Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3785 | 1 Eldos Corporation | 1 Secureblackbox | 2017-07-29 | 4.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in a certain ActiveX control in PGPBBox.dll in EldoS SecureBlackbox (sbb) 5.1.0.112 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveToFile method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-3745 | 1 Apple | 3 Core Audio Technologies, Mac Os X, Mac Os X Server | 2017-07-29 | 6.8 MEDIUM | N/A |
| The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 contains an unsafe interface that is exposed by JDirect, which allows remote attackers to free arbitrary memory and thereby execute arbitrary code. | |||||
| CVE-2007-3775 | 1 Cisco | 2 Unified Communications Manager, Unified Presence Server | 2017-07-29 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allows remote attackers to cause a denial of service (loss of cluster services) via unspecified vectors, aka (1) CSCsj09859 and (2) CSCsj19985. | |||||
| CVE-2007-3776 | 1 Cisco | 2 Unified Communications Manager, Unified Presence Server | 2017-07-29 | 5.0 MEDIUM | N/A |
| Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allow remote attackers to obtain sensitive information via unspecified vectors that reveal the SNMP community strings and configuration settings, aka (1) CSCsj20668 and (2) CSCsj25962. | |||||
| CVE-2007-3729 | 1 Hp | 1 Openvms | 2017-07-29 | 5.0 MEDIUM | N/A |
| The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid POP usernames. | |||||
| CVE-2007-3778 | 1 Squirrelmail | 1 Gpg Plugin | 2017-07-29 | 7.5 HIGH | N/A |
| The G/PGP (GPG) Plugin 2.0, and 2.1dev before 20060912, for Squirrelmail allows remote attackers to execute arbitrary commands via shell metacharacters in the messageSignedText parameter to the gpg_check_sign_pgp_mime function in gpg_hook_functions.php. NOTE: a parameter value can be set in the contents of an e-mail message. | |||||
| CVE-2007-3728 | 1 Silc | 2 Silc Client, Silc Toolkit | 2017-07-29 | 5.0 MEDIUM | N/A |
| Buffer overflow in lib/silcclient/client_notify.c of SILC Client and SILC Toolkit before 1.1.2 allows remote attackers to cause a denial of service via "NICK_CHANGE" notifications. | |||||
| CVE-2007-3258 | 1 Vincent Hor | 1 Calendarix | 2017-07-29 | 5.0 MEDIUM | N/A |
| calendar.php in Calendarix 0.7.20070307 allows remote attackers to obtain sensitive information via large values to the (1) year and (2) month parameters, which causes negative values to be passed to the mktime library call, and reveals the installation path in the error message. | |||||
| CVE-2007-3692 | 1 Kddi | 1 Ezfactory Download Cgi | 2017-07-29 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in download.cgi in EZFactory KDDI Download CGI 1.x allows remote attackers to read and download arbitrary files via a .. (dot dot) in the name parameter. | |||||
| CVE-2007-3686 | 1 Masuga Design | 1 Unobtrusive Ajax Star Rating Bar | 2017-07-29 | 7.5 HIGH | N/A |
| CRLF injection vulnerability in db.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary HTTP headers and data via CRLF sequences in the HTTP_REFERER parameter. | |||||
| CVE-2007-3685 | 1 Masuga Design | 1 Unobtrusive Ajax Star Rating Bar | 2017-07-29 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in rpc.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2007-3684 | 1 Masuga Design | 1 Unobtrusive Ajax Star Rating Bar | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Unobtrusive Ajax Star Rating Bar before 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) q and (2) t parameters in (a) db.php and (b) rpc.php. | |||||
| CVE-2007-3673 | 1 Symantec | 6 Client Security, Norton Antispam, Norton Antivirus and 3 more | 2017-07-29 | 6.9 MEDIUM | N/A |
| Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus Corporate Edition 9 through 10.1 and Client Security 2.0 through 3.1, Norton AntiSpam 2005, and Norton AntiVirus, Internet Security, Personal Firewall, and System Works 2005 and 2006; allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in an IOCTL 0x83022323 request to \\symTDI\, which results in memory overwrite. | |||||
| CVE-2007-3667 | 1 Activereportsexcelreport | 1 Activereportsexcelreport | 2017-07-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in EXCLEXPT.DLL in ActiveReportsExcelReport allows remote attackers to cause a denial of service via the DDRow Height variable. | |||||
| CVE-2007-3791 | 1 Policyd | 1 Policyd | 2017-07-29 | 7.5 HIGH | N/A |
| Buffer overflow in the w_read function in sockets.c in Cami Sardinha and Nigel Kukard policyd before 1.81 for Postfix allows remote attackers to cause a denial of service and possibly execute arbitrary code via long SMTP commands. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-3691 | 1 Av Scripts | 1 Av Tutorial Script | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in changePW.php in AV Tutorial Script (avtutorial) 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) userid parameters, a different issue than CVE-2007-3630. | |||||
| CVE-2007-3793 | 1 Hitachi | 1 Jp1-netm-dm Manager | 2017-07-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Job Management Partner 1/NETM/DM (JP1/NETM/DM) Manager on Windows before 20070413 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2007-3690 | 1 Drupal | 1 Forward Module | 2017-07-29 | 7.8 HIGH | N/A |
| The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments. | |||||
| CVE-2007-3795 | 1 Hitachi | 1 Tpi Server Base | 2017-07-29 | 7.1 HIGH | N/A |
| Unspecified vulnerability in Hitachi TP1/Server Base before 03-05-/P, 05-00-x before 05-00-/G, 05-01-x before 05-01-/A, and 05-02-x before 05-02-/C on HP-UX 11.0 through 11i v3 allows attackers to cause a denial of service by sending certain data to a port. | |||||
| CVE-2007-3689 | 1 Drupal | 1 Print Module | 2017-07-29 | 7.8 HIGH | N/A |
| The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments. | |||||
| CVE-2007-3800 | 1 Symantec | 2 Client Security, Norton Antivirus | 2017-07-29 | 6.0 MEDIUM | N/A |
| Unspecified vulnerability in the Real-time scanner (RTVScan) component in Symantec AntiVirus Corporate Edition 9.0 through 10.1 and Client Security 2.0 through 3.1, when the Notification Message window is enabled, allows local users to gain privileges via crafted code. | |||||
| CVE-2007-3803 | 1 Clavister | 1 Clavister Coreplus | 2017-07-29 | 10.0 HIGH | N/A |
| The SMTP ALG in Clavister CorePlus before 8.80.04, and 8.81.00, does not properly parse SMTP commands in certain circumstances, which allows remote attackers to bypass address blacklists. | |||||
| CVE-2007-3688 | 1 Dotclear | 1 Dotclear | 2017-07-29 | 2.6 LOW | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in DotClear 1.2.6 allow remote attackers to perform actions as arbitrary users via the (1) tool_url parameter to ecrire/tools.php and multiple fields on the (2) blogconf, (3) blogroll, (4) ecrire/redacteur.php, and (5) ecrire/user_prefs.php pages. | |||||
| CVE-2007-3872 | 1 Hp | 2 Openview Operations, Shared Trace Service | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple stack-based buffer overflows in the Shared Trace Service (OVTrace) service for HP OpenView Operations A.07.50 for Windows, and possibly earlier versions, allow remote attackers to execute arbitrary code via certain crafted requests. | |||||
| CVE-2007-3645 | 1 Freebsd | 1 Libarchive | 2017-07-29 | 4.3 MEDIUM | N/A |
| archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (crash) via (1) an end-of-file condition within a tar header that follows a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive, which results in a NULL pointer dereference, a different issue than CVE-2007-3644. | |||||
