| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-6122 | 0.00 | — | 0.02 | Nov 26, 2007 | The default_encrypt function in encrypt.c in IRC Services before 5.0.63, and 5.1.x before 5.1.7, allows remote attackers to cause a denial of service (daemon crash) via a long password. NOTE: some of these details are obtained from third party information. | |||
| CVE-2007-6123 | 0.00 | — | 0.02 | Nov 26, 2007 | Unspecified vulnerability in IRC Services 5.1.8 has unknown impact and attack vectors. | |||
| CVE-2007-6124 | 0.03 | — | 0.02 | Nov 26, 2007 | Cross-site scripting (XSS) vulnerability in signin.php in Softbiz Freelancers Script 1 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter. | |||
| CVE-2007-6125 | 0.03 | — | 0.01 | Nov 26, 2007 | SQL injection vulnerability in search_form.php in Softbiz Freelancers Script 1 allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter. | |||
| CVE-2007-6126 | 0.03 | — | 0.02 | Nov 26, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the year parameter to (1) xml/index.php; or (2) the year parameter to view.page.inc.php, which is reachable through a view… | |||
| CVE-2007-6127 | 0.03 | — | 0.01 | Nov 26, 2007 | Multiple SQL injection vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the year parameter to (1) view.page.inc.php, which is reachable through a view action to index.php; or (2) the year parameter to… | |||
| CVE-2007-6128 | 0.03 | — | 0.01 | Nov 26, 2007 | SQL injection vulnerability in events.php in WorkingOnWeb 2.0.1400 allows remote attackers to execute arbitrary SQL commands via the idevent parameter. | |||
| CVE-2007-6129 | 0.03 | — | 0.03 | Nov 26, 2007 | Directory traversal vulnerability in scripts/include/show_content.php in Amber Script 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by… | |||
| CVE-2007-6130 | 0.00 | — | 0.01 | Nov 26, 2007 | gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions. | |||
| CVE-2007-6131 | 0.00 | — | 0.00 | Nov 26, 2007 | buttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite arbitrary files via a symlink attack on the (1) scan.pnm and (2) scan.jpg temporary files. | |||
| CVE-2007-6100 | 0.00 | — | 0.01 | Nov 23, 2007 | Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a… | |||
| CVE-2007-6101 | 0.00 | — | 0.01 | Nov 23, 2007 | Ability Mail Server before 2.61 allows remote authenticated users to cause a denial of service (daemon crash) via (1) malformed number list ranges in unspecified IMAP commands, and possibly (2) a blank string in unspecified messages. | |||
| CVE-2007-6102 | 0.00 | — | 0.01 | Nov 23, 2007 | Cross-site scripting (XSS) vulnerability in Feed to JavaScript (Feed2JS) 1.91 allows remote attackers to inject arbitrary web script or HTML via a URL in a feed. | |||
| CVE-2007-6103 | 0.03 | — | 0.05 | Nov 23, 2007 | I Hear U (IHU) 0.5.6 and earlier allows remote attackers to cause (1) a denial of service (infinite loop) via a packet that contains zero in the size field in its header, which is improperly handled by the Receiver::processPacket function; and (2) a denial of service (daemon… | |||
| CVE-2007-6104 | 0.00 | — | 0.01 | Nov 23, 2007 | Cross-site scripting (XSS) vulnerability in the Instant Web Publishing feature in FileMaker Pro 7 and 8, Server 7 and 8, and Developer 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2007-6105 | 0.04 | — | 0.07 | Nov 23, 2007 | Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_file parameter to (a) comments-display-tpl.php and (b) addons/separate-comments-mod/my-comments-display-tpl.php and the (2)… | |||
| CVE-2007-6106 | 0.03 | — | 0.01 | Nov 23, 2007 | SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98 and earlier allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewevent action. | |||
| CVE-2007-6110 | 0.03 | — | 0.04 | Nov 23, 2007 | Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter. | |||
| CVE-2007-6111 | 0.00 | — | 0.02 | Nov 23, 2007 | Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remote attackers to cause a denial of service (crash) via (1) a crafted MP3 file or (2) unspecified vectors to the NCP dissector. | |||
