Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5555 | 1 Symantec | 1 Altiris Deployment Solution | 2008-09-05 | 6.9 MEDIUM | N/A |
| Unspecified vulnerability in Symantec Altiris Deployment Solution allows attackers to obtain authentication credentials via unknown vectors, aka "Authentication Credentials Information Leakage in Altiris Deployment Solution." NOTE: this description is based on a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2007-5556 | 1 Avaya | 1 Voip Handset | 2008-09-05 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the Avaya VoIP Handset allows remote attackers to cause a denial of service (reboot) via crafted packets. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2007-5558 | 1 Lg Electronics | 1 Lg Mobile Handset | 2008-09-05 | 7.8 HIGH | N/A |
| Integer overflow in the LG Mobile handset allows remote attackers to cause a denial of service (reboot) via a crafted HTTP packet. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2007-5559 | 1 Ibm | 1 Thinkvantage Tpm | 2008-09-05 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the IBM ThinkVantage TPM Service allows remote attackers to execute arbitrary code via a crafted HTTP packet. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2007-5560 | 1 Juniper | 1 Http Service | 2008-09-05 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the Juniper HTTP Service allows remote attackers to execute arbitrary code via a crafted HTTP packet. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2007-5561 | 1 Oracle | 2 Enterprise Grid Console Server, Opmn Daemon | 2008-09-05 | 10.0 HIGH | N/A |
| Format string vulnerability in the logging function in the Oracle OPMN daemon, as used on Oracle Enterprise Grid Console server 10.2.0.1, allows remote attackers to execute arbitrary code via format string specifiers in the URI in an HTTP request to port 6003, aka Oracle reference number 6296175. NOTE: this might be the same issue as CVE-2007-0282 or CVE-2007-0280, but there are insufficient details to be sure. | |||||
| CVE-2007-5565 | 1 Phpscms | 1 Phpscms | 2008-09-05 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in includes/functions.php in phpSCMS 0.0.1-Alpha1 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue is disputed by CVE because the identified code is in a function that is not accessible via direct request. | |||||
| CVE-2007-5585 | 1 Xscreensaver | 1 Xscreensaver | 2008-09-05 | 5.0 MEDIUM | N/A |
| xscreensaver 5.03 and earlier, when running without xscreensaver-gl-extras (GL extras) installed, crashes when /usr/bin/xscreensaver-gl-helper does not exist and a user attempts to unlock the screen, which allows attackers with physical access to gain access to the locked session. | |||||
| CVE-2007-5714 | 1 Gentoo | 1 Mldonkey Ebuild | 2008-09-05 | 6.8 MEDIUM | N/A |
| The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account with an empty default password and valid login shell, which might allow remote attackers to obtain login access and execute arbitrary code. | |||||
| CVE-2007-5757 | 1 Ibm | 1 Db2 Universal Database | 2008-09-05 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in db2pd in IBM DB2 Universal Database (UDB) 8 before FixPak 16 and 9 before Fix Pack 4 allows local users to gain root privileges via a modified DB2INSTANCE environment variable that points to a malicious library. NOTE: this might be the same issue as CVE-2008-0697. | |||||
| CVE-2007-5769 | 1 Netkit-ftp | 1 Netkit Ftp | 2008-09-05 | 10.0 HIGH | N/A |
| Double free vulnerability in the getreply function in ftp.c in netkit ftp (netkit-ftp) 0.17 20040614 and later allows remote FTP servers to cause a denial of service (application crash) and possibly have unspecified other impact via some types of FTP protocol behavior. NOTE: the netkit-ftpd issue is covered by CVE-2007-6263. | |||||
| CVE-2007-5906 | 1 Xensource Inc | 1 Xen | 2008-09-05 | 4.7 MEDIUM | N/A |
| Xen 3.1.1 allows virtual guest system users to cause a denial of service (hypervisor crash) by using a debug register (DR7) to set certain breakpoints. | |||||
| CVE-2007-5142 | 1 Solidweb | 1 Novus | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in buscar.asp in Solidweb Novus 1.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-5147 | 1 Puzzle Apps Cms | 1 Puzzle Apps Cms | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Puzzle Apps CMS 2.2.1 allow remote attackers to execute arbitrary PHP code via a URL in the MODULEDIR parameter to (1) core/modules/my/my.module.php or (2) core/modules/xml/xml.module.php; the COREROOT parameter to (3) config.loader.php, (4) platform.loader.php, (5) core.loader.php, (6) person.loader.php, or (7) module.loader.php in core/ or (8) install/steps/step_3.php; or the THISDIR parameter to (9) people.lib.php, (10) general.lib.php, (11) content.lib.php, or (12) templates.lib.php in core/modules/admin/libs/ or (13) core/modules/webstat/MEC/index.php. | |||||
| CVE-2007-5159 | 3 Ntfs-3g, Redhat, Ubuntu | 3 Ntfs-3g, Fedora, Ubuntu Linux | 2008-09-05 | 4.6 MEDIUM | N/A |
| The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g package in Ubuntu 7.10/Gutsy, assign incorrect permissions (setuid root) to mount.ntfs-3g, which allows local users with fuse group membership to read from and write to arbitrary block devices, possibly involving a file descriptor leak. | |||||
| CVE-2007-5160 | 1 Restaurant Management System | 1 Restaurant Management System | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Thierry Leriche Restaurant Management System (ReMaSys) 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the DIR_ROOT parameter to (a) global.php, or the (2) DIR_PAGE parameter to (b) template/fr/page.php or (c) page/fr/boxConnection.php. | |||||
| CVE-2007-5163 | 1 Nexty | 1 Nexty | 2008-09-05 | 6.8 MEDIUM | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in includes/functions/layout.php in Nexty 1.01.A Beta allows remote attackers to execute arbitrary PHP code via a URL in the rel parameter. NOTE: this issue is disputed by CVE because the applicable include is in a function that is not called on a direct request. | |||||
| CVE-2007-5167 | 1 Phplister | 1 Phplister | 2008-09-05 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in .systeme/fonctions.php in phpLister 0.5-pre2 allows remote attackers to execute arbitrary PHP code via a URL in the nom_rep_systeme parameter. | |||||
| CVE-2007-5179 | 1 Y\&k Iletisim Formu | 1 Y\&k Iletisim Formu | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in iletisim.asp in Y&K Iletisim Formu allow remote attackers to inject arbitrary web script or HTML via the (1) ad, (2) sehir, (3) yas, (4) cins, (5) tel, (6) mail, and (7) mesaj parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-5226 | 1 Dircproxy | 1 Dircproxy | 2008-09-05 | 5.0 MEDIUM | N/A |
| irc_server.c in dircproxy 1.2.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via an ACTION command without a parameter, which triggers a NULL pointer dereference, as demonstrated using a blank /me message from irssi. | |||||