| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-6007 | 0.00 | — | 0.03 | Nov 15, 2007 | Integer overflow in the ID_PSP.apl plug-in for ACD ACDSee Photo Manager 9.0 build 108, Pro Photo Manager 8.1 build 99, and Photo Editor 4.0 build 195 allows user-assisted remote attackers to execute arbitrary code via a crafted PSP image that triggers a heap-based buffer… | |||
| CVE-2007-6008 | 0.00 | — | 0.03 | Nov 15, 2007 | Heap-based buffer overflow in emlsr.dll before 2.0.0.4 in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK allows remote attackers to execute arbitrary code via a long Content-Type header line in an EML file. NOTE: the provenance of this information is unknown;… | |||
| CVE-2007-6009 | 0.00 | — | 0.04 | Nov 15, 2007 | Multiple buffer overflows in ACD products allow user-assisted remote attackers to execute arbitrary code via a long section string in a (1) XBM or (2) XPM file to (a) ID_X.apl or (b) IDE_ACDStd.apl. NOTE: the PSP and LHA vectors are already covered by CVE-2007-4344 and… | |||
| CVE-2007-4702 | 0.00 | — | 0.02 | Nov 15, 2007 | The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions. | |||
| CVE-2007-4703 | 0.00 | — | 0.03 | Nov 15, 2007 | The Application Firewall in Apple Mac OS X 10.5 does not prevent a root process from accepting incoming connections, even when "Block incoming connections" has been set for its associated executable, which might allow remote attackers or local root processes to bypass intended… | |||
| CVE-2007-4704 | 0.00 | — | 0.02 | Nov 15, 2007 | The Application Firewall in Apple Mac OS X 10.5 does not apply changed settings to processes that are started by launchd until the processes are restarted, which might allow attackers to bypass intended access restrictions. | |||
| CVE-2007-5501 | 0.00 | — | 0.04 | Nov 15, 2007 | The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.21 through 2.6.23.7, and 2.6.24-rc through 2.6.24-rc2, allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference. | |||
| CVE-2007-5905 | 0.01 | — | 0.13 | Nov 15, 2007 | Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability. | |||
| CVE-2006-7230 | 0.00 | — | 0.02 | Nov 15, 2007 | Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a… | |||
| CVE-2007-4699 | 0.00 | — | 0.02 | Nov 15, 2007 | The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions. | |||
| CVE-2007-4700 | 0.00 | — | 0.02 | Nov 15, 2007 | Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unknown vectors. | |||
| CVE-2007-4701 | 0.00 | — | 0.00 | Nov 15, 2007 | WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file. | |||
| CVE-2007-3749 | Hig | 0.51 | 7.8 | 0.00 | Nov 15, 2007 | The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach Thread Port or Thread Exception Port when executing a setuid program, which allows local users to execute arbitrary code by creating the port before launching the setuid program, then writing to… | ||
| CVE-2007-4267 | 0.00 | — | 0.00 | Nov 15, 2007 | Stack-based buffer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted IOCTL request that adds an AppleTalk zone to a routing table. | |||
| CVE-2007-4268 | Hig | 0.51 | 7.8 | 0.01 | Nov 15, 2007 | Integer signedness error in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk message with a negative value, which satisfies a signed comparison during mbuf allocation but is later interpreted as… | ||
| CVE-2007-4269 | 0.00 | — | 0.00 | Nov 15, 2007 | Integer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk Session Protocol (ASP) message on an AppleTalk socket, which triggers a heap-based buffer overflow. | |||
| CVE-2007-4678 | 0.00 | — | 0.02 | Nov 15, 2007 | AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it is mounted. | |||
| CVE-2007-4679 | 0.00 | — | 0.02 | Nov 15, 2007 | CFFTP in CFNetwork for Apple Mac OS X 10.4 through 10.4.10 allows remote FTP servers to force clients to connect to other hosts via crafted responses to FTP PASV commands. | |||
| CVE-2007-4680 | 0.00 | — | 0.01 | Nov 15, 2007 | CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack. | |||
| CVE-2007-4681 | 0.00 | — | 0.00 | Nov 15, 2007 | Buffer overflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted directory hierarchy. | |||
| CVE-2007-4682 | 0.00 | — | 0.03 | Nov 15, 2007 | CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted text content that triggers an access of an uninitialized object pointer. | |||
| CVE-2007-4683 | 0.00 | — | 0.00 | Nov 15, 2007 | Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to bypass the chroot mechanism via a relative path when changing the current working directory. | |||
| CVE-2007-4684 | 0.03 | — | 0.01 | Nov 15, 2007 | Integer overflow in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a large num_sels argument to the i386_set_ldt system call. | |||
