Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5926 | 1 Openbase International Ltd | 1 Openbase | 2017-07-29 | 9.0 HIGH | N/A |
| OpenBase 10.0.5 and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to the (1) AsciiBackup, (2) OEMLicenseInstall, and possibly other stored procedures. | |||||
| CVE-2007-5929 | 1 Openbase International Ltd | 1 Openbase | 2017-07-29 | 9.0 HIGH | N/A |
| Buffer overflow in OpenBase 10.0.5 and earlier might allow remote authenticated users to execute arbitrary code or cause a denial of service (daemon crash) by creating a stored procedure with a long name and invoking this procedure, which triggers heap corruption. | |||||
| CVE-2007-5930 | 1 Cerberus | 1 Ftp Server | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web interface in Cerberus FTP Server before 2.46 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-5931 | 1 Orangehrm | 1 Orangehrm | 2017-07-29 | 5.0 MEDIUM | N/A |
| The reDirect function in lib/controllers/RepViewController.php in OrangeHRM before 2.2.2 does not verify the privileges of a user, which allows remote attackers to obtain access to data via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-5932 | 1 Fatwire | 1 Fatwire Content Server | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Fatwire Content Server (CS) CMS 6.3.0 allow remote attackers to inject arbitrary web script or HTML via unspecified form fields related to the (1) search function, (2) advanced search function, and possibly other components. | |||||
| CVE-2007-5942 | 1 Bandersnatch | 1 Bandersnatch | 2017-07-29 | 4.0 MEDIUM | N/A |
| Bandersnatch 0.4 allows remote attackers to obtain sensitive information via a malformed request for index.php with (1) a certain func parameter value; or (2) certain func, jid, page, and limit parameter values; which reveals the path in various error messages. | |||||
| CVE-2007-5945 | 1 Usvn | 1 User-friendly Svn | 2017-07-29 | 5.0 MEDIUM | N/A |
| USVN before 0.6.5 allows remote attackers to obtain a list of repository contents via unspecified vectors. | |||||
| CVE-2007-5949 | 1 Ibm | 1 Tivoli Service Desk | 2017-07-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Tivoli Service Desk 6.2 allows remote authenticated users to inject arbitrary web script or HTML via the Description parameter in a Maximo change action. | |||||
| CVE-2007-5950 | 1 Netcommons | 1 Netcommons | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in NetCommons before 1.0.11, and 1.1.x before 1.1.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-4165. | |||||
| CVE-2007-5955 | 1 Updir | 1 Updir.net | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in updir.php in UPDIR.NET before 2.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-5956 | 1 Ibm | 1 Informix Dynamic Server | 2017-07-29 | 7.2 HIGH | N/A |
| Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) before 10.00.xC7W1 allows local users to gain privileges by referencing modified NLS message files through directory traversal sequences in the DBLANG environment variable. | |||||
| CVE-2007-5957 | 1 Ibm | 1 Informix Dynamic Server | 2017-07-29 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.00.TC3TL and 11.10.TB4TL on Windows allows attackers to cause a denial of service (application crash) via unspecified SQ_ONASSIST requests. | |||||
| CVE-2007-5963 | 1 Kde | 1 Kde | 2017-07-29 | 4.7 MEDIUM | N/A |
| Unspecified vulnerability in kdebase allows local users to cause a denial of service (KDM login inaccessible, or resource consumption) via unknown vectors. | |||||
| CVE-2007-5976 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter. | |||||
| CVE-2007-5977 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than CVE-2006-6942. | |||||
| CVE-2007-5981 | 1 Lantronix | 1 Scs3200 | 2017-07-29 | 3.3 LOW | N/A |
| Lantronix SCS3200 does not properly handle public-key requests, which allows remote attackers to cause a denial of service (unresponsive device) via unspecified keyscan requests. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-5985 | 1 Bti-tracker | 1 Bti-tracker | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BtiTracker before 1.4.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) account.php, (2) moresmiles.php, or (3) recover.php; or (4) the "to" parameter to usercp.php. | |||||
| CVE-2007-5986 | 1 Btiteam | 1 Btitracker | 2017-07-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in include/functions.php in BtiTracker before 1.4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2007-5987 | 1 Bti-tracker | 1 Bti-tracker | 2017-07-29 | 6.8 MEDIUM | N/A |
