Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1049 | 2 Gentoo, Wordpress | 2 Linux, Wordpress | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable. | |||||
| CVE-2007-1136 | 1 Webmplayer | 1 Webmplayer | 2011-03-08 | 6.8 MEDIUM | N/A |
| index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to execute arbitrary code via shell metacharacters in an exec function call. NOTE: some sources have referred to this as eval injection in the param parameter, but CVE source inspection suggests that this is erroneous. | |||||
| CVE-2007-1047 | 1 Distributed Checksum Clearinghouse | 1 Dcc | 2011-03-08 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Distributed Checksum Clearinghouse (DCC) before 1.3.51 allows remote attackers to delete or add hosts in /var/dcc/maps. | |||||
| CVE-2007-1168 | 1 Trend Micro | 1 Serverprotect | 2011-03-08 | 7.5 HIGH | N/A |
| Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 allows remote attackers to access arbitrary web pages and reconfigure the product via HTTP requests with the splx_2376_info cookie to the web interface port (14942/tcp). | |||||
| CVE-2007-1119 | 1 Novell | 1 Zenworks | 2011-03-08 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in Novell ZENworks 7 Desktop Management Support Pack 1 before Hot patch 3 (ZDM7SP1HP3) allows remote attackers to upload images to certain folders that were not configured in the "Only allow uploads to the following directories" setting via unspecified vectors. | |||||
| CVE-2007-0980 | 3 Hp, Redhat, Suse | 4 Serviceguard For Linux, Enterprise Linux, Suse Linux and 1 more | 2011-03-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP Serviceguard for Linux; packaged for SuSE SLES8 and United Linux 1.0 before SG A.11.15.07, SuSE SLES9 and SLES10 before SG A.11.16.10, and Red Hat Enterprise Linux (RHEL) before SG A.11.16.10; allows remote attackers to obtain unauthorized access via unspecified vectors. | |||||
| CVE-2007-0979 | 1 Lifetype | 1 Lifetype | 2011-03-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in LifeType before 1.1.6, and 1.2 before 1.2-beta2, allows remote attackers to obtain sensitive information (file contents) via a "crafted URL." | |||||
| CVE-2007-1307 | 2 Intel, Lenovo | 2 Pro 1000 Lan Adapter, Thinkpad | 2011-03-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors. | |||||
| CVE-2007-0954 | 1 Mohachat | 1 Moha Chat | 2011-03-08 | 10.0 HIGH | N/A |
| MOHA Chat 0.1b7 and earlier does not require authentication for use of the plug in API, which has unknown impact and attack vectors. | |||||
| CVE-2007-1185 | 1 Web-app.org | 1 Webapp | 2011-03-08 | 5.0 MEDIUM | N/A |
| The (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval forms in WebAPP before 0.9.9.5 use hidden inputs, which has unknown impact and remote attack vectors. | |||||
| CVE-2007-0964 | 1 Cisco | 1 Firewall Services Module | 2011-03-08 | 5.4 MEDIUM | N/A |
| Cisco FWSM 3.x before 3.1(3.18), when authentication is configured to use "aaa authentication match" or "aaa authentication include", allows remote attackers to cause a denial of service (device reboot) via a malformed HTTPS request. | |||||
| CVE-2007-1287 | 1 Php | 1 Php | 2011-03-08 | 4.3 MEDIUM | N/A |
| A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388. | |||||
| CVE-2007-0965 | 1 Cisco | 1 Firewall Services Module | 2011-03-08 | 7.8 HIGH | N/A |
| Cisco FWSM 3.x before 3.1(3.2), when authentication is configured to use "aaa authentication match" or "aaa authentication include", allows remote attackers to cause a denial of service (device reboot) via a long HTTP request. | |||||
| CVE-2007-1187 | 1 Web-app.org | 1 Webapp | 2011-03-08 | 5.5 MEDIUM | N/A |
| WebAPP before 0.9.9.5 allows remote authenticated users, without admin privileges, to obtain sensitive information via (1) the Forum Archive feature and (2) Recent Searches. | |||||
| CVE-2007-0975 | 1 Apache Stats | 1 Apache Stats | 2011-03-08 | 5.0 MEDIUM | N/A |
| Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array. | |||||
| CVE-2007-1071 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 7.8 HIGH | N/A |
| Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image that triggers the overflow during decompression. NOTE: this is a different issue than CVE-2006-3502 and CVE-2006-3503. | |||||
