Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6102 | 1 Feed2js | 1 Feed2js | 2011-03-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Feed to JavaScript (Feed2JS) 1.91 allows remote attackers to inject arbitrary web script or HTML via a URL in a feed. | |||||
| CVE-2007-6123 | 1 Irc Services | 1 Irc Services | 2011-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in IRC Services 5.1.8 has unknown impact and attack vectors. | |||||
| CVE-2007-6130 | 1 Gnu | 1 Gnump3d | 2011-03-07 | 5.0 MEDIUM | N/A |
| gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions. | |||||
| CVE-2007-6131 | 1 Redhat | 1 Fedora Core | 2011-03-07 | 2.1 LOW | N/A |
| buttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite arbitrary files via a symlink attack on the (1) scan.pnm and (2) scan.jpg temporary files. | |||||
| CVE-2007-5064 | 1 Xunlei | 1 Web Thunder | 2011-03-07 | 6.8 MEDIUM | N/A |
| Buffer overflow in a certain ActiveX control in Xunlei Web Thunder 5.6.9.344, possibly the DapPlayer ActiveX control in DapPlayer_Now.dll, allows remote attackers to execute arbitrary code via a long first argument to the DownURL2 method. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-5086 | 1 Kaspersky Lab | 2 Kaspersky Anti-virus, Kaspersky Internet Security | 2011-03-07 | 2.1 LOW | N/A |
| Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not properly validate certain parameters to System Service Descriptor Table (SSDT) and Shadow SSDT function handlers, which allows local users to cause a denial of service (crash) via the (1) NtUserSendInput, (2) LoadLibraryA, (3) NtOpenProcess, (4) NtOpenThread, (5) NtTerminateProcess, (6) NtUserFindWindowEx, and (7) NtUserBuildHwndList kernel SSDT hooks in kylif.sys; the (8) NtDuplicateObject (DuplicateHandle) kernel SSDT hook; and possibly other kernel SSDT hooks. NOTE: the NtCreateSection vector is covered by CVE-2007-5043.1. NOTE: the vendor disputes that the DuplicateHandle vector is a vulnerability in their code, stating that "it is not an error in our code, but an obscure method for manipulating standard Windows routines to circumvent our self-defense mechanisms." | |||||
| CVE-2007-5087 | 1 Linux | 1 Linux Kernel | 2011-03-07 | 4.9 MEDIUM | N/A |
| The ATM module in the Linux kernel before 2.4.35.3, when CLIP support is enabled, allows local users to cause a denial of service (kernel panic) by reading /proc/net/atm/arp before the CLIP module has been loaded. | |||||
| CVE-2007-5100 | 1 Phpbb | 1 Phpbb Plus | 2011-03-07 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpBB Plus 1.53, and 1.53a before 20070922, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) language/lang_german/lang_admin_album.php, (2) language/lang_english/lang_main_album.php, and (3) language/lang_english/lang_admin_album.php, different vectors than CVE-2007-5009. | |||||
| CVE-2007-5136 | 1 Dragonfrugal | 1 Dfd Cart | 2011-03-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in DFD Cart 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-5188 | 1 Xoops | 1 Xoops | 2011-03-07 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the XOOPS uploader class in Xoops 2.0.17.1-RC1 and earlier allows remote attackers to upload arbitrary files via unspecified vectors related to improper upload configuration settings in class/uploader.php and class/mimetypes.inc.php, possibly an incomplete blacklist that omits the .php4 extension. | |||||
| CVE-2007-5198 | 1 Nagios | 1 Plugins | 2011-03-07 | 6.8 MEDIUM | N/A |
| Buffer overflow in the redir function in check_http.c in Nagios Plugins before 1.4.10, when running with the -f (follow) option, allows remote web servers to execute arbitrary code via Location header responses (redirects) with a large number of leading "L" characters. | |||||
| CVE-2007-5241 | 1 Hp | 1 Openvms | 2011-03-07 | 5.0 MEDIUM | N/A |
| Buffer overflow in NET$CSMACD.EXE in HP OpenVMS 8.3 and earlier allows local users to cause a denial of service (machine crash) via the "MCR MCL SHOW CSMA-CD Port * All" command, which overwrites a Non-Paged Pool Packet. | |||||
| CVE-2007-5242 | 1 Hp | 1 Openvms | 2011-03-07 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in (1) SYS$EI1000.EXE and (2) SYS$EI1000_MON.EXE in HP OpenVMS 8.3 and earlier allows remote attackers to cause a denial of service (machine crash) via an "oversize" packet, which is not properly discarded if "the device has no remaining buffers after receipt of the first buffer segment." | |||||
| CVE-2007-5377 | 1 Gnu | 1 Tramp | 2011-03-07 | 6.9 MEDIUM | N/A |
| The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file functions in Tramp 2.1.10 extension for Emacs, and possibly earlier 2.1.x versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2007-5380 | 1 David Hansson | 1 Ruby On Rails | 2011-03-07 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions." | |||||
| CVE-2007-5391 | 1 Hp | 1 Select Identity | 2011-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP Select Identity 4.01 through 4.01.010 and 4.10 through 4.13.001 allows remote attackers to obtain unspecified access via unknown vectors. | |||||
| CVE-2007-5491 | 1 Sitebar | 1 Sitebar | 2011-03-07 | 9.0 HIGH | N/A |
| Directory traversal vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to chmod arbitrary files to 0777 via ".." sequences in the lang parameter. | |||||
| CVE-2007-5544 | 1 Ibm | 2 Lotus Domino, Lotus Notes | 2011-03-07 | 6.2 MEDIUM | N/A |
| IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus Script or other character sequences into a session. | |||||
| CVE-2007-4696 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-07 | 4.3 MEDIUM | N/A |
| Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to "page transitions" in Safari. | |||||
| CVE-2007-4717 | 1 Claroline | 1 Claroline | 2011-03-07 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) dir parameter in admin/adminusers.php, the (2) action parameter in admin/advancedUserSearch.php, and the (3) view parameter in admin/campusProblem.php. | |||||