| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-4217 | 0.00 | — | 0.00 | Nov 5, 2007 | Stack-based buffer overflow in the domacro function in ftp in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long parameter to a macro, as demonstrated by executing a macro via the '$' command. | |||
| CVE-2007-4513 | 0.00 | — | 0.01 | Nov 5, 2007 | Multiple stack-based buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via a long argument to the (1) "-p" option to lqueryvg or (2) the "-V" option to lquerypv. | |||
| CVE-2007-4621 | 0.00 | — | 0.00 | Nov 5, 2007 | Buffer overflow in crontab in IBM AIX 5.2 allows local users to gain privileges via long command line arguments. | |||
| CVE-2007-4622 | 0.00 | — | 0.00 | Nov 5, 2007 | Integer underflow in the dns_name_fromtext function in (1) libdns_nonsecure.a and (2) libdns_secure.a in IBM AIX 5.2 allows local users to gain privileges via a crafted "-y" (TSIG key) command line argument to dig. | |||
| CVE-2007-4623 | 0.00 | — | 0.01 | Nov 5, 2007 | Stack-based buffer overflow in the sendrmt function in bellmail in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via a long parameter to the m command. | |||
| CVE-2007-5796 | 0.03 | — | 0.02 | Nov 3, 2007 | Cross-site scripting (XSS) vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists. | |||
| CVE-2007-5797 | 0.00 | — | 0.03 | Nov 3, 2007 | SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database. | |||
| CVE-2007-5798 | 0.00 | — | 0.01 | Nov 3, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to inject arbitrary web script or HTML via the (1) keyField, (2)… | |||
| CVE-2007-5799 | 0.00 | — | 0.01 | Nov 3, 2007 | Multiple cross-site request forgery (CSRF) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to perform some actions as WAS UDDI users via the (1) keyField, (2)… | |||
| CVE-2007-5800 | 0.06 | — | 0.37 | Nov 3, 2007 | Multiple PHP remote file inclusion vulnerabilities in the BackUpWordPress 0.4.2b and earlier plugin for WordPress allow remote attackers to execute arbitrary PHP code via a URL in the bkpwp_plugin_path parameter to (1) plugins/BackUp/Archive.php; and (2) Predicate.php, (3)… | |||
| CVE-2007-5801 | 0.00 | — | 0.01 | Nov 3, 2007 | Unspecified vulnerability in WORK system e-commerce before 4.0.2 has unknown impact and attack vectors related to "Ajax pages." | |||
| CVE-2007-5802 | 0.03 | — | 0.04 | Nov 3, 2007 | Directory traversal vulnerability in index.php in Firewolf Technologies Synergiser 1.2 RC1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: this can be leveraged to obtain the path by including a… | |||
| CVE-2007-5767 | 0.01 | — | 0.07 | Nov 2, 2007 | Heap-based buffer overflow in the Client Trust application (clntrust.exe) in Novell BorderManager 3.8 before Update 1.5 allows remote attackers to execute arbitrary code via a validation request in which the Novell tree name is not properly delimited with a wide-character… | |||
| CVE-2007-5795 | 0.03 | — | 0.01 | Nov 2, 2007 | The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a… | |||
| CVE-2007-4829 | 0.00 | — | 0.04 | Nov 2, 2007 | Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences. | |||
| CVE-2007-5197 | 0.00 | — | 0.04 | Nov 2, 2007 | Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods. | |||
| CVE-2007-5660 | 0.06 | — | 0.37 | Nov 2, 2007 | Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect and InstallShield 2008 allows remote attackers to execute arbitrary code via an unspecified "unsafe method," possibly involving a buffer overflow. | |||
| CVE-2007-5793 | 0.00 | — | 0.02 | Nov 1, 2007 | Stonesoft StoneGate IPS before 4.0 does not properly decode Fullwidth/Halfwidth Unicode encoded data, which makes it easier for remote attackers to scan or penetrate systems and avoid detection. | |||
| CVE-2007-5771 | 0.03 | — | 0.06 | Nov 1, 2007 | Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain administrative access via a myforum%00 cookie. | |||
