Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2500 | 1 Gnu | 1 Flash Player | 2017-07-28 | 10.0 HIGH | N/A |
| server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an arbitrary address, probably resultant from a buffer overflow. | |||||
| CVE-2007-2501 | 1 Fernando M.a.d.s. | 1 Codepress | 2017-07-28 | 7.5 HIGH | N/A |
| Eval injection vulnerability in codepress.html in CodePress before 0.9.4 allows remote attackers to execute arbitrary code via certain input that is used in an eval function call. | |||||
| CVE-2007-2502 | 1 Hp | 1 Procurve Switch 9300m | 2017-07-28 | 7.8 HIGH | N/A |
| Unspecified vulnerability in HP ProCurve 9300m Series switches with software 08.0.01c through 08.0.01j allows remote attackers to cause a denial of service via unknown vectors, a different switch series than CVE-2006-4015. | |||||
| CVE-2007-2513 | 1 Novell | 1 Groupwise | 2017-07-28 | 4.3 MEDIUM | N/A |
| Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before 6.5 post-SP6 20070522, allows remote attackers to obtain credentials via a man-in-the-middle attack. | |||||
| CVE-2007-2519 | 1 Php Group | 1 Pear | 2017-07-28 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions. | |||||
| CVE-2007-2533 | 1 Trend Micro | 1 Serverprotect | 2017-07-28 | 10.0 HIGH | N/A |
| Multiple buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2- Build 1174 allow remote attackers to execute arbitrary code via a crafted RPC message processed by the (1) the RPCFN_ActiveRollback function in (a) stcommon.dll, or the (2) ENG_SetRealTimeScanConfigInfo or (3) ENG_SendEmail functions in (b) eng50.dll. | |||||
| CVE-2007-2563 | 1 Versalsoft | 1 Http File Upload Activex Control | 2017-07-28 | 9.3 HIGH | N/A |
| Buffer overflow in the AddFile function in VersalSoft HTTP File Upload ActiveX control (UFileUploaderD.dll) allows remote attackers to execute arbitrary code via a long argument. | |||||
| CVE-2007-2564 | 1 Sienzo | 1 Digital Music Mentor | 2017-07-28 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in the Sienzo Digital Music Mentor (DMM) 2.6.0.4 ActiveX control (DSKernel2.dll) allow remote attackers to execute arbitrary code via a long argument to the (1) LockModules or (2) UnlockModule function. | |||||
| CVE-2007-2568 | 1 Vcdgear | 1 Vcdgear | 2017-07-28 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in VCDGear 3.55 allow user-assisted remote attackers to execute arbitrary code via a long (1) tag or (2) track type in a CUE file. | |||||
| CVE-2007-2584 | 1 Mcafee | 3 Security Center, Securitycenter Agent, Virusscan | 2017-07-28 | 10.0 HIGH | N/A |
| Buffer overflow in the IsOldAppInstalled function in the McSubMgr.McSubMgr Subscription Manager ActiveX control (MCSUBMGR.DLL) in McAfee SecurityCenter before 6.0.25 and 7.x before 7.2.147 allows remote attackers to execute arbitrary code via a crafted argument. | |||||
| CVE-2007-2585 | 1 Barcodewiz | 1 Barcode Activex Control | 2017-07-28 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the Verify function in the BarCodeWiz ActiveX control 2.0 and 2.52 (BarcodeWiz.dll) allows remote attackers to execute arbitrary code via a long argument. | |||||
| CVE-2007-2588 | 1 Office Ocx | 1 Office Viewer Ocx | 2017-07-28 | 9.3 HIGH | N/A |
| Multiple buffer overflows in the Office Viewer OCX ActiveX control (oa.ocx) 3.2 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long argument to the (1) HttpDownloadFile, (2) Open, (3) OpenWebFile, (4) DoOleCommand, (5) FTPDownloadFile, (6) FTPUploadFile, (7) HttpUploadFile, (8) Save, or (9) SaveWebFile function. | |||||
| CVE-2007-2595 | 1 Rscript | 1 Rsauction | 2017-07-28 | 6.5 MEDIUM | N/A |
| RSAuction 2.73.1.3 allows remote authenticated users to move their own account status from Suspended to Active via a direct request for the activation URL that is provided at the time of account registration. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2610 | 1 Openld | 1 Openld | 2017-07-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in OpenLD before 1.1.9, and 1.1-modified before 1.1-modified3, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the Search feature, possibly the term parameter. | |||||
| CVE-2007-2616 | 1 Novell | 1 Netmail | 2017-07-28 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the SSL version of the NMDMC.EXE service in Novell NetMail 3.52e FTF2 and probably earlier allows remote attackers to execute arbitrary code via a crafted request. | |||||
| CVE-2007-2619 | 1 Symantec | 1 Pcanywhere | 2017-07-28 | 4.6 MEDIUM | N/A |
| Symantec pcAnywhere 11.5.x and 12.0.x retains unencrypted login credentials for the most recent login within process memory, which allows local administrators to obtain the credentials by reading process memory, a different vulnerability than CVE-2006-3785. | |||||
| CVE-2007-2624 | 1 Aiocp | 1 Aiocp | 2017-07-28 | 6.8 MEDIUM | N/A |
| Dynamic variable evaluation vulnerability in shared/config/cp_config.php in All In One Control Panel (AIOCP) before 1.3.016 allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks via the SERVER superglobal array. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2632 | 1 Php Multi User Randomizer | 1 Php Multi User Randomizer | 2017-07-28 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP Multi User Randomizer (phpMUR) 2006.09.13 allow remote attackers to inject arbitrary web script or HTML via (1) the edit_plugin parameter to configure_plugin.tpl.php, or (2) certain array parameters to web/phpinfo.php, as demonstrated by 1[] or a[]. | |||||
| CVE-2007-2633 | 1 Positive Software | 1 Sitestudio | 2017-07-28 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in H-Sphere SiteStudio 1.6 allows remote attackers to read, or include and execute, arbitrary local files via a .. (dot dot) in the template parameter. | |||||
| CVE-2007-2634 | 1 Agner Fog | 1 Aforum | 2017-07-28 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in common/errormsg.php in aForum 1.32 and possibly earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||