Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1269 | 1 Gnu | 1 Gnumail | 2018-10-16 | 5.0 MEDIUM | N/A |
| GNUMail 1.1.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents GNUMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | |||||
| CVE-2007-1215 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Vista and 1 more | 2018-10-16 | 7.2 HIGH | N/A |
| Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via certain "color-related parameters" in crafted images. | |||||
| CVE-2007-1267 | 1 Sylpheed | 1 Sylpheed | 2018-10-16 | 5.0 MEDIUM | N/A |
| Sylpheed 2.2.7 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Sylpheed from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | |||||
| CVE-2007-1268 | 1 Mutt | 1 Mutt | 2018-10-16 | 5.0 MEDIUM | N/A |
| Mutt 1.5.13 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Mutt from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | |||||
| CVE-2007-1221 | 1 Microsoft | 1 Xbox 360 | 2018-10-16 | 7.2 HIGH | N/A |
| The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows attackers with physical access to force execution of the hypervisor syscall with a certain register set, which bypasses intended code protection. | |||||
| CVE-2007-1127 | 1 Watersweb Shops | 1 Shop Kit Plus | 2018-10-16 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in enc/stylecss.php in shopkitplus allows remote attackers to read arbitrary files via a .. (dot dot) in the changetheme parameter. | |||||
| CVE-2007-1112 | 1 Kaspersky Lab | 2 Kaspersky Anti-virus, Kaspersky Internet Security | 2018-10-16 | 10.0 HIGH | N/A |
| Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods. | |||||
| CVE-2007-1004 | 1 Mozilla | 1 Firefox | 2018-10-16 | 4.3 MEDIUM | N/A |
| Mozilla Firefox might allow remote attackers to conduct spoofing and phishing attacks by writing to an about:blank tab and overlaying the location bar. | |||||
| CVE-2007-1110 | 1 Activecalendar | 1 Activecalendar | 2018-10-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in data/showcode.php in ActiveCalendar 1.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. | |||||
| CVE-2007-1024 | 1 Marcello Vitagliano | 1 Meganoides News | 2018-10-16 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in include.php in Meganoide's news 1.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter. | |||||
| CVE-2007-1126 | 1 Xt-commerce | 1 Xt-commerce Community Made Shopping | 2018-10-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in xtcommerce allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter. | |||||
| CVE-2007-1158 | 1 Postnuke Software Foundation | 1 Pagesetter | 2018-10-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 through 6.3.0 beta 5 module for PostNuke allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. | |||||
| CVE-2007-1054 | 1 Mediawiki | 1 Mediawiki | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer. | |||||
| CVE-2007-1156 | 1 Man Machine Systems | 1 Jbrowser | 2018-10-16 | 7.5 HIGH | N/A |
| JBrowser allows remote attackers to bypass authentication and access certain administrative capabilities via a direct request for _admin/. | |||||
| CVE-2007-1128 | 1 Watersweb Shops | 1 Shop Kit Plus | 2018-10-16 | 5.0 MEDIUM | N/A |
| shopkitplus allows remote attackers to obtain sensitive information via a request to (1) events.php with a curmonth[]=01 query string or (2) enc/stylecss.php with a changetheme[]= query string, which reveals the path in various error messages. | |||||
| CVE-2007-1107 | 1 Coppermine | 1 Coppermine Photo Gallery | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using similar cookies. | |||||
| CVE-2007-1029 | 1 Quicksoft | 1 Easymail Objects | 2018-10-16 | 7.6 HIGH | N/A |
| Stack-based buffer overflow in the Connect method in the IMAP4 component in Quiksoft EasyMail Objects before 6.5 allows remote attackers to execute arbitrary code via a long host name. | |||||
| CVE-2007-1030 | 1 Niels Provos | 1 Libevent | 2018-10-16 | 7.8 HIGH | N/A |
| Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a denial of service (infinite loop) via a DNS response containing a label pointer that references its own offset. | |||||
| CVE-2007-1053 | 1 Warped Systems | 1 Phpxmms | 2018-10-16 | 10.0 HIGH | N/A |
| ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in phpXmms 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the tcmdp parameter to (1) phpxmmsb.php or (2) phpxmmst.php. NOTE: this issue has been disputed by a reliable third party, stating that the tcmdp variable is initialized by config.php. | |||||
| CVE-2007-1102 | 1 Photostand | 1 Photostand | 2018-10-16 | 5.0 MEDIUM | N/A |
| Photostand 1.2.0 allows remote attackers to obtain sensitive information via a ' (quote) character in (1) a PHPSESSID cookie or (2) the id parameter in an article action in index.php, which reveal the path in various error messages. | |||||