Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1665 | 2 Debian, Ekg | 2 Debian Linux, Ekg | 2017-07-29 | 5.0 MEDIUM | N/A |
| Memory leak in the token OCR functionality in ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service. | |||||
| CVE-2007-1675 | 1 Ibm | 1 Lotus Domino | 2017-07-29 | 10.0 HIGH | N/A |
| Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP server (nimap.exe) in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service via a long username. | |||||
| CVE-2007-1120 | 1 Steema Software | 1 Teechart Pro | 2017-07-29 | 9.3 HIGH | N/A |
| The (1) Import.LoadFromURL and (2) Export.asText.SaveToFile functions in TeeChart Pro ActiveX control (TeeChart7.ocx) allow remote attackers to download a crafted .tee file to an arbitrary location. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0223 | 1 Nicola Asuni | 1 All In One Control Panel | 2017-07-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shared/code/cp_functions_downloads.php in Nicola Asuni All In One Control Panel (AIOCP) before 1.3.009 allows remote attackers to execute arbitrary SQL commands via the download_category parameter. | |||||
| CVE-2007-0138 | 1 Fersch | 1 Formbankserver | 2017-07-29 | 5.0 MEDIUM | N/A |
| formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with (1) AbfrageForm or (2) EingabeForm, allows remote attackers to cause a denial of service (daemon crash) via multiple requests containing many /../ sequences in the Name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0145 | 1 Bingo News | 1 Bingo News | 2017-07-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in bn_smrep1.php in BinGoPHP News (BP News) 3.01 allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter, a different vector than CVE-2006-4648 and CVE-2006-4649. | |||||
| CVE-2007-0159 | 1 Geoip | 1 Geoip | 2017-07-29 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the GeoIP_update_database_general function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious update servers (possibly only update.maxmind.com) to overwrite arbitrary files via a .. (dot dot) in the database filename, which is returned by a request to app/update_getfilename. | |||||
| CVE-2007-0162 | 1 Unsanity | 1 Application Enhancer | 2017-07-29 | 6.8 MEDIUM | N/A |
| Unsanity Application Enhancer (APE) 2.0.2 installs with insecure permissions for the (1) ApplicationEnhancer binary and the (2) /Library/Frameworks/ApplicationEnhancer.framework directory, which allows local users to gain privileges by modifying or replacing the binary or library files. | |||||
| CVE-2007-0177 | 1 Mediawiki | 1 Mediawiki | 2017-07-29 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-0180 | 1 Ef Software | 1 Ef Commander | 2017-07-29 | 7.6 HIGH | N/A |
| Stack-based buffer overflow in EF Commander 5.75 allows user-assisted attackers to execute arbitrary code via a crafted ISO file containing a file within several nested directories, which produces a large filename that triggers the overflow. | |||||
| CVE-2007-0184 | 1 Getahead | 1 Direct Web Remoting | 2017-07-29 | 7.5 HIGH | N/A |
| Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks. | |||||
| CVE-2007-0185 | 1 Getahead | 1 Direct Web Remoting | 2017-07-29 | 5.0 MEDIUM | N/A |
| Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to cause a denial of service (memory exhaustion and servlet outage) via unknown vectors related to a large number of calls in a batch. | |||||
| CVE-2007-0201 | 1 Tis | 1 Internet Firewall Toolkit | 2017-07-29 | 10.0 HIGH | N/A |
| Buffer overflow in the cmd_usr function in ftp-gw in TIS Internet Firewall Toolkit (FWTK) allows remote attackers to execute arbitrary code via a long destination hostname (dest). | |||||
| CVE-2007-0204 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0228 | 1 Eiqnetworks | 1 Enterprise Security Analyzer | 2017-07-29 | 5.0 MEDIUM | N/A |
| The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause a denial of service (service crash) via a (1) &CONNECTSERVER& (2) &ADDENTRY& (3) &FIN& (4) &START& (5) &LOGPATH& (6) &FWADELTA& (7) &FWALOG& (8) &SETSYNCHRONOUS& (9) &SETPRGFILE&, or (10) &SETREPLYPORT& string to TCP port 10618, which triggers a NULL pointer dereference. | |||||
| CVE-2007-0237 | 1 Lookup | 1 Lookup | 2017-07-29 | 4.6 MEDIUM | N/A |
