Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4048 | 1 Phpsysinfo | 1 Phpsysinfo | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo 2.5.4-dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||||
| CVE-2007-4195 | 1 The Sleuth Kit | 1 The Sleuth Kit | 2018-10-15 | 4.3 MEDIUM | N/A |
| Use-after-free vulnerability in ext2fs.c in Brian Carrier The Sleuth Kit (TSK) before 2.09 allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain ext2fs files via a malformed ext2fs image. | |||||
| CVE-2007-4071 | 1 Tincan | 1 Webbler Cms | 2018-10-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in uploader/index.php in Webbler CMS before 3.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) login parameter. | |||||
| CVE-2007-4145 | 1 Bluesky | 1 Blueskychat | 2018-10-15 | 4.3 MEDIUM | N/A |
| Heap-based buffer overflow in the BlueSkychat (BlueSkyCat) ActiveX control (V2.V2Ctrl.1) in v2.ocx 8.1.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the second argument to the ConnecttoServer method. | |||||
| CVE-2007-4072 | 1 Tincan | 1 Webbler Cms | 2018-10-15 | 5.0 MEDIUM | N/A |
| Webbler CMS before 3.1.6 provides the full installation path within HTML comments in certain documents, which allows remote attackers to obtain sensitive information by viewing the HTML source, as demonstrated by viewing the source generated from index.php. | |||||
| CVE-2007-4073 | 1 Tincan | 1 Webbler Cms | 2018-10-15 | 5.0 MEDIUM | N/A |
| Webbler CMS before 3.1.6 does not properly restrict use of "mail a friend" forms, which allows remote attackers to send arbitrary amounts of forged e-mail. NOTE: this could be leveraged for spam or phishing attacks. | |||||
| CVE-2007-4108 | 1 Codewidgets | 1 Online Event Registration Template | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sign_in.aspx in WebEvents (Online Event Registration Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter. | |||||
| CVE-2007-3942 | 1 Simple Machines | 1 Simple Machines Forum | 2018-10-15 | 5.8 MEDIUM | N/A |
| ** DISPUTED ** Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.1.3 allows remote attackers to include local files via unspecified vectors related to the sourcedir parameter or the actionArray hash. NOTE: CVE and multiple third parties dispute this vulnerability because both sourcedir and actionArray are defined before use. | |||||
| CVE-2007-3951 | 1 Norman | 1 Norman Virus Control | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Norman Antivirus 5.90 allow remote attackers to execute arbitrary code via a crafted (1) ACE or (2) LZH file, resulting from an "integer cast around." | |||||
| CVE-2007-3950 | 1 Lighttpd | 1 Lighttpd | 2018-10-15 | 4.3 MEDIUM | N/A |
| lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the (1) mod_scgi, (2) mod_fastcgi, and (3) mod_webdav modules. | |||||
| CVE-2007-3945 | 2 Linux, Rsbac | 2 Linux Kernel, Rule Set Based Access Control | 2018-10-15 | 6.4 MEDIUM | N/A |
| Rule Set Based Access Control (RSBAC) before 1.3.5 does not properly use the Linux Kernel Crypto API for the Linux kernel 2.6.x, which allows context-dependent attackers to bypass authentication controls via unspecified vectors, possibly involving User Management password hashing and unchecked function return codes. | |||||
| CVE-2007-3946 | 1 Lighttpd | 1 Lighttpd | 2018-10-15 | 6.4 MEDIUM | N/A |
| mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving (1) a memory leak, (2) use of md5-sess without a cnonce, (3) base64 encoded strings, and (4) trailing whitespace in the Auth-Digest header. | |||||
| CVE-2007-4027 | 1 Areca | 1 Cli | 2018-10-15 | 6.6 MEDIUM | N/A |
| Buffer overflow in cli32 in Areca CLI 1.72.250 and earlier might allow local users to gain privileges via a long argument. NOTE: this program is not setuid by default, but there are some usage scenarios in which an administrator might make it setuid. | |||||
| CVE-2007-3972 | 1 Eset Software | 1 Nod32 Antivirus | 2018-10-15 | 5.0 MEDIUM | N/A |
| ESET NOD32 Antivirus before 2.2289 allows remote attackers to cause a denial of service via a crafted (1) ASPACK or (2) FSG packed file, which triggers a divide-by-zero error. | |||||
| CVE-2007-3947 | 1 Lighttpd | 1 Lighttpd | 2018-10-15 | 5.8 MEDIUM | N/A |
| request.c in lighttpd 1.4.15 allows remote attackers to cause a denial of service (daemon crash) by sending an HTTP request with duplicate headers, as demonstrated by a request containing two Location header lines, which results in a segmentation fault. | |||||
| CVE-2007-3948 | 1 Lighttpd | 1 Lighttpd | 2018-10-15 | 4.3 MEDIUM | N/A |
| connections.c in lighttpd before 1.4.16 might accept more connections than the configured maximum, which allows remote attackers to cause a denial of service (failed assertion) via a large number of connection attempts. | |||||
| CVE-2007-3949 | 1 Lighttpd | 1 Lighttpd | 2018-10-15 | 8.3 HIGH | N/A |
| mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote attackers to bypass url.access-deny settings. | |||||
