Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2188 | 1 Extremail | 1 Extremail | 2008-11-12 | 10.0 HIGH | N/A |
| eXtremail 2.1.1 and earlier does not verify the ID field (aka transaction id) in DNS responses, which makes it easier for remote attackers to conduct DNS spoofing. | |||||
| CVE-2007-2423 | 1 Moinmoin | 1 Moinmoin | 2008-11-12 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in MoinMoin 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the do parameter in an AttachFile action, a different vulnerability than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2429 | 1 Manageengine | 1 Passwordmanager Pro | 2008-11-12 | 10.0 HIGH | N/A |
| ManageEngine PasswordManager Pro (PMP) allows remote attackers to obtain administrative access to a database by injecting a certain command line for the mysql program, as demonstrated by the "-port 2345" and "-u root" arguments. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2269 | 1 Swsoft | 1 Plesk | 2008-11-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in top.php3 in SWsoft Plesk for Windows 8.1 and 8.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter. | |||||
| CVE-2007-1955 | 1 Signkorea | 1 Skcommax Activex Control | 2008-11-12 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in the SignKorea SKCrypAX ActiveX control module 5.4.1.2 allow remote attackers to execute arbitrary code via a long string in unspecified arguments to the (1) DownloadCert, (2) DecryptFileByKey, and (3) EncryptFileByKey functions, a different module and vectors than CVE-2007-1722. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2023 | 1 Secustick | 1 Secustick Usb Flash Drive | 2008-11-12 | 7.2 HIGH | N/A |
| USB20.dll in Secustick USB flash drive decouples the authorization and file access routines, which allows local users to bypass authentication requirements by altering the return value of the VerifyPassWord function. | |||||
| CVE-2007-2073 | 1 Ivan Gallery Script | 1 Ivan Gallery Script | 2008-11-12 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Ivan Gallery Script 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the gallery parameter in a new session. | |||||
| CVE-2007-1820 | 1 Nortel | 2 Callpilot, Meridian Mail | 2008-11-12 | 9.3 HIGH | N/A |
| Nortel Networks CallPilot and Meridian Mail voicemail systems, when a mailbox has auto logon enabled, allow remote attackers to retrieve or remove messages, or reconfigure the mailbox, by spoofing Calling Number Identification (CNID, aka Caller ID). | |||||
| CVE-2007-1822 | 1 Alcatel-lucent | 1 Voice Mail System | 2008-11-12 | 10.0 HIGH | N/A |
| Alcatel-Lucent Lucent Technologies voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID). | |||||
| CVE-2007-1821 | 1 Sprint | 1 Sprint Voice | 2008-11-12 | 10.0 HIGH | N/A |
| Sprint Nextel Sprint voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID). | |||||
| CVE-2007-1775 | 1 Jbrowser | 1 Jbrowser | 2008-11-12 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in upload.php3 in JBrowser 2.4 and earlier allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-1830 | 1 Web-app.org | 1 Webapp | 2008-11-12 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Username Hijacking Patch 20070312 for web-app.org WebAPP 0.9.9.6 allows remote attackers to obtain administrative access via unknown vectors, related to "something overlooked in the original that was still overlooked in the patch", and possibly related to copying files to the user-lib and the "XSS and cookies exploit." | |||||
| CVE-2007-1829 | 1 Web-app.net | 1 Webapp | 2008-11-12 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in web-app.net WebAPP have unknown impact and attack vectors, described as "[having] other [security] issues too, not as bad as letting users take over your admin account, but bad too." | |||||
| CVE-2007-1823 | 1 T-mobile | 1 Voice Mail Systems | 2008-11-12 | 10.0 HIGH | N/A |
| T-Mobile voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID). | |||||
| CVE-2007-1653 | 1 Glowworm | 1 Glowworm | 2008-11-12 | 7.8 HIGH | N/A |
| GlowWorm FW before 1.5.3b4 allows remote attackers to cause a denial of service (kernel panic) via certain DNS responses that trigger infinite recursion in TrueDNS packet parsing, as originally observed with certain login.yahoo.com responses. | |||||
| CVE-2007-1574 | 1 Care2x | 1 Care2x | 2008-11-12 | 5.0 MEDIUM | N/A |
| CARE2X 2.2, and possibly earlier, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-1651 | 1 Openid | 1 Openid | 2008-11-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in OpenID allows remote attackers to restore the login session of a user on an OpenID enabled site via unspecified vectors related to an arbitrary remote web site and cached tokens, after the user has signed into an OpenID server, logged into the OpenID enabled site, and then logged out of the OpenID enabled site. | |||||
| CVE-2007-1492 | 1 Microsoft | 1 Windows Xp | 2008-11-12 | 7.1 HIGH | N/A |
| winmm.dll in Microsoft Windows XP allows user-assisted remote attackers to cause a denial of service (infinite loop) via a large cch argument value to the mmioRead function, as demonstrated by a crafted WAV file. | |||||
| CVE-2007-1494 | 1 Nukescripts | 1 Nukesentinel | 2008-11-12 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "filters for https:// and http://". | |||||
| CVE-2007-1652 | 1 Openid | 1 Openid | 2008-11-12 | 7.5 HIGH | N/A |
| OpenID allows remote attackers to forcibly log a user into an OpenID enabled site, divulge the user's personal information to this site, and add it site to the trusted sites list via a crafted web page, related to cached tokens. | |||||