| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-5985 | 0.00 | — | 0.02 | Nov 15, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in BtiTracker before 1.4.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) account.php, (2) moresmiles.php, or (3) recover.php; or (4) the "to" parameter to usercp.php. | |||
| CVE-2007-5986 | 0.00 | — | 0.01 | Nov 15, 2007 | SQL injection vulnerability in include/functions.php in BtiTracker before 1.4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2007-5987 | 0.00 | — | 0.01 | Nov 15, 2007 | details.php in BtiTracker before 1.4.5, when torrent viewing is disabled for guests, allows remote attackers to bypass protection mechanisms via a direct request, as demonstrated by (1) reading the details of an arbitrary torrent and (2) modifying a torrent owned by a guest. | |||
| CVE-2007-5988 | 0.00 | — | 0.02 | Nov 15, 2007 | blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user accounts, which allows remote attackers to post shoutbox entries as arbitrary users via a modified nick field. | |||
| CVE-2007-3694 | 0.03 | — | 0.02 | Nov 14, 2007 | Cross-site scripting (XSS) vulnerability in login.php in Miro Project Broadcast Machine 0.9.9.9 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||
| CVE-2006-7227 | 0.00 | — | 0.04 | Nov 14, 2007 | Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), which… | |||
| CVE-2006-7228 | 0.00 | — | 0.04 | Nov 14, 2007 | Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation… | |||
| CVE-2007-5956 | 0.00 | — | 0.00 | Nov 14, 2007 | Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) before 10.00.xC7W1 allows local users to gain privileges by referencing modified NLS message files through directory traversal sequences in the DBLANG environment variable. | |||
| CVE-2007-5957 | 0.00 | — | 0.00 | Nov 14, 2007 | Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.00.TC3TL and 11.10.TB4TL on Windows allows attackers to cause a denial of service (application crash) via unspecified SQ_ONASSIST requests. | |||
| CVE-2007-5955 | 0.00 | — | 0.01 | Nov 14, 2007 | Cross-site scripting (XSS) vulnerability in updir.php in UPDIR.NET before 2.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2007-3880 | 0.00 | — | 0.00 | Nov 14, 2007 | Format string vulnerability in srsexec in Sun Remote Services (SRS) Net Connect 3.2.3 and 3.2.4, as distributed in the SRS Proxy Core (SUNWsrspx) package, allows local users to gain privileges via format string specifiers in unspecified input that is logged through syslog. | |||
| CVE-2007-3898 | 0.07 | — | 0.55 | Nov 14, 2007 | The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors. | |||
| CVE-2007-5667 | 0.00 | — | 0.00 | Nov 14, 2007 | NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the \.\nwfilter device available for arbitrary user-mode input via METHOD_NEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and… | |||
| CVE-2007-5755 | 0.04 | — | 0.13 | Nov 14, 2007 | Multiple stack-based buffer overflows in the AOL AmpX ActiveX control in AmpX.dll 2.6.1.11 in AOL Radio allow remote attackers to execute arbitrary code via long arguments to unspecified methods. | |||
| CVE-2007-5756 | 0.00 | — | 0.01 | Nov 14, 2007 | Multiple array index errors in the bpf_filter_init function in NPF.SYS in WinPcap before 4.0.2, when run in monitor mode (aka Table Management Extensions or TME), and as used in Wireshark and possibly other products, allow local users to gain privileges via crafted IOCTL… | |||
| CVE-2007-5770 | 0.00 | — | 0.02 | Nov 14, 2007 | The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote… | |||
| CVE-2007-5941 | 0.06 | — | 0.32 | Nov 14, 2007 | Stack-based buffer overflow in the SWCtl.SWCtl ActiveX control in Adobe Shockwave allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument to the ShockwaveVersion method. | |||
| CVE-2007-5942 | 0.00 | — | 0.01 | Nov 14, 2007 | Bandersnatch 0.4 allows remote attackers to obtain sensitive information via a malformed request for index.php with (1) a certain func parameter value; or (2) certain func, jid, page, and limit parameter values; which reveals the path in various error messages. | |||
| CVE-2007-5943 | 0.00 | — | 0.01 | Nov 14, 2007 | Simple Machines Forum (SMF) 1.1.4 allows remote attackers to read a message in private forums by using the advanced search module with the "show results as messages" option, then searching for possible keywords contained in that message. | |||
