Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4418 | 1 Ibm | 1 Db2 Universal Database | 2017-07-29 | 5.5 MEDIUM | N/A |
| IBM DB2 UDB 8 before Fixpak 15 does not properly check authorization, which allows remote authenticated users with a certain SELECT privilege to have an unknown impact via unspecified vectors. NOTE: this issue is probably related to CVE-2007-1089, but this is uncertain due to lack of details. | |||||
| CVE-2007-3172 | 1 Uebimiau | 1 Uebimiau | 2017-07-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in demo/pop3/error.php in Uebimiau Webmail allows remote attackers to determine the existence of arbitrary directories via an absolute pathname and .. (dot dot) in the selected_theme parameter. | |||||
| CVE-2007-3171 | 1 Uebimiau | 1 Uebimiau | 2017-07-29 | 5.0 MEDIUM | N/A |
| Uebimiau Webmail allows remote attackers to obtain sensitive information via a request to demo/pop3/error.php with an invalid value of the (1) smarty or (2) selected_theme parameter, which reveals the path in various error messages. | |||||
| CVE-2007-3170 | 1 Uebimiau | 1 Uebimiau | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Uebimiau Webmail allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to redirect.php or (2) the selected_theme parameter to demo/pop3/error.php. | |||||
| CVE-2007-4089 | 1 Vikingboard | 1 Vikingboard | 2017-07-29 | 4.3 MEDIUM | N/A |
| Vikingboard 0.1.2 allows remote attackers to obtain sensitive information via the debug parameter to (1) forum.php, (2) cp.php, and possibly other unspecified components. | |||||
| CVE-2007-4417 | 1 Ibm | 1 Db2 Universal Database | 2017-07-29 | 6.0 MEDIUM | N/A |
| IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 does not properly revoke privileges on methods, which allows remote authenticated users to execute a method after revocation until the routine auth cache is flushed. | |||||
| CVE-2007-4363 | 1 Drupal | 1 Content Construction Kit | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the nodereference module in Drupal Content Construction Kit (CCK) before 4.7.x-1.6, and 5.x before 5.x-1.6 ,allow remote attackers to inject arbitrary web script or HTML via nodereference fields, when using (1) the plain formatter or (2) the autocomplete text field widget without Views.module. | |||||
| CVE-2007-4510 | 2 Clam Anti-virus, Kolab | 2 Clamav, Kolab Server | 2017-07-29 | 4.3 MEDIUM | N/A |
| ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_normalise function in libclamav/htmlnorm.c. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-3163 | 1 Frederico Caldeira Knabben | 1 Fckeditor | 2017-07-29 | 5.0 MEDIUM | N/A |
| Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by .php::$DATA filenames, a related issue to CVE-2006-0658. | |||||
| CVE-2007-4355 | 1 Ibm | 1 Aix | 2017-07-29 | 7.2 HIGH | N/A |
| Buffer overflow in the at program on IBM AIX 5.3 allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2007-4122 | 1 Hitachi | 1 Jp1-cm2-hierarchical Viewer | 2017-07-29 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Hitachi JP1/Cm2/Hierarchical Viewer (HV) 06-00 through 06-71-/B allows remote attackers to cause a denial of service (application stop and web interface outage) via certain "unexpected data." | |||||
| CVE-2007-4123 | 1 Hitachi | 1 Groupmax Groupware Server | 2017-07-29 | 5.0 MEDIUM | N/A |
| The Groupmax Scheduler_Facilities management tool in Hitachi Groupmax Groupware Server 07-00-/F through 07-32-/A before 20070731 does not properly manage schedule server configuration data, which might allow attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2007-4354 | 1 Ibm | 1 Aix | 2017-07-29 | 7.2 HIGH | N/A |
| Buffer overflow in fileplace in bos.perf.tools in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2007-4353 | 1 Ibm | 1 Aix | 2017-07-29 | 6.9 MEDIUM | N/A |
| Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users in the system group to gain root privileges via unspecified vectors involving the (1) chpath, (2) rmpath, and (3) devinstall programs in bos.rte.methods. | |||||
| CVE-2007-4380 | 1 Symantec | 1 Altiris Deployment Solution | 2017-07-29 | 7.2 HIGH | N/A |
| Aclient in Symantec Altiris Deployment Solution 6 before 6.8 SP2 (6.8.378) allows local users to gain local System privileges via the Log File Viewer. | |||||
| CVE-2007-4333 | 1 Article Dashboard | 1 Article Dashboard | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in signup.php in Article Dashboard allow remote attackers to inject arbitrary web script or HTML via the (1) f_emailaddress, (2) f_reemailaddress, and other unspecified parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-4100 | 1 Mldonkey | 1 Mldonkey | 2017-07-29 | 5.0 MEDIUM | N/A |
| MLDonkey before 2.9.0 does not load certain code from $MLDONKEY/web_infos/ before the network modules become active, which allows remote attackers to bypass the IP blocklist. | |||||
