| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-4819 | 0.03 | — | 0.02 | Sep 11, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Txx CMS 0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2007-4820 | 0.03 | — | 0.02 | Sep 11, 2007 | Absolute path traversal vulnerability in blanko.preview.php in Sisfo Kampus 2006 allows remote attackers to read arbitrary local files, and possibly execute local PHP scripts, via the nmf parameter. | |||
| CVE-2007-4821 | 0.04 | — | 0.09 | Sep 11, 2007 | Buffer overflow in a certain ActiveX control in officeviewer.ocx 5.2.218.1 in EDraw Office Viewer Component 5.2 allows remote attackers to execute arbitrary code via a long first argument to the HttpDownloadFileToTempDir method, a different vulnerability than CVE-2007-3169. | |||
| CVE-2007-4822 | 0.00 | — | 0.01 | Sep 11, 2007 | Cross-site request forgery (CSRF) vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter… | |||
| CVE-2007-4823 | 0.00 | — | 0.00 | Sep 11, 2007 | Multiple buffer overflows in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory. | |||
| CVE-2007-4824 | 0.00 | — | 0.00 | Sep 11, 2007 | Multiple cross-application scripting (XAS) vulnerabilities in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory. | |||
| CVE-2007-4802 | 0.04 | — | 0.09 | Sep 11, 2007 | Multiple heap-based buffer overflows in GlobalLink 2.7.0.8 allow remote attackers to execute arbitrary code via (1) a long eighth argument to the SetInfo method in a certain ActiveX control in glItemCom.dll or (2) a long second argument to the SetClientInfo method in a certain… | |||
| CVE-2007-4803 | 0.03 | — | 0.04 | Sep 11, 2007 | Buffer overflow in AtomixMP3 2.3 allows user-assisted remote attackers to execute arbitrary code via long strings in file and title fields in a .pls file, as demonstrated by the (1) File1 and (2) Title1 fields, different vectors than CVE-2006-6287 and CVE-2007-2487. | |||
| CVE-2007-4804 | 0.03 | — | 0.03 | Sep 11, 2007 | Multiple SQL injection vulnerabilities in AuraCMS 1.5rc allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) hal.php, (2) cetak.php, (3) lihat.php, (4) pesan.php, and (5) teman.php, different vectors than CVE-2007-4171. NOTE: the scripts may be… | |||
| CVE-2007-4805 | 0.04 | — | 0.07 | Sep 11, 2007 | Directory traversal vulnerability in getgalldata.php in fuzzylime (cms) 3.0 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the p parameter. | |||
| CVE-2007-4806 | 0.03 | — | 0.03 | Sep 11, 2007 | PHP remote file inclusion vulnerability in modules/Discipline/CategoryBreakdownTime.php in Focus/SIS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the FocusPath parameter. | |||
| CVE-2007-4807 | 0.03 | — | 0.03 | Sep 11, 2007 | Multiple PHP remote file inclusion vulnerabilities in Focus/SIS 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the staticpath parameter to (1) modules/Discipline/CategoryBreakdownTime.php or (2) modules/Discipline/StudentFieldBreakdown.php. | |||
| CVE-2007-4808 | 0.03 | — | 0.04 | Sep 11, 2007 | Multiple SQL injection vulnerabilities in TLM CMS 3.2 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php in a lirenews action, (2) the idnews parameter to goodies.php in a lire action, (3) the id parameter to file.php in a voir action,… | |||
| CVE-2007-4809 | 0.08 | — | 0.56 | Sep 11, 2007 | Multiple PHP remote file inclusion vulnerabilities in Online Fantasy Football League (OFFL) 0.2.6 allow remote attackers to execute arbitrary PHP code via a URL in the DOC_ROOT parameter to (1) lib/functions.php or (2) lib/header.php. | |||
| CVE-2007-4810 | 0.00 | — | 0.01 | Sep 11, 2007 | Multiple SQL injection vulnerabilities in Netjuke 1.0-rc2 allow remote attackers to execute arbitrary SQL commands via (1) the ge_id parameter in a list.artists action to explore.php or (2) the id parameter in a show.tracks action to xml.php. | |||
| CVE-2007-4811 | 0.00 | — | 0.02 | Sep 11, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Netjuke 1.0-rc2 allow remote attackers to inject arbitrary web script or HTML via (1) the val parameter to alphabet.php in an alpha.albums action, or the PATH_INFO to (2) random.php or (3) admin/hidden.php. | |||
