Total
5279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5936 | 2 Tetex, Tug | 2 Tetex, Texlive 2007 | 2018-10-15 | 3.6 LOW | N/A |
| dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place. | |||||
| CVE-2007-5919 | 1 Mywebftp | 1 Mywebftp | 2018-10-15 | 5.0 MEDIUM | N/A |
| MyWebFTP, possibly 5.3.2, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain an MD5 password hash via a direct request for pass/pass.txt. | |||||
| CVE-2007-5900 | 1 Php | 1 Php | 2018-10-15 | 6.9 MEDIUM | N/A |
| PHP before 5.2.5 allows local users to bypass protection mechanisms configured through php_admin_value or php_admin_flag in httpd.conf by using ini_set to modify arbitrary configuration variables, a different issue than CVE-2006-4625. | |||||
| CVE-2007-5835 | 1 Bosdev | 1 Bosnews | 2018-10-15 | 5.0 MEDIUM | N/A |
| Install.php in BosDev BosNews 4 and 5 does not require authentication for replacing an existing product installation or creating a new admin account, which allows remote attackers to cause a denial of service (overwritten files) and possibly obtain administrative access. | |||||
| CVE-2007-5787 | 1 Phptoys | 1 Micro Login System | 2018-10-15 | 5.0 MEDIUM | N/A |
| Micro Login System 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a password via a direct request for userpwd.txt. | |||||
| CVE-2007-5777 | 1 Blue-collar Productions | 1 I-gallery | 2018-10-15 | 5.0 MEDIUM | N/A |
| Blue-Collar Productions i-Gallery 3.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a base64-encoded password via a direct request for igallery.mdb. | |||||
| CVE-2007-5771 | 1 Flatnuke3 | 1 Flatnuke3 | 2018-10-15 | 7.5 HIGH | N/A |
| Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain administrative access via a myforum%00 cookie. | |||||
| CVE-2007-5735 | 1 Efileman | 1 Efileman | 2018-10-15 | 5.0 MEDIUM | N/A |
| eFileMan 7.1.0.87-88 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain unspecified user information via a direct request for cgi-bin/efileman/efileman_config.pm. | |||||
| CVE-2007-5686 | 1 Rpath | 1 Rpath Linux | 2018-10-15 | 4.9 MEDIUM | N/A |
| initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers. | |||||
| CVE-2007-5587 | 2 Macrovision, Microsoft | 3 Safedisc, Windows 2003 Server, Windows Xp | 2018-10-15 | 6.9 MEDIUM | N/A |
| Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild. | |||||
| CVE-2007-5493 | 1 Microsoft | 1 Windows Mobile | 2018-10-15 | 4.3 MEDIUM | N/A |
| The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows attackers to hide the sender field of an SMS message via a malformed WAP PUSH message that causes the PDU to be incorrectly decoded. | |||||
| CVE-2007-5442 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-10-15 | 3.5 LOW | N/A |
| CMS Made Simple 1.1.3.1 does not check the permissions assigned to users who attempt uploads, which allows remote authenticated users to upload unspecified files via unknown vectors. | |||||
| CVE-2007-5441 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-10-15 | 6.5 MEDIUM | N/A |
| CMS Made Simple 1.1.3.1 does not check the permissions assigned to users in some situations, which allows remote authenticated users to perform some administrative actions, as demonstrated by (1) adding a user via a direct request to admin/adduser.php and (2) reading the admin log via an "admin/adminlog.php?page=1" request. | |||||
| CVE-2007-5352 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2018-10-15 | 7.2 HIGH | N/A |
| Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request. | |||||
| CVE-2007-5338 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-15 | 9.3 HIGH | N/A |
| Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed. | |||||
| CVE-2007-5350 | 1 Microsoft | 1 Windows Vista | 2018-10-15 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the Windows Advanced Local Procedure Call (ALPC) in the kernel in Microsoft Windows Vista allows local users to gain privileges via unspecified vectors involving "legacy reply paths." | |||||
| CVE-2007-5289 | 1 Hp | 2 Mercury Quality Center, Testdirector | 2018-10-15 | 7.6 HIGH | N/A |
| HP Mercury Quality Center (QC) 9.2 and earlier, and possibly TestDirector, relies on cached client-side scripts to implement "workflow" and decisions about the "capability" of a user, which allows remote attackers to execute arbitrary code via crafted use of the Open Test Architecture (OTA) API, as demonstrated by modifying (1) common.tds, (2) defects.tds, (3) manrun.tds, (4) req.tds, (5) testlab.tds, or (6) testplan.tds in %tmp%\TD_80, and then setting the file's properties to read-only. | |||||
| CVE-2007-5260 | 1 Asp-cms | 1 Asp-cms | 2018-10-15 | 5.0 MEDIUM | N/A |
| ASP-CMS 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request for mdb-database/ASP-CMS_v100.mdb. | |||||
| CVE-2007-5223 | 1 Alstrasoft | 1 Affiliate Network Pro | 2018-10-15 | 6.8 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to include local files and have other unspecified impact, related to incorrect input validation or other defects involving (1) admin/backupstart.php, (2) a .sql filename under admin/admin/dump/, (3) a .sql filename in the fl parameter to admin/downloadbackup.php, and (4) a .. (dot dot) in the fl parameter to admin/downloadbackup.php. | |||||
| CVE-2007-5194 | 1 Rpath | 1 Rmake | 2018-10-15 | 6.9 MEDIUM | N/A |
| The Chroot server in rMake 1.0.11 creates a /dev/zero device file with read/write permissions for the rMake user and the same minor device number as /dev/port, which might allow local users to gain root privileges. | |||||