Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3142 | 1 Opera | 1 Opera Browser | 2017-07-28 | 5.8 MEDIUM | N/A |
| Visual truncation vulnerability in Opera 9.21 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after 34 characters, as demonstrated by a phishing attack using HTTP Basic Authentication. | |||||
| CVE-2007-3143 | 1 Kde | 1 Konqueror | 2017-07-28 | 6.4 MEDIUM | N/A |
| Visual truncation vulnerability in Konqueror 3.5.5 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication. | |||||
| CVE-2007-3144 | 1 Mozilla | 1 Mozilla | 2017-07-28 | 6.4 MEDIUM | N/A |
| Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication. | |||||
| CVE-2007-3145 | 1 Galeon | 1 Galeon Browser | 2017-07-28 | 5.8 MEDIUM | N/A |
| Visual truncation vulnerability in Galeon 2.0.1 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication. | |||||
| CVE-2007-3152 | 1 Daniel Stenberg | 1 C-ares | 2017-07-28 | 7.5 HIGH | N/A |
| c-ares before 1.4.0 uses a predictable seed for the random number generator for the DNS Transaction ID field, which might allow remote attackers to spoof DNS responses by guessing the field value. | |||||
| CVE-2007-3153 | 1 Daniel Stenberg | 1 C-ares | 2017-07-28 | 5.0 MEDIUM | N/A |
| The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random number sequence (Unix rand), which makes it easier for remote attackers to spoof DNS responses by guessing certain values. | |||||
| CVE-2007-3154 | 1 Egroupware | 1 Egroupware | 2017-07-28 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka wz_tooltips) before 4.01, as used by eGroupWare before 1.2.107-2 and other packages, has unknown impact and remote attack vectors. | |||||
| CVE-2007-3155 | 1 Egroupware | 1 Egroupware | 2017-07-28 | 10.0 HIGH | N/A |
| Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown impact and attack vectors related to ADOdb. NOTE: due to lack of details from the vendor, it is uncertain whether this issue is already covered by another CVE identifier. | |||||
| CVE-2007-3157 | 1 Safenet | 2 Safenet Highassurance Remote, Softremote Vpn Client | 2017-07-28 | 5.0 MEDIUM | N/A |
| IPSecDrv.sys 10.4.0.12 in SafeNET High Assurance Remote 1.4.0 Build 12, and SoftRemote, allows remote attackers to cause a denial of service (infinite loop and system hang) via an invalid packet with certain bytes in an option header, possibly related to the IPv6 support for IPSec. | |||||
| CVE-2007-3163 | 1 Frederico Caldeira Knabben | 1 Fckeditor | 2017-07-28 | 5.0 MEDIUM | N/A |
| Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by .php::$DATA filenames, a related issue to CVE-2006-0658. | |||||
| CVE-2007-3170 | 1 Uebimiau | 1 Uebimiau | 2017-07-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Uebimiau Webmail allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to redirect.php or (2) the selected_theme parameter to demo/pop3/error.php. | |||||
| CVE-2007-3171 | 1 Uebimiau | 1 Uebimiau | 2017-07-28 | 5.0 MEDIUM | N/A |
| Uebimiau Webmail allows remote attackers to obtain sensitive information via a request to demo/pop3/error.php with an invalid value of the (1) smarty or (2) selected_theme parameter, which reveals the path in various error messages. | |||||
| CVE-2007-3172 | 1 Uebimiau | 1 Uebimiau | 2017-07-28 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in demo/pop3/error.php in Uebimiau Webmail allows remote attackers to determine the existence of arbitrary directories via an absolute pathname and .. (dot dot) in the selected_theme parameter. | |||||
| CVE-2007-3174 | 1 W2b | 1 Online Banking | 2017-07-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in auth.w2b in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the adtype parameter, a different vector than CVE-2006-1980. | |||||
| CVE-2007-3175 | 1 W2b | 1 Online Banking | 2017-07-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in W2B Online Banking allow remote attackers to execute arbitrary SQL commands via (1) the draft parameter to mailer.w2b or (2) the listDocPay parameter to DocPay.w2b. | |||||
| CVE-2007-3176 | 1 Ingate | 2 Ingate Firewall, Ingate Siparator | 2017-07-28 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Ingate Firewall and SIParator before 4.5.2 allows remote authenticated users without full privileges to download a Support Report. | |||||
| CVE-2007-3177 | 1 Ingate | 2 Ingate Firewall, Ingate Siparator | 2017-07-28 | 5.0 MEDIUM | N/A |
| Ingate Firewall and SIParator before 4.5.2 allow remote attackers to bypass SIP authentication via a certain maddr parameter. | |||||
| CVE-2007-3181 | 2 Bakbone, Firebirdsql | 2 Netvault, Firebird | 2017-07-28 | 10.0 HIGH | N/A |
| Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows remote attackers to execute arbitrary code via a large p_cnct_count value in a p_cnct structure in a connect (0x01) request to port 3050/tcp, related to "an InterBase version of gds32.dll." | |||||
| CVE-2007-3185 | 1 Apple | 1 Safari | 2017-07-28 | 7.8 HIGH | N/A |
| Apple Safari Beta 3.0.1 for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi. | |||||
| CVE-2007-3187 | 1 Apple | 1 Safari | 2017-07-28 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Apple Safari for Windows allow remote attackers to cause a denial of service or execute arbitrary code, possibly involving memory corruption, and a different issue from CVE-2007-3185 and CVE-2007-3186. NOTE: as of 20070612, the original disclosure has no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||