Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4107 | 1 Phpmyforum | 1 Phpmyforum | 2011-03-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in editpost.php in phpMyForum before 4.1.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-4159 | 1 Tibco | 1 Rendezvous | 2011-03-07 | 5.0 MEDIUM | N/A |
| index.html in the HTTP administration interface in certain daemons in TIBCO Rendezvous (RV) 7.5.2 allows remote attackers to obtain sensitive information, such as a user name and IP addresses, via a direct request. | |||||
| CVE-2007-4160 | 1 Tibco | 1 Rendezvous | 2011-03-07 | 5.0 MEDIUM | N/A |
| The default configuration of TIBCO Rendezvous (RV) 7.5.2 clients, when -no-multicast is omitted, uses a multicast group as the destination for a network message, which might make it easier for remote attackers to capture message contents by sniffing the network. | |||||
| CVE-2007-4161 | 1 Tibco | 1 Rendezvous | 2011-03-07 | 4.3 MEDIUM | N/A |
| rvd in TIBCO Rendezvous (RV) 7.5.2, when -no-lead-wc is omitted, might allow remote attackers to cause a denial of service (network instability) via a subject name with a leading (1) '*' (asterisk) or (2) '>' (greater than) wildcard character. | |||||
| CVE-2007-4162 | 1 Tibco | 1 Rendezvous | 2011-03-07 | 7.8 HIGH | N/A |
| TIBCO Rendezvous (RV) 7.5.2 does not protect confidentiality or integrity of inter-daemon communication, which allows remote attackers to capture and spoof traffic. | |||||
| CVE-2007-4178 | 1 Amg Soft | 1 Webdirector | 2011-03-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in WebDirector 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the deslocal parameter. | |||||
| CVE-2007-3298 | 1 Spey | 1 Spey | 2011-03-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Spey before 0.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to MessageProcessor.cc and possibly other components. | |||||
| CVE-2007-3299 | 1 Awffull | 1 Awffull | 2011-03-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in AWFFull before 3.7.4, when AllSearchStr (aka the All Search Terms report) is enabled, allows remote attackers to inject arbitrary web script or HTML via a search string. | |||||
| CVE-2007-3369 | 1 Polycom | 1 Soundpoint Ip 601 | 2011-03-07 | 7.8 HIGH | N/A |
| Buffer overflow in the Polycom SoundPoint IP 601 SIP phone with BootROM 3.0.x+ and SIP version 1.6.3.0067 allows remote attackers to cause a denial of service (device hang or reboot) via an INVITE message with a long Via header. | |||||
| CVE-2007-3408 | 1 Dia | 1 Dia | 2011-03-07 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have unspecified attack vectors and impact, probably involving the use of vulnerable FreeType libraries that contain CVE-2007-2754 and/or CVE-2007-1351. | |||||
| CVE-2007-3517 | 1 Claroline | 1 Claroline | 2011-03-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) index.php, (2) demo/claroline170/index.php, and possibly other scripts. | |||||
| CVE-2007-3540 | 1 Rainworx | 1 Rwauction Pro | 2011-03-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in search.asp in rwAuction Pro 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) show, (3) searchtype, (4) catid, and (5) searchtxt parameters, a different version and vectors than CVE-2005-4060. | |||||
| CVE-2007-3570 | 1 Novell | 1 Access Manager | 2011-03-07 | 7.5 HIGH | N/A |
| The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request. | |||||
| CVE-2007-3628 | 1 Pear | 1 Structures Datagrid Datasource Mdb2 | 2011-03-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the fetch function in MDB2.php in PEAR Structures-DataGrid-DataSource-MDB2 0.1.9 and earlier allows attackers to "manipulate the generated sorting queries." | |||||
| CVE-2007-3648 | 1 Valarsoft | 1 Webmatic | 2011-03-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Webmatic before 2.6.2, and possibly other versions before 2.7, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly related to admin/admin_album.php and admin/admin_downloads.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2866 | 1 Phpecho Cms | 1 Phpecho Cms | 2011-03-07 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in modules/admin/modules/gallery.php in PHPEcho CMS 2.0-rc1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter and possibly other parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2874 | 1 Redhat | 1 Fedora Core | 2011-03-07 | 5.8 MEDIUM | N/A |
| Buffer overflow in the wpa_printf function in the debugging code in wpa_supplicant in the Fedora NetworkManager package before 0.6.5-3.fc7 allows user-assisted remote attackers to execute arbitrary code via malformed frames on a WPA2 network. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-3009 | 1 Mbedthis Software | 1 Mbedthis Appweb Http Server | 2011-03-07 | 4.3 MEDIUM | N/A |
| Format string vulnerability in the MprLogToFile::logEvent function in Mbedthis AppWeb 2.0.5-4, when the build supports logging but the configuration disables logging, allows remote attackers to cause a denial of service (daemon crash) via format string specifiers in the HTTP scheme, as demonstrated by a "GET %n://localhost:80/" request. | |||||
| CVE-2007-3076 | 1 Zenturi | 1 Zenturi Programchecker | 2011-03-07 | 7.8 HIGH | N/A |
| A certain ActiveX control in sasatl.dll in Zenturi ProgramChecker allows remote attackers to download arbitrary files to the client system via the DownloadFile function. | |||||
| CVE-2007-3121 | 1 Zapping | 1 Zapping Vbi Library | 2011-03-07 | 7.5 HIGH | N/A |
| Buffer overflow in the CCdecode function in contrib/ntsc-cc.c in the zvbi-ntsc-cc tool in Zapping VBI Library (ZVBI) before 0.2.25 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via long data during a reception error. NOTE: some of these details are obtained from third party information. | |||||