi | 3 Groupmax Collaboration Portal, Groupmax Collaboration Web Client, Ucosminexus Collaboration Portal | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Collaboration - File Sharing 01-20 up to 01-20-/B and 01-30 up to 01-30-/B in Hitachi Groupmax Collaboration Portal up to 07-30-/D, Groupmax Collaboration Web Client - Forum/File Sharing up to 07-30-/C, uCosminexus Collaboration Portal up to 06-30-/D, and uCosminexus Collaboration Portal - Forum/File Sharing up to 06-30-/C on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-3044 | 2 Hitachi, Hp | 3 Hi Ux We2, Xp W, Hp-ux | 2017-07-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Map I/O Service (xpwmap) in Hitachi XP/W on HI-UX/WE2 before 20070319, and XP/W on HP-UX before 20070405, allows remote attackers to cause a denial of service via certain data to the service port. | |||||
| CVE-2007-3045 | 2 Hitachi, Hp | 3 Hi Ux We2, Tp1 Net Osi-tp-extended, Hp-ux | 2017-07-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Hitachi TP1/NET/OSI-TP-Extended on HI-UX/WE2 before 20070213, and on HP-UX before 20070314, allows remote attackers to cause a denial of service via certain data to a port. | |||||
| CVE-2007-2173 | 2 Double Precision Incorporated, Gentoo | 2 Courier-imap, Linux | 2017-07-29 | 10.0 HIGH | N/A |
| Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable. | |||||
| CVE-2007-2440 | 1 Caucho Technology | 1 Resin | 2017-07-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to read certain files via a .. (dot dot) in a URI containing a "\web-inf" sequence. | |||||
| CVE-2007-2837 | 2 Debian, Fireflier | 2 Debian Linux, Fireflier | 2017-07-29 | 3.6 LOW | N/A |
| The (1) getRule and (2) getChains functions in server/rules.cpp in fireflierd (fireflier-server) in FireFlier 1.1.6 allow local users to overwrite arbitrary files via a symlink attack on the /tmp/fireflier.rules temporary file. | |||||
| CVE-2007-2168 | 1 Aimstats | 1 Aimstats | 2017-07-29 | 7.5 HIGH | N/A |
| Static code injection vulnerability in process.php in AimStats 3.2 and earlier allows remote attackers to inject PHP code into config.php via the databasehost parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-3048 | 1 Gnu | 1 Screen | 2017-07-29 | 7.2 HIGH | N/A |
| ** DISPUTED ** GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NOTE: multiple third parties report inability to reproduce this issue. | |||||
| CVE-2007-2386 | 1 Apple | 1 Mac Os X | 2017-07-29 | 9.4 HIGH | N/A |
| Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet. | |||||
| CVE-2007-2924 | 1 Realnetworks | 1 Gamehouse | 2017-07-29 | 10.0 HIGH | N/A |
| Multiple buffer overflows in RealNetworks GameHouse dldisplay ActiveX control (ghdlctl.dll) allow remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2007-2923 | 1 Novell | 1 Extend Director | 2017-07-29 | 9.3 HIGH | N/A |
| The launch method in the LocalExec ActiveX control (LocalExec.ocx) in Novell exteNd Director 4.1 and Portal Services allows remote attackers to execute arbitrary commands. | |||||
| CVE-2007-2921 | 1 Corel | 1 Activecgm Browser | 2017-07-29 | 9.3 HIGH | N/A |
| Multiple buffer overflows in acgm.dll in the Corel / Micrografx ActiveCGM Browser ActiveX control before 7.1.4.19 allow remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-2387 | 1 Apple | 1 Xserve Lights-out Management | 2017-07-29 | 10.0 HIGH | N/A |
| Apple Xserve Lights-Out Management before Firmware Update 1.0 on Intel hardware does not require a password for remote access to IPMI, which allows remote attackers to gain administrative access via unspecified requests with ipmitool. | |||||
| CVE-2007-2389 | 2 Apple, Microsoft | 3 Mac Os X, Quicktime, All Windows | 2017-07-29 | 7.1 HIGH | N/A |
| Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets. | |||||
| CVE-2007-3049 | 1 Buttercup Wfm | 1 Buttercup Wfm | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Buttercup web file manager (BWFM) May 2007 allows remote attackers to inject arbitrary web script or HTML via the title parameter. | |||||
| CVE-2007-2920 | 1 Zoomify | 1 Zoomify Viewer Activex Control | 2017-07-29 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in the Zoomify Viewer ActiveX control in ZActiveX.dll might allow remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-2791 | 1 Hp | 1 Tru64 | 2017-07-29 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX 5.1B-4 and 5.1B-3 allows remote attackers to identify valid users via unspecified vectors, probably related to timing attacks and AuthInteractiveFailureRandomTimeout. | |||||
| CVE-2007-2919 | 1 E-book Systems | 1 Flipviewer | 2017-07-29 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in the FViewerLoading ActiveX control (FlipViewerX.dll) in E-Book Systems FlipViewer before 4.1 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via long (1) UID, (2) Opf, (3) PAGENO, (4) LaunchMode, (5) SubID, (6) BookID, (7) LibraryID, (8) SubURL, and (9) LoadOpf properties. | |||||
| CVE-2007-2390 | 1 Apple | 1 Mac Os X | 2017-07-29 | 10.0 HIGH | N/A |
| Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet. | |||||
| CVE-2007-2165 | 1 Proftpd Project | 1 Proftpd | 2017-07-29 | 5.1 MEDIUM | N/A |
| The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd. | |||||
| CVE-2007-3054 | 1 Codelib | 1 Linker | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the kword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2409 | 1 Apple | 3 Mac Os X, Mac Os X Server, Webcore | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-domain vulnerability in WebCore on Apple Mac OS X 10.3.9 and 10.4.10 allows remote attackers to obtain sensitive information via a popup window, which is able to read the current URL of the parent window. | |||||
