Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6398 | 1 Flat Php | 1 Board | 2018-10-15 | 5.0 MEDIUM | N/A |
| Flat PHP Board 1.2 and earlier allows remote attackers to bypass authentication and obtain limited access to an arbitrary user account via the fpb_username cookie. | |||||
| CVE-2007-6399 | 1 Myupb | 1 Flat Php Board | 2018-10-15 | 6.5 MEDIUM | N/A |
| index.php in Flat PHP Board 1.2 and earlier allows remote authenticated users to obtain the password for the current user account by reading the password parameter value in the HTML source for the page generated by a profile action. | |||||
| CVE-2007-6401 | 2 3ivx, Microsoft | 2 Mpeg-4 Codec, Windows Media Player | 2018-10-15 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in mplayer2.exe in Microsoft Windows Media Player (WMP) 6.4, when used with the 3ivx 4.5.1 or 5.0.1 codec, allows remote attackers to execute arbitrary code via a certain .mp4 file, possibly a related issue to CVE-2007-6402. | |||||
| CVE-2007-6402 | 2 3ivx, Guliverkli | 2 Mpeg-4 Codec, Media Player Classic | 2018-10-15 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in mplayerc.exe in Media Player Classic (MPC) 6.4.9, when used with the 3ivx 4.5.1 or 5.0.1 codec, allows remote attackers to execute arbitrary code via a certain .mp4 file, possibly a related issue to CVE-2007-6401. | |||||
| CVE-2007-6403 | 1 Winamp | 1 Nullsoft Winamp | 2018-10-15 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in Nullsoft Winamp 5.32 allows user-assisted remote attackers to execute arbitrary code via crafted unicode in a .mp4 file, with crafted tags, contained in a certain .rar archive, a related issue to CVE-2007-2498. NOTE: for exploitation, the victim must select a certain menu option at the time of the attack. | |||||
| CVE-2007-6404 | 2 Microsoft, Shttp | 2 Windows, Shttp | 2018-10-15 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URI. | |||||
| CVE-2007-6405 | 1 Shttpd | 1 Shttpd | 2018-10-15 | 6.4 MEDIUM | N/A |
| Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended (1) '+' character, (2) '.' character, (3) %2e sequence (hex-encoded dot), or (4) hex-encoded character greater than 0x7f. NOTE: the %20 vector is already covered by CVE-2007-3407. | |||||
| CVE-2007-6204 | 1 Hp | 1 Openview Network Node Manager | 2018-10-15 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allow remote attackers to execute arbitrary code via unspecified long arguments to (1) ovlogin.exe, (2) OpenView5.exe, (3) snmpviewer.exe, and (4) webappmon.exe, as demonstrated via a long Action parameter to OpenView5.exe. | |||||
| CVE-2007-6205 | 1 S9y | 1 Serendipity | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) in S9Y Serendipity before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a link in an RSS feed. | |||||
| CVE-2007-6211 | 2 Debian, Sing | 2 Debian Linux, Sing | 2018-10-15 | 7.2 HIGH | N/A |
| Send ICMP Nasty Garbage (sing) on Debian GNU/Linux allows local users to append to arbitrary files and gain privileges via the -L (output log file) option. NOTE: this issue is only a vulnerability in limited environments, since sing is not installed setuid, and the administrator would need to override a non-setuid default during installation. | |||||
| CVE-2007-6217 | 1 Irola | 1 My-time | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login.asp in Irola My-Time (aka Timesheet) 3.5 allow remote attackers to execute arbitrary SQL commands via the (1) login (aka Username) and (2) password parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-6226 | 1 Apc | 2 Oas, Switched Rack Pdu Firmware | 2018-10-15 | 7.1 HIGH | N/A |
| The American Power Conversion (APC) AP7932 0u 30amp Switched Rack Power Distribution Unit (PDU), with rpdu 3.5.5 and aos 3.5.6, allows remote attackers to bypass authentication and obtain login access by making a login attempt while a different client is logged in, and then resubmitting the login attempt once the other client exits. | |||||
| CVE-2007-6227 | 1 Qemu | 1 Qemu | 2018-10-15 | 7.2 HIGH | N/A |
| QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock (code_gen_buffer) buffer, and probably have unspecified other impacts related to an "overflow," via certain Windows executable programs, as demonstrated by qemu-dos.com. | |||||
| CVE-2007-6235 | 1 Realnetworks | 1 Realplayer | 2018-10-15 | 5.0 MEDIUM | N/A |
| A certain ActiveX control in RealNetworks RealPlayer 11 allows remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error. NOTE: this might be related to CVE-2007-4904. | |||||
| CVE-2007-6237 | 1 Deluxebb | 1 Deluxebb | 2018-10-15 | 9.0 HIGH | N/A |
