CVE Daily
← All years

Uncategorized 2007

Page 2/38.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2007-12-01
Medium

CVE-2007-5502

The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes…

CVSS: 6.4CWE: CWE-310
Read more
Medium

CVE-2007-6198

portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows wildcards in advanced searches for usernames, which allows remote attackers to enumera…

CVSS: 5.0CWE: N/A
Read more
Critical

CVE-2007-6199

rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that…

CVSS: 9.3CWE: CWE-16
Read more
Critical

CVE-2007-6200

Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) s…

CVSS: 10.0CWE: CWE-264
Read more
High

CVE-2007-6201

Unspecified vulnerability in Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows attackers to cause a denial of service (hang) via a "faulty add-on" and possibly execute other commands via un…

CVSS: 7.5CWE: N/A
Read more
2007-11-30
Medium

CVE-2007-5494

Memory leak in the Red Hat Content Accelerator kernel patch in Red Hat Enterprise Linux (RHEL) 4 and 5 allows local users to cause a denial of service (memory consumption) via a large number of open…

CVSS: 4.9CWE: CWE-399
Read more
Medium

CVE-2007-5503

Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not pr…

CVSS: 6.8CWE: CWE-189
Read more
Medium

CVE-2007-6192

The web management interface in Citrix NetScaler 8.0 build 47.8 uses weak encryption (XOR of unpadded data) to store credentials within a cookie, which makes it easier for remote attackers to obtain…

CVSS: 4.3CWE: CWE-310
Read more
High

CVE-2007-6182

The responder program in ISPsystem ISPmanager (aka ISPmgr) 4.2.15.1 allows local users to gain privileges via shell metacharacters in command line arguments.

CVSS: 7.2CWE: CWE-264
Read more
Critical

CVE-2007-6186

Unspecified vulnerability in PHPDevShell before 0.7.0 has unknown impact and attack vectors, involving a "minor security bug in repair & optimize database."

CVSS: 10.0CWE: N/A
Read more
High

CVE-2007-6174

PHPDevShell before 0.7.0 allows remote authenticated users to gain privileges via a crafted request to update a user profile. NOTE: some of these details are obtained from third party information.

CVSS: 8.5CWE: CWE-264
Read more
2007-11-29
Medium

CVE-2007-4346

The Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allows remote attackers to cause a denial of service (NULL dereference and…

CVSS: 5.0CWE: CWE-399
Read more
High

CVE-2007-4347

Multiple integer overflows in the Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allow remote attackers to cause a denial of s…

CVSS: 7.8CWE: CWE-189
Read more
High

CVE-2007-6167

Untrusted search path vulnerability in yast2-core in SUSE Linux might allow local users to execute arbitrary code by creating a malicious yast2 module in the current working directory.

CVSS: 7.2CWE: CWE-264
Read more
2007-11-27
Medium

CVE-2007-4674

An "integer arithmetic" error in Apple QuickTime 7.2 allows remote attackers to execute arbitrary code via a crafted movie file containing a movie atom with a large size value, which triggers a stack…

CVSS: 6.8CWE: CWE-189
Read more
2007-11-26
Critical

CVE-2007-5959

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2007-6123

Unspecified vulnerability in IRC Services 5.1.8 has unknown impact and attack vectors.

CVSS: 10.0CWE: N/A
Read more
Low

CVE-2007-6131

buttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite arbitrary files via a symlink attack on the (1) scan.pnm and (2) scan.jpg temporary files.

CVSS: 2.1CWE: CWE-16
Read more
2007-11-23
High

CVE-2007-6111

Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remote attackers to cause a denial of service (crash) via (1) a crafted MP3 file or (2) unspecified vectors to the NCP diss…

CVSS: 7.1CWE: N/A
Read more
Medium

CVE-2007-6113

Integer signedness error in the DNP3 dissector in Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote attackers to cause a denial of service (long loop) via a malformed DNP3 packet.