| The ndeb-binary feature in Lookup (lookup-el) allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2007-0240 | 1 Zope | 1 Zope | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request. | |||||
| CVE-2007-0246 | 1 Gforge | 1 Gforge | 2017-07-29 | 6.8 MEDIUM | N/A |
| plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATH_INFO. | |||||
| CVE-2007-0248 | 1 Squid | 1 Squid | 2017-07-29 | 5.0 MEDIUM | N/A |
| The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop. | |||||
| CVE-2007-0269 | 1 Oracle | 1 Database Server | 2017-07-29 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to the Change Data Capture and sys.dbms_cdc_subscribe privileges, aka DB02. | |||||
| CVE-2007-0258 | 2 Fastilo, Opensolution | 2 Fastilo, Quick.car | 2017-07-29 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in (1) Fastilo 2.0 and (2) Open Solution Quick.Cart 2.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0276 | 1 Oracle | 1 Database Server | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4 and 9.0.1.5 have unknown impact and attack vectors related to (1) Advanced Security Option and oklist or okdstry (DB10), (2) Oracle Net Services (DB13), and (3) Recovery Manager and oklist (DB16). | |||||
| CVE-2007-0277 | 1 Oracle | 1 Database Server | 2017-07-29 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Database client-only 10.1.0.4 has unknown impact and attack vectors related to the Export component and expdp or impdp, aka DB11. | |||||
| CVE-2007-0278 | 1 Oracle | 1 Database Server | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) NLS Runtime and lmsgen (DB12), and (2) Oracle Text and ctxkbtc (DB14). | |||||
| CVE-2007-0279 | 1 Oracle | 2 E-business Suite, Http Server | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka (1) OHS01, (2) OHS02, (3) OHS05, (4) OHS06, and (5) OHS07. | |||||
| CVE-2007-0281 | 1 Oracle | 3 Application Server, Collaboration Suite, Http Server | 2017-07-29 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2, 10.1.2.1, and 10.1.3.0; and Collaboration Suite 9.0.4.2 and 10.1.2; have unknown impact and attack vectors related to the Oracle HTTP Server, aka (1) OHS03 and (2) OHS04. | |||||
| CVE-2007-0282 | 1 Oracle | 3 Application Server, Collaboration Suite, Http Server | 2017-07-29 | 3.2 LOW | N/A |
| Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.2 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN02. | |||||
| CVE-2007-0283 | 1 Oracle | 2 Application Server, Collaboration Suite | 2017-07-29 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Application Server 9.0.4.3 and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to Oracle Containers for J2EE, aka OC4J02. | |||||
| CVE-2007-0284 | 1 Oracle | 2 Application Server, Collaboration Suite | 2017-07-29 | 6.4 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.3 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2, have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J03 and (2) OC4J04. | |||||
| CVE-2007-0285 | 1 Oracle | 3 Application Server, Collaboration Suite, E-business Suite | 2017-07-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 9.0.4.2 and 10.1.2; and E-Business Suite and Applications 11.5.10CU2 has unknown impact and attack vectors related to Oracle Reports Developer, aka REP01. | |||||
| CVE-2007-0286 | 1 Oracle | 2 Application Server, Collaboration Suite | 2017-07-29 | 2.6 LOW | N/A |
| Unspecified vulnerability in Oracle Application Server 10.1.2.0.2 and 10.1.3.0, and Collaboration Suite 10.1.2, has unknown impact and attack vectors related to Containers for J2EE, aka OC4J07. | |||||
| CVE-2007-0287 | 1 Oracle | 2 Application Server, Collaboration Suite | 2017-07-29 | 1.7 LOW | N/A |
| Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.0, and 10.1.2.0.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to Containers for J2EE, aka OC4J08. | |||||
| CVE-2007-0288 | 1 Oracle | 1 Application Server | 2017-07-29 | 1.7 LOW | N/A |
| Unspecified vulnerability in Oracle Application Server 10.1.4.0 has unknown impact and attack vectors related to Oracle Internet Directory, aka OID01. | |||||
| CVE-2007-0289 | 1 Oracle | 1 Application Server | 2017-07-29 | 6.4 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Oracle Collaboration Suite 9.0.4.2 have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J01, (2) OC4J05, and (3) OC4J06. | |||||
