| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-4418 | 0.00 | — | 0.01 | Aug 18, 2007 | IBM DB2 UDB 8 before Fixpak 15 does not properly check authorization, which allows remote authenticated users with a certain SELECT privilege to have an unknown impact via unspecified vectors. NOTE: this issue is probably related to CVE-2007-1089, but this is uncertain due to… | |||
| CVE-2007-4419 | 0.03 | — | 0.05 | Aug 18, 2007 | Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose the OD3_AutoLogin authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area. | |||
| CVE-2007-4420 | 0.03 | — | 0.03 | Aug 18, 2007 | Absolute path traversal vulnerability in a certain ActiveX control in officeviewer.ocx 5.1.199.1 in EDraw Office Viewer Component 5.1 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the HttpDownloadFile method, a… | |||
| CVE-2007-4421 | 0.00 | — | 0.02 | Aug 18, 2007 | SQL injection vulnerability in Admin.php in Olate Download (od) 3.4.1 allows remote attackers to execute arbitrary SQL commands via an OD3_AutoLogin cookie. | |||
| CVE-2007-4422 | 0.00 | — | 0.03 | Aug 18, 2007 | The login interface in Symantec Enterprise Firewall 6.x, when a VPN with pre-shared key (PSK) authentication is enabled, generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames. | |||
| CVE-2007-4423 | 0.00 | — | 0.04 | Aug 18, 2007 | Stack-based buffer overflow in the AUTH_LIST_GROUPS_FOR_AUTHID function in IBM DB2 UDB 9.1 before Fixpak 3 allows attackers to cause a denial of service and possibly execute arbitrary code via a long argument. | |||
| CVE-2007-4395 | 0.00 | — | 0.02 | Aug 17, 2007 | Multiple unspecified vulnerabilities in the Role Based Access Control (RBAC) functionality in Sun Solaris 8 allow remote attackers who know the password for a role to gain privileges via that role. | |||
| CVE-2007-4386 | 0.03 | — | 0.01 | Aug 17, 2007 | SQL injection vulnerability in search.php in GetMyOwnArcade allows remote attackers to execute arbitrary SQL commands via the query parameter. | |||
| CVE-2007-4387 | 0.04 | — | 0.09 | Aug 17, 2007 | Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG and 2071 Gateway routers, with 3.17.5 and 5.29.51 software, allows remote attackers to perform certain configuration changes as administrators. | |||
| CVE-2007-4388 | 0.00 | — | 0.01 | Aug 17, 2007 | 2wire 1701HG and 2071 Gateway routers, with 5.29.51 and possibly 3.17.5 software, have a blank password by default. | |||
| CVE-2007-4389 | 0.03 | — | 0.02 | Aug 17, 2007 | Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG, 1800HW, and 2071 Gateway routers, with 3.17.5, 3.7.1, and 5.29.51 software, allows remote attackers to create DNS mappings as administrators, and conduct DNS poisoning attacks, via the NAME and ADDR… | |||
| CVE-2007-4390 | 0.03 | — | 0.01 | Aug 17, 2007 | The Command Line Interface (CLI), aka Adonis Administration Console, on the BlueCat Networks Adonis DNS/DHCP appliance 5.0.2.8 allows local admin users to gain root privileges on the underlying operating system via shell metacharacters in a command. | |||
| CVE-2007-4391 | 0.04 | — | 0.09 | Aug 17, 2007 | Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an "invite to view my webcam" request, and then… | |||
| CVE-2007-4392 | 0.00 | — | 0.02 | Aug 17, 2007 | Winamp 5.35 allows remote attackers to cause a denial of service (program stack overflow and application crash) via an M3U file that recursively includes itself. | |||
| CVE-2007-4393 | 0.00 | — | 0.00 | Aug 17, 2007 | The installation script for orarun on SUSE Linux before 20070810 places the oracle user into the disk group, which allows the local oracle user to read or write raw disk partitions. | |||
| CVE-2007-4394 | 0.00 | — | 0.00 | Aug 17, 2007 | Unspecified vulnerability in a "core clean" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors. | |||
| CVE-2007-4381 | 0.03 | — | 0.05 | Aug 17, 2007 | Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself. | |||
| CVE-2007-4382 | 0.03 | — | 0.03 | Aug 17, 2007 | CounterPath X-Lite 3.0 34025, and possibly eyeBeam, allows remote attackers to cause a denial of service (device crash) via a SIP INVITE message without a Content-Type header. | |||
