Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3489 | 1 Checkpoint | 1 Vpn-1 Utm Edge | 2018-10-16 | 9.3 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in pop/WizU.html in the management interface in Check Point VPN-1 Edge X Embedded NGX 7.0.33x on the Check Point VPN-1 UTM Edge allows remote attackers to perform privileged actions as administrators, as demonstrated by a request with the swuuser and swupass parameters, which adds an administrator account. NOTE: the CSRF attack has no timing window because there is no logout capability in the management interface. | |||||
| CVE-2007-3495 | 1 Sap | 2 Sap Basis Component 640, Sap Basis Component 700 | 2018-10-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the SAP Internet Communication Framework (BC-MID-ICF) in the SAP Basis component 700 before SP12, and 640 before SP20, allow remote attackers to inject arbitrary web script or HTML via certain parameters associated with the default login error page. | |||||
| CVE-2007-3465 | 1 Sofaware | 1 Safe At Office 500 Utm | 2018-10-16 | 10.0 HIGH | N/A |
| Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, has a certain default password. | |||||
| CVE-2007-3468 | 1 Videolan | 1 Vlc Media Player | 2018-10-16 | 7.8 HIGH | N/A |
| input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a crafted WAV file that causes an uninitialized i_nb_resamplers variable to be used. | |||||
| CVE-2007-3463 | 1 Microsoft | 1 Windows Xp | 2018-10-16 | 4.6 MEDIUM | N/A |
| ** DISPUTED ** Microsoft Windows XP SP2 allows local users, who have sessions created by another user's RunAs (run as) command, to kill arbitrary processes of this other user, as demonstrated by the taskkill program. NOTE: the researcher claims a vendor dispute in which the vendor states that "RunAs and UAC are convenience features, not security boundaries. If you need a security guarantee, please log out and log back in with a different account." | |||||
| CVE-2007-3398 | 1 Perception | 1 Liteweb | 2018-10-16 | 5.0 MEDIUM | N/A |
| LiteWEB 2.7 allows remote attackers to cause a denial of service (hang) via a large number of requests for nonexistent pages. | |||||
| CVE-2007-3432 | 1 Pluxml | 1 Pluxml | 2018-10-16 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename. | |||||
| CVE-2007-3462 | 1 Sofaware | 1 Safe At Office 500 Utm | 2018-10-16 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, allows remote attackers to execute commands as arbitrary users, and disable firewalling of the protected network. | |||||
| CVE-2007-3407 | 1 Sergey Lyubka | 1 Simple Httpd | 2018-10-16 | 5.0 MEDIUM | N/A |
| Sergey Lyubka Simple HTTPD (shttpd) 1.38 allows remote attackers to obtain sensitive information (script source code) via a URL with a trailing encoded space (%20). | |||||
| CVE-2007-3396 | 1 Key Focus | 1 Kf Web Server | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.wkf in KeyFocus (KF) web server 3.1.0 allows remote attackers to inject arbitrary web script or HTML via the opsubmenu parameter. | |||||
| CVE-2007-3426 | 1 Zoneo-soft | 1 Phptraffica | 2018-10-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | |||||
| CVE-2007-3409 | 1 Nlnet Labs | 1 Net Dns | 2018-10-16 | 4.3 MEDIUM | N/A |
| Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop. | |||||
| CVE-2007-3425 | 1 Zoneo-soft | 1 Phptraffica | 2018-10-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to include arbitrary local files via the lang parameter, a different vector and version than CVE-2007-1076.2. | |||||
| CVE-2007-3453 | 1 Papoo | 1 Papoo | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Papoo 3.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the selmenuid parameter to certain components. | |||||
| CVE-2007-3464 | 1 Sofaware | 1 Safe At Office 500 Utm | 2018-10-16 | 8.5 HIGH | N/A |
| Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, does not require entry of the old password when changing the admin password, which might allow attackers to gain privileges by conducting a CSRF attack, making a password change on an unattended workstation, or other vectors. | |||||
| CVE-2007-3402 | 1 Pagetool | 1 Pagetool | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in pagetool 1.07 allows remote attackers to execute arbitrary SQL commands via the news_id parameter in a pagetool_news action. | |||||
| CVE-2007-3435 | 1 Rkd Software | 1 Barcode Activex | 2018-10-16 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the BeginPrint method in a certain ActiveX control in RKD Software (barcodetools.com) BarCodeAx.dll 4.9 allows remote attackers to execute arbitrary code via a long argument. | |||||
| CVE-2007-3459 | 1 Civiltech | 1 Avax Vector Activex | 2018-10-16 | 6.4 MEDIUM | N/A |
| A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax Vector 1.3 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the WriteMovie method. | |||||
| CVE-2007-3467 | 1 Videolan | 1 Vlc Media Player | 2018-10-16 | 7.8 HIGH | N/A |
| Integer overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a WAV file with a large sample rate. | |||||
| CVE-2007-3427 | 1 Zoneo-soft | 1 Phptraffica | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a stats action. | |||||