Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3245 | 1 Irc Services | 1 Irc Services | 2017-07-28 | 5.0 MEDIUM | N/A |
| IRC Services before 5.0.62, and 5.1 before 5.1pre3, allows remote attackers to disconnect users with guest nicknames by linking a guest nickname to a nickname that is already registered. | |||||
| CVE-2007-3246 | 1 Irc Services | 1 Irc Services | 2017-07-28 | 5.0 MEDIUM | N/A |
| The do_set_password function in modules/chanserv/set.c in IRC Services before 5.0.60 preserves channel founder privileges across a channel password change (ChanServ SET PASSWORD), which allows remote authenticated users to obtain the new password through automated e-mail, or perform privileged actions without knowing the new password. | |||||
| CVE-2007-3247 | 1 Virtuemart | 1 Virtuemart | 2017-07-28 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in VirtueMart before 1.0.11 allows remote attackers to execute arbitrary SQL commands via unspecified parameters, possibly related to improper input validation of the PATH_INFO (PHP_SELF) by virtuemart_parser.php. | |||||
| CVE-2007-3249 | 1 Joomla | 1 Letterman Subscriber | 2017-07-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mod_lettermansubscribe.php in the Letterman Subscriber (mod_letterman) before 1.2.5 module for Joomla! allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter. | |||||
| CVE-2007-3253 | 1 Astaro | 1 Security Gateway | 2017-07-28 | 7.8 HIGH | N/A |
| Multiple unspecified vulnerabilities in Astaro Security Gateway (ASG) before 7.005 allow remote attackers to cause a denial of service via (1) certain email, which stops the SMTP Proxy during scanning; (2) certain HTTP traffic, which stops or slows down the HTTP proxy during HTTP responses containing virus scanned web pages; and (3) a disconnection during a streaming session. | |||||
| CVE-2007-3258 | 1 Vincent Hor | 1 Calendarix | 2017-07-28 | 5.0 MEDIUM | N/A |
| calendar.php in Calendarix 0.7.20070307 allows remote attackers to obtain sensitive information via large values to the (1) year and (2) month parameters, which causes negative values to be passed to the mktime library call, and reveals the installation path in the error message. | |||||
| CVE-2007-3260 | 1 Hp | 1 System Management Homepage | 2017-07-28 | 9.0 HIGH | N/A |
| HP System Management Homepage (SMH) before 2.1.9 for Linux, when used with Novell eDirectory, assigns the eDirectory members to the root group, which allows remote authenticated eDirectory users to gain privileges. | |||||
| CVE-2007-3261 | 1 Dkret | 1 Dkret | 2017-07-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in widgets/widget_search.php in dKret before 2.6 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). | |||||
| CVE-2007-3262 | 1 Ibm | 1 Websphere Application Server | 2017-07-28 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to cause a denial of service related to a thread hang, and possibly related to a "TCP issue," or to MPAlarmThread and a resultant memory leak. | |||||
| CVE-2007-3263 | 1 Ibm | 1 Websphere Application Server | 2017-07-28 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors, related to "incorrect authorization on a remote interface to the SDO repository." | |||||
| CVE-2007-3264 | 1 Ibm | 1 Websphere Application Server | 2017-07-28 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors. | |||||
| CVE-2007-3265 | 1 Ibm | 1 Websphere Application Server | 2017-07-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Samples component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-3268 | 1 Ibm | 1 Tivoli Provisioning Manager Os Deployment | 2017-07-28 | 5.0 MEDIUM | N/A |
| The TFTP implementation in IBM Tivoli Provisioning Manager for OS Deployment 5.1 before Fix Pack 3 allows remote attackers to cause a denial of service (rembo.exe crash and multiple service outage) via a read (RRQ) request with an invalid blksize (blocksize), which triggers a divide-by-zero error. | |||||
| CVE-2007-3275 | 1 Mailwasher | 1 Mailwasher Server | 2017-07-28 | 7.1 HIGH | N/A |
| MailWasher Server before 2.2.1, when used with LDAP or Active Directory (AD), does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account, possibly related to the LoginCheck::doPost function in mwi/servlet/Login.cpp. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-3276 | 1 Siteatschool | 1 Siteatschool | 2017-07-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Site@School (S@S) 2.4.10 allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-3277 | 1 Wikindx | 1 Wikindx | 2017-07-28 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the localization before 1.2 module for WIKINDX allows attackers to access certain administrative capabilities via unknown vectors. | |||||
| CVE-2007-3300 | 1 F-secure | 6 F-secure Anti-virus, F-secure Anti-virus Linux Client Security, F-secure Anti-virus Linux Server Security and 3 more | 2017-07-28 | 9.3 HIGH | N/A |
| Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive. | |||||
| CVE-2007-3305 | 1 Cerulean Studios | 1 Trillian | 2017-07-28 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in Cerulean Studios Trillian 3.x before 3.1.6.0 allows remote attackers to execute arbitrary code via a message sent through the MSN protocol, or possibly other protocols, with a crafted UTF-8 string, which triggers improper memory allocation for word wrapping when a window width is used as a buffer size, a different vulnerability than CVE-2007-2478. | |||||
| CVE-2007-3310 | 1 Tdizin | 1 Tdizin | 2017-07-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in arama.asp in TDizin allows remote attackers to inject arbitrary web script or HTML via the ara parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-3314 | 1 Altap | 2 Portable Executable Viewer, Servant Salamander | 2017-07-28 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in peviewer.spl in Altap Servant Salamander 2.5 with Portable Executable Viewer 2.02 (English Trial), and 2.0 with Portable Executable Viewer 1.00 (English Trial), allows remote attackers to execute arbitrary code via a long PDB debug filename in a PE file. | |||||