Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1509 | 1 Holtstraeter | 1 Rot 13 | 2018-10-16 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in enkrypt.php in Sascha Schroeder krypt (aka Holtstraeter Rot 13) allows remote attackers to read arbitrary files via a .. (dot dot) in the datei parameter. | |||||
| CVE-2007-1510 | 1 Particle Blogger | 1 Particle Blogger | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in post.php in Particle Blogger 1.0.0 through 1.2.0 allows remote attackers to execute arbitrary SQL commands via the postid parameter. | |||||
| CVE-2007-1511 | 1 Frontbase | 1 Relational Database Server | 2018-10-16 | 7.1 HIGH | N/A |
| Buffer overflow in FrontBase Relational Database Server 4.2.7 and earlier allows remote authenticated users, with privileges for creating a stored procedure, to execute arbitrary code via a CREATE PROCEDURE request with a long procedure name. | |||||
| CVE-2007-1512 | 1 Microsoft | 4 Visual Studio .net, Windows 2000, Windows 2003 Server and 1 more | 2018-10-16 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025. | |||||
| CVE-2007-1513 | 1 Grafx | 1 Company Website Builder Pro | 2018-10-16 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in comanda.php in GraFX Company WebSite Builder (CWB) PRO 1.9.8, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_PATH parameter. | |||||
| CVE-2007-1514 | 1 Viperweb | 1 Portal | 2018-10-16 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in ViperWeb Portal alpha 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the modpath parameter. | |||||
| CVE-2007-1515 | 1 Horde | 1 Imp | 2018-10-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4.1.3, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via (1) the email Subject header in thread.php, (2) the edit_query parameter in search.php, or other unspecified parameters in search.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-1517 | 1 Paul Knierim | 1 Wsn Guest | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comments.php in WSN Guest 1.02 and 1.21 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-1518 | 1 Woltlab | 1 Burning Board | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in usergroups.php in Woltlab Burning Board (wBB) 2.x allows remote attackers to execute arbitrary SQL commands via the array index of the applicationids array. | |||||
| CVE-2007-1519 | 1 Phpnuke | 1 Php-nuke | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module, a different product than CVE-2006-3948. | |||||
| CVE-2007-1520 | 1 Phpnuke | 1 Php-nuke | 2018-10-16 | 6.8 MEDIUM | N/A |
| The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and earlier does not ensure the SERVER superglobal is an array before validating the HTTP_REFERER, which allows remote attackers to conduct CSRF attacks. | |||||
| CVE-2007-1527 | 1 Microsoft | 1 Windows Vista | 2018-10-16 | 5.0 MEDIUM | N/A |
| The LLTD Mapper in Microsoft Windows Vista does not verify that an IP address in a TLV type 0x07 field in a HELLO packet corresponds to a valid IP address for the local network, which allows remote attackers to trick users into communicating with an external host by sending a HELLO packet with the MW characteristic and a spoofed TLV type 0x07 field, aka the "Spoof and Management URL IP Redirect" attack. | |||||
| CVE-2007-1528 | 1 Microsoft | 1 Windows Vista | 2018-10-16 | 5.0 MEDIUM | N/A |
| The LLTD Mapper in Microsoft Windows Vista allows remote attackers to spoof hosts, and nonexistent bridge relationships, into the network topology map by using a MAC address that differs from the MAC address provided in the Real Source field of the LLTD BASE header of a HELLO packet, aka the "Spoof on Bridge" attack. | |||||
| CVE-2007-1529 | 1 Microsoft | 1 Windows Vista | 2018-10-16 | 4.3 MEDIUM | N/A |
| The LLTD Responder in Microsoft Windows Vista does not send the Mapper a response to a DISCOVERY packet if another host has sent a spoofed response first, which allows remote attackers to spoof arbitrary hosts via a network-based race condition, aka the "Total Spoof" attack. | |||||
| CVE-2007-1530 | 1 Microsoft | 1 Windows Vista | 2018-10-16 | 5.0 MEDIUM | N/A |
| The LLTD Mapper in Microsoft Windows Vista does not properly gather responses to EMIT packets, which allows remote attackers to cause a denial of service (mapping failure) by omitting an ACK response, which triggers an XML syntax error. | |||||
