Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2849 | 1 Knowledgetree Document Management | 1 Knowledgetree Document Management | 2017-07-29 | 10.0 HIGH | N/A |
| KnowledgeTree Document Management (aka KnowledgeTree Open Source) before STABLE 3.3.7 does not require a password for an unregistered user, when the user exists in Active Directory, which allows remote attackers to log onto KTDMS without the intended authorization check. | |||||
| CVE-2007-2850 | 1 Citrix | 2 Access Essentials, Metaframe | 2017-07-29 | 10.0 HIGH | N/A |
| The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a modified address:port string. | |||||
| CVE-2007-2855 | 1 Dart | 1 Dart Ziplite Compression | 2017-07-29 | 9.3 HIGH | N/A |
| Buffer overflow in a certain ActiveX control in DartZipLite.dll 1.8.5.3 in Dart ZipLite Compression for ActiveX allows user-assisted remote attackers to execute arbitrary code via a long first argument to the QuickZip function, a related issue to CVE-2007-2856. | |||||
| CVE-2007-2865 | 1 Phppgadmin | 1 Phppgadmin | 2017-07-29 | 9.3 HIGH | N/A |
| Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter. | |||||
| CVE-2007-2877 | 1 Tcl Tk | 1 Tcl Tk | 2017-07-29 | 7.2 HIGH | N/A |
| Buffer overflow in tcl/win/tclWinReg.c in Tcl (Tcl/Tk) before 8.5a6 allows local users to gain privileges via long registry key paths. | |||||
| CVE-2007-2881 | 1 Sun | 1 Java System Web Proxy Server | 2017-07-29 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in the SOCKS proxy support (sockd) in Sun Java Web Proxy Server before 4.0.5 allow remote attackers to execute arbitrary code via crafted packets during protocol negotiation. | |||||
| CVE-2007-2886 | 1 Nortel | 1 Communications Server | 2017-07-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Nortel CS 1000 M media card in Enterprise VoIP-Core-CS 1000E, 1000M, and 1000S 04.50W before 20070523 in Meridian/CS 1000 allows remote attackers to cause a denial of service (card hang) via unspecified vectors. | |||||
| CVE-2007-2892 | 1 Asp-nuke | 1 Asp-nuke | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in news.asp in ASP-Nuke 2.0.7 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2895 | 1 Lead Technologies | 1 Leadtools Raster Dialog File Object | 2017-07-29 | 7.5 HIGH | N/A |
| Buffer overflow in a certain ActiveX control in LTRDF14e.DLL 14.5.0.44 in LeadTools Raster Dialog File Object allows remote attackers to execute arbitrary code via a long Directory property value. | |||||
| CVE-2007-2896 | 2 Microsoft, Symantec | 2 All Windows, Enterprise Security Manager | 2017-07-29 | 4.3 MEDIUM | N/A |
| Race condition in the Symantec Enterprise Security Manager (ESM) 6.5.3 managers and agents on Windows before 20070524 allows remote attackers to cause a denial of service (CPU consumption and application hang) via certain network scans to ESM ports. | |||||
| CVE-2007-2897 | 1 Microsoft | 1 Internet Information Server | 2017-07-29 | 7.5 HIGH | N/A |
| Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic); and might allow attackers with physical access to execute arbitrary code after connecting a data stream to a device COM port; via requests for a URI containing a '/' immediately before and after the name of a DOS device, as demonstrated by the /AUX/.aspx URI, which bypasses a blacklist for DOS device requests. | |||||
| CVE-2007-2903 | 1 Microsoft | 1 Office | 2017-07-29 | 5.0 MEDIUM | N/A |
| Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries. | |||||
| CVE-2007-2911 | 1 Jelsoft | 1 Vbulletin | 2017-07-29 | 8.5 HIGH | N/A |
| SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached After" field (GPC['search']['datelineafter'] variable), a related issue to CVE-2007-1573. | |||||
| CVE-2007-2917 | 1 Authentium | 1 Command Antivirus | 2017-07-29 | 9.3 HIGH | N/A |
| Multiple buffer overflows in a certain ActiveX control in odapi.dll in Authentium Command Antivirus before 4.93.8 allow remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-2918 | 1 Logitech | 1 Videocall | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple stack-based buffer overflows in ActiveX controls (1) VibeC in (a) vibecontrol.dll, (2) CallManager and (3) ViewerClient in (b) StarClient.dll, (4) ComLink in (c) uicomlink.dll, and (5) WebCamXMP in (d) wcamxmp.dll in Logitech VideoCall allow remote attackers to cause a denial of service (browser crash) and execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-2919 | 1 E-book Systems | 1 Flipviewer | 2017-07-29 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in the FViewerLoading ActiveX control (FlipViewerX.dll) in E-Book Systems FlipViewer before 4.1 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via long (1) UID, (2) Opf, (3) PAGENO, (4) LaunchMode, (5) SubID, (6) BookID, (7) LibraryID, (8) SubURL, and (9) LoadOpf properties. | |||||
| CVE-2007-2920 | 1 Zoomify | 1 Zoomify Viewer Activex Control | 2017-07-29 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in the Zoomify Viewer ActiveX control in ZActiveX.dll might allow remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-2921 | 1 Corel | 1 Activecgm Browser | 2017-07-29 | 9.3 HIGH | N/A |
