| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-5969 | 0.01 | — | 0.14 | Dec 10, 2007 | MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to… | |||
| CVE-2007-5970 | 0.00 | — | 0.02 | Dec 10, 2007 | MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a… | |||
| CVE-2007-6302 | 0.00 | — | 0.06 | Dec 10, 2007 | Multiple heap-based buffer overflows in avirus.exe in Novell NetMail 3.5.2 before Messaging Architects M+NetMail 3.52f (aka 3.5.2F) allows remote attackers to execute arbitrary code via unspecified ASCII integers used as memory allocation arguments, aka "ZDI-CAN-162." | |||
| CVE-2007-6287 | 0.00 | — | 0.01 | Dec 10, 2007 | Cross-site scripting (XSS) vulnerability in the login page in Lxlabs HyperVM 2.0 allows remote attackers to inject arbitrary web script or HTML via the frm_emessage parameter, a different vector than CVE-2006-6649. NOTE: the provenance of this information is unknown; the… | |||
| CVE-2007-6288 | 0.00 | — | 0.01 | Dec 10, 2007 | Multiple SQL injection vulnerabilities in TCExam before 5.1.000 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2007-6289 | 0.03 | — | 0.02 | Dec 10, 2007 | Multiple PHP remote file inclusion vulnerabilities in SerWeb 2.0.0 dev1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SERWEB[configdir] parameter to load_lang.php, (2) _SERWEB[functionsdir] parameter to main_prepend.php, and the (3)… | |||
| CVE-2007-6290 | 0.04 | — | 0.07 | Dec 10, 2007 | Multiple directory traversal vulnerabilities in js/get_js.php in SERWeb 2.0.0 dev1 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) mod and (2) js parameters. | |||
| CVE-2007-6291 | 0.00 | — | 0.01 | Dec 10, 2007 | SQL injection vulnerability in abm.aspx in Xigla Absolute Banner Manager .NET 4.0 allows remote attackers to execute arbitrary SQL commands via the z parameter. | |||
| CVE-2007-6292 | 0.03 | — | 0.01 | Dec 10, 2007 | SQL injection vulnerability in leggi_commenti.asp in MWOpen 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2007-6293 | 0.00 | — | 0.02 | Dec 10, 2007 | Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 6 R1.3 allow attackers to gain privileges via "some HMC commands." | |||
| CVE-2007-6294 | 0.00 | — | 0.00 | Dec 10, 2007 | Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 3 R3.7 allow attackers to gain privileges via "some HMC commands." | |||
| CVE-2007-6295 | 0.00 | — | 0.01 | Dec 10, 2007 | Cross-site scripting (XSS) vulnerability in the WebRunMenuFrame page in the online meeting center template in IBM Lotus Sametime before 8.0 allows remote attackers to inject arbitrary web script or HTML via the URI. | |||
| CVE-2007-6296 | 0.00 | — | 0.01 | Dec 10, 2007 | PHP remote file inclusion vulnerability in users_popupL.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the From parameter. | |||
| CVE-2007-6297 | 0.03 | — | 0.02 | Dec 10, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML via the (1) LIMIT parameter to chat/deluser.php3, the (2) Link parameter to chat/edituser.php3, or the (3) LastCheck or (4) B parameter to… | |||
| CVE-2007-6298 | 0.00 | — | 0.01 | Dec 10, 2007 | Cross-site scripting (XSS) vulnerability in the Shoutbox module for Drupal 5.x before Shoutbox 5.x-1.1 allows remote authenticated users to inject arbitrary web script or HTML via Shoutbox block messages. | |||
| CVE-2007-6299 | 0.00 | — | 0.02 | Dec 10, 2007 | Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x before 4.7.9 and 5.x before 5.4 allow remote attackers to execute arbitrary SQL commands via modules that pass input to the taxonomy_select_nodes function, as demonstrated by the (1) taxonomy_menu, (2)… | |||
| CVE-2007-6300 | 0.00 | — | 0.01 | Dec 10, 2007 | Cross-site request forgery (CSRF) vulnerability in Fusion News 3.9.0 allows remote attackers to perform unauthorized actions via unspecified vectors. | |||
