| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-5240 | 0.00 | — | 0.03 | Oct 6, 2007 | Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the… | |||
| CVE-2007-5227 | 0.00 | — | 0.01 | Oct 5, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in messaging/course/composeMessage.jsp in BlackBoard Learning System 6.3.1.593 and earlier in BlackBoard Academic Suite allow remote attackers to inject arbitrary web script or HTML via the (1) subject_t and (2) body_text… | |||
| CVE-2007-5228 | 0.00 | — | 0.01 | Oct 5, 2007 | Cross-site scripting (XSS) vulnerability in the subscription functionality in the Project issue tracking module before 4.7.x-1.5, 4.7.x-2.x before 4.7.x-2.5, and 5.x-1.x before 5.x-1.1 for Drupal allows remote authenticated users with project create or edit permissions to inject… | |||
| CVE-2007-5229 | 0.03 | — | 0.05 | Oct 5, 2007 | Cross-site request forgery (CSRF) vulnerability in the FeedBurner FeedSmith 2.2 plugin for WordPress allows remote attackers to change settings and hijack blog feeds via a request to wp-admin/options-general.php that submits parameter values to FeedBurner_FeedSmith_Plugin.php,… | |||
| CVE-2007-5230 | 0.03 | — | 0.05 | Oct 5, 2007 | admin/upload_files.php in Zomplog 3.8.1 and earlier does not check for administrative credentials, which allows remote attackers to perform administrative actions via a direct request. NOTE: this can be leveraged for code execution by exploiting CVE-2007-5231. | |||
| CVE-2007-5231 | 0.03 | — | 0.02 | Oct 5, 2007 | Unrestricted file upload vulnerability in admin/upload_files.php in Zomplog 3.8.1 and earlier allows remote authenticated administrators to upload and execute arbitrary .php files by sending a modified MIME type. NOTE: this can be exploited by unauthenticated attackers by… | |||
| CVE-2007-5232 | 0.00 | — | 0.03 | Oct 5, 2007 | Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an… | |||
| CVE-2007-5233 | 0.03 | — | 0.01 | Oct 5, 2007 | SQL injection vulnerability in index.php in Web Template Management System 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a readmore action. | |||
| CVE-2007-5234 | 0.06 | — | 0.42 | Oct 5, 2007 | PHP remote file inclusion vulnerability in upload/common/footer.php in Ossigeno CMS 2.2 alpha3 allows remote attackers to execute arbitrary PHP code via a URL in the level parameter. | |||
| CVE-2007-3918 | 0.00 | — | 0.01 | Oct 5, 2007 | Cross-site scripting (XSS) vulnerability in account/verify.php in GForge 4.6b2 allows remote attackers to inject arbitrary web script or HTML via the confirm_hash parameter. | |||
| CVE-2007-0447 | 0.00 | — | 0.06 | Oct 5, 2007 | Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives. | |||
| CVE-2007-3699 | 0.00 | — | 0.04 | Oct 5, 2007 | The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header. | |||
| CVE-2007-4568 | 0.00 | — | 0.04 | Oct 5, 2007 | Integer overflow in the build_range function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values, which triggers a heap-based buffer overflow. | |||
| CVE-2007-4990 | 0.01 | — | 0.11 | Oct 5, 2007 | The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the… | |||
| CVE-2007-5226 | 0.00 | — | 0.02 | Oct 5, 2007 | irc_server.c in dircproxy 1.2.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via an ACTION command without a parameter, which triggers a NULL pointer dereference, as demonstrated using a blank /me message from irssi. | |||
| CVE-2007-5078 | 0.00 | — | 0.01 | Oct 5, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in eGov Manager allow remote attackers to inject arbitrary web script or HTML via unspecified "user-supplied input" to (1) center.exe or (2) Index.exe. | |||
