Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3165 | 1 Tor | 1 Tor | 2011-03-07 | 5.0 MEDIUM | N/A |
| Tor before 0.1.2.14 can construct circuits in which an entry guard is in the same family as the exit node, which might compromise the anonymity of traffic sources and destinations by exposing traffic to inappropriate remote observers. | |||||
| CVE-2007-3244 | 1 Bbpress | 1 Bbpress | 2011-03-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bb-includes/formatting-functions.php in bbPress before 0.8.1 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors to forums/bb-edit.php, as demonstrated by a PRE element, aka the "quircky slashes bug." | |||||
| CVE-2007-2332 | 1 Nortel | 8 Vpn Router 1010, Vpn Router 1050, Vpn Router 1100 and 5 more | 2011-03-07 | 9.0 HIGH | N/A |
| Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 6_05.140 uses a fixed DES key to encrypt passwords, which allows remote authenticated users to obtain a password via a brute force attack on a hash from the LDAP store. | |||||
| CVE-2007-2333 | 1 Nortel | 3 Contivity, Vpn Router 5000, Vpn Router Portfolio | 2011-03-07 | 10.0 HIGH | N/A |
| Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 includes the FIPSecryptedtest1219 and FIPSunecryptedtest1219 default accounts in the LDAP template, which might allow remote attackers to access the private network. | |||||
| CVE-2007-2334 | 1 Nortel | 2 Contivity, Vpn Router 5000 | 2011-03-07 | 7.5 HIGH | N/A |
| Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 has two template HTML files lacking certain verification tags, which allows remote attackers to access the administration interface and change the device configuration via certain requests. | |||||
| CVE-2007-2343 | 1 Enterasys | 2 Netsight Console, Netsight Inventory Manager | 2011-03-07 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the TFTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, allows remote attackers to execute arbitrary code via crafted request packets that contain long file names. | |||||
| CVE-2007-2344 | 1 Enterasys | 2 Netsight Console, Netsight Inventory Manager | 2011-03-07 | 7.8 HIGH | N/A |
| The BOOTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, on Windows allows remote attackers to cause a denial of service (daemon crash) via a UDP packet that contains an invalid "packet type" field. | |||||
| CVE-2007-2350 | 1 Freepbx | 1 Freepbx | 2011-03-07 | 6.5 MEDIUM | N/A |
| admin/config.php in the music-on-hold module in freePBX 2.2.x allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the del parameter. | |||||
| CVE-2007-2360 | 1 Symantec | 4 Backupexec System Recovery, Livestate Recovery, Norton Ghost and 1 more | 2011-03-07 | 6.8 MEDIUM | N/A |
| Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore point images are configured, encrypt network share credentials with a key formed by a hash of the username, which allows local users to obtain the credentials by calculating the key. | |||||
| CVE-2007-2375 | 1 Symantec | 1 Enterprise Security Manager | 2011-03-07 | 10.0 HIGH | N/A |
| The agent remote upgrade interface in Symantec Enterprise Security Manager (ESM) before 20070405 does not verify the authenticity of upgrades, which allows remote attackers to execute arbitrary code via software that implements the agent upgrade protocol. | |||||
| CVE-2007-2460 | 1 Firefly | 1 Firefly | 2011-03-07 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in modules/admin/include/config.php in FireFly 1.1.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2475 | 1 Novell | 1 Securelogin | 2011-03-07 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the ADSCHEMA utility in Novell SecureLogin (NSL) 6 SP1 before 6.0.106 has unknown impact and remote attack vectors, related to granting "users excess permissions to their own attributes." | |||||
| CVE-2007-2476 | 1 Novell | 1 Securelogin | 2011-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Novell SecureLogin (NSL) 6 SP1 before 6.0.106 has unknown impact and remote attack vectors, related to Active Directory (AD) password changes. | |||||
| CVE-2007-2491 | 1 Vmware | 2 Server, Workstation | 2011-03-07 | 7.2 HIGH | N/A |
| The PIIX4 power management subsystem in EMC VMware Workstation 5.5.3.34685 and VMware Server 1.0.1.29996 allows local users to write to arbitrary memory locations via a crafted poke to I/O port 0x1004, triggering a denial of service (virtual machine crash) or other unspecified impact, a related issue to CVE-2007-1337. | |||||
| CVE-2007-2551 | 1 Wikkawiki | 1 Wikkawiki | 2011-03-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in usersettings.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter. | |||||
| CVE-2007-2635 | 1 Interchange Development Group | 1 Interchange | 2011-03-07 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Interchange before 5.4.2 allows remote attackers to cause an unspecified denial of service (possibly server hang) via crafted HTTP requests. | |||||
| CVE-2007-2680 | 1 Canon | 3 Network Camera Server Vb100, Network Camera Server Vb101, Network Camera Server Vb150 | 2011-03-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the management interface in Canon Network Camera Server VB100 and VB101 with firmware 3.0 R69 and earlier, and VB150 with firmware 1.1 R39 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-2694 | 1 Bea | 1 Weblogic Server | 2011-03-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0 GA, and 9.1 GA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-2720 | 1 Group-office | 1 Group-office Groupware | 2011-03-07 | 4.3 MEDIUM | N/A |
| Group-Office before 2.16-13 does not properly validate user IDs, which allows remote attackers to obtain sensitive information via certain requests for (1) message.php and (2) messages.php in modules/email/. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2737 | 1 Xoops | 1 Myconference Module | 2011-03-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the MyConference 1.0 module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||