| CVE-2007-4812 | 0.03 | — | 0.03 | Sep 11, 2007 | Buffer overflow in Apple Safari 3.0.3 522.15.5, and other versions before Beta Update 3.0.4, allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact by setting document.location.hash to a long string. NOTE: the crash might… | |||
| CVE-2007-4813 | 0.00 | — | 0.01 | Sep 11, 2007 | Cross-site scripting (XSS) vulnerability in Domino Blogsphere 3.01 Beta 7 allows remote attackers to inject arbitrary web script or HTML via the name field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||
| CVE-2007-4776 | 0.07 | — | 0.49 | Sep 10, 2007 | Buffer overflow in Microsoft Visual Basic 6.0 and Enterprise Edition 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a Visual Basic project (vbp) file containing a long Reference line, related to VBP_Open and OLE. NOTE: there are limited usage… | |||
| CVE-2007-4777 | 0.00 | — | 0.01 | Sep 10, 2007 | SQL injection vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to the archive section. NOTE: this may be the same as CVE-2007-4778. | |||
| CVE-2007-4778 | 0.00 | — | 0.01 | Sep 10, 2007 | Multiple SQL injection vulnerabilities in the content component (com_content) in Joomla! 1.5 Beta1, Beta2, and RC1 allow remote attackers to execute arbitrary SQL commands via the filter parameter in an archive action to (1) archive.php, (2) category.php, or (3) section.php in… | |||
| CVE-2007-4779 | 0.00 | — | 0.01 | Sep 10, 2007 | Cross-site scripting (XSS) vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the archive section. | |||
| CVE-2007-4780 | 0.00 | — | 0.02 | Sep 10, 2007 | Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain sensitive information (the full path) via unspecified vectors, probably involving direct requests to certain PHP scripts in tmpl/ directories. | |||
| CVE-2007-4781 | 0.03 | — | 0.05 | Sep 10, 2007 | administrator/index.php in the installer component (com_installer) in Joomla! 1.5 Beta1, Beta2, and RC1 allows remote authenticated administrators to upload arbitrary files to tmp/ via the "Upload Package File" functionality, which is accessible when com_installer is the value… | |||
| CVE-2007-4782 | 0.00 | — | 0.05 | Sep 10, 2007 | PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter… | |||
| CVE-2007-4783 | 0.00 | — | 0.04 | Sep 10, 2007 | The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service… | |||
| CVE-2007-4784 | 0.00 | — | 0.03 | Sep 10, 2007 | The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads,… | |||
| CVE-2007-4785 | 0.00 | — | 0.02 | Sep 10, 2007 | Sony Micro Vault Fingerprint Access Software, as distributed with Sony Micro Vault USM-F USB flash drives, installs a driver that hides a directory under %WINDIR%, which might allow remote attackers to bypass malware detection by placing files in this directory. | |||
| CVE-2007-4786 | Med | 0.34 | 5.3 | 0.01 | Sep 10, 2007 | Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to… | ||
| CVE-2007-4787 | 0.00 | — | 0.06 | Sep 10, 2007 | The virus detection engine in Sophos Anti-Virus before 2.49.0 does not properly process malformed (1) CAB, (2) LZH, and (3) RAR files with modified headers, which might allow remote attackers to bypass malware detection. | |||
| CVE-2007-4788 | 0.00 | — | 0.02 | Sep 10, 2007 | Cisco Content Switching Modules (CSM) 4.2 before 4.2.3a, and Cisco Content Switching Module with SSL (CSM-S) 2.1 before 2.1.2a, allow remote attackers to cause a denial of service (CPU consumption or reboot) via sets of out-of-order TCP packets with unspecified characteristics,… | |||
| CVE-2007-4789 | 0.00 | — | 0.02 | Sep 10, 2007 | Cisco Content Switching Modules (CSM) 4.2 before 4.2.7, and Cisco Content Switching Module with SSL (CSM-S) 2.1 before 2.1.6, when service termination is enabled, allow remote attackers to cause a denial of service (reboot) via unspecified vectors related to high network… | |||
| CVE-2007-4790 | 0.07 | — | 0.55 | Sep 10, 2007 | Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE.OCX 6.0.8450.0 and (2) Foxtlib.ocx, as used in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library; and Internet Explorer 5.01, 6 SP1 and SP2, and 7; allows remote attackers to execute arbitrary code via a… | |||