| CVE-2007-1531 | 1 Microsoft | 2 Windows Vista, Windows Xp | 2018-10-16 | 5.0 MEDIUM | N/A |
| Microsoft Windows XP and Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host. | |||||
| CVE-2007-1532 | 1 Microsoft | 1 Windows Vista | 2018-10-16 | 6.4 MEDIUM | N/A |
| The neighbor discovery implementation in Microsoft Windows Vista allows remote attackers to conduct a redirect attack by (1) responding to queries by sending spoofed Neighbor Advertisements or (2) blindly sending Neighbor Advertisements. | |||||
| CVE-2007-1533 | 1 Microsoft | 1 Windows Vista | 2018-10-16 | 5.0 MEDIUM | N/A |
| The Teredo implementation in Microsoft Windows Vista uses the same nonce for communication with different UDP ports within a solicitation session, which makes it easier for remote attackers to spoof the nonce through brute force attacks. | |||||
| CVE-2007-1534 | 1 Microsoft | 1 Windows Vista | 2018-10-16 | 9.3 HIGH | N/A |
| DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window. | |||||
| CVE-2007-1535 | 1 Microsoft | 1 Windows Vista | 2018-10-16 | 7.5 HIGH | N/A |
| Microsoft Windows Vista establishes a Teredo address without user action upon connection to the Internet, contrary to documentation that Teredo is inactive without user action, which increases the attack surface and allows remote attackers to communicate via Teredo. | |||||
| CVE-2007-1536 | 1 File | 1 File | 2018-10-16 | 9.3 HIGH | N/A |
| Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow. | |||||
| CVE-2007-1166 | 1 Nabocorp | 1 Nabopoll | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in result.php in Nabopoll 1.2 allows remote attackers to execute arbitrary SQL commands via the surv parameter. | |||||
| CVE-2007-1170 | 1 Simbin | 4 Gt Legends, Gtr - Fia Get Racing Game, Gtr 2 and 1 more | 2018-10-16 | 5.0 MEDIUM | N/A |
| SimBin GTR - FIA GT Racing Game 1.5.0.0 and earlier, GT Legends 1.1.0.0 and earlier, GTR 2 1.1 and earlier, and RACE - The WTCC Game 1.0 and earlier allow remote attackers to cause a denial of service (client disconnection) via an empty UDP packet to the server port. | |||||
| CVE-2007-1171 | 1 Nukescripts | 1 Nukesentinel | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie. | |||||
| CVE-2007-1172 | 1 Nukescripts | 1 Nukesentinel | 2018-10-16 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the "File Disclosure Exploit." | |||||
| CVE-2007-1194 | 1 Norman | 1 Norman Sandbox Analyzer | 2018-10-16 | 2.1 LOW | N/A |
| Norman SandBox Analyzer does not use the proper range for Interrupt Descriptor Table (IDT) entries, which allows local users to determine that the local machine is an emulator, or a similar environment not based on a physical Intel processor, which allows attackers to produce malware that is more difficult to analyze. | |||||
| CVE-2007-1202 | 1 Microsoft | 3 Word, Word Viewer, Works | 2018-10-16 | 6.8 MEDIUM | N/A |
| Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability." | |||||
| CVE-2007-1203 | 1 Microsoft | 2 Excel, Excel Viewer | 2018-10-16 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption. | |||||
| CVE-2007-1204 | 1 Microsoft | 1 Windows Xp | 2018-10-16 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in Microsoft Windows XP SP2 allows remote attackers on the same subnet to execute arbitrary code via crafted HTTP headers in request or notification messages, which trigger memory corruption. | |||||
| CVE-2007-1205 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2018-10-16 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption. | |||||
| CVE-2007-1206 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2018-10-16 | 7.2 HIGH | N/A |
| The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1, and 2003 SP2; and Windows Vista before June 2006; uses insecure permissions (PAGE_READWRITE) for a physical memory view, which allows local users to gain privileges by modifying the "zero page" during a race condition before the view is unmapped. | |||||
| CVE-2007-1209 | 1 Microsoft | 1 Windows Vista | 2018-10-16 | 7.2 HIGH | N/A |
| Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure. | |||||
| CVE-2007-1211 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2018-10-16 | 7.1 HIGH | N/A |
| Unspecified kernel GDI functions in Microsoft Windows 2000 SP4; XP SP2; and Server 2003 Gold, SP1, and SP2 allows user-assisted remote attackers to cause a denial of service (possibly persistent restart) via a crafted Windows Metafile (WMF) image that causes an invalid dereference of an offset in a kernel structure, a related issue to CVE-2005-4560. | |||||
