Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1039 | 1 Peanutkb | 1 Peanut Knowledge Base | 2017-07-29 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Peanut Knowledge Base (PeanutKB) 0.0.3 and earlier has unknown impact and attack vectors. | |||||
| CVE-2007-1064 | 2 Cisco, Meetinghouse | 4 Secure Services Client, Security Agent, Trust Agent and 1 more | 2017-07-29 | 6.8 MEDIUM | N/A |
| Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not drop privileges when the help facility in the supplicant GUI is invoked, which allows local users to gain privileges, aka CSCsf14120. | |||||
| CVE-2007-1065 | 2 Cisco, Meetinghouse | 4 Secure Services Client, Security Agent, Trust Agent and 1 more | 2017-07-29 | 6.8 MEDIUM | N/A |
| Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client allows local users to gain SYSTEM privileges via unspecified vectors in the supplicant, aka CSCsf15836. | |||||
| CVE-2007-1066 | 2 Cisco, Meetinghouse | 4 Secure Services Client, Security Agent, Trust Agent and 1 more | 2017-07-29 | 6.8 MEDIUM | N/A |
| Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting "a thread under ConnectionClient.exe," aka CSCsg20558. | |||||
| CVE-2007-1067 | 2 Cisco, Meetinghouse | 4 Secure Services Client, Security Agent, Trust Agent and 1 more | 2017-07-29 | 7.2 HIGH | N/A |
| Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not properly parse commands, which allows local users to gain privileges via unspecified vectors, aka CSCsh30624. | |||||
| CVE-2007-1081 | 1 Typo3 | 1 Typo3 | 2017-07-29 | 7.5 HIGH | N/A |
| The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. NOTE: some details were obtained from third party information. | |||||
| CVE-2007-1252 | 1 Symantec | 1 Mail Security | 2017-07-29 | 9.3 HIGH | N/A |
| Buffer overflow in Symantec Mail Security for SMTP 5.0 before Patch 175 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted headers in an e-mail message. NOTE: some information was obtained from third party sources. | |||||
| CVE-2007-1121 | 1 Zephyrsoft Toolbox | 1 Address Book Continued | 2017-07-29 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-1123 | 1 Zpanel | 1 Zpanel | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ZPanel 2.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the body parameter to templates/ZPanelV2/template.php or (2) the page parameter to zpanel.php. NOTE: the zpanel.php vector may overlap CVE-2005-0793.2. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-1137 | 1 Sourceforge | 1 Putmail | 2017-07-29 | 5.0 MEDIUM | N/A |
| putmail.py in Putmail before 1.4 does not detect when a user attempts to use TLS with a server that does not support it, which causes putmail.py to send the username and password in plaintext while the user believes encryption is in use, and allows remote attackers to obtain sensitive information. | |||||
| CVE-2007-1173 | 3 Centennial, Numara, Symantec | 3 Discovery, Asset Manager, Discovery | 2017-07-29 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the CentennialIPTransferServer service (XFERWAN.EXE), as used by (1) Centennial Discovery 2006 Feature Pack 1, (2) Numara Asset Manager 8.0, and (3) Symantec Discovery 6.5, allow remote attackers to execute arbitrary code via long strings in a crafted TCP packet. | |||||
| CVE-2007-1174 | 1 Web-app.org | 1 Webapp | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 20070214 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to unspecified fields in user Profiles. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-1176 | 1 Web-app.org | 1 Webapp | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 0.9.9.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) Gallery Comments pages, (2) Feedback pages, (3) Search Results pages, and (4) the Statistics Log viewer. | |||||
| CVE-2007-1191 | 1 Quicksilver | 1 Del.icio.us Module | 2017-07-29 | 2.1 LOW | N/A |
| The Social Bookmarks (del.icio.us) plug-in 8F in Quicksilver writes usernames and passwords in plaintext to the /Library/Logs/Console/UID/Console.log file, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2007-1196 | 1 Citrix | 1 Presentation Server Client | 2017-07-29 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Citrix Presentation Server Client for Windows before 10.0 allows remote web sites to execute arbitrary code via unspecified vectors, related to the implementation of ICA connectivity through proxy servers. | |||||
| CVE-2007-1199 | 1 Adobe | 1 Acrobat Reader | 2017-07-29 | 4.3 MEDIUM | N/A |
| Adobe Reader and Acrobat Trial allow remote attackers to read arbitrary files via a file:// URI in a PDF document, as demonstrated with <</URI(file:///C:/)/S/URI>>, a different issue than CVE-2007-0045. | |||||
