Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0725 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-07 | 7.2 HIGH | N/A |
| Buffer overflow in the AirPortDriver module for AirPort in Apple Mac OS X 10.3.9 through 10.4.9, when running on hardware with the original AirPort wireless card, allows local users to execute arbitrary code by "sending malformed control commands." | |||||
| CVE-2007-0611 | 1 Free Lan Intra Internet Portal | 1 Free Lan Intra Internet Portal | 2011-03-07 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) inc.page.php and (2) inc.text.php. | |||||
| CVE-2007-0619 | 1 Chmlib | 1 Chmlib | 2011-03-07 | 9.3 HIGH | N/A |
| chmlib before 0.39 allows user-assisted remote attackers to execute arbitrary code via a crafted page block length in a CHM file, which triggers memory corruption. | |||||
| CVE-2007-0738 | 1 Apple | 1 Mac Os X | 2011-03-07 | 4.6 MEDIUM | N/A |
| The Login Window in Apple Mac OS X 10.4 through 10.4.9 does not display the screen saver authentication dialog in certain circumstances when waking from sleep, even though the "require a password to wake the computer from sleep" option is enabled, which allows local users to bypass authentication controls. | |||||
| CVE-2007-0844 | 1 Pam Ssh | 1 Pam Ssh | 2011-03-07 | 6.4 MEDIUM | N/A |
| The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when the allow_blank_passphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase. | |||||
| CVE-2007-0722 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-07 | 6.8 MEDIUM | N/A |
| Integer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted AppleSingleEncoding disk image. | |||||
| CVE-2007-0841 | 1 Vbdrupal | 1 Vbdrupal | 2011-03-07 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have unknown impact and remote attack vectors. NOTE: the vector related to Drupal is covered by CVE-2007-0626. These vulnerabilities might be associated with other CVE identifiers. | |||||
| CVE-2007-0632 | 1 Asp Edge | 1 Asp Edge | 2011-03-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via a username cookie, a different vector than CVE-2007-0560. | |||||
| CVE-2007-0723 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-07 | 8.5 HIGH | N/A |
| Unspecified vulnerability in the authentication feature for DirectoryService (DS Plug-Ins) for Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote authenticated LDAP users to modify the root password and gain privileges via unknown vectors. | |||||
| CVE-2007-0744 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-07 | 7.2 HIGH | N/A |
| SMB in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when executing commands, which allows local users to gain privileges by setting unspecified environment variables. | |||||
| CVE-2007-0408 | 1 Bea | 1 Weblogic Server | 2011-03-07 | 7.5 HIGH | N/A |
| BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate client certificates when reusing cached connections, which allows remote attackers to obtain access via an untrusted X.509 certificate. | |||||
| CVE-2007-0318 | 1 Apple | 1 Mac Os X | 2011-03-07 | 7.8 HIGH | N/A |
| The do_hfs_truncate function in Mac OS X 10.4.8 allows context-dependent attackers to cause a denial of service (kernel panic) via a crafted HFS+ filesystem in a DMG image, which causes an access of an invalid vnode structure during file removal. | |||||
| CVE-2007-0422 | 1 Bea | 1 Weblogic Server | 2011-03-07 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, allows remote attackers to cause a denial of service (server inaccessibility) via manipulated socket connections. | |||||
| CVE-2007-0474 | 1 Smb4k | 1 Smb4k | 2011-03-07 | 3.3 LOW | N/A |
| Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to kill arbitrary processes, related to a "design issue with smb4k_kill." | |||||
| CVE-2007-0420 | 1 Bea | 1 Weblogic Server | 2011-03-07 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to obtain sensitive information via malformed HTTP requests, which reveal data from previous requests. | |||||
| CVE-2007-0514 | 1 Hitachi | 19 Cosminexus Application Server, Cosminexus Application Server Version 5, Cosminexus Developer Light Version 6 and 16 more | 2011-03-07 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps. | |||||
| CVE-2007-0411 | 1 Bea | 1 Weblogic Server | 2011-03-07 | 6.8 MEDIUM | N/A |
| BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when WS-Security is used, does not properly validate certificates, which allows remote attackers to conduct a man-in-the-middle (MITM) attack. | |||||
| CVE-2007-0244 | 2 Debian, Poptop | 2 Debian Linux, Pptp Server | 2011-03-07 | 5.0 MEDIUM | N/A |
| pptpgre.c in PoPToP Point to Point Tunneling Server (pptpd) before 1.3.4 allows remote attackers to cause a denial of service (PPTP connection tear-down) via (1) GRE packets with out-of-order sequence numbers or (2) certain GRE packets that are processed using a wrong pointer and improperly dequeued. | |||||
| CVE-2007-0491 | 1 Sky Gunning | 1 Myspeach | 2011-03-07 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in up.php in Sky GUNNING MySpeach 3.0.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the my_ms[root] parameter, a different vector than CVE-2006-4630. NOTE: Some of these details are obtained from third party information. | |||||
| CVE-2007-0231 | 1 Six Apart | 1 Movable Type | 2011-03-07 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, when nofollow is disabled and unmoderated comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Comments field. | |||||