Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2243 | 1 Openbsd | 1 Openssh | 2017-07-28 | 5.0 MEDIUM | N/A |
| OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483. | |||||
| CVE-2007-2245 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-28 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the fieldkey parameter to browse_foreigners.php or (2) certain input to the PMA_sanitize function. | |||||
| CVE-2007-2251 | 1 Xaraya | 1 Xaraya | 2017-07-28 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Roles module in Xaraya 1.1.2 and earlier allows attackers to gain privileges via unspecified vectors, probably related to incorrect permission checking in xartemplates/user-view.xd. | |||||
| CVE-2007-2252 | 1 Exponent | 1 Exponent Cms | 2017-07-28 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in iconspopup.php in Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain sensitive information via a .. (dot dot) in the icodir parameter. | |||||
| CVE-2007-2253 | 1 Exponent | 1 Exponent Cms | 2017-07-28 | 5.0 MEDIUM | N/A |
| Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain path information via a direct request for (1) sdk/blanks/formcontrol.php and (2) sdk/blanks/file_modules.php. | |||||
| CVE-2007-2267 | 1 Sun | 1 Cluster | 2017-07-28 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Sun Cluster 3.1 and Solaris Cluster 3.2 before 20070424 allows remote authenticated users, operating from a different cluster node, to cause a denial of service (data corruption or send_mondo panic) via unspecified vectors, as demonstrated by EMC Symcli backup software 6.2.1. | |||||
| CVE-2007-2275 | 1 Hp | 3 Storageworks Command View, Storageworks Replication Monitor, Storageworks Tiered Storage Manager | 2017-07-28 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in HP StorageWorks Command View Advanced Edition for XP before 5.6.0-01, XP Replication Monitor before 5.6.0-01, and XP Tiered Storage Manager before 5.5.0-02 allows local users to access other accounts via unspecified vectors during registration or addition of new users. | |||||
| CVE-2007-2282 | 1 Cisco | 1 Netflow Collection Engine | 2017-07-28 | 10.0 HIGH | N/A |
| Cisco Network Services (CNS) NetFlow Collection Engine (NFC) before 6.0 has an nfcuser account with the default password nfcuser, which allows remote attackers to modify the product configuration and, when installed on Linux, obtain login access to the host operating system. | |||||
| CVE-2007-2295 | 1 Apple | 1 Quicktime | 2017-07-28 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the JVTCompEncodeFrame function in Apple Quicktime 7.1.5 and other versions before 7.2 allows remote attackers to execute arbitrary code via a crafted H.264 MOV file. | |||||
| CVE-2007-2296 | 1 Apple | 1 Quicktime | 2017-07-28 | 9.3 HIGH | N/A |
| Integer overflow in the FlipFileTypeAtom_BtoN function in Apple Quicktime 7.1.5, and other versions before 7.2, allows remote attackers to execute arbitrary code via a crafted M4V (MP4) file. | |||||
| CVE-2007-2321 | 1 Silverstripe | 1 Silverstripe | 2017-07-28 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the search functionality in SilverStripe 2.0.0 has unknown impact and attack vectors. | |||||
| CVE-2007-2322 | 1 Nero | 2 Mediahome, Mediahome Ce | 2017-07-28 | 7.8 HIGH | N/A |
| NMMediaServer.exe in Nero MediaHome 2.5.5.0 and CE 1.3.0.4 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted packet that contains two CRLF sequences. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2323 | 1 Intervideo | 1 Home Theater | 2017-07-28 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the WinDVDX ActiveX control in InterVideo Home Theater 2.1.13.0 and 2.5.13.58 allow remote attackers to execute arbitrary code via a long string argument to the (1) GetDiscType or (2) AddFileList method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2335 | 1 Lunascape | 1 Lunascape | 2017-07-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the RSS feed reader functionality in Lunascape 4.1.3 build2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-2336 | 1 Intervations | 1 Navicopa Web Server | 2017-07-28 | 7.8 HIGH | N/A |
| Unspecified vulnerability in InterVations NaviCOPA Web Server 2.01 20070323 allows remote attackers to cause a denial of service (daemon crash) via crafted HTTP requests, as demonstrated by long requests containing '\A' characters, probably a different issue than CVE-2006-5112 and CVE-2007-1733. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2337 | 1 Oicgroup | 1 Exponent Cms | 2017-07-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS 0.96.6 Alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (b) magpie_simple.php in external/magpierss/scripts/, the (2) rss_url parameter to (c) magpie_slashbox.php in external/magpierss/scripts/, and the (3) body parameter to the (d) weblogmodule (aka Weblog Comments) module. | |||||
| CVE-2007-2349 | 1 Invision Power Services | 1 Invision Power Board | 2017-07-28 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows remote attackers to inject arbitrary web script or HTML by uploading crafted images or PDF files. | |||||
| CVE-2007-2351 | 1 Hp | 2 Hp-ux, Power Manager Remote Agent | 2017-07-28 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the HP Power Manager Remote Agent (RA) 4.0Build10 and earlier in HP-UX B.11.11 and B.11.23 allows local users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-2353 | 1 Apache | 1 Axis | 2017-07-28 | 5.0 MEDIUM | N/A |
| Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message. | |||||
| CVE-2007-2355 | 1 Opendap | 1 Server3 | 2017-07-28 | 10.0 HIGH | N/A |
| The get_url function in DODS_Dispatch.pm for the CGI_server in OPeNDAP 3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. | |||||