CVSS: 4.3CWE: CWE-189
Read more
Medium

CVE-2007-6116

The Firebird/Interbase dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite loop or crash) via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2007-6117

Unspecified vulnerability in the HTTP dissector for Wireshark (formerly Ethereal) 0.10.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code vi…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2007-6118

The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors.

CVSS: 7.8CWE: N/A
Read more
High

CVE-2007-6119

The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors.

CVSS: 7.8CWE: N/A
Read more
2007-11-22
Critical

CVE-2007-6099

Unspecified vulnerability in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 might leave "media pinholes" open upon a restart of the SIP module, which might make it easier for remote attacker…

CVSS: 10.0CWE: N/A
Read more
High

CVE-2007-6098

Ingate Firewall before 4.6.0 and SIParator before 4.6.0 do not log truncated (1) ICMP, (2) UDP, and (3) TCP packets, which has unknown impact and remote attack vectors; and do not log (4) serial-cons…

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2007-6097

Unspecified vulnerability in the ICMP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and remote attack vectors, related to ICMP packets that are "incorre…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2007-6096

Ingate Firewall before 4.6.0 and SIParator before 4.6.0 use cleartext storage for passwords of "administrators with less privileges," which might allow attackers to read these passwords via unknown v…

CVSS: 5.0CWE: CWE-255
Read more
2007-11-21
High

CVE-2007-6081

AdventNet EventLog Analyzer build 4030 for Windows, and possibly other versions and platforms, installs a mysql instance with a default "root" account without a password, which allows remote attacker…

CVSS: 7.5CWE: CWE-264
Read more
High

CVE-2007-5612

CIM Server in IBM Director 5.20.1 and earlier allows remote attackers to cause a denial of service (CPU consumption, connection slot exhaustion, and daemon crash) via a large number of idle connectio…

CVSS: 7.8CWE: CWE-399
Read more
2007-11-20
Critical

CVE-2007-6044

Multiple unspecified vulnerabilities in IBM WebSphere MQ 6.0 have unknown impact and remote attack vectors involving "memory corruption." NOTE: as of 20071116, the only disclosure is a vague pre-advi…

CVSS: 10.0CWE: CWE-399
Read more
Critical

CVE-2007-6045

Unspecified vulnerability in (1) DB2WATCH and (2) DB2FREEZE in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors.

CVSS: 10.0CWE: N/A
Read more
High

CVE-2007-6046

Unspecified vulnerability in unspecified setuid programs in IBM DB2 UDB 9.1 before Fixpak 4 allows local users to have an unknown impact.

CVSS: 7.2CWE: N/A
Read more
Critical

CVE-2007-6047

Unspecified vulnerability in the DB2DART tool in IBM DB2 UDB 9.1 before Fixpak 4 allows attackers to execute arbitrary commands as the DB2 instance owner, related to invocation of TPUT by DB2DART.

CVSS: 10.0CWE: CWE-264
Read more
Critical

CVE-2007-6048

IBM DB2 UDB 9.1 before Fixpak 4 uses incorrect permissions on ACLs for DB2NODES.CFG, which has unknown impact and attack vectors. NOTE: the vendor description of this issue is too vague to be certai…

CVSS: 10.0CWE: CWE-264
Read more
High

CVE-2007-6049

Unspecified vulnerability in the SSL LOAD GSKIT action in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, involving a call to dlopen when the effective uid is root.

CVSS: 7.2CWE: CWE-264
Read more
High

CVE-2007-6050

Unspecified vulnerability in DB2LICD in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, related to creation of an "insecure directory."

