Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5160 | 1 Restaurant Management System | 1 Restaurant Management System | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Thierry Leriche Restaurant Management System (ReMaSys) 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the DIR_ROOT parameter to (a) global.php, or the (2) DIR_PAGE parameter to (b) template/fr/page.php or (c) page/fr/boxConnection.php. | |||||
| CVE-2007-5163 | 1 Nexty | 1 Nexty | 2008-09-05 | 6.8 MEDIUM | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in includes/functions/layout.php in Nexty 1.01.A Beta allows remote attackers to execute arbitrary PHP code via a URL in the rel parameter. NOTE: this issue is disputed by CVE because the applicable include is in a function that is not called on a direct request. | |||||
| CVE-2007-5179 | 1 Y\&k Iletisim Formu | 1 Y\&k Iletisim Formu | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in iletisim.asp in Y&K Iletisim Formu allow remote attackers to inject arbitrary web script or HTML via the (1) ad, (2) sehir, (3) yas, (4) cins, (5) tel, (6) mail, and (7) mesaj parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-4913 | 1 Invision Power Services | 1 Invision Power Board | 2008-09-05 | 7.5 HIGH | N/A |
| ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to upload arbitrary script files with crafted image filenames to uploads/, where they are saved with a .txt extension and are not executable. NOTE: there are limited usage scenarios under which this would be a vulnerability, but it is being tracked by CVE since the vendor has stated it is security-relevant. | |||||
| CVE-2007-4885 | 1 Avnex | 1 Av Mp3 Player | 2008-09-05 | 4.3 MEDIUM | N/A |
| Avnex AV MP3 Player allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error. | |||||
| CVE-2007-4910 | 1 Netinvoicing | 1 Netinvoicing | 2008-09-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in netInvoicing before 2.7.3 has unknown impact and attack vectors, related to "security check soap". | |||||
| CVE-2007-4849 | 1 One Laptop Per Child | 1 Olpc Linux | 2008-09-05 | 4.4 MEDIUM | N/A |
| JFFS2, as used on One Laptop Per Child (OLPC) build 542 and possibly other Linux systems, when POSIX ACL support is enabled, does not properly store permissions during (1) inode creation or (2) ACL setting, which might allow local users to access restricted files or directories after a remount of a filesystem, related to "legacy modes" and an inconsistency between dentry permissions and inode permissions. | |||||
| CVE-2007-5024 | 1 Emc | 1 Vmware Server | 2008-09-05 | 2.1 LOW | N/A |
| EMC VMware Server before 1.0.4 Build 56528 writes passwords in cleartext to unspecified log files, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2005-3620. | |||||
| CVE-2007-5025 | 1 Vmware | 1 Ace | 2008-09-05 | 9.3 HIGH | N/A |
| Unspecified vulnerability in EMC VMware ACE before 1.0.3 Build 54075 allows attackers to have an unknown impact via an unspecified manipulation of "images stored in virtual machines downloaded by the user." | |||||
| CVE-2007-4936 | 1 Office Efficiencies | 1 Safesquid | 2008-09-05 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Office Efficiencies SafeSquid 4.1.x has unknown impact and attack vectors, related to a "serious security flaw," possibly specific to Linux. | |||||
| CVE-2007-5028 | 1 Dibbler | 1 Dibbler | 2008-09-05 | 7.5 HIGH | N/A |
| Dibbler 0.6.0 on Linux uses weak world-writable permissions for unspecified files in /var/lib/dibbler, which has unknown impact and local attack vectors. | |||||
| CVE-2007-5091 | 1 Egroupware | 1 Egroupware | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.4.001 allow remote attackers to inject arbitrary web script or HTML via the cat_data[color] parameter to (1) preferences/inc/class.uicategories.inc.php and (2) admin/inc/class.uicategories.inc.php. | |||||
| CVE-2007-4741 | 1 Claroline | 1 Claroline | 2008-09-05 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in admin/adminusers.php in Claroline before 1.8.6 allows remote authenticated administrators to inject arbitrary web script or HTML via the sort parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-4500 | 1 Sshkeychain | 1 Sshkeychain | 2008-09-05 | 6.9 MEDIUM | N/A |
| Unspecified vulnerability in TunnelRunner in SSHKeychain before 0.8.2 beta, and possibly later versions, allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2007-4534 | 1 Vavoom | 1 Vavoom | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in the VThinker::BroadcastPrintf function in p_thinker.cpp in Vavoom 1.24 and earlier allows remote attackers to execute arbitrary code via (1) a long string in a chat message and possibly (2) a long name field. | |||||
| CVE-2007-4462 | 1 Po4a | 1 Po4a | 2008-09-05 | 3.3 LOW | N/A |
| lib/Locale/Po4a/Po.pm in po4a before 0.32 allows local users to overwrite arbitrary files via a symlink attack on the gettextization.failed.po temporary file. | |||||