| CVE-2007-3644 | 1 Freebsd | 1 Libarchive | 2017-07-29 | 4.3 MEDIUM | N/A |
| archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (infinite loop) via (1) an end-of-file condition within a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive. | |||||
| CVE-2007-3641 | 1 Freebsd | 1 Libarchive | 2017-07-29 | 9.3 HIGH | N/A |
| archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow. | |||||
| CVE-2007-3629 | 1 Levent Veysi Portal | 1 Levent Veysi Portal | 2017-07-29 | 10.0 HIGH | N/A |
| SQL injection vulnerability in oku.asp in Levent Veysi Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-3864 | 1 Oracle | 1 Collaboration Suite | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10.1.2 have unknown impact and remote attack vectors via (1) Instant Messaging/Presence (OCS01) and (2) Oracle Single Sign On (AS02). | |||||
| CVE-2007-3625 | 1 Citrix | 1 Metaframe Presentation Server | 2017-07-29 | 5.0 MEDIUM | N/A |
| The Program Neighborhood Agent in Citrix Presentation Server Clients for 32-bit Windows before 10.100 allows remote attackers to cause a denial of service (agent exit) via a certain request that uses content redirection and a long pathname. | |||||
| CVE-2007-3624 | 1 Sap | 1 Sap Message Server | 2017-07-29 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the Message HTTP Server in SAP Message Server allows remote attackers to execute arbitrary code via a long string in the group parameter to /msgserver/html/group. | |||||
| CVE-2007-3623 | 1 Hitachi | 4 Jp1-hicommand Device Manager, Jp1-hicommand Global Link Availability Manager, Jp1-hicommand Replication Monitor and 1 more | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Hitachi JP1/HiCommand Device Manager, Tiered Storage Manager, Replication Monitor, and GlobalLink Availability Manager before 20070528 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. | |||||
| CVE-2007-3622 | 1 Alt-n | 1 Mdaemon | 2017-07-29 | 2.6 LOW | N/A |
| Unspecified vulnerability in DomainPOP in Alt-N Technologies MDaemon before 9.61 allows remote attackers to cause a denial of service (crash) via malformed messages. | |||||
| CVE-2007-3700 | 1 Sun | 1 Java System Access Manager | 2017-07-29 | 1.7 LOW | N/A |
| Sun Java System Access Manager (formerly Java System Identity Server) before 20070710, when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.properties, logs cleartext login passwords, which allows local users to gain privileges by reading /var/opt/SUNWam/debug/amAuth. | |||||
| CVE-2007-3815 | 1 Republike Slovenije | 1 Pirs | 2017-07-29 | 4.9 MEDIUM | N/A |
| Buffer overflow in pirs32.exe in Poslovni informator Republike Slovenije (PIRS) 2007 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long search string in certain fields in the GUI. NOTE: this may cross privilege boundaries if PIRS is used by data-entry workers who do not have full access to the underlying Windows environment. | |||||
| CVE-2007-3596 | 1 Izzysoft | 1 Phpvideopro | 2017-07-29 | 4.3 MEDIUM | N/A |
| inc/vul_check.inc in phpVideoPro before 0.8.8 permits non-alphanumeric characters in the sess_id parameter, which has unknown impact and remote attack vectors, probably cross-site scripting (XSS). | |||||
| CVE-2007-3817 | 1 Drupal | 1 Logintoboggan Module | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the LoginToboggan module 4.7.x-1.0, 4.7.x-1.x-dev, and 5.x-1.x-dev before 20070712 for Drupal, when configured to display a "Log out" link, allows remote attackers to inject arbitrary web script or HTML via a crafted username. NOTE: Drupal sanitizes the username by removing certain characters, so this might not be a vulnerability on default installations. | |||||
