Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4344 | 1 Acdsee | 3 Photo Editor, Photo Manager, Pro Photo Manager | 2018-10-15 | 9.3 HIGH | N/A |
| Multiple input validation errors in ACD ACDSee Photo Manager 9.0 build 108, Pro Photo Manager 8.1 build 99, and Photo Editor 4.0 build 195 allow user-assisted remote attackers to execute arbitrary code via a long section string in (1) a PSP image to the ID_PSP.apl plug-in or (2) an LHA archive to the AM_LHA.apl plug-in, resulting in a heap-based buffer overflow. | |||||
| CVE-2007-4346 | 1 Symantec | 1 Backupexec System Recovery | 2018-10-15 | 5.0 MEDIUM | N/A |
| The Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allows remote attackers to cause a denial of service (NULL dereference and service crash) via a crafted packet to port 5633/tcp. | |||||
| CVE-2007-4347 | 1 Symantec | 1 Backupexec System Recovery | 2018-10-15 | 7.8 HIGH | N/A |
| Multiple integer overflows in the Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allow remote attackers to cause a denial of service (CPU and memory consumption) via a crafted packet to port 5633/tcp, which triggers an infinite loop. | |||||
| CVE-2007-4350 | 1 Hp | 1 Sitescope | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the management interface in HP SiteScope 9.0 build 911 allows remote attackers to inject arbitrary web script or HTML via an SNMP trap message. | |||||
| CVE-2007-4357 | 1 Mozilla | 1 Firefox | 2018-10-15 | 5.0 MEDIUM | N/A |
| Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof the contents of the status bar via a link to a data: URI containing an encoded URL. NOTE: the severity of this issue has been disputed by a reliable third party, since the intended functionality of the status bar allows it to be modified. | |||||
| CVE-2007-4358 | 1 Zoidcom | 1 Zoidcom | 2018-10-15 | 4.3 MEDIUM | N/A |
| Zoidcom 0.6.7 and earlier allows remote attackers to cause a denial of service (application crash) via a JOIN packet (aka connection packet) containing 0x69 in the ninth byte, which triggers a "double-delete" of trace data, a different vulnerability than CVE-2005-1643. | |||||
| CVE-2007-4359 | 1 Skilmatch Staffing Systems | 1 Joblister3 | 2018-10-15 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in SkilMatch Staffing Systems JobLister3 allow remote attackers to execute arbitrary SQL commands via (1) the search form or (2) the jobid parameter to index.php in a showbyID action. | |||||
| CVE-2007-4360 | 1 Dell | 1 Remote Access Card | 2018-10-15 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Dell Remote Access Card 4 (DRAC4) with firmware 1.50 Build 02.16 allows remote attackers to cause a denial of service (SSH daemon crash) via certain network traffic, as demonstrated by an "nmap -O" scan with nmap 4.03, possibly related to a Mocana (Mocanada) SSH vulnerability. | |||||
| CVE-2007-4361 | 1 Netgear | 1 Readynas Raidiator | 2018-10-15 | 10.0 HIGH | N/A |
| NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardware serial number, which makes it easier for remote attackers to guess the password and obtain login access. | |||||
| CVE-2007-4365 | 1 Exv2 | 1 Content Management System | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a set_lang cookie to an unspecified component. NOTE: this may overlap CVE-2007-1965. | |||||
| CVE-2007-4366 | 1 Wengo | 1 Wengophone | 2018-10-15 | 5.0 MEDIUM | N/A |
| WengoPhone 2.1 allows remote attackers to cause a denial of service (device crash) via a SIP INVITE message without a Content-Type header. | |||||
| CVE-2007-4368 | 1 Ibm | 1 Rational Clearquest | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) Web 7.0.0.0-IFIX02 and 7.0.0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter in a GenerateMainFrame command. | |||||
| CVE-2007-4369 | 1 Sote | 1 Soteesklep | 2018-10-15 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in go/_files in SOTEeSKLEP before 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2007-4371 | 1 Hotscripts | 1 Neuron Blog | 2018-10-15 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in admin/pages/blog-add.php in Neuron Blog 1.1 allows remote attackers to upload and execute arbitrary PHP files in uploads/. | |||||