CVSS: 7.2CWE: CWE-264
Read more
Critical

CVE-2007-6051

IBM DB2 UDB 9.1 before Fixpak 4 assigns incorrect privileges to the (1) DB2ADMNS and (2) DB2USERS alternative groups, which has unknown impact. NOTE: the vendor description of this issue is too vagu…

CVSS: 10.0CWE: CWE-264
Read more
High

CVE-2007-6052

IBM DB2 UDB 9.1 before Fixpak 4 does not properly perform vector aggregation, which might allow attackers to cause a denial of service (divide-by-zero error and DBMS crash), related to an "overflow."…

CVSS: 7.8CWE: N/A
Read more
Critical

CVE-2007-6053

IBM DB2 UDB 9.1 before Fixpak 4 does not properly handle use of large numbers of file descriptors, which might allow attackers to have an unknown impact involving "memory corruption." NOTE: the vendo…

CVSS: 9.3CWE: CWE-399
Read more
Medium

CVE-2007-6056

frame.html in Aida-Web (Aida Web) allows remote attackers to bypass a protection mechanism and obtain comment and task details via modified values to the (1) Mehr and (2) SUPER parameters.

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2007-6059

Javamail does not properly handle a series of invalid login attempts in which the same e-mail address is entered as username and password, and the domain portion of this address yields a Java Unknown…

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2007-6040

The Belkin F5D7230-4 Wireless G Router allows remote attackers to cause a denial of service (degraded networking and logging) via a flood of TCP SYN packets, a related issue to CVE-1999-0116.

CVSS: 5.0CWE: CWE-399
Read more
High

CVE-2007-5361

The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all su…

CVSS: 8.5CWE: N/A
Read more
Medium

CVE-2007-5898

The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465.

CVSS: 6.4CWE: N/A
Read more
Medium

CVE-2007-5900

PHP before 5.2.5 allows local users to bypass protection mechanisms configured through php_admin_value or php_admin_flag in httpd.conf by using ini_set to modify arbitrary configuration variables, a…

CVSS: 6.9CWE: CWE-264
Read more
Medium

CVE-2007-5500

The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via u…

CVSS: 4.9CWE: N/A
Read more
Critical

CVE-2007-6030

Unspecified vulnerability in Weird Solutions BOOTPTurbo 1.2 has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales o…

CVSS: 10.0CWE: N/A
Read more
High

CVE-2007-6031

Unspecified vulnerability in VanDyke VShell 3.0.1 allows remote attackers to cause a denial of service via unspecified vectors. NOTE: this information is based upon a vague advisory by a vulnerabili…

CVSS: 7.8CWE: N/A
Read more
2007-11-15
Medium

CVE-2007-6000

KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a denial of service (crash) via large HTTP cookie parameters.

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2007-6005

Unspecified vulnerability in the GpcContainer.GpcContainer.1 ActiveX control in WebEx allows remote attackers to cause a denial of service (memory access violation and crash) via (1) an invalid argum…

CVSS: 4.3CWE: CWE-399
Read more
Critical

CVE-2007-4702

The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remot…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2007-4703

The Application Firewall in Apple Mac OS X 10.5 does not prevent a root process from accepting incoming connections, even when "Block incoming connections" has been set for its associated executable,…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2007-4704

The Application Firewall in Apple Mac OS X 10.5 does not apply changed settings to processes that are started by launchd until the processes are restarted, which might allow attackers to bypass inten…

CVSS: 10.0CWE: N/A
Read more
High

CVE-2007-5501

The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.21 through 2.6.23.7, and 2.6.24-rc through 2.6.24-rc2, allows remote attackers to cause a denial of service (crash) vi…

CVSS: 7.8CWE: CWE-399
Read more
Medium

CVE-2007-5905

Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN…

CVSS: 6.8CWE: CWE-255
Read more
Medium

CVE-2006-7230

Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options…

CVSS: 4.3CWE: CWE-189
Read more
Low

CVE-2007-4701

WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file.