| CVE-2007-4383 | 0.00 | — | 0.01 | Aug 17, 2007 | PHP remote file inclusion vulnerability in tracking.php in Trackeur 1 allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: CVE and a third party dispute this vulnerability because header is defined before use. The researcher is known… | |||
| CVE-2007-4384 | 0.03 | — | 0.02 | Aug 17, 2007 | Multiple PHP remote file inclusion vulnerabilities in depouilg.php3 in Stephane Pineau VOTE 1c allow remote attackers to execute arbitrary PHP code via a URL in the (1) NomVote and (2) FilePalHex parameters. | |||
| CVE-2007-4385 | 0.03 | — | 0.03 | Aug 17, 2007 | OWASP Stinger before 2.5 allows remote attackers to bypass input validation routines by using multipart encoded requests instead of form-urlencoded requests. NOTE: this might be used to expose vulnerabilities in applications that would otherwise be protected by the validation… | |||
| CVE-2007-4372 | 0.00 | — | 0.01 | Aug 16, 2007 | Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server 2003 has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release… | |||
| CVE-2007-4373 | 0.00 | — | 0.01 | Aug 16, 2007 | The server in Babo Violent 2 2.08.00 and earlier does not properly implement password protection, which might allow remote attackers to bypass authentication by reconnecting after a connection closes. | |||
| CVE-2007-4374 | 0.00 | — | 0.01 | Aug 16, 2007 | Babo Violent 2 2.08.00 does not validate the sender field of a chat message composed by a client, which allows remote authenticated users to spoof messages. | |||
| CVE-2007-4375 | 0.03 | — | 0.03 | Aug 16, 2007 | The administrative interface (aka DkService.exe) in Diskeeper 9 Professional, 2007 Pro Premier, and probably other versions exposes a memory comparison function via RPC over TCP, which allows remote attackers to (1) obtain sensitive information (process memory contents), as… | |||
| CVE-2007-4376 | 0.00 | — | 0.01 | Aug 16, 2007 | Unrestricted file upload vulnerability in banner-upload.php in Szymon Kosok Best Top List allows remote attackers to upload and execute arbitrary PHP files in banners/. | |||
| CVE-2007-4377 | 0.03 | — | 0.05 | Aug 16, 2007 | Stack-based buffer overflow in the IMAP service in SurgeMail 38k allows remote authenticated users to execute arbitrary code via a long argument to the SEARCH command. NOTE: this might overlap CVE-2007-4372. | |||
| CVE-2007-4378 | 0.00 | — | 0.03 | Aug 16, 2007 | Multiple format string vulnerabilities in Babo Violent 2 2.08.00 and earlier allow remote attackers to execute arbitrary code via format string specifiers in (1) a message or (2) certain data associated with an admin login. | |||
| CVE-2007-4379 | 0.00 | — | 0.02 | Aug 16, 2007 | Babo Violent 2 2.08.00 and earlier allows remote attackers to cause a denial of service (application crash) via (1) a value greater than 0x27 for the (a) 0xca, (b) 0xcb, (c) 0xcc, (d) 0xce, (e) 0xcf, or (f) 0xd0 data ID; (2) a nonexistent map name; or (3) a UDP packet that… | |||
| CVE-2007-4380 | 0.00 | — | 0.00 | Aug 16, 2007 | Aclient in Symantec Altiris Deployment Solution 6 before 6.8 SP2 (6.8.378) allows local users to gain local System privileges via the Log File Viewer. | |||
| CVE-2007-4091 | 0.00 | — | 0.03 | Aug 16, 2007 | Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function. | |||
| CVE-2007-4367 | 0.01 | — | 0.08 | Aug 15, 2007 | Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a "virtual function call on an invalid pointer." | |||
| CVE-2007-4368 | 0.03 | — | 0.03 | Aug 15, 2007 | SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) Web 7.0.0.0-IFIX02 and 7.0.0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter in a GenerateMainFrame command. | |||
| CVE-2007-4369 | 0.03 | — | 0.03 | Aug 15, 2007 | Directory traversal vulnerability in go/_files in SOTEeSKLEP before 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||
| CVE-2007-4370 | 0.08 | — | 0.59 | Aug 15, 2007 | Multiple buffer overflows in the (1) client and (2) server in Racer 0.5.3 beta 5 allow remote attackers to execute arbitrary code via a long string to UDP port 26000. | |||
| CVE-2007-4371 | 0.00 | — | 0.01 | Aug 15, 2007 | Unrestricted file upload vulnerability in admin/pages/blog-add.php in Neuron Blog 1.1 allows remote attackers to upload and execute arbitrary PHP files in uploads/. | |||