| cp.php in DeluxeBB 1.09 does not verify that the membercookie parameter corresponds to the authenticated member during a profile update, which allows remote authenticated users to change the e-mail addresses of arbitrary accounts via a modified membercookie parameter, a different vector than CVE-2006-4078. NOTE: this can be leveraged for administrative access by requesting password-reset e-mail through a lostpw action to misc.php. | |||||
| CVE-2007-6240 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in active.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the BuildTime parameter. | |||||
| CVE-2007-6260 | 1 Oracle | 1 Database Server | 2018-10-15 | 6.8 MEDIUM | N/A |
| The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the installation, if performed using the Database Configuration Assistant (DBCA), most accounts are disabled or their passwords are changed. | |||||
| CVE-2007-6262 | 1 Videolan | 1 Vlc Media Player | 2018-10-15 | 6.8 MEDIUM | N/A |
| A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive plugin release vulnerability." | |||||
| CVE-2007-6271 | 1 Xigla | 1 Absolute News Manager.net | 2018-10-15 | 5.0 MEDIUM | N/A |
| Absolute News Manager.NET 5.1 allows remote attackers to obtain sensitive information via a direct request to getpath.aspx, which reveals the installation path in an error message. | |||||
| CVE-2007-6272 | 1 Joomla | 1 Joomla | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 allow remote attackers to execute arbitrary SQL commands via (1) the view parameter to the com_content component, (2) the task parameter to the com_search component, or (3) the option parameter in a search action to the com_search component. | |||||
| CVE-2007-6277 | 1 Flac | 1 Libflac | 2018-10-15 | 9.3 HIGH | N/A |
| Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size, (5) Picture Data Length, (6) Padding Length, and (7) PICTURE Metadata width and height values in a .FLAC file, which result in a heap-based overflow; and large (8) VORBIS Comment String Size Length, (9) Picture MIME-Type, (10) Picture MIME-Type URL, and (11) Picture Description Length values in a .FLAC file, which result in a stack-based overflow. NOTE: some of these issues may overlap CVE-2007-4619. | |||||
| CVE-2007-6278 | 1 Flac | 1 Libflac | 2018-10-15 | 9.3 HIGH | N/A |
| Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file. | |||||
| CVE-2007-6279 | 1 Flac | 1 Libflac | 2018-10-15 | 9.3 HIGH | N/A |
| Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file. | |||||
| CVE-2007-6284 | 3 Debian, Mandrakesoft, Redhat | 4 Debian Linux, Mandrake Linux, Mandrake Linux Corporate Server and 1 more | 2018-10-15 | 5.0 MEDIUM | N/A |
| The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences. | |||||
| CVE-2007-6296 | 1 Phpmychat | 1 Phpmychat | 2018-10-15 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in users_popupL.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the From parameter. | |||||
| CVE-2007-6297 | 1 Php Heaven | 1 Phpmychat | 2018-10-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML via the (1) LIMIT parameter to chat/deluser.php3, the (2) Link parameter to chat/edituser.php3, or the (3) LastCheck or (4) B parameter to chat/users_popupL.php3. NOTE: the FontName vectors for start_page.css.php3 and style.css.php3 are already covered by CVE-2005-1619. The medium vectors for start_page.css.php3 (start_page.css.php) and style.css.php3 (style.css.php), and the From vector for users_popupL.php3 (users_popupL.php), are already covered by CVE-2005-3991. | |||||
| CVE-2007-6301 | 1 Open Newsletter | 1 Open Newsletter | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in compose.php in OpenNewsletter 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter. | |||||
| CVE-2007-6302 | 1 Novell | 1 Netmail | 2018-10-15 | 6.8 MEDIUM | N/A |
| Multiple heap-based buffer overflows in avirus.exe in Novell NetMail 3.5.2 before Messaging Architects M+NetMail 3.52f (aka 3.5.2F) allows remote attackers to execute arbitrary code via unspecified ASCII integers used as memory allocation arguments, aka "ZDI-CAN-162." | |||||
| CVE-2007-6306 | 1 Jfree | 1 Jfreechart | 2018-10-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area. | |||||
| CVE-2007-6307 | 1 Jfree | 1 Jfreechart | 2018-10-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in clickstats.php in wwwstats 3.21 allow remote attackers to inject arbitrary web script or HTML via (1) the link parameter or (2) the User-Agent HTTP header. | |||||
| CVE-2007-6309 | 1 Webspell | 1 Webspell | 2018-10-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in webSPELL 4.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the galleryID parameter in a usergallery upload action; or the (2) upID, (3) tag, (4) month, (5) userID, or (6) year parameter in a calendar announce action. | |||||
