Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6270 | 1 Xigla | 1 Absolute News Manager.net | 2017-08-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Absolute News Manager.NET 5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) rmore parameter to xlaabsolutenm.aspx and the (2) template parameter to pages/default.aspx. | |||||
| CVE-2007-6274 | 1 Bcoos | 1 Bcoos | 2017-08-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) day or (2) year parameter. | |||||
| CVE-2007-6281 | 1 Stbernard | 1 Open File Manager | 2017-08-08 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Open File Manager service (ofmnt.exe) in St. Bernard Open File Manager 9.5 allows remote attackers to execute arbitrary code via a long request. | |||||
| CVE-2007-6287 | 1 Lxlabs | 1 Hypervm | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the login page in Lxlabs HyperVM 2.0 allows remote attackers to inject arbitrary web script or HTML via the frm_emessage parameter, a different vector than CVE-2006-6649. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-6288 | 1 Tecnick.com | 1 Tcexam | 2017-08-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in TCExam before 5.1.000 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2007-6291 | 1 Xigla | 1 Absolute Banner Manager.net | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in abm.aspx in Xigla Absolute Banner Manager .NET 4.0 allows remote attackers to execute arbitrary SQL commands via the z parameter. | |||||
| CVE-2007-6294 | 1 Ibm | 1 Hardware Management Console | 2017-08-08 | 4.9 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 3 R3.7 allow attackers to gain privileges via "some HMC commands." | |||||
| CVE-2007-6295 | 1 Ibm | 1 Lotus Sametime | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the WebRunMenuFrame page in the online meeting center template in IBM Lotus Sametime before 8.0 allows remote attackers to inject arbitrary web script or HTML via the URI. | |||||
| CVE-2007-6298 | 1 Drupal | 1 Shoutbox | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Shoutbox module for Drupal 5.x before Shoutbox 5.x-1.1 allows remote authenticated users to inject arbitrary web script or HTML via Shoutbox block messages. | |||||
| CVE-2007-6299 | 1 Drupal | 1 Drupal | 2017-08-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x before 4.7.9 and 5.x before 5.4 allow remote attackers to execute arbitrary SQL commands via modules that pass input to the taxonomy_select_nodes function, as demonstrated by the (1) taxonomy_menu, (2) ajaxLoader, and (3) ubrowser contributed modules. | |||||
| CVE-2007-6336 | 1 Clam Anti-virus | 1 Clamav | 2017-08-08 | 6.8 MEDIUM | N/A |
| Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file. | |||||
| CVE-2007-6339 | 1 Akamai Technologies | 1 Download Manager | 2017-08-08 | 6.8 MEDIUM | N/A |
| The Akamai Download Manager (aka DLM or dlmanager) ActiveX control (DownloadManagerV2.ocx) before 2.2.3.5 allows remote attackers to force the download and execution of arbitrary code via unspecified "undocumented object parameters." | |||||
| CVE-2007-6345 | 1 Aurora | 1 Aurora Framework | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in aurora framework before 20071208 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the value parameter to the pack_var function in module/db.lib/db_mysql.lib. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-6346 | 1 Rainboard | 1 Rainboard | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Rainboard before 2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-6353 | 1 Exiv2 | 1 Exiv2 | 2017-08-08 | 7.5 HIGH | N/A |
| Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow. | |||||
| CVE-2007-6359 | 1 Apple | 1 Mac Os X | 2017-08-08 | 4.9 MEDIUM | N/A |
| The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel 1228.0 and earlier in Apple Mac OS X 10.5.1 allows local users to cause a denial of service (failed assertion and system crash) via a crafted signed Mach-O binary that causes the hashes function to return NULL. | |||||
| CVE-2007-6360 | 1 Sun | 2 Extended System Control Facility Xcp 1040, Sparc Enterprise Server | 2017-08-08 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the Sun eXtended System Control Facility (XSCF) Control Package (XCP) firmware before 1050 on SPARC Enterprise M4000, M5000, M8000, and M9000 servers allows remote attackers to cause a denial of service (reboot) via (1) telnet, (2) ssh, or (3) http network traffic that triggers memory exhaustion. | |||||
