Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0507 | 1 Drupal | 1 Acidfree | 2017-07-29 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the Acidfree module for Drupal before 4.6.x-1.0, and before 4.7.x-1.0 in the 4.7 series, allows remote authenticated users with "create acidfree albums" privileges to execute arbitrary SQL commands via node titles. | |||||
| CVE-2007-0509 | 1 Maklerplus | 1 Maklerplus | 2017-07-29 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in MaklerPlus before 1.2 have unknown impact and attack vectors, possibly relating to cross-site scripting (XSS) in the slogan parameter in main.tpl, or information leaks in error messages. | |||||
| CVE-2007-0510 | 1 Awffull | 1 Awffull | 2017-07-29 | 10.0 HIGH | N/A |
| Multiple buffer overflows in (1) graphs.c, (2) output.c, and (3) preserve.c in AWFFull 3.7.1 and earlier have unknown impact and attack vectors. NOTE: some of these details are obtained from third party information. NOTE: There may not be any attack vector that crosses privilege boundaries. | |||||
| CVE-2007-1081 | 1 Typo3 | 1 Typo3 | 2017-07-29 | 7.5 HIGH | N/A |
| The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. NOTE: some details were obtained from third party information. | |||||
| CVE-2007-0513 | 1 Hitachi | 5 Hirdb Datareplicator, Hirdb Parallel Server, Hirdb Single Server and 2 more | 2017-07-29 | 5.0 MEDIUM | N/A |
| Hitachi HiRDB Datareplicator 7HiRDB, 7(64), 6, 6(64), 5.0, and 5.0(64); and various products that bundle HiRDB Datareplicator; allows attackers to cause a denial of service (CPU consumption) via certain data. | |||||
| CVE-2007-0162 | 1 Unsanity | 1 Application Enhancer | 2017-07-29 | 6.8 MEDIUM | N/A |
| Unsanity Application Enhancer (APE) 2.0.2 installs with insecure permissions for the (1) ApplicationEnhancer binary and the (2) /Library/Frameworks/ApplicationEnhancer.framework directory, which allows local users to gain privileges by modifying or replacing the binary or library files. | |||||
| CVE-2007-0796 | 1 Bluecoat | 1 Winproxy | 2017-07-29 | 7.5 HIGH | N/A |
| Blue Coat Systems WinProxy 6.1a and 6.0 r1c, and possibly earlier, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP CONNECT request, which triggers heap corruption. | |||||
| CVE-2007-0787 | 1 Simple Invoices | 1 Simple Invoices | 2017-07-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in controller.php in Simple Invoices before 20070202 allows remote attackers to execute arbitrary PHP code via a URL in the (1) module or (2) view parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0531 | 1 Freewebshop | 1 Freewebshop | 2017-07-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/login.php in FreeWebShop 2.2.3 and 2.2.4 before 20070123 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter. | |||||
| CVE-2007-1035 | 1 Drupal | 3 Audio Module, Getid3, Mediafield Module | 2017-07-29 | 7.5 HIGH | N/A |
| Unspecified vulnerability in certain demonstration scripts in getID3 1.7.1, as used in the Mediafield and Audio modules for Drupal, allows remote attackers to read and delete arbitrary files, list arbitrary directories, and write to empty files or .mp3 files via unknown vectors. | |||||
| CVE-2007-0534 | 1 Drupal | 2 Project, Project Issue Tracking Module | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project issue tracking 4.7.0 through 5.x before 20070123 and (2) Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via (a) certain "fields on project nodes" or (b) "certain project-specific settings regarding issue tracking." | |||||
| CVE-2007-0536 | 1 Rpath | 1 Rpath Linux | 2017-07-29 | 7.2 HIGH | N/A |
| The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges. | |||||
| CVE-2007-1241 | 1 Audins Audiens | 1 Audins Audiens | 2017-07-29 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in setup.php in Audins Audiens 3.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-1405 | 1 Edgewall Software | 1 Trac | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2007-0767 | 1 Phorum | 1 Phorum | 2017-07-29 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the core in Phorum before 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-1242 | 1 Audins Audiens | 1 Audins Audiens | 2017-07-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in system/index.php in Audins Audiens 3.3 allows remote attackers to execute arbitrary SQL commands via the PHPSESSID cookie. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0788 | 1 Mediawiki | 1 Mediawiki | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MediaWiki 1.9.x before 1.9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "sortable tables JavaScript." | |||||