| CVE-2007-1212 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Vista and 1 more | 2018-10-16 | 6.6 MEDIUM | N/A |
| Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via a crafted Enhanced Metafile (EMF) image format file. | |||||
| CVE-2007-1213 | 1 Microsoft | 1 Windows 2000 | 2018-10-16 | 7.2 HIGH | N/A |
| The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer. | |||||
| CVE-2007-1214 | 1 Microsoft | 2 Excel, Excel Viewer | 2018-10-16 | 6.8 MEDIUM | N/A |
| Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption. | |||||
| CVE-2007-1215 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Vista and 1 more | 2018-10-16 | 7.2 HIGH | N/A |
| Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via certain "color-related parameters" in crafted images. | |||||
| CVE-2007-1220 | 1 Microsoft | 1 Xbox 360 | 2018-10-16 | 6.2 MEDIUM | N/A |
| The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not properly verify the parameters passed to the syscall dispatcher, which allows attackers with physical access to bypass code-signing requirements and execute arbitrary code. | |||||
| CVE-2007-1221 | 1 Microsoft | 1 Xbox 360 | 2018-10-16 | 7.2 HIGH | N/A |
| The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows attackers with physical access to force execution of the hypervisor syscall with a certain register set, which bypasses intended code protection. | |||||
| CVE-2007-1226 | 1 Mcafee | 1 Virex | 2018-10-16 | 4.1 MEDIUM | N/A |
| McAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak permissions (0666) for /Library/Application Support/Virex/VShieldExclude.txt, which allows local users to reconfigure Virex to skip scanning of arbitrary files. | |||||
| CVE-2007-1227 | 1 Mcafee | 1 Virex | 2018-10-16 | 6.6 MEDIUM | N/A |
| VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 allow local users to change permissions of arbitrary files via a symlink attack on /Library/Application Support/Virex/VShieldExclude.txt, as demonstrated by symlinking to the root crontab file to execute arbitrary commands. | |||||
| CVE-2007-1229 | 1 Nullsoft | 1 Shoutcast Server | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the top-level URI on the Incoming interface (port 8001/tcp), which is not properly handled in the administrator interface when viewing the log file. | |||||
| CVE-2007-1231 | 1 Sqlitemanager | 1 Sqlitemanager | 2018-10-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) database name, (2) table name, (3) ViewName, (4) view, (5) trigger, and (6) function fields in main.php and certain other files. | |||||
| CVE-2007-1232 | 1 Sqlite Manager | 1 Sqlite Manager | 2018-10-16 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in SQLiteManager 1.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in a SQLiteManager_currentTheme cookie. | |||||
| CVE-2007-1234 | 1 Bj Sintay | 1 Sitex | 2018-10-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in sitex allow remote attackers to inject arbitrary web script or HTML via (1) the sxYear parameter to calendar.php, (2) the search parameter to search.php, (3) the linkid parameter to redirect.php, or (4) the page parameter to calendar_events.php. | |||||
| CVE-2007-1235 | 1 Bj Sintay | 1 Sitex | 2018-10-16 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in sitex allows remote attackers to upload arbitrary PHP code via an avatar filename with a double extension such as .php.jpg, which fails verification and is saved as a .php file. | |||||
| CVE-2007-1236 | 1 Sitex | 1 Sitex | 2018-10-16 | 6.4 MEDIUM | N/A |
| sitex allows remote attackers to obtain sensitive information via a request with a numerical value for the (1) sxMonth[] or (2) sxYear[] parameter to calendar.php, or the (3) page[] parameter to calendar_events.php, which reveals the path in various error messages. | |||||
| CVE-2007-1237 | 1 Bj Sintay | 1 Sitex | 2018-10-16 | 5.0 MEDIUM | N/A |
| sitex allows remote attackers to obtain potentially sensitive information via a ' (quote) value for certain parameters, as demonstrated by parameters used in forum and search, which forces a SQL error. | |||||
| CVE-2007-1238 | 1 Microsoft | 1 Office | 2018-10-16 | 4.3 MEDIUM | N/A |
| Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file. | |||||
| CVE-2007-1239 | 1 Microsoft | 1 Excel | 2018-10-16 | 4.3 MEDIUM | N/A |
| Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference. | |||||