CVSS: 2.1CWE: CWE-264
Read more
High

CVE-2007-4700

Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unkn…

CVSS: 7.5CWE: CWE-264
Read more
High

CVE-2007-4699

The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user…

CVSS: 7.5CWE: CWE-264
Read more
High

CVE-2007-4269

Integer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk Session Protocol (ASP) message on an AppleTalk…

CVSS: 7.2CWE: CWE-189
Read more
High

CVE-2007-4678

AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it i…

CVSS: 7.1CWE: N/A
Read more
Low

CVE-2007-4679

CFFTP in CFNetwork for Apple Mac OS X 10.4 through 10.4.10 allows remote FTP servers to force clients to connect to other hosts via crafted responses to FTP PASV commands.

CVSS: 2.6CWE: CWE-264
Read more
High

CVE-2007-4685

The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing setuid or setgid programs in which the stdio, stderr, or stdout file descriptors are "in an unexpe…

CVSS: 7.2CWE: CWE-264
Read more
High

CVE-2007-4686

Integer signedness error in the ttioctl function in bsd/kern/tty.c in the xnu kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to cause a denial of service (system shutdown) or gain p…

CVSS: 7.2CWE: CWE-189
Read more
Critical

CVE-2007-4687

The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private dir…

CVSS: 9.3CWE: CWE-16
Read more
Critical

CVE-2007-4689

Double free vulnerability in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via craft…

CVSS: 10.0CWE: CWE-399
Read more
Critical

CVE-2007-4690

Double free vulnerability in the NFS component in Apple Mac OS X 10.4 through 10.4.10 allows remote authenticated users to execute arbitrary code via a crafted AUTH_UNIX RPC packet.

CVSS: 9.0CWE: CWE-399
Read more
Critical

CVE-2007-4691

The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs.

CVSS: 10.0CWE: CWE-264
Read more
Medium

CVE-2007-4694

Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to access local content via file:// URLs.

CVSS: 4.3CWE: CWE-264
Read more
Medium

CVE-2007-4697

Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via unknown vector…

CVSS: 6.8CWE: N/A
Read more
High

CVE-2007-5988

blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user accounts, which allows remote attackers to post shoutbox entries as arbitrary users via a modified nick field.

CVSS: 7.5CWE: CWE-255
Read more
Medium

CVE-2007-5987

details.php in BtiTracker before 1.4.5, when torrent viewing is disabled for guests, allows remote attackers to bypass protection mechanisms via a direct request, as demonstrated by (1) reading the d…

CVSS: 6.8CWE: CWE-264
Read more
Low

CVE-2007-5981

Lantronix SCS3200 does not properly handle public-key requests, which allows remote attackers to cause a denial of service (unresponsive device) via unspecified keyscan requests. NOTE: the provenanc…

CVSS: 3.3CWE: N/A
Read more
High

CVE-2006-7229

The skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not properly use the spin_lock and spin_unlock functions, which allows remote attackers to cause a denial of service (machine crash) via a fl…

CVSS: 7.5CWE: CWE-399
Read more
2007-11-14
Medium

CVE-2006-7227

Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of nam…

CVSS: 6.8CWE: CWE-189
Read more
Medium

CVE-2006-7228

Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min…

CVSS: 6.8CWE: CWE-189
Read more
Medium

CVE-2007-5957

Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.00.TC3TL and 11.10.TB4TL on Windows allows attackers to cause a denial of service (application crash) via unspecified SQ_ONASSIST req…

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2007-3898

The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies,…

CVSS: 6.4CWE: CWE-16
Read more
Medium

CVE-2007-5942

Bandersnatch 0.4 allows remote attackers to obtain sensitive information via a malformed request for index.php with (1) a certain func parameter value; or (2) certain func, jid, page, and limit param…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2007-5943

Simple Machines Forum (SMF) 1.1.4 allows remote attackers to read a message in private forums by using the advanced search module with the "show results as messages" option, then searching for possib…

CVSS: 5.0CWE: CWE-16
Read more
Medium

CVE-2007-5945

USVN before 0.6.5 allows remote attackers to obtain a list of repository contents via unspecified vectors.