| CVE-2007-3058 | 1 Madirish Webmail | 1 Madirish Webmail | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Madirish Webmail 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter to (1) calendar.php, (2) compose.php, and (3) index.php, different vectors than CVE-2007-2826. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2786 | 1 Ircd-ratbox | 1 Ircd-ratbox | 2017-07-29 | 5.0 MEDIUM | N/A |
| Ratbox IRC Daemon (aka ircd-ratbox) 2.2.5 and earlier allows remote attackers to cause a denial of service (resource exhaustion) by making many requests from a single client. | |||||
| CVE-2007-2784 | 1 Globus | 1 Globus Toolkit | 2017-07-29 | 7.8 HIGH | N/A |
| Unspecified vulnerability in globus-job-manager in Globus Toolkit 4.1.1 and earlier (globus_nexus-6.6 and earlier) allows remote attackers to cause a denial of service (resource exhaustion and system crash) via certain requests to temporary TCP ports for a GRAM2 job or its MPICH-G2 applications. | |||||
| CVE-2007-2781 | 1 Wikyblog | 1 Wikyblog | 2017-07-29 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in include/sessionRegister.php in WikyBlog before 1.4.13 allows remote attackers to inject arbitrary web script or HTML, probably via vectors related to a certain data2 array element. | |||||
| CVE-2007-2410 | 1 Apple | 3 Mac Os X, Mac Os X Server, Webcore | 2017-07-29 | 4.3 MEDIUM | N/A |
| WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties of certain global objects when a new URL is visited in the same window, which allows remote attackers to conduct cross-site scripting (XSS) attacks. | |||||
| CVE-2007-2414 | 2 Microsoft, Myserver | 2 All Windows, Myserver | 2017-07-29 | 7.8 HIGH | N/A |
| MyServer before 0.8.8 allows remote attackers to cause a denial of service via unspecified vectors. | |||||
| CVE-2007-2441 | 1 Caucho Technology | 1 Resin | 2017-07-29 | 5.0 MEDIUM | N/A |
| Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to obtain the system path via certain URLs associated with (1) deploying web applications or (2) displaying .xtp files. | |||||
| CVE-2007-2421 | 1 Hitachi | 1 Groupmax Mobile Option | 2017-07-29 | 7.5 HIGH | N/A |
| Buffer overflow in Hitachi Groupmax Mobile Option for Mobile-Phone 07-00 through 07-30, 5 for i-mode 05-11 through 05-23, and 6 for EZweb 06-00 through 06-04 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-3062 | 1 Hp | 1 System Management Homepage | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.2 running on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-2918 | 1 Logitech | 1 Videocall | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple stack-based buffer overflows in ActiveX controls (1) VibeC in (a) vibecontrol.dll, (2) CallManager and (3) ViewerClient in (b) StarClient.dll, (4) ComLink in (c) uicomlink.dll, and (5) WebCamXMP in (d) wcamxmp.dll in Logitech VideoCall allow remote attackers to cause a denial of service (browser crash) and execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-3067 | 1 Eqdkp | 1 Attunement And Key | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Attunement and Key Tracker 0.95 and earlier plugin for EQdkp allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the (1) keyshow, (2) sortkey, and (3) show parameters to index.php. | |||||
| CVE-2007-2917 | 1 Authentium | 1 Command Antivirus | 2017-07-29 | 9.3 HIGH | N/A |
| Multiple buffer overflows in a certain ActiveX control in odapi.dll in Authentium Command Antivirus before 4.93.8 allow remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-2835 | 2 Debian, Unicon-imc2 | 2 Debian Linux, Unicon-imc2 | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple stack-based buffer overflows in (1) CCE_pinyin.c and (2) xl_pinyin.c in ImmModules/cce/ in unicon-imc2 3.0.4, as used by zhcon and other applications, allow local users to gain privileges via a long HOME environment variable. | |||||
| CVE-2007-3071 | 1 Digital River | 1 Esellerate Sdk | 2017-07-29 | 9.3 HIGH | N/A |
| Buffer overflow in the GetWebStoreURL function in a certain ActiveX control in eSellerateControl365.dll 3.6.5.0 in eSellerate SDK allows user-assisted remote attackers to execute arbitrary code via a long first argument. | |||||
| CVE-2007-3095 | 1 Symantec | 3 Client Security, Norton Antivirus, Reporting Server | 2017-07-29 | 9.0 HIGH | N/A |
| Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, allows attackers to "disable the authentication system" and bypass authentication via unknown vectors. | |||||
| CVE-2007-3078 | 1 Aigaion | 1 Aigaion | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Aigaion before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via the title parameter (Authors and Publication titles) to (1) authoractions.php or (2) publicationactions.php. | |||||
| CVE-2007-3079 | 1 Eqdkp | 1 Eqdkp | 2017-07-29 | 7.1 HIGH | N/A |
| listmembers.php in EQdkp 1.3.2c and earlier allows remote attackers to obtain sensitive information via an invalid compare parameter, which reveals the path. | |||||
| CVE-2007-2865 | 1 Phppgadmin | 1 Phppgadmin | 2017-07-29 | 9.3 HIGH | N/A |
| Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter. | |||||
| CVE-2007-3080 | 1 Hunkaray Okul | 1 Portaly | 2017-07-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in haberoku.asp in Hunkaray Okul Portaly 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2769 | 1 Opendap | 2 Bes, Hyrax | 2017-07-29 | 7.5 HIGH | N/A |
| BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 does not properly handle compressed files, which allows remote attackers to upload arbitrary files or execute arbitrary commands via a crafted compressed file. | |||||