| CVE-2007-4373 | 1 Rndlabs | 1 Babo Violent | 2018-10-15 | 6.8 MEDIUM | N/A |
| The server in Babo Violent 2 2.08.00 and earlier does not properly implement password protection, which might allow remote attackers to bypass authentication by reconnecting after a connection closes. | |||||
| CVE-2007-4374 | 1 Rndlabs | 1 Babo Violent | 2018-10-15 | 4.0 MEDIUM | N/A |
| Babo Violent 2 2.08.00 does not validate the sender field of a chat message composed by a client, which allows remote authenticated users to spoof messages. | |||||
| CVE-2007-4375 | 1 Diskeeper | 1 Diskeeper | 2018-10-15 | 5.8 MEDIUM | N/A |
| The administrative interface (aka DkService.exe) in Diskeeper 9 Professional, 2007 Pro Premier, and probably other versions exposes a memory comparison function via RPC over TCP, which allows remote attackers to (1) obtain sensitive information (process memory contents), as demonstrated by an attack that obtains module base addresses to defeat Address Space Layout Randomization (ASLR); or (2) cause a denial of service (application crash) via an out-of-bounds address. | |||||
| CVE-2007-4376 | 1 Szymon Kosok | 1 Best Top List | 2018-10-15 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in banner-upload.php in Szymon Kosok Best Top List allows remote attackers to upload and execute arbitrary PHP files in banners/. | |||||
| CVE-2007-4378 | 1 Rndlabs | 1 Babo Violent | 2018-10-15 | 6.8 MEDIUM | N/A |
| Multiple format string vulnerabilities in Babo Violent 2 2.08.00 and earlier allow remote attackers to execute arbitrary code via format string specifiers in (1) a message or (2) certain data associated with an admin login. | |||||
| CVE-2007-4379 | 1 Rndlabs | 1 Babo Violent | 2018-10-15 | 4.3 MEDIUM | N/A |
| Babo Violent 2 2.08.00 and earlier allows remote attackers to cause a denial of service (application crash) via (1) a value greater than 0x27 for the (a) 0xca, (b) 0xcb, (c) 0xcc, (d) 0xce, (e) 0xcf, or (f) 0xd0 data ID; (2) a nonexistent map name; or (3) a UDP packet that specifies a large data size. | |||||
| CVE-2007-4382 | 1 Counterpath | 1 X-lite | 2018-10-15 | 5.0 MEDIUM | N/A |
| CounterPath X-Lite 3.0 34025, and possibly eyeBeam, allows remote attackers to cause a denial of service (device crash) via a SIP INVITE message without a Content-Type header. | |||||
| CVE-2007-4383 | 1 Trackeur | 1 Trackeur | 2018-10-15 | 6.8 MEDIUM | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in tracking.php in Trackeur 1 allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: CVE and a third party dispute this vulnerability because header is defined before use. The researcher is known to be unreliable. | |||||
| CVE-2007-4384 | 1 Stephane Pineau | 1 Vote | 2018-10-15 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in depouilg.php3 in Stephane Pineau VOTE 1c allow remote attackers to execute arbitrary PHP code via a URL in the (1) NomVote and (2) FilePalHex parameters. | |||||
| CVE-2007-4385 | 1 Owasp | 1 Stinger | 2018-10-15 | 6.8 MEDIUM | N/A |
| OWASP Stinger before 2.5 allows remote attackers to bypass input validation routines by using multipart encoded requests instead of form-urlencoded requests. NOTE: this might be used to expose vulnerabilities in applications that would otherwise be protected by the validation routines. | |||||
| CVE-2007-4387 | 1 2wire | 2 1701hg Router, 2071 Router | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG and 2071 Gateway routers, with 3.17.5 and 5.29.51 software, allows remote attackers to perform certain configuration changes as administrators. | |||||
| CVE-2007-4035 | 1 Guidance Software | 1 Encase | 2018-10-15 | 5.0 MEDIUM | N/A |
