Total
5279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5044 | 1 Zonelabs | 1 Zonealarm | 2018-10-15 | 6.9 MEDIUM | N/A |
| ZoneAlarm Pro 7.0.362.000 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the (1) NtCreatePort and (2) NtDeleteFile kernel SSDT hooks, a partial regression of CVE-2007-2083. | |||||
| CVE-2007-5043 | 1 Kaspersky Lab | 1 Kaspersky Internet Security | 2018-10-15 | 4.4 MEDIUM | N/A |
| Kaspersky Internet Security 7.0.0.125 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to (1) cause a denial of service (crash) and possibly gain privileges via the NtCreateSection kernel SSDT hook or (2) cause a denial of service (avp.exe service outage) via the NtLoadDriver kernel SSDT hook. NOTE: this issue may partially overlap CVE-2006-3074. | |||||
| CVE-2007-5042 | 1 Agnitum | 1 Outpost Firewall | 2018-10-15 | 4.6 MEDIUM | N/A |
| Outpost Firewall Pro 4.0.1025.7828 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the (1) NtCreateKey, (2) NtDeleteFile, (3) NtLoadDriver, (4) NtOpenProcess, (5) NtOpenSection, (6) NtOpenThread, and (7) NtUnloadDriver kernel SSDT hooks, a partial regression of CVE-2006-7160. | |||||
| CVE-2007-5026 | 1 Dblog | 1 Dblog Cms | 2018-10-15 | 5.0 MEDIUM | N/A |
| dBlog CMS, probably 2.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing an admin password hash via a direct request for dblog.mdb. | |||||
| CVE-2007-5040 | 1 Ghostsecurity | 1 Ghost Security Suite | 2018-10-15 | 2.1 LOW | N/A |
| Ghost Security Suite alpha 1.200 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the (1) NtCreateKey, (2) NtCreateThread, (3) NtDeleteValueKey, (4) NtQueryValueKey, (5) NtSetSystemInformation, and (6) NtSetValueKey kernel SSDT hooks. | |||||
| CVE-2007-5039 | 1 Ghostsecurity | 1 Ghost Security Suite | 2018-10-15 | 2.1 LOW | N/A |
| Ghost Security Suite beta 1.110 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the (1) NtCreateKey, (2) NtDeleteValueKey, (3) NtQueryValueKey, (4) NtSetSystemInformation, and (5) NtSetValueKey kernel SSDT hooks. | |||||
| CVE-2007-5038 | 1 Mozilla | 1 Bugzilla | 2018-10-15 | 7.5 HIGH | N/A |
| The offer_account_by_email function in User.pm in the WebService for Bugzilla before 3.0.2, and 3.1.x before 3.1.2, does not check the value of the createemailregexp parameter, which allows remote attackers to bypass intended restrictions on account creation. | |||||
| CVE-2007-4972 | 1 Sysinternals | 1 Regmon | 2018-10-15 | 1.9 LOW | N/A |
| RegMon 7.04 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks to the (1) NtCreateKey and (2) NtOpenKey Windows Native API functions. | |||||
| CVE-2007-4967 | 1 Online Armor | 1 Personal Firewall | 2018-10-15 | 4.4 MEDIUM | N/A |
| Online Armor Personal Firewall 2.0.1.215 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including (1) NtAllocateVirtualMemory, (2) NtConnectPort, (3) NtCreateFile, (4) NtCreateKey, (5) NtCreatePort, (6) NtDeleteFile, (7) NtDeleteValueKey, (8) NtLoadKey, (9) NtOpenFile, (10) NtOpenProcess, (11) NtOpenThread, (12) NtResumeThread, (13) NtSetContextThread, (14) NtSetValueKey, (15) NtSuspendProcess, (16) NtSuspendThread, and (17) NtTerminateThread. | |||||
| CVE-2007-4937 | 1 Comscripts | 1 Cs Guestbook | 2018-10-15 | 5.0 MEDIUM | N/A |
| CS Guestbook stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin name and MD5 password hash via a direct request for base/usr/0.php. | |||||
| CVE-2007-4909 | 1 Winscp | 1 Winscp | 2018-10-15 | 9.3 HIGH | N/A |
| Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP. NOTE: this is related to an incomplete fix for CVE-2006-3015. | |||||
| CVE-2007-4873 | 1 Simplenews | 1 Simplenews | 2018-10-15 | 5.0 MEDIUM | N/A |
| SimpNews 2.41.03 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download arbitrary .inc files via a direct request, as demonstrated by admin/includes/dbtables.inc. | |||||
| CVE-2007-4850 | 1 Php | 1 Php | 2018-10-15 | 5.0 MEDIUM | N/A |
| curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563. | |||||
| CVE-2007-4740 | 1 Telecom Italy | 1 Alice Messenger | 2018-10-15 | 9.3 HIGH | N/A |
| The HPRevolutionRegistryManager ActiveX control in Hp.Revolution.RegistryManager.dll 1 in Telecom Italy Alice Messenger allows remote attackers to create registry keys and values via the arguments to the WriteRegistry method. | |||||
| CVE-2007-4733 | 1 Aztech | 1 Dsl 600eu Router | 2018-10-15 | 9.3 HIGH | N/A |
| The Aztech DSL600EU router, when WAN access to the web interface is disabled, does not properly block inbound traffic on TCP port 80, which allows remote attackers to connect to the web interface by guessing a TCP sequence number, possibly involving spoofing of an ARP packet, a related issue to CVE-1999-0077. | |||||
| CVE-2007-4610 | 1 Dale Mooney | 1 Moon Gallery | 2018-10-15 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in config/upload.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to upload and execute arbitrary PHP files in images/, possibly related to config/admin.php. | |||||
| CVE-2007-4609 | 1 Eyeos Project | 1 Eyeos | 2018-10-15 | 6.4 MEDIUM | N/A |
| eyeOS uses predictable checksum values in the checknum parameter for access control, which allows remote attackers to register many accounts via doCreateUser actions, add many eyeBoard messages via addMsg actions, and cause a denial of service or conduct certain unauthorized activities, by guessing valid parameter values. | |||||
| CVE-2007-4600 | 1 Ptc | 1 Mathcad | 2018-10-15 | 4.6 MEDIUM | N/A |
| The "Protect Worksheet" functionality in Mathsoft Mathcad 12 through 13.1, and PTC Mathcad 14, implements file access restrictions via a protection element in a gzipped XML file, which allows attackers to bypass these restrictions by removing this element. | |||||
| CVE-2007-4573 | 1 Linux | 1 Linux Kernel | 2018-10-15 | 7.2 HIGH | N/A |
| The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register. | |||||
| CVE-2007-4539 | 1 Mozilla | 1 Bugzilla | 2018-10-15 | 5.0 MEDIUM | N/A |
| The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote attackers to obtain sensitive information via certain XML-RPC requests, as demonstrated by the (1) Deadline and (2) Estimated Time fields. | |||||