| CVE-2007-4278 | 0.00 | — | 0.05 | Aug 15, 2007 | Stack-based buffer overflow in the giomgr process in ESRI ArcSDE service 9.2, as used with ArcGIS, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number that requires more than 8 bytes to represent in ASCII, which… | |||
| CVE-2007-0319 | 0.00 | — | 0.06 | Aug 15, 2007 | Multiple stack-based buffer overflows in the Motive ActiveEmailTest.EmailData (ActiveUtils EmailData) ActiveX control in ActiveUtils.dll in Motive Service Activation Manager 5.1 and Self Service Manager 5.1 and earlier allow remote attackers to execute arbitrary code via… | |||
| CVE-2007-2240 | 0.00 | — | 0.03 | Aug 15, 2007 | The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), does not properly validate digital signatures of downloaded software, which makes it… | |||
| CVE-2007-2928 | 0.00 | — | 0.05 | Aug 15, 2007 | Format string vulnerability in the IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), allows remote attackers to execute arbitrary code via… | |||
| CVE-2007-2929 | 0.00 | — | 0.03 | Aug 15, 2007 | The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), exposes unsafe methods to arbitrary web domains, which allows remote attackers to… | |||
| CVE-2007-4358 | 0.03 | — | 0.03 | Aug 15, 2007 | Zoidcom 0.6.7 and earlier allows remote attackers to cause a denial of service (application crash) via a JOIN packet (aka connection packet) containing 0x69 in the ninth byte, which triggers a "double-delete" of trace data, a different vulnerability than CVE-2005-1643. | |||
| CVE-2007-4359 | 0.03 | — | 0.01 | Aug 15, 2007 | Multiple SQL injection vulnerabilities in SkilMatch Staffing Systems JobLister3 allow remote attackers to execute arbitrary SQL commands via (1) the search form or (2) the jobid parameter to index.php in a showbyID action. | |||
| CVE-2007-4360 | 0.00 | — | 0.01 | Aug 15, 2007 | Unspecified vulnerability in Dell Remote Access Card 4 (DRAC4) with firmware 1.50 Build 02.16 allows remote attackers to cause a denial of service (SSH daemon crash) via certain network traffic, as demonstrated by an "nmap -O" scan with nmap 4.03, possibly related to a Mocana… | |||
| CVE-2007-4361 | 0.00 | — | 0.03 | Aug 15, 2007 | NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardware serial number, which makes it easier for remote attackers to guess the password and obtain login access. | |||
| CVE-2007-4362 | 0.03 | — | 0.01 | Aug 15, 2007 | SQL injection vulnerability in category.php in Prozilla Webring allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||
| CVE-2007-4363 | 0.00 | — | 0.02 | Aug 15, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in the nodereference module in Drupal Content Construction Kit (CCK) before 4.7.x-1.6, and 5.x before 5.x-1.6 ,allow remote attackers to inject arbitrary web script or HTML via nodereference fields, when using (1) the plain… | |||
| CVE-2007-4364 | 0.00 | — | 0.03 | Aug 15, 2007 | Fedora Commons before 2.2.1 does not properly handle certain authentication requests involving Java Naming and Directory Interface (JNDI), related to (1) a nonexistent account name in combination with an empty password, which allows remote attackers to trigger a certain… | |||
| CVE-2007-4365 | — | 0.00 | — | 0.01 | Aug 15, 2007 | Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a set_lang cookie to an unspecified component. NOTE: this may overlap CVE-2007-1965. | ||
| CVE-2007-4366 | 0.03 | — | 0.03 | Aug 15, 2007 | WengoPhone 2.1 allows remote attackers to cause a denial of service (device crash) via a SIP INVITE message without a Content-Type header. |
- CVE-2007-4418Aug 18, 2007risk 0.00cvss —epss 0.01
IBM DB2 UDB 8 before Fixpak 15 does not properly check authorization, which allows remote authenticated users with a certain SELECT privilege to have an unknown impact via unspecified vectors. NOTE: this issue is probably related to CVE-2007-1089, but this is uncertain due to…
- CVE-2007-4419Aug 18, 2007risk 0.03cvss —epss 0.05
Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose the OD3_AutoLogin authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area.
