Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6438 | 1 Wireshark | 1 Wireshark | 2018-10-15 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the SMB dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service via unknown vectors. NOTE: this identifier originally included MP3 and NCP, but those issues are already covered by CVE-2007-6111. | |||||
| CVE-2007-6439 | 1 Wireshark | 1 Wireshark | 2018-10-15 | 6.1 MEDIUM | N/A |
| Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite or large loop) via the (1) IPv6 or (2) USB dissector, which can trigger resource consumption or a crash. NOTE: this identifier originally included Firebird/Interbase, but it is already covered by CVE-2007-6116. The DCP ETSI issue is already covered by CVE-2007-6119. | |||||
| CVE-2007-6441 | 1 Wireshark | 1 Wireshark | 2018-10-15 | 3.3 LOW | N/A |
| The WiMAX dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors related to "unaligned access on some platforms." | |||||
| CVE-2007-6450 | 1 Wireshark | 1 Wireshark | 2018-10-15 | 5.0 MEDIUM | N/A |
| The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. | |||||
| CVE-2007-6451 | 1 Wireshark | 1 Wireshark | 2018-10-15 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the CIP dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger allocation of large amounts of memory. | |||||
| CVE-2007-6453 | 1 Raiden Professional Servers | 1 Raidenhttpd | 2018-10-15 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in raidenhttpd-admin/workspace.php in RaidenHTTPD 2.0.19, when the WebAdmin function is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ulang parameter. | |||||
| CVE-2007-6454 | 1 Peercast | 1 Peercast | 2018-10-15 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request. | |||||
| CVE-2007-6455 | 1 Mambo | 1 Mambo | 2018-10-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Itemid parameter in a com_frontpage option and the (2) option parameter. | |||||
| CVE-2007-6457 | 1 Netwin | 1 Surgemail | 2018-10-15 | 5.0 MEDIUM | N/A |
| Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header. | |||||
| CVE-2007-6459 | 1 Anon Proxy Server | 1 Anon Proxy Server | 2018-10-15 | 6.8 MEDIUM | N/A |
| Anon Proxy Server 0.100, and probably 0.101, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the host parameter to diagdns.php, and (2) the host parameter and possibly (3) the port parameter to diagconnect.php, a different vulnerability than CVE-2007-6460. | |||||
| CVE-2007-6467 | 1 Mkportal | 1 Mkportal | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows remote attackers to execute arbitrary SQL commands via the ida parameter in a gallery foto_show action. | |||||
| CVE-2007-6471 | 1 Phpay | 1 Phpay | 2018-10-15 | 5.8 MEDIUM | N/A |
| Incomplete blacklist vulnerability in main.php in phPay 2.02.01 on Windows allows remote attackers to conduct directory traversal attacks and include and execute arbitrary local files via a ..\ (dot dot backslash) in the config parameter. | |||||
| CVE-2007-6478 | 1 Rosoftengineering | 1 Rosoft Media Player | 2018-10-15 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in Rosoft Media Player 4.1.7, 4.1.8, and possibly earlier versions allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a .M3U file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-6483 | 1 Safenet | 2 Sentinel Keys Server, Sentinel Protection Server | 2018-10-15 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.0.0 through 7.4.0 and possibly earlier versions, and Sentinel Keys Server 1.0.3 and possibly earlier versions, allows remote attackers to read arbitrary files via a .. (dot dot) in the query string. | |||||
| CVE-2007-6485 | 1 Centreon | 1 Centreon | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Centreon 1.4.1 (aka Oreon 1.4) allow remote attackers to execute arbitrary PHP code via a URL in the fileOreonConf parameter to (1) MakeXML.php or (2) MakeXML4statusCounter.php in include/monitoring/engine/. | |||||
| CVE-2007-6491 | 1 Kvaliitti | 1 Webdoc Cms | 2018-10-15 | 10.0 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Kvaliitti WebDoc 3.0 CMS allow remote attackers to execute arbitrary SQL commands via (1) the cat_id parameter to categories.asp; and probably (2) the document_id parameter to categories.asp, and the (3) cat_id and (4) document_id parameters to subcategory.asp. | |||||
| CVE-2007-6492 | 1 Imesh.com | 1 Imesh | 2018-10-15 | 7.1 HIGH | N/A |
| The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via an empty string in the argument to the ProcessRequestEx method. | |||||
| CVE-2007-6493 | 1 Imesh.com | 1 Imesh | 2018-10-15 | 10.0 HIGH | N/A |
| The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to execute arbitrary code via a certain argument to the SetHandler method. | |||||
| CVE-2007-6494 | 1 Hosting Controller | 1 Hosting Controller | 2018-10-15 | 10.0 HIGH | N/A |
| Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to obtain login access via a request to hosting/addreseller.asp with a username in the reseller parameter, followed by a request to AdminSettings/displays.asp with the DecideAction and ChangeSkin parameters. | |||||
| CVE-2007-6495 | 1 Hosting Controller | 1 Hosting Controller | 2018-10-15 | 6.5 MEDIUM | N/A |
| inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the permissions of directories named (1) db, (2) www, (3) Special, and (4) log at arbitrary locations under the web root via a modified Dirroot parameter in an AddUser action to accounts/AccountActions.asp. NOTE: this can be leveraged for remote code execution by changing the permissions of \Forum\db, which is configured for execution of ASP scripts with administrative privileges, and then uploading a script to \Forum\db. | |||||
| CVE-2007-6496 | 1 Hosting Controller | 1 Hosting Controller | 2018-10-15 | 6.8 MEDIUM | N/A |
| Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to register arbitrary users via a request to hosting/addsubsite.asp with the loginname and password parameters set, when preceded by certain requests to hosting/default.asp and hosting/selectdomain.asp, a related issue to CVE-2005-1654. | |||||
| CVE-2007-6497 | 1 Hosting Controller | 1 Hosting Controller | 2018-10-15 | 7.5 HIGH | N/A |
| Hosting Controller 6.1 Hot fix 3.3 and earlier (1) allows remote attackers to change arbitrary user profiles via a request to Hosting/Addreseller.asp with modified loginname and email parameters; and (2) allows remote authenticated users to change a credit amount and increase a discount via an UpdateUser action to Accounts/AccountActions.asp with modified UserName, FullName, CreditLimit, and DefaultDiscount parameters, a related issue to CVE-2005-2219. | |||||
| CVE-2007-6498 | 1 Hosting Controller | 1 Hosting Controller | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) email and (2) loginname parameters to Hosting/Addreseller.asp, (3) the sortfield parameter to accounts/accountmanager.asp, (4) the GateWayID parameter to OpenApi/GatewayVariables.asp, and possibly (5) unspecified vectors to IIS/iibind.asp. | |||||
| CVE-2007-6499 | 1 Hosting Controller | 1 Hosting Controller | 2018-10-15 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to uninstall the FrontPage extensions of an arbitrary account via a request to fp2002/UNINSTAL.asp with a "host id (IIS) value." | |||||
| CVE-2007-6500 | 1 Hosting Controller | 1 Hosting Controller | 2018-10-15 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to delete "gateway information" via a request to OpenApi/GatewayVariables.asp. | |||||
| CVE-2007-6501 | 1 Hosting Controller | 1 Hosting Controller | 2018-10-15 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to enable or disable "pay type" via a request to adminsettings/choosetranstype.asp. | |||||
| CVE-2007-6502 | 1 Hosting Controller | 1 Hosting Controller | 2018-10-15 | 5.5 MEDIUM | N/A |
| Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to obtain sensitive information via (1) the AdminName and AdminLevel parameters to fp2000/NEWSRVR.asp, which discloses usernames; and (2) certain XML HTTP requests to hosting/css.asp using Microsoft.XMLHTTP or MSXML2.XMLHTTP objects, which trigger a response with the setup directory pathname in the HTML source; and (3) might allow remote attackers to obtain sensitive information via a request for /admin/forum/, which reveals the path in an error message when a forum is not found. | |||||
| CVE-2007-6503 | 1 Hosting Controller | 1 Hosting Controller | 2018-10-15 | 5.5 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to (1) import an arbitrary plan via a request to hosting/importhostingplans.asp; or (2) change an arbitrary plan via a request to hosting/AutoSignUpPlans.asp with the (a) save, (b) 30, and (c) d_30 parameters. | |||||
| CVE-2007-6504 | 1 Hosting Controller | 1 Hosting Controller | 2018-10-15 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the headers of arbitrary hosts via an unspecified parameter. | |||||
| CVE-2007-6506 | 1 Hp | 1 Software Update | 2018-10-15 | 9.3 HIGH | N/A |
| The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method. | |||||
| CVE-2007-6507 | 1 Trend Micro | 1 Serverprotect | 2018-10-15 | 10.0 HIGH | N/A |
| SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain "full file system access" and execute arbitrary code. | |||||
| CVE-2007-6508 | 1 Xecms | 1 Xecms | 2018-10-15 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in view.php in xeCMS 1.0 allows remote attackers to read arbitrary files via a ..%2F (dot dot slash) in the list parameter. | |||||
| CVE-2007-6511 | 1 Websense | 1 Enterpise | 2018-10-15 | 5.0 MEDIUM | N/A |
| Websense Enterprise 6.3.1 allows remote attackers to bypass content filtering by visiting http URLs with a (1) RealPlayer G2, (2) MSMSGS, or (3) StoneHttpAgent User-Agent header, which results in a Non-HTTP categorization. | |||||