| CVE-2007-4332 | 1 Article Dashboard | 1 Article Dashboard | 2017-07-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in article.php in Article Dashboard, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-4323 | 1 Denyhosts | 1 Denyhosts | 2017-07-29 | 6.8 MEDIUM | N/A |
| DenyHosts 2.6 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector than CVE-2006-6301. | |||||
| CVE-2007-3134 | 1 Atom | 1 Photoblog | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in atomPhotoBlog.php in Atom PhotoBlog 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Your Name, (2) Your Homepage, and (3) Your Comment fields, when using "Approve Comments." | |||||
| CVE-2007-4307 | 1 Storesprite | 1 Storesprite | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Storesprite 7 and earlier allow remote attackers to inject arbitrary web script or HTML via the next parameter to (1) addaddress.php, (2) editshipdetails.php, (3) register.php, or (4) login.php in secure/. | |||||
| CVE-2007-4104 | 1 Wp-feedstats | 1 Wordpress Plugin | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the WP-FeedStats before 2.4 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, one of which involves an rss2 feed with an invalid or missing blog with an XSS sequence in the query string. | |||||
| CVE-2007-4301 | 1 Webcart | 1 Webcart | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the management interface in WebCart 2.20 through 2.25 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-4297 | 1 Aspindir | 1 Dersimiz Haber Ekleme Modulu | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in yorumkaydet.asp in Dersimiz Haber Ekleme Modulu allow remote attackers to inject arbitrary web script or HTML via the (1) yazan, (2) mail, and (3) yorum parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-4296 | 1 Anti-spam Smtp Proxy | 1 Server | 2017-07-29 | 7.5 HIGH | N/A |
| Unspecified vulnerability in assp.pl in Anti-Spam SMTP Proxy Server (ASSP) 1.3.3 has unknown impact and attack vectors. | |||||
| CVE-2007-3157 | 1 Safenet | 2 Safenet Highassurance Remote, Softremote Vpn Client | 2017-07-29 | 5.0 MEDIUM | N/A |
| IPSecDrv.sys 10.4.0.12 in SafeNET High Assurance Remote 1.4.0 Build 12, and SoftRemote, allows remote attackers to cause a denial of service (infinite loop and system hang) via an invalid packet with certain bytes in an option header, possibly related to the IPv6 support for IPSec. | |||||
| CVE-2007-4282 | 1 Serendipity | 1 Serendipity | 2017-07-29 | 5.0 MEDIUM | N/A |
| The "Extended properties for entries" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and "deliver custom entryproperties settings to the Serendipity Frontend" via a certain request that modifies the password being checked. | |||||
| CVE-2007-4280 | 1 Asterisk | 4 Asterisk, Asterisk Appliance Developer Kit, Asterisknow and 1 more | 2017-07-29 | 3.5 LOW | N/A |
| The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population. | |||||
| CVE-2007-4112 | 1 Advanced Webhost Billing System | 1 Advanced Webhost Billing System | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Advanced Webhost Billing System (AWBS) before 2.6.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged for XSS attacks that "bypass AWBS's anti-XSS input validation." | |||||
| CVE-2007-4275 | 1 Ibm | 1 Db2 Universal Database | 2017-07-29 | 6.9 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain privileges via certain vectors related to (1) DB2 instance or FMP startup on Linux and Solaris; (2) exec of executables while running as root on non-Windows systems, as demonstrated by AIX; and unspecified vectors involving (3) db2licm and (4) db2pd. | |||||
| CVE-2007-4272 | 1 Ibm | 1 Db2 Universal Database | 2017-07-29 | 1.9 LOW | N/A |
| Multiple vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to create arbitrary files via (1) unspecified vectors where an attacker's umask is honored, (2) /etc/ld.so.preload, (3) certain "cron data file locations", and other unspecified vectors possibly involving the (4) OSSEMEMDBG or (5) TRC_LOG_FILE environment variable in db2licd (db2licm). | |||||
| CVE-2007-4270 | 1 Ibm | 1 Db2 Universal Database | 2017-07-29 | 6.9 MEDIUM | N/A |
| Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain root privileges via a symlink attack on certain files. | |||||
| CVE-2007-4193 | 1 Ide Group | 1 Dvd Rental System Drs | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in IDE Group DVD Rental System (DRS) 5.1 before 20070801 allow remote attackers to perform certain actions as arbitrary users, as demonstrated by (1) modifying data or (2) canceling a subscription. NOTE: it is not clear whether IDE Group updates all DRS installations in its role as an application service provider. If so, then this issue should not be included in CVE. | |||||