| ** DISPUTED ** Guidance Software EnCase does not properly handle (1) certain malformed MBR partition tables with many entries, which allows remote attackers to prevent logical collection of a disk image; (2) NTFS filesystems with directory loops, which allows remote attackers to prevent examination of certain directory contents; and (3) certain other malformed NTFS filesystems, which allows remote attackers to prevent examination of corrupted records. NOTE: the vendor disputes the significance of these issues, because physical collection can be used instead, because the vendor believes that relevant attackers typically do not corrupt an MBR or a filesystem, and because detection of a loop is valuable on its own. | |||||
| CVE-2007-4036 | 1 Guidance Software | 1 Encase | 2018-10-15 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** Guidance Software EnCase allows user-assisted remote attackers to cause a denial of service via (1) a corrupted Microsoft Exchange database, which triggers an application crash when many options are selected; (2) a corrupted NTFS filesystem, which causes the application to report "memory allocation errors;" or (3) deeply nested directories, which trigger an application crash during an Expand All action. NOTE: the vendor disputes the significance of these vectors because the user can select fewer options, there is no operational impact, or the user can do less expansion. | |||||
| CVE-2007-4037 | 1 Guidance Software | 1 Encase | 2018-10-15 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** Guidance Software EnCase allows user-assisted attackers to trigger a buffer over-read and application crash via a malformed NTFS filesystem containing a modified FILE record with a certain large offset. NOTE: the vendor disputes the significance of this issue, asserting that relevant attackers typically do not corrupt a filesystem, and indicating that the relevant read operation can be disabled. | |||||
| CVE-2007-4038 | 1 Mozilla | 2 Firefox, Thunderbird | 2018-10-15 | 4.3 MEDIUM | N/A |
| Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, when running on systems with Thunderbird 1.5 installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking Thunderbird.exe, a similar issue to CVE-2007-3670. | |||||
| CVE-2007-4047 | 1 Geoblog | 1 Geoblog | 2018-10-15 | 6.4 MEDIUM | N/A |
| geoBlog (aka BitDamaged) 1 does not require authentication for (1) deletecomment.php, (2) deleteblog.php, and (3) listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request with a valid id parameter. | |||||
| CVE-2007-4048 | 1 Phpsysinfo | 1 Phpsysinfo | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo 2.5.4-dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||||
| CVE-2007-4071 | 1 Tincan | 1 Webbler Cms | 2018-10-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in uploader/index.php in Webbler CMS before 3.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) login parameter. | |||||
| CVE-2007-4072 | 1 Tincan | 1 Webbler Cms | 2018-10-15 | 5.0 MEDIUM | N/A |
| Webbler CMS before 3.1.6 provides the full installation path within HTML comments in certain documents, which allows remote attackers to obtain sensitive information by viewing the HTML source, as demonstrated by viewing the source generated from index.php. | |||||
| CVE-2007-4073 | 1 Tincan | 1 Webbler Cms | 2018-10-15 | 5.0 MEDIUM | N/A |
| Webbler CMS before 3.1.6 does not properly restrict use of "mail a friend" forms, which allows remote attackers to send arbitrary amounts of forged e-mail. NOTE: this could be leveraged for spam or phishing attacks. | |||||
| CVE-2007-4074 | 2 Centre For Speech Technology Research, Suse | 2 Gentoo Linux, Suse Linux | 2018-10-15 | 10.0 HIGH | N/A |
| The default configuration of Centre for Speech Technology Research (CSTR) Festival 1.95 beta (aka 2.0 beta) on Gentoo Linux, SUSE Linux, and possibly other distributions, is run locally with elevated privileges without requiring authentication, which allows local and remote attackers to execute arbitrary commands via the local daemon on port 1314, a different vulnerability than CVE-2001-0956. NOTE: this issue is local in some environments, but remote on others. | |||||
| CVE-2007-4091 | 1 Rsync | 1 Rsync | 2018-10-15 | 6.8 MEDIUM | N/A |
| Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function. | |||||