| CVE-2007-6112 | 0.01 | — | 0.06 | Nov 23, 2007 | Buffer overflow in the PPP dissector Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. | |||
| CVE-2007-6113 | 0.04 | — | 0.07 | Nov 23, 2007 | Integer signedness error in the DNP3 dissector in Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote attackers to cause a denial of service (long loop) via a malformed DNP3 packet. | |||
| CVE-2007-6114 | 0.01 | — | 0.06 | Nov 23, 2007 | Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 through 0.99.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) the SSL dissector or (2) the iSeries (OS/400) Communication trace file parser. | |||
| CVE-2007-6115 | 0.01 | — | 0.06 | Nov 23, 2007 | Buffer overflow in the ANSI MAP dissector for Wireshark (formerly Ethereal) 0.99.5 to 0.99.6, when running on unspecified platforms, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors. | |||
| CVE-2007-6116 | 0.00 | — | 0.03 | Nov 23, 2007 | The Firebird/Interbase dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite loop or crash) via unknown vectors. | |||
| CVE-2007-6117 | 0.00 | — | 0.03 | Nov 23, 2007 | Unspecified vulnerability in the HTTP dissector for Wireshark (formerly Ethereal) 0.10.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted chunked messages. | |||
| CVE-2007-6118 | 0.00 | — | 0.02 | Nov 23, 2007 | The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors. | |||
| CVE-2007-6119 | 0.00 | — | 0.03 | Nov 23, 2007 | The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors. | |||
| CVE-2007-6120 | 0.00 | — | 0.02 | Nov 23, 2007 | The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. | |||
| CVE-2007-6121 | 0.00 | — | 0.02 | Nov 23, 2007 | Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet. | |||
| CVE-2007-6082 | 0.03 | — | 0.04 | Nov 22, 2007 | Direct static code injection vulnerability in acp/savenews.php in Sciurus Hosting Panel, possibly 2.0.3, allows remote attackers to inject arbitrary PHP code via the filecontents parameter, which can be executed by accessing includes/news.php. | |||
| CVE-2007-6083 | 0.03 | — | 0.02 | Nov 22, 2007 | SQL injection vulnerability in admin/index.php in IceBB 1.0-rc6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header. | |||
| CVE-2007-6084 | 0.03 | — | 0.01 | Nov 22, 2007 | SQL injection vulnerability in software-description.php in HotScripts Clone Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2007-6085 | 0.03 | — | 0.02 | Nov 22, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in VigileCMS 1.4 allow remote attackers to inject arbitrary web script or HTML via the message field in the (1) vedipm or (2) live_chat module. | |||
| CVE-2007-6086 | 0.03 | — | 0.03 | Nov 22, 2007 | Directory traversal vulnerability in index.php in VigileCMS 1.4 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the module parameter. | |||
| CVE-2007-6087 | 0.03 | — | 0.01 | Nov 22, 2007 | Cross-site request forgery (CSRF) vulnerability in index.php in VigileCMS 1.4 allows remote attackers to change the admin password via certain parameters to the changepass module. | |||
| CVE-2007-6088 | 0.04 | — | 0.07 | Nov 22, 2007 | PHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBBViet 02.03.07 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||
| CVE-2007-6089 | 0.03 | — | 0.05 | Nov 22, 2007 | PHP remote file inclusion vulnerability in index.php in meBiblio 0.4.5 allows remote attackers to execute arbitrary PHP code via a URL in the action parameter. | |||
| CVE-2007-6090 | 0.00 | — | 0.01 | Nov 22, 2007 | Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||
| CVE-2007-6091 | 0.03 | — | 0.02 | Nov 22, 2007 | Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System (JBS) 2.0, and possibly JiRo's Upload Manager (aka JiRo's Upload System or JUS), allow remote attackers to execute arbitrary SQL commands via the (1) Username (aka Login or Email) or (2) Password… | |||
| CVE-2007-6092 | 0.00 | — | 0.02 | Nov 22, 2007 | Buffer overflow in libsrtp in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries. | |||