| CVE-2007-5944 | 0.03 | — | 0.02 | Nov 14, 2007 | Cross-site scripting (XSS) vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server (WAS) 5.1.1.4 through 5.1.1.16 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. NOTE: this might be the same issue as… | |||
| CVE-2007-5945 | 0.00 | — | 0.01 | Nov 14, 2007 | USVN before 0.6.5 allows remote attackers to obtain a list of repository contents via unspecified vectors. | |||
| CVE-2007-5946 | 0.00 | — | 0.00 | Nov 14, 2007 | Unspecified vulnerability in the Aries PA-RISC emulator on HP-UX B.11.23 and B.11.31 on the IA-64 platform allows local users to obtain unspecified access. | |||
| CVE-2007-5947 | 0.00 | — | 0.03 | Nov 14, 2007 | The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct… | |||
| CVE-2007-5948 | 0.00 | — | 0.01 | Nov 14, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in main.php in SF-Shoutbox 1.2.1 through 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) nick (aka Name) and (2) shout (aka Shout) parameters. | |||
| CVE-2007-5949 | 0.00 | — | 0.01 | Nov 14, 2007 | Cross-site scripting (XSS) vulnerability in IBM Tivoli Service Desk 6.2 allows remote authenticated users to inject arbitrary web script or HTML via the Description parameter in a Maximo change action. | |||
| CVE-2007-5950 | 0.00 | — | 0.01 | Nov 14, 2007 | Cross-site scripting (XSS) vulnerability in NetCommons before 1.0.11, and 1.1.x before 1.1.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-4165. | |||
| CVE-2007-5951 | 0.03 | — | 0.01 | Nov 14, 2007 | SQL injection vulnerability in articles.php in E-Vendejo 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2007-5952 | 0.03 | — | 0.01 | Nov 14, 2007 | Cross-site scripting (XSS) vulnerability in admin/index.php in Helios Calendar 1.2.1 Beta allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third… | |||
| CVE-2007-5953 | 0.00 | — | 0.01 | Nov 14, 2007 | Unspecified vulnerability in Really Simple CalDAV Store (RSCDS) before 0.9.0 allows attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2007-5954 | Med | 0.43 | 6.1 | 0.01 | Nov 14, 2007 | Cross-site scripting (XSS) vulnerability in buscador.php in JLMForo System allows remote attackers to inject arbitrary web script or HTML via the clave parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||
| CVE-2007-4136 | 0.00 | — | 0.02 | Nov 14, 2007 | The ricci daemon in Red Hat Conga 0.10.0 allows remote attackers to cause a denial of service (loss of new connections) by repeatedly sending data or attempting connections. | |||
| CVE-2007-5794 | 0.00 | — | 0.01 | Nov 13, 2007 | Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for… | |||
| CVE-2007-5940 | 0.00 | — | 0.00 | Nov 13, 2007 | feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file. | |||
| CVE-2007-5934 | 0.00 | — | 0.02 | Nov 13, 2007 | The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request to store a URL string as a request to retrieve and store the contents of the URL, which might allow remote attackers to use MDB2 as an indirect proxy or obtain sensitive information via a URL into a form… | |||
| CVE-2007-5935 | 0.00 | — | 0.04 | Nov 13, 2007 | Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute arbitrary code via a DVI file with a long href tag. | |||
| CVE-2007-5936 | 0.00 | — | 0.00 | Nov 13, 2007 | dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place. | |||
| CVE-2007-5937 | 0.00 | — | 0.03 | Nov 13, 2007 | Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2007 and earlier might allow user-assisted attackers to execute arbitrary code via a crafted DVI input file. | |||
| CVE-2007-5933 | 0.00 | — | 0.02 | Nov 13, 2007 | Pioneers (formerly gnocatan) before 0.11.3 allows remote attackers to cause a denial of service (crash) by triggering a delete operation while the Session object is still being used, as demonstrated by causing a "Broken pipe" error. | |||
| CVE-2007-5930 | 0.00 | — | 0.01 | Nov 10, 2007 | Cross-site scripting (XSS) vulnerability in the web interface in Cerberus FTP Server before 2.46 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2007-5931 | 0.00 | — | 0.01 | Nov 10, 2007 | The reDirect function in lib/controllers/RepViewController.php in OrangeHRM before 2.2.2 does not verify the privileges of a user, which allows remote attackers to obtain access to data via unspecified vectors. NOTE: the provenance of this information is unknown; the details… | |||
