| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-3830 | 0.00 | — | 0.02 | Jul 17, 2007 | Cross-site scripting (XSS) vulnerability in alert.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to inject arbitrary web script or HTML via the reminder parameter. | |||
| CVE-2007-3831 | 0.00 | — | 0.05 | Jul 17, 2007 | PHP remote file inclusion in main.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||
| CVE-2007-3817 | 0.00 | — | 0.01 | Jul 17, 2007 | Cross-site scripting (XSS) vulnerability in the LoginToboggan module 4.7.x-1.0, 4.7.x-1.x-dev, and 5.x-1.x-dev before 20070712 for Drupal, when configured to display a "Log out" link, allows remote attackers to inject arbitrary web script or HTML via a crafted username. NOTE:… | |||
| CVE-2007-3818 | 0.00 | — | 0.01 | Jul 17, 2007 | Cross-site scripting (XSS) vulnerability in the LoginToboggan module 5.x-1.x-dev before 20070712 for Drupal allows remote authenticated users with "administer blocks" permission to inject arbitrary JavaScript and gain privileges via "the message displayed above the default user… | |||
| CVE-2007-3819 | 0.00 | — | 0.02 | Jul 17, 2007 | Opera 9.21 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed. | |||
| CVE-2007-3820 | 0.00 | — | 0.03 | Jul 17, 2007 | konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed. | |||
| CVE-2007-3821 | 0.00 | — | 0.03 | Jul 17, 2007 | Cross-site request forgery (CSRF) vulnerability in Webcit before 7.11 allows remote attackers to modify configurations and perform other actions as arbitrary users via unspecified vectors. | |||
| CVE-2007-3822 | 0.03 | — | 0.02 | Jul 17, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Webcit before 7.11 allow remote attackers to inject arbitrary web script or HTML via (1) the who parameter to showuser; and other vectors involving (2) calendar mode, (3) bulletin board mode, (4) room names, and (5) uploaded… | |||
| CVE-2007-3823 | 0.02 | — | 0.25 | Jul 17, 2007 | The Logging Server (Logsrv.exe) in IPSwitch WS_FTP 7.5.29.0 allows remote attackers to cause a denial of service (daemon crash) by sending a crafted packet containing a long string to port 5151/udp. | |||
| CVE-2007-3824 | 0.03 | — | 0.02 | Jul 17, 2007 | SQL injection vulnerability in katgoster.asp in MzK Blog (tr) allows remote attackers to execute arbitrary SQL commands via the katID parameter. | |||
| CVE-2007-3017 | 0.03 | — | 0.05 | Jul 17, 2007 | The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to… | |||
| CVE-2007-3018 | 0.00 | — | 0.01 | Jul 17, 2007 | activeWeb contentserver CMS before 5.6.2964 does not limit the file-creation ability of editors who have restricted accounts, which allows these editors to create files in arbitrary directories. | |||
| CVE-2007-3806 | 0.04 | — | 0.11 | Jul 17, 2007 | The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to… | |||
| CVE-2007-3807 | 0.00 | — | 0.01 | Jul 17, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum before 7.3 allow remote attackers to inject arbitrary web script or HTML via the user name field in the login procedure, and other unspecified vectors. | |||
| CVE-2007-3808 | 0.03 | — | 0.02 | Jul 17, 2007 | SQL injection vulnerability in includes/search.php in paFileDB 3.6 allows remote attackers to execute arbitrary SQL commands via the categories[] parameter in a search action to index.php, a different vector than CVE-2005-2000. | |||
| CVE-2007-3809 | 0.03 | — | 0.01 | Jul 17, 2007 | Multiple SQL injection vulnerabilities in Prozilla Directory Script allow remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action to directory.php, and other unspecified vectors. | |||
| CVE-2007-3810 | 0.03 | — | 0.01 | Jul 17, 2007 | SQL injection vulnerability in index.php in Realtor 747 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter. | |||
| CVE-2007-3811 | 0.03 | — | 0.01 | Jul 17, 2007 | Multiple SQL injection vulnerabilities in eSyndiCat allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php or (2) the name parameter to page.php. | |||