| CVE-2007-4685 | 0.00 | — | 0.00 | Nov 15, 2007 | The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing setuid or setgid programs in which the stdio, stderr, or stdout file descriptors are "in an unexpected state." | |||
| CVE-2007-4686 | 0.00 | — | 0.00 | Nov 15, 2007 | Integer signedness error in the ttioctl function in bsd/kern/tty.c in the xnu kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to cause a denial of service (system shutdown) or gain privileges via a crafted TIOCSETD ioctl request. | |||
| CVE-2007-4687 | 0.00 | — | 0.02 | Nov 15, 2007 | The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private directory and access arbitrary files. | |||
| CVE-2007-4688 | 0.00 | — | 0.02 | Nov 15, 2007 | The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain all addresses for a host, including link-local addresses, via a Node Information Query. | |||
| CVE-2007-4689 | 0.01 | — | 0.07 | Nov 15, 2007 | Double free vulnerability in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via crafted IPV6 packets. | |||
| CVE-2007-4690 | 0.00 | — | 0.04 | Nov 15, 2007 | Double free vulnerability in the NFS component in Apple Mac OS X 10.4 through 10.4.10 allows remote authenticated users to execute arbitrary code via a crafted AUTH_UNIX RPC packet. | |||
| CVE-2007-4691 | 0.00 | — | 0.02 | Nov 15, 2007 | The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs. | |||
| CVE-2007-4693 | 0.00 | — | 0.00 | Nov 15, 2007 | The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access to bypass the authentication dialog of the screen saver and send keystrokes to a process, related to "handling of keyboard focus between secure text fields." | |||
| CVE-2007-4694 | 0.00 | — | 0.02 | Nov 15, 2007 | Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to access local content via file:// URLs. | |||
| CVE-2007-4695 | 0.00 | — | 0.02 | Nov 15, 2007 | Unspecified "input validation" vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to modify form field values via unknown vectors related to file uploads. | |||
| CVE-2007-4696 | 0.00 | — | 0.01 | Nov 15, 2007 | Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to "page transitions" in Safari. | |||
| CVE-2007-4697 | 0.00 | — | 0.03 | Nov 15, 2007 | Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via unknown vectors related to browser history, which triggers memory corruption. | |||
| CVE-2006-7229 | Hig | 0.49 | 7.5 | 0.03 | Nov 15, 2007 | The skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not properly use the spin_lock and spin_unlock functions, which allows remote attackers to cause a denial of service (machine crash) via a flood of network traffic. | ||
| CVE-2007-4692 | 0.00 | — | 0.02 | Nov 15, 2007 | The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for… | |||
| CVE-2007-4698 | 0.00 | — | 0.02 | Nov 15, 2007 | Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associated with the wrong frame. | |||
| CVE-2007-5973 | 0.03 | — | 0.01 | Nov 15, 2007 | SQL injection vulnerability in articles.php in JPortal 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter. | |||
| CVE-2007-5974 | 0.03 | — | 0.01 | Nov 15, 2007 | SQL injection vulnerability in mailer.php in JPortal 2 allows remote attackers to execute arbitrary SQL commands via the to parameter. | |||
| CVE-2007-5975 | 0.00 | — | 0.01 | Nov 15, 2007 | SQL injection vulnerability in index.php in TBSource, as used in (1) TBDev and (2) TorrentStrike 0.4, allows remote authenticated users to execute arbitrary SQL commands via the choice parameter. NOTE: some of these details are obtained from third party information. | |||
| CVE-2007-5976 | 0.00 | — | 0.01 | Nov 15, 2007 | SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter. | |||
| CVE-2007-5977 | 0.00 | — | 0.01 | Nov 15, 2007 | Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different… | |||
| CVE-2007-5978 | 0.03 | — | 0.01 | Nov 15, 2007 | SQL injection vulnerability in brokenlink.php in the mylinks module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter. | |||
| CVE-2007-5979 | 0.03 | — | 0.03 | Nov 15, 2007 | Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 Firepass 4100 SSL VPN 5.4 through 5.5.2 and 6.0 through 6.0.1 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter. | |||
| CVE-2007-5980 | 0.00 | — | 0.01 | Nov 15, 2007 | Cross-site scripting (XSS) vulnerability in home/rss.php in eggblog before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). | |||
| CVE-2007-5981 | 0.00 | — | 0.01 | Nov 15, 2007 | Lantronix SCS3200 does not properly handle public-key requests, which allows remote attackers to cause a denial of service (unresponsive device) via unspecified keyscan requests. NOTE: the provenance of this information is unknown; the details are obtained solely from third… | |||
