| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-6488 | 0.03 | — | 0.03 | Dec 20, 2007 | Multiple PHP remote file inclusion vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the dir[classes] parameter to sitemap.xml.php or (2) the error parameter to errors.php. | |||
| CVE-2007-6489 | 0.04 | — | 0.07 | Dec 20, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gb_mail, (2) gb_name, and (3) gb_text parameters in a guestbook action to index.php, and unspecified other vectors. | |||
| CVE-2007-6490 | 0.03 | — | 0.01 | Dec 20, 2007 | Cross-site request forgery (CSRF) vulnerability in Falcon Series One CMS 1.4.3 allows remote attackers to change a password via a certain changepass action to index.php. | |||
| CVE-2007-6491 | 0.00 | — | 0.02 | Dec 20, 2007 | Multiple SQL injection vulnerabilities in Kvaliitti WebDoc 3.0 CMS allow remote attackers to execute arbitrary SQL commands via (1) the cat_id parameter to categories.asp; and probably (2) the document_id parameter to categories.asp, and the (3) cat_id and (4) document_id… | |||
| CVE-2007-6492 | 0.00 | — | 0.02 | Dec 20, 2007 | The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via an empty string in the argument to the ProcessRequestEx method. | |||
| CVE-2007-6493 | 0.04 | — | 0.07 | Dec 20, 2007 | The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to execute arbitrary code via a certain argument to the SetHandler method. | |||
| CVE-2007-6494 | 0.04 | — | 0.12 | Dec 20, 2007 | Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to obtain login access via a request to hosting/addreseller.asp with a username in the reseller parameter, followed by a request to AdminSettings/displays.asp with the DecideAction and ChangeSkin parameters. | |||
| CVE-2007-6495 | 0.03 | — | 0.04 | Dec 20, 2007 | inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the permissions of directories named (1) db, (2) www, (3) Special, and (4) log at arbitrary locations under the web root via a modified Dirroot parameter in an AddUser… | |||
| CVE-2007-6496 | 0.03 | — | 0.03 | Dec 20, 2007 | Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to register arbitrary users via a request to hosting/addsubsite.asp with the loginname and password parameters set, when preceded by certain requests to hosting/default.asp and hosting/selectdomain.asp, a… | |||
| CVE-2007-6497 | 0.03 | — | 0.03 | Dec 20, 2007 | Hosting Controller 6.1 Hot fix 3.3 and earlier (1) allows remote attackers to change arbitrary user profiles via a request to Hosting/Addreseller.asp with modified loginname and email parameters; and (2) allows remote authenticated users to change a credit amount and increase a… | |||
| CVE-2007-6498 | 0.03 | — | 0.01 | Dec 20, 2007 | Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) email and (2) loginname parameters to Hosting/Addreseller.asp, (3) the sortfield parameter to… | |||
| CVE-2007-6499 | 0.03 | — | 0.03 | Dec 20, 2007 | Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to uninstall the FrontPage extensions of an arbitrary account via a request to fp2002/UNINSTAL.asp with a "host id (IIS) value." | |||
| CVE-2007-6500 | 0.03 | — | 0.04 | Dec 20, 2007 | Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to delete "gateway information" via a request to OpenApi/GatewayVariables.asp. | |||
| CVE-2007-6501 | 0.03 | — | 0.02 | Dec 20, 2007 | Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to enable or disable "pay type" via a request to adminsettings/choosetranstype.asp. | |||
| CVE-2007-6502 | 0.03 | — | 0.03 | Dec 20, 2007 | Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to obtain sensitive information via (1) the AdminName and AdminLevel parameters to fp2000/NEWSRVR.asp, which discloses usernames; and (2) certain XML HTTP requests to hosting/css.asp using… | |||
| CVE-2007-6503 | 0.03 | — | 0.02 | Dec 20, 2007 | Multiple unspecified vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to (1) import an arbitrary plan via a request to hosting/importhostingplans.asp; or (2) change an arbitrary plan via a request to hosting/AutoSignUpPlans.asp… | |||
| CVE-2007-6504 | 0.03 | — | 0.02 | Dec 20, 2007 | Unspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the headers of arbitrary hosts via an unspecified parameter. | |||