| CVE-2007-6301 | 0.03 | — | 0.02 | Dec 10, 2007 | Cross-site scripting (XSS) vulnerability in compose.php in OpenNewsletter 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter. | |||
| CVE-2007-5497 | 0.00 | — | 0.04 | Dec 7, 2007 | Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image. | |||
| CVE-2007-6109 | 0.00 | — | 0.03 | Dec 7, 2007 | Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a certain… | |||
| CVE-2007-6265 | 0.00 | — | 0.01 | Dec 7, 2007 | Unspecified vulnerability in avast! 4 Home and Professional Editions before 4.7.1098 allows remote attackers to have an unknown impact via a crafted TAR archive. | |||
| CVE-2007-6266 | 0.03 | — | 0.01 | Dec 7, 2007 | Multiple SQL injection vulnerabilities in bcoos 1.0.10 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the gid parameter to modules/arcade/index.php in a show_stats action, or the lid parameter to (2) modules/myalbum/ratephoto.php or (3)… | |||
| CVE-2007-6267 | 0.00 | — | 0.00 | Dec 7, 2007 | Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information. | |||
| CVE-2007-6268 | 0.04 | — | 0.08 | Dec 7, 2007 | Directory traversal vulnerability in pages/default.aspx in Absolute News Manager.NET 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter. | |||
| CVE-2007-6269 | 0.03 | — | 0.03 | Dec 7, 2007 | Multiple SQL injection vulnerabilities in xlaabsolutenm.aspx in Absolute News Manager.NET 5.1 allow remote attackers to execute arbitrary SQL commands via the (1) z, (2) pz, (3) ord, and (4) sort parameters. | |||
| CVE-2007-6270 | 0.03 | — | 0.02 | Dec 7, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Absolute News Manager.NET 5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) rmore parameter to xlaabsolutenm.aspx and the (2) template parameter to pages/default.aspx. | |||
| CVE-2007-6271 | 0.03 | — | 0.03 | Dec 7, 2007 | Absolute News Manager.NET 5.1 allows remote attackers to obtain sensitive information via a direct request to getpath.aspx, which reveals the installation path in an error message. | |||
| CVE-2007-6272 | 0.03 | — | 0.01 | Dec 7, 2007 | Multiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 allow remote attackers to execute arbitrary SQL commands via (1) the view parameter to the com_content component, (2) the task parameter to the com_search component, or (3) the option parameter in a search… | |||
| CVE-2007-6273 | 0.03 | — | 0.06 | Dec 7, 2007 | Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection… | |||
| CVE-2007-6274 | 0.00 | — | 0.01 | Dec 7, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) day or (2) year parameter. | |||
| CVE-2007-6275 | 0.03 | — | 0.01 | Dec 7, 2007 | SQL injection vulnerability in modules/adresses/ratefile.php in bcoos 1.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the lid parameter, a different vector than CVE-2007-6266. | |||
| CVE-2007-6276 | 0.04 | — | 0.09 | Dec 7, 2007 | The accept_connections function in the virtual private network daemon (vpnd) in Apple Mac OS X 10.5 before 10.5.4 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted load balancing packet to UDP port 4112. | |||
| CVE-2007-6277 | 0.01 | — | 0.07 | Dec 7, 2007 | Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size,… | |||
| CVE-2007-6278 | 0.00 | — | 0.02 | Dec 7, 2007 | Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file. | |||
| CVE-2007-6279 | 0.00 | — | 0.04 | Dec 7, 2007 | Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file. | |||
| CVE-2007-5769 | 0.00 | — | 0.02 | Dec 6, 2007 | Double free vulnerability in the getreply function in ftp.c in netkit ftp (netkit-ftp) 0.17 20040614 and later allows remote FTP servers to cause a denial of service (application crash) and possibly have unspecified other impact via some types of FTP protocol behavior. NOTE: the… | |||
