Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0236 | 1 Apple | 1 Mac Os X | 2017-10-11 | 10.0 HIGH | N/A |
| Double free vulnerability in the _ATPsndrsp function in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (kernel panic) and possibly execute arbitrary code via a crafted AppleTalk request that triggers a heap-based buffer overflow. | |||||
| CVE-2007-0239 | 1 Openoffice | 1 Openoffice | 2017-10-11 | 9.3 HIGH | N/A |
| OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document. | |||||
| CVE-2007-0242 | 1 Qt | 1 Qt | 2017-10-11 | 4.3 MEDIUM | N/A |
| The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters. | |||||
| CVE-2007-0256 | 1 Videolan | 1 Vlc Media Player | 2017-10-11 | 7.8 HIGH | N/A |
| VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file. | |||||
| CVE-2007-0396 | 1 Hp | 1 Hp-ux | 2017-10-11 | 7.1 HIGH | N/A |
| Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in combination with PHNE_34474, allows remote attackers to cause a denial of service (system crash) via unspecified vectors. | |||||
| CVE-2007-0451 | 1 Apache | 1 Spamassassin | 2017-10-11 | 4.3 MEDIUM | N/A |
| Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage." | |||||
| CVE-2007-0456 | 1 Wireshark | 1 Wireshark | 2017-10-11 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the LLT dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | |||||
| CVE-2007-0457 | 1 Wireshark | 1 Wireshark | 2017-10-11 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the IEEE 802.11 dissector in Wireshark (formerly Ethereal) 0.10.14 through 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | |||||
| CVE-2007-0458 | 1 Wireshark | 1 Wireshark | 2017-10-11 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors, a different issue than CVE-2006-5468. | |||||
| CVE-2007-0459 | 1 Wireshark | 1 Wireshark | 2017-10-11 | 5.0 MEDIUM | N/A |
| packet-tcp.c in the TCP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.4 allows remote attackers to cause a denial of service (application crash or hang) via fragmented HTTP packets. | |||||
| CVE-2007-0464 | 2 Apple, Cfnetwork | 2 Mac Os X, Cfnetwork | 2017-10-11 | 5.0 MEDIUM | N/A |
| The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application crash) via a crafted HTTP 301 response, which results in a NULL pointer dereference. | |||||
| CVE-2007-0479 | 1 Cisco | 1 Ios Transmission Control Protocol | 2017-10-11 | 7.8 HIGH | N/A |
| Memory leak in the TCP listener in Cisco IOS 9.x, 10.x, 11.x, and 12.x allows remote attackers to cause a denial of service by sending crafted TCP traffic to an IPv4 address on the IOS device. | |||||
| CVE-2007-0480 | 1 Cisco | 1 Ios Transmission Control Protocol | 2017-10-11 | 10.0 HIGH | N/A |
| Cisco IOS 9.x, 10.x, 11.x, and 12.x and IOS XR 2.0.x, 3.0.x, and 3.2.x allows remote attackers to cause a denial of service or execute arbitrary code via a crafted IP option in the IP header in a (1) ICMP, (2) PIMv2, (3) PGM, or (4) URD packet. | |||||
| CVE-2007-0481 | 1 Cisco | 1 Ios Transmission Control Protocol | 2017-10-11 | 7.8 HIGH | N/A |
| Cisco IOS allows remote attackers to cause a denial of service (crash) via a crafted IPv6 Type 0 Routing header. | |||||
| CVE-2007-0494 | 1 Isc | 1 Bind | 2017-10-11 | 4.3 MEDIUM | N/A |
| ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability. | |||||
| CVE-2007-0634 | 1 Sun | 1 Solaris | 2017-10-11 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets. | |||||
| CVE-2007-0648 | 1 Cisco | 1 Ios | 2017-10-11 | 7.8 HIGH | N/A |
| Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP. | |||||
| CVE-2007-0668 | 1 Sun | 1 Solaris | 2017-10-11 | 6.2 MEDIUM | N/A |
| The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local users in a non-global zone to move and rename files in a read-only filesystem, which could lead to a denial of service. | |||||
| CVE-2007-0771 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2017-10-11 | 4.9 MEDIUM | N/A |
| The utrace support in Linux kernel 2.6.18, and other versions, allows local users to cause a denial of service (system hang) related to "MT exec + utrace_attach spin failure mode," as demonstrated by ptrace-thrash.c. | |||||