| CVE-2007-5584 | 0.00 | — | 0.02 | Dec 20, 2007 | Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.2(3) allows remote attackers to cause a denial of service (device reload) via crafted "data in the control-plane path with Layer 7 Application Inspections." | |||
| CVE-2007-6351 | 0.00 | — | 0.02 | Dec 20, 2007 | libexif 0.6.16 and earlier allows context-dependent attackers to cause a denial of service (infinite recursion) via an image file with crafted EXIF tags, possibly involving the exif_loader_write function in exif_loader.c. | |||
| CVE-2007-6352 | 0.00 | — | 0.03 | Dec 20, 2007 | Integer overflow in libexif 0.6.16 and earlier allows context-dependent attackers to execute arbitrary code via an image with crafted EXIF tags, possibly involving the exif_data_load_data_thumbnail function in exif-data.c. | |||
| CVE-2007-6430 | 0.00 | — | 0.02 | Dec 20, 2007 | Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check the IP address when the username is… | |||
| CVE-2007-6242 | 0.02 | — | 0.30 | Dec 20, 2007 | Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier might allow remote attackers to execute arbitrary code via unknown vectors, related to "input validation errors." | |||
| CVE-2007-6243 | 0.01 | — | 0.08 | Dec 20, 2007 | Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks. | |||
| CVE-2007-6244 | 0.04 | — | 0.13 | Dec 20, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used… | |||
| CVE-2007-6245 | 0.00 | — | 0.05 | Dec 20, 2007 | Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks. | |||
| CVE-2007-6246 | 0.01 | — | 0.12 | Dec 20, 2007 | Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0, when running on Linux, uses insecure permissions for memory, which might allow local users to gain privileges. | |||
| CVE-2007-6335 | 0.04 | — | 0.18 | Dec 20, 2007 | Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow. | |||
| CVE-2007-6336 | 0.00 | — | 0.04 | Dec 20, 2007 | Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file. | |||
| CVE-2007-6353 | 0.00 | — | 0.05 | Dec 20, 2007 | Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow. | |||
| CVE-2007-5966 | 0.00 | — | 0.00 | Dec 20, 2007 | Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details are obtained from third… | |||
| CVE-2007-6281 | 0.01 | — | 0.07 | Dec 20, 2007 | Heap-based buffer overflow in Open File Manager service (ofmnt.exe) in St. Bernard Open File Manager 9.5 allows remote attackers to execute arbitrary code via a long request. | |||
| CVE-2007-6452 | 0.00 | — | 0.01 | Dec 20, 2007 | Unspecified vulnerability in the benchmark reporting system in Google Web Toolkit (GWT) before 1.4.61 has unknown impact and attack vectors, possibly related to cross-site scripting (XSS). | |||
| CVE-2007-6453 | 0.03 | — | 0.05 | Dec 20, 2007 | Directory traversal vulnerability in raidenhttpd-admin/workspace.php in RaidenHTTPD 2.0.19, when the WebAdmin function is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ulang parameter. | |||
| CVE-2007-6454 | 0.04 | — | 0.17 | Dec 20, 2007 | Heap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request. | |||
| CVE-2007-6455 | 0.03 | — | 0.01 | Dec 20, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Itemid parameter in a com_frontpage option and the (2) option parameter. | |||
| CVE-2007-6456 | 0.00 | — | 0.01 | Dec 20, 2007 | Unspecified vulnerability in OpenOffice.org code in Planamesa NeoOffice 2.2.2 before Patch 4 has unknown impact and attack vectors related to MacOS 10.3.9 .odb files. NOTE: it is not clear whether this issue is a vulnerability. | |||
| CVE-2007-6457 | 0.03 | — | 0.04 | Dec 20, 2007 | Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header. | |||
| CVE-2007-6458 | 0.03 | — | 0.02 | Dec 20, 2007 | SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php. | |||
| CVE-2007-6459 | 0.03 | — | 0.03 | Dec 20, 2007 | Anon Proxy Server 0.100, and probably 0.101, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the host parameter to diagdns.php, and (2) the host parameter and possibly (3) the port parameter to diagconnect.php, a different vulnerability than… | |||
| CVE-2007-6460 | 0.00 | — | 0.01 | Dec 20, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Anon Proxy Server before 0.101 allow remote attackers to inject arbitrary web script or HTML via the URI, which is later displayed by (1) log.php or (2) logerror.php, a different vulnerability than CVE-2007-6459. | |||