| CVE-2007-5772 | 0.03 | — | 0.04 | Nov 1, 2007 | Direct static code injection vulnerability in the download module in Flatnuke 3 allows remote authenticated administrators to inject arbitrary PHP code into a description.it.php file in a subdirectory of Download/ by saving a description and setting fneditmode to 1. NOTE:… | |||
| CVE-2007-5773 | 0.03 | — | 0.01 | Nov 1, 2007 | Cross-site request forgery (CSRF) vulnerability in index.php in the File Manager module in Flatnuke 3 allows remote attackers to perform certain actions as administrators via requests containing the pathname in the dir parameter and the filename in the ffile parameter. | |||
| CVE-2007-5774 | 0.03 | — | 0.03 | Nov 1, 2007 | index.php in the File Manager module in Flatnuke 3 allows remote attackers to obtain sensitive information via an invalid argumentname parameter in a disc op action, which reveals the path in an error message. | |||
| CVE-2007-5775 | Cri | 0.69 | 9.8 | 0.27 | Nov 1, 2007 | Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. NOTE: as of 20071029, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher,… | ||
| CVE-2007-5776 | 0.03 | — | 0.03 | Nov 1, 2007 | Directory traversal vulnerability in igallery.asp in Blue-Collar Productions i-Gallery 3.4 allows remote attackers to read arbitrary files via encoded backslash sequences in the d parameter, as demonstrated by a "%5c../../%5c" sequence. | |||
| CVE-2007-5777 | 0.00 | — | 0.01 | Nov 1, 2007 | Blue-Collar Productions i-Gallery 3.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a base64-encoded password via a direct request for igallery.mdb. | |||
| CVE-2007-5778 | Hig | 0.49 | 7.5 | 0.01 | Nov 1, 2007 | Mobile Spy (1) stores login credentials in cleartext under the RetinaxStudios registry key, and (2) sends login credentials and log data over a cleartext HTTP connection, which allows attackers to obtain sensitive information by reading the registry or sniffing the network. | ||
| CVE-2007-5779 | 0.09 | — | 0.72 | Nov 1, 2007 | Buffer overflow in the GomManager (GomWeb Control) ActiveX control in GomWeb3.dll 1.0.0.12 in Gretech Online Movie Player (GOM Player) 2.1.6.3499 allows remote attackers to execute arbitrary code via a long argument to the OpenUrl method. | |||
| CVE-2007-5780 | 0.03 | — | 0.02 | Nov 1, 2007 | PHP remote file inclusion vulnerability in pub/pub08_comments.php in teatro 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter. | |||
| CVE-2007-5781 | 0.06 | — | 0.39 | Nov 1, 2007 | PHP remote file inclusion vulnerability in inc/sige_init.php in Sige 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the SYS_PATH parameter. | |||
| CVE-2007-5782 | 0.03 | — | 0.03 | Nov 1, 2007 | Directory traversal vulnerability in dl.php in FireConfig 0.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||
| CVE-2007-5783 | 0.03 | — | 0.01 | Nov 1, 2007 | SQL injection vulnerability in emc.asp in emagiC CMS.Net 4.0 allows remote attackers to execute arbitrary SQL commands via the pageId parameter. | |||
| CVE-2007-5784 | 0.03 | — | 0.02 | Nov 1, 2007 | PHP remote file inclusion vulnerability in index.php in CaupoShop Pro 2.x allows remote attackers to execute arbitrary PHP code via a URL in the action parameter. | |||
| CVE-2007-5785 | 0.03 | — | 0.01 | Nov 1, 2007 | SQL injection vulnerability in file.php in JobSite Professional 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2007-5786 | 0.03 | — | 0.02 | Nov 1, 2007 | Multiple PHP remote file inclusion vulnerabilities in GoSamba 1.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) HTML_oben.php, (2) inc_freigabe.php, (3) inc_freigabe1.php, or (4) inc_freigabe3.php in include/; (5)… | |||
| CVE-2007-5787 | 0.00 | — | 0.01 | Nov 1, 2007 | Micro Login System 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a password via a direct request for userpwd.txt. | |||
| CVE-2007-5788 | 0.00 | — | 0.02 | Nov 1, 2007 | Buffer overflow in the SIP parser on the Grandstream HT-488 0.1 allows remote attackers to cause a denial of service (device crash) via a crafted SIP INVITE message. | |||
| CVE-2007-5789 | 0.00 | — | 0.02 | Nov 1, 2007 | The Grandstream HT-488 0.1 allows remote attackers to cause a denial of service (device crash) via a flood of fragmented packets to port 5060. | |||