| CVE-2007-4092 | 1 Ifoto | 1 Ifoto | 2018-10-15 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in iFoto 1.0.1 and earlier allows remote attackers to list arbitrary directories, and possibly download arbitrary photos, via a .. (dot dot) in the dir parameter. | |||||
| CVE-2007-4093 | 1 Minb | 1 Minb Is Not A Blog | 2018-10-15 | 7.8 HIGH | N/A |
| Minb Is Not a Blog (minb) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing usernames and encrypted passwords via a direct request for db/users.db. | |||||
| CVE-2007-4094 | 1 Idevspot | 1 Phphostbot | 2018-10-15 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in library/authorize.php in IDevSpot PhpHostBot allows remote attackers to execute arbitrary PHP code via a URL in the login_form parameter, a different vector than CVE-2006-3776. | |||||
| CVE-2007-4095 | 1 Bsm Store | 1 Dependent Forums | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in BSM Store Dependent Forums 1.02 allows remote attackers to execute arbitrary SQL commands via a Username field in an unspecified component, probably the FrmUserName parameter in login.asp. | |||||
| CVE-2007-4101 | 1 Global Centre | 1 Aplomb Poll | 2018-10-15 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Madoa Poll 1.1 allow remote attackers to execute arbitrary PHP code via the Madoa parameter to (1) index.php, (2) vote.php, and (3) admin.php. | |||||
| CVE-2007-4102 | 1 Sblog | 1 Sblog | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php for sBlog 0.7.3 Beta allows remote attackers to inject arbitrary HTML and web script via a leading '"/></> sequence in the search string. | |||||
| CVE-2007-4103 | 1 Digium | 3 Asterisk, Asterisk Appliance Developer Kit, Asterisknow Pre-release | 2018-10-15 | 7.8 HIGH | N/A |
| The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of calls that do not complete a 3-way handshake, which causes an ast_channel to be allocated but not released. | |||||
| CVE-2007-4105 | 1 Baidu | 1 Soba Search Bar | 2018-10-15 | 9.3 HIGH | N/A |
| A certain ActiveX control in BaiduBar.dll in Baidu Soba Search Bar 5.4 allows remote attackers to execute arbitrary code via a request containing "a link to download and a file to execute," possibly involving remote file inclusion. | |||||
| CVE-2007-4106 | 1 Codewidgets | 2 Pay Roll - Time Sheet, Punch Card | 2018-10-15 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in login.asp in CodeWidgets Pay Roll - Time Sheet and Punch Card Application With Web Interface allows remote attackers to execute arbitrary SQL commands via the Password parameter. | |||||
| CVE-2007-4108 | 1 Codewidgets | 1 Online Event Registration Template | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sign_in.aspx in WebEvents (Online Event Registration Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter. | |||||
| CVE-2007-4109 | 1 Codewidgets | 1 Online Event Registration Template | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sign_in.aspx in WebStore (Online Store Application Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter. | |||||
| CVE-2007-4110 | 1 Codewidgets | 1 Threaded Discussion Forum Application | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sign_in.aspx in Message Board / Threaded Discussion Forum Application Template allows remote attackers to execute arbitrary SQL commands via the Password parameter. | |||||
| CVE-2007-4111 | 1 Codewidgets | 1 Real Estate Listing Website Application Template | 2018-10-15 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the login script in Real Estate listing website application template, when logging in as user or manager, allows remote attackers to execute arbitrary SQL commands via the Password parameter. | |||||
| CVE-2007-4114 | 1 Suskunduygular | 1 Suskunduygular Uyelik Sistemi | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in unuttum.asp in SuskunDuygular Uyelik Sistemi 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) kadi or (2) email parameter. NOTE: some of these details are obtained from third party information. | |||||