| CVE-2007-6461 | 0.00 | — | 0.01 | Dec 20, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flyspray 0.9.9 through 0.9.9.3 allow remote attackers to inject arbitrary web script or HTML via (1) the query string in an index action, related to the savesearch JavaScript function; and (2) the details… | |||
| CVE-2007-6462 | 0.03 | — | 0.01 | Dec 20, 2007 | SQL injection vulnerability in fullnews.php in PHP Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2007-6463 | 0.00 | — | 0.01 | Dec 20, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in PHP Real Estate Classifieds allow remote attackers to inject arbitrary web script or HTML via unspecified "text areas/boxes." | |||
| CVE-2007-6464 | 0.03 | — | 0.02 | Dec 20, 2007 | Multiple PHP remote file inclusion vulnerabilities in Form tools 1.5.0b allow remote attackers to execute arbitrary PHP code via a URL in the g_root_dir parameter to (1) admin_page_open.php and (2) client_page_open.php in global/templates/. | |||
| CVE-2007-6465 | 0.00 | — | 0.01 | Dec 20, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in Ganglia before 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) c and (2) h parameters to (a) web/host_gmetrics.php; the (3) G, (4) me, (5) x, (6) n, (7) v, (8) l, (9) vl, and… | |||
| CVE-2007-6466 | 0.03 | — | 0.01 | Dec 20, 2007 | Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the prod parameter in a details action, (2) the cat parameter in a browse list action, or (3) the group parameter in a categories action. … | |||
| CVE-2007-6467 | 0.03 | — | 0.01 | Dec 20, 2007 | SQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows remote attackers to execute arbitrary SQL commands via the ida parameter in a gallery foto_show action. | |||
| CVE-2007-6468 | 0.00 | — | 0.06 | Dec 20, 2007 | Buffer overflow in the HuffDecode function in hw_utils/hwrcon/huffman.c and hexenworld/Client/huffman.c in Hammer of Thyrion 1.4.2 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted huffman encoded packet. NOTE: some of these details… | |||
| CVE-2007-6469 | 0.00 | — | 0.02 | Dec 20, 2007 | SQL injection vulnerability in index.php in phpRPG 0.8, when magic_qutoes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information. | |||
| CVE-2007-6470 | 0.03 | — | 0.02 | Dec 20, 2007 | phpRPG 0.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read session ID values in files under tmp/, and then hijack sessions via PHPSESSID cookies. |
- CVE-2007-6488Dec 20, 2007risk 0.03cvss —epss 0.03
Multiple PHP remote file inclusion vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the dir[classes] parameter to sitemap.xml.php or (2) the error parameter to errors.php.
- CVE-2007-6489Dec 20, 2007risk 0.04cvss —epss 0.07
Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gb_mail, (2) gb_name, and (3) gb_text parameters in a guestbook action to index.php, and unspecified other vectors.
- CVE-2007-6490Dec 20, 2007risk 0.03cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in Falcon Series One CMS 1.4.3 allows remote attackers to change a password via a certain changepass action to index.php.
- CVE-2007-6491Dec 20, 2007risk 0.00cvss —epss 0.02
Multiple SQL injection vulnerabilities in Kvaliitti WebDoc 3.0 CMS allow remote attackers to execute arbitrary SQL commands via (1) the cat_id parameter to categories.asp; and probably (2) the document_id parameter to categories.asp, and the (3) cat_id and (4) document_id…
- CVE-2007-6492Dec 20, 2007risk 0.00cvss —epss 0.02
The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via an empty string in the argument to the ProcessRequestEx method.
- CVE-2007-6493Dec 20, 2007risk 0.04cvss —epss 0.07
The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to execute arbitrary code via a certain argument to the SetHandler method.
- CVE-2007-6494Dec 20, 2007risk 0.04cvss —epss 0.12
Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to obtain login access via a request to hosting/addreseller.asp with a username in the reseller parameter, followed by a request to AdminSettings/displays.asp with the DecideAction and ChangeSkin parameters.
