Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0362 | 1 Freshreader | 1 Freshreader | 2017-07-29 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the RSS feed component in FreshReader before 1.0.07010600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to tag attributes. | |||||
| CVE-2007-0363 | 1 Openads | 1 Openads | 2017-07-29 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin-search.php in (1) Openads for PostgreSQL (aka phpPgAds) before 2.0.10 and (2) Openads (aka phpAdsNew) before 2.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2007-0365 | 1 Nicola Asuni | 1 All In One Control Panel | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.009 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this is probably a different vulnerability than CVE-2006-5830. | |||||
| CVE-2007-0366 | 1 Maxum Development Corporation | 1 Rumpus Ftp Server | 2017-07-29 | 4.6 MEDIUM | N/A |
| Untrusted search path vulnerability in Rumpus 5.1 and earlier allows local users to gain privileges via a modified PATH that points to a malicious ipfw program. | |||||
| CVE-2007-0404 | 1 Django Project | 1 Django | 2017-07-29 | 7.5 HIGH | N/A |
| bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a (1) .po or (2) .mo file. | |||||
| CVE-2007-0405 | 1 Django Project | 1 Django | 2017-07-29 | 6.5 MEDIUM | N/A |
| The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user. | |||||
| CVE-2007-0406 | 1 Gxine | 1 Gxine | 2017-07-29 | 4.6 MEDIUM | N/A |
| Multiple buffer overflows in the (1) main function in (a) client.c, and the (2) server_setup and (3) server_client_connect functions in (b) server.c in gxine 0.5.9 and earlier allow local users to cause a denial of service (daemon crash) or gain privileges via a long HOME environment variable. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0407 | 1 Plain Black | 1 Webgui | 2017-07-29 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Operation/User.pm in Plain Black WebGUI before 7.3.5 (beta) allows remote attackers to inject arbitrary web script or HTML via the username parameter during anonymous registration, a different vector than CVE-2007-0308. NOTE: it is possible that a separate "WikiPage titles" issue was also fixed. | |||||
| CVE-2007-0462 | 1 Apple | 2 Mac Os X, Quicktime | 2017-07-29 | 10.0 HIGH | N/A |
| The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption. | |||||
| CVE-2007-0465 | 1 Apple | 2 Installer, Mac Os X | 2017-07-29 | 7.6 HIGH | N/A |
| Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4.8 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a (1) PKG, (2) DISTZ, or (3) MPKG package filename. | |||||
| CVE-2007-0467 | 1 Apple | 1 Mac Os X | 2017-07-29 | 6.2 MEDIUM | N/A |
| crashdump in Apple Mac OS X 10.4.8 allows local users in the admin group to modify arbitrary files or gain privileges via a symlink attack on application logs in /Library/Logs/CrashReporter/. | |||||
| CVE-2007-0484 | 1 Enthusiast | 1 Enthusiast | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Enthusiast 3.1 allow remote attackers to execute arbitrary SQL commands via the cat parameter to (1) show_owned.php, (2) show_joined.php, and possibly other files. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0488 | 1 Huawei | 1 Versatile Routing Platform | 2017-07-29 | 5.0 MEDIUM | N/A |
| The Huawei Versatile Routing Platform 1.43 2500E-003 firmware on the Quidway R1600 Router, and possibly other models, allows remote attackers to cause a denial of service (device crash) via a long show arp command. | |||||
| CVE-2007-0492 | 1 Webspell | 1 Webspell | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in gallery.php in webSPELL 4.01.02 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) galleryID parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0505 | 1 Drupal | 2 Project, Project Issue Tracking Module | 2017-07-29 | 8.5 HIGH | N/A |
| Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 through 5.x before 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue. | |||||
| CVE-2007-0506 | 1 Drupal | 2 Project, Project Issue Tracking Module | 2017-07-29 | 6.0 MEDIUM | N/A |
| The project_issue_access function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests. | |||||
| CVE-2007-0507 | 1 Drupal | 1 Acidfree | 2017-07-29 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the Acidfree module for Drupal before 4.6.x-1.0, and before 4.7.x-1.0 in the 4.7 series, allows remote authenticated users with "create acidfree albums" privileges to execute arbitrary SQL commands via node titles. | |||||
