Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0578 | 1 Mpg123 | 1 Mpg123 | 2011-03-08 | 4.3 MEDIUM | N/A |
| The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early. | |||||
| CVE-2007-0732 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the CoreServices daemon in CarbonCore in Apple Mac OS X 10.4 through 10.4.9 allows local users to gain privileges via unspecified vectors involving "obtaining a send right to [the] Mach task port." | |||||
| CVE-2007-0735 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving crafted web pages that trigger certain error conditions that are not properly reported in certain circumstances, resulting in accessing deallocated memory. | |||||
| CVE-2007-0737 | 1 Apple | 1 Mac Os X | 2011-03-08 | 4.6 MEDIUM | N/A |
| The Login Window in Apple Mac OS X 10.3.9 through 10.4.9 does not properly check certain environment variables, which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2007-0738 | 1 Apple | 1 Mac Os X | 2011-03-08 | 4.6 MEDIUM | N/A |
| The Login Window in Apple Mac OS X 10.4 through 10.4.9 does not display the screen saver authentication dialog in certain circumstances when waking from sleep, even though the "require a password to wake the computer from sleep" option is enabled, which allows local users to bypass authentication controls. | |||||
| CVE-2007-0739 | 1 Apple | 1 Mac Os X | 2011-03-08 | 4.6 MEDIUM | N/A |
| The Login Window in Apple Mac OS X 10.4 through 10.4.9 displays the software update window beneath the loginwindow authentication dialog in certain circumstances related to running scheduled tasks, which allows local users to bypass authentication controls. | |||||
| CVE-2007-0741 | 1 Apple | 1 Mac Os X | 2011-03-08 | 7.5 HIGH | N/A |
| Buffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9 through 10.4.9, when Internet Sharing is enabled, allows remote attackers to execute arbitrary code via malformed RTSP packets. | |||||
| CVE-2007-0746 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via a "crafted SIP packet when initializing an audio/video conference". | |||||
| CVE-2007-0535 | 1 Vote Pro | 1 Vote Pro | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly earlier, allow remote attackers to execute arbitrary code via requests to unspecified PHP scripts with the poll_id parameter, which is supplied to eval function calls, a different set of vectors than CVE-2007-0504. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0719 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via an image with a crafted ColorSync profile. | |||||
| CVE-2007-0525 | 1 Grigoriadis | 1 Mini Web Server | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Nickolas Grigoriadis Mini Web server (MiniWebsvr) before 0.05 have unknown impact and attack vectors. | |||||
| CVE-2007-0553 | 1 Phproxy | 1 Phproxy | 2011-03-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.inc.php in PHProxy before 0.5 beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) data[realm] and (2) _url parameters, different vectors than CVE-2004-2604. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0491 | 1 Sky Gunning | 1 Myspeach | 2011-03-08 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in up.php in Sky GUNNING MySpeach 3.0.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the my_ms[root] parameter, a different vector than CVE-2006-4630. NOTE: Some of these details are obtained from third party information. | |||||
| CVE-2007-0514 | 1 Hitachi | 19 Cosminexus Application Server, Cosminexus Application Server Version 5, Cosminexus Developer Light Version 6 and 16 more | 2011-03-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps. | |||||
| CVE-2007-0417 | 1 Bea | 1 Weblogic Server | 2011-03-08 | 10.0 HIGH | N/A |
| BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm, allows attackers to execute certain EJB container persistence operations with an administrative identity. | |||||
| CVE-2007-0512 | 1 Hitachi | 2 Tpi Link, Tpi Server Base | 2011-03-08 | 5.0 MEDIUM | N/A |
| Hitachi TP1/LiNK 05-00 through 05-03-/F, 03-04 through 03-06-/K, and 03-00 through 03-03-/H; and TP1/Server Base 05-00 through 05-00-/M, 03-01-E through 03-01-FD, 03-01 through 03-01-DB, and 05-03; allow attackers to cause a denial of service (process crash) via invalid data to an OpenTP1 port. | |||||
| CVE-2007-0318 | 1 Apple | 1 Mac Os X | 2011-03-08 | 7.8 HIGH | N/A |
| The do_hfs_truncate function in Mac OS X 10.4.8 allows context-dependent attackers to cause a denial of service (kernel panic) via a crafted HFS+ filesystem in a DMG image, which causes an access of an invalid vnode structure during file removal. | |||||
| CVE-2007-0415 | 1 Bea | 1 Weblogic Server | 2011-03-08 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce access control after a dynamic update and dynamic redeployment of an application that is implemented through exploded jars, which allows attackers to bypass intended access restrictions. | |||||