- CVE-2007-6495Dec 20, 2007risk 0.03cvss —epss 0.04
inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the permissions of directories named (1) db, (2) www, (3) Special, and (4) log at arbitrary locations under the web root via a modified Dirroot parameter in an AddUser…
- CVE-2007-6496Dec 20, 2007risk 0.03cvss —epss 0.03
Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to register arbitrary users via a request to hosting/addsubsite.asp with the loginname and password parameters set, when preceded by certain requests to hosting/default.asp and hosting/selectdomain.asp, a…
- CVE-2007-6497Dec 20, 2007risk 0.03cvss —epss 0.03
Hosting Controller 6.1 Hot fix 3.3 and earlier (1) allows remote attackers to change arbitrary user profiles via a request to Hosting/Addreseller.asp with modified loginname and email parameters; and (2) allows remote authenticated users to change a credit amount and increase a…
- CVE-2007-6498Dec 20, 2007risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) email and (2) loginname parameters to Hosting/Addreseller.asp, (3) the sortfield parameter to…
- CVE-2007-6499Dec 20, 2007risk 0.03cvss —epss 0.03
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to uninstall the FrontPage extensions of an arbitrary account via a request to fp2002/UNINSTAL.asp with a "host id (IIS) value."
- CVE-2007-6500Dec 20, 2007risk 0.03cvss —epss 0.04
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to delete "gateway information" via a request to OpenApi/GatewayVariables.asp.
- CVE-2007-6501Dec 20, 2007risk 0.03cvss —epss 0.02
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to enable or disable "pay type" via a request to adminsettings/choosetranstype.asp.
- CVE-2007-6502Dec 20, 2007risk 0.03cvss —epss 0.03
Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to obtain sensitive information via (1) the AdminName and AdminLevel parameters to fp2000/NEWSRVR.asp, which discloses usernames; and (2) certain XML HTTP requests to hosting/css.asp using…
- CVE-2007-6503Dec 20, 2007risk 0.03cvss —epss 0.02
Multiple unspecified vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to (1) import an arbitrary plan via a request to hosting/importhostingplans.asp; or (2) change an arbitrary plan via a request to hosting/AutoSignUpPlans.asp…
- CVE-2007-6504Dec 20, 2007risk 0.03cvss —epss 0.02
Unspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the headers of arbitrary hosts via an unspecified parameter.
- CVE-2007-5584Dec 20, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.2(3) allows remote attackers to cause a denial of service (device reload) via crafted "data in the control-plane path with Layer 7 Application Inspections."
- CVE-2007-6351Dec 20, 2007risk 0.00cvss —epss 0.02
libexif 0.6.16 and earlier allows context-dependent attackers to cause a denial of service (infinite recursion) via an image file with crafted EXIF tags, possibly involving the exif_loader_write function in exif_loader.c.
- CVE-2007-6352Dec 20, 2007risk 0.00cvss —epss 0.03
Integer overflow in libexif 0.6.16 and earlier allows context-dependent attackers to execute arbitrary code via an image with crafted EXIF tags, possibly involving the exif_data_load_data_thumbnail function in exif-data.c.
- CVE-2007-6430Dec 20, 2007risk 0.00cvss —epss 0.02
Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check the IP address when the username is…
- CVE-2007-6242Dec 20, 2007risk 0.02cvss —epss 0.30
Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier might allow remote attackers to execute arbitrary code via unknown vectors, related to "input validation errors."
- CVE-2007-6243Dec 20, 2007risk 0.01cvss —epss 0.08
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.
- CVE-2007-6244Dec 20, 2007risk 0.04cvss —epss 0.13
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used…
- CVE-2007-6245Dec 20, 2007risk 0.00cvss —epss 0.05
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks.
- CVE-2007-6246Dec 20, 2007risk 0.01cvss —epss 0.12
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0, when running on Linux, uses insecure permissions for memory, which might allow local users to gain privileges.
- CVE-2007-6335Dec 20, 2007risk 0.04cvss —epss 0.18
Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow.
- CVE-2007-6336Dec 20, 2007risk 0.00cvss —epss 0.04
Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file.