| CVE-2007-4791 | 0.00 | — | 0.00 | Sep 10, 2007 | Buffer overflow in the swcons command in bos.rte.console in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2005-3504 and CVE-2007-0978. | |||
| CVE-2007-4792 | 0.00 | — | 0.00 | Sep 10, 2007 | Buffer overflow in ibstat in devices.common.IBM.ib.rte in IBM AIX 5.3 allows local users to gain privileges via unspecified vectors. | |||
| CVE-2007-4793 | 0.00 | — | 0.00 | Sep 10, 2007 | Buffer overflow in xlplm in plm.server.rte in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors. | |||
| CVE-2007-4794 | 0.00 | — | 0.00 | Sep 10, 2007 | Buffer overflow in fcstat in devices.common.IBM.fc.rte in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long input parameter. | |||
| CVE-2007-4795 | 0.00 | — | 0.00 | Sep 10, 2007 | Buffer overflow in mkpath in bos.rte.methods in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long ODM name. | |||
| CVE-2007-4796 | 0.00 | — | 0.00 | Sep 10, 2007 | Buffer overflow in uucp in bos.net.uucp in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors. | |||
| CVE-2007-4797 | 0.00 | — | 0.00 | Sep 10, 2007 | Multiple buffer overflows in unspecified svprint (System V print) commands in bos.svprint.rte in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors. | |||
| CVE-2007-4798 | 0.00 | — | 0.00 | Sep 10, 2007 | Unspecified vulnerability in invscout in Inventory Scout in invscout.rte in IBM AIX 5.2 and 5.3 allows local users to delete system files that have names matching the final substring of a hostname alias, as demonstrated by hostnames ending in "unix". | |||
| CVE-2007-4799 | 0.00 | — | 0.00 | Sep 10, 2007 | The perfstat kernel extension in bos.perf.perfstat in AIX 5.3 does not verify privileges when processing a SET call, which allows local users to cause a denial of service (system hang or crash) via unspecified SET operations. | |||
| CVE-2007-3912 | 0.00 | — | 0.00 | Sep 10, 2007 | checkrestart in debian-goodies before 0.34 allows local users to gain privileges via shell metacharacters in the name of the executable file for a running process. | |||
| CVE-2007-4470 | 0.01 | — | 0.07 | Sep 10, 2007 | Multiple stack-based buffer overflows in the Earth Resource Mapping NCSView ActiveX control before 3.4.0.242 in NCSView.dll, as distributed in ER Mapper ECW JPEG 2000 Plug-in before 8.1, allow remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2007-4512 | 0.00 | — | 0.05 | Sep 10, 2007 | Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Windows 6.x before 6.5.8 and 7.x before 7.0.1 allows remote attackers to inject arbitrary web script or HTML via an archive with a file that matches a virus signature and has a crafted filename that is not… | |||
| CVE-2007-4757 | 0.08 | — | 0.65 | Sep 8, 2007 | PHP remote file inclusion vulnerability in menu.php in phpMytourney allows remote attackers to execute arbitrary PHP code via a URL in the functions_file parameter. | |||
| CVE-2007-4758 | 0.00 | — | 0.06 | Sep 8, 2007 | Multiple buffer overflows in the image-processing APIs in Cosminexus Developer's Kit for Java in Cosminexus 4 through 7 allow remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors. | |||
| CVE-2007-4759 | 0.00 | — | 0.02 | Sep 8, 2007 | Multiple unspecified vulnerabilities in the image-processing APIs in Cosminexus Developer's Kit for Java in Cosminexus 4 through 7 allow remote attackers to cause a denial of service via unspecified vectors. | |||
| CVE-2007-4760 | 0.00 | — | 0.02 | Sep 8, 2007 | The javadoc tool in Cosminexus Developer's Kit for Java in Cosminexus 7 and 7.5 can generate HTML documents that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this is… | |||
| CVE-2007-4761 | 0.00 | — | 0.02 | Sep 8, 2007 | Unrestricted file upload vulnerability in upload.php in Barbo91 1.1 allows remote attackers to upload and execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
- CVE-2007-4819Sep 11, 2007risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Txx CMS 0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2007-4820Sep 11, 2007risk 0.03cvss —epss 0.02
Absolute path traversal vulnerability in blanko.preview.php in Sisfo Kampus 2006 allows remote attackers to read arbitrary local files, and possibly execute local PHP scripts, via the nmf parameter.