| CVE-2007-5217 | 0.05 | — | 0.30 | Oct 5, 2007 | Stack-based buffer overflow in the ADM4 ActiveX control in adm4.dll in Altnet Download Manager 4.0.0.6, as used in (1) Kazaa 3.2.7 and (2) Grokster, allows remote attackers to execute arbitrary code via a long argument to the Install method. NOTE: the provenance of this… | |||
| CVE-2007-5218 | 0.03 | — | 0.02 | Oct 5, 2007 | Cross-site scripting (XSS) vulnerability in index.php in Don Barnes DRBGuestbook 1.1.13 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | |||
| CVE-2007-5219 | 0.04 | — | 0.16 | Oct 5, 2007 | Directory traversal vulnerability in the CLAVSetting.CLSetting.1 ActiveX control in CLAVSetting.DLL 1.00.1829 in the CLAVSetting module in CyberLink PowerDVD 7.0 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument to the… | |||
| CVE-2007-5220 | 0.00 | — | 0.01 | Oct 5, 2007 | SQL injection vulnerability in catalog.asp in ASP Product Catalog allows remote attackers to execute arbitrary SQL commands via the cid parameter and possibly other parameters. | |||
| CVE-2007-5221 | 0.03 | — | 0.03 | Oct 5, 2007 | PHP remote file inclusion vulnerability in mail/childwindow.inc.php in Poppawid 2.7 allows remote attackers to execute arbitrary PHP code via a URL in the form parameter. | |||
| CVE-2007-5222 | 0.03 | — | 0.02 | Oct 5, 2007 | SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.76 allows remote attackers to execute arbitrary SQL commands via a "Firefox ID=" substring in a Referer HTTP header. | |||
| CVE-2007-5223 | 0.00 | — | 0.01 | Oct 5, 2007 | Multiple unspecified vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to include local files and have other unspecified impact, related to incorrect input validation or other defects involving (1) admin/backupstart.php, (2) a .sql filename under… | |||
| CVE-2007-5224 | 0.00 | — | 0.02 | Oct 5, 2007 | inc/exif.inc.php in Original Photo Gallery 0.11.2 and earlier allows remote attackers to execute arbitrary programs via the exif_prog parameter, which is specified in an exec function call. | |||
| CVE-2007-5225 | 0.03 | — | 0.01 | Oct 5, 2007 | Integer signedness error in FIFO filesystems (named pipes) on Sun Solaris 8 through 10 allows local users to read the contents of unspecified memory locations via a negative maximum length value to the I_PEEK ioctl. | |||
| CVE-2007-4133 | 0.00 | — | 0.00 | Oct 4, 2007 | The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE units, which allows local users to cause a denial of service (panic)… | |||
| CVE-2007-4673 | 0.00 | — | 0.02 | Oct 4, 2007 | Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista allows remote attackers to execute arbitrary commands via a URL in the qtnext field in a crafted QTL file. NOTE: this issue may be related to CVE-2006-4965 or CVE-2007-5045. | |||
| CVE-2007-5209 | 0.00 | — | 0.04 | Oct 4, 2007 | Stack-based buffer overflow in DriveLock.exe in CenterTools DriveLock 5.0 allows remote attackers to execute arbitrary code via a long HTTP request to TCP port 6061. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… | |||
| CVE-2007-5210 | 0.00 | — | 0.01 | Oct 4, 2007 | Arbor Networks Peakflow SP before 3.5.1 patch 14, and 3.6.x before 3.6.1 patch 5, allows remote authenticated users to bypass access restrictions and read or write unspecified data via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained… | |||
| CVE-2007-5211 | 0.00 | — | 0.01 | Oct 4, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Arbor Networks Peakflow SP 3.5.1 before patch 14, and 3.6.1 before patch 5, when scope accounts are enabled, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving GET or POST… | |||
| CVE-2007-5212 | 0.00 | — | 0.02 | Oct 4, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1… | |||
| CVE-2007-5213 | 0.00 | — | 0.02 | Oct 4, 2007 | Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to… | |||