| CVE-2007-1122 | 1 Zephyrsoft Toolbox | 1 Address Book Continued | 2011-03-08 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 and 1.01 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php, a variant of a SQL injection issue that was fixed in 1.01. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-1016 | 1 Aktueldownload | 1 Aktueldownload Haber Script | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via certain vectors related to the HaberDetay.asp and rss.asp components, and the id and kid parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the combination of the HaberDetay.asp component and the id parameter is already covered by another February 2007 CVE candidate. | |||||
| CVE-2007-0974 | 1 Ian Bezanson | 1 Dropbox | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Ian Bezanson DropBox before 0.0.4 beta have unknown impact and attack vectors, possibly related to a variable extraction vulnerability. | |||||
| CVE-2007-1188 | 1 Web-app.org | 1 Webapp | 2011-03-08 | 7.5 HIGH | N/A |
| WebAPP before 0.9.9.5 allows remote attackers to submit Search form input that is not checked for (1) composition or (2) length, which has unknown impact, possibly related to "search form hijacking". | |||||
| CVE-2007-1186 | 1 Web-app.org | 1 Webapp | 2011-03-08 | 5.0 MEDIUM | N/A |
| WebAPP before 0.9.9.5 does not "censor" the Latest Member real name, which has unknown impact. | |||||
| CVE-2007-1325 | 1 Phpmyadmin | 1 Phpmyadmin | 2011-03-08 | 7.1 HIGH | N/A |
| The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions. NOTE: it could be argued that this vulnerability is caused by a problem in PHP (CVE-2006-1549) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpMyAdmin. | |||||
| CVE-2007-1183 | 1 Web-app.org | 1 Webapp | 2011-03-08 | 7.5 HIGH | N/A |
| WebAPP before 0.9.9.5 allows remote authenticated users to spoof another user's Real Name via whitespace, which has unknown impact and attack vectors. | |||||
| CVE-2007-1175 | 1 Web-app.org | 1 Webapp | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in an admin feature in WebAPP before 20070209 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-1182 | 1 Web-app.org | 1 Webapp | 2011-03-08 | 6.4 MEDIUM | N/A |
| WebAPP before 0.9.9.5 allows remote Guest users to edit a Guest profile, which has unknown impact. | |||||
| CVE-2007-1134 | 1 Watchtower | 1 Watchtower | 2011-03-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Watchtower (WT) before 0.12 has unknown impact and attack vectors, related to "unauthorized accounts." | |||||
| CVE-2007-0963 | 1 Cisco | 1 Firewall Services Module | 2011-03-08 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.3), when set to log at the "debug" level, allows remote attackers to cause a denial of service (device reboot) by sending packets that are not of a particular protocol such as TCP or UDP, which triggers the reboot during generation of Syslog message 710006. | |||||
| CVE-2007-1181 | 1 Web-app.org | 1 Webapp | 2011-03-08 | 5.0 MEDIUM | N/A |
| WebAPP before 0.9.9.5 passes (1) Unused Informations and (2) the username through Edit Profile forms, which has unknown impact and attack vectors. | |||||
| CVE-2007-0564 | 1 Symantec | 1 Web Security | 2011-03-08 | 4.0 MEDIUM | N/A |
| The license registering interface in Symantec Web Security (SWS) before 3.0.1.85 allows attackers to cause a denial of service (CPU consumption) by submitting a large file. | |||||
| CVE-2007-0705 | 1 Fenrir | 2 Portable Sleipnir, Sleipnir | 2011-03-08 | 7.5 HIGH | N/A |
| Cross-zone scripting vulnerability in Sleipnir 2.49 and earlier, and Portable Sleipnir 2.45 and earlier, allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0706 | 1 Fenrir | 1 Darksky Rss Bar | 2011-03-08 | 7.5 HIGH | N/A |
| Cross-zone scripting vulnerability in Darksky RSS bar for Internet Explorer before 1.29, RSS bar for Sleipnir before 1.29, and RSS bar for unDonut before 1.29 allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0729 | 1 Apple | 3 Mac Os X, Mac Os X Preview.app, Mac Os X Server | 2011-03-08 | 7.2 HIGH | N/A |
| Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment before executing commands, which allows local users to gain privileges by setting unspecified environment variables. | |||||
| CVE-2007-0663 | 1 Eclectic Designs | 1 Cascadianfaq | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the qid parameter, a different vector than CVE-2007-0631. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0732 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the CoreServices daemon in CarbonCore in Apple Mac OS X 10.4 through 10.4.9 allows local users to gain privileges via unspecified vectors involving "obtaining a send right to [the] Mach task port." | |||||