| CVE-2007-5790 | 0.00 | — | 0.00 | Nov 1, 2007 | The Globe7 soft phone client 7.3 uses weak cryptography (reversed sequence of binary values) for the password, which might allow local users to obtain sensitive information. | |||
| CVE-2007-5791 | 0.00 | — | 0.04 | Nov 1, 2007 | The Vonage Motorola Phone Adapter VT 2142-VD does not properly verify that a SIP INVITE message originated from a legitimate server, which allows remote attackers to send spoofed INVITE messages, as demonstrated by a flood of messages triggering a denial of service, and by phone… | |||
| CVE-2007-5792 | 0.00 | — | 0.01 | Nov 1, 2007 | The Vonage Motorola Phone Adapter VT 2142-VD does not encrypt RTP packets, which might allow remote attackers to eavesdrop by sniffing the network and reconstructing the RTP session. | |||
| CVE-2007-2957 | 0.00 | — | 0.06 | Oct 31, 2007 | Integer overflow in McAfee E-Business Server before 8.5.3 for Solaris, and before 8.1.2 for Linux, HP-UX, and AIX, allows remote attackers to execute arbitrary code via a large length value in an authentication packet, which results in a heap-based buffer overflow. | |||
| CVE-2007-4351 | 0.01 | — | 0.07 | Oct 31, 2007 | Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-based buffer overflow. | |||
| CVE-2007-5768 | 0.00 | — | 0.01 | Oct 31, 2007 | The Globe7 soft phone client 7.3 sends username and password information in cleartext, which allows remote attackers to obtain sensitive information by sniffing the HTTP traffic. | |||
| CVE-2007-2263 | 0.01 | — | 0.07 | Oct 31, 2007 | Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an SWF (Flash) file with malformed record headers. | |||
| CVE-2007-2264 | 0.01 | — | 0.07 | Oct 31, 2007 | Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a RAM (.ra or .ram) file with a large size value in the RA header. | |||
| CVE-2007-4345 | 0.00 | — | 0.03 | Oct 31, 2007 | Buffer overflow in IMail Client 9.22, as shipped with IPSwitch IMail Server 2006.22, allows remote attackers to execute arbitrary code via a long boundary parameter in a multipart MIME e-mail message. | |||
| CVE-2007-4599 | 0.01 | — | 0.08 | Oct 31, 2007 | Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly 10.5, and RealOne Player 1 and 2, for Windows allows remote attackers to execute arbitrary code via a crafted playlist (PLS) file. | |||
| CVE-2007-5080 | 0.01 | — | 0.08 | Oct 31, 2007 | Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow. | |||
| CVE-2007-5081 | 0.00 | — | 0.05 | Oct 31, 2007 | Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a crafted RM file. | |||
| CVE-2007-5751 | 0.00 | — | 0.00 | Oct 31, 2007 | Liferea before 1.4.6 uses weak permissions (0644) for the feedlist.opml backup file, which allows local users to obtain credentials. |
- CVE-2007-4217Nov 5, 2007risk 0.00cvss —epss 0.00
Stack-based buffer overflow in the domacro function in ftp in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long parameter to a macro, as demonstrated by executing a macro via the '$' command.
- CVE-2007-4513Nov 5, 2007risk 0.00cvss —epss 0.01
Multiple stack-based buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via a long argument to the (1) "-p" option to lqueryvg or (2) the "-V" option to lquerypv.
- CVE-2007-4621Nov 5, 2007risk 0.00cvss —epss 0.00
Buffer overflow in crontab in IBM AIX 5.2 allows local users to gain privileges via long command line arguments.
- CVE-2007-4622Nov 5, 2007risk 0.00cvss —epss 0.00
Integer underflow in the dns_name_fromtext function in (1) libdns_nonsecure.a and (2) libdns_secure.a in IBM AIX 5.2 allows local users to gain privileges via a crafted "-y" (TSIG key) command line argument to dig.
- CVE-2007-4623Nov 5, 2007risk 0.00cvss —epss 0.01
Stack-based buffer overflow in the sendrmt function in bellmail in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via a long parameter to the m command.
- CVE-2007-5796Nov 3, 2007risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists.