| CVE-2007-1243 | 1 Audins Audiens | 1 Audins Audiens | 2017-07-29 | 7.5 HIGH | N/A |
| Audins Audiens 3.3 allows remote attackers to bypass authentication and perform certain privileged actions, possibly an uninstall of the product, by calling unistall.php with the values cnf=disinstalla and status=on. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0758 | 1 Phpprobid | 1 Phpprobid | 2017-07-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lang.php in PHPProbid 5.24 allows remote attackers to execute arbitrary PHP code via a URL in the SRC attribute of an HTML element in the lang parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0752 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-29 | 7.2 HIGH | N/A |
| The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check. | |||||
| CVE-2007-1399 | 2 Pecl Zip, Php | 2 1.8.3, Php | 2017-07-29 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback. | |||||
| CVE-2007-0552 | 1 Oh No Not Another Cms | 1 Oh No Not Another Cms | 2017-07-29 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in install/default/error404.html in Oh no! Not another CMS (Onnac) 0.0.8.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the error_url parameter. | |||||
| CVE-2007-0751 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-29 | 2.1 LOW | N/A |
| A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9 might delete filesystems that have been mounted in /tmp, which might allow local users to cause a denial of service, related to the find command. | |||||
| CVE-2007-1397 | 1 Fish | 1 Fish | 2017-07-29 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) decrypt_topic_332 functions in FiSH allow remote attackers to execute arbitrary code via long strings. | |||||
| CVE-2007-0749 | 1 Apple | 2 Darwin Streaming Server, Mac Os X Server | 2017-07-29 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in the is_command function in proxy.c in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allow remote attackers to execute arbitrary code via a long (1) cmd or (2) server value in an RTSP request. | |||||
| CVE-2007-0750 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-29 | 9.3 HIGH | N/A |
| Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to 10.4.9 allows remote user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted PDF file. | |||||
| CVE-2007-0748 | 1 Apple | 2 Darwin Streaming Server, Mac Os X Server | 2017-07-29 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allows remote attackers to execute arbitrary code via multiple trackID values in a SETUP RTSP request. | |||||
| CVE-2007-0745 | 1 Apple | 1 Mac Os X Server | 2017-07-29 | 7.1 HIGH | N/A |
| The Apple Security Update 2007-004 uses an incorrect configuration file for FTPServer in Apple Mac OS X Server 10.4.9, which might allow remote authenticated users to access additional directories. | |||||
| CVE-2007-0740 | 1 Apple | 1 Mac Os X | 2017-07-29 | 6.8 MEDIUM | N/A |
| Alias Manager in Apple Mac OS X 10.3.9 and 10.4.9 does not display files with the same name in mounted disk images that have the same name, which might allow user-assisted attackers to trick a user into executing malicious files. | |||||
| CVE-2007-0223 | 1 Nicola Asuni | 1 All In One Control Panel | 2017-07-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shared/code/cp_functions_downloads.php in Nicola Asuni All In One Control Panel (AIOCP) before 1.3.009 allows remote attackers to execute arbitrary SQL commands via the download_category parameter. | |||||
| CVE-2007-0563 | 1 Symantec | 1 Web Security | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web Security (SWS) before 3.0.1.85 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) error messages and (2) blocked page messages produced by SWS. | |||||
| CVE-2007-0736 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-29 | 9.3 HIGH | N/A |
| Integer overflow in the RPC library in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via crafted requests to portmap. | |||||
| CVE-2007-0733 | 1 Apple | 2 Imageio, Mac Os X | 2017-07-29 | 9.3 HIGH | N/A |
| Unspecified vulnerability in ImageIO in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RAW image that triggers memory corruption. | |||||
| CVE-2007-0731 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the Apple-specific Samba module (SMB File Server) in Apple Mac OS X 10.4 through 10.4.8 allows context-dependent attackers to execute arbitrary code via a long ACL. | |||||
