Total
555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2218 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2018-10-16 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake. | |||||
| CVE-2007-1876 | 2 Microsoft, Vmware | 3 Windows 2003 Server, Windows Xp, Workstation | 2018-10-16 | 7.2 HIGH | N/A |
| VMware Workstation before 5.5.4, when running a 64-bit Windows guest on a 64-bit host, allows local users to "corrupt the virtual machine's register context" by debugging a local program and stepping into a "syscall instruction." | |||||
| CVE-2007-1898 | 8 Apple, Hp, Jetbox and 5 more | 16 Mac Os X, Hp-ux, Tru64 and 13 more | 2018-10-16 | 5.8 MEDIUM | N/A |
| formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters. | |||||
| CVE-2007-1537 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2018-10-16 | 3.6 LOW | N/A |
| \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function. | |||||
| CVE-2007-1512 | 1 Microsoft | 4 Visual Studio .net, Windows 2000, Windows 2003 Server and 1 more | 2018-10-16 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025. | |||||
| CVE-2007-1215 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Vista and 1 more | 2018-10-16 | 7.2 HIGH | N/A |
| Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via certain "color-related parameters" in crafted images. | |||||
| CVE-2007-1212 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Vista and 1 more | 2018-10-16 | 6.6 MEDIUM | N/A |
| Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via a crafted Enhanced Metafile (EMF) image format file. | |||||
| CVE-2007-1205 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2018-10-16 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption. | |||||
| CVE-2007-1206 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2018-10-16 | 7.2 HIGH | N/A |
| The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1, and 2003 SP2; and Windows Vista before June 2006; uses insecure permissions (PAGE_READWRITE) for a physical memory view, which allows local users to gain privileges by modifying the "zero page" during a race condition before the view is unmapped. | |||||
| CVE-2007-1211 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2018-10-16 | 7.1 HIGH | N/A |
| Unspecified kernel GDI functions in Microsoft Windows 2000 SP4; XP SP2; and Server 2003 Gold, SP1, and SP2 allows user-assisted remote attackers to cause a denial of service (possibly persistent restart) via a crafted Windows Metafile (WMF) image that causes an invalid dereference of an offset in a kernel structure, a related issue to CVE-2005-4560. | |||||
| CVE-2007-1090 | 1 Microsoft | 3 Windows 2003 Server, Windows Explorer, Windows Xp | 2018-10-16 | 7.1 HIGH | N/A |
| Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder. | |||||
| CVE-2007-1070 | 2 Microsoft, Trend Micro | 6 Windows 2000, Windows 2003 Server, Windows Nt and 3 more | 2018-10-16 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll. | |||||
| CVE-2007-1043 | 9 Apple, Ezboo, Hp and 6 more | 18 Mac Os X, Webstats, Hp-ux and 15 more | 2018-10-16 | 7.5 HIGH | N/A |
| Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php. | |||||
| CVE-2007-0351 | 2 Microsoft, Zonelabs | 3 Windows 2003 Server, Windows Xp, Zonealarm | 2018-10-16 | 6.2 MEDIUM | N/A |
| Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user. | |||||
| CVE-2007-0069 | 1 Microsoft | 3 Windows 2003 Server, Windows Vista, Windows Xp | 2018-10-16 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability." | |||||
| CVE-2007-0038 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Vista and 1 more | 2018-10-16 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred. | |||||
| CVE-2006-6901 | 1 Microsoft | 1 Windows 2003 Server | 2018-10-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Bluetooth stack in Microsoft Windows allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. | |||||
| CVE-2006-7037 | 2 Mathsoft, Microsoft | 9 Mathcad, Windows 2000, Windows 2003 Server and 6 more | 2018-10-16 | 4.4 MEDIUM | N/A |
| Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to (1) bypass password protection by replacing the password field with a hash of a known password, (2) modify timestamps to avoid detection of modifications, (3) remove locks by removing the "is-locked" attribute, and (4) view locked data, which is stored in plaintext. | |||||
| CVE-2006-7034 | 9 Apple, Hp, Ibm and 6 more | 18 Mac Os X, Hp-ux, Tru64 and 15 more | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter. | |||||
| CVE-2006-7030 | 1 Microsoft | 8 Ie, Windows 2000, Windows 2003 Server and 5 more | 2018-10-16 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed HTML, possibly involving applet and base tags without required arguments, which triggers a null pointer dereference in mshtml.dll. | |||||