- CVE-2007-4420Aug 18, 2007risk 0.03cvss —epss 0.03
Absolute path traversal vulnerability in a certain ActiveX control in officeviewer.ocx 5.1.199.1 in EDraw Office Viewer Component 5.1 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the HttpDownloadFile method, a…
- CVE-2007-4421Aug 18, 2007risk 0.00cvss —epss 0.02
SQL injection vulnerability in Admin.php in Olate Download (od) 3.4.1 allows remote attackers to execute arbitrary SQL commands via an OD3_AutoLogin cookie.
- CVE-2007-4422Aug 18, 2007risk 0.00cvss —epss 0.03
The login interface in Symantec Enterprise Firewall 6.x, when a VPN with pre-shared key (PSK) authentication is enabled, generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames.
- CVE-2007-4423Aug 18, 2007risk 0.00cvss —epss 0.04
Stack-based buffer overflow in the AUTH_LIST_GROUPS_FOR_AUTHID function in IBM DB2 UDB 9.1 before Fixpak 3 allows attackers to cause a denial of service and possibly execute arbitrary code via a long argument.
- CVE-2007-4395Aug 17, 2007risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in the Role Based Access Control (RBAC) functionality in Sun Solaris 8 allow remote attackers who know the password for a role to gain privileges via that role.
- CVE-2007-4386Aug 17, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in search.php in GetMyOwnArcade allows remote attackers to execute arbitrary SQL commands via the query parameter.
- CVE-2007-4387Aug 17, 2007risk 0.04cvss —epss 0.09
Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG and 2071 Gateway routers, with 3.17.5 and 5.29.51 software, allows remote attackers to perform certain configuration changes as administrators.
- CVE-2007-4388Aug 17, 2007risk 0.00cvss —epss 0.01
2wire 1701HG and 2071 Gateway routers, with 5.29.51 and possibly 3.17.5 software, have a blank password by default.
- CVE-2007-4389Aug 17, 2007risk 0.03cvss —epss 0.02
Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG, 1800HW, and 2071 Gateway routers, with 3.17.5, 3.7.1, and 5.29.51 software, allows remote attackers to create DNS mappings as administrators, and conduct DNS poisoning attacks, via the NAME and ADDR…
- CVE-2007-4390Aug 17, 2007risk 0.03cvss —epss 0.01
The Command Line Interface (CLI), aka Adonis Administration Console, on the BlueCat Networks Adonis DNS/DHCP appliance 5.0.2.8 allows local admin users to gain root privileges on the underlying operating system via shell metacharacters in a command.
- CVE-2007-4391Aug 17, 2007risk 0.04cvss —epss 0.09
Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an "invite to view my webcam" request, and then…
- CVE-2007-4392Aug 17, 2007risk 0.00cvss —epss 0.02
Winamp 5.35 allows remote attackers to cause a denial of service (program stack overflow and application crash) via an M3U file that recursively includes itself.
- CVE-2007-4393Aug 17, 2007risk 0.00cvss —epss 0.00
The installation script for orarun on SUSE Linux before 20070810 places the oracle user into the disk group, which allows the local oracle user to read or write raw disk partitions.
