Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0634 | 1 Sun | 1 Solaris | 2017-10-11 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets. | |||||
| CVE-2007-0648 | 1 Cisco | 1 Ios | 2017-10-11 | 7.8 HIGH | N/A |
| Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP. | |||||
| CVE-2007-0668 | 1 Sun | 1 Solaris | 2017-10-11 | 6.2 MEDIUM | N/A |
| The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local users in a non-global zone to move and rename files in a read-only filesystem, which could lead to a denial of service. | |||||
| CVE-2007-0771 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2017-10-11 | 4.9 MEDIUM | N/A |
| The utrace support in Linux kernel 2.6.18, and other versions, allows local users to cause a denial of service (system hang) related to "MT exec + utrace_attach spin failure mode," as demonstrated by ptrace-thrash.c. | |||||
| CVE-2007-0773 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2017-10-11 | 4.6 MEDIUM | N/A |
| The Linux kernel before 2.6.9-42.0.8 in Red Hat 4.4 allows local users to cause a denial of service (kernel OOPS from null dereference) via fput in a 32-bit ioctl on 64-bit x86 systems, an incomplete fix of CVE-2005-3044.1. | |||||
| CVE-2007-0790 | 1 Smartftp | 1 Smartftp | 2017-10-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in SmartFTP 2.0.1002 allows remote FTP servers to execute arbitrary code via a large banner. | |||||
| CVE-2007-0914 | 1 Sun | 1 Solaris | 2017-10-11 | 7.1 HIGH | N/A |
| Race condition in the TCP subsystem for Solaris 10 allows remote attackers to cause a denial of service (system panic) via unknown vectors. | |||||
| CVE-2007-0916 | 1 Hp | 1 Hp-ux | 2017-10-11 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors. | |||||
| CVE-2007-0917 | 1 Cisco | 1 Ios | 2017-10-11 | 6.4 MEDIUM | N/A |
| The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets. | |||||
| CVE-2007-0949 | 1 Itinysoft Studio | 1 Total Video Player | 2017-10-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in iTinySoft Studio Total Video Player 1.03, and possibly earlier, allows remote attackers to execute arbitrary code via a M3U playlist file that contains a long file name. NOTE: it was later reported that 1.20 and 1.30 are also affected. | |||||
| CVE-2007-0976 | 1 Activex Soft | 1 Actsoft Dvd Tools | 2017-10-11 | 10.0 HIGH | N/A |
| Buffer overflow in the ActSoft DVD-Tools ActiveX control (dvdtools.ocx) allows remote attackers to execute arbitrary code via a long DVD_TOOLS.OpenDVD property value. | |||||
| CVE-2007-0977 | 1 Ibm | 1 Lotus Domino | 2017-10-11 | 7.1 HIGH | N/A |
| IBM Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores HTTPPassword hashes from names.nsf in a manner accessible through Readviewentries and OpenDocument requests to the defaultview view, a different vector than CVE-2005-2428. | |||||
| CVE-2007-0984 | 1 Aspcode.net | 1 Pollmentor | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin_poll.asp in PollMentor 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to pollmentorres.asp. | |||||
| CVE-2007-0985 | 1 Phpcc | 1 Phpcc | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in nickpage.php in phpCC 4.2 beta and earlier allows remote attackers to execute arbitrary SQL commands via the npid parameter in a sign_gb action. | |||||
| CVE-2007-0998 | 2 Redhat, Xen | 3 Enterprise Linux, Fedora Core, Qemu | 2017-10-11 | 4.3 MEDIUM | N/A |
| The VNC server implementation in QEMU, as used by Xen and possibly other environments, allows local users of a guest operating system to read arbitrary files on the host operating system via unspecified vectors related to QEMU monitor mode, as demonstrated by mapping files to a CDROM device. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0999 | 1 Gnome | 1 Ekiga | 2017-10-11 | 9.3 HIGH | N/A |
| Format string vulnerability in Ekiga 2.0.3, and probably other versions, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2007-1006. | |||||
| CVE-2007-1000 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 7.2 HIGH | N/A |
| The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the Linux kernel before 2.6.20.2 allows local users to read arbitrary kernel memory via certain getsockopt calls that trigger a NULL dereference. | |||||