CVSS: 5.0CWE: CWE-264
Read more
High

CVE-2007-5946

Unspecified vulnerability in the Aries PA-RISC emulator on HP-UX B.11.23 and B.11.31 on the IA-64 platform allows local users to obtain unspecified access.

CVSS: 7.2CWE: N/A
Read more
Medium

CVE-2007-5953

Unspecified vulnerability in Really Simple CalDAV Store (RSCDS) before 0.9.0 allows attackers to obtain sensitive information via unspecified vectors.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2007-4136

The ricci daemon in Red Hat Conga 0.10.0 allows remote attackers to cause a denial of service (loss of new connections) by repeatedly sending data or attempting connections.

CVSS: 5.0CWE: N/A
Read more
2007-11-13
Low

CVE-2007-5936

dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which c…

CVSS: 3.6CWE: CWE-264
Read more
2007-11-10
Medium

CVE-2007-5931

The reDirect function in lib/controllers/RepViewController.php in OrangeHRM before 2.2.2 does not verify the privileges of a user, which allows remote attackers to obtain access to data via unspecifi…

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2007-5921

Unspecified vulnerability in the ioctl interface in the Solaris Volume Manager (SVM) in Sun Solaris 9 and 10 allows local users to cause a denial of service (panic) via unspecified vectors, a differe…

CVSS: 4.7CWE: N/A
Read more
Medium

CVE-2007-5919

MyWebFTP, possibly 5.3.2, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain an MD5 password hash via a direct request for pass/…

CVSS: 5.0CWE: CWE-264
Read more
2007-11-09
Medium

CVE-2007-5906

Xen 3.1.1 allows virtual guest system users to cause a denial of service (hypervisor crash) by using a debug register (DR7) to set certain breakpoints.

CVSS: 4.7CWE: N/A
Read more
Medium

CVE-2007-5907

Xen 3.1.1 does not prevent modification of the CR4 TSC from applications, which allows pv guests to cause a denial of service (crash).

CVSS: 4.7CWE: CWE-264
Read more
2007-11-08
High

CVE-2007-5896

Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of service (CPU consumption and crash) via an iframe with Javascript that sets the document.location to contain a leading NULL byte (…

CVSS: 7.1CWE: CWE-399
Read more
Critical

CVE-2007-4223

Dbgv.sys in Microsoft Sysinternals DebugView before 4.72 provides an unspecified mechanism for copying data into kernel memory, which allows local users to gain privileges via unspecified vectors.

CVSS: 10.0CWE: N/A
Read more
High

CVE-2007-4352

Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to tri…

CVSS: 7.6CWE: N/A
Read more
Critical

CVE-2007-5889

Multiple PHP remote file inclusion vulnerabilities in IDMOS 1.0 Alpha (aka Phoenix) allow remote attackers to execute arbitrary PHP code via a URL in the site_absolute_path parameter to (1) admin.php…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2007-5890

Directory traversal vulnerability in index.php in easyGB 2.1.1 allows remote attackers to include arbitrary files via the DatabaseType parameter. NOTE: the provenance of this information is unknown;…

CVSS: 10.0CWE: N/A
Read more
2007-11-07
Medium

CVE-2007-1661

Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attacke…

CVSS: 6.4CWE: N/A
Read more
Medium

CVE-2007-1662

Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause…

CVSS: 5.0CWE: N/A
Read more
Critical

CVE-2007-2395

Unspecified vulnerability in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a crafted image description atom in a movie file, related to "memory corruption."

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2007-3751

Unspecified vulnerability in QuickTime for Java in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via untrusted Java applets that gain privileges via unspecified vectors.