- CVE-2007-4821Sep 11, 2007risk 0.04cvss —epss 0.09
Buffer overflow in a certain ActiveX control in officeviewer.ocx 5.2.218.1 in EDraw Office Viewer Component 5.2 allows remote attackers to execute arbitrary code via a long first argument to the HttpDownloadFileToTempDir method, a different vulnerability than CVE-2007-3169.
- CVE-2007-4822Sep 11, 2007risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter…
- CVE-2007-4823Sep 11, 2007risk 0.00cvss —epss 0.00
Multiple buffer overflows in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory.
- CVE-2007-4824Sep 11, 2007risk 0.00cvss —epss 0.00
Multiple cross-application scripting (XAS) vulnerabilities in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory.
- CVE-2007-4802Sep 11, 2007risk 0.04cvss —epss 0.09
Multiple heap-based buffer overflows in GlobalLink 2.7.0.8 allow remote attackers to execute arbitrary code via (1) a long eighth argument to the SetInfo method in a certain ActiveX control in glItemCom.dll or (2) a long second argument to the SetClientInfo method in a certain…
- CVE-2007-4803Sep 11, 2007risk 0.03cvss —epss 0.04
Buffer overflow in AtomixMP3 2.3 allows user-assisted remote attackers to execute arbitrary code via long strings in file and title fields in a .pls file, as demonstrated by the (1) File1 and (2) Title1 fields, different vectors than CVE-2006-6287 and CVE-2007-2487.
- CVE-2007-4804Sep 11, 2007risk 0.03cvss —epss 0.03
Multiple SQL injection vulnerabilities in AuraCMS 1.5rc allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) hal.php, (2) cetak.php, (3) lihat.php, (4) pesan.php, and (5) teman.php, different vectors than CVE-2007-4171. NOTE: the scripts may be…
- CVE-2007-4805Sep 11, 2007risk 0.04cvss —epss 0.07
Directory traversal vulnerability in getgalldata.php in fuzzylime (cms) 3.0 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the p parameter.
- CVE-2007-4806Sep 11, 2007risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in modules/Discipline/CategoryBreakdownTime.php in Focus/SIS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the FocusPath parameter.
- CVE-2007-4807Sep 11, 2007risk 0.03cvss —epss 0.03
Multiple PHP remote file inclusion vulnerabilities in Focus/SIS 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the staticpath parameter to (1) modules/Discipline/CategoryBreakdownTime.php or (2) modules/Discipline/StudentFieldBreakdown.php.
- CVE-2007-4808Sep 11, 2007risk 0.03cvss —epss 0.04
Multiple SQL injection vulnerabilities in TLM CMS 3.2 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php in a lirenews action, (2) the idnews parameter to goodies.php in a lire action, (3) the id parameter to file.php in a voir action,…
- CVE-2007-4809Sep 11, 2007risk 0.08cvss —epss 0.56
Multiple PHP remote file inclusion vulnerabilities in Online Fantasy Football League (OFFL) 0.2.6 allow remote attackers to execute arbitrary PHP code via a URL in the DOC_ROOT parameter to (1) lib/functions.php or (2) lib/header.php.