| CVE-2007-0299 | 1 Apple | 1 Mac Os X | 2011-03-08 | 7.1 HIGH | N/A |
| Integer overflow in the byte_swap_sbin function in bsd/ufs/ufs/ufs_byte_order.c in Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service (kernel panic) by mounting a crafted Unix File System (UFS) DMG image, which triggers an invalid pointer dereference. | |||||
| CVE-2007-0231 | 1 Six Apart | 1 Movable Type | 2011-03-08 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, when nofollow is disabled and unmoderated comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Comments field. | |||||
| CVE-2007-0416 | 1 Bea | 1 Weblogic Server | 2011-03-08 | 7.5 HIGH | N/A |
| The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and 9.1 does not verify credentials when decrypting client messages, which allows remote attackers to bypass application security. | |||||
| CVE-2007-0473 | 1 Smb4k | 1 Smb4k | 2011-03-08 | 1.9 LOW | N/A |
| The writeFile function in core/smb4kfileio.cpp in Smb4K before 0.8.0 does not preserve /etc/sudoers permissions across modifications, which allows local users to obtain sensitive information (/etc/sudoers contents) by reading this file. | |||||
| CVE-2007-0408 | 1 Bea | 1 Weblogic Server | 2011-03-08 | 7.5 HIGH | N/A |
| BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate client certificates when reusing cached connections, which allows remote attackers to obtain access via an untrusted X.509 certificate. | |||||
| CVE-2007-0419 | 1 Bea | 1 Weblogic Server | 2011-03-08 | 5.0 MEDIUM | N/A |
| The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage). | |||||
| CVE-2007-0411 | 1 Bea | 1 Weblogic Server | 2011-03-08 | 6.8 MEDIUM | N/A |
| BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when WS-Security is used, does not properly validate certificates, which allows remote attackers to conduct a man-in-the-middle (MITM) attack. | |||||
| CVE-2007-0244 | 2 Debian, Poptop | 2 Debian Linux, Pptp Server | 2011-03-08 | 5.0 MEDIUM | N/A |
| pptpgre.c in PoPToP Point to Point Tunneling Server (pptpd) before 1.3.4 allows remote attackers to cause a denial of service (PPTP connection tear-down) via (1) GRE packets with out-of-order sequence numbers or (2) certain GRE packets that are processed using a wrong pointer and improperly dequeued. | |||||
| CVE-2007-0303 | 1 Pancake.org | 1 Zina | 2011-03-08 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Zina 1.0rc1 and earlier have unknown impact and attack vectors related to "Potential security bugs." | |||||
| CVE-2007-0409 | 1 Bea | 1 Weblogic Server | 2011-03-08 | 1.5 LOW | N/A |
| BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users to read the cleartext password. | |||||
| CVE-2007-0476 | 1 Gentoo | 1 Linux | 2011-03-08 | 4.6 MEDIUM | N/A |
| The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild in Gentoo Linux, does not create temporary directories in /tmp securely during emerge, which allows local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2007-0472 | 1 Smb4k | 1 Smb4k | 2011-03-08 | 3.7 LOW | N/A |
| Multiple race conditions in Smb4K before 0.8.0 allow local users to (1) modify arbitrary files via unspecified manipulations of Smb4K's lock file, which is not properly handled by the remove_lock_file function in core/smb4kfileio.cpp, and (2) add lines to the sudoers file via a symlink attack on temporary files, which isn't properly handled by the writeFile function in core/smb4kfileio.cpp. | |||||
| CVE-2007-0474 | 1 Smb4k | 1 Smb4k | 2011-03-08 | 3.3 LOW | N/A |
| Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to kill arbitrary processes, related to a "design issue with smb4k_kill." | |||||
| CVE-2007-0425 | 1 Bea | 2 Jrockit, Weblogic Server | 2011-03-08 | 7.5 HIGH | N/A |
| Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 through 8.1 SP5, and JRockit 1.4.2 R4.5 and earlier, allows attackers to gain privileges via unspecified vectors, related to an "overflow condition," probably a buffer overflow. | |||||
| CVE-2007-0463 | 1 Apple | 1 Software Update | 2011-03-08 | 5.0 MEDIUM | N/A |
| Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X 10.4.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in (1) SWUTMP or (2) SUCATALOG filenames, or using the (3) application/x-apple.sucatalog+xml MIME type. | |||||
| CVE-2007-0424 | 1 Bea | 1 Weblogic Server | 2011-03-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the BEA WebLogic Server proxy plug-in for Netscape Enterprise Server before September 2006 for Netscape Enterprise Server allow remote attackers to cause a denial of service via certain requests that trigger errors that lead to a server being marked as unavailable, hosting web server failure, or CPU consumption. | |||||