| CVE-2007-3812 | 0.03 | — | 0.01 | Jul 17, 2007 | SQL injection vulnerability in forums.php in CMScout 1.23 and earlier allows remote attackers to execute arbitrary SQL commands via the f parameter in a forums action to index.php. | |||
| CVE-2007-3813 | 0.08 | — | 0.59 | Jul 17, 2007 | PHP remote file inclusion vulnerability in include/user.php in the NoBoard BETA module for MKPortal allows remote attackers to execute arbitrary PHP code via a URL in the MK_PATH parameter. | |||
| CVE-2007-3814 | 0.03 | — | 0.02 | Jul 17, 2007 | Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the idurlo field in the delete_urlo function in (a) index.php in the urlobox module; the iden field in the (2) update_file and (3) del_file functions in (b)… | |||
| CVE-2007-3815 | 0.00 | — | 0.00 | Jul 17, 2007 | Buffer overflow in pirs32.exe in Poslovni informator Republike Slovenije (PIRS) 2007 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long search string in certain fields in the GUI. NOTE: this may cross privilege… | |||
| CVE-2007-3816 | Hig | 0.49 | 7.5 | 0.02 | Jul 17, 2007 | JWIG might allow context-dependent attackers to cause a denial of service (service degradation) via loops of references to external templates. NOTE: this issue has been disputed by multiple third parties who state that only the application developer can trigger the issue, so no… | ||
| CVE-2007-3800 | 0.00 | — | 0.00 | Jul 16, 2007 | Unspecified vulnerability in the Real-time scanner (RTVScan) component in Symantec AntiVirus Corporate Edition 9.0 through 10.1 and Client Security 2.0 through 3.1, when the Notification Message window is enabled, allows local users to gain privileges via crafted code. | |||
| CVE-2007-3803 | 0.00 | — | 0.02 | Jul 16, 2007 | The SMTP ALG in Clavister CorePlus before 8.80.04, and 8.81.00, does not properly parse SMTP commands in certain circumstances, which allows remote attackers to bypass address blacklists. | |||
| CVE-2007-3804 | 0.00 | — | 0.02 | Jul 16, 2007 | The AntiVirus engine in the HTTP-ALG in Clavister CorePlus before 8.81.00 and 8.80.03 might allow remote attackers to bypass scanning via small files. | |||
| CVE-2007-3805 | 0.00 | — | 0.01 | Jul 16, 2007 | The IKE implementation in Clavister CorePlus before 8.80.03, and 8.80.00, does not properly validate certificates during IKE negotiation, which allows remote attackers to cause a denial of service (gateway stop) via certain certificates. | |||
| CVE-2007-3798 | Cri | 0.72 | 9.8 | 0.70 | Jul 16, 2007 | Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value. | ||
| CVE-2007-3799 | 0.04 | — | 0.08 | Jul 16, 2007 | The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the… | |||
| CVE-2007-3013 | 0.03 | — | 0.03 | Jul 15, 2007 | SQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/picture_real_edit.asp, and probably other unspecified vectors. | |||
| CVE-2007-3014 | 0.03 | — | 0.04 | Jul 15, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in activeWeb contentserver before 5.6.2964 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) errors/rights.asp or (2) errors/transaction.asp, or (3) the name of a MIME type (mimetype). | |||
| CVE-2007-3784 | 0.00 | — | 0.01 | Jul 15, 2007 | Cross-site scripting (XSS) vulnerability in the Belkin G Plus Router F5D7231-4 with firmware 4.05.03 allows remote attackers to inject arbitrary web script or HTML via a hostname of a DHCP client. | |||
| CVE-2007-3785 | 0.03 | — | 0.02 | Jul 15, 2007 | Absolute path traversal vulnerability in a certain ActiveX control in PGPBBox.dll in EldoS SecureBlackbox (sbb) 5.1.0.112 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveToFile method. NOTE: the provenance of this… | |||
| CVE-2007-3786 | 0.00 | — | 0.03 | Jul 15, 2007 | Cross-site request forgery (CSRF) vulnerability on the eSoft InstaGate EX2 UTM device before firmware 3.1.20070615 allows remote attackers to perform privileged actions as administrators. NOTE: the vendor disputes the distribution of the vulnerable software, stating that it was… | |||