| CVE-2007-5932 | 0.00 | — | 0.02 | Nov 10, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Fatwire Content Server (CS) CMS 6.3.0 allow remote attackers to inject arbitrary web script or HTML via unspecified form fields related to the (1) search function, (2) advanced search function, and possibly other components. | |||
| CVE-2007-5909 | 0.02 | — | 0.21 | Nov 10, 2007 | Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, IBM Lotus Notes before 7.0.3, Symantec Mail Security, and other products, allow remote attackers to execute arbitrary… | |||
| CVE-2007-5910 | 0.01 | — | 0.07 | Nov 10, 2007 | Stack-based buffer overflow in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, wp6sr.dll in IBM Lotus Notes 8.0 and before 7.0.3, Symantec Mail Security, and other products, allows remote attackers to execute… | |||
| CVE-2007-5911 | 0.03 | — | 0.04 | Nov 10, 2007 | Multiple stack-based buffer overflows in the AxMetaStream ActiveX control in AxMetaStream.dll 3.3.2.26 in Viewpoint Media Player 3.2 allow remote attackers to execute arbitrary code via a long string argument to the (1) BroadcastKey, (2) BroadcastKeyFileURL, (3) Component, (4)… | |||
| CVE-2007-5912 | 0.03 | — | 0.01 | Nov 10, 2007 | SQL injection vulnerability in mailer.php in jPORTAL 2 allows remote attackers to execute arbitrary SQL commands via the to parameter. | |||
| CVE-2007-5913 | 0.04 | — | 0.07 | Nov 10, 2007 | dirsys/modules/auth.php in JBC Explorer 7.20 RC1 and earlier does not require authentication, which allows remote attackers to (1) delete auth.inc.php via the suppr parameter, and (2) re-create the auth.inc.php file with contents that specify a new account name and password for… | |||
| CVE-2007-5914 | 0.03 | — | 0.05 | Nov 10, 2007 | Direct static code injection vulnerability in dirsys/modules/config/post.php in JBC Explorer 7.20 RC1 and earlier allows remote authenticated administrators to inject arbitrary PHP code via the DEBUG parameter, which can be executed by accessing config.inc.php. NOTE: this can… | |||
| CVE-2007-5915 | 0.03 | — | 0.02 | Nov 10, 2007 | Directory traversal vulnerability in index.php in phphelpdesk 0.6.16 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the whattodo parameter. | |||
| CVE-2007-5916 | 0.00 | — | 0.01 | Nov 10, 2007 | SQL injection vulnerability in the login page in phphelpdesk 0.6.16 allows remote attackers to execute arbitrary SQL commands via unspecified parameters related to the "login procedures." | |||
| CVE-2007-5917 | 0.00 | — | 0.01 | Nov 10, 2007 | Cross-site request forgery (CSRF) vulnerability in admin/admin_account.php in Skalinks 1.5 and earlier allows remote attackers to add arbitrary privileged accounts as administrators via the admin_name, admin_password, admin_type, and Add_admin parameters. |
- CVE-2007-5985Nov 15, 2007risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in BtiTracker before 1.4.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) account.php, (2) moresmiles.php, or (3) recover.php; or (4) the "to" parameter to usercp.php.
- CVE-2007-5986Nov 15, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in include/functions.php in BtiTracker before 1.4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2007-5987Nov 15, 2007risk 0.00cvss —epss 0.01
details.php in BtiTracker before 1.4.5, when torrent viewing is disabled for guests, allows remote attackers to bypass protection mechanisms via a direct request, as demonstrated by (1) reading the details of an arbitrary torrent and (2) modifying a torrent owned by a guest.
- CVE-2007-5988Nov 15, 2007risk 0.00cvss —epss 0.02
blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user accounts, which allows remote attackers to post shoutbox entries as arbitrary users via a modified nick field.
- CVE-2007-3694Nov 14, 2007risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in login.php in Miro Project Broadcast Machine 0.9.9.9 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
- CVE-2006-7227Nov 14, 2007risk 0.00cvss —epss 0.04
Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), which…
- CVE-2006-7228Nov 14, 2007risk 0.00cvss —epss 0.04
Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation…
- CVE-2007-5956Nov 14, 2007risk 0.00cvss —epss 0.00
Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) before 10.00.xC7W1 allows local users to gain privileges by referencing modified NLS message files through directory traversal sequences in the DBLANG environment variable.