| details.php in BtiTracker before 1.4.5, when torrent viewing is disabled for guests, allows remote attackers to bypass protection mechanisms via a direct request, as demonstrated by (1) reading the details of an arbitrary torrent and (2) modifying a torrent owned by a guest. | |||||
| CVE-2007-5988 | 1 Bti-tracker | 1 Bti-tracker | 2017-07-29 | 7.5 HIGH | N/A |
| blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user accounts, which allows remote attackers to post shoutbox entries as arbitrary users via a modified nick field. | |||||
| CVE-2007-6001 | 1 Bandersnatch | 1 Bandersnatch | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Bandersnatch 0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) func or (2) date parameter, or the jid parameter in a (3) log or (4) user action, a different vulnerability than CVE-2007-3910. | |||||
| CVE-2007-6002 | 1 Fenrir | 2 Grani, Sleipnir | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Fenriru (1) Sleipnir 2.5.17 R2 and earlier and (2) Grani 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search field in a search for additions to the Favorites section. | |||||
| CVE-2007-6003 | 1 Thomson | 1 Speedtouch | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cgi/b/ic/connect in the Thomson SpeedTouch 716 with firmware 5.4.0.14 allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-6005 | 1 Webex Communications | 1 Webex Gpccontainer Activex Control | 2017-07-29 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the GpcContainer.GpcContainer.1 ActiveX control in WebEx allows remote attackers to cause a denial of service (memory access violation and crash) via (1) an invalid argument to the InitParam method or (2) an unspecified vector involving the SetParam method. | |||||
| CVE-2007-6018 | 1 Horde | 4 Framework, Groupware Webmail Edition, Horde and 1 more | 2017-07-29 | 5.8 MEDIUM | N/A |
| IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message. | |||||
| CVE-2007-3134 | 1 Atom | 1 Photoblog | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in atomPhotoBlog.php in Atom PhotoBlog 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Your Name, (2) Your Homepage, and (3) Your Comment fields, when using "Approve Comments." | |||||
| CVE-2007-3142 | 1 Opera | 1 Opera Browser | 2017-07-29 | 5.8 MEDIUM | N/A |
| Visual truncation vulnerability in Opera 9.21 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after 34 characters, as demonstrated by a phishing attack using HTTP Basic Authentication. | |||||
| CVE-2007-3143 | 1 Kde | 1 Konqueror | 2017-07-29 | 6.4 MEDIUM | N/A |
| Visual truncation vulnerability in Konqueror 3.5.5 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication. | |||||
| CVE-2007-3144 | 1 Mozilla | 1 Mozilla | 2017-07-29 | 6.4 MEDIUM | N/A |
| Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication. | |||||
| CVE-2007-3145 | 1 Galeon | 1 Galeon Browser | 2017-07-29 | 5.8 MEDIUM | N/A |
| Visual truncation vulnerability in Galeon 2.0.1 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication. | |||||
| CVE-2007-3152 | 1 Daniel Stenberg | 1 C-ares | 2017-07-29 | 7.5 HIGH | N/A |
| c-ares before 1.4.0 uses a predictable seed for the random number generator for the DNS Transaction ID field, which might allow remote attackers to spoof DNS responses by guessing the field value. | |||||
| CVE-2007-3153 | 1 Daniel Stenberg | 1 C-ares | 2017-07-29 | 5.0 MEDIUM | N/A |
| The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random number sequence (Unix rand), which makes it easier for remote attackers to spoof DNS responses by guessing certain values. | |||||
| CVE-2007-3154 | 1 Egroupware | 1 Egroupware | 2017-07-29 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka wz_tooltips) before 4.01, as used by eGroupWare before 1.2.107-2 and other packages, has unknown impact and remote attack vectors. | |||||
| CVE-2007-3155 | 1 Egroupware | 1 Egroupware | 2017-07-29 | 10.0 HIGH | N/A |
| Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown impact and attack vectors related to ADOdb. NOTE: due to lack of details from the vendor, it is uncertain whether this issue is already covered by another CVE identifier. | |||||
| CVE-2007-3157 | 1 Safenet | 2 Safenet Highassurance Remote, Softremote Vpn Client | 2017-07-29 | 5.0 MEDIUM | N/A |