| Multiple buffer overflows in acgm.dll in the Corel / Micrografx ActiveCGM Browser ActiveX control before 7.1.4.19 allow remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-2923 | 1 Novell | 1 Extend Director | 2017-07-29 | 9.3 HIGH | N/A |
| The launch method in the LocalExec ActiveX control (LocalExec.ocx) in Novell exteNd Director 4.1 and Portal Services allows remote attackers to execute arbitrary commands. | |||||
| CVE-2007-2924 | 1 Realnetworks | 1 Gamehouse | 2017-07-29 | 10.0 HIGH | N/A |
| Multiple buffer overflows in RealNetworks GameHouse dldisplay ActiveX control (ghdlctl.dll) allow remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2007-2927 | 2 Atheros, Microsoft | 2 Wireless Adapter Drivers, All Windows | 2017-07-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Atheros 802.11 a/b/g wireless adapter drivers before 5.3.0.35, and 6.x before 6.0.3.67, on Windows allows remote attackers to cause a denial of service via a crafted 802.11 management frame. | |||||
| CVE-2007-2948 | 1 Mplayer | 1 Mplayer | 2017-07-29 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in stream/stream_cddb.c in MPlayer before 1.0rc1try3 allow remote attackers to execute arbitrary code via a CDDB entry with a long (1) album title or (2) category. | |||||
| CVE-2007-2950 | 3 Centennial, Numara, Symantec | 3 Discovery, Asset Manager, Discovery | 2017-07-29 | 7.2 HIGH | N/A |
| Centennial Discovery 2006 Feature Pack 1, which is used by (1) Numara Asset Manager 8.0 and (2) Symantec Discovery 6.5, uses insecure permissions on certain directories, which allows local users to gain privileges. | |||||
| CVE-2007-2954 | 1 Novell | 1 Client | 2017-07-29 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2 through SP4 for Windows allow remote attackers to execute arbitrary code via certain long arguments to the (1) RpcAddPrinterDriver, (2) RpcGetPrinterDriverDirectory, and other unspecified RPC requests, aka Novell bug 300870, a different vulnerability than CVE-2006-5854. | |||||
| CVE-2007-2955 | 1 Symantec | 3 Norton Antivirus, Norton Internet Security, Norton System Works | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple unspecified "input validation error" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006, allows remote attackers to execute arbitrary code via (1) the AnomalyList property to AxSysListView32 and (2) Anomaly property to AxSysListView32OAA. | |||||
| CVE-2007-2956 | 2 Pfstools, Qtpfsgui | 2 Pfstools, Qtpfsgui | 2017-07-29 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the readRadianceHeader function in (1) src/fileformat/rgbeio.cpp in pfstools 1.6.2 and (2) src/Fileformat/rgbeio.cpp in Qtpfsgui 1.8.11 allows remote attackers to execute arbitrary code via a crafted Radiance RGBE (.hdr) file. | |||||
| CVE-2007-2957 | 1 Mcafee | 1 E-business Server | 2017-07-29 | 9.3 HIGH | N/A |
| Integer overflow in McAfee E-Business Server before 8.5.3 for Solaris, and before 8.1.2 for Linux, HP-UX, and AIX, allows remote attackers to execute arbitrary code via a large length value in an authentication packet, which results in a heap-based buffer overflow. | |||||
| CVE-2007-2958 | 2 Sylpheed, Sylpheed-claws | 2 Sylpheed, Sylpheed-claws | 2017-07-29 | 6.8 MEDIUM | N/A |
| Format string vulnerability in the inc_put_error function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies. | |||||
| CVE-2007-2960 | 1 Scallywag.org | 1 Scallywag | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Scallywag 2005-04-25 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin_name parameter to template.php in (1) skin/dark/, (2) skin/gold/, or (3) skin/original/, a different vector than CVE-2007-2900. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2961 | 1 Filecloset | 1 Filecloset | 2017-07-29 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in FileCloset before 1.1.5 allows remote attackers to upload arbitrary PHP files via unspecified vectors. | |||||
| CVE-2007-2963 | 1 Invision Power Services | 1 Invision Power Board | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources. | |||||
| CVE-2007-2964 | 1 F-secure | 1 Policy Manager | 2017-07-29 | 5.0 MEDIUM | N/A |
| The fsmsh.dll host module in F-Secure Policy Manager Server 7.00 and earlier allows remote attackers to cause a denial of service (application crash) via NTFS reserved words in filenames in URLs. | |||||
| CVE-2007-2965 | 1 F-secure | 7 F-secure Anti-virus, F-secure Anti-virus Client Security, F-secure Anti-virus Linux Client Security and 4 more | 2017-07-29 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the Real-time Scanning component in multiple F-Secure products, including Internet Security 2005, 2006 and 2007; Anti-Virus 2005, 2006 and 2007; and Solutions based on F-Secure Protection Service for Consumers 6.40 and earlier allows local users to gain privileges via a crafted I/O request packet (IRP), related to IOCTL (Input/Output Control) and "access validation of the address space." | |||||