| CVE-2007-0509 | 1 Maklerplus | 1 Maklerplus | 2017-07-29 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in MaklerPlus before 1.2 have unknown impact and attack vectors, possibly relating to cross-site scripting (XSS) in the slogan parameter in main.tpl, or information leaks in error messages. | |||||
| CVE-2007-0510 | 1 Awffull | 1 Awffull | 2017-07-29 | 10.0 HIGH | N/A |
| Multiple buffer overflows in (1) graphs.c, (2) output.c, and (3) preserve.c in AWFFull 3.7.1 and earlier have unknown impact and attack vectors. NOTE: some of these details are obtained from third party information. NOTE: There may not be any attack vector that crosses privilege boundaries. | |||||
| CVE-2007-0513 | 1 Hitachi | 5 Hirdb Datareplicator, Hirdb Parallel Server, Hirdb Single Server and 2 more | 2017-07-29 | 5.0 MEDIUM | N/A |
| Hitachi HiRDB Datareplicator 7HiRDB, 7(64), 6, 6(64), 5.0, and 5.0(64); and various products that bundle HiRDB Datareplicator; allows attackers to cause a denial of service (CPU consumption) via certain data. | |||||
| CVE-2007-0531 | 1 Freewebshop | 1 Freewebshop | 2017-07-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/login.php in FreeWebShop 2.2.3 and 2.2.4 before 20070123 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter. | |||||
| CVE-2007-0534 | 1 Drupal | 2 Project, Project Issue Tracking Module | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project issue tracking 4.7.0 through 5.x before 20070123 and (2) Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via (a) certain "fields on project nodes" or (b) "certain project-specific settings regarding issue tracking." | |||||
| CVE-2007-0536 | 1 Rpath | 1 Rpath Linux | 2017-07-29 | 7.2 HIGH | N/A |
| The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges. | |||||
| CVE-2007-0552 | 1 Oh No Not Another Cms | 1 Oh No Not Another Cms | 2017-07-29 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in install/default/error404.html in Oh no! Not another CMS (Onnac) 0.0.8.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the error_url parameter. | |||||
| CVE-2007-0563 | 1 Symantec | 1 Web Security | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web Security (SWS) before 3.0.1.85 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) error messages and (2) blocked page messages produced by SWS. | |||||
| CVE-2007-0579 | 1 Horde | 1 Groupware | 2017-07-29 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in the calendar component in Horde Groupware Webmail Edition before 1.0, and Groupware before 1.0, allows remote attackers to include certain files via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0610 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-07-29 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the mailform feature in CMSimple 2.7 fix1 allows remote attackers to inject arbitrary web script or HTML via the sender parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0583 | 1 Http Commander | 1 Http Commander | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in HTTP Commander 6.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) LogoffMessage parameter to logofflast.aspx or the (2) txtUsername parameter to Default.aspx. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0615 | 1 Hitachi | 2 Hibun Advanced Edition Server, Jpi Hibun Advanced Edition Server | 2017-07-29 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Hitachi JP1/HIBUN Advanced Edition Management Server and Log Server before 20070124 allows remote attackers to cause a denial of service (application stop) via unexpected data. | |||||
| CVE-2007-0616 | 1 Zenphoto | 1 Zenphoto | 2017-07-29 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in zen/template-functions.php in zenphoto 1.0.4 up to 1.0.6 allows remote attackers to list arbitrary directories via ".." sequences in the album parameter to index.php. | |||||
| CVE-2007-0617 | 1 Earthlink | 1 Total Access | 2017-07-29 | 6.8 MEDIUM | N/A |
| The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked "safe for scripting," which allows remote attackers to add arbitrary e-mail addresses and domains to the spam blocker whitelist via the (1) AddSenderToWhitelist and (2) AddDomainToWhitelist functions. | |||||
| CVE-2007-0618 | 1 Ibm | 1 Aix | 2017-07-29 | 7.5 HIGH | N/A |
| Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability." | |||||
| CVE-2007-0724 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-29 | 6.9 MEDIUM | N/A |