| CVE-2007-6093 | 0.00 | — | 0.01 | Nov 22, 2007 | The SRTP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (kernel crash) via an RTCP index that is "much more than expected." | |||
| CVE-2007-6094 | 0.00 | — | 0.01 | Nov 22, 2007 | The IPsec module in the VPN component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (module crash) via an IPsec Phase 2 proposal that lacks Perfect Forward Secrecy (PFS). | |||
| CVE-2007-6095 | 0.00 | — | 0.01 | Nov 22, 2007 | The SIP component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0, when Remote NAT Traversal is employed, does not properly perform user registration and message distribution, which might allow remote authenticated users to receive messages intended for other users. | |||
| CVE-2007-6096 | 0.00 | — | 0.01 | Nov 22, 2007 | Ingate Firewall before 4.6.0 and SIParator before 4.6.0 use cleartext storage for passwords of "administrators with less privileges," which might allow attackers to read these passwords via unknown vectors. | |||
| CVE-2007-6097 | 0.00 | — | 0.01 | Nov 22, 2007 | Unspecified vulnerability in the ICMP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and remote attack vectors, related to ICMP packets that are "incorrectly accepted." | |||
| CVE-2007-6098 | 0.00 | — | 0.01 | Nov 22, 2007 | Ingate Firewall before 4.6.0 and SIParator before 4.6.0 do not log truncated (1) ICMP, (2) UDP, and (3) TCP packets, which has unknown impact and remote attack vectors; and do not log (4) serial-console login attempts with nonexistent usernames, which might make it easier for… | |||
| CVE-2007-6099 | 0.00 | — | 0.02 | Nov 22, 2007 | Unspecified vulnerability in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 might leave "media pinholes" open upon a restart of the SIP module, which might make it easier for remote attackers to conduct unauthorized activities. | |||
| CVE-2007-6081 | 0.00 | — | 0.01 | Nov 21, 2007 | AdventNet EventLog Analyzer build 4030 for Windows, and possibly other versions and platforms, installs a mysql instance with a default "root" account without a password, which allows remote attackers to gain privileges and modify logs. Fixed in EventLog Analyzer Build 6000. | |||
| CVE-2007-5612 | 0.00 | — | 0.02 | Nov 21, 2007 | CIM Server in IBM Director 5.20.1 and earlier allows remote attackers to cause a denial of service (CPU consumption, connection slot exhaustion, and daemon crash) via a large number of idle connections. | |||
| CVE-2007-6078 | 0.03 | — | 0.01 | Nov 21, 2007 | Multiple SQL injection vulnerabilities in SkyPortal RC6 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) nc_top.asp; (2) inc_bookmarks.asp, possibly involving a parameter passed from cp_main.asp; (3) inc_profile_functions.asp; or (4)… |
- CVE-2007-6122Nov 26, 2007risk 0.00cvss —epss 0.02
The default_encrypt function in encrypt.c in IRC Services before 5.0.63, and 5.1.x before 5.1.7, allows remote attackers to cause a denial of service (daemon crash) via a long password. NOTE: some of these details are obtained from third party information.
- CVE-2007-6123Nov 26, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in IRC Services 5.1.8 has unknown impact and attack vectors.
- CVE-2007-6124Nov 26, 2007risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in signin.php in Softbiz Freelancers Script 1 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter.
- CVE-2007-6125Nov 26, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in search_form.php in Softbiz Freelancers Script 1 allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter.
- CVE-2007-6126Nov 26, 2007risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the year parameter to (1) xml/index.php; or (2) the year parameter to view.page.inc.php, which is reachable through a view…
- CVE-2007-6127Nov 26, 2007risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the year parameter to (1) view.page.inc.php, which is reachable through a view action to index.php; or (2) the year parameter to…
- CVE-2007-6128Nov 26, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in events.php in WorkingOnWeb 2.0.1400 allows remote attackers to execute arbitrary SQL commands via the idevent parameter.