| CVE-2007-0773 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2017-10-11 | 4.6 MEDIUM | N/A |
| The Linux kernel before 2.6.9-42.0.8 in Red Hat 4.4 allows local users to cause a denial of service (kernel OOPS from null dereference) via fput in a 32-bit ioctl on 64-bit x86 systems, an incomplete fix of CVE-2005-3044.1. | |||||
| CVE-2007-0790 | 1 Smartftp | 1 Smartftp | 2017-10-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in SmartFTP 2.0.1002 allows remote FTP servers to execute arbitrary code via a large banner. | |||||
| CVE-2007-0914 | 1 Sun | 1 Solaris | 2017-10-11 | 7.1 HIGH | N/A |
| Race condition in the TCP subsystem for Solaris 10 allows remote attackers to cause a denial of service (system panic) via unknown vectors. | |||||
| CVE-2007-0916 | 1 Hp | 1 Hp-ux | 2017-10-11 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors. | |||||
| CVE-2007-0917 | 1 Cisco | 1 Ios | 2017-10-11 | 6.4 MEDIUM | N/A |
| The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets. | |||||
| CVE-2007-0949 | 1 Itinysoft Studio | 1 Total Video Player | 2017-10-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in iTinySoft Studio Total Video Player 1.03, and possibly earlier, allows remote attackers to execute arbitrary code via a M3U playlist file that contains a long file name. NOTE: it was later reported that 1.20 and 1.30 are also affected. | |||||
| CVE-2007-0976 | 1 Activex Soft | 1 Actsoft Dvd Tools | 2017-10-11 | 10.0 HIGH | N/A |
| Buffer overflow in the ActSoft DVD-Tools ActiveX control (dvdtools.ocx) allows remote attackers to execute arbitrary code via a long DVD_TOOLS.OpenDVD property value. | |||||
| CVE-2007-0977 | 1 Ibm | 1 Lotus Domino | 2017-10-11 | 7.1 HIGH | N/A |
| IBM Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores HTTPPassword hashes from names.nsf in a manner accessible through Readviewentries and OpenDocument requests to the defaultview view, a different vector than CVE-2005-2428. | |||||
| CVE-2007-0984 | 1 Aspcode.net | 1 Pollmentor | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin_poll.asp in PollMentor 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to pollmentorres.asp. | |||||
| CVE-2007-0985 | 1 Phpcc | 1 Phpcc | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in nickpage.php in phpCC 4.2 beta and earlier allows remote attackers to execute arbitrary SQL commands via the npid parameter in a sign_gb action. | |||||
| CVE-2007-0998 | 2 Redhat, Xen | 3 Enterprise Linux, Fedora Core, Qemu | 2017-10-11 | 4.3 MEDIUM | N/A |
| The VNC server implementation in QEMU, as used by Xen and possibly other environments, allows local users of a guest operating system to read arbitrary files on the host operating system via unspecified vectors related to QEMU monitor mode, as demonstrated by mapping files to a CDROM device. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0999 | 1 Gnome | 1 Ekiga | 2017-10-11 | 9.3 HIGH | N/A |
| Format string vulnerability in Ekiga 2.0.3, and probably other versions, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2007-1006. | |||||
| CVE-2007-1000 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 7.2 HIGH | N/A |
| The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the Linux kernel before 2.6.20.2 allows local users to read arbitrary kernel memory via certain getsockopt calls that trigger a NULL dereference. | |||||
| CVE-2007-1006 | 1 Ekiga | 1 Ekiga | 2017-10-11 | 10.0 HIGH | N/A |
| Multiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause a denial of service and possibly execute arbitrary code via a crafted Q.931 SETUP packet. | |||||
| CVE-2007-1007 | 2 Ekiga, Redhat | 3 Ekiga, Enterprise Linux, Enterprise Linux Desktop | 2017-10-11 | 10.0 HIGH | N/A |
| Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function. | |||||
| CVE-2007-1010 | 1 Zebrafeeds | 1 Zebrafeeds | 2017-10-11 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ZebraFeeds 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the zf_path parameter to (1) aggregator.php and (2) controller.php in newsfeeds/includes/. | |||||