| CVE-2007-1241 | 1 Audins Audiens | 1 Audins Audiens | 2017-07-29 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in setup.php in Audins Audiens 3.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-1242 | 1 Audins Audiens | 1 Audins Audiens | 2017-07-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in system/index.php in Audins Audiens 3.3 allows remote attackers to execute arbitrary SQL commands via the PHPSESSID cookie. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-1243 | 1 Audins Audiens | 1 Audins Audiens | 2017-07-29 | 7.5 HIGH | N/A |
| Audins Audiens 3.3 allows remote attackers to bypass authentication and perform certain privileged actions, possibly an uninstall of the product, by calling unistall.php with the values cnf=disinstalla and status=on. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-1281 | 3 Kaspersky Lab, Linux, Microsoft | 3 Kaspersky Antivirus Engine, Linux Kernel, All Windows | 2017-07-29 | 7.8 HIGH | N/A |
| Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux allows remote attackers to cause a denial of service (CPU consumption) via a crafted UPX compressed file with a negative offset, which triggers an infinite loop during decompression. | |||||
| CVE-2007-1290 | 1 Tyger | 1 Bug Tracking System | 2017-07-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ViewReport.php in Tyger Bug Tracking System (TygerBT) 1.1.3 allows remote attackers to execute arbitrary SQL commands via the bug parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-1368 | 1 Drupal | 1 Drupal Project Issue Tracking | 2017-07-29 | 3.5 LOW | N/A |
| The Project issue tracking module before 4.7.x-1.3, 4.7.x-2.* before 4.7.x-2.3, and 5 before 5.x-0.2-beta for Drupal allows remote authenticated users, with "access project issues" permission, to read the contents of a private node via a URL with a modified node identifier. | |||||
| CVE-2007-1300 | 1 Douran Software Technologies | 1 Isputil | 2017-07-29 | 7.8 HIGH | N/A |
| DOURAN Software Technologies ISPUtil 3.32.84.1, and possibly earlier versions, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and reseller data via a direct request for scripts/activesessions.ini. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-1306 | 1 Digium | 1 Asterisk | 2017-07-29 | 7.8 HIGH | N/A |
| Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference. | |||||
| CVE-2007-1369 | 1 Zend | 1 Zend Platform | 2017-07-29 | 4.4 MEDIUM | N/A |
| ini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier allows local users to modify the system php.ini file by editing a copy of php.ini file using the -f parameter, and then performing a symlink attack using the directory that contains the attacker-controlled php.ini file, and linking this directory to /usr/local/Zend/etc. | |||||
| CVE-2007-1324 | 1 Snapgear | 6 560, 580, 585 and 3 more | 2017-07-29 | 5.0 MEDIUM | N/A |
| SnapGear 560, 585, 580, 640, 710, and 720 appliances before the 3.1.4u5 firmware allow remote attackers to cause a denial of service (complete packet loss) via a packet flood, a different vulnerability than CVE-2006-4613. | |||||
| CVE-2007-1338 | 1 Apple | 1 Airport Extreme | 2017-07-29 | 7.5 HIGH | N/A |
| The default configuration of the AirPort utility in Apple AirPort Extreme creates an IPv6 tunnel but does not enable the "Block incoming IPv6 connections" setting, which might allow remote attackers to bypass intended access restrictions by establishing IPv6 sessions that would have been rejected over IPv4. | |||||
| CVE-2007-1370 | 1 Zend | 1 Zend Platform | 2017-07-29 | 6.2 MEDIUM | N/A |
| Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files. NOTE: this only occurs when safe_mode and open_basedir are disabled; other settings require leverage for other vulnerabilities. | |||||
| CVE-2007-1343 | 1 Webcalendar | 1 Webcalendar | 2017-07-29 | 7.5 HIGH | N/A |
| includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that probably include remote file inclusion and other issues. | |||||
| CVE-2007-1344 | 1 Icecast | 1 Ezstream | 2017-07-29 | 9.3 HIGH | N/A |
| Multiple buffer overflows in src/ezstream.c in Ezstream before 0.3.0 allow remote attackers to execute arbitrary code via a crafted XML configuration file processed by the (1) urlParse function, which causes a stack-based overflow and the (2) ReplaceString function, which causes a heap-based overflow. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-1360 | 1 Drupal | 1 Nodefamily | 2017-07-29 | 6.0 MEDIUM | N/A |
| Unspecified vulnerability in the Nodefamily module for Drupal 5.x before 5.x-1.0 allows remote authenticated users to access and modify other users' profiles via unspecified URL parameters. | |||||
| CVE-2007-1363 | 1 Dropafew | 1 Dropafew | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the delete action in (a) search.php or (b) search-pda.php, or the (2) calories parameter in a save action in editlogcal.php. | |||||