- CVE-2007-6129Nov 26, 2007risk 0.03cvss —epss 0.03
Directory traversal vulnerability in scripts/include/show_content.php in Amber Script 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by…
- CVE-2007-6130Nov 26, 2007risk 0.00cvss —epss 0.01
gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions.
- CVE-2007-6131Nov 26, 2007risk 0.00cvss —epss 0.00
buttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite arbitrary files via a symlink attack on the (1) scan.pnm and (2) scan.jpg temporary files.
- CVE-2007-6100Nov 23, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a…
- CVE-2007-6101Nov 23, 2007risk 0.00cvss —epss 0.01
Ability Mail Server before 2.61 allows remote authenticated users to cause a denial of service (daemon crash) via (1) malformed number list ranges in unspecified IMAP commands, and possibly (2) a blank string in unspecified messages.
- CVE-2007-6102Nov 23, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Feed to JavaScript (Feed2JS) 1.91 allows remote attackers to inject arbitrary web script or HTML via a URL in a feed.
- CVE-2007-6103Nov 23, 2007risk 0.03cvss —epss 0.05
I Hear U (IHU) 0.5.6 and earlier allows remote attackers to cause (1) a denial of service (infinite loop) via a packet that contains zero in the size field in its header, which is improperly handled by the Receiver::processPacket function; and (2) a denial of service (daemon…
- CVE-2007-6104Nov 23, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Instant Web Publishing feature in FileMaker Pro 7 and 8, Server 7 and 8, and Developer 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2007-6105Nov 23, 2007risk 0.04cvss —epss 0.07
Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_file parameter to (a) comments-display-tpl.php and (b) addons/separate-comments-mod/my-comments-display-tpl.php and the (2)…
- CVE-2007-6106Nov 23, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98 and earlier allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewevent action.
- CVE-2007-6110Nov 23, 2007risk 0.03cvss —epss 0.04
Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter.
- CVE-2007-6111Nov 23, 2007risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remote attackers to cause a denial of service (crash) via (1) a crafted MP3 file or (2) unspecified vectors to the NCP dissector.
- CVE-2007-6112Nov 23, 2007risk 0.01cvss —epss 0.06
Buffer overflow in the PPP dissector Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.
- CVE-2007-6113Nov 23, 2007risk 0.04cvss —epss 0.07
Integer signedness error in the DNP3 dissector in Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote attackers to cause a denial of service (long loop) via a malformed DNP3 packet.
- CVE-2007-6114Nov 23, 2007risk 0.01cvss —epss 0.06
Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 through 0.99.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) the SSL dissector or (2) the iSeries (OS/400) Communication trace file parser.
- CVE-2007-6115Nov 23, 2007risk 0.01cvss —epss 0.06
Buffer overflow in the ANSI MAP dissector for Wireshark (formerly Ethereal) 0.99.5 to 0.99.6, when running on unspecified platforms, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors.
- CVE-2007-6116Nov 23, 2007risk 0.00cvss —epss 0.03
The Firebird/Interbase dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite loop or crash) via unknown vectors.
- CVE-2007-6117Nov 23, 2007risk 0.00cvss —epss 0.03
Unspecified vulnerability in the HTTP dissector for Wireshark (formerly Ethereal) 0.10.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted chunked messages.
- CVE-2007-6118Nov 23, 2007risk 0.00cvss —epss 0.02
The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors.
- CVE-2007-6119Nov 23, 2007risk 0.00cvss —epss 0.03
The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors.
- CVE-2007-6120Nov 23, 2007risk 0.00cvss —epss 0.02
The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.
- CVE-2007-6121Nov 23, 2007risk 0.00cvss —epss 0.02
Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet.
- CVE-2007-6082Nov 22, 2007risk 0.03cvss —epss 0.04
Direct static code injection vulnerability in acp/savenews.php in Sciurus Hosting Panel, possibly 2.0.3, allows remote attackers to inject arbitrary PHP code via the filecontents parameter, which can be executed by accessing includes/news.php.