| CVE-2007-4501 | 1 Sshkeychain | 1 Sshkeychain | 2008-09-05 | 6.9 MEDIUM | N/A |
| Unspecified vulnerability in PassphraseRequester in SSHKeychain before 0.8.2 beta allows attackers to obtain sensitive information (passwords) via unknown vectors, related to "poor protection." | |||||
| CVE-2007-4669 | 1 Firebirdsql | 1 Firebird | 2008-09-05 | 4.0 MEDIUM | N/A |
| The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log (firebird.log), aka CORE-1148. | |||||
| CVE-2007-4626 | 1 Polipo | 1 Polipo | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Polipo before 1.0.2 allows remote attackers to cause a denial of service (daemon crash) via certain network traffic associated with entities larger than 2 Gb. | |||||
| CVE-2007-4557 | 1 Novell | 1 Groupwise Webaccess | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the webacc servlet in Novell GroupWise 6.5 WebAccess allows remote attackers to inject arbitrary web script or HTML via the User.Id parameter, as demonstrated by a URL within a url field in a STYLE element, possibly due to an incomplete fix for CVE-2004-2103.2. | |||||
| CVE-2007-4635 | 1 Yahoo | 1 Messenger | 2008-09-05 | 5.0 MEDIUM | N/A |
| Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service (application crash) via certain file-transfer packets, possibly involving a buffer overflow, as demonstrated by ym8bug.exe. NOTE: this might be related to CVE-2007-4515. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-4548 | 1 Apache | 1 Geronimo | 2008-09-05 | 10.0 HIGH | N/A |
| The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module. | |||||
| CVE-2007-4535 | 1 Vavoom | 1 Vavoom | 2008-09-05 | 4.3 MEDIUM | N/A |
| The VStr::Resize function in str.cpp in Vavoom 1.24 and earlier allows remote attackers to cause a denial of service (daemon crash) via a string with a negative NewLen value within a certain UDP packet that triggers an assertion error. | |||||
| CVE-2007-4460 | 1 Id3lib | 1 Id3lib | 2008-09-05 | 7.2 HIGH | N/A |
| The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) 3.8.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file whose name is constructed from the name of a file being tagged. | |||||
| CVE-2007-4302 | 1 Freshmeat | 1 Generic Software Wrappers Toolkit | 2008-09-05 | 6.2 MEDIUM | N/A |
| Multiple race conditions in certain system call wrappers in Generic Software Wrappers Toolkit (GSWTK) allow local users to defeat system call interposition and possibly gain privileges or bypass auditing. | |||||
| CVE-2007-4303 | 2 Cerb, Freebsd | 2 Cerbng, Freebsd | 2008-09-05 | 6.2 MEDIUM | N/A |
| Multiple race conditions in (1) certain rules and (2) argument copying during VM protection, in CerbNG for FreeBSD 4.8 allow local users to defeat system call interposition and possibly gain privileges or bypass auditing, as demonstrated by modifying command lines in log-exec.cb. | |||||
| CVE-2007-4306 | 1 Phpmyadmin | 1 Phpmyadmin | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.10.3 allow remote attackers to inject arbitrary web script or HTML via the (1) unlim_num_rows, (2) sql_query, or (3) pos parameter to (a) tbl_export.php; the (4) session_max_rows or (5) pos parameter to (b) sql.php; the (6) username parameter to (c) server_privileges.php; or the (7) sql_query parameter to (d) main.php. NOTE: vector 5 might be a regression or incomplete fix for CVE-2006-6942.7. | |||||
| CVE-2007-4304 | 2 Cerb, Freebsd | 2 Cerbng, Freebsd | 2008-09-05 | 6.2 MEDIUM | N/A |
| CerbNG for FreeBSD 4.8 does not properly implement VM protection when attempting to prevent system call wrapper races, which allows local users to have an unknown impact related to an "incorrect write protection of pages". | |||||
| CVE-2007-4006 | 1 Mike Dubman | 1 Windows Rsh Daemon | 2008-09-05 | 6.8 MEDIUM | N/A |
| Buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 has unknown impact and remote attack vectors, aka ZD-00000034. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. | |||||
| CVE-2007-3992 | 1 Iexpress | 1 Property Pro | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in vir_login.asp in iExpress Property Pro allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the Username parameter is covered by CVE-2006-6029. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-4147 | 1 Interspire | 1 Articlelive Nx | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Interspire ArticleLive NX before 1.7.1.2 have unknown impact and attack vectors, possibly related to (1) AL_SANITIZE and (2) "Calling the constructor to make sure things are checked, safe mode, etc." | |||||
| CVE-2007-4309 | 1 Ibm | 1 Lotus Notes | 2008-09-05 | 3.5 LOW | N/A |
| IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote authenticated administrators to obtain a cleartext notes.id password by setting the notes.ini (1) KFM_ShowEntropy and (2) Debug_Outfile debug variables, a different vulnerability than CVE-2005-2696. | |||||