| CVE-2007-4192 | 1 Ide Group | 1 Dvd Rental System Drs | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IDE Group DVD Rental System (DRS) 5.1 before 20070801 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is not clear whether IDE Group updates all DRS installations in its role as an application service provider. If so, then this issue should not be included in CVE. | |||||
| CVE-2007-4153 | 1 Wordpress | 1 Wordpress | 2017-07-29 | 2.1 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the Options Database Table in the Admin Panel, accessed through options.php; or (2) the opml_url parameter to link-import.php. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability. | |||||
| CVE-2007-4154 | 1 Wordpress | 1 Wordpress | 2017-07-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in options.php in WordPress 2.2.1 allows remote authenticated administrators to execute arbitrary SQL commands via the page_options parameter to (1) options-general.php, (2) options-writing.php, (3) options-reading.php, (4) options-discussion.php, (5) options-privacy.php, (6) options-permalink.php, (7) options-misc.php, and possibly other unspecified components. | |||||
| CVE-2007-3155 | 1 Egroupware | 1 Egroupware | 2017-07-29 | 10.0 HIGH | N/A |
| Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown impact and attack vectors related to ADOdb. NOTE: due to lack of details from the vendor, it is uncertain whether this issue is already covered by another CVE identifier. | |||||
| CVE-2007-3154 | 1 Egroupware | 1 Egroupware | 2017-07-29 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka wz_tooltips) before 4.01, as used by eGroupWare before 1.2.107-2 and other packages, has unknown impact and remote attack vectors. | |||||
| CVE-2007-4265 | 1 Visionera Ab | 1 Visionproject | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in VisionProject 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) projectIssueId parameter in EditProjectIssue.do, the (2) projectId parameter in ProjectSelected.do, the (3) folderId parameter in ProjectDocuments.do and the (4) sortField parameter in ProjectIssues.do. | |||||
| CVE-2007-4124 | 1 Hitachi | 14 Cosminexus Application Server, Cosminexus Collaboration Portal, Cosminexus Developer and 11 more | 2017-07-29 | 4.9 MEDIUM | N/A |
| The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user's session data, and possibly gain privileges. | |||||
| CVE-2007-4264 | 1 Kai Blankenhorn Bitfolge | 1 Simple And Nice Index File | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) 1.5.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) path and (2) download parameters. | |||||
| CVE-2007-4246 | 1 Justsystem | 1 Ichitaro | 2017-07-29 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability, possibly a buffer overflow, in Justsystem Ichitaro 2007 and earlier allows remote attackers to execute arbitrary code via a modified document, as actively exploited in August 2007 by malware such as Tarodrop.D (Tarodrop.Q), a different vulnerability than CVE-2006-4326, CVE-2006-5424, CVE-2006-6400, and CVE-2007-1938. | |||||
| CVE-2007-4240 | 1 Help Center Live | 1 Help Center Live | 2017-07-29 | 7.5 HIGH | N/A |
| The check_logout function in class/auth.php in Help Center Live (hcl) 2.1.3a sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to delete administrative users and have other unspecified impact via certain requests to (1) admin/departments.php, (2) admin/operators.php, and other unspecified scripts. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-4241 | 2 Cisco, Hp | 2 Local Director, Hp-ux | 2017-07-29 | 10.0 HIGH | N/A |
| Buffer overflow in ldcconn in Hewlett-Packard (HP) Controller for Cisco Local Director on HP-UX 11.11i allows remote attackers to execute arbitrary code via a long string to TCP port 17781. | |||||
| CVE-2007-4177 | 1 Interact | 1 Interact | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Interact before 2.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2007-3328. | |||||
| CVE-2007-4228 | 1 Ibm | 1 Aix | 2017-07-29 | 4.7 MEDIUM | N/A |
| rmpvc on IBM AIX 4.3 allows local users to cause a denial of service (system crash) via long port logical name (-l) argument. | |||||
| CVE-2007-4141 | 1 Openrat | 1 Openrat Cms | 2017-07-29 | 4.3 MEDIUM | N/A |
| OpenRat CMS 0.8-beta1 and earlier allows remote attackers to obtain sensitive information via a request containing an XSS sequence in the action parameter to index.php, which reveals the path in an error message. | |||||
| CVE-2007-4142 | 1 Ibm | 1 Lotus Sametime | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Lotus Sametime Server 7.5.1 before 20070731 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a crafted Sametime meeting. | |||||
| CVE-2007-4225 | 1 Kde | 1 Konqueror | 2017-07-29 | 6.8 MEDIUM | N/A |
| Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion. | |||||
| CVE-2007-4176 | 1 Eqdkp | 1 Eqdkp Plus | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in EQDKP Plus before 0.4.4.5 have unknown impact and attack vectors. | |||||