- CVE-2007-6083Nov 22, 2007risk 0.03cvss —epss 0.02
SQL injection vulnerability in admin/index.php in IceBB 1.0-rc6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header.
- CVE-2007-6084Nov 22, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in software-description.php in HotScripts Clone Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2007-6085Nov 22, 2007risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in index.php in VigileCMS 1.4 allow remote attackers to inject arbitrary web script or HTML via the message field in the (1) vedipm or (2) live_chat module.
- CVE-2007-6086Nov 22, 2007risk 0.03cvss —epss 0.03
Directory traversal vulnerability in index.php in VigileCMS 1.4 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the module parameter.
- CVE-2007-6087Nov 22, 2007risk 0.03cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in index.php in VigileCMS 1.4 allows remote attackers to change the admin password via certain parameters to the changepass module.
- CVE-2007-6088Nov 22, 2007risk 0.04cvss —epss 0.07
PHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBBViet 02.03.07 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
- CVE-2007-6089Nov 22, 2007risk 0.03cvss —epss 0.05
PHP remote file inclusion vulnerability in index.php in meBiblio 0.4.5 allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.
- CVE-2007-6090Nov 22, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2007-6091Nov 22, 2007risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System (JBS) 2.0, and possibly JiRo's Upload Manager (aka JiRo's Upload System or JUS), allow remote attackers to execute arbitrary SQL commands via the (1) Username (aka Login or Email) or (2) Password…
- CVE-2007-6092Nov 22, 2007risk 0.00cvss —epss 0.02
Buffer overflow in libsrtp in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries.
- CVE-2007-6093Nov 22, 2007risk 0.00cvss —epss 0.01
The SRTP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (kernel crash) via an RTCP index that is "much more than expected."
- CVE-2007-6094Nov 22, 2007risk 0.00cvss —epss 0.01
The IPsec module in the VPN component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (module crash) via an IPsec Phase 2 proposal that lacks Perfect Forward Secrecy (PFS).
- CVE-2007-6095Nov 22, 2007risk 0.00cvss —epss 0.01
The SIP component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0, when Remote NAT Traversal is employed, does not properly perform user registration and message distribution, which might allow remote authenticated users to receive messages intended for other users.
- CVE-2007-6096Nov 22, 2007risk 0.00cvss —epss 0.01
Ingate Firewall before 4.6.0 and SIParator before 4.6.0 use cleartext storage for passwords of "administrators with less privileges," which might allow attackers to read these passwords via unknown vectors.
- CVE-2007-6097Nov 22, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in the ICMP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and remote attack vectors, related to ICMP packets that are "incorrectly accepted."
- CVE-2007-6098Nov 22, 2007risk 0.00cvss —epss 0.01
Ingate Firewall before 4.6.0 and SIParator before 4.6.0 do not log truncated (1) ICMP, (2) UDP, and (3) TCP packets, which has unknown impact and remote attack vectors; and do not log (4) serial-console login attempts with nonexistent usernames, which might make it easier for…
- CVE-2007-6099Nov 22, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 might leave "media pinholes" open upon a restart of the SIP module, which might make it easier for remote attackers to conduct unauthorized activities.
- CVE-2007-6081Nov 21, 2007risk 0.00cvss —epss 0.01
AdventNet EventLog Analyzer build 4030 for Windows, and possibly other versions and platforms, installs a mysql instance with a default "root" account without a password, which allows remote attackers to gain privileges and modify logs. Fixed in EventLog Analyzer Build 6000.
- CVE-2007-5612Nov 21, 2007risk 0.00cvss —epss 0.02
CIM Server in IBM Director 5.20.1 and earlier allows remote attackers to cause a denial of service (CPU consumption, connection slot exhaustion, and daemon crash) via a large number of idle connections.
- CVE-2007-6078Nov 21, 2007risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in SkyPortal RC6 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) nc_top.asp; (2) inc_bookmarks.asp, possibly involving a parameter passed from cp_main.asp; (3) inc_profile_functions.asp; or (4)…