| CVE-2007-4305 | 5 Netbsd, Openbsd, Sysjail and 2 more | 5 Netbsd, Openbsd, Sysjail and 2 more | 2008-09-05 | 6.2 MEDIUM | N/A |
| Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing. | |||||
| CVE-2007-3676 | 1 Ibm | 1 Db2 | 2008-09-05 | 10.0 HIGH | N/A |
| IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory corruption or other invalid memory access. NOTE: this might be the same issue as CVE-2008-0698. | |||||
| CVE-2007-3828 | 1 Apple | 1 Mac Os X | 2008-09-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in mDNSResponder in Apple Mac OS X allows remote attackers to execute arbitrary code via unspecified vectors, a related issue to CVE-2007-2386. | |||||
| CVE-2007-3693 | 1 Gobi And Helma | 1 Gobi | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Gobi as of 20070711, built on Helma, allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search function. | |||||
| CVE-2007-3627 | 1 Php Lite | 1 Calendar Express | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) login.php, (2) auth.php, and (3) subscribe.php. NOTE: the month.php, year.php, week.php, and day.php vectors are already covered by CVE-2005-4009. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-3638 | 1 Yahoo | 1 Messenger | 2008-09-05 | 6.0 MEDIUM | N/A |
| Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users, who are listed in an address book, to execute arbitrary code via unspecified vectors, aka ZD-00000005. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. | |||||
| CVE-2007-3839 | 1 Tbdev.net | 1 Dr | 2008-09-05 | 4.0 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev.NET DR 010306 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the avatar parameter. NOTE: this may be related to the tracker program in the Janitor package. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-3796 | 1 Mailmarshal | 1 Mailmarshal Smtp | 2008-09-05 | 7.6 HIGH | N/A |
| The password reset feature in the Spam Quarantine HTTP interface for MailMarshal SMTP 6.2.0.x before 6.2.1 allows remote attackers to modify arbitrary account information via a UserId variable with a large amount of trailing whitespace followed by a malicious value, which triggers SQL buffer truncation due to length inconsistencies between variables. | |||||
| CVE-2007-3598 | 1 Vtiger | 1 Vtiger Crm | 2008-09-05 | 5.5 MEDIUM | N/A |
| index.php in vtiger CRM before 5.0.3 allows remote authenticated users to obtain all users' names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the Users module. NOTE: the vendor disputes the changing of settings, reporting that the attack vector results in a "You are not permitted to execute this Operation" error message in a 5.0.3 demo. | |||||
| CVE-2007-3616 | 1 Vtiger | 1 Vtiger Crm | 2008-09-05 | 6.5 MEDIUM | N/A |
| index.php in vtiger CRM before 5.0.3 allows remote authenticated users to perform administrative changes to arbitrary profile settings via a certain profilePrivileges action in the Users module. | |||||
| CVE-2007-3602 | 1 Vtiger | 1 Vtiger Crm | 2008-09-05 | 5.5 MEDIUM | N/A |
| The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demonstrated by the Thunderbird plugin. | |||||
| CVE-2007-3713 | 1 Konst | 1 Centericq | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Konst CenterICQ 4.9.11 through 4.21 allow remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this might overlap CVE-2007-0160. | |||||
| CVE-2007-3841 | 1 Pidgin | 1 Pidgin | 2008-09-05 | 9.0 HIGH | N/A |
| Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux allows remote authenticated users, who are listed in a users list, to execute certain commands via unspecified vectors, aka ZD-00000035. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. | |||||
| CVE-2007-3838 | 1 Tbdev.net | 1 Dr | 2008-09-05 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev.NET DR 11-10-05-BETA-SF1:111005 and earlier allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of a SCRIPT element in the avatar parameter. NOTE: this may be related to the tracker program in the Janitor package. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-3558 | 1 Coppermine | 1 Coppermine Photo Gallery | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component. | |||||
| CVE-2007-3506 | 1 Freetype | 1 Freetype | 2008-09-05 | 7.5 HIGH | N/A |
| The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType 2.3.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors involving bitmap fonts, related to a "memory buffer overwrite bug." | |||||
| CVE-2007-2833 | 3 Debian, Gnu, Mandrakesoft | 4 Debian Linux, Emacs, Mandrake Linux and 1 more | 2008-09-05 | 7.8 HIGH | N/A |
| Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation. | |||||
| CVE-2007-3024 | 1 Clam Anti-virus | 1 Clamav | 2008-09-05 | 2.1 LOW | N/A |
| libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files. | |||||