Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1418 | 1 Mindtouch | 1 Dekiwiki | 2017-07-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in skins/ace/popup-notopic.php in MindTouch OpenGarden DekiWiki before Gooseberry++ allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||||
| CVE-2007-1465 | 1 Dproxy | 1 Dproxy | 2017-07-28 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in dproxy.c for dproxy 0.1 through 0.5 allows remote attackers to execute arbitrary code via a long DNS query packet to UDP port 53. | |||||
| CVE-2007-1474 | 1 Horde | 2 Horde Application Framework, Imp | 2017-07-28 | 6.8 MEDIUM | N/A |
| Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames. | |||||
| CVE-2007-1488 | 1 Sun | 1 Java System Web Server | 2017-07-28 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 before 20070315 allows remote attackers to "gain unauthorized access to data", possibly involving a sample application. | |||||
| CVE-2007-1500 | 1 Gentoo | 1 Linux | 2017-07-28 | 4.3 MEDIUM | N/A |
| The Linux Security Auditing Tool (LSAT) allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using /tmp/lsat1.lsat. | |||||
| CVE-2007-1507 | 1 Openafs | 1 Openafs | 2017-07-28 | 7.5 HIGH | N/A |
| The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the cache. | |||||
| CVE-2007-1542 | 1 Cisco | 2 7940 Router, 7960 Router | 2017-07-28 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Cisco IP Phone 7940 and 7960 running firmware before POS8-6-0 allows remote attackers to cause a denial of service via the Remote-Party-ID sipURI field in a SIP INVITE request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-1559 | 1 Roxio | 1 Cineplayer | 2017-07-28 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in SonicDVDDashVRNav.dll in Roxio CinePlayer 3.2 allow remote attackers to execute arbitrary code via (1) unspecified long property values to SonicMediaPlayer.dll or (2) long arguments to unspecified methods in SonicMediaPlayer.dll. | |||||
| CVE-2007-1587 | 1 Tim Soderstrom | 1 Statsdawg | 2017-07-28 | 10.0 HIGH | N/A |
| templates/config/mail.tpl in Tim Soderstrom StatsDawg 0.92 allows remote attackers to execute arbitrary programs by specifying the program name in the qshapeLocation parameter. | |||||
| CVE-2007-1590 | 1 Grandstream | 1 Budgetone 200 | 2017-07-28 | 7.8 HIGH | N/A |
| The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and bootloader 1.1.1.5, allows remote attackers to cause a denial of service (device crash) via SIP (1) INVITE, (2) CANCEL, or unspecified other messages with a WWW-Authenticate header containing a crafted Digest domain. | |||||
| CVE-2007-1593 | 1 Symantec | 1 Veritas Volume Replicator | 2017-07-28 | 5.0 MEDIUM | N/A |
| The administrative service in Symantec Veritas Volume Replicator (VVR) for Windows 3.1 through 4.3, and VVR for Unix 3.5 through 5.0, in Symantec Storage Foundation products allows remote attackers to cause a denial of service (memory consumption and service crash) via a crafted packet to the service port (8199/tcp) that triggers a request for more memory than available, which causes the service to write to an invalid pointer. | |||||
| CVE-2007-1598 | 1 Intervations | 1 Filecopa | 2017-07-28 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in InterVations FileCOPA FTP Server 1.01 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by filecopa.tar by Immunity. NOTE: some of these details are obtained from third party information. NOTE: As of 20070322, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2007-1608 | 1 Ibm | 1 Websphere Application Server | 2017-07-28 | 7.5 HIGH | N/A |
| CRLF injection vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.19 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a single CRLF sequence in a context that is not a valid multi-line header. | |||||
| CVE-2007-1610 | 1 Glue Software | 1 Newsglue | 2017-07-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the RSS reader in Glue Software NewsGlue before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via a feed. | |||||
| CVE-2007-1611 | 1 Sourcenext | 1 Ikanari Jijyou | 2017-07-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the RSS reader in a certain SOURCENEXT product, probably IKANARI JIJYOU 1.0.0 and 1.0.1, allows remote attackers to inject arbitrary web script or HTML via the title of an article in a feed. | |||||
| CVE-2007-1649 | 1 Php | 1 Php | 2017-07-28 | 7.8 HIGH | N/A |
| PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with S:, which does not properly track the number of input bytes being processed. | |||||
| CVE-2007-1650 | 1 Pcapsipdump | 1 Pcapsipdump | 2017-07-28 | 7.8 HIGH | N/A |
| pcapsipdump.cpp in pcapsipdump before 0.1.3 allows remote attackers to cause a denial of service (application crash) via a malformed SIP packet, which results in a NULL pointer dereference. | |||||
| CVE-2007-1654 | 1 Netsieben | 1 Netsieben Ssh Library | 2017-07-28 | 9.3 HIGH | N/A |
| Buffer overflow in the Ne7sshSftp::addOpenHandle function in ne7ssh_sftp.cpp in NetSieben SSH Library (ne7ssh) before 1.2.1 allows user-assisted remote SFTP servers to cause a denial of service (crash) or possibly execute arbitrary code via multiple file transfers, related to multiple open file handles in SFTP (1) put and (2) get operations. | |||||
| CVE-2007-1663 | 2 Debian, Ekg | 2 Debian Linux, Ekg | 2017-07-28 | 5.0 MEDIUM | N/A |
| Memory leak in the image message functionality in ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service. | |||||
| CVE-2007-1664 | 2 Debian, Ekg | 2 Debian Linux, Ekg | 2017-07-28 | 5.0 MEDIUM | N/A |
| ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service (NULL pointer dereference) via a vector related to the token OCR functionality. | |||||