| CVE-2007-1006 | 1 Ekiga | 1 Ekiga | 2017-10-11 | 10.0 HIGH | N/A |
| Multiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause a denial of service and possibly execute arbitrary code via a crafted Q.931 SETUP packet. | |||||
| CVE-2007-1007 | 2 Ekiga, Redhat | 3 Ekiga, Enterprise Linux, Enterprise Linux Desktop | 2017-10-11 | 10.0 HIGH | N/A |
| Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function. | |||||
| CVE-2007-1010 | 1 Zebrafeeds | 1 Zebrafeeds | 2017-10-11 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ZebraFeeds 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the zf_path parameter to (1) aggregator.php and (2) controller.php in newsfeeds/includes/. | |||||
| CVE-2007-1013 | 1 Virtualsystem | 1 Htaccess Passwort Generator | 2017-10-11 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in generate.php in VirtualSystem Htaccess Passwort Generator 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the ht_pfad parameter. | |||||
| CVE-2007-1014 | 1 Vicftps | 1 Vicftps | 2017-10-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in VicFTPS before 5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long CWD command. | |||||
| CVE-2007-1015 | 1 Aktueldownload | 1 Aktueldownload Haber Script | 2017-10-11 | 10.0 HIGH | N/A |
| SQL injection vulnerability in HaberDetay.asp in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-1017 | 1 Virtualsystem | 1 Vs-news-system | 2017-10-11 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in show_news_inc.php in VirtualSystem VS-News-System 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the newsordner parameter. | |||||
| CVE-2007-1019 | 1 Webspell | 1 Webspell | 2017-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in news.php in webSPELL 4.01.02, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the showonly parameter to index.php, a different vector than CVE-2006-5388. | |||||
| CVE-2007-1021 | 1 Xfairguy | 1 Codeavalanche News | 2017-10-11 | 10.0 HIGH | N/A |
| SQL injection vulnerability in inc_listnews.asp in CodeAvalanche News 1.x allows remote attackers to execute arbitrary SQL commands via the CAT_ID parameter. | |||||
| CVE-2007-1023 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pop_profile.asp in Snitz Forums 2000 3.1 SR4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-1025 | 1 Virtualsystem | 1 Vs-link-partner | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/functions_inc.php in VS-Link-Partner 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gb_pfad, or possibly script_pfad, parameter. | |||||
| CVE-2007-1031 | 1 Spoonlabs | 1 Vivvo Article Management Cms | 2017-10-11 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in include/db_conn.php in SpoonLabs Vivvo Article Management CMS 3.4 allows remote attackers to include and execute arbitrary local files via the root parameter. | |||||
| CVE-2007-1040 | 1 Xpression News | 1 Xpression News | 2017-10-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in archives.php in Xpression News (X-News) 1.0.1 allows remote attackers to include arbitrary files or obtain sensitive information via a .. (dot dot) in the xnews-template parameter. | |||||
| CVE-2007-1041 | 1 Sandh | 1 News Rover | 2017-10-11 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in S&H Computer Systems News Rover 12.1 Rev 1 allow remote attackers to execute arbitrary code via a .nzb file with a long (1) group or (2) subject string. | |||||
| CVE-2007-1057 | 1 Nortel | 4 Alteon 2424 Application Switch, Net Direct Client, Ssl Vpn Module 1000 and 1 more | 2017-10-11 | 6.9 MEDIUM | N/A |
| The Net Direct client for Linux before 6.0.5 in Nortel Application Switch 2424, VPN 3050 and 3070, and SSL VPN Module 1000 extracts and executes files with insecure permissions, which allows local users to exploit a race condition to replace a world-writable file in /tmp/NetClient and cause another user to execute arbitrary code when attempting to execute this client, as demonstrated by replacing /tmp/NetClient/client. | |||||
| CVE-2007-1074 | 1 Dji | 1 Newsbin Pro | 2017-10-11 | 9.3 HIGH | N/A |
| Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x allow user-assisted remote attackers to execute arbitrary code via a long (1) DataPath or (2) DownloadPath attributed in a (a) NBI file, or (3) a long group field in a (b) NZB file. | |||||
