Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1840 | 1 Ldap Account Manager | 1 Ldap Account Manager | 2017-07-29 | 4.3 MEDIUM | N/A |
| lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not escape HTML special characters in LDAP data, which allows remote attackers to have an unknown impact, probably cross-site scripting (XSS). | |||||
| CVE-2007-1834 | 1 Cisco | 2 Unified Callmanager, Unified Presence Server | 2017-07-29 | 7.8 HIGH | N/A |
| Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allow remote attackers to cause a denial of service (loss of voice services) via a flood of ICMP echo requests, aka bug ID CSCsf12698. | |||||
| CVE-2007-1833 | 1 Cisco | 1 Unified Callmanager | 2017-07-29 | 5.0 MEDIUM | N/A |
| The Skinny Call Control Protocol (SCCP) implementation in Cisco Unified CallManager (CUCM) 3.3 before 3.3(5)SR2a, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3)SR1, and 5.0 before 5.0(4a)SU1 allows remote attackers to cause a denial of service (loss of voice services) by sending crafted packets to the (1) SCCP (2000/tcp) or (2) SCCPS (2443/tcp) port. | |||||
| CVE-2007-1824 | 1 Php | 1 Php | 2017-07-29 | 5.1 MEDIUM | N/A |
| Buffer overflow in the php_stream_filter_create function in PHP 5 before 5.2.1 allows remote attackers to cause a denial of service (application crash) via a php://filter/ URL that has a name ending in the '.' character. | |||||
| CVE-2007-1826 | 1 Cisco | 2 Unified Callmanager, Unified Presence Server | 2017-07-29 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the IPSec Manager Service for Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allows remote attackers to cause a denial of service (loss of cluster services) via a "specific UDP packet" to UDP port 8500, aka bug ID CSCsg60949. | |||||
| CVE-2007-1804 | 1 Pulseaudio | 1 Pulseaudio | 2017-07-29 | 7.8 HIGH | N/A |
| PulseAudio 0.9.5 allows remote attackers to cause a denial of service (daemon crash) via (1) a PA_PSTREAM_DESCRIPTOR_LENGTH value of FRAME_SIZE_MAX_ALLOW sent on TCP port 9875, which triggers a p->export assertion failure in do_read; (2) a PA_PSTREAM_DESCRIPTOR_LENGTH value of 0 sent on TCP port 9875, which triggers a length assertion failure in pa_memblock_new; or (3) an empty packet on UDP port 9875, which triggers a t assertion failure in pa_sdp_parse; and allows remote authenticated users to cause a denial of service (daemon crash) via a crafted packet on TCP port 9875 that (4) triggers a maxlength assertion failure in pa_memblockq_new, (5) triggers a size assertion failure in pa_xmalloc, or (6) plays a certain sound file. | |||||
| CVE-2007-1802 | 1 Maildwarf | 1 Maildwarf | 2017-07-29 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MailDwarf 3.01 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-1800 | 1 Cisco | 1 Trust Agent | 2017-07-29 | 7.5 HIGH | N/A |
| Cisco Secure ACS does not require authentication when Cisco Trust Agent (CTA) transmits posture information, which might allow remote attackers to gain network access via a spoofed Network Endpoint Assessment posture, aka "NACATTACK." NOTE: this attack might be limited to authenticated users and devices. | |||||
| CVE-2007-2886 | 1 Nortel | 1 Communications Server | 2017-07-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Nortel CS 1000 M media card in Enterprise VoIP-Core-CS 1000E, 1000M, and 1000S 04.50W before 20070523 in Meridian/CS 1000 allows remote attackers to cause a denial of service (card hang) via unspecified vectors. | |||||
| CVE-2007-2927 | 2 Atheros, Microsoft | 2 Wireless Adapter Drivers, All Windows | 2017-07-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Atheros 802.11 a/b/g wireless adapter drivers before 5.3.0.35, and 6.x before 6.0.3.67, on Windows allows remote attackers to cause a denial of service via a crafted 802.11 management frame. | |||||