| CVE-2007-6310 | 1 Falt4 Cms | 1 Falt4 Extreme Rc4 | 2018-10-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Falt4Extreme RC4 10.9.2007 allow remote attackers to inject arbitrary web script or HTML via the handler parameter to (1) index.php and possibly (2) admin/index.php, and (3) the topic parameter to modules/feed/feed.php (aka modules/feed.php). | |||||
| CVE-2007-6311 | 1 Falt4 Cms | 1 Falt4 Extreme Rc4 | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in (1) index.php, and possibly (2) admin/index.php, in Falt4Extreme RC4 10.9.2007 allows remote attackers to execute arbitrary SQL commands via the nav_ID parameter. | |||||
| CVE-2007-6312 | 1 Websense | 3 Enterpise, Reporting Tools, Web Security Suite | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the logon page in Web Reporting Tools portal in Websense Enterprise and Web Security Suite 6.3 allows remote attackers to inject arbitrary web script or HTML via the username field. | |||||
| CVE-2007-6114 | 1 Wireshark | 1 Wireshark | 2018-10-15 | 10.0 HIGH | N/A |
| Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 through 0.99.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) the SSL dissector or (2) the iSeries (OS/400) Communication trace file parser. | |||||
| CVE-2007-6115 | 1 Wireshark | 1 Wireshark | 2018-10-15 | 10.0 HIGH | N/A |
| Buffer overflow in the ANSI MAP dissector for Wireshark (formerly Ethereal) 0.99.5 to 0.99.6, when running on unspecified platforms, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2007-6116 | 1 Wireshark | 1 Wireshark | 2018-10-15 | 5.0 MEDIUM | N/A |
| The Firebird/Interbase dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite loop or crash) via unknown vectors. | |||||
| CVE-2007-6117 | 1 Wireshark | 1 Wireshark | 2018-10-15 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the HTTP dissector for Wireshark (formerly Ethereal) 0.10.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted chunked messages. | |||||
| CVE-2007-6118 | 2 Ethereal Group, Wireshark | 2 Ethereal, Wireshark | 2018-10-15 | 7.8 HIGH | N/A |
| The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors. | |||||
| CVE-2007-6119 | 1 Wireshark | 1 Wireshark | 2018-10-15 | 7.8 HIGH | N/A |
| The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors. | |||||
| CVE-2007-6120 | 2 Ethereal Group, Wireshark | 2 Ethereal, Wireshark | 2018-10-15 | 5.0 MEDIUM | N/A |
| The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. | |||||
| CVE-2007-6121 | 2 Ethereal Group, Wireshark | 2 Ethereal, Wireshark | 2018-10-15 | 5.0 MEDIUM | N/A |
| Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet. | |||||
| CVE-2007-6129 | 1 Amber Script | 1 Amber Script | 2018-10-15 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in scripts/include/show_content.php in Amber Script 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | |||||
| CVE-2007-6135 | 1 Phpslideshow | 1 Phpslideshow | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpslideshow.php in PHPSlideShow 0.9.9.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the directory parameter. NOTE: this issue was originally reported for toonchapter8.php, but this is probably a site-specific name, since the PHPSlideShow distribution does not contain that file. | |||||
| CVE-2007-6136 | 1 M2scripts | 1 My Space Scripts Poll Creator | 2018-10-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in M2Scripts MySpace Scripts Poll Creator allow remote attackers to inject arbitrary web script or HTML via the (1) title, (2) intro, and (3) question parameters, and (4) unspecified answer parameters, in a create_new action. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-6138 | 1 Vu | 1 Mass Mailer | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in redir.asp in VU Mass Mailer allows remote attackers to execute arbitrary SQL commands via the password parameter to Default.asp (aka the Login Page). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-6139 | 1 Mp3 | 1 Toolbox | 2018-10-15 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in Mp3 ToolBox 1.0 beta 5 allows remote attackers to execute arbitrary PHP code via a URL in the skin_file parameter. | |||||
| CVE-2007-6141 | 1 Vbtube | 1 Vbtube | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in vBTube.php in vBTube 1.1 Beta allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
| CVE-2007-6143 | 1 Vu | 1 Case Manager | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp (aka the Login Page) in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||||
| CVE-2007-6157 | 1 Simplegallery | 1 Simplegallery | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in SimpleGallery 0.1.3 allows remote attackers to inject arbitrary web script or HTML via the album parameter. | |||||