- CVE-2007-5797Nov 3, 2007risk 0.00cvss —epss 0.03
SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
- CVE-2007-5798Nov 3, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to inject arbitrary web script or HTML via the (1) keyField, (2)…
- CVE-2007-5799Nov 3, 2007risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to perform some actions as WAS UDDI users via the (1) keyField, (2)…
- CVE-2007-5800Nov 3, 2007risk 0.06cvss —epss 0.37
Multiple PHP remote file inclusion vulnerabilities in the BackUpWordPress 0.4.2b and earlier plugin for WordPress allow remote attackers to execute arbitrary PHP code via a URL in the bkpwp_plugin_path parameter to (1) plugins/BackUp/Archive.php; and (2) Predicate.php, (3)…
- CVE-2007-5801Nov 3, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in WORK system e-commerce before 4.0.2 has unknown impact and attack vectors related to "Ajax pages."
- CVE-2007-5802Nov 3, 2007risk 0.03cvss —epss 0.04
Directory traversal vulnerability in index.php in Firewolf Technologies Synergiser 1.2 RC1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: this can be leveraged to obtain the path by including a…
- CVE-2007-5767Nov 2, 2007risk 0.01cvss —epss 0.07
Heap-based buffer overflow in the Client Trust application (clntrust.exe) in Novell BorderManager 3.8 before Update 1.5 allows remote attackers to execute arbitrary code via a validation request in which the Novell tree name is not properly delimited with a wide-character…
- CVE-2007-5795Nov 2, 2007risk 0.03cvss —epss 0.01
The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a…
- CVE-2007-4829Nov 2, 2007risk 0.00cvss —epss 0.04
Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences.
- CVE-2007-5197Nov 2, 2007risk 0.00cvss —epss 0.04
Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods.
- CVE-2007-5660Nov 2, 2007risk 0.06cvss —epss 0.37
Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect and InstallShield 2008 allows remote attackers to execute arbitrary code via an unspecified "unsafe method," possibly involving a buffer overflow.
- CVE-2007-5793Nov 1, 2007risk 0.00cvss —epss 0.02
Stonesoft StoneGate IPS before 4.0 does not properly decode Fullwidth/Halfwidth Unicode encoded data, which makes it easier for remote attackers to scan or penetrate systems and avoid detection.
- CVE-2007-5771Nov 1, 2007risk 0.03cvss —epss 0.06
Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain administrative access via a myforum%00 cookie.
- CVE-2007-5772Nov 1, 2007risk 0.03cvss —epss 0.04
Direct static code injection vulnerability in the download module in Flatnuke 3 allows remote authenticated administrators to inject arbitrary PHP code into a description.it.php file in a subdirectory of Download/ by saving a description and setting fneditmode to 1. NOTE:…
- CVE-2007-5773Nov 1, 2007risk 0.03cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in index.php in the File Manager module in Flatnuke 3 allows remote attackers to perform certain actions as administrators via requests containing the pathname in the dir parameter and the filename in the ffile parameter.
- CVE-2007-5774Nov 1, 2007risk 0.03cvss —epss 0.03
index.php in the File Manager module in Flatnuke 3 allows remote attackers to obtain sensitive information via an invalid argumentname parameter in a disc op action, which reveals the path in an error message.
- risk 0.69cvss 9.8epss 0.27
Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. NOTE: as of 20071029, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher,…
- CVE-2007-5776Nov 1, 2007risk 0.03cvss —epss 0.03
Directory traversal vulnerability in igallery.asp in Blue-Collar Productions i-Gallery 3.4 allows remote attackers to read arbitrary files via encoded backslash sequences in the d parameter, as demonstrated by a "%5c../../%5c" sequence.
- CVE-2007-5777Nov 1, 2007risk 0.00cvss —epss 0.01
Blue-Collar Productions i-Gallery 3.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a base64-encoded password via a direct request for igallery.mdb.
- risk 0.49cvss 7.5epss 0.01
Mobile Spy (1) stores login credentials in cleartext under the RetinaxStudios registry key, and (2) sends login credentials and log data over a cleartext HTTP connection, which allows attackers to obtain sensitive information by reading the registry or sniffing the network.
- CVE-2007-5779Nov 1, 2007risk 0.09cvss —epss 0.72
Buffer overflow in the GomManager (GomWeb Control) ActiveX control in GomWeb3.dll 1.0.0.12 in Gretech Online Movie Player (GOM Player) 2.1.6.3499 allows remote attackers to execute arbitrary code via a long argument to the OpenUrl method.
- CVE-2007-5780Nov 1, 2007risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in pub/pub08_comments.php in teatro 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter.