| CVE-2007-2881 | 1 Sun | 1 Java System Web Proxy Server | 2017-07-29 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in the SOCKS proxy support (sockd) in Sun Java Web Proxy Server before 4.0.5 allow remote attackers to execute arbitrary code via crafted packets during protocol negotiation. | |||||
| CVE-2007-2892 | 1 Asp-nuke | 1 Asp-nuke | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in news.asp in ASP-Nuke 2.0.7 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2895 | 1 Lead Technologies | 1 Leadtools Raster Dialog File Object | 2017-07-29 | 7.5 HIGH | N/A |
| Buffer overflow in a certain ActiveX control in LTRDF14e.DLL 14.5.0.44 in LeadTools Raster Dialog File Object allows remote attackers to execute arbitrary code via a long Directory property value. | |||||
| CVE-2007-2896 | 2 Microsoft, Symantec | 2 All Windows, Enterprise Security Manager | 2017-07-29 | 4.3 MEDIUM | N/A |
| Race condition in the Symantec Enterprise Security Manager (ESM) 6.5.3 managers and agents on Windows before 20070524 allows remote attackers to cause a denial of service (CPU consumption and application hang) via certain network scans to ESM ports. | |||||
| CVE-2007-2473 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-07-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter. | |||||
| CVE-2007-2501 | 1 Fernando M.a.d.s. | 1 Codepress | 2017-07-29 | 7.5 HIGH | N/A |
| Eval injection vulnerability in codepress.html in CodePress before 0.9.4 allows remote attackers to execute arbitrary code via certain input that is used in an eval function call. | |||||
| CVE-2007-0717 | 1 Apple | 1 Quicktime | 2017-07-29 | 5.8 MEDIUM | N/A |
| Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file. | |||||
| CVE-2007-0482 | 1 Sun | 1 Ray Server Software | 2017-07-29 | 4.6 MEDIUM | N/A |
| cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 allows local users to obtain the utadmin password by reading a web server's log file, or by conducting a different, unspecified local attack. | |||||
| CVE-2007-1691 | 1 Second Sight Software | 1 Activemod | 2017-07-29 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in Second Sight Software ActiveMod ActiveX control (ActiveMod.ocx) allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-1731 | 1 Hpaftpd | 1 Hpaftpd | 2017-07-29 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in High Performance Anonymous FTP Server (hpaftpd) 1.01 allow remote attackers to execute arbitrary code via long arguments to the (1) USER, (2) PASS, (3) CWD, (4) MKD, (5) RMD, (6) DELE, (7) RNFR, or (8) RNTO FTP command. | |||||
| CVE-2007-1739 | 1 Ibm | 1 Lotus Domino | 2017-07-29 | 7.8 HIGH | N/A |
| Heap-based buffer overflow in the LDAP server in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service (crash) via a long, malformed DN request, which causes only the lower 16 bits of the string length to be used in memory allocation. | |||||
| CVE-2007-1763 | 1 Microsoft | 1 Windows Vista | 2017-07-29 | 7.1 HIGH | N/A |
| The ATI kernel driver (atikmdag.sys) in Microsoft Windows Vista allows user-assisted remote attackers to cause a denial of service (crash) via a crafted JPG image, as demonstrated by a slideshow, possibly due to a buffer overflow. | |||||
| CVE-2007-1649 | 1 Php | 1 Php | 2017-07-29 | 7.8 HIGH | N/A |
| PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with S:, which does not properly track the number of input bytes being processed. | |||||
| CVE-2007-1727 | 4 Hp, Linux, Microsoft and 1 more | 7 Hp-ux, Openview Network Node Manager, Linux Kernel and 4 more | 2017-07-29 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, 7.50, and 7.51 allows remote authenticated users to access certain privileged "facilities" via unspecified vectors. | |||||