- CVE-2007-6353Dec 20, 2007risk 0.00cvss —epss 0.05
Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.
- CVE-2007-5966Dec 20, 2007risk 0.00cvss —epss 0.00
Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details are obtained from third…
- CVE-2007-6281Dec 20, 2007risk 0.01cvss —epss 0.07
Heap-based buffer overflow in Open File Manager service (ofmnt.exe) in St. Bernard Open File Manager 9.5 allows remote attackers to execute arbitrary code via a long request.
- CVE-2007-6452Dec 20, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in the benchmark reporting system in Google Web Toolkit (GWT) before 1.4.61 has unknown impact and attack vectors, possibly related to cross-site scripting (XSS).
- CVE-2007-6453Dec 20, 2007risk 0.03cvss —epss 0.05
Directory traversal vulnerability in raidenhttpd-admin/workspace.php in RaidenHTTPD 2.0.19, when the WebAdmin function is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ulang parameter.
- CVE-2007-6454Dec 20, 2007risk 0.04cvss —epss 0.17
Heap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request.
- CVE-2007-6455Dec 20, 2007risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Itemid parameter in a com_frontpage option and the (2) option parameter.
- CVE-2007-6456Dec 20, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in OpenOffice.org code in Planamesa NeoOffice 2.2.2 before Patch 4 has unknown impact and attack vectors related to MacOS 10.3.9 .odb files. NOTE: it is not clear whether this issue is a vulnerability.
- CVE-2007-6457Dec 20, 2007risk 0.03cvss —epss 0.04
Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header.
- CVE-2007-6458Dec 20, 2007risk 0.03cvss —epss 0.02
SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php.
- CVE-2007-6459Dec 20, 2007risk 0.03cvss —epss 0.03
Anon Proxy Server 0.100, and probably 0.101, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the host parameter to diagdns.php, and (2) the host parameter and possibly (3) the port parameter to diagconnect.php, a different vulnerability than…
- CVE-2007-6460Dec 20, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Anon Proxy Server before 0.101 allow remote attackers to inject arbitrary web script or HTML via the URI, which is later displayed by (1) log.php or (2) logerror.php, a different vulnerability than CVE-2007-6459.
- CVE-2007-6461Dec 20, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flyspray 0.9.9 through 0.9.9.3 allow remote attackers to inject arbitrary web script or HTML via (1) the query string in an index action, related to the savesearch JavaScript function; and (2) the details…
- CVE-2007-6462Dec 20, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in fullnews.php in PHP Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2007-6463Dec 20, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in PHP Real Estate Classifieds allow remote attackers to inject arbitrary web script or HTML via unspecified "text areas/boxes."
- CVE-2007-6464Dec 20, 2007risk 0.03cvss —epss 0.02
Multiple PHP remote file inclusion vulnerabilities in Form tools 1.5.0b allow remote attackers to execute arbitrary PHP code via a URL in the g_root_dir parameter to (1) admin_page_open.php and (2) client_page_open.php in global/templates/.
- CVE-2007-6465Dec 20, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in Ganglia before 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) c and (2) h parameters to (a) web/host_gmetrics.php; the (3) G, (4) me, (5) x, (6) n, (7) v, (8) l, (9) vl, and…
- CVE-2007-6466Dec 20, 2007risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the prod parameter in a details action, (2) the cat parameter in a browse list action, or (3) the group parameter in a categories action. …
- CVE-2007-6467Dec 20, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows remote attackers to execute arbitrary SQL commands via the ida parameter in a gallery foto_show action.
- CVE-2007-6468Dec 20, 2007risk 0.00cvss —epss 0.06
Buffer overflow in the HuffDecode function in hw_utils/hwrcon/huffman.c and hexenworld/Client/huffman.c in Hammer of Thyrion 1.4.2 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted huffman encoded packet. NOTE: some of these details…
- CVE-2007-6469Dec 20, 2007risk 0.00cvss —epss 0.02
SQL injection vulnerability in index.php in phpRPG 0.8, when magic_qutoes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
- CVE-2007-6470Dec 20, 2007risk 0.03cvss —epss 0.02
phpRPG 0.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read session ID values in files under tmp/, and then hijack sessions via PHPSESSID cookies.