- CVE-2007-4394Aug 17, 2007risk 0.00cvss —epss 0.00
Unspecified vulnerability in a "core clean" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors.
- CVE-2007-4381Aug 17, 2007risk 0.03cvss —epss 0.05
Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself.
- CVE-2007-4382Aug 17, 2007risk 0.03cvss —epss 0.03
CounterPath X-Lite 3.0 34025, and possibly eyeBeam, allows remote attackers to cause a denial of service (device crash) via a SIP INVITE message without a Content-Type header.
- CVE-2007-4383Aug 17, 2007risk 0.00cvss —epss 0.01
PHP remote file inclusion vulnerability in tracking.php in Trackeur 1 allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: CVE and a third party dispute this vulnerability because header is defined before use. The researcher is known…
- CVE-2007-4384Aug 17, 2007risk 0.03cvss —epss 0.02
Multiple PHP remote file inclusion vulnerabilities in depouilg.php3 in Stephane Pineau VOTE 1c allow remote attackers to execute arbitrary PHP code via a URL in the (1) NomVote and (2) FilePalHex parameters.
- CVE-2007-4385Aug 17, 2007risk 0.03cvss —epss 0.03
OWASP Stinger before 2.5 allows remote attackers to bypass input validation routines by using multipart encoded requests instead of form-urlencoded requests. NOTE: this might be used to expose vulnerabilities in applications that would otherwise be protected by the validation…
- CVE-2007-4372Aug 16, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server 2003 has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release…
- CVE-2007-4373Aug 16, 2007risk 0.00cvss —epss 0.01
The server in Babo Violent 2 2.08.00 and earlier does not properly implement password protection, which might allow remote attackers to bypass authentication by reconnecting after a connection closes.
- CVE-2007-4374Aug 16, 2007risk 0.00cvss —epss 0.01
Babo Violent 2 2.08.00 does not validate the sender field of a chat message composed by a client, which allows remote authenticated users to spoof messages.
- CVE-2007-4375Aug 16, 2007risk 0.03cvss —epss 0.03
The administrative interface (aka DkService.exe) in Diskeeper 9 Professional, 2007 Pro Premier, and probably other versions exposes a memory comparison function via RPC over TCP, which allows remote attackers to (1) obtain sensitive information (process memory contents), as…
- CVE-2007-4376Aug 16, 2007risk 0.00cvss —epss 0.01
Unrestricted file upload vulnerability in banner-upload.php in Szymon Kosok Best Top List allows remote attackers to upload and execute arbitrary PHP files in banners/.
- CVE-2007-4377Aug 16, 2007risk 0.03cvss —epss 0.05
Stack-based buffer overflow in the IMAP service in SurgeMail 38k allows remote authenticated users to execute arbitrary code via a long argument to the SEARCH command. NOTE: this might overlap CVE-2007-4372.
- CVE-2007-4378Aug 16, 2007risk 0.00cvss —epss 0.03
Multiple format string vulnerabilities in Babo Violent 2 2.08.00 and earlier allow remote attackers to execute arbitrary code via format string specifiers in (1) a message or (2) certain data associated with an admin login.
- CVE-2007-4379Aug 16, 2007risk 0.00cvss —epss 0.02
Babo Violent 2 2.08.00 and earlier allows remote attackers to cause a denial of service (application crash) via (1) a value greater than 0x27 for the (a) 0xca, (b) 0xcb, (c) 0xcc, (d) 0xce, (e) 0xcf, or (f) 0xd0 data ID; (2) a nonexistent map name; or (3) a UDP packet that…
- CVE-2007-4380Aug 16, 2007risk 0.00cvss —epss 0.00
Aclient in Symantec Altiris Deployment Solution 6 before 6.8 SP2 (6.8.378) allows local users to gain local System privileges via the Log File Viewer.
- CVE-2007-4091Aug 16, 2007risk 0.00cvss —epss 0.03
Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function.
- CVE-2007-4367Aug 15, 2007risk 0.01cvss —epss 0.08
Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a "virtual function call on an invalid pointer."
- CVE-2007-4368Aug 15, 2007risk 0.03cvss —epss 0.03
SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) Web 7.0.0.0-IFIX02 and 7.0.0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter in a GenerateMainFrame command.