| CVE-2007-5214 | 0.00 | — | 0.02 | Oct 4, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to the default URI associated with a directory, as demonstrated by (a) the… | |||
| CVE-2007-5215 | 0.00 | — | 0.01 | Oct 4, 2007 | Multiple PHP remote file inclusion vulnerabilities in Jacob Hinkle GodSend 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the SCRIPT_DIR parameter to (1) gtk/main.inc.php or (2) cmdline.inc.php. NOTE: vector 2 is disputed by CVE because it is contained in… | |||
| CVE-2007-5216 | 0.00 | — | 0.01 | Oct 4, 2007 | Multiple PHP remote file inclusion vulnerabilities in eArk (e-Ark) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the cfg_vcard_path parameter to src/vcard_inc.php or (2) the cfg_phpmailer_path parameter to src/email_inc.php. NOTE: the ark_inc.php… | |||
| CVE-2007-5207 | 0.00 | — | 0.00 | Oct 4, 2007 | guilt 0.27 allows local users to overwrite arbitrary files via a symlink attack on a guilt.log.[PID] temporary file. | |||
| CVE-2007-5194 | 0.00 | — | 0.00 | Oct 4, 2007 | The Chroot server in rMake 1.0.11 creates a /dev/zero device file with read/write permissions for the rMake user and the same minor device number as /dev/port, which might allow local users to gain root privileges. | |||
| CVE-2007-5198 | 0.04 | — | 0.08 | Oct 4, 2007 | Buffer overflow in the redir function in check_http.c in Nagios Plugins before 1.4.10, when running with the -f (follow) option, allows remote web servers to execute arbitrary code via Location header responses (redirects) with a large number of leading "L" characters. | |||
| CVE-2007-5201 | 0.00 | — | 0.00 | Oct 4, 2007 | The FTP backend for Duplicity before 0.4.9 sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments. | |||
| CVE-2007-5191 | 0.00 | — | 0.00 | Oct 4, 2007 | mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs. | |||
| CVE-2007-5193 | 0.00 | — | 0.02 | Oct 4, 2007 | The default configuration for twiki 4.1.2 on Debian GNU/Linux, and possibly other operating systems, specifies the work area directory (cfg{RCS}{WorkAreaDir}) under the web document root, which might allow remote attackers to obtain sensitive information when .htaccess… | |||
| CVE-2007-5173 | 0.03 | — | 0.03 | Oct 3, 2007 | PHP remote file inclusion vulnerability in includes/openid/Auth/OpenID/BBStore.php in phpBB Openid 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the openid_root_path parameter. | |||
| CVE-2007-5174 | 0.03 | — | 0.03 | Oct 3, 2007 | Directory traversal vulnerability in phpinc/news.php in actSite 1.56 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the do parameter. | |||
| CVE-2007-5175 | 0.03 | — | 0.02 | Oct 3, 2007 | PHP remote file inclusion vulnerability lib/base.php in actSite 1.991 Beta allows remote attackers to execute arbitrary PHP code via a URL in the BaseCfg[BaseDir] parameter. | |||
| CVE-2007-5176 | 0.00 | — | 0.02 | Oct 3, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in GroupLink eHelpDesk 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) NA_DISPLAYNAME parameter in helpdesk/user/rf_create.jsp and the (2) username and (3) LDAPError parameters in index2.jsp. … | |||
| CVE-2007-5177 | 0.03 | — | 0.01 | Oct 3, 2007 | SQL injection vulnerability in index.php in the MambAds (com_mambads) 1.5 and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the caid parameter. | |||
| CVE-2007-5178 | 0.03 | — | 0.03 | Oct 3, 2007 | contrib/mx_glance_sdesc.php in the mx_glance 2.3.3 module for mxBB places a critical security check within a comment because of a missing comment delimiter, which allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via a URL in the… | |||
| CVE-2007-5179 | 0.00 | — | 0.01 | Oct 3, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in iletisim.asp in Y&K Iletisim Formu allow remote attackers to inject arbitrary web script or HTML via the (1) ad, (2) sehir, (3) yas, (4) cins, (5) tel, (6) mail, and (7) mesaj parameters. NOTE: the provenance of this… | |||