| CVE-2007-3594 | 1 Adventnet | 1 Manageengine Netflow Analyzer | 2017-07-29 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in map/; the (2) reportName, (3) displayName, and (4) selectedNode parameters to (c) reports/ReportViewAction.do; the (5) operation parameter to (d) admin/ServiceConfiguration.do; and the (6) selectedNode and (7) selectedTab parameters to (e) admin/DeviceAssociation.do. NOTE: the searchTerm parameter in Search.do is already covered by CVE-2006-2343. | |||||
| CVE-2007-3592 | 1 Elite Bulletin Board | 1 Elite Bulletin Board | 2017-07-29 | 6.5 MEDIUM | N/A |
| PM.php in Elite Bulletin Board before 1.0.10 allows remote authenticated users to delete arbitrary PM messages and conduct other attacks via modified id fields. | |||||
| CVE-2007-3591 | 1 Elite Bulletin Board | 1 Elite Bulletin Board | 2017-07-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Profile.php in Elite Bulletin Board before 1.0.10 allows remote attackers to modify profile information via unspecified vectors related to "a remote form," probably related to direct requests and missing authorization checks. | |||||
| CVE-2007-3580 | 1 Phpids | 1 Phpids | 2017-07-29 | 4.3 MEDIUM | N/A |
| PHPIDS does not properly handle certain code containing newlines, as demonstrated by a try/catch block within a loop, which allows user-assisted remote attackers to inject arbitrary web script. | |||||
| CVE-2007-3579 | 1 Phpids | 1 Phpids | 2017-07-29 | 4.3 MEDIUM | N/A |
| PHPIDS before 20070703 does not properly handle setting the .text property of a SCRIPT element before its attachment to the DOM, which allows remote attackers to inject arbitrary web script. | |||||
| CVE-2007-3578 | 1 Phpids | 1 Phpids | 2017-07-29 | 4.3 MEDIUM | N/A |
| PHPIDS before 20070703 does not properly handle (1) arithmetic expressions and (2) unclosed comments, which allows remote attackers to inject arbitrary web script. | |||||
| CVE-2007-3577 | 1 Phpids | 1 Phpids | 2017-07-29 | 4.3 MEDIUM | N/A |
| PHPIDS before 20070703 does not properly handle use of the substr method in (1) document.location.search and (2) document.referrer; (3) certain use of document.location.hash; (4) certain "window[eval" and similar expressions; (5) certain Function expressions; (6) certain '=' expressions, as demonstrated by a 'whatever="something"' sequence; and (7) certain "with" expressions, which allows remote attackers to inject arbitrary web script. | |||||
| CVE-2007-3823 | 1 Ipswitch | 1 Ws Ftp | 2017-07-29 | 7.8 HIGH | N/A |
| The Logging Server (Logsrv.exe) in IPSwitch WS_FTP 7.5.29.0 allows remote attackers to cause a denial of service (daemon crash) by sending a crafted packet containing a long string to port 5151/udp. | |||||
| CVE-2007-3868 | 1 Oracle | 1 Peoplesoft Enterprise | 2017-07-29 | 6.5 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in PeopleTools in Oracle PeopleSoft Enterprise 8.22.15, 8.47.13, 8.48.10, and 8.49.02 allows remote authenticated users or attackers to have an unknown impact via multiple vectors, aka (1) PSE01, (2) PSE02, and (3) PSE03. | |||||
| CVE-2007-3869 | 1 Oracle | 1 Peoplesoft Enterprise | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Customer Relationship Management Online Marketing component in Oracle PeopleSoft Enterprise 8.9 Bundle 26 and 9.0 Bundle 7 allow remote authenticated users to have an unknown impact, aka (1) PSE04 and (2) PSE05. | |||||
| CVE-2007-3824 | 1 Mehmet Zati Karahan | 1 Mzk Blog | 2017-07-29 | 10.0 HIGH | N/A |
| SQL injection vulnerability in katgoster.asp in MzK Blog (tr) allows remote attackers to execute arbitrary SQL commands via the katID parameter. | |||||
| CVE-2007-3571 | 1 Novell | 2 Groupwise, Netware | 2017-07-29 | 4.3 MEDIUM | N/A |
| The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address. | |||||
| CVE-2007-3276 | 1 Siteatschool | 1 Siteatschool | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Site@School (S@S) 2.4.10 allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||