| CVE-2007-0735 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving crafted web pages that trigger certain error conditions that are not properly reported in certain circumstances, resulting in accessing deallocated memory. | |||||
| CVE-2007-0661 | 1 Intel | 9 Enterprise Southbridge 2 Bmc, Enterprise Southbridge Bmc, Server Board S5000pal and 6 more | 2011-03-08 | 5.4 MEDIUM | N/A |
| Intel Enterprise Southbridge 2 Baseboard Management Controller (BMC), Intel Server Boards 5000XAL, S5000PAL, S5000PSL, S5000XVN, S5000VCL, S5000VSA, SC5400RA, and OEM Firmware for Intel Enterprise Southbridge Baseboard Management Controller before 20070119, when Intelligent Platform Management Interface (IPMI) is enabled, allow remote attackers to connect and issue arbitrary IPMI commands, possibly triggering a denial of service. | |||||
| CVE-2007-0659 | 1 Modxcms | 1 Filedownload | 2011-03-08 | 7.5 HIGH | N/A |
| download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials. | |||||
| CVE-2007-0737 | 1 Apple | 1 Mac Os X | 2011-03-08 | 4.6 MEDIUM | N/A |
| The Login Window in Apple Mac OS X 10.3.9 through 10.4.9 does not properly check certain environment variables, which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2007-0738 | 1 Apple | 1 Mac Os X | 2011-03-08 | 4.6 MEDIUM | N/A |
| The Login Window in Apple Mac OS X 10.4 through 10.4.9 does not display the screen saver authentication dialog in certain circumstances when waking from sleep, even though the "require a password to wake the computer from sleep" option is enabled, which allows local users to bypass authentication controls. | |||||
| CVE-2007-0739 | 1 Apple | 1 Mac Os X | 2011-03-08 | 4.6 MEDIUM | N/A |
| The Login Window in Apple Mac OS X 10.4 through 10.4.9 displays the software update window beneath the loginwindow authentication dialog in certain circumstances related to running scheduled tasks, which allows local users to bypass authentication controls. | |||||
| CVE-2007-0741 | 1 Apple | 1 Mac Os X | 2011-03-08 | 7.5 HIGH | N/A |
| Buffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9 through 10.4.9, when Internet Sharing is enabled, allows remote attackers to execute arbitrary code via malformed RTSP packets. | |||||
| CVE-2007-0746 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via a "crafted SIP packet when initializing an audio/video conference". | |||||
| CVE-2007-0636 | 1 Inotify | 1 Incron | 2011-03-08 | 2.1 LOW | N/A |
| Unspecified vulnerability in inotify before 0.3.5 has unknown impact and attack vectors, related to "access rights to watched files." | |||||
| CVE-2007-0742 | 1 Apple | 1 Mac Os X | 2011-03-08 | 7.8 HIGH | N/A |
| The WebFoundation framework in Apple Mac OS X 10.3.9 and earlier allows subdomain cookies to be accessed by the parent domain, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2007-0632 | 1 Asp Edge | 1 Asp Edge | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via a username cookie, a different vector than CVE-2007-0560. | |||||
| CVE-2007-0630 | 1 X-dev | 1 Xnews | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the generate_csv function in classes/class.news.php in X-dev xNews 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) from, and (3) q parameters, different vectors than CVE-2007-0569. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0725 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 7.2 HIGH | N/A |
| Buffer overflow in the AirPortDriver module for AirPort in Apple Mac OS X 10.3.9 through 10.4.9, when running on hardware with the original AirPort wireless card, allows local users to execute arbitrary code by "sending malformed control commands." | |||||
| CVE-2007-0619 | 1 Chmlib | 1 Chmlib | 2011-03-08 | 9.3 HIGH | N/A |
| chmlib before 0.39 allows user-assisted remote attackers to execute arbitrary code via a crafted page block length in a CHM file, which triggers memory corruption. | |||||
| CVE-2007-0611 | 1 Free Lan Intra Internet Portal | 1 Free Lan Intra Internet Portal | 2011-03-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) inc.page.php and (2) inc.text.php. | |||||
| CVE-2007-0723 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 8.5 HIGH | N/A |
| Unspecified vulnerability in the authentication feature for DirectoryService (DS Plug-Ins) for Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote authenticated LDAP users to modify the root password and gain privileges via unknown vectors. | |||||