| CVE-2007-1075 | 1 Turbosoft | 1 Turboftp | 2017-10-11 | 7.8 HIGH | N/A |
| TurboFTP 5.30 Build 572 allows remote servers to cause a denial of service (CPU consumption) via a response with a large number of newline characters. | |||||
| CVE-2007-1079 | 1 Rhinosoft | 1 Ftp Voyager | 2017-10-11 | 7.8 HIGH | N/A |
| Stack-based buffer overflow in Rhino Software, Inc. FTP Voyager 14.0.0.3 and earlier allows remote servers to cause a denial of service (crash) via a long response to a CWD command, which triggers the overflow when the user aborts the command. | |||||
| CVE-2007-1080 | 1 Turbosoft | 1 Turboftp | 2017-10-11 | 7.8 HIGH | N/A |
| Multiple heap-based buffer overflows in TurboFTP 5.30 Build 572 allow remote servers to cause a denial of service via (1) long filename in a response to a LIST command, and (2) a long response to a CWD command. | |||||
| CVE-2007-1082 | 1 Ftpx | 1 Ftp Explorer | 2017-10-11 | 7.1 HIGH | N/A |
| FTP Explorer 1.0.1 Build 047, and other versions before 1.0.1.52, allows remote servers to cause a denial of service (CPU consumption) via a long response to a PWD command. | |||||
| CVE-2007-1104 | 1 Php Mip | 1 Php Mip | 2017-10-11 | 4.3 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in top.php in PHP Module Implementation (PHP-MIP) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the laypath parameter. | |||||
| CVE-2007-1105 | 1 Extreme Phpbb | 1 Extreme Phpbb | 2017-10-11 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in functions.php in Extreme phpBB (aka phpBB Extreme) 3.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-1106 | 1 Nomoketos Rules | 1 Nomoketos Rules | 2017-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/functions_nomoketos_rules.php in the NoMoKeTos Rules 0.0.1 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-1108 | 1 Cs-gallery | 1 Cs-gallery | 2017-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in Christian Schneider CS-Gallery 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the album parameter during a securealbum todo action. | |||||
| CVE-2007-1118 | 1 Efiction | 1 Efiction | 2017-10-11 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path_to_smf parameter to (1) bridges/SMF/logout.php or (2) get_session_vars.php. | |||||
| CVE-2007-1130 | 1 Scipter.ch | 1 Gastebuch | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in sinagb.php in Sinapis Gastebuch 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter. | |||||
| CVE-2007-1131 | 1 Scripter.ch | 1 Sinapis Forum | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in sinapis.php in Sinapis Forum 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter. | |||||
| CVE-2007-1133 | 1 Scripter.ch | 1 Fcring | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in fcring.php in FCRing 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the s_fuss parameter. | |||||
| CVE-2007-1152 | 1 Pyrophobia | 1 Pyrophobia | 2017-10-11 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) act or (2) pid parameter to the top-level URI (index.php), or the (3) action parameter to admin/index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-1162 | 1 Common Controls Replacement Project | 1 Browsedialog Server | 2017-10-11 | 7.8 HIGH | N/A |
| A certain ActiveX control in the Common Controls Replacement Project (CCRP) CCRP BrowseDialog Server (ccrpbds6.dll) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) IsFolderAvailable or (2) RootFolder property value, different vectors than CVE-2007-0371. | |||||
| CVE-2007-1163 | 1 Webspell | 1 Webspell | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783. | |||||
| CVE-2007-1165 | 1 Dbscripts | 1 Dbguestbook | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DBGuestbook 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the dbs_base_path parameter to (1) utils.php, (2) guestbook.php, or (3) views.php in includes/. | |||||
| CVE-2007-1167 | 1 Dzcp | 1 Dev\!l\'z Clanportal | 2017-10-11 | 5.0 MEDIUM | N/A |
| inc/filebrowser/browser.php in deV!L`z Clanportal (DZCP) 1.4.5 and earlier allows remote attackers to obtain MySQL data via the inc/mysql.php value of the file parameter. | |||||