| CVE-2007-2970 | 1 8e6 Technologies | 1 R3000 Internet Filter | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cgi/block.cgi in 8e6 R3000 Internet Filter allow remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) CAT, and (3) USER parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2976 | 1 Cetrinity | 2 Firstclass, Server And Internet Services | 2017-07-29 | 4.3 MEDIUM | N/A |
| Centrinity FirstClass 8.3 and earlier, and Server and Internet Services 8.0 and earlier, do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS) attacks. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2977 | 1 Domjudge | 1 Domjudge | 2017-07-29 | 7.8 HIGH | N/A |
| Buffer overflow in the receive function in submit/submitcommon.c in the submit daemon in DOMjudge before 2.0.0RC1 allows remote attackers to cause a denial of service or have other unspecified impact. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2979 | 1 Techno Dreams | 1 Web Directory | 2017-07-29 | 7.8 HIGH | N/A |
| Techno Dreams Web Directory / Search Engine 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Database.mdb. | |||||
| CVE-2007-2980 | 1 Lead Technologies | 2 Leadtools Raster Image Sdk, Leadtools Raster Isis Object | 2017-07-29 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in a certain ActiveX control in LEADTOOLS LEAD Raster ISIS Object (LTRIS14e.DLL) 14.5.0.44 allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long DriverName property, a different ActiveX control than CVE-2007-2827. | |||||
| CVE-2007-2981 | 1 Lead Technologies | 1 Leadtools Raster Ocr Document Object Library | 2017-07-29 | 9.3 HIGH | N/A |
| Buffer overflow in a certain ActiveX control in LEAD Technologies LEADTOOLS Raster OCR Document Object Library (ltrdc14e.dll) 14.5.0.44 allows remote attackers to execute arbitrary code via a long DictionaryFileName property. | |||||
| CVE-2007-2982 | 1 Bt | 1 Business Connect Webhelper Activex Control | 2017-07-29 | 9.3 HIGH | N/A |
| Multiple buffer overflows in the British Telecommunications Business Connect webhelper ActiveX control before 1.0.0.7 in btbconnectwebcontrol.dll allow remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-2983 | 1 Btglobalservices | 1 Bt Consumer Webhelper | 2017-07-29 | 9.3 HIGH | N/A |
| Multiple buffer overflows in the British Telecommunications Consumer webhelper ActiveX control before 2.0.0.8 in btwebcontrol.dll allow remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-2984 | 1 Media Technology Group | 1 Cdpass Activex Control | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple stack-based buffer overflows in the Media Technology Group CDPass ActiveX control in CDPass.dll allow remote attackers to execute arbitrary code via unspecified vectors, possibly involving the GetTOC2 method. | |||||
| CVE-2007-2995 | 1 Ibm | 1 Aix | 2017-07-29 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in sysmgt.websm.rte in IBM AIX 5.2.0 and 5.3.0 has unknown impact and attack vectors. | |||||
| CVE-2007-2998 | 1 Hp | 1 Openvms | 2017-07-29 | 4.9 MEDIUM | N/A |
| The Pascal run-time library (PAS$RTL.EXE) before 20070418 on OpenVMS for Integrity Servers 8.3, and PAS$RTL.EXE before 20070419 on OpenVMS Alpha 8.3, does not properly restore PC and PSL values, which allows local users to cause a denial of service (system crash) via certain Pascal code. | |||||
| CVE-2007-3008 | 1 Mbedthis Software | 1 Mbedthis Appweb Http Server | 2017-07-29 | 4.3 MEDIUM | N/A |
| Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing (XST) attacks, a related issue to CVE-2004-2320 and CVE-2005-3398. | |||||
| CVE-2007-3021 | 1 Symantec | 3 Client Security, Norton Antivirus, Reporting Server | 2017-07-29 | 7.5 HIGH | N/A |
| Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export. | |||||
| CVE-2007-3022 | 1 Symantec | 3 Client Security, Norton Antivirus, Reporting Server | 2017-07-29 | 4.3 MEDIUM | N/A |
| Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks. | |||||
| CVE-2007-3042 | 1 Meneame | 1 Meneame | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Meneame before 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-3043 | 1 Hitachi | 3 Groupmax Collaboration Portal, Groupmax Collaboration Web Client, Ucosminexus Collaboration Portal | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Collaboration - File Sharing 01-20 up to 01-20-/B and 01-30 up to 01-30-/B in Hitachi Groupmax Collaboration Portal up to 07-30-/D, Groupmax Collaboration Web Client - Forum/File Sharing up to 07-30-/C, uCosminexus Collaboration Portal up to 06-30-/D, and uCosminexus Collaboration Portal - Forum/File Sharing up to 06-30-/C on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-3044 | 2 Hitachi, Hp | 3 Hi Ux We2, Xp W, Hp-ux | 2017-07-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Map I/O Service (xpwmap) in Hitachi XP/W on HI-UX/WE2 before 20070319, and XP/W on HP-UX before 20070405, allows remote attackers to cause a denial of service via certain data to the service port. | |||||