- CVE-2007-4369Aug 15, 2007risk 0.03cvss —epss 0.03
Directory traversal vulnerability in go/_files in SOTEeSKLEP before 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
- CVE-2007-4370Aug 15, 2007risk 0.08cvss —epss 0.59
Multiple buffer overflows in the (1) client and (2) server in Racer 0.5.3 beta 5 allow remote attackers to execute arbitrary code via a long string to UDP port 26000.
- CVE-2007-4371Aug 15, 2007risk 0.00cvss —epss 0.01
Unrestricted file upload vulnerability in admin/pages/blog-add.php in Neuron Blog 1.1 allows remote attackers to upload and execute arbitrary PHP files in uploads/.
- CVE-2007-4278Aug 15, 2007risk 0.00cvss —epss 0.05
Stack-based buffer overflow in the giomgr process in ESRI ArcSDE service 9.2, as used with ArcGIS, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number that requires more than 8 bytes to represent in ASCII, which…
- CVE-2007-0319Aug 15, 2007risk 0.00cvss —epss 0.06
Multiple stack-based buffer overflows in the Motive ActiveEmailTest.EmailData (ActiveUtils EmailData) ActiveX control in ActiveUtils.dll in Motive Service Activation Manager 5.1 and Self Service Manager 5.1 and earlier allow remote attackers to execute arbitrary code via…
- CVE-2007-2240Aug 15, 2007risk 0.00cvss —epss 0.03
The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), does not properly validate digital signatures of downloaded software, which makes it…
- CVE-2007-2928Aug 15, 2007risk 0.00cvss —epss 0.05
Format string vulnerability in the IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), allows remote attackers to execute arbitrary code via…
- CVE-2007-2929Aug 15, 2007risk 0.00cvss —epss 0.03
The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), exposes unsafe methods to arbitrary web domains, which allows remote attackers to…
- CVE-2007-4358Aug 15, 2007risk 0.03cvss —epss 0.03
Zoidcom 0.6.7 and earlier allows remote attackers to cause a denial of service (application crash) via a JOIN packet (aka connection packet) containing 0x69 in the ninth byte, which triggers a "double-delete" of trace data, a different vulnerability than CVE-2005-1643.
- CVE-2007-4359Aug 15, 2007risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in SkilMatch Staffing Systems JobLister3 allow remote attackers to execute arbitrary SQL commands via (1) the search form or (2) the jobid parameter to index.php in a showbyID action.
- CVE-2007-4360Aug 15, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in Dell Remote Access Card 4 (DRAC4) with firmware 1.50 Build 02.16 allows remote attackers to cause a denial of service (SSH daemon crash) via certain network traffic, as demonstrated by an "nmap -O" scan with nmap 4.03, possibly related to a Mocana…
- CVE-2007-4361Aug 15, 2007risk 0.00cvss —epss 0.03
NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardware serial number, which makes it easier for remote attackers to guess the password and obtain login access.
- CVE-2007-4362Aug 15, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in category.php in Prozilla Webring allows remote attackers to execute arbitrary SQL commands via the cat parameter.
- CVE-2007-4363Aug 15, 2007risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in the nodereference module in Drupal Content Construction Kit (CCK) before 4.7.x-1.6, and 5.x before 5.x-1.6 ,allow remote attackers to inject arbitrary web script or HTML via nodereference fields, when using (1) the plain…
- CVE-2007-4364Aug 15, 2007risk 0.00cvss —epss 0.03
Fedora Commons before 2.2.1 does not properly handle certain authentication requests involving Java Naming and Directory Interface (JNDI), related to (1) a nonexistent account name in combination with an empty password, which allows remote attackers to trigger a certain…
- CVE-2007-4365Aug 15, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a set_lang cookie to an unspecified component. NOTE: this may overlap CVE-2007-1965.
- CVE-2007-4366Aug 15, 2007risk 0.03cvss —epss 0.03
WengoPhone 2.1 allows remote attackers to cause a denial of service (device crash) via a SIP INVITE message without a Content-Type header.