| CVE-2007-6512 | 1 Php | 1 Mysql Banner Exchange | 2018-10-15 | 5.0 MEDIUM | N/A |
| PHP MySQL Banner Exchange 2.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database information via a direct request to inc/lib.inc. | |||||
| CVE-2007-6514 | 2 Apache, Linux | 2 Http Server, Linux Kernel | 2018-10-15 | 4.3 MEDIUM | N/A |
| Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive. | |||||
| CVE-2007-6515 | 1 Sitescape | 2 Sitescape Forum St, Sitescape Forum Zx | 2018-10-15 | 7.5 HIGH | N/A |
| support/dispatch.cgi in SiteScape Forum allows remote attackers to execute arbitrary TCL code via code separator characters in the query string. | |||||
| CVE-2007-6517 | 1 Aeries | 1 Aeries Browser Interface | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the forget password section (LostPwd.asp) in Eagle Software Aeries Browser Interface (ABI) 3.7.9.17 allows remote attackers to execute arbitrary SQL commands via the EmailAddress parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-6518 | 1 Woltlab | 1 Burning Board Lite | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in search.php in WoltLab Burning Board (wBB) Lite 1.0.2 pl3e allow remote attackers to execute arbitrary SQL commands via the (1) showposts, (2) sortby, and (3) sortorder parameters. | |||||
| CVE-2007-6523 | 1 Opera | 1 Opera Browser | 2018-10-15 | 7.8 HIGH | N/A |
| Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x before 9.25 allows remote attackers to cause a denial of service (CPU consumption) via a crafted bitmap (BMP) file that triggers a large number of calculations and checks. | |||||
| CVE-2007-6524 | 1 Opera | 1 Opera Browser | 2018-10-15 | 7.8 HIGH | N/A |
| Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap (BMP) file, as demonstrated using a CANVAS element and JavaScript in an HTML document for copying these contents from 9.50 beta, a related issue to CVE-2008-0420. | |||||
| CVE-2007-6526 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via the area_name parameter. | |||||
| CVE-2007-6407 | 1 Ibm | 1 Tivoli Provisioning Manager Express | 2018-10-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Provisioning Manager Express allow remote attackers to inject arbitrary web script or HTML via the (1) "assess modification," (2) user-id, and other unspecified fields to the /tpmx URI; or (3) involving unspecified vectors related to "error processing." | |||||
| CVE-2007-6408 | 1 Ibm | 1 Tivoli Provisioning Manager Express | 2018-10-15 | 5.0 MEDIUM | N/A |
| IBM Tivoli Provisioning Manager Express provides unspecified information in error messages when (1) attempted duplication of a username occurs when creating an account or (2) when trying to login using a valid username, which makes it easier for remote attackers to enumerate usernames. | |||||
| CVE-2007-6409 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2018-10-15 | 4.3 MEDIUM | N/A |
| The gg protocol handler in Gadu-Gadu, when this product is installed but not running, does not properly handle the skin attribute, which allows remote attackers to cause a denial of service (resource consumption) via unspecified network traffic. | |||||
| CVE-2007-6410 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2018-10-15 | 4.3 MEDIUM | N/A |
| Gadu-Gadu does not properly perform protocol handling, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and add arbitrary user accounts or cause a denial of service as administrators via an unspecified "crafted link," possibly related to the gg protocol. | |||||
| CVE-2007-6411 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2018-10-15 | 4.3 MEDIUM | N/A |
| Multiple buffer overflows in the HandleEmotsConfig function in the GG Client in Gadu-Gadu 7.7 Build 3669 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (gg.exe process crash) via a long string in an emots.txt file. | |||||
| CVE-2007-6412 | 1 Bitweaver | 1 Bitweaver | 2018-10-15 | 6.8 MEDIUM | N/A |
| Direct static code injection vulnerability in wiki/index.php in Bitweaver 2.0.0 and earlier, when comments are enabled, allows remote attackers to inject arbitrary PHP code via an editcomments action. | |||||
| CVE-2007-6425 | 1 Hp | 1 Hp-ux | 2018-10-15 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP-UX B.11.31, when running ARPA Transport, allows remote attackers to cause a denial of service via unknown vectors. | |||||
| CVE-2007-6426 | 1 Emc | 1 Replistor | 2018-10-15 | 7.8 HIGH | N/A |
| Multiple heap-based buffer overflows in EMC RepliStor 6.2 SP2, and possibly earlier versions, allow remote attackers to execute arbitrary code via crafted compressed data. | |||||
| CVE-2007-6428 | 1 X.org | 2 Tog-cup, Xserver | 2018-10-15 | 5.0 MEDIUM | N/A |
| The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to read the contents of arbitrary memory locations via a request containing a 32-bit value that is improperly used as an array index. | |||||