| CVE-2007-5938 | 0.00 | — | 0.02 | Dec 6, 2007 | The iwl_set_rate function in compatible/iwl3945-base.c in iwlwifi 1.1.21 and earlier dereferences an iwl_get_hw_mode return value without checking for NULL, which might allow remote attackers to cause a denial of service (kernel panic) via unspecified vectors during module… | |||
| CVE-2007-5939 | 0.00 | — | 0.04 | Dec 6, 2007 | The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact via an invalid username. NOTE: the vulnerability was originally reported for… | |||
| CVE-2007-6263 | 0.00 | — | 0.02 | Dec 6, 2007 | The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, when certain modifications to support SSL have been introduced, calls fclose on an uninitialized file stream, which allows remote attackers to cause a denial of service (daemon crash) and possibly have… | |||
| CVE-2007-4575 | 0.01 | — | 0.14 | Dec 6, 2007 | HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods." | |||
| CVE-2007-5894 | 0.00 | — | 0.03 | Dec 6, 2007 | The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions… | |||
| CVE-2007-5901 | 0.00 | — | 0.00 | Dec 6, 2007 | Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code. | |||
| CVE-2007-5902 | 0.00 | — | 0.06 | Dec 6, 2007 | Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request. | |||
| CVE-2007-5971 | 0.00 | — | 0.00 | Dec 6, 2007 | Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. | |||
| CVE-2007-5972 | 0.00 | — | 0.03 | Dec 6, 2007 | Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must… | |||
| CVE-2007-6194 | 0.00 | — | 0.04 | Dec 6, 2007 | Unspecified vulnerability in HP Select Identity 4.01 before 4.01.012 and 4.1x before 4.13.003 allows remote attackers to obtain unspecified access via unknown vectors. | |||
| CVE-2007-6260 | 0.00 | — | 0.01 | Dec 6, 2007 | The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the installation, if performed using the Database Configuration Assistant (DBCA), most… | |||
| CVE-2007-6261 | 0.03 | — | 0.01 | Dec 6, 2007 | Integer overflow in the load_threadstack function in the Mach-O loader (mach_loader.c) in the xnu kernel in Apple Mac OS X 10.4 through 10.5.1 allows local users to cause a denial of service (infinite loop) via a crafted Mach-O binary. | |||
| CVE-2007-6262 | 0.04 | — | 0.11 | Dec 6, 2007 | A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive… | |||
| CVE-2007-5355 | 0.01 | — | 0.17 | Dec 5, 2007 | The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD… |
- CVE-2007-5969Dec 10, 2007risk 0.01cvss —epss 0.14
MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to…
- CVE-2007-5970Dec 10, 2007risk 0.00cvss —epss 0.02
MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a…
- CVE-2007-6302Dec 10, 2007risk 0.00cvss —epss 0.06
Multiple heap-based buffer overflows in avirus.exe in Novell NetMail 3.5.2 before Messaging Architects M+NetMail 3.52f (aka 3.5.2F) allows remote attackers to execute arbitrary code via unspecified ASCII integers used as memory allocation arguments, aka "ZDI-CAN-162."
- CVE-2007-6287Dec 10, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the login page in Lxlabs HyperVM 2.0 allows remote attackers to inject arbitrary web script or HTML via the frm_emessage parameter, a different vector than CVE-2006-6649. NOTE: the provenance of this information is unknown; the…
- CVE-2007-6288Dec 10, 2007risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in TCExam before 5.1.000 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2007-6289Dec 10, 2007risk 0.03cvss —epss 0.02
Multiple PHP remote file inclusion vulnerabilities in SerWeb 2.0.0 dev1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SERWEB[configdir] parameter to load_lang.php, (2) _SERWEB[functionsdir] parameter to main_prepend.php, and the (3)…
- CVE-2007-6290Dec 10, 2007risk 0.04cvss —epss 0.07
Multiple directory traversal vulnerabilities in js/get_js.php in SERWeb 2.0.0 dev1 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) mod and (2) js parameters.
