Medium
CVE-2007-5787
Micro Login System 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a password via a direct request fo…
Read moreUncategorized 2007
Page 3/38.
CVEs without a recognized CWE (not present in the CWE map or marked as N/A).
CVSS ≥ 0.0
2007-11-01
High
CVE-2007-5771
Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain administrative access via a myforum%00 cookie.
Read moreMedium
CVE-2007-5777
Blue-Collar Productions i-Gallery 3.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a base64-encoded pa…
Read more2007-10-31
Critical
CVE-2007-2957
Integer overflow in McAfee E-Business Server before 8.5.3 for Solaris, and before 8.1.2 for Linux, HP-UX, and AIX, allows remote attackers to execute arbitrary code via a large length value in an aut…
Read moreCritical
CVE-2007-4351
Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet…
Read moreMedium
CVE-2007-5768
The Globe7 soft phone client 7.3 sends username and password information in cleartext, which allows remote attackers to obtain sensitive information by sniffing the HTTP traffic.
Read moreCritical
CVE-2007-5080
Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an…
Read moreLow
CVE-2007-5751
Liferea before 1.4.6 uses weak permissions (0644) for the feedlist.opml backup file, which allows local users to obtain credentials.
Read moreHigh
CVE-2007-5753
Unspecified vulnerability in Light FMan PHP (lfman or lightfman) before 2.0rc1 has unknown impact and attack vectors related to "actions."
Read more2007-10-30
Medium
CVE-2007-5735
eFileMan 7.1.0.87-88 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain unspecified user information via a direct request for cg…
Read moreHigh
CVE-2007-1321
Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that…
Read moreHigh
CVE-2007-5716
Unspecified vulnerability in the Internet Protocol (IP) functionality in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors, probably related to a UDP pack…
Read moreCritical
CVE-2007-5717
Unspecified vulnerability in Sun Fire X2100 M2 and X2200 M2 Embedded Lights Out Manager (ELOM) on x86 before firmware 2.70 allows remote attackers to execute arbitrary commands as root on the Service…
Read moreMedium
CVE-2007-5726
Unspecified vulnerability in the Stream Control Transmission Protocol (sctp) functionality in Sun Solaris 10, when at least one SCTP socket is in the LISTEN state, allows remote attackers to cause a…
Read moreHigh
CVE-2007-5708
slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when running as a proxy-caching server, allocates memory using a malloc variant instead of calloc, which prevents an array from be…
Read moreHigh
CVE-2007-5713
Off-by-one error in the GeoIP module in the AMX Mod X 1.76d plugin for Half-Life Server might allow attackers to execute arbitrary code or cause a denial of service via unspecified input related to g…
Read moreMedium
CVE-2007-5715
DenyHosts 2.6 processes OpenSSH sshd "not listed in AllowUsers" log messages with an incorrect regular expression that does not match an IP address, which might allow remote attackers to avoid detect…
Read moreHigh
CVE-2007-5707
OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service (slapd crash) via an LDAP request with a malformed objectClasses attribute. NOTE: this has been reported as a double free,…
Read moreLow
CVE-2007-5712
The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows re…
Read more2007-10-29
Medium
CVE-2007-3920
GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-T…
Read moreMedium
CVE-2007-5622
Double free vulnerability in the ftpprchild function in ftppr in 3proxy 0.5 through 0.5.3i allows remote attackers to cause a denial of service (daemon crash) via multiple OPEN commands to the FTP pr…
Read moreMedium
CVE-2007-5700
The Evaluate LotusScript method in IBM Lotus Domino before 7.0.3 uses an incorrect security context for @ formula commands in some circumstances, which might allow remote authenticated users to gain…
Read moreCritical
CVE-2007-5689
The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) in SDK and JRE 1.3.x through 1.3.1_20 and 1.4.x through 1.4.2_15, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Upda…
Read more2007-10-28
Medium
CVE-2007-5686
initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd dete…
Read more2007-10-26
High
CVE-2007-5682
Incomplete blacklist vulnerability in tiki-graph_formula.php in TikiWiki before 1.9.8.2 allows remote attackers to execute arbitrary code by using variable functions and variable variables to write v…
Read more2007-10-23
High
CVE-2007-5644
Lussumo Vanilla 1.1.3 and earlier does not require admin privileges for (1) ajax/sortcategories.php and (2) ajax/sortroles.php, which allows remote attackers to conduct unauthorized sort operations a…
Read moreHigh
CVE-2007-5651
Unspecified vulnerability in the Extensible Authentication Protocol (EAP) implementation in Cisco IOS 12.3 and 12.4 on Cisco Access Points and 1310 Wireless Bridges (Wireless EAP devices), IOS 12.1 a…
Read moreCritical
CVE-2007-5635
Multiple unspecified vulnerabilities in Salford Software Support Incident Tracker (SiT!) before 3.30 have unknown impact and attack vectors.