| CVE-2007-0466 | 1 Telestream | 1 Flip4mac Windows Media Components For Quicktime | 2011-03-08 | 10.0 HIGH | N/A |
| Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 allows remote attackers to execute arbitrary code via a crafted ASF_File_Properties_Object size field in a WMV file, which triggers memory corruption. | |||||
| CVE-2007-0422 | 1 Bea | 1 Weblogic Server | 2011-03-08 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, allows remote attackers to cause a denial of service (server inaccessibility) via manipulated socket connections. | |||||
| CVE-2007-0418 | 1 Bea | 1 Weblogic Server | 2011-03-08 | 7.5 HIGH | N/A |
| BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1 does not enforce a security policy that declares permissions for EJB methods that have array parameters, which allows remote attackers to obtain unauthorized access to these methods. | |||||
| CVE-2007-0413 | 1 Bea | 1 Weblogic Server | 2011-03-08 | 4.4 MEDIUM | N/A |
| BEA WebLogic Server 8.1 through 8.1 SP5 stores cleartext data in a backup of config.xml after offline editing, which allows local users to obtain sensitive information by reading this backup file. | |||||
| CVE-2007-0414 | 1 Bea | 1 Weblogic Server | 2011-03-08 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, and 9.0 allows remote attackers to cause a denial of service (server hang) via certain requests that cause muxer threads to block when processing error pages. | |||||
| CVE-2007-0203 | 1 Phpmyadmin | 1 Phpmyadmin | 2011-03-08 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors. | |||||
| CVE-2007-0420 | 1 Bea | 1 Weblogic Server | 2011-03-08 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to obtain sensitive information via malformed HTTP requests, which reveal data from previous requests. | |||||
| CVE-2007-0475 | 1 Smb4k | 1 Smb4k | 2011-03-08 | 4.4 MEDIUM | N/A |
| Multiple stack-based buffer overflows in utilities/smb4k_*.cpp in Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to gain privileges via unspecified vectors related to the args variable and unspecified other variables, in conjunction with the sudo configuration. | |||||
| CVE-2007-0133 | 1 Igeneric | 1 Ig Shop | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in display_review.php in iGeneric iG Shop 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) user_login_cookie parameter. | |||||
| CVE-2007-0139 | 1 Hp | 1 Openvms | 2011-03-08 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in DECnet/OSI 7.3-2 for OpenVMS ALPHA, and the DECnet-Plus 7.3 feature in DECnet/OSI 7.3 for OpenVMS VAX, allows attackers to obtain "unintended privileged access to data and system resources" via unspecified vectors, related to (1) [SYSEXE]CTF$UI.EXE, (2) [SYSMSG]CTF$MESSAGES.EXE, (3) [SYSHLP]CTF$HELP.HLB, and (4) [SYSMGR]CTF$STARTUP.COM. | |||||
| CVE-2007-0157 | 1 Neon | 1 Neon | 2011-03-08 | 7.8 HIGH | N/A |
| Array index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service (crash) via a URI with non-ASCII characters, which triggers a buffer under-read due to a type conversion error that generates a negative index. | |||||
| CVE-2006-7165 | 1 Ibm | 1 Websphere Application Server | 2011-03-08 | 4.3 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows remote attackers to obtain JSP source code and other sensitive information via certain "special URIs." | |||||
| CVE-2007-0198 | 1 Cisco | 4 Ip Contact Center Enterprise, Ip Contact Center Hosted, Unified Contact Center Enterprise and 1 more | 2011-03-08 | 5.0 MEDIUM | N/A |
| The JTapi Gateway process in Cisco Unified Contact Center Enterprise, Unified Contact Center Hosted, IP Contact Center Enterprise, and Cisco IP Contact Center Hosted 5.0 through 7.1 allows remote attackers to cause a denial of service (repeated process restart) via a certain TCP session on the JTapi server port. | |||||
| CVE-2006-7166 | 1 Ibm | 1 Websphere Application Server | 2011-03-08 | 5.0 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows remote attackers to obtain JSP source code and other sensitive information via "a specific JSP URL." | |||||
| CVE-2007-0110 | 1 Novell | 1 Access Manager Identity Server | 2011-03-08 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell Access Manager Identity Server before 3.0.0-1013 allows remote attackers to inject arbitrary web script or HTML via the IssueInstant parameter, which is not properly handled in the resulting error message. | |||||
| CVE-2007-0111 | 1 Resco | 1 Photo Viewer | 2011-03-08 | 6.8 MEDIUM | N/A |
| Buffer overflow in Resco Photo Viewer for PocketPC 4.11 and 6.01, as used in mobile devices running Windows Mobile 5.0, 2003, and 2003SE, allows remote attackers to execute arbitrary code via a crafted PNG image. | |||||