| CVE-2007-3963 | 1 Usebb | 1 Usebb | 2018-10-15 | 9.3 HIGH | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in UseBB 1.0.7, and possibly other 1.0.x versions, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) upgrade-0-2-3.php, (2) upgrade-0-3.php, or (3) upgrade-0-4.php in install/, a different vulnerability than CVE-2005-4193. | |||||
| CVE-2007-3966 | 1 Iexpress | 1 Munch Pro | 2018-10-15 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in Munch Pro allows remote attackers to execute arbitrary SQL commands via the login field to /admin, a different vulnerability than CVE-2006-5880. | |||||
| CVE-2007-3969 | 1 Panda | 1 Panda Antivirus | 2018-10-15 | 9.3 HIGH | N/A |
| Buffer overflow in Panda Antivirus before 20070720 allows remote attackers to execute arbitrary code via a crafted EXE file, resulting from an "Integer Cast Around." | |||||
| CVE-2007-3970 | 1 Eset Software | 1 Nod32 Antivirus | 2018-10-15 | 5.0 MEDIUM | N/A |
| Race condition in ESET NOD32 Antivirus before 2.2289 allows remote attackers to execute arbitrary code via a crafted CAB file, which triggers heap corruption. | |||||
| CVE-2007-3952 | 1 Norman | 1 Normon Antivirus | 2018-10-15 | 7.5 HIGH | N/A |
| The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote attackers to bypass the malware detection via a crafted DOC file, resulting from an "integer cast around". | |||||
| CVE-2007-3973 | 1 Jblog | 1 Jblog | 2018-10-15 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in JBlog 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) index.php, or the (2) search parameter or (3) theme cookie to (b) recherche.php. | |||||
| CVE-2007-3974 | 1 Jblog | 1 Jblog | 2018-10-15 | 7.5 HIGH | N/A |
| admin/ajoutaut.php in JBlog 1.0 does not require authentication, which allows remote attackers to create arbitrary accounts via modified mot and droit parameters. | |||||
| CVE-2007-3971 | 1 Eset Software | 1 Nod32 Antivirus | 2018-10-15 | 5.0 MEDIUM | N/A |
| Integer overflow in ESET NOD32 Antivirus before 2.2289 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted ASPACK packed file, which triggers an infinite loop. | |||||
| CVE-2007-3953 | 1 Norman | 1 Norman Virus Control | 2018-10-15 | 4.3 MEDIUM | N/A |
| The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote attackers to cause a denial of service via a crafted DOC file that triggers a divide-by-zero error. | |||||
| CVE-2007-4028 | 1 Webspell | 1 Webspell | 2018-10-15 | 7.5 HIGH | N/A |
| Absolute path traversal vulnerability in index.php in Webspell 4.01.02 allows remote attackers to include and execute arbitrary local files via a full pathname in the site parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-3975 | 1 Elite Forum | 1 Elite Forum | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Elite Forum 1.0.0.0 allows remote attackers to inject arbitrary web script or HTML via the title parameter in a ptopic action, a different vulnerability than CVE-2005-3412. | |||||
| CVE-2007-4029 | 2 Libvorbis, Rpath | 2 Libvorbis, Rpath Linux | 2018-10-15 | 6.8 MEDIUM | N/A |
| libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c. | |||||
| CVE-2007-4022 | 1 Cpanel | 1 Cpanel | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in frontend/x/htaccess/changepro.html in cPanel 10.9.1 allows remote attackers to inject arbitrary web script or HTML via the resname parameter. | |||||
| CVE-2007-3987 | 1 Junction Quest | 1 Image Racer | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SearchResults.asp in ImageRacer 1.0, when WordSearchCrit is enabled, allows remote attackers to execute arbitrary SQL commands via the SearchWord parameter. | |||||
| CVE-2007-3844 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-15 | 4.3 MEDIUM | N/A |
| Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression. | |||||
| CVE-2007-3814 | 1 Mkportal | 1 Mkportal | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the idurlo field in the delete_urlo function in (a) index.php in the urlobox module; the iden field in the (2) update_file and (3) del_file functions in (b) index.php in the reviews module; the (4) idnews field in the delete_news function and the (5) idcomm field in the del_comment function in (c) index.php in the news module; the (6) idcomm field in the delete_comments function in (d) index.php in the gallery module; the iden field in the (7) edit_file, (8) update_file, and (9) del_file functions in index.php in the gallery module; the (10) ide and (11) cat fields in the slide_update function in index.php in the gallery module; the iden field in the (12) update_file and (13) del_file functions in (d) index.php in the downloads module; and other unspecified vectors. | |||||
| CVE-2007-3816 | 1 Brics | 1 Jwig | 2018-10-15 | 7.8 HIGH | N/A |
| ** DISPUTED ** JWIG might allow context-dependent attackers to cause a denial of service (service degradation) via loops of references to external templates. NOTE: this issue has been disputed by multiple third parties who state that only the application developer can trigger the issue, so no privilege boundaries are crossed. However, it seems possible that this is a vulnerability class to which an JWIG application may be vulnerable if template contents can be influenced, but this would be an issue in the application itself, not JWIG. | |||||