Read moreHigh
CVE-2007-5639
The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and other Nortel IP Phone, Mobile Voice Client, and WLAN Handsets products allow remote attackers to cause a denial of service (device hang) via…
Read moreHigh
CVE-2007-5640
The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), Mobile Voice Client, and other product lines, allow remo…
Read moreHigh
CVE-2007-5633
Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on Microsoft Windows Vista x64, allows local users to read or write arbitrary MSRs, and gain privileges and load unsigned drivers, v…
Read moreMedium
CVE-2007-5632
Multiple unspecified vulnerabilities in the kernel in Sun Solaris 8 through 10 allow local users to cause a denial of service (panic), related to the support for retrieval of kernel statistics, and p…
Read moreMedium
CVE-2007-4574
Unspecified vulnerability in the "stack unwinder fixes" in kernel in Red Hat Enterprise Linux 5, when running on AMD64 and Intel 64, allows local users to cause a denial of service via unknown vector…
Read more2007-10-21
Critical
CVE-2007-5617
Unspecified vulnerability in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1, prevents it from launching, which has unspecified impact, re…
Read moreHigh
CVE-2007-5618
Unquoted Windows search path vulnerability in the Authorization and other services in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, VMware Server before 1.0.4, and Workstation 5.x before 5.5…
Read moreHigh
CVE-2007-5619
Unspecified vulnerability in VMware Server before 1.0.4 causes user passwords to be recorded in cleartext in server logs, which might allow local users to gain privileges.
Read moreMedium
CVE-2007-5334
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displaying XUL markup language documents, which makes it easier for remote attackers to conduct phishing…
Read moreCritical
CVE-2007-5338
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way t…
Read more2007-10-19
Medium
CVE-2007-5380
Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."
Read moreHigh
CVE-2007-5591
The CS1000 signaling server in Nortel Enterprise VoIP-Core-CS 1000M Chassis/Cabinet, Enterprise VoIP-Core-CS 1000E and 1000S, Meridian-Core-Option 11C Chassis and Cabinet, and Meridian-Core-Option 51…
Read moreMedium
CVE-2007-5597
The hook_comments API in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 does not pass publication status, which might allow attackers to bypass access restrictions and trigger e-mail with unpublished c…
Read moreMedium
CVE-2007-5585
xscreensaver 5.03 and earlier, when running without xscreensaver-gl-extras (GL extras) installed, crashes when /usr/bin/xscreensaver-gl-helper does not exist and a user attempts to unlock the screen,…
Read more2007-10-18
High
CVE-2007-5579
login.php in Pligg CMS 9.5 uses a guessable confirmation code when resetting a forgotten password, which allows remote attackers with knowledge of a username to reset that user's password by calculat…
Read moreMedium
CVE-2007-5571
Cisco Firewall Services Module (FWSM) 3.1(6), and 3.2(2) and earlier, does not properly enforce edited ACLs, which might allow remote attackers to bypass intended restrictions on network traffic, aka…
Read moreMedium
CVE-2007-3102
Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an a…
Read moreMedium
CVE-2007-4600
The "Protect Worksheet" functionality in Mathsoft Mathcad 12 through 13.1, and PTC Mathcad 14, implements file access restrictions via a protection element in a gzipped XML file, which allows attacke…
Read moreHigh
CVE-2007-5551
Off-by-one error in Cisco IOS allows remote attackers to execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow. NOTE: as of 20071016, the only disclosure is a vagu…
Read moreCritical
CVE-2007-5552
Integer overflow in Cisco IOS allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable informat…
Read moreHigh
CVE-2007-5558
Integer overflow in the LG Mobile handset allows remote attackers to cause a denial of service (reboot) via a crafted HTTP packet. NOTE: as of 20071016, the only disclosure is a vague pre-advisory w…
Read moreMedium
CVE-2007-5536
Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to cause a denial of service via unspecified vectors.