| CVE-2007-0290 | 1 Oracle | 1 E-business Suite | 2017-07-29 | 5.5 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors related to (1) Application Object Library (APPS01), (2) Human Resources (APPS03), (3) Payables (APPS04), (4) Trading Community Architecture (APPS05), and (5) Web Applications Desktop Integrator (APPS06). | |||||
| CVE-2007-0291 | 1 Oracle | 1 E-business Suite | 2017-07-29 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle E-Business Suite and Applications 6.2.3 has unknown impact and attack vectors related to Oracle Exchange, aka APPS02. | |||||
| CVE-2007-0294 | 1 Oracle | 1 Enterprise Manager | 2017-07-29 | 1.7 LOW | N/A |
| Unspecified vulnerability in Oracle Enterprise Manager 10.2.0.1 has unknown impact and attack vectors related to Database Cloning & Data Guard Management, aka EM06. | |||||
| CVE-2007-0295 | 1 Oracle | 2 Enterpriseone, Peoplesoft Enterprise | 2017-07-29 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13 and 8.47.11 has unknown impact and attack vectors in PeopleTools, aka PSE01. | |||||
| CVE-2007-0296 | 1 Oracle | 2 Enterpriseone, Peoplesoft Enterprise | 2017-07-29 | 2.1 LOW | N/A |
| Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13, 8.47.11, and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE02. | |||||
| CVE-2007-0297 | 1 Oracle | 2 Enterpriseone, Peoplesoft Enterprise | 2017-07-29 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.47.11 and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE03. | |||||
| CVE-2007-0313 | 1 Gonicus | 1 Gonicus System Administration | 2017-07-29 | 9.0 HIGH | N/A |
| Unspecified vulnerability in GONICUS System Administration (GOsa) before 2.5.8 allows remote authenticated users to modify certain settings, including the admin password, via crafted POST requests. | |||||
| CVE-2007-0316 | 1 All In One Control Panel | 1 All In One Control Panel | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.010 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) xuser_name parameter to shared/code/cp_authorization.php, and the (2) did parameter to public/code/cp_downloads.php, different vectors than CVE-2007-0223. | |||||
| CVE-2007-0317 | 1 Filezilla | 1 Filezilla | 2017-07-29 | 7.5 HIGH | N/A |
| Format string vulnerability in the LogMessage function in FileZilla before 3.0.0-beta5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted arguments. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0321 | 1 Macrovision | 1 Flexnet Connect | 2017-07-29 | 9.3 HIGH | N/A |
| Buffer overflow in the Update Service Agent ActiveX Control in isusweb.dll for Macrovision FLEXnet Connect (formerly InstallShield Update Service) allows remote attackers to execute arbitrary code via the Download method. | |||||
| CVE-2007-0328 | 1 Macrovision | 2 Flexnet Connect, Update Service | 2017-07-29 | 9.3 HIGH | N/A |
| The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via (1) the Execute method, and obtain the exit status using (2) the GetExitCode method. | |||||
| CVE-2007-0483 | 1 Enthusiast | 1 Enthusiast | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Enthusiast 3.1 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) show_owned.php or (2) show_joined.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0334 | 1 Ingate | 1 Firewall And Siparator | 2017-07-29 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the SIP module in InGate Firewall and SIParator before 4.5.1 allows remote attackers to conduct replay attacks on the authentication mechanism via unknown vectors. | |||||
| CVE-2007-0346 | 1 Sme | 1 Filemailer | 2017-07-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the us parameter. | |||||
| CVE-2007-0357 | 1 Fritzdsl | 1 Fritzdsl | 2017-07-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the AVM IGD CTRL Service in Fritz!DSL 02.02.29 allows remote attackers to read arbitrary files via ..%5C (URL-encoded dot dot backslash) sequences in a URI requested from the AR7 webserver. | |||||
| CVE-2007-0358 | 1 Hp | 1 Jetdirect Firmware | 2017-07-29 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the FTP server implementation in HP Jetdirect firmware x.20.nn through x.24.nn allows remote attackers to cause a denial of service via unknown vectors. | |||||