Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0536 | 1 Rpath | 1 Rpath Linux | 2017-07-28 | 7.2 HIGH | N/A |
| The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges. | |||||
| CVE-2007-0552 | 1 Oh No Not Another Cms | 1 Oh No Not Another Cms | 2017-07-28 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in install/default/error404.html in Oh no! Not another CMS (Onnac) 0.0.8.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the error_url parameter. | |||||
| CVE-2007-0563 | 1 Symantec | 1 Web Security | 2017-07-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web Security (SWS) before 3.0.1.85 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) error messages and (2) blocked page messages produced by SWS. | |||||
| CVE-2007-0579 | 1 Horde | 1 Groupware | 2017-07-28 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in the calendar component in Horde Groupware Webmail Edition before 1.0, and Groupware before 1.0, allows remote attackers to include certain files via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0583 | 1 Http Commander | 1 Http Commander | 2017-07-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in HTTP Commander 6.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) LogoffMessage parameter to logofflast.aspx or the (2) txtUsername parameter to Default.aspx. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0610 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-07-28 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the mailform feature in CMSimple 2.7 fix1 allows remote attackers to inject arbitrary web script or HTML via the sender parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0615 | 1 Hitachi | 2 Hibun Advanced Edition Server, Jpi Hibun Advanced Edition Server | 2017-07-28 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Hitachi JP1/HIBUN Advanced Edition Management Server and Log Server before 20070124 allows remote attackers to cause a denial of service (application stop) via unexpected data. | |||||
| CVE-2007-0616 | 1 Zenphoto | 1 Zenphoto | 2017-07-28 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in zen/template-functions.php in zenphoto 1.0.4 up to 1.0.6 allows remote attackers to list arbitrary directories via ".." sequences in the album parameter to index.php. | |||||
| CVE-2007-0617 | 1 Earthlink | 1 Total Access | 2017-07-28 | 6.8 MEDIUM | N/A |
| The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked "safe for scripting," which allows remote attackers to add arbitrary e-mail addresses and domains to the spam blocker whitelist via the (1) AddSenderToWhitelist and (2) AddDomainToWhitelist functions. | |||||
| CVE-2007-0618 | 1 Ibm | 1 Aix | 2017-07-28 | 7.5 HIGH | N/A |
| Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability." | |||||
| CVE-2007-0625 | 1 Nomachine | 1 Nx Server | 2017-07-28 | 4.9 MEDIUM | N/A |
| nxconfigure.sh in NoMachine NX Server before 2.1.0-18 does not validate the invoking user, which allows local users to modify server configuration keys in /usr/NX/etc/server.cfg, resulting in an unspecified denial of service. | |||||
| CVE-2007-0627 | 1 Michael Still | 1 Gtalkbot | 2017-07-28 | 4.9 MEDIUM | N/A |
| Michael Still gtalkbot before 1.2 places username and password arguments on the command line, which allows local users to obtain sensitive information by listing the process. | |||||
| CVE-2007-0628 | 1 Sun | 1 Java System Access Manager | 2017-07-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the (1) goto or (2) gx-charset parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0629 | 1 Plain Black | 1 Webgui | 2017-07-28 | 6.4 MEDIUM | N/A |
| The www_purgeList method in Plain Black WebGUI before 7.3.8 does not properly check user permissions, which allows attackers to delete unauthorized assets. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0640 | 1 Zabbix | 1 Zabbix | 2017-07-28 | 10.0 HIGH | N/A |
| Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses." | |||||
| CVE-2007-0650 | 1 Makeindex | 1 Makeindex | 2017-07-28 | 6.8 MEDIUM | N/A |
| Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in teTeX might allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename. NOTE: other overflows exist but might not be exploitable, such as a heap-based overflow in the check_idx function. | |||||
| CVE-2007-0655 | 1 Microworld Technologies | 1 Escan | 2017-07-28 | 10.0 HIGH | N/A |
| The MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan 8.0.671.1, and possibly other versions, allows remote or local attackers to gain privileges and execute arbitrary commands by connecting directly to TCP port 2222. | |||||
| CVE-2007-0657 | 1 Alientrap | 1 Nexuiz | 2017-07-28 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Nexuiz 2.2.2 allows remote attackers to read and overwrite arbitrary files via the gamedir command. | |||||
| CVE-2007-0658 | 1 Drupal | 2 Drupal, Textimage | 2017-07-28 | 5.0 MEDIUM | N/A |
| The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal and the (2) Captcha 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal allow remote attackers to bypass the CAPTCHA test via an empty captcha element in $_SESSION. | |||||
| CVE-2007-0660 | 1 Dotnetnuke | 1 Dotnetnuke Iframe | 2017-07-28 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the IFrame module before 03.02.01 for DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "Pass through values." | |||||