| CVE-2007-3866 | 1 Oracle | 1 E-business Suite | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 and 12.0.1 allow remote attackers to have an unknown impact via (a) Oracle Configurator (APPS02), (b) Oracle iExpenses (APPS03), (c) Oracle Application Object Library (APPS09), and (1) APPS12, (2) APPS13, and (3) APPS14 in (d) Oracle Payables. | |||||
| CVE-2007-3867 | 1 Oracle | 1 E-business Suite | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 have unknown impact and attack vectors, related to (1) APPS04, (2) APPS05, and (3) APPS06 in (a) Oracle Application Object Library, (4) APPS07 in Oracle Customer Intelligence, (5) APPS08 in Oracle Payments, (7) APPS10 in Oracle Human Resources, and (8) APPS11 in iRecruitment. | |||||
| CVE-2007-3819 | 1 Opera | 1 Opera Browser | 2018-10-15 | 5.0 MEDIUM | N/A |
| Opera 9.21 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed. | |||||
| CVE-2007-3820 | 1 Kde | 1 Konqueror | 2018-10-15 | 2.6 LOW | N/A |
| konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed. | |||||
| CVE-2007-3821 | 1 Citadel | 1 Webcit | 2018-10-15 | 7.5 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in Webcit before 7.11 allows remote attackers to modify configurations and perform other actions as arbitrary users via unspecified vectors. | |||||
| CVE-2007-3822 | 1 Citadel | 1 Webcit | 2018-10-15 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Webcit before 7.11 allow remote attackers to inject arbitrary web script or HTML via (1) the who parameter to showuser; and other vectors involving (2) calendar mode, (3) bulletin board mode, (4) room names, and (5) uploaded file names. | |||||
| CVE-2007-3827 | 1 Mozilla | 1 Firefox | 2018-10-15 | 5.0 MEDIUM | N/A |
| Mozilla Firefox allows for cookies to be set with a null domain (aka "domainless cookies"), which allows remote attackers to pass information between arbitrary domains and track user activity, as demonstrated by the domain attribute in the document.cookie variable in a javascript: window. | |||||
| CVE-2007-3834 | 1 Exlibris Group | 1 Aleph | 2018-10-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ex Libris ALEPH allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a URL that can be discovered through a keyword search. NOTE: this may be related to the MetaLib XSS issue, CVE-2007-3835. | |||||
| CVE-2007-3835 | 1 Exlibris Group | 1 Metalib | 2018-10-15 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Ex Libris MetaLib 3.13 and 4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a resource id that can be discovered through a search. | |||||
| CVE-2007-3848 | 1 Linux | 1 Linux Kernel | 2018-10-15 | 1.9 LOW | N/A |
| Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal (PR_SET_PDEATHSIG). | |||||
| CVE-2007-3855 | 1 Oracle | 1 Database Server | 2018-10-15 | 6.5 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to have an unknown impact via (1) SYS.DBMS_DRS in the DataGuard component (DB03), (2) SYS.DBMS_STANDARD in the PL/SQL component (DB10), (3) MDSYS.RTREE_IDX in the Spatial component (DB16), and (4) SQL Compiler (DB17). NOTE: a reliable researcher claims that DB17 is for using Views to perform unauthorized insert, update, or delete actions. | |||||
| CVE-2007-3860 | 1 Oracle | 1 Apex | 2018-10-15 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Oracle Application Express (formerly Oracle HTML DB) 2.2.0.00.32 up to 3.0.0.00.20 allows developers to have an unknown impact via unknown attack vectors, aka APEX01. NOTE: a reliable researcher states that this is SQL injection in the wwv_flow_security.check_db_password function due to insufficient checks for '"' characters. | |||||
| CVE-2007-3888 | 1 Insanely Simple Blog | 1 Insanely Simple Blog | 2018-10-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the search action, possibly related to the term parameter to index.php; or (2) an anonymous blog entry, possibly involving the (a) posted_by, (b) subject, and (c) content parameters to index.php; as demonstrated by the onmouseover attribute of certain elements. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-3889 | 1 Insanely Simple Blog | 1 Insanely Simple Blog | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the current_subsection parameter to index.php and other unspecified vectors. | |||||
| CVE-2007-3865 | 1 Oracle | 1 E-business Suite | 2018-10-15 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 12.0.1 has unknown impact and remote attack vectors, aka APPS01. | |||||
| CVE-2007-3807 | 1 Sitescape | 1 Sitescape Forum | 2018-10-15 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum before 7.3 allow remote attackers to inject arbitrary web script or HTML via the user name field in the login procedure, and other unspecified vectors. | |||||