| The IOKit HID interface in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently limit access to certain controls, which allows local users to gain privileges by using HID device events to read keystrokes from the console. | |||||
| CVE-2007-0625 | 1 Nomachine | 1 Nx Server | 2017-07-29 | 4.9 MEDIUM | N/A |
| nxconfigure.sh in NoMachine NX Server before 2.1.0-18 does not validate the invoking user, which allows local users to modify server configuration keys in /usr/NX/etc/server.cfg, resulting in an unspecified denial of service. | |||||
| CVE-2007-0627 | 1 Michael Still | 1 Gtalkbot | 2017-07-29 | 4.9 MEDIUM | N/A |
| Michael Still gtalkbot before 1.2 places username and password arguments on the command line, which allows local users to obtain sensitive information by listing the process. | |||||
| CVE-2007-0628 | 1 Sun | 1 Java System Access Manager | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the (1) goto or (2) gx-charset parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0629 | 1 Plain Black | 1 Webgui | 2017-07-29 | 6.4 MEDIUM | N/A |
| The www_purgeList method in Plain Black WebGUI before 7.3.8 does not properly check user permissions, which allows attackers to delete unauthorized assets. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0640 | 1 Zabbix | 1 Zabbix | 2017-07-29 | 10.0 HIGH | N/A |
| Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses." | |||||
| CVE-2007-0650 | 1 Makeindex | 1 Makeindex | 2017-07-29 | 6.8 MEDIUM | N/A |
| Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in teTeX might allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename. NOTE: other overflows exist but might not be exploitable, such as a heap-based overflow in the check_idx function. | |||||
| CVE-2007-0655 | 1 Microworld Technologies | 1 Escan | 2017-07-29 | 10.0 HIGH | N/A |
| The MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan 8.0.671.1, and possibly other versions, allows remote or local attackers to gain privileges and execute arbitrary commands by connecting directly to TCP port 2222. | |||||
| CVE-2007-0657 | 1 Alientrap | 1 Nexuiz | 2017-07-29 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Nexuiz 2.2.2 allows remote attackers to read and overwrite arbitrary files via the gamedir command. | |||||
| CVE-2007-0658 | 1 Drupal | 2 Drupal, Textimage | 2017-07-29 | 5.0 MEDIUM | N/A |
| The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal and the (2) Captcha 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal allow remote attackers to bypass the CAPTCHA test via an empty captcha element in $_SESSION. | |||||
| CVE-2007-0660 | 1 Dotnetnuke | 1 Dotnetnuke Iframe | 2017-07-29 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the IFrame module before 03.02.01 for DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "Pass through values." | |||||
| CVE-2007-0669 | 1 Twiki | 1 Twiki | 2017-07-29 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows local users to execute arbitrary Perl code via unknown vectors related to CGI session files. | |||||
| CVE-2007-0674 | 1 Microsoft | 1 Windows Mobile | 2017-07-29 | 7.1 HIGH | N/A |
| Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows user-assisted remote attackers to cause a denial of service (device hang) via a malformed JPEG file. | |||||
| CVE-2007-0685 | 1 Microsoft | 1 Windows Mobile | 2017-07-29 | 2.6 LOW | N/A |
| Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows attackers to cause a denial of service (application crash and device instability) via unspecified vectors, possibly related to a buffer overflow. | |||||
| CVE-2007-0696 | 1 Free Lan Intra Internet Portal | 1 Free Lan Intra Internet Portal | 2017-07-29 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in error messages in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, different vectors than CVE-2007-0611. | |||||
| CVE-2007-0698 | 1 Mentiss Acgv | 1 Acgvannu | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in ACGVannu 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the id_mod parameter to templates/modif.html, and other unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0715 | 1 Apple | 1 Quicktime | 2017-07-29 | 5.8 MEDIUM | N/A |
| Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT file. | |||||
| CVE-2007-0707 | 1 Gom Player | 1 Gom Player | 2017-07-29 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in GOM Player 2.0.12.3375 allows user-assisted remote attackers to execute arbitrary code via a .ASX file with a long URI in the "ref href" tag. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||