- CVE-2007-6291Dec 10, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in abm.aspx in Xigla Absolute Banner Manager .NET 4.0 allows remote attackers to execute arbitrary SQL commands via the z parameter.
- CVE-2007-6292Dec 10, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in leggi_commenti.asp in MWOpen 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2007-6293Dec 10, 2007risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 6 R1.3 allow attackers to gain privileges via "some HMC commands."
- CVE-2007-6294Dec 10, 2007risk 0.00cvss —epss 0.00
Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 3 R3.7 allow attackers to gain privileges via "some HMC commands."
- CVE-2007-6295Dec 10, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the WebRunMenuFrame page in the online meeting center template in IBM Lotus Sametime before 8.0 allows remote attackers to inject arbitrary web script or HTML via the URI.
- CVE-2007-6296Dec 10, 2007risk 0.00cvss —epss 0.01
PHP remote file inclusion vulnerability in users_popupL.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the From parameter.
- CVE-2007-6297Dec 10, 2007risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML via the (1) LIMIT parameter to chat/deluser.php3, the (2) Link parameter to chat/edituser.php3, or the (3) LastCheck or (4) B parameter to…
- CVE-2007-6298Dec 10, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Shoutbox module for Drupal 5.x before Shoutbox 5.x-1.1 allows remote authenticated users to inject arbitrary web script or HTML via Shoutbox block messages.
- CVE-2007-6299Dec 10, 2007risk 0.00cvss —epss 0.02
Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x before 4.7.9 and 5.x before 5.4 allow remote attackers to execute arbitrary SQL commands via modules that pass input to the taxonomy_select_nodes function, as demonstrated by the (1) taxonomy_menu, (2)…
- CVE-2007-6300Dec 10, 2007risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in Fusion News 3.9.0 allows remote attackers to perform unauthorized actions via unspecified vectors.
- CVE-2007-6301Dec 10, 2007risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in compose.php in OpenNewsletter 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter.
- CVE-2007-5497Dec 7, 2007risk 0.00cvss —epss 0.04
Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image.
- CVE-2007-6109Dec 7, 2007risk 0.00cvss —epss 0.03
Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a certain…
- CVE-2007-6265Dec 7, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in avast! 4 Home and Professional Editions before 4.7.1098 allows remote attackers to have an unknown impact via a crafted TAR archive.
- CVE-2007-6266Dec 7, 2007risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in bcoos 1.0.10 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the gid parameter to modules/arcade/index.php in a show_stats action, or the lid parameter to (2) modules/myalbum/ratephoto.php or (3)…
- CVE-2007-6267Dec 7, 2007risk 0.00cvss —epss 0.00
Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information.
- CVE-2007-6268Dec 7, 2007risk 0.04cvss —epss 0.08
Directory traversal vulnerability in pages/default.aspx in Absolute News Manager.NET 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
- CVE-2007-6269Dec 7, 2007risk 0.03cvss —epss 0.03
Multiple SQL injection vulnerabilities in xlaabsolutenm.aspx in Absolute News Manager.NET 5.1 allow remote attackers to execute arbitrary SQL commands via the (1) z, (2) pz, (3) ord, and (4) sort parameters.
- CVE-2007-6270Dec 7, 2007risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Absolute News Manager.NET 5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) rmore parameter to xlaabsolutenm.aspx and the (2) template parameter to pages/default.aspx.
- CVE-2007-6271Dec 7, 2007risk 0.03cvss —epss 0.03
Absolute News Manager.NET 5.1 allows remote attackers to obtain sensitive information via a direct request to getpath.aspx, which reveals the installation path in an error message.