| CVE-2007-1013 | 1 Virtualsystem | 1 Htaccess Passwort Generator | 2017-10-11 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in generate.php in VirtualSystem Htaccess Passwort Generator 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the ht_pfad parameter. | |||||
| CVE-2007-1014 | 1 Vicftps | 1 Vicftps | 2017-10-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in VicFTPS before 5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long CWD command. | |||||
| CVE-2007-1015 | 1 Aktueldownload | 1 Aktueldownload Haber Script | 2017-10-11 | 10.0 HIGH | N/A |
| SQL injection vulnerability in HaberDetay.asp in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-1017 | 1 Virtualsystem | 1 Vs-news-system | 2017-10-11 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in show_news_inc.php in VirtualSystem VS-News-System 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the newsordner parameter. | |||||
| CVE-2007-1019 | 1 Webspell | 1 Webspell | 2017-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in news.php in webSPELL 4.01.02, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the showonly parameter to index.php, a different vector than CVE-2006-5388. | |||||
| CVE-2007-1021 | 1 Xfairguy | 1 Codeavalanche News | 2017-10-11 | 10.0 HIGH | N/A |
| SQL injection vulnerability in inc_listnews.asp in CodeAvalanche News 1.x allows remote attackers to execute arbitrary SQL commands via the CAT_ID parameter. | |||||
| CVE-2007-1023 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pop_profile.asp in Snitz Forums 2000 3.1 SR4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-1025 | 1 Virtualsystem | 1 Vs-link-partner | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/functions_inc.php in VS-Link-Partner 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gb_pfad, or possibly script_pfad, parameter. | |||||
| CVE-2007-1031 | 1 Spoonlabs | 1 Vivvo Article Management Cms | 2017-10-11 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in include/db_conn.php in SpoonLabs Vivvo Article Management CMS 3.4 allows remote attackers to include and execute arbitrary local files via the root parameter. | |||||
| CVE-2007-1040 | 1 Xpression News | 1 Xpression News | 2017-10-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in archives.php in Xpression News (X-News) 1.0.1 allows remote attackers to include arbitrary files or obtain sensitive information via a .. (dot dot) in the xnews-template parameter. | |||||
| CVE-2007-1041 | 1 Sandh | 1 News Rover | 2017-10-11 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in S&H Computer Systems News Rover 12.1 Rev 1 allow remote attackers to execute arbitrary code via a .nzb file with a long (1) group or (2) subject string. | |||||
| CVE-2007-1057 | 1 Nortel | 4 Alteon 2424 Application Switch, Net Direct Client, Ssl Vpn Module 1000 and 1 more | 2017-10-11 | 6.9 MEDIUM | N/A |
| The Net Direct client for Linux before 6.0.5 in Nortel Application Switch 2424, VPN 3050 and 3070, and SSL VPN Module 1000 extracts and executes files with insecure permissions, which allows local users to exploit a race condition to replace a world-writable file in /tmp/NetClient and cause another user to execute arbitrary code when attempting to execute this client, as demonstrated by replacing /tmp/NetClient/client. | |||||
| CVE-2007-1074 | 1 Dji | 1 Newsbin Pro | 2017-10-11 | 9.3 HIGH | N/A |
| Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x allow user-assisted remote attackers to execute arbitrary code via a long (1) DataPath or (2) DownloadPath attributed in a (a) NBI file, or (3) a long group field in a (b) NZB file. | |||||
| CVE-2007-1075 | 1 Turbosoft | 1 Turboftp | 2017-10-11 | 7.8 HIGH | N/A |
| TurboFTP 5.30 Build 572 allows remote servers to cause a denial of service (CPU consumption) via a response with a large number of newline characters. | |||||
| CVE-2007-1079 | 1 Rhinosoft | 1 Ftp Voyager | 2017-10-11 | 7.8 HIGH | N/A |
| Stack-based buffer overflow in Rhino Software, Inc. FTP Voyager 14.0.0.3 and earlier allows remote servers to cause a denial of service (crash) via a long response to a CWD command, which triggers the overflow when the user aborts the command. | |||||