- CVE-2007-5957Nov 14, 2007risk 0.00cvss —epss 0.00
Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.00.TC3TL and 11.10.TB4TL on Windows allows attackers to cause a denial of service (application crash) via unspecified SQ_ONASSIST requests.
- CVE-2007-5955Nov 14, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in updir.php in UPDIR.NET before 2.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2007-3880Nov 14, 2007risk 0.00cvss —epss 0.00
Format string vulnerability in srsexec in Sun Remote Services (SRS) Net Connect 3.2.3 and 3.2.4, as distributed in the SRS Proxy Core (SUNWsrspx) package, allows local users to gain privileges via format string specifiers in unspecified input that is logged through syslog.
- CVE-2007-3898Nov 14, 2007risk 0.07cvss —epss 0.55
The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
- CVE-2007-5667Nov 14, 2007risk 0.00cvss —epss 0.00
NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the \.\nwfilter device available for arbitrary user-mode input via METHOD_NEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and…
- CVE-2007-5755Nov 14, 2007risk 0.04cvss —epss 0.13
Multiple stack-based buffer overflows in the AOL AmpX ActiveX control in AmpX.dll 2.6.1.11 in AOL Radio allow remote attackers to execute arbitrary code via long arguments to unspecified methods.
- CVE-2007-5756Nov 14, 2007risk 0.00cvss —epss 0.01
Multiple array index errors in the bpf_filter_init function in NPF.SYS in WinPcap before 4.0.2, when run in monitor mode (aka Table Management Extensions or TME), and as used in Wireshark and possibly other products, allow local users to gain privileges via crafted IOCTL…
- CVE-2007-5770Nov 14, 2007risk 0.00cvss —epss 0.02
The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote…
- CVE-2007-5941Nov 14, 2007risk 0.06cvss —epss 0.32
Stack-based buffer overflow in the SWCtl.SWCtl ActiveX control in Adobe Shockwave allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument to the ShockwaveVersion method.
- CVE-2007-5942Nov 14, 2007risk 0.00cvss —epss 0.01
Bandersnatch 0.4 allows remote attackers to obtain sensitive information via a malformed request for index.php with (1) a certain func parameter value; or (2) certain func, jid, page, and limit parameter values; which reveals the path in various error messages.
- CVE-2007-5943Nov 14, 2007risk 0.00cvss —epss 0.01
Simple Machines Forum (SMF) 1.1.4 allows remote attackers to read a message in private forums by using the advanced search module with the "show results as messages" option, then searching for possible keywords contained in that message.
- CVE-2007-5944Nov 14, 2007risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server (WAS) 5.1.1.4 through 5.1.1.16 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. NOTE: this might be the same issue as…
- CVE-2007-5945Nov 14, 2007risk 0.00cvss —epss 0.01
USVN before 0.6.5 allows remote attackers to obtain a list of repository contents via unspecified vectors.
- CVE-2007-5946Nov 14, 2007risk 0.00cvss —epss 0.00
Unspecified vulnerability in the Aries PA-RISC emulator on HP-UX B.11.23 and B.11.31 on the IA-64 platform allows local users to obtain unspecified access.
- CVE-2007-5947Nov 14, 2007risk 0.00cvss —epss 0.03
The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct…
- CVE-2007-5948Nov 14, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in main.php in SF-Shoutbox 1.2.1 through 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) nick (aka Name) and (2) shout (aka Shout) parameters.
- CVE-2007-5949Nov 14, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in IBM Tivoli Service Desk 6.2 allows remote authenticated users to inject arbitrary web script or HTML via the Description parameter in a Maximo change action.
- CVE-2007-5950Nov 14, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in NetCommons before 1.0.11, and 1.1.x before 1.1.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-4165.
- CVE-2007-5951Nov 14, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in articles.php in E-Vendejo 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2007-5952Nov 14, 2007risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in admin/index.php in Helios Calendar 1.2.1 Beta allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third…
- CVE-2007-5953Nov 14, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in Really Simple CalDAV Store (RSCDS) before 0.9.0 allows attackers to obtain sensitive information via unspecified vectors.
- risk 0.43cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in buscador.php in JLMForo System allows remote attackers to inject arbitrary web script or HTML via the clave parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2007-4136Nov 14, 2007risk 0.00cvss —epss 0.02
The ricci daemon in Red Hat Conga 0.10.0 allows remote attackers to cause a denial of service (loss of new connections) by repeatedly sending data or attempting connections.