| CVE-2007-6373 | 1 Gestdown | 1 Gestdown | 2017-08-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in GestDown 1.00 Beta allow remote attackers to execute arbitrary SQL commands via the (1) categorie parameter to catdownload.php, or the id parameter to (2) download.php or (3) hitcounter.php. | |||||
| CVE-2007-6381 | 1 Typo3 | 1 Typo3 | 2017-08-08 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2007-6382 | 1 Robocode | 1 Robocode | 2017-08-08 | 6.8 MEDIUM | N/A |
| The Event Dispatch Thread in Robocode before 1.5.1 allows remote attackers to execute arbitrary Java code by using a robot to invoke the SwingUtilities.invokeLater method. | |||||
| CVE-2007-6384 | 1 Bea | 1 Weblogic Mobility Server | 2017-08-08 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Image Converter functionality in BEA WebLogic Mobility Server 3.3, 3.5, and 3.6 through 3.6 SP1 allows remote attackers to obtain application file and resource access via unspecified vectors. | |||||
| CVE-2007-6385 | 1 Kerio | 1 Winroute Firewall | 2017-08-08 | 2.1 LOW | N/A |
| The proxy server in Kerio WinRoute Firewall before 6.4.1 does not properly enforce authentication for HTTPS pages, which has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries. | |||||
| CVE-2007-6386 | 1 Trend Micro | 3 Trend Micro Antivirus Plus Antispyware, Trend Micro Internet Security Virus Bust, Trend Micro Internet Security Pro | 2017-08-08 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in PccScan.dll before build 1451 in Trend Micro AntiVirus plus AntiSpyware 2008, Internet Security 2008, and Internet Security Pro 2008 allows user-assisted remote attackers to cause a denial of service (SfCtlCom.exe crash), and allows local users to gain privileges, via a malformed .zip archive with a long name, as demonstrated by a .zip file created via format string specifiers in a crafted .uue file. | |||||
| CVE-2007-6413 | 1 Sun | 1 Solaris | 2017-08-08 | 9.3 HIGH | N/A |
| Sun Solaris 10 with the 120011-04 and 120012-04 patches, and later 120011-* and 120012-* patches, allows remote attackers to bypass certain netgroup restrictions and obtain root access to a filesystem via NFS requests from a client root user. | |||||
| CVE-2007-6431 | 1 Adobe | 2 Connect Enterprise Server, Flash Media Server 2 | 2017-08-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allows remote attackers to "take control of the affected system" via unspecified vectors, a different issue than CVE-2007-6148 and CVE-2007-6149. | |||||
| CVE-2007-6436 | 1 Justsystem | 1 Ichitaro | 2017-08-08 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, 2006, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted document, as actively exploited in December 2007 by the Tarodrop.F trojan. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-6452 | 1 Google | 1 Web Toolkit | 2017-08-08 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the benchmark reporting system in Google Web Toolkit (GWT) before 1.4.61 has unknown impact and attack vectors, possibly related to cross-site scripting (XSS). | |||||
| CVE-2007-6456 | 1 Planamesa | 1 Neooffice | 2017-08-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in OpenOffice.org code in Planamesa NeoOffice 2.2.2 before Patch 4 has unknown impact and attack vectors related to MacOS 10.3.9 .odb files. NOTE: it is not clear whether this issue is a vulnerability. | |||||
| CVE-2007-6477 | 1 Citrix | 1 Web Interface | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the on-line help feature in Citrix Web Interface 2.0 and earlier, and NFuse, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-6481 | 1 Sun | 1 Ray Server Software | 2017-08-08 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to create or delete arbitrary directories via unspecified vectors. | |||||
| CVE-2007-6486 | 1 Geek-palace.com | 1 Lineshout | 2017-08-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in shout.php (aka the shoutbox) in LineShout 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username (nickname) or (2) message parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-6487 | 1 Plain Black | 1 Webgui | 2017-08-08 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in Plain Black WebGUI 7.4.0 through 7.4.17 allows remote authenticated users with Secondary Admin privileges to create Admin accounts, a different vulnerability than CVE-2006-0680. | |||||
| CVE-2007-6509 | 1 Appian | 1 Business Process Management Suite | 2017-08-08 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Appian Enterprise Business Process Management (BPM) Suite 5.6 SP1 allows remote attackers to cause a denial of service via a crafted packet to port 5400/tcp. | |||||