- CVE-2007-5781Nov 1, 2007risk 0.06cvss —epss 0.39
PHP remote file inclusion vulnerability in inc/sige_init.php in Sige 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the SYS_PATH parameter.
- CVE-2007-5782Nov 1, 2007risk 0.03cvss —epss 0.03
Directory traversal vulnerability in dl.php in FireConfig 0.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
- CVE-2007-5783Nov 1, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in emc.asp in emagiC CMS.Net 4.0 allows remote attackers to execute arbitrary SQL commands via the pageId parameter.
- CVE-2007-5784Nov 1, 2007risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in index.php in CaupoShop Pro 2.x allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.
- CVE-2007-5785Nov 1, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in file.php in JobSite Professional 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2007-5786Nov 1, 2007risk 0.03cvss —epss 0.02
Multiple PHP remote file inclusion vulnerabilities in GoSamba 1.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) HTML_oben.php, (2) inc_freigabe.php, (3) inc_freigabe1.php, or (4) inc_freigabe3.php in include/; (5)…
- CVE-2007-5787Nov 1, 2007risk 0.00cvss —epss 0.01
Micro Login System 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a password via a direct request for userpwd.txt.
- CVE-2007-5788Nov 1, 2007risk 0.00cvss —epss 0.02
Buffer overflow in the SIP parser on the Grandstream HT-488 0.1 allows remote attackers to cause a denial of service (device crash) via a crafted SIP INVITE message.
- CVE-2007-5789Nov 1, 2007risk 0.00cvss —epss 0.02
The Grandstream HT-488 0.1 allows remote attackers to cause a denial of service (device crash) via a flood of fragmented packets to port 5060.
- CVE-2007-5790Nov 1, 2007risk 0.00cvss —epss 0.00
The Globe7 soft phone client 7.3 uses weak cryptography (reversed sequence of binary values) for the password, which might allow local users to obtain sensitive information.
- CVE-2007-5791Nov 1, 2007risk 0.00cvss —epss 0.04
The Vonage Motorola Phone Adapter VT 2142-VD does not properly verify that a SIP INVITE message originated from a legitimate server, which allows remote attackers to send spoofed INVITE messages, as demonstrated by a flood of messages triggering a denial of service, and by phone…
- CVE-2007-5792Nov 1, 2007risk 0.00cvss —epss 0.01
The Vonage Motorola Phone Adapter VT 2142-VD does not encrypt RTP packets, which might allow remote attackers to eavesdrop by sniffing the network and reconstructing the RTP session.
- CVE-2007-2957Oct 31, 2007risk 0.00cvss —epss 0.06
Integer overflow in McAfee E-Business Server before 8.5.3 for Solaris, and before 8.1.2 for Linux, HP-UX, and AIX, allows remote attackers to execute arbitrary code via a large length value in an authentication packet, which results in a heap-based buffer overflow.
- CVE-2007-4351Oct 31, 2007risk 0.01cvss —epss 0.07
Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-based buffer overflow.
- CVE-2007-5768Oct 31, 2007risk 0.00cvss —epss 0.01
The Globe7 soft phone client 7.3 sends username and password information in cleartext, which allows remote attackers to obtain sensitive information by sniffing the HTTP traffic.
- CVE-2007-2263Oct 31, 2007risk 0.01cvss —epss 0.07
Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an SWF (Flash) file with malformed record headers.
- CVE-2007-2264Oct 31, 2007risk 0.01cvss —epss 0.07
Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a RAM (.ra or .ram) file with a large size value in the RA header.
- CVE-2007-4345Oct 31, 2007risk 0.00cvss —epss 0.03
Buffer overflow in IMail Client 9.22, as shipped with IPSwitch IMail Server 2006.22, allows remote attackers to execute arbitrary code via a long boundary parameter in a multipart MIME e-mail message.
- CVE-2007-4599Oct 31, 2007risk 0.01cvss —epss 0.08
Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly 10.5, and RealOne Player 1 and 2, for Windows allows remote attackers to execute arbitrary code via a crafted playlist (PLS) file.
- CVE-2007-5080Oct 31, 2007risk 0.01cvss —epss 0.08
Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow.
- CVE-2007-5081Oct 31, 2007risk 0.00cvss —epss 0.05
Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a crafted RM file.
- CVE-2007-5751Oct 31, 2007risk 0.00cvss —epss 0.00
Liferea before 1.4.6 uses weak permissions (0644) for the feedlist.opml backup file, which allows local users to obtain credentials.