| CVE-2007-5180 | 0.03 | — | 0.01 | Oct 3, 2007 | Multiple SQL injection vulnerabilities in Ohesa Emlak Portali allow remote attackers to execute arbitrary SQL commands via the (1) Kategori parameter in satilik.asp and the (2) Emlak parameter in detay.asp. | |||
| CVE-2007-5181 | 0.03 | — | 0.01 | Oct 3, 2007 | SQL injection vulnerability in detay.asp in Netkamp Emlak Scripti allows remote attackers to execute arbitrary SQL commands via the ilan_id parameter. |
- CVE-2007-5240Oct 6, 2007risk 0.00cvss —epss 0.03
Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the…
- CVE-2007-5227Oct 5, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in messaging/course/composeMessage.jsp in BlackBoard Learning System 6.3.1.593 and earlier in BlackBoard Academic Suite allow remote attackers to inject arbitrary web script or HTML via the (1) subject_t and (2) body_text…
- CVE-2007-5228Oct 5, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the subscription functionality in the Project issue tracking module before 4.7.x-1.5, 4.7.x-2.x before 4.7.x-2.5, and 5.x-1.x before 5.x-1.1 for Drupal allows remote authenticated users with project create or edit permissions to inject…
- CVE-2007-5229Oct 5, 2007risk 0.03cvss —epss 0.05
Cross-site request forgery (CSRF) vulnerability in the FeedBurner FeedSmith 2.2 plugin for WordPress allows remote attackers to change settings and hijack blog feeds via a request to wp-admin/options-general.php that submits parameter values to FeedBurner_FeedSmith_Plugin.php,…
- CVE-2007-5230Oct 5, 2007risk 0.03cvss —epss 0.05
admin/upload_files.php in Zomplog 3.8.1 and earlier does not check for administrative credentials, which allows remote attackers to perform administrative actions via a direct request. NOTE: this can be leveraged for code execution by exploiting CVE-2007-5231.
- CVE-2007-5231Oct 5, 2007risk 0.03cvss —epss 0.02
Unrestricted file upload vulnerability in admin/upload_files.php in Zomplog 3.8.1 and earlier allows remote authenticated administrators to upload and execute arbitrary .php files by sending a modified MIME type. NOTE: this can be exploited by unauthenticated attackers by…
- CVE-2007-5232Oct 5, 2007risk 0.00cvss —epss 0.03
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an…
- CVE-2007-5233Oct 5, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in Web Template Management System 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a readmore action.
- CVE-2007-5234Oct 5, 2007risk 0.06cvss —epss 0.42
PHP remote file inclusion vulnerability in upload/common/footer.php in Ossigeno CMS 2.2 alpha3 allows remote attackers to execute arbitrary PHP code via a URL in the level parameter.
- CVE-2007-3918Oct 5, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in account/verify.php in GForge 4.6b2 allows remote attackers to inject arbitrary web script or HTML via the confirm_hash parameter.
- CVE-2007-0447Oct 5, 2007risk 0.00cvss —epss 0.06
Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives.
- CVE-2007-3699Oct 5, 2007risk 0.00cvss —epss 0.04
The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header.
- CVE-2007-4568Oct 5, 2007risk 0.00cvss —epss 0.04
Integer overflow in the build_range function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values, which triggers a heap-based buffer overflow.
- CVE-2007-4990Oct 5, 2007risk 0.01cvss —epss 0.11
The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the…
- CVE-2007-5226Oct 5, 2007risk 0.00cvss —epss 0.02
irc_server.c in dircproxy 1.2.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via an ACTION command without a parameter, which triggers a NULL pointer dereference, as demonstrated using a blank /me message from irssi.