| IPSecDrv.sys 10.4.0.12 in SafeNET High Assurance Remote 1.4.0 Build 12, and SoftRemote, allows remote attackers to cause a denial of service (infinite loop and system hang) via an invalid packet with certain bytes in an option header, possibly related to the IPv6 support for IPSec. | |||||
| CVE-2007-3163 | 1 Frederico Caldeira Knabben | 1 Fckeditor | 2017-07-29 | 5.0 MEDIUM | N/A |
| Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by .php::$DATA filenames, a related issue to CVE-2006-0658. | |||||
| CVE-2007-3170 | 1 Uebimiau | 1 Uebimiau | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Uebimiau Webmail allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to redirect.php or (2) the selected_theme parameter to demo/pop3/error.php. | |||||
| CVE-2007-3171 | 1 Uebimiau | 1 Uebimiau | 2017-07-29 | 5.0 MEDIUM | N/A |
| Uebimiau Webmail allows remote attackers to obtain sensitive information via a request to demo/pop3/error.php with an invalid value of the (1) smarty or (2) selected_theme parameter, which reveals the path in various error messages. | |||||
| CVE-2007-3172 | 1 Uebimiau | 1 Uebimiau | 2017-07-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in demo/pop3/error.php in Uebimiau Webmail allows remote attackers to determine the existence of arbitrary directories via an absolute pathname and .. (dot dot) in the selected_theme parameter. | |||||
| CVE-2007-3174 | 1 W2b | 1 Online Banking | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in auth.w2b in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the adtype parameter, a different vector than CVE-2006-1980. | |||||
| CVE-2007-3175 | 1 W2b | 1 Online Banking | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in W2B Online Banking allow remote attackers to execute arbitrary SQL commands via (1) the draft parameter to mailer.w2b or (2) the listDocPay parameter to DocPay.w2b. | |||||
| CVE-2007-3176 | 1 Ingate | 2 Ingate Firewall, Ingate Siparator | 2017-07-29 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Ingate Firewall and SIParator before 4.5.2 allows remote authenticated users without full privileges to download a Support Report. | |||||
| CVE-2007-3177 | 1 Ingate | 2 Ingate Firewall, Ingate Siparator | 2017-07-29 | 5.0 MEDIUM | N/A |
| Ingate Firewall and SIParator before 4.5.2 allow remote attackers to bypass SIP authentication via a certain maddr parameter. | |||||
| CVE-2007-3181 | 2 Bakbone, Firebirdsql | 2 Netvault, Firebird | 2017-07-29 | 10.0 HIGH | N/A |
| Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows remote attackers to execute arbitrary code via a large p_cnct_count value in a p_cnct structure in a connect (0x01) request to port 3050/tcp, related to "an InterBase version of gds32.dll." | |||||
| CVE-2007-3185 | 1 Apple | 1 Safari | 2017-07-29 | 7.8 HIGH | N/A |
| Apple Safari Beta 3.0.1 for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi. | |||||
| CVE-2007-3187 | 1 Apple | 1 Safari | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Apple Safari for Windows allow remote attackers to cause a denial of service or execute arbitrary code, possibly involving memory corruption, and a different issue from CVE-2007-3185 and CVE-2007-3186. NOTE: as of 20070612, the original disclosure has no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2007-3193 | 1 Phpwiki | 1 Phpwiki | 2017-07-29 | 10.0 HIGH | N/A |
| lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, might allow remote attackers to bypass authentication via an empty password, which causes ldap_bind to return true when used with certain LDAP implementations. | |||||
| CVE-2007-3195 | 1 Erfan Wiki | 1 Erfan Wiki | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in ERFAN WIKI 1.00 allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-3200 | 1 Novell | 1 Modular Authentication Service | 2017-07-29 | 4.9 MEDIUM | N/A |
| NMASINST in Novell Modular Authentication Service (NMAS) 3.1.2 and earlier on NetWare logs its invoking command line to NMASINST.LOG, which might allow local users to obtain the admin username and password by reading this file. | |||||
| CVE-2007-3203 | 1 Software602 | 1 602pro Lan Suite | 2017-07-29 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in smtpdll.dll in the SMTP service in 602Pro LAN SUITE 2003 2003.0.03.0828 allows remote attackers to execute arbitrary code via an e-mail message with a long address. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||