| CVE-2007-3787 | 0.00 | — | 0.01 | Jul 15, 2007 | The eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password, which might allow remote attackers to gain privileges by conducting a CSRF attack, making a password change from an unattended workstation, or other attacks. | |||
| CVE-2007-3788 | 0.00 | — | 0.01 | Jul 15, 2007 | The eSoft InstaGate EX2 UTM device stores the admin password within the settings HTML document, which might allow context-dependent attackers to obtain sensitive information by reading this document. | |||
| CVE-2007-3789 | 0.03 | — | 0.02 | Jul 15, 2007 | SQL injection vulnerability in admin/index.php in Inmostore 4.0 allows remote attackers to execute arbitrary SQL commands via the Password field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||
| CVE-2007-3790 | 0.03 | — | 0.03 | Jul 15, 2007 | The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allows context-dependent attackers to cause a denial of service via a long argument. | |||
| CVE-2007-3791 | 0.00 | — | 0.04 | Jul 15, 2007 | Buffer overflow in the w_read function in sockets.c in Cami Sardinha and Nigel Kukard policyd before 1.81 for Postfix allows remote attackers to cause a denial of service and possibly execute arbitrary code via long SMTP commands. NOTE: some of these details are obtained from… | |||
| CVE-2007-3792 | 0.03 | — | 0.05 | Jul 15, 2007 | Multiple PHP remote file inclusion vulnerabilities in AzDG Dating Gold 3.0.5 allow remote attackers to execute arbitrary PHP code via a URL in the int_path parameter to (1) header.php, (2) footer.php, or (3) secure.admin.php in templates/. | |||
| CVE-2007-3793 | 0.00 | — | 0.01 | Jul 15, 2007 | SQL injection vulnerability in Job Management Partner 1/NETM/DM (JP1/NETM/DM) Manager on Windows before 20070413 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2007-3794 | 0.00 | — | 0.02 | Jul 15, 2007 | Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit for XML before 20070511, Developer's Kit for Java before 20070312, and third-party products that use this software, allows attackers to have an unknown impact via certain GIF images, related to use of GIF image… | |||
| CVE-2007-3795 | 0.00 | — | 0.01 | Jul 15, 2007 | Unspecified vulnerability in Hitachi TP1/Server Base before 03-05-/P, 05-00-x before 05-00-/G, 05-01-x before 05-01-/A, and 05-02-x before 05-02-/C on HP-UX 11.0 through 11i v3 allows attackers to cause a denial of service by sending certain data to a port. | |||
| CVE-2006-4169 | 0.00 | — | 0.02 | Jul 15, 2007 | Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin 2.0, and 2.1dev before 20070614, for Squirrelmail allow remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the help parameter to (1) gpg_help.php or (2)… | |||
| CVE-2006-5278 | 0.01 | — | 0.09 | Jul 15, 2007 | Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based… | |||
| CVE-2007-3103 | 0.03 | — | 0.01 | Jul 15, 2007 | The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file. | |||
| CVE-2007-3771 | 0.00 | — | 0.00 | Jul 15, 2007 | Stack-based buffer overflow in the Internet E-mail Auto-Protect feature in Symantec AntiVirus Corporate Edition before 10.1, and Client Security before 3.1, allows local users to cause a denial of service (service crash) via a long (1) To, (2) From, or (3) Subject header in an… | |||
| CVE-2007-3772 | 0.03 | — | 0.02 | Jul 15, 2007 | Directory traversal vulnerability in news/show.php in PsNews 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newspath parameter. | |||
| CVE-2007-3773 | 0.00 | — | 0.02 | Jul 15, 2007 | Cross-site request forgery (CSRF) vulnerability in the Email-Template module in Generic YouTube Clone Script allows remote attackers to upload files with arbitrary file types to templates/emails/ as administrators. | |||
| CVE-2007-3774 | 0.00 | — | 0.01 | Jul 15, 2007 | Dvbbs 7.1.0 SP1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Data/Dvbbs7.mdb. |
- CVE-2007-3830Jul 17, 2007risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in alert.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to inject arbitrary web script or HTML via the reminder parameter.