- CVE-2007-5078Oct 5, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in eGov Manager allow remote attackers to inject arbitrary web script or HTML via unspecified "user-supplied input" to (1) center.exe or (2) Index.exe.
- CVE-2007-5217Oct 5, 2007risk 0.05cvss —epss 0.30
Stack-based buffer overflow in the ADM4 ActiveX control in adm4.dll in Altnet Download Manager 4.0.0.6, as used in (1) Kazaa 3.2.7 and (2) Grokster, allows remote attackers to execute arbitrary code via a long argument to the Install method. NOTE: the provenance of this…
- CVE-2007-5218Oct 5, 2007risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in index.php in Don Barnes DRBGuestbook 1.1.13 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
- CVE-2007-5219Oct 5, 2007risk 0.04cvss —epss 0.16
Directory traversal vulnerability in the CLAVSetting.CLSetting.1 ActiveX control in CLAVSetting.DLL 1.00.1829 in the CLAVSetting module in CyberLink PowerDVD 7.0 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument to the…
- CVE-2007-5220Oct 5, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in catalog.asp in ASP Product Catalog allows remote attackers to execute arbitrary SQL commands via the cid parameter and possibly other parameters.
- CVE-2007-5221Oct 5, 2007risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in mail/childwindow.inc.php in Poppawid 2.7 allows remote attackers to execute arbitrary PHP code via a URL in the form parameter.
- CVE-2007-5222Oct 5, 2007risk 0.03cvss —epss 0.02
SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.76 allows remote attackers to execute arbitrary SQL commands via a "Firefox ID=" substring in a Referer HTTP header.
- CVE-2007-5223Oct 5, 2007risk 0.00cvss —epss 0.01
Multiple unspecified vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to include local files and have other unspecified impact, related to incorrect input validation or other defects involving (1) admin/backupstart.php, (2) a .sql filename under…
- CVE-2007-5224Oct 5, 2007risk 0.00cvss —epss 0.02
inc/exif.inc.php in Original Photo Gallery 0.11.2 and earlier allows remote attackers to execute arbitrary programs via the exif_prog parameter, which is specified in an exec function call.
- CVE-2007-5225Oct 5, 2007risk 0.03cvss —epss 0.01
Integer signedness error in FIFO filesystems (named pipes) on Sun Solaris 8 through 10 allows local users to read the contents of unspecified memory locations via a negative maximum length value to the I_PEEK ioctl.
- CVE-2007-4133Oct 4, 2007risk 0.00cvss —epss 0.00
The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE units, which allows local users to cause a denial of service (panic)…
- CVE-2007-4673Oct 4, 2007risk 0.00cvss —epss 0.02
Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista allows remote attackers to execute arbitrary commands via a URL in the qtnext field in a crafted QTL file. NOTE: this issue may be related to CVE-2006-4965 or CVE-2007-5045.
- CVE-2007-5209Oct 4, 2007risk 0.00cvss —epss 0.04
Stack-based buffer overflow in DriveLock.exe in CenterTools DriveLock 5.0 allows remote attackers to execute arbitrary code via a long HTTP request to TCP port 6061. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…
- CVE-2007-5210Oct 4, 2007risk 0.00cvss —epss 0.01
Arbor Networks Peakflow SP before 3.5.1 patch 14, and 3.6.x before 3.6.1 patch 5, allows remote authenticated users to bypass access restrictions and read or write unspecified data via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained…
- CVE-2007-5211Oct 4, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Arbor Networks Peakflow SP 3.5.1 before patch 14, and 3.6.1 before patch 5, when scope accounts are enabled, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving GET or POST…
- CVE-2007-5212Oct 4, 2007risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1…
- CVE-2007-5213Oct 4, 2007risk 0.00cvss —epss 0.02
Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to…
- CVE-2007-5214Oct 4, 2007risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to the default URI associated with a directory, as demonstrated by (a) the…
- CVE-2007-5215Oct 4, 2007risk 0.00cvss —epss 0.01
Multiple PHP remote file inclusion vulnerabilities in Jacob Hinkle GodSend 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the SCRIPT_DIR parameter to (1) gtk/main.inc.php or (2) cmdline.inc.php. NOTE: vector 2 is disputed by CVE because it is contained in…
- CVE-2007-5216Oct 4, 2007risk 0.00cvss —epss 0.01
Multiple PHP remote file inclusion vulnerabilities in eArk (e-Ark) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the cfg_vcard_path parameter to src/vcard_inc.php or (2) the cfg_phpmailer_path parameter to src/email_inc.php. NOTE: the ark_inc.php…
- CVE-2007-5207Oct 4, 2007risk 0.00cvss —epss 0.00
guilt 0.27 allows local users to overwrite arbitrary files via a symlink attack on a guilt.log.[PID] temporary file.