Read moreCritical
CVE-2007-5539
Unspecified vulnerability in Cisco Unified Intelligent Contact Management Enterprise (ICME), Unified ICM Hosted (ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH),…
Read moreHigh
CVE-2007-5537
Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP…
Read moreCritical
CVE-2007-5476
Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, when running on Opera before 9.24 on Mac OS X, has unknown "Highly Severe" impact and unknown attack vectors.
Read moreCritical
CVE-2007-5535
Unspecified vulnerability in newbb_plus in RunCms 1.5.2 has unknown impact and attack vectors.
Read moreMedium
CVE-2007-5493
The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows attackers to hide the sender field of an SMS message via a malformed WAP PUSH message that causes the PDU to be incorrectly deco…
Read more2007-10-17
Critical
CVE-2007-5534
Unspecified vulnerability in the HCM component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9 Bundle 13 9.0 Bundle 3 has unknown impact and remote attack vectors, aka PSE_HCM01.
Read moreMedium
CVE-2007-5533
Unspecified vulnerability in the People Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.47.14, 8.48.13, 8.49.05 has unknown impact and remote attack vectors, aka PSE02.
Read moreHigh
CVE-2007-5532
Unspecified vulnerability in the People Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.17, 8.47.14, 8.48.13, 8.49.05 has unknown impact and remote attack vectors, a…
Read moreCritical
CVE-2007-5531
Unspecified vulnerability in Oracle Help for Web, as used in Oracle Application Server, Oracle Database 10.2.0.3, and Enterprise Manager 10.1.0.6, has unknown impact and remote attack vectors, aka EM…
Read moreCritical
CVE-2007-5530
Unspecified vulnerability in the Database Control component in Oracle Database 10.1.0.5 and 10.2.0.3, and Enterprise Manager, has unknown impact and remote attack vectors, aka EM01.
Read moreHigh
CVE-2007-5529
Unspecified vulnerability in the Oracle Self-Service Web Applications component in client-only installations of Oracle E-Business Suite 11.5.10.2 has unknown impact and remote attack vectors, aka APP…
Read moreCritical
CVE-2007-5528
Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.2 have unknown impact and attack vectors related to (1) Public Sector Human Resources (APP03) and (2) Quoting component (APP06).
Read moreHigh
CVE-2007-5521
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.2, and 10.1.3.3, and Collaboration Suite 10.1.2, has unknown impact and…
Read moreHigh
CVE-2007-5527
Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 have unknown impact and remote attack vectors, related to (1) Application Object Library component (APP01), (2) Contracts Int…
Read moreCritical
CVE-2007-5526
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.0.2, 10.1.2.2, and 10.1.4.1, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors,…
Read moreHigh
CVE-2007-5525
Unspecified vulnerability in the Oracle Single Sign-On component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.2, and 10.1.4.0.1; Collaboration Suite 10.1.2; and Enterprise Manager 10.1.2…
Read moreHigh
CVE-2007-5524
Unspecified vulnerability in the Oracle Single Sign-On component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2, and Collaboration Suite 10.1.2, has unknown impact and remote attack v…
Read moreHigh
CVE-2007-5523
Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.2, and 10.1.4.0, and Collaboration Suite 10.1.2, has unknown impact and r…
Read moreHigh
CVE-2007-5522
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.4.1 has unknown impact and remote attack vectors, aka AS07.