| CVE-2007-5982 | 0.03 | — | 0.03 | Nov 15, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4, 2.0.5, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) room parameter to sources/frame.php, the (2) theme_c parameter to help/index.php, or the (3)… | |||
| CVE-2007-5983 | 0.03 | — | 0.02 | Nov 15, 2007 | Cross-site scripting (XSS) vulnerability in index.php in Justin Hagstrom AutoIndex PHP Script before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). | |||
| CVE-2007-5984 | 0.04 | — | 0.08 | Nov 15, 2007 | classes/Url.php in Justin Hagstrom AutoIndex PHP Script before 2.2.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via a %00 sequence in the dir parameter to index.php, which triggers an erroneous "recursive calculation." |
- CVE-2007-6007Nov 15, 2007risk 0.00cvss —epss 0.03
Integer overflow in the ID_PSP.apl plug-in for ACD ACDSee Photo Manager 9.0 build 108, Pro Photo Manager 8.1 build 99, and Photo Editor 4.0 build 195 allows user-assisted remote attackers to execute arbitrary code via a crafted PSP image that triggers a heap-based buffer…
- CVE-2007-6008Nov 15, 2007risk 0.00cvss —epss 0.03
Heap-based buffer overflow in emlsr.dll before 2.0.0.4 in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK allows remote attackers to execute arbitrary code via a long Content-Type header line in an EML file. NOTE: the provenance of this information is unknown;…
- CVE-2007-6009Nov 15, 2007risk 0.00cvss —epss 0.04
Multiple buffer overflows in ACD products allow user-assisted remote attackers to execute arbitrary code via a long section string in a (1) XBM or (2) XPM file to (a) ID_X.apl or (b) IDE_ACDStd.apl. NOTE: the PSP and LHA vectors are already covered by CVE-2007-4344 and…
- CVE-2007-4702Nov 15, 2007risk 0.00cvss —epss 0.02
The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions.
- CVE-2007-4703Nov 15, 2007risk 0.00cvss —epss 0.03
The Application Firewall in Apple Mac OS X 10.5 does not prevent a root process from accepting incoming connections, even when "Block incoming connections" has been set for its associated executable, which might allow remote attackers or local root processes to bypass intended…
- CVE-2007-4704Nov 15, 2007risk 0.00cvss —epss 0.02
The Application Firewall in Apple Mac OS X 10.5 does not apply changed settings to processes that are started by launchd until the processes are restarted, which might allow attackers to bypass intended access restrictions.
- CVE-2007-5501Nov 15, 2007risk 0.00cvss —epss 0.04
The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.21 through 2.6.23.7, and 2.6.24-rc through 2.6.24-rc2, allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference.
- CVE-2007-5905Nov 15, 2007risk 0.01cvss —epss 0.13
Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability.
- CVE-2006-7230Nov 15, 2007risk 0.00cvss —epss 0.02
Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a…
- CVE-2007-4699Nov 15, 2007risk 0.00cvss —epss 0.02
The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions.
- CVE-2007-4700Nov 15, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unknown vectors.
- CVE-2007-4701Nov 15, 2007risk 0.00cvss —epss 0.00
WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file.
- risk 0.51cvss 7.8epss 0.00
The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach Thread Port or Thread Exception Port when executing a setuid program, which allows local users to execute arbitrary code by creating the port before launching the setuid program, then writing to…
- CVE-2007-4267Nov 15, 2007risk 0.00cvss —epss 0.00
Stack-based buffer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted IOCTL request that adds an AppleTalk zone to a routing table.
- risk 0.51cvss 7.8epss 0.01
Integer signedness error in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk message with a negative value, which satisfies a signed comparison during mbuf allocation but is later interpreted as…
- CVE-2007-4269Nov 15, 2007risk 0.00cvss —epss 0.00
Integer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk Session Protocol (ASP) message on an AppleTalk socket, which triggers a heap-based buffer overflow.
- CVE-2007-4678Nov 15, 2007risk 0.00cvss —epss 0.02
AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it is mounted.
- CVE-2007-4679Nov 15, 2007risk 0.00cvss —epss 0.02
CFFTP in CFNetwork for Apple Mac OS X 10.4 through 10.4.10 allows remote FTP servers to force clients to connect to other hosts via crafted responses to FTP PASV commands.
- CVE-2007-4680Nov 15, 2007risk 0.00cvss —epss 0.01
CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack.
- CVE-2007-4681Nov 15, 2007risk 0.00cvss —epss 0.00
Buffer overflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted directory hierarchy.
- CVE-2007-4682Nov 15, 2007risk 0.00cvss —epss 0.03
CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted text content that triggers an access of an uninitialized object pointer.