- CVE-2007-6272Dec 7, 2007risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 allow remote attackers to execute arbitrary SQL commands via (1) the view parameter to the com_content component, (2) the task parameter to the com_search component, or (3) the option parameter in a search…
- CVE-2007-6273Dec 7, 2007risk 0.03cvss —epss 0.06
Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection…
- CVE-2007-6274Dec 7, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) day or (2) year parameter.
- CVE-2007-6275Dec 7, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in modules/adresses/ratefile.php in bcoos 1.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the lid parameter, a different vector than CVE-2007-6266.
- CVE-2007-6276Dec 7, 2007risk 0.04cvss —epss 0.09
The accept_connections function in the virtual private network daemon (vpnd) in Apple Mac OS X 10.5 before 10.5.4 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted load balancing packet to UDP port 4112.
- CVE-2007-6277Dec 7, 2007risk 0.01cvss —epss 0.07
Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size,…
- CVE-2007-6278Dec 7, 2007risk 0.00cvss —epss 0.02
Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file.
- CVE-2007-6279Dec 7, 2007risk 0.00cvss —epss 0.04
Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file.
- CVE-2007-5769Dec 6, 2007risk 0.00cvss —epss 0.02
Double free vulnerability in the getreply function in ftp.c in netkit ftp (netkit-ftp) 0.17 20040614 and later allows remote FTP servers to cause a denial of service (application crash) and possibly have unspecified other impact via some types of FTP protocol behavior. NOTE: the…
- CVE-2007-5938Dec 6, 2007risk 0.00cvss —epss 0.02
The iwl_set_rate function in compatible/iwl3945-base.c in iwlwifi 1.1.21 and earlier dereferences an iwl_get_hw_mode return value without checking for NULL, which might allow remote attackers to cause a denial of service (kernel panic) via unspecified vectors during module…
- CVE-2007-5939Dec 6, 2007risk 0.00cvss —epss 0.04
The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact via an invalid username. NOTE: the vulnerability was originally reported for…
- CVE-2007-6263Dec 6, 2007risk 0.00cvss —epss 0.02
The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, when certain modifications to support SSL have been introduced, calls fclose on an uninitialized file stream, which allows remote attackers to cause a denial of service (daemon crash) and possibly have…
- CVE-2007-4575Dec 6, 2007risk 0.01cvss —epss 0.14
HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods."
- CVE-2007-5894Dec 6, 2007risk 0.00cvss —epss 0.03
The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions…
- CVE-2007-5901Dec 6, 2007risk 0.00cvss —epss 0.00
Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code.
- CVE-2007-5902Dec 6, 2007risk 0.00cvss —epss 0.06
Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request.
- CVE-2007-5971Dec 6, 2007risk 0.00cvss —epss 0.00
Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors.
- CVE-2007-5972Dec 6, 2007risk 0.00cvss —epss 0.03
Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must…
- CVE-2007-6194Dec 6, 2007risk 0.00cvss —epss 0.04
Unspecified vulnerability in HP Select Identity 4.01 before 4.01.012 and 4.1x before 4.13.003 allows remote attackers to obtain unspecified access via unknown vectors.
- CVE-2007-6260Dec 6, 2007risk 0.00cvss —epss 0.01
The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the installation, if performed using the Database Configuration Assistant (DBCA), most…
- CVE-2007-6261Dec 6, 2007risk 0.03cvss —epss 0.01
Integer overflow in the load_threadstack function in the Mach-O loader (mach_loader.c) in the xnu kernel in Apple Mac OS X 10.4 through 10.5.1 allows local users to cause a denial of service (infinite loop) via a crafted Mach-O binary.
- CVE-2007-6262Dec 6, 2007risk 0.04cvss —epss 0.11
A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive…
- CVE-2007-5355Dec 5, 2007risk 0.01cvss —epss 0.17
The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD…