Total
27 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-3341 | 1 Microsoft | 2 All Windows, Internet Explorer | 2021-07-23 | 10.0 HIGH | N/A |
Unspecified vulnerability in the FTP implementation in Microsoft Internet Explorer allows remote attackers to "see a valid memory address" via unspecified vectors, a different issue than CVE-2007-0217. | |||||
CVE-2007-1280 | 2 Adobe, Microsoft | 3 Robohelp, Robohelp Server, All Windows | 2018-10-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5, 6, and Server 6 allows remote attackers to inject arbitrary web script or HTML via a URL after a # (hash) in the URL path, as demonstrated using en/frameset-7.html, and possibly other unspecified vectors involving templates and (1) whstart.js and (2) whcsh_home.htm in WebHelp, (3) wf_startpage.js and (4) wf_startqs.htm in FlashHelp, or (5) WindowManager.dll in RoboHelp Server 6. | |||||
CVE-2007-3615 | 2 Microsoft, Sap | 3 All Windows, Internet Communication Manager, Sap Web Application Server | 2018-10-15 | 7.8 HIGH | N/A |
Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache. | |||||
CVE-2007-1644 | 1 Microsoft | 1 All Windows | 2017-10-10 | 10.0 HIGH | N/A |
The dynamic DNS update mechanism in the DNS Server service on Microsoft Windows does not properly authenticate clients in certain deployments or configurations, which allows remote attackers to change DNS records for a web proxy server and conduct man-in-the-middle (MITM) attacks on web traffic, conduct pharming attacks by poisoning DNS records, and cause a denial of service (erroneous name resolution). | |||||
CVE-2007-1382 | 2 Microsoft, Php | 2 All Windows, Com Extensions | 2017-10-10 | 6.8 MEDIUM | N/A |
The PHP COM extensions for PHP on Windows systems allow context-dependent attackers to execute arbitrary code via a WScript.Shell COM object, as demonstrated by using the Run method of this object to execute cmd.exe, which bypasses PHP's safe mode. | |||||
CVE-2008-2161 | 2 Microsoft, Tftp | 2 All Windows, Tftp Server Sp | 2017-09-28 | 10.0 HIGH | N/A |
Buffer overflow in TFTP Server SP 1.4 and 1.5 on Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a long TFTP error packet. NOTE: some of these details are obtained from third party information. | |||||
CVE-2007-3956 | 2 Microsoft, Teamspeak | 2 All Windows, Web Server | 2017-09-28 | 7.8 HIGH | N/A |
TeamSpeak WebServer 2.0 for Windows does not validate parameter value lengths and does not expire TCP sessions, which allows remote attackers to cause a denial of service (CPU and memory consumption) via long username and password parameters in a request to login.tscmd on TCP port 14534. | |||||
CVE-2007-3334 | 3 Ca, Ingres, Microsoft | 3 Etrust Secure Content Manager, Database Server, All Windows | 2017-07-28 | 10.0 HIGH | N/A |
Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors. | |||||
CVE-2007-2896 | 2 Microsoft, Symantec | 2 All Windows, Enterprise Security Manager | 2017-07-28 | 4.3 MEDIUM | N/A |
Race condition in the Symantec Enterprise Security Manager (ESM) 6.5.3 managers and agents on Windows before 20070524 allows remote attackers to cause a denial of service (CPU consumption and application hang) via certain network scans to ESM ports. | |||||
CVE-2007-2927 | 2 Atheros, Microsoft | 2 Wireless Adapter Drivers, All Windows | 2017-07-28 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Atheros 802.11 a/b/g wireless adapter drivers before 5.3.0.35, and 6.x before 6.0.3.67, on Windows allows remote attackers to cause a denial of service via a crafted 802.11 management frame. | |||||
CVE-2007-2414 | 2 Microsoft, Myserver | 2 All Windows, Myserver | 2017-07-28 | 7.8 HIGH | N/A |
MyServer before 0.8.8 allows remote attackers to cause a denial of service via unspecified vectors. | |||||
CVE-2007-2389 | 2 Apple, Microsoft | 3 Mac Os X, Quicktime, All Windows | 2017-07-28 | 7.1 HIGH | N/A |
Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets. | |||||
CVE-2007-1281 | 3 Kaspersky Lab, Linux, Microsoft | 3 Kaspersky Antivirus Engine, Linux Kernel, All Windows | 2017-07-28 | 7.8 HIGH | N/A |
Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux allows remote attackers to cause a denial of service (CPU consumption) via a crafted UPX compressed file with a negative offset, which triggers an infinite loop during decompression. | |||||
CVE-2007-1093 | 4 Hitachi, Hp, Microsoft and 1 more | 12 Cm2-network Node Manager, Cm2-network Node Manager 250, Hi Ux We2 and 9 more | 2017-07-28 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager (NNM) before 07-10-05, and before 08-00-02 in the 08-x series, allow remote attackers to execute arbitrary code, cause a denial of service, or trigger invalid Web utility behavior. | |||||
CVE-2003-1372 | 4 Linux, Microsoft, Myphpnuke and 1 more | 4 Linux Kernel, All Windows, Myphpnuke and 1 more | 2017-07-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters. | |||||
CVE-2003-1477 | 2 Clearswift, Microsoft | 2 Mailsweeper For Smtp, All Windows | 2017-07-28 | 7.8 HIGH | N/A |
MAILsweeper for SMTP 4.3.6 and 4.3.7 allows remote attackers to cause a denial of service (CPU consumption) via a PowerPoint attachment that either (1) is corrupt or (2) contains "embedded objects." | |||||
CVE-2003-1392 | 2 Microsoft, Research Triangle Software | 2 All Windows, Cryptobuddy | 2017-07-28 | 6.6 MEDIUM | N/A |
CryptoBuddy 1.0 and 1.2 does not use the user-supplied passphrase to encrypt data, which could allow local users to use their own passphrase to decrypt the data. | |||||
CVE-2003-1330 | 2 Clearswift Limited, Microsoft | 2 Mailsweeper, All Windows | 2017-07-28 | 5.0 MEDIUM | N/A |
Clearswift MAILsweeper for SMTP 4.3.6 SP1 does not execute custom "on strip unsuccessful" hooks, which allows remote attackers to bypass e-mail attachment filtering policies via an attachment that MAILsweeper can detect but not remove. | |||||
CVE-2003-1472 | 2 3d-ftp, Microsoft | 2 3d-ftp, All Windows | 2017-07-28 | 5.0 MEDIUM | N/A |
Buffer overflow in 3D-FTP client 4.0 allows remote FTP servers to cause a denial of service (crash) and possibly execute arbitrary code via a long banner. | |||||
CVE-2003-1467 | 4 Linux, Microsoft, Phorum and 1 more | 4 Linux Kernel, All Windows, Phorum and 1 more | 2017-07-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. |