| CVE-2007-1364 | 1 Dropafew | 1 Dropafew | 2017-07-29 | 6.4 MEDIUM | N/A |
| DropAFew before 0.2.1 does not require authorization for certain privileged actions, which allows remote attackers to (1) view the logged calorie information of arbitrary users via the id parameter in editlogcal.php, (2) add arbitrary links via links.php, or (3) create arbitrary users via newaccount2.php. | |||||
| CVE-2007-1373 | 1 Pmail | 1 Mercury Mail Transport System | 2017-07-29 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute arbitrary code via a long LOGIN command. NOTE: this might be the same issue as CVE-2006-5961. | |||||
| CVE-2007-1374 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in pop_profile.asp in Snitz Forums 2000 3.4.06 allows remote attackers to inject arbitrary web script or HTML via the MSN parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-1397 | 1 Fish | 1 Fish | 2017-07-29 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) decrypt_topic_332 functions in FiSH allow remote attackers to execute arbitrary code via long strings. | |||||
| CVE-2007-1399 | 2 Pecl Zip, Php | 2 1.8.3, Php | 2017-07-29 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback. | |||||
| CVE-2007-1405 | 1 Edgewall Software | 1 Trac | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2007-1418 | 1 Mindtouch | 1 Dekiwiki | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in skins/ace/popup-notopic.php in MindTouch OpenGarden DekiWiki before Gooseberry++ allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||||
| CVE-2007-1465 | 1 Dproxy | 1 Dproxy | 2017-07-29 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in dproxy.c for dproxy 0.1 through 0.5 allows remote attackers to execute arbitrary code via a long DNS query packet to UDP port 53. | |||||
| CVE-2007-1474 | 1 Horde | 2 Horde Application Framework, Imp | 2017-07-29 | 6.8 MEDIUM | N/A |
| Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames. | |||||
| CVE-2007-1500 | 1 Gentoo | 1 Linux | 2017-07-29 | 4.3 MEDIUM | N/A |
| The Linux Security Auditing Tool (LSAT) allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using /tmp/lsat1.lsat. | |||||
| CVE-2007-1542 | 1 Cisco | 2 7940 Router, 7960 Router | 2017-07-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Cisco IP Phone 7940 and 7960 running firmware before POS8-6-0 allows remote attackers to cause a denial of service via the Remote-Party-ID sipURI field in a SIP INVITE request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-1559 | 1 Roxio | 1 Cineplayer | 2017-07-29 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in SonicDVDDashVRNav.dll in Roxio CinePlayer 3.2 allow remote attackers to execute arbitrary code via (1) unspecified long property values to SonicMediaPlayer.dll or (2) long arguments to unspecified methods in SonicMediaPlayer.dll. | |||||
| CVE-2007-1587 | 1 Tim Soderstrom | 1 Statsdawg | 2017-07-29 | 10.0 HIGH | N/A |
| templates/config/mail.tpl in Tim Soderstrom StatsDawg 0.92 allows remote attackers to execute arbitrary programs by specifying the program name in the qshapeLocation parameter. | |||||
| CVE-2007-1590 | 1 Grandstream | 1 Budgetone 200 | 2017-07-29 | 7.8 HIGH | N/A |
| The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and bootloader 1.1.1.5, allows remote attackers to cause a denial of service (device crash) via SIP (1) INVITE, (2) CANCEL, or unspecified other messages with a WWW-Authenticate header containing a crafted Digest domain. | |||||
| CVE-2007-1598 | 1 Intervations | 1 Filecopa | 2017-07-29 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in InterVations FileCOPA FTP Server 1.01 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by filecopa.tar by Immunity. NOTE: some of these details are obtained from third party information. NOTE: As of 20070322, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2007-0137 | 1 Serendipitynz | 2 Serene Bach, Serene Bach Sb | 2017-07-29 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SimpleBoxes/SerendipityNZ Serene Bach 2.05R and earlier, and 2.08D and earlier in the 2.08 series; and (2) sb 1.13D and earlier, and 1.18R and earlier in the 1.18 series; allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-6634 | 1 Mambo | 1 Extcalthai Module | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai (com_extcalendar) 0.9.1 and earlier component for Mambo allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_EXT[LANGUAGES_DIR] parameter to admin_events.php, (2) the mosConfig_absolute_path parameter to extcalendar.php, or (3) the CONFIG_EXT[LIB_DIR] parameter to lib/mail.inc.php. | |||||
| CVE-2006-6610 | 1 Alientrap | 1 Nexuiz | 2017-07-29 | 7.5 HIGH | N/A |
| clientcommands in Nexuiz before 2.2.1 has unknown impact and remote attack vectors related to "remote console command injection." | |||||