- CVE-2007-3831Jul 17, 2007risk 0.00cvss —epss 0.05
PHP remote file inclusion in main.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
- CVE-2007-3817Jul 17, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the LoginToboggan module 4.7.x-1.0, 4.7.x-1.x-dev, and 5.x-1.x-dev before 20070712 for Drupal, when configured to display a "Log out" link, allows remote attackers to inject arbitrary web script or HTML via a crafted username. NOTE:…
- CVE-2007-3818Jul 17, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the LoginToboggan module 5.x-1.x-dev before 20070712 for Drupal allows remote authenticated users with "administer blocks" permission to inject arbitrary JavaScript and gain privileges via "the message displayed above the default user…
- CVE-2007-3819Jul 17, 2007risk 0.00cvss —epss 0.02
Opera 9.21 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed.
- CVE-2007-3820Jul 17, 2007risk 0.00cvss —epss 0.03
konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed.
- CVE-2007-3821Jul 17, 2007risk 0.00cvss —epss 0.03
Cross-site request forgery (CSRF) vulnerability in Webcit before 7.11 allows remote attackers to modify configurations and perform other actions as arbitrary users via unspecified vectors.
- CVE-2007-3822Jul 17, 2007risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Webcit before 7.11 allow remote attackers to inject arbitrary web script or HTML via (1) the who parameter to showuser; and other vectors involving (2) calendar mode, (3) bulletin board mode, (4) room names, and (5) uploaded…
- CVE-2007-3823Jul 17, 2007risk 0.02cvss —epss 0.25
The Logging Server (Logsrv.exe) in IPSwitch WS_FTP 7.5.29.0 allows remote attackers to cause a denial of service (daemon crash) by sending a crafted packet containing a long string to port 5151/udp.
- CVE-2007-3824Jul 17, 2007risk 0.03cvss —epss 0.02
SQL injection vulnerability in katgoster.asp in MzK Blog (tr) allows remote attackers to execute arbitrary SQL commands via the katID parameter.
- CVE-2007-3017Jul 17, 2007risk 0.03cvss —epss 0.05
The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to…
- CVE-2007-3018Jul 17, 2007risk 0.00cvss —epss 0.01
activeWeb contentserver CMS before 5.6.2964 does not limit the file-creation ability of editors who have restricted accounts, which allows these editors to create files in arbitrary directories.
- CVE-2007-3806Jul 17, 2007risk 0.04cvss —epss 0.11
The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to…
- CVE-2007-3807Jul 17, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum before 7.3 allow remote attackers to inject arbitrary web script or HTML via the user name field in the login procedure, and other unspecified vectors.
- CVE-2007-3808Jul 17, 2007risk 0.03cvss —epss 0.02
SQL injection vulnerability in includes/search.php in paFileDB 3.6 allows remote attackers to execute arbitrary SQL commands via the categories[] parameter in a search action to index.php, a different vector than CVE-2005-2000.
- CVE-2007-3809Jul 17, 2007risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in Prozilla Directory Script allow remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action to directory.php, and other unspecified vectors.
- CVE-2007-3810Jul 17, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in Realtor 747 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter.
- CVE-2007-3811Jul 17, 2007risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in eSyndiCat allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php or (2) the name parameter to page.php.
- CVE-2007-3812Jul 17, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in forums.php in CMScout 1.23 and earlier allows remote attackers to execute arbitrary SQL commands via the f parameter in a forums action to index.php.
- CVE-2007-3813Jul 17, 2007risk 0.08cvss —epss 0.59
PHP remote file inclusion vulnerability in include/user.php in the NoBoard BETA module for MKPortal allows remote attackers to execute arbitrary PHP code via a URL in the MK_PATH parameter.
- CVE-2007-3814Jul 17, 2007risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the idurlo field in the delete_urlo function in (a) index.php in the urlobox module; the iden field in the (2) update_file and (3) del_file functions in (b)…
- CVE-2007-3815Jul 17, 2007risk 0.00cvss —epss 0.00
Buffer overflow in pirs32.exe in Poslovni informator Republike