| CVE-2007-1786 | 1 Hitachi | 5 Cosminexus Collaboration Portal, Groupmax Collaboration Portal, Groupmax Collaboration Web Client and 2 more | 2017-07-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in Hitachi Collaboration - Online Community Management 01-00 through 01-30, as used in Groupmax Collaboration Portal, Groupmax Collaboration Web Client, uCosminexus Collaboration Portal, Cosminexus Collaboration Portal, and uCosminexus Content Manager, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2007-1677 | 2 Navision Software, Netbsd | 2 Navision Financials Server, Netbsd | 2017-07-29 | 6.6 MEDIUM | N/A |
| Multiple buffer overflows in the ISO network protocol support in the NetBSD kernel 2.0 through 4.0_BETA2, and NetBSD-current before 20070329, allow local users to execute arbitrary code via long parameters to certain functions, as demonstrated by a long sockaddr structure argument to the clnp_route function. | |||||
| CVE-2007-1683 | 1 Incredimail | 1 Immenushellext Activex Control | 2017-07-29 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the DoWebMenuAction function in the IncrediMail IMMenuShellExt ActiveX control (ImShExt.dll) allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-1684 | 1 Solidworks | 1 Sldimdownload Activex Control | 2017-07-29 | 9.3 HIGH | N/A |
| The Run function in SolidWorks sldimdownload ActiveX control in sldimdownload.dll before 16.0.0.6 allows remote attackers to execute arbitrary commands via the (1) installerpath and (2) applicationarguments arguments. | |||||
| CVE-2007-1687 | 1 Internet Pictures Corporation | 1 Ipix Image Well | 2017-07-29 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the Internet Pictures Corporation iPIX Image Well ActiveX control (iPIX-ImageWell-ipix.dll) allow remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-1690 | 1 Second Sight Software | 1 Activegs | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple stack-based buffer overflows in Second Sight Software ActiveGS ActiveX control (ActiveGS.ocx) allow remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-1767 | 1 Aol | 1 Aol Client Software | 2017-07-29 | 7.8 HIGH | N/A |
| Unspecified vulnerability in (1) Deskbar.dll and (2) Toolbar.dll in AOL 9.0 before February 2007 allows remote attackers to cause a denial of service (browser crash) via unknown vectors. | |||||
| CVE-2007-1650 | 1 Pcapsipdump | 1 Pcapsipdump | 2017-07-29 | 7.8 HIGH | N/A |
| pcapsipdump.cpp in pcapsipdump before 0.1.3 allows remote attackers to cause a denial of service (application crash) via a malformed SIP packet, which results in a NULL pointer dereference. | |||||
| CVE-2007-1770 | 1 Esri | 1 Arcgis | 2017-07-29 | 10.0 HIGH | N/A |
| Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests. | |||||
| CVE-2007-1745 | 2 Clam Anti-virus, Ifenslave | 2 Clamav, Ifenslave | 2017-07-29 | 7.1 HIGH | N/A |
| The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-1722 | 1 Signkorea | 1 Skcommax Activex Control | 2017-07-29 | 10.0 HIGH | N/A |
| Buffer overflow in the DownloadCertificateExt function in SignKorea SKCommAX ActiveX control module 7.2.0.2 and 3280 6.6.0.1 allows remote attackers to execute arbitrary code via a long pszUserID argument. | |||||
| CVE-2007-1654 | 1 Netsieben | 1 Netsieben Ssh Library | 2017-07-29 | 9.3 HIGH | N/A |
| Buffer overflow in the Ne7sshSftp::addOpenHandle function in ne7ssh_sftp.cpp in NetSieben SSH Library (ne7ssh) before 1.2.1 allows user-assisted remote SFTP servers to cause a denial of service (crash) or possibly execute arbitrary code via multiple file transfers, related to multiple open file handles in SFTP (1) put and (2) get operations. | |||||
| CVE-2007-1663 | 2 Debian, Ekg | 2 Debian Linux, Ekg | 2017-07-29 | 5.0 MEDIUM | N/A |
| Memory leak in the image message functionality in ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service. | |||||