- CVE-2007-4810Sep 11, 2007risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in Netjuke 1.0-rc2 allow remote attackers to execute arbitrary SQL commands via (1) the ge_id parameter in a list.artists action to explore.php or (2) the id parameter in a show.tracks action to xml.php.
- CVE-2007-4811Sep 11, 2007risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Netjuke 1.0-rc2 allow remote attackers to inject arbitrary web script or HTML via (1) the val parameter to alphabet.php in an alpha.albums action, or the PATH_INFO to (2) random.php or (3) admin/hidden.php.
- CVE-2007-4812Sep 11, 2007risk 0.03cvss —epss 0.03
Buffer overflow in Apple Safari 3.0.3 522.15.5, and other versions before Beta Update 3.0.4, allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact by setting document.location.hash to a long string. NOTE: the crash might…
- CVE-2007-4813Sep 11, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Domino Blogsphere 3.01 Beta 7 allows remote attackers to inject arbitrary web script or HTML via the name field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2007-4776Sep 10, 2007risk 0.07cvss —epss 0.49
Buffer overflow in Microsoft Visual Basic 6.0 and Enterprise Edition 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a Visual Basic project (vbp) file containing a long Reference line, related to VBP_Open and OLE. NOTE: there are limited usage…
- CVE-2007-4777Sep 10, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to the archive section. NOTE: this may be the same as CVE-2007-4778.
- CVE-2007-4778Sep 10, 2007risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in the content component (com_content) in Joomla! 1.5 Beta1, Beta2, and RC1 allow remote attackers to execute arbitrary SQL commands via the filter parameter in an archive action to (1) archive.php, (2) category.php, or (3) section.php in…
- CVE-2007-4779Sep 10, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the archive section.
- CVE-2007-4780Sep 10, 2007risk 0.00cvss —epss 0.02
Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain sensitive information (the full path) via unspecified vectors, probably involving direct requests to certain PHP scripts in tmpl/ directories.
- CVE-2007-4781Sep 10, 2007risk 0.03cvss —epss 0.05
administrator/index.php in the installer component (com_installer) in Joomla! 1.5 Beta1, Beta2, and RC1 allows remote authenticated administrators to upload arbitrary files to tmp/ via the "Upload Package File" functionality, which is accessible when com_installer is the value…
- CVE-2007-4782Sep 10, 2007risk 0.00cvss —epss 0.05
PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter…
- CVE-2007-4783Sep 10, 2007risk 0.00cvss —epss 0.04
The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service…
- CVE-2007-4784Sep 10, 2007risk 0.00cvss —epss 0.03
The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads,…
- CVE-2007-4785Sep 10, 2007risk 0.00cvss —epss 0.02
Sony Micro Vault Fingerprint Access Software, as distributed with Sony Micro Vault USM-F USB flash drives, installs a driver that hides a directory under %WINDIR%, which might allow remote attackers to bypass malware detection by placing files in this directory.
- risk 0.34cvss 5.3epss 0.01
Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to…
- CVE-2007-4787Sep 10, 2007risk 0.00cvss —epss 0.06
The virus detection engine in Sophos Anti-Virus before 2.49.0 does not properly process malformed (1) CAB, (2) LZH, and (3) RAR files with modified headers, which might allow remote attackers to bypass malware detection.
- CVE-2007-4788Sep 10, 2007risk 0.00cvss —epss 0.02
Cisco Content Switching Modules (CSM) 4.2 before 4.2.3a, and Cisco Content Switching Module with SSL (CSM-S) 2.1 before 2.1.2a, allow remote attackers to cause a denial of service (CPU consumption or reboot) via sets of out-of-order TCP packets with unspecified characteristics,…
- CVE-2007-4789Sep 10, 2007risk 0.00cvss —epss 0.02
Cisco Content Switching Modules (CSM) 4.2 before 4.2.7, and Cisco Content Switching Module with SSL (CSM-S) 2.1 before 2.1.6, when service termination is enabled, allow remote attackers to cause a denial of service (reboot) via unspecified vectors related to high network…
- CVE-2007-4790Sep 10, 2007risk 0.07cvss —epss 0.55
Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE.OCX 6.0.8450.0 and (2) Foxtlib.ocx, as used in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library; and Internet Explorer 5.01, 6 SP1 and SP2, and 7; allows remote attackers to execute arbitrary code via a…
- CVE-2007-4791Sep 10, 2007risk 0.00cvss —epss 0.00
Buffer overflow in the swcons command in bos.rte.console in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2005-3504 and CVE-2007-0978.