| CVE-2007-0730 | 1 Apple | 2 Mac Os X, Server Manager | 2017-07-29 | 6.8 MEDIUM | N/A |
| Server Manager (servermgrd) in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently validate authentication credentials, which allows remote attackers to bypass authentication and modify system configuration. | |||||
| CVE-2007-0228 | 1 Eiqnetworks | 1 Enterprise Security Analyzer | 2017-07-29 | 5.0 MEDIUM | N/A |
| The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause a denial of service (service crash) via a (1) &CONNECTSERVER& (2) &ADDENTRY& (3) &FIN& (4) &START& (5) &LOGPATH& (6) &FWADELTA& (7) &FWALOG& (8) &SETSYNCHRONOUS& (9) &SETPRGFILE&, or (10) &SETREPLYPORT& string to TCP port 10618, which triggers a NULL pointer dereference. | |||||
| CVE-2007-0728 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-29 | 4.4 MEDIUM | N/A |
| Unspecified vulnerability in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 creates files insecurely while initializing a USB printer, which allows local users to create or overwrite arbitrary files. | |||||
| CVE-2007-1033 | 1 Drupal | 1 Secure Site Module | 2017-07-29 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Secure site 4.7.x-1.x-dev and 5.x-1.x-dev module for Drupal allows remote attackers to bypass access restrictions via a crafted URL. | |||||
| CVE-2007-1066 | 2 Cisco, Meetinghouse | 4 Secure Services Client, Security Agent, Trust Agent and 1 more | 2017-07-29 | 6.8 MEDIUM | N/A |
| Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting "a thread under ConnectionClient.exe," aka CSCsg20558. | |||||
| CVE-2007-1374 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in pop_profile.asp in Snitz Forums 2000 3.4.06 allows remote attackers to inject arbitrary web script or HTML via the MSN parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-1373 | 1 Pmail | 1 Mercury Mail Transport System | 2017-07-29 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute arbitrary code via a long LOGIN command. NOTE: this might be the same issue as CVE-2006-5961. | |||||
| CVE-2007-0726 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-29 | 5.0 MEDIUM | N/A |
| The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service by connecting to the server before SSH has finished creating keys, which causes the keys to be regenerated and can break trust relationships that were based on the original keys. | |||||
| CVE-2007-0716 | 1 Apple | 1 Quicktime | 2017-07-29 | 5.8 MEDIUM | N/A |
| Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file. | |||||
| CVE-2007-0579 | 1 Horde | 1 Groupware | 2017-07-29 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in the calendar component in Horde Groupware Webmail Edition before 1.0, and Groupware before 1.0, allows remote attackers to include certain files via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-1364 | 1 Dropafew | 1 Dropafew | 2017-07-29 | 6.4 MEDIUM | N/A |
| DropAFew before 0.2.1 does not require authorization for certain privileged actions, which allows remote attackers to (1) view the logged calorie information of arbitrary users via the id parameter in editlogcal.php, (2) add arbitrary links via links.php, or (3) create arbitrary users via newaccount2.php. | |||||
| CVE-2007-1363 | 1 Dropafew | 1 Dropafew | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the delete action in (a) search.php or (b) search-pda.php, or the (2) calories parameter in a save action in editlogcal.php. | |||||
| CVE-2007-0610 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-07-29 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the mailform feature in CMSimple 2.7 fix1 allows remote attackers to inject arbitrary web script or HTML via the sender parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0707 | 1 Gom Player | 1 Gom Player | 2017-07-29 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in GOM Player 2.0.12.3375 allows user-assisted remote attackers to execute arbitrary code via a .ASX file with a long URI in the "ref href" tag. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0583 | 1 Http Commander | 1 Http Commander | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in HTTP Commander 6.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) LogoffMessage parameter to logofflast.aspx or the (2) txtUsername parameter to Default.aspx. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0715 | 1 Apple | 1 Quicktime | 2017-07-29 | 5.8 MEDIUM | N/A |
| Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT file. | |||||