| CVE-2007-1772 | 1 Hp | 1 Jetdirect | 2017-07-29 | 7.1 HIGH | N/A |
| The FTP service in HP JetDirect print servers allows remote attackers to cause a denial of service (engine crash) via a RETR command with a long pathname. | |||||
| CVE-2007-1610 | 1 Glue Software | 1 Newsglue | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the RSS reader in Glue Software NewsGlue before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via a feed. | |||||
| CVE-2007-1664 | 2 Debian, Ekg | 2 Debian Linux, Ekg | 2017-07-29 | 5.0 MEDIUM | N/A |
| ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service (NULL pointer dereference) via a vector related to the token OCR functionality. | |||||
| CVE-2007-1779 | 1 Advanced Website Creator | 1 Advanced Website Creator | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the MySQL back-end in Advanced Website Creator (AWC) before 1.9.0 might allow remote attackers to execute arbitrary SQL commands via unspecified parameters, related to use of mysql_escape_string instead of mysql_real_escape_string. | |||||
| CVE-2007-1780 | 1 Overlay Weaver | 1 Overlay Weaver | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the DHT shell (owdhtshell) in Overlay Weaver 0.5.9 to 0.5.11, when invoked with the -x option, allows remote attackers to inject arbitrary web script or HTML via fields in certain input forms. | |||||
| CVE-2007-1781 | 1 Minna De Office | 1 Minna De Office | 2017-07-29 | 4.6 MEDIUM | N/A |
| Minna De Office 1.x and 2.x does not properly restrict user access to certain privileged actions, which allows local users to change the configuration or have other unspecified impact. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-1782 | 1 Cruiseworks | 1 Cruiseworks | 2017-07-29 | 4.6 MEDIUM | N/A |
| CruiseWorks 1.09e and earlier does not properly restrict user access to certain privileged actions, which allows local users to change the configuration or have other unspecified impact. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-1784 | 1 Ibm | 1 Lotus Sametime | 2017-07-29 | 9.3 HIGH | N/A |
| The JNILoader ActiveX control (STJNILoader.ocx) 3.1.0.26 in IBM Lotus Notes Sametime before 7.5 allows remote attackers to load arbitrary DLL libraries and execute arbitrary code via arbitrary arguments to the loadLibrary function. | |||||
| CVE-2007-1611 | 1 Sourcenext | 1 Ikanari Jijyou | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the RSS reader in a certain SOURCENEXT product, probably IKANARI JIJYOU 1.0.0 and 1.0.1, allows remote attackers to inject arbitrary web script or HTML via the title of an article in a feed. | |||||
| CVE-2007-1799 | 1 Joris Guisson | 1 Ktorrent | 2017-07-29 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.3 only checks for the ".." string, which allows remote attackers to overwrite arbitrary files via modified ".." sequences in a torrent filename, as demonstrated by "../" sequences, due to an incomplete fix for CVE-2007-1384. | |||||
| CVE-2007-1795 | 1 Jccorp | 1 Urlshrink | 2017-07-29 | 10.0 HIGH | N/A |
| JCcorp URLshrink 1.3.1 allows remote attackers to execute arbitrary PHP code via the email address field in an HTML link. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-1713 | 1 B21soft | 1 Basp21 | 2017-07-29 | 6.4 MEDIUM | N/A |
| CRLF injection vulnerability in BSMTP.DLL in B21Soft BASP21 2003.0211, and BASP21 Pro 1.0.702.27 and earlier, allows remote attackers to inject arbitrary headers into e-mail messages via CRLF sequences in Subject lines. | |||||
| CVE-2007-1608 | 1 Ibm | 1 Websphere Application Server | 2017-07-29 | 7.5 HIGH | N/A |
| CRLF injection vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.19 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a single CRLF sequence in a context that is not a valid multi-line header. | |||||