- CVE-2007-4792Sep 10, 2007risk 0.00cvss —epss 0.00
Buffer overflow in ibstat in devices.common.IBM.ib.rte in IBM AIX 5.3 allows local users to gain privileges via unspecified vectors.
- CVE-2007-4793Sep 10, 2007risk 0.00cvss —epss 0.00
Buffer overflow in xlplm in plm.server.rte in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.
- CVE-2007-4794Sep 10, 2007risk 0.00cvss —epss 0.00
Buffer overflow in fcstat in devices.common.IBM.fc.rte in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long input parameter.
- CVE-2007-4795Sep 10, 2007risk 0.00cvss —epss 0.00
Buffer overflow in mkpath in bos.rte.methods in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long ODM name.
- CVE-2007-4796Sep 10, 2007risk 0.00cvss —epss 0.00
Buffer overflow in uucp in bos.net.uucp in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.
- CVE-2007-4797Sep 10, 2007risk 0.00cvss —epss 0.00
Multiple buffer overflows in unspecified svprint (System V print) commands in bos.svprint.rte in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors.
- CVE-2007-4798Sep 10, 2007risk 0.00cvss —epss 0.00
Unspecified vulnerability in invscout in Inventory Scout in invscout.rte in IBM AIX 5.2 and 5.3 allows local users to delete system files that have names matching the final substring of a hostname alias, as demonstrated by hostnames ending in "unix".
- CVE-2007-4799Sep 10, 2007risk 0.00cvss —epss 0.00
The perfstat kernel extension in bos.perf.perfstat in AIX 5.3 does not verify privileges when processing a SET call, which allows local users to cause a denial of service (system hang or crash) via unspecified SET operations.
- CVE-2007-3912Sep 10, 2007risk 0.00cvss —epss 0.00
checkrestart in debian-goodies before 0.34 allows local users to gain privileges via shell metacharacters in the name of the executable file for a running process.
- CVE-2007-4470Sep 10, 2007risk 0.01cvss —epss 0.07
Multiple stack-based buffer overflows in the Earth Resource Mapping NCSView ActiveX control before 3.4.0.242 in NCSView.dll, as distributed in ER Mapper ECW JPEG 2000 Plug-in before 8.1, allow remote attackers to execute arbitrary code via unspecified vectors.
- CVE-2007-4512Sep 10, 2007risk 0.00cvss —epss 0.05
Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Windows 6.x before 6.5.8 and 7.x before 7.0.1 allows remote attackers to inject arbitrary web script or HTML via an archive with a file that matches a virus signature and has a crafted filename that is not…
- CVE-2007-4757Sep 8, 2007risk 0.08cvss —epss 0.65
PHP remote file inclusion vulnerability in menu.php in phpMytourney allows remote attackers to execute arbitrary PHP code via a URL in the functions_file parameter.
- CVE-2007-4758Sep 8, 2007risk 0.00cvss —epss 0.06
Multiple buffer overflows in the image-processing APIs in Cosminexus Developer's Kit for Java in Cosminexus 4 through 7 allow remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors.
- CVE-2007-4759Sep 8, 2007risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in the image-processing APIs in Cosminexus Developer's Kit for Java in Cosminexus 4 through 7 allow remote attackers to cause a denial of service via unspecified vectors.
- CVE-2007-4760Sep 8, 2007risk 0.00cvss —epss 0.02
The javadoc tool in Cosminexus Developer's Kit for Java in Cosminexus 7 and 7.5 can generate HTML documents that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this is…
- CVE-2007-4761Sep 8, 2007risk 0.00cvss —epss 0.02
Unrestricted file upload vulnerability in upload.php in Barbo91 1.1 allows remote attackers to upload and execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.