Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4479 | 1 Aleadsoft.com | 1 Search Engine Builder Professional | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.html in Search Engine Builder allows remote attackers to inject arbitrary web script or HTML via the searWords parameter. | |||||
| CVE-2007-4477 | 1 Planet Technology Corp | 1 Vc-200m Vdsl2 | 2018-10-15 | 5.0 MEDIUM | N/A |
| The administration interface in the Planet VC-200M VDSL2 router allows remote attackers to cause a denial of service (administration interface outage) via an HTTP request without a Host header. | |||||
| CVE-2007-4463 | 2 Fransois Gannier, Ghisler | 2 Fileinfo Plugin, Total Commander | 2018-10-15 | 5.0 MEDIUM | N/A |
| The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service (unhandled exception) via an invalid RVA address function pointer in (1) an IMAGE_THUNK_DATA structure, involving the (a) OriginalFirstThunk and (b) FirstThunk IMAGE_IMPORT_DESCRIPTOR fields, or (2) the AddressOfNames IMAGE_EXPORT_DIRECTORY field in a PE file. | |||||
| CVE-2007-4454 | 1 Olate | 1 Olatedownload | 2018-10-15 | 6.8 MEDIUM | N/A |
| Eval injection vulnerability in environment.php in Olate Download (od) 3.4.1 allows context-dependent attackers to execute arbitrary code via a crafted version string, as referenced by the (1) PDO::ATTR_SERVER_VERSION or (2) PDO::ATTR_CLIENT_VERSION attribute. | |||||
| CVE-2007-4453 | 1 Jelsoft | 1 Vbulletin | 2018-10-15 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the (1) s parameter to index.php, and the (2) q parameter to (a) faq.php, (b) member.php, (c) memberlist.php, (d) calendar.php, (e) search.php, (f) forumdisplay.php, (g) showgroups.php, (h) online.php, and (i) sendmessage.php. NOTE: these issues have been disputed by the vendor, stating "I can't reproduce a single one of these". The researcher is known to be unreliable. | |||||
| CVE-2007-4452 | 1 Toribash | 1 Toribash | 2018-10-15 | 5.0 MEDIUM | N/A |
| The client in Toribash 2.71 and earlier allows remote attackers to cause a denial of service (disconnection) via a long (1) emote or (2) SPEC command. | |||||
| CVE-2007-4451 | 1 Toribash | 1 Toribash | 2018-10-15 | 5.0 MEDIUM | N/A |
| The server in Toribash 2.71 and earlier on Windows allows remote attackers to cause a denial of service (continuous beep and server hang) via certain commands that contain many 0x07 or other invalid characters. | |||||
| CVE-2007-4449 | 1 Toribash | 1 Toribash | 2018-10-15 | 5.0 MEDIUM | N/A |
| The client in Toribash 2.71 and earlier allows remote attackers to cause a denial of service (application hang) via a command without an LF character, as demonstrated by a SAY command. | |||||
| CVE-2007-4448 | 1 Toribash | 1 Toribash | 2018-10-15 | 5.0 MEDIUM | N/A |
| The server in Toribash 2.71 and earlier does not properly handle partially joined clients that are temporarily assigned the ID of -1, which allows remote attackers to cause a denial of service (daemon crash) via a GRIP command with the ID of -1. | |||||
| CVE-2007-4447 | 1 Toribash | 1 Toribash | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the client in Toribash 2.71 and earlier allow remote attackers to (1) execute arbitrary code via a long game command in a replay (.rpl) file and (2) cause a denial of service (application crash) via a long SAY command that omits a required LF character; and allow remote Toribash servers to execute arbitrary code via (3) a long game command and (4) a long SAY command that omits a required LF character. | |||||
| CVE-2007-4446 | 1 Toribash | 1 Toribash | 2018-10-15 | 7.5 HIGH | N/A |
| Format string vulnerability in the server in Toribash 2.71 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the NICK command (client nickname) when entering a game. | |||||
| CVE-2007-4443 | 1 Epic Games | 1 Unreal Engine | 2018-10-15 | 5.0 MEDIUM | N/A |
| The UCC dedicated server for the Unreal engine, possibly 2003 and 2004, on Windows allows remote attackers to cause a denial of service (continuous beep and server slowdown) via a string containing many 0x07 characters in (1) a request to the images/ directory, (2) the Content-Type field, (3) a HEAD request, and possibly other unspecified vectors. | |||||
| CVE-2007-4442 | 1 Epic Games | 1 Unreal Engine | 2018-10-15 | 5.0 MEDIUM | N/A |
| Stack-based buffer overflow in the logging function in the Unreal engine, possibly 2003 and 2004, as used in the internal web server, allows remote attackers to cause a denial of service (application crash) via a request for a long .gif filename in the images/ directory, related to conversion from Unicode to ASCII. | |||||
| CVE-2007-4413 | 1 Headstart Solutions | 1 Deskpro | 2018-10-15 | 3.5 LOW | N/A |
| Direct static code injection vulnerability in admincp/user_help.php in Headstart Solutions DeskPRO 3.0.2 allows remote authenticated users to inject arbitrary PHP code into an unspecified file via a new_entry value in the do parameter. | |||||
| CVE-2007-4412 | 1 Headstart Solutions | 1 Deskpro | 2018-10-15 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Headstart Solutions DeskPRO 3.0.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters to (1) techs.php, (2) ticket_category.php, (3) ticket_priority.php, (4) ticket_workflow.php, (5) ticket_escalate.php, (6) fields_ticket.php, (7) ticket_rules_web.php, (8) ticket_displayfields.php, (9) ticket_rules_mail.php, (10) fields_user.php, (11) fields_faq.php, and (12) user_help.php, in (a) admincp/ and (b) possibly a directory on the "User side." | |||||
| CVE-2007-4411 | 1 Universal Ircd | 1 Ircu | 2018-10-15 | 4.3 MEDIUM | N/A |
| ircu 2.10.12.05 and earlier allows remote attackers to discover the hidden IP address of arbitrary +x users via a series of /silence commands with (1) CIDR mask arguments or (2) certain other arguments that represent groups of IP addresses, then monitoring CTCP ping replies. | |||||
| CVE-2007-4410 | 1 Universal Ircd | 1 Ircu | 2018-10-15 | 6.0 MEDIUM | N/A |
| ircu 2.10.12.05 and earlier does not properly synchronize a kick action in certain cross scenarios, which allows remote authenticated operators to prevent later kick or de-op actions from non-local ops. | |||||
| CVE-2007-4445 | 1 Rfactor | 1 Rfactor | 2018-10-15 | 7.5 HIGH | N/A |
| Image Space rFactor 1.250 and earlier allows remote attackers to cause a denial of service (daemon crash) via (1) an ID 0x30 packet, (2) an ID 0x38 packet, and an invalid 13-bit integer in (3) an ID 0x60 packet and (4) an ID 0x68 packet; and a denial of service (UDP port block) via (5) an ID 0x20 packet and (6) an ID 0x28 packet. | |||||
| CVE-2007-4409 | 1 Universal Ircd | 1 Ircu | 2018-10-15 | 5.1 MEDIUM | N/A |
| Race condition in ircu 2.10.12.01 through 2.10.12.05 allows remote attackers to set a new Apass during a netburst by arranging for ops privilege to be granted before the mode arrives. | |||||
| CVE-2007-4408 | 1 Universal Ircd | 1 Ircu | 2018-10-15 | 5.0 MEDIUM | N/A |
| ircu 2.10.12.05 and earlier ignores timestamps in bounces, which allows remote attackers to take over a channel during a netjoin by causing a bounce while a server with an older version of the channel is linking. | |||||