| CVE-2007-6510 | 1 Prowizard | 1 Prowizard 4 Pc | 2017-08-08 | 6.8 MEDIUM | N/A |
| Multiple stack-based buffer overflows in ProWizard 4 PC (prowiz) 1.62 and earlier allow remote attackers to execute arbitrary code via a crafted file to the (1) AMOS-MusicBank, (2) FuzzacPacker, and (3) QuadraComposer rippers; and (4) have an unknown impact via a crafted file to the SkytPacker ripper. | |||||
| CVE-2007-6513 | 1 Hp | 1 Esupportdiagnostics | 2017-08-08 | 4.3 MEDIUM | N/A |
| HP eSupportDiagnostics ActiveX control (hpediag.dll) 1.0.11.0 exports dangerous methods, which allows remote attackers to (1) read arbitrary files via the ReadTextFile method, or (2) read arbitrary registry values via the ReadValue method. | |||||
| CVE-2007-6516 | 1 Ravware | 1 Flic Activex Control | 2017-08-08 | 6.8 MEDIUM | N/A |
| Buffer overflow in RavWare Software MAS Flic ActiveX Control (masflc.ocx) 1.0.0.1 allows remote attackers to execute arbitrary code via a long FileName property. | |||||
| CVE-2007-6519 | 1 Hp | 1 Tru64 | 2017-08-08 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the File-on-File Mounting File System (FFM) in HP Tru64 UNIX 5.1B-4 and 5.1B-3 allows local users to cause a denial of service (system crash) via unspecified vectors. | |||||
| CVE-2007-6520 | 1 Opera | 1 Opera Browser | 2017-08-08 | 4.3 MEDIUM | N/A |
| Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vectors related to plug-ins. | |||||
| CVE-2007-6521 | 1 Opera | 1 Opera Browser | 2017-08-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Opera before 9.25 allows remote attackers to execute arbitrary code via crafted TLS certificates. | |||||
| CVE-2007-6522 | 1 Opera | 1 Opera Browser | 2017-08-08 | 4.3 MEDIUM | N/A |
| The rich text editing functionality in Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks by using designMode to modify contents of pages in other domains. | |||||
| CVE-2007-6525 | 1 Ibm | 1 Db2 Content Manager Toolkit | 2017-08-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in eClient in IBM DB2 Content Manager (CM) Toolkit 8.3 before fix pack 7 for z/OS has unknown impact and attack vectors, related to "scripting." | |||||
| CVE-2007-6527 | 1 Rickard Andersson | 1 Punbb | 2017-08-08 | 5.8 MEDIUM | N/A |
| uploadimg.php in the Automatic Image Upload with Thumbnails (imgUpload) module 1.3.2 for PunBB only verifies the Content-type field of uploaded files, which allows remote attackers to upload and execute arbitrary content via a file with a (1) JPG, (2) GIF, or (3) PNG MIME type. | |||||
| CVE-2007-6535 | 1 Yahoo | 1 Toolbar | 2017-08-08 | 6.8 MEDIUM | N/A |
| Buffer overflow in the YShortcut ActiveX control in YShortcut.dll 2006.8.15.1 in Yahoo! Toolbar might allow attackers to execute arbitrary code via a long string to the IsTaggedBM method. | |||||
| CVE-2007-6549 | 1 Runcms | 1 Runcms | 2017-08-08 | 7.5 HIGH | N/A |
| Unspecified vulnerability in RunCMS before 1.6.1 has unknown impact and attack vectors, related to "pagetype using." | |||||
| CVE-2007-6562 | 1 Tcpreen | 1 Tcpreen | 2017-08-08 | 5.0 MEDIUM | N/A |
| Multiple stack-based buffer overflows in the use of FD_SET in TCPreen before 1.4.4 allow remote attackers to cause a denial of service via multiple concurrent connections, which result in overflows in the (1) SocketAddress::Connect function in libsolve/sockprot.cpp and (2) monitor_bridge function in src/bridge.cpp. | |||||
| CVE-2007-6563 | 1 Winace | 1 Winace | 2017-08-08 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in WinAce 2.65 and earlier, and possibly other versions before 2.69, allows user-assisted remote attackers to execute arbitrary code via a long filename in a compressed UUE archive. | |||||
| CVE-2007-6564 | 1 Limbo Cms | 1 Limbo Cms | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin.php in Limbo CMS 1.0.4.2 allows remote attackers to inject arbitrary web script or HTML via the com_option parameter. | |||||
| CVE-2007-6570 | 1 Sun | 2 Java System Web Proxy Server, Java System Web Server | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309. | |||||
| CVE-2007-6571 | 1 Sun | 2 Java System Web Proxy Server, Java System Web Server | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6611356. | |||||
| CVE-2007-6572 | 1 Sun | 2 Java System Web Proxy Server, Java System Web Server | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Sun Java System Web Server 6.1 before SP8 and 7.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566204. | |||||