- CVE-2007-5194Oct 4, 2007risk 0.00cvss —epss 0.00
The Chroot server in rMake 1.0.11 creates a /dev/zero device file with read/write permissions for the rMake user and the same minor device number as /dev/port, which might allow local users to gain root privileges.
- CVE-2007-5198Oct 4, 2007risk 0.04cvss —epss 0.08
Buffer overflow in the redir function in check_http.c in Nagios Plugins before 1.4.10, when running with the -f (follow) option, allows remote web servers to execute arbitrary code via Location header responses (redirects) with a large number of leading "L" characters.
- CVE-2007-5201Oct 4, 2007risk 0.00cvss —epss 0.00
The FTP backend for Duplicity before 0.4.9 sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments.
- CVE-2007-5191Oct 4, 2007risk 0.00cvss —epss 0.00
mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.
- CVE-2007-5193Oct 4, 2007risk 0.00cvss —epss 0.02
The default configuration for twiki 4.1.2 on Debian GNU/Linux, and possibly other operating systems, specifies the work area directory (cfg{RCS}{WorkAreaDir}) under the web document root, which might allow remote attackers to obtain sensitive information when .htaccess…
- CVE-2007-5173Oct 3, 2007risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in includes/openid/Auth/OpenID/BBStore.php in phpBB Openid 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the openid_root_path parameter.
- CVE-2007-5174Oct 3, 2007risk 0.03cvss —epss 0.03
Directory traversal vulnerability in phpinc/news.php in actSite 1.56 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the do parameter.
- CVE-2007-5175Oct 3, 2007risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability lib/base.php in actSite 1.991 Beta allows remote attackers to execute arbitrary PHP code via a URL in the BaseCfg[BaseDir] parameter.
- CVE-2007-5176Oct 3, 2007risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in GroupLink eHelpDesk 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) NA_DISPLAYNAME parameter in helpdesk/user/rf_create.jsp and the (2) username and (3) LDAPError parameters in index2.jsp. …
- CVE-2007-5177Oct 3, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the MambAds (com_mambads) 1.5 and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the caid parameter.
- CVE-2007-5178Oct 3, 2007risk 0.03cvss —epss 0.03
contrib/mx_glance_sdesc.php in the mx_glance 2.3.3 module for mxBB places a critical security check within a comment because of a missing comment delimiter, which allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via a URL in the…
- CVE-2007-5179Oct 3, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in iletisim.asp in Y&K Iletisim Formu allow remote attackers to inject arbitrary web script or HTML via the (1) ad, (2) sehir, (3) yas, (4) cins, (5) tel, (6) mail, and (7) mesaj parameters. NOTE: the provenance of this…
- CVE-2007-5180Oct 3, 2007risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in Ohesa Emlak Portali allow remote attackers to execute arbitrary SQL commands via the (1) Kategori parameter in satilik.asp and the (2) Emlak parameter in detay.asp.
- CVE-2007-5181Oct 3, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in detay.asp in Netkamp Emlak Scripti allows remote attackers to execute arbitrary SQL commands via the ilan_id parameter.