- CVE-2007-4683Nov 15, 2007risk 0.00cvss —epss 0.00
Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to bypass the chroot mechanism via a relative path when changing the current working directory.
- CVE-2007-4684Nov 15, 2007risk 0.03cvss —epss 0.01
Integer overflow in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a large num_sels argument to the i386_set_ldt system call.
- CVE-2007-4685Nov 15, 2007risk 0.00cvss —epss 0.00
The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing setuid or setgid programs in which the stdio, stderr, or stdout file descriptors are "in an unexpected state."
- CVE-2007-4686Nov 15, 2007risk 0.00cvss —epss 0.00
Integer signedness error in the ttioctl function in bsd/kern/tty.c in the xnu kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to cause a denial of service (system shutdown) or gain privileges via a crafted TIOCSETD ioctl request.
- CVE-2007-4687Nov 15, 2007risk 0.00cvss —epss 0.02
The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private directory and access arbitrary files.
- CVE-2007-4688Nov 15, 2007risk 0.00cvss —epss 0.02
The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain all addresses for a host, including link-local addresses, via a Node Information Query.
- CVE-2007-4689Nov 15, 2007risk 0.01cvss —epss 0.07
Double free vulnerability in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via crafted IPV6 packets.
- CVE-2007-4690Nov 15, 2007risk 0.00cvss —epss 0.04
Double free vulnerability in the NFS component in Apple Mac OS X 10.4 through 10.4.10 allows remote authenticated users to execute arbitrary code via a crafted AUTH_UNIX RPC packet.
- CVE-2007-4691Nov 15, 2007risk 0.00cvss —epss 0.02
The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs.
- CVE-2007-4693Nov 15, 2007risk 0.00cvss —epss 0.00
The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access to bypass the authentication dialog of the screen saver and send keystrokes to a process, related to "handling of keyboard focus between secure text fields."
- CVE-2007-4694Nov 15, 2007risk 0.00cvss —epss 0.02
Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to access local content via file:// URLs.
- CVE-2007-4695Nov 15, 2007risk 0.00cvss —epss 0.02
Unspecified "input validation" vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to modify form field values via unknown vectors related to file uploads.
- CVE-2007-4696Nov 15, 2007risk 0.00cvss —epss 0.01
Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to "page transitions" in Safari.
- CVE-2007-4697Nov 15, 2007risk 0.00cvss —epss 0.03
Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via unknown vectors related to browser history, which triggers memory corruption.
- risk 0.49cvss 7.5epss 0.03
The skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not properly use the spin_lock and spin_unlock functions, which allows remote attackers to cause a denial of service (machine crash) via a flood of network traffic.
- CVE-2007-4692Nov 15, 2007risk 0.00cvss —epss 0.02
The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for…
- CVE-2007-4698Nov 15, 2007risk 0.00cvss —epss 0.02
Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associated with the wrong frame.
- CVE-2007-5973Nov 15, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in articles.php in JPortal 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter.
- CVE-2007-5974Nov 15, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in mailer.php in JPortal 2 allows remote attackers to execute arbitrary SQL commands via the to parameter.
- CVE-2007-5975Nov 15, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in index.php in TBSource, as used in (1) TBDev and (2) TorrentStrike 0.4, allows remote authenticated users to execute arbitrary SQL commands via the choice parameter. NOTE: some of these details are obtained from third party information.
- CVE-2007-5976Nov 15, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter.
- CVE-2007-5977Nov 15, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different…
- CVE-2007-5978Nov 15, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in brokenlink.php in the mylinks module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter.
- CVE-2007-5979Nov 15, 2007risk 0.03cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 Firepass 4100 SSL VPN 5.4 through 5.5.2 and 6.0 through 6.0.1 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter.
- CVE-2007-5980Nov 15, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in home/rss.php in eggblog before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).
- CVE-2007-5981Nov 15, 2007risk 0.00cvss —epss 0.01
Lantronix SCS3200 does not properly handle public-key requests, which allows remote attackers to cause a denial of service (unresponsive device) via unspecified keyscan requests. NOTE: the provenance of this information is unknown; the details are obtained solely from third…
- CVE-2007-5982Nov 15, 2007risk 0.03cvss —epss 0.03
Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4, 2.0.5, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) room parameter to sources/frame.php, the (2) theme_c parameter to help/index.php, or the (3)…
- CVE-2007-5983Nov 15, 2007risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in index.php in Justin Hagstrom AutoIndex PHP Script before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).
- CVE-2007-5984Nov 15, 2007risk 0.04cvss —epss 0.08
classes/Url.php in Justin Hagstrom AutoIndex PHP Script before 2.2.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via a %00 sequence in the dir parameter to index.php, which triggers an erroneous "recursive calculation."