Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2268 | 1 Swsoft | 1 Plesk | 2011-03-07 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in SWsoft Plesk for Windows 7.6.1, 8.1.0, and 8.1.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter to (1) login.php3 or (2) login_up.php3. | |||||
| CVE-2007-2309 | 1 Flowers | 1 Flowers | 2011-03-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 allows remote attackers to inject arbitrary web script or HTML via the den parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2315 | 1 Minishare | 1 Minimal Http Server | 2011-03-07 | 7.8 HIGH | N/A |
| MiniShare 1.5.4, and possibly earlier, allows remote attackers to cause a denial of service (application crash) via a flood of requests for new connections. | |||||
| CVE-2007-2316 | 1 Open Business Management | 1 Open Business Management | 2011-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the admin script in Open Business Management (OBM) before 2.0.0 allows remote attackers to have an unknown impact by calling the script "in txt mode from a browser." | |||||
| CVE-2007-1361 | 1 Virtuemart | 1 Virtuemart | 2011-03-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in virtuemart_parser.php in VirtueMart before 20070213 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue is probably different than CVE-2007-0376. | |||||
| CVE-2007-1384 | 1 Joris Guisson | 1 Ktorrent | 2011-03-07 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.2 allows remote attackers to overwrite arbitrary files via ".." sequences in a torrent filename. | |||||
| CVE-2007-1385 | 1 Joris Guisson | 1 Ktorrent | 2011-03-07 | 7.5 HIGH | N/A |
| chunkcounter.cpp in KTorrent before 2.1.2 allows remote attackers to cause a denial of service (crash) and heap corruption via a negative or large idx value. | |||||
| CVE-2007-1400 | 1 Plesh | 1 Plesh | 2011-03-07 | 6.9 MEDIUM | N/A |
| Plash permits sandboxed processes to open /dev/tty, which allows local users to escape sandbox restrictions and execute arbitrary commands by sending characters to a shell process on the same termimal via the TIOCSTI ioctl. | |||||
| CVE-2007-1419 | 1 Sun | 1 Java Dynamic Management Kit | 2011-03-07 | 4.3 MEDIUM | N/A |
| The Java Management Extensions Remote API Remote Method Invocation over Internet Inter-ORB Protocol (JMX RMI-IIOP) API in Java Dynamic Management Kit 5.1 before 20070309 does not properly enforce the java.policy, which allows local users to obtain certain MBeans data access by operating a server application accessed by a privileged remote authenticated user. | |||||
| CVE-2007-1426 | 1 Astrocam | 1 Astrocam | 2011-03-07 | 7.8 HIGH | N/A |
| The web interface in AstroCam 2.0.0 through 2.6.5 allows remote attackers to cause a denial of service (daemon shutdown) via requests that contain a large amount of data in the "a" variable, which "fills up the message queue." | |||||
| CVE-2007-1431 | 1 Pennmush | 1 Pennmush | 2011-03-07 | 7.8 HIGH | N/A |
| Multiple unspecified vulnerabilities in PennMUSH 1.8.3 before 1.8.3p1 and 1.8.2 before 1.8.2p3 allow attackers to cause a denial of service (crash) related to the (1) speak and (2) buy functions. | |||||
| CVE-2007-1444 | 1 Netperf | 1 Netperf | 2011-03-07 | 4.4 MEDIUM | N/A |
| netserver in netperf 2.4.3 allows local users to overwrite arbitrary files via a symlink attack on /tmp/netperf.debug. | |||||
| CVE-2007-1457 | 1 Christian Scheurer | 2 Unrarlib, Urarfilelib | 2011-03-07 | 10.0 HIGH | N/A |
| Buffer overflow in the urarlib_get function in Christian Scheurer UniquE RAR File Library (unrarlib, aka URARFileLib) 0.4 allows context-dependent attackers to execute arbitrary code via a long (1) filename, (2) rarfile, or (3) libpassword argument. | |||||
| CVE-2007-1498 | 1 Mcafee | 2 Epolicy Orchestrator, Protectionpilot | 2011-03-07 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ActiveX control (SiteManager.dll) in the ePO management console in McAfee ePolicy Orchestrator (ePO) before 3.6.1 Patch 1 and ProtectionPilot (PRP) before 1.5.0 HotFix allow remote attackers to execute arbitrary code via a long argument to the (1) ExportSiteList and (2) VerifyPackageCatalog functions, and (3) unspecified vectors involving a swprintf function call. | |||||
| CVE-2007-1521 | 1 Php | 1 Php | 2011-03-07 | 6.8 MEDIUM | N/A |
| Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation. | |||||
| CVE-2007-1522 | 1 Php | 1 Php | 2011-03-07 | 6.8 MEDIUM | N/A |
| Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted, as demonstrated by triggering a memory limit violation or certain PHP errors. | |||||
| CVE-2007-1526 | 1 Sun | 1 Java System Web Server | 2011-03-07 | 6.0 MEDIUM | N/A |
| Sun Java System Web Server 6.1 before 20070314 allows remote authenticated users with revoked client certificates to bypass the Certificate Revocation List (CRL) authorization control and access secure web server instances running under an account different from that used for the admin server via unspecified vectors. | |||||
| CVE-2007-1554 | 1 Guestbara | 1 Guestbara | 2011-03-07 | 6.8 MEDIUM | N/A |
| Direct static code injection vulnerability in admin/configuration.php in Guestbara 1.2 and earlier allows remote authenticated users to inject arbitrary PHP code into config.php via the (1) admin_mail, (2) emotpatch, (3) login, (4) pass, and unspecified other parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-1567 | 1 War Ftp Daemon | 1 War Ftp Daemon | 2011-03-07 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in War FTP Daemon 1.65, and possibly earlier, allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors, as demonstrated by warftp_165.tar by Immunity. NOTE: this might be the same issue as CVE-1999-0256, CVE-2000-0131, or CVE-2006-2171, but due to Immunity's lack of details, this cannot be certain. | |||||
| CVE-2007-1572 | 1 Sourceforge | 1 Jgbbs | 2011-03-07 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter, a different vector than CVE-2007-1440. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||