- CVE-2007-5794Nov 13, 2007risk 0.00cvss —epss 0.01
Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for…
- CVE-2007-5940Nov 13, 2007risk 0.00cvss —epss 0.00
feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file.
- CVE-2007-5934Nov 13, 2007risk 0.00cvss —epss 0.02
The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request to store a URL string as a request to retrieve and store the contents of the URL, which might allow remote attackers to use MDB2 as an indirect proxy or obtain sensitive information via a URL into a form…
- CVE-2007-5935Nov 13, 2007risk 0.00cvss —epss 0.04
Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute arbitrary code via a DVI file with a long href tag.
- CVE-2007-5936Nov 13, 2007risk 0.00cvss —epss 0.00
dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place.
- CVE-2007-5937Nov 13, 2007risk 0.00cvss —epss 0.03
Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2007 and earlier might allow user-assisted attackers to execute arbitrary code via a crafted DVI input file.
- CVE-2007-5933Nov 13, 2007risk 0.00cvss —epss 0.02
Pioneers (formerly gnocatan) before 0.11.3 allows remote attackers to cause a denial of service (crash) by triggering a delete operation while the Session object is still being used, as demonstrated by causing a "Broken pipe" error.
- CVE-2007-5930Nov 10, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the web interface in Cerberus FTP Server before 2.46 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2007-5931Nov 10, 2007risk 0.00cvss —epss 0.01
The reDirect function in lib/controllers/RepViewController.php in OrangeHRM before 2.2.2 does not verify the privileges of a user, which allows remote attackers to obtain access to data via unspecified vectors. NOTE: the provenance of this information is unknown; the details…
- CVE-2007-5932Nov 10, 2007risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Fatwire Content Server (CS) CMS 6.3.0 allow remote attackers to inject arbitrary web script or HTML via unspecified form fields related to the (1) search function, (2) advanced search function, and possibly other components.
- CVE-2007-5909Nov 10, 2007risk 0.02cvss —epss 0.21
Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, IBM Lotus Notes before 7.0.3, Symantec Mail Security, and other products, allow remote attackers to execute arbitrary…
- CVE-2007-5910Nov 10, 2007risk 0.01cvss —epss 0.07
Stack-based buffer overflow in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, wp6sr.dll in IBM Lotus Notes 8.0 and before 7.0.3, Symantec Mail Security, and other products, allows remote attackers to execute…
- CVE-2007-5911Nov 10, 2007risk 0.03cvss —epss 0.04
Multiple stack-based buffer overflows in the AxMetaStream ActiveX control in AxMetaStream.dll 3.3.2.26 in Viewpoint Media Player 3.2 allow remote attackers to execute arbitrary code via a long string argument to the (1) BroadcastKey, (2) BroadcastKeyFileURL, (3) Component, (4)…
- CVE-2007-5912Nov 10, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in mailer.php in jPORTAL 2 allows remote attackers to execute arbitrary SQL commands via the to parameter.
- CVE-2007-5913Nov 10, 2007risk 0.04cvss —epss 0.07
dirsys/modules/auth.php in JBC Explorer 7.20 RC1 and earlier does not require authentication, which allows remote attackers to (1) delete auth.inc.php via the suppr parameter, and (2) re-create the auth.inc.php file with contents that specify a new account name and password for…
- CVE-2007-5914Nov 10, 2007risk 0.03cvss —epss 0.05
Direct static code injection vulnerability in dirsys/modules/config/post.php in JBC Explorer 7.20 RC1 and earlier allows remote authenticated administrators to inject arbitrary PHP code via the DEBUG parameter, which can be executed by accessing config.inc.php. NOTE: this can…
- CVE-2007-5915Nov 10, 2007risk 0.03cvss —epss 0.02
Directory traversal vulnerability in index.php in phphelpdesk 0.6.16 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the whattodo parameter.
- CVE-2007-5916Nov 10, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in the login page in phphelpdesk 0.6.16 allows remote attackers to execute arbitrary SQL commands via unspecified parameters related to the "login procedures."
- CVE-2007-5917Nov 10, 2007risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in admin/admin_account.php in Skalinks 1.5 and earlier allows remote attackers to add arbitrary privileged accounts as administrators via the admin_name, admin_password, admin_type, and Add_admin parameters.