Read moreMedium
CVE-2007-5514
Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and attack vectors related to (1) Database Vault component (DB24) and (2) SQL Execution component (DB26).
Read moreHigh
CVE-2007-5520
Unspecified vulnerability in the Oracle Internet Directory component in Oracle Database 9.2.0.8 and 9.2.0.8DV, and Oracle Application Server 9.0.4.3, 10.1.3.0.0 up to 10.1.3.3.0, and 10.1.2.0.1 up to…
Read moreHigh
CVE-2007-5512
Unspecified vulnerability in the Oracle Database Vault component in Oracle Database 9.2.0.8DV and 10.2.0.3 has unknown impact and remote attack vectors, aka DB21.
Read moreHigh
CVE-2007-5519
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 and 10.1.2.0.2, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS04.
Read moreHigh
CVE-2007-5505
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote attack vectors, related to (1) the Export component (DB02),…
Read moreHigh
CVE-2007-5506
The Core RDBMS component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (CPU consumption) via a crafted type 6 Data packe…
Read moreMedium
CVE-2007-5509
Unspecified vulnerability in the Spatial component in Oracle Database 9.2.0.8 and 9.2.0.8DV has unknown impact and remote attack vectors, aka DB06.
Read moreMedium
CVE-2007-5510
Multiple unspecified vulnerabilities in the Workspace Manager component in Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 have unknown impact and remote attack vectors, aka…
Read moreMedium
CVE-2007-5504
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+ and 10.1.0.5 unknown impact and remote attack vectors, related to (1) Import (DB01) and (2) Advanced Queuing (DB25). NOTE: as of 2007…
Read moreMedium
CVE-2007-5513
The XML DB (XMLDB) component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 generates incorrect audit entries in the USERID column in which (1) long usernames are trimmed to 5 characters, or (2)…
Read moreMedium
CVE-2007-5515
Unspecified vulnerability in the Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.2, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB27.
Read moreHigh
CVE-2007-5516
Unspecified vulnerability in the Oracle Process Mgmt & Notification component in Oracle Application Server 10.1.3.3 has unknown impact and remote attack vectors, aka AS01.
Read moreHigh
CVE-2007-5517
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.0.2 and 10.1.4.1, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS02.
Read moreHigh
CVE-2007-5518
Unspecified vulnerability in the Oracle HTTP Server component in Oracle Application Server 10.1.3.2 has unknown impact and remote attack vectors, aka AS03.
Read more2007-10-16
Medium
CVE-2007-5481
Distributed Checksum Clearinghouse (DCC) 1.3.65 allows remote attackers to cause a denial of service (crash) via a "SOCKS flood."
Read moreMedium
CVE-2007-5482
Unspecified vulnerability in the FTP service in Sun StorEdge/StorageTek 3510 FC Array with firmware before 4.21 allows remote attackers, with access to the Ethernet management interface, to cause a d…
Read moreCritical
CVE-2007-5483
Unspecified vulnerability in the Administrative Scripting Tools (such as wsadmin or ANT) in IBM WebSphere Application Server 5.x and 6.0.x has unknown impact and attack vectors.
Read moreMedium
CVE-2007-5486
dotProject before 2.1 does not properly check privileges when invoking the Companies module, which allows remote attackers to access this module via a crafted URL. NOTE: some of these details are ob…
Read moreMedium
CVE-2007-5468
Cisco CallManager 5.1.1.3000-5 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credent…
Read moreMedium
CVE-2007-5469
OpenSER 1.2.2 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbi…
Read moreHigh
CVE-2007-5471
libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 SP 1, terminates upon an initialization error, which allows remote attackers to cause a denial of se…
Read more2007-10-15
Critical
CVE-2007-5467
Integer overflow in eXtremail 2.1.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long USER command containing "%s" sequences to the pop…
Read more2007-10-14
Medium
CVE-2007-5441
CMS Made Simple 1.1.3.1 does not check the permissions assigned to users in some situations, which allows remote authenticated users to perform some administrative actions, as demonstrated by (1) add…
Read moreLow
CVE-2007-5442
CMS Made Simple 1.1.3.1 does not check the permissions assigned to users who attempt uploads, which allows remote authenticated users to upload unspecified files via unknown vectors.