CVSS: 9.3CWE: N/A
Read more
High

CVE-2007-4766

Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via unspeci…

CVSS: 7.5CWE: CWE-189
Read more
Medium

CVE-2007-4767

Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \p sequence, (2) a \P sequence, or (3) a \P{x} sequence, which allows context-dependent atta…

CVSS: 5.0CWE: N/A
Read more
2007-11-06
High

CVE-2007-4994

Certificate Server 7.2 in Red Hat Certificate System (RHCS) does not properly handle new revocations that occur while a Certificate Revocation List (CRL) is being generated, which might prevent certa…

CVSS: 7.5CWE: CWE-255
Read more
High

CVE-2007-5846

The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value.

CVSS: 7.8CWE: CWE-399
Read more
High

CVE-2007-5838

Aclient in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows local users to gain local System privileges via the "Enable key-based authentication to Deployment server" browser option,…

CVSS: 7.2CWE: CWE-16
Read more
High

CVE-2007-4997

Integer underflow in the ieee80211_rx function in net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB l…

CVSS: 7.1CWE: CWE-189
Read more
2007-11-05
Low

CVE-2007-5827

iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for /etc/ietd.conf, which allows local users to obtain passwords.

CVSS: 2.1CWE: CWE-264
Read more
Medium

CVE-2007-5829

The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and 10.x, Norton AntiVirus for Macintosh 10.0 and 10.1, and Norton Internet Security for Macintosh 3.x, uses a directory with weak permi…

CVSS: 6.0CWE: CWE-264
Read more
Medium

CVE-2007-5835

Install.php in BosDev BosNews 4 and 5 does not require authentication for replacing an existing product installation or creating a new admin account, which allows remote attackers to cause a denial o…

CVSS: 5.0CWE: CWE-264
Read more
Low

CVE-2007-5819

IBM Tivoli Continuous Data Protection for Files (CDP) 3.1.0 uses weak permissions (unrestricted write) for the Central Admin Global download directory, which allows local users to place arbitrary fil…

CVSS: 2.1CWE: CWE-264
Read more
Medium

CVE-2007-5804

cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create or overwrite an arbitrary file, and enable w…

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2007-5808

Unspecified vulnerability in the Groupmax Collaboration - Schedule component in Hitachi Groupmax Collaboration Portal 07-30 through 07-30-/F and 07-32 through 07-32-/C, uCosminexus Collaboration Port…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2007-4622

Integer underflow in the dns_name_fromtext function in (1) libdns_nonsecure.a and (2) libdns_secure.a in IBM AIX 5.2 allows local users to gain privileges via a crafted "-y" (TSIG key) command line a…

CVSS: 7.2CWE: CWE-189
Read more
2007-11-03
High

CVE-2007-5801

Unspecified vulnerability in WORK system e-commerce before 4.0.2 has unknown impact and attack vectors related to "Ajax pages."

CVSS: 7.5CWE: N/A
Read more
2007-11-02
Medium

CVE-2007-5795

The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attac…

CVSS: 6.3CWE: N/A
Read more
Critical

CVE-2007-5660

Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect and InstallShield 2008 allows remote attackers to execute arbitrary…

CVSS: 9.3CWE: N/A
Read more
2007-11-01
High

CVE-2007-5793

Stonesoft StoneGate IPS before 4.0 does not properly decode Fullwidth/Halfwidth Unicode encoded data, which makes it easier for remote attackers to scan or penetrate systems and avoid detection.

CVSS: 7.1CWE: N/A
Read more
High

CVE-2007-5789

The Grandstream HT-488 0.1 allows remote attackers to cause a denial of service (device crash) via a flood of fragmented packets to port 5060.

CVSS: 7.8CWE: N/A
Read more
High

CVE-2007-5792

The Vonage Motorola Phone Adapter VT 2142-VD does not encrypt RTP packets, which might allow remote attackers to eavesdrop by sniffing the network and reconstructing the RTP session.

CVSS: 7.1CWE: CWE-310
Read more
Low

CVE-2007-5790

The Globe7 soft phone client 7.3 uses weak cryptography (reversed sequence of binary values) for the password, which might allow local users to obtain sensitive information.

CVSS: 2.1CWE: CWE-310
Read more
>