Read moreMedium
CVE-2007-5447
ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended…
Read more2007-10-13
Medium
CVE-2007-5435
Unspecified vulnerability in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.2 might allow user-assisted remote attackers to cause a denial of service via a crafted Data Standards Fil…
Read moreCritical
CVE-2007-4995
Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors.
Read moreCritical
CVE-2007-5332
Multiple unspecified vulnerabilities in (1) mediasvr and (2) caloggerd in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, have unknown impact and attack vectors relate…
Read moreCritical
CVE-2007-5328
The Message Engine RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows attackers to execute arbitrary code by using certain "insecure method calls" t…
Read moreCritical
CVE-2007-5329
Unspecified vulnerability in dbasvr in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, has unknown impact and attack vectors related to memory corruption.
Read more2007-10-12
High
CVE-2007-5424
The disable_functions feature in PHP 4 and 5 allows attackers to bypass intended restrictions by using an alias, as demonstrated by using ini_alter when ini_set is disabled.
Read moreCritical
CVE-2007-4619
Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code vi…
Read moreMedium
CVE-2007-5416
Drupal 5.2 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers t…
Read moreCritical
CVE-2007-5419
The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an optional virtual server, configures this server to accept all source IP addresses on the external (Internet) interface unless the…
Read moreLow
CVE-2007-5420
The 3Com 3CRWER100-75 router with 1.2.10ww software, when remote management is disabled but a web server has been configured, serves a web page to external clients, which might allow remote attackers…
Read moreMedium
CVE-2007-5422
Unspecified vulnerability in "Solaris Auditing" in the Basic Security Module (BSM) in Sun Solaris 10, when configured for auditing of networking (nt) events, allows local users to cause a denial of s…
Read moreCritical
CVE-2007-5382
The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 and earlier to Cisco Wireless Control System (WCS) creates administrator accounts with default usernames…
Read more2007-10-11
Medium
CVE-2007-5367
Unspecified vulnerability in the Virtual File System (VFS) in Sun Solaris 10 allows local users to cause a denial of service (kernel memory consumption) via unspecified vectors.
Read moreMedium
CVE-2007-5368
Multiple unspecified vulnerabilities in labeld in Trusted Extensions in Sun Solaris 10 allow local users to cause a denial of service (multiple application hang) via unspecified vectors.
Read moreMedium
CVE-2007-5369
The GetMagicNumberString function in Massive Entertainment World in Conflict 1.000 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a string to…
Read moreLow
CVE-2007-5373
ldapscripts 1.4 and 1.7 sends a password as a command line argument when calling some LDAP programs, which might allow local users to read the password by listing the process and its arguments, as de…
Read moreLow
CVE-2007-5375
Interpretation conflict in the Sun Java Virtual Machine (JVM) allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context…
Read more2007-10-09
Low
CVE-2007-5319
Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 8, 9, and 10 allows local users with console (/dev/console) access to cause a denial of service ("unusable" system console) vi…
Read moreMedium
CVE-2007-3893
Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via unspecified vectors involving memory corruption from an unhandled error.
Read moreHigh
CVE-2007-2228
rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Editio…
Read more2007-10-08
High
CVE-2007-5270
Unspecified vulnerability in the Boost module before 4.7.x-1.0, and 5.x before 5.x-1.0, for Drupal allows remote attackers to create or overwrite arbitrary files, and conduct cross-site scripting att…
Read moreLow
CVE-2007-5273
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP p…
Read moreLow
CVE-2007-5274
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox o…
Read moreMedium
CVE-2007-5276
Opera 9 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC…
Read moreMedium
CVE-2007-5277
Microsoft Internet Explorer 6 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a por…
Read moreMedium
CVE-2007-5278
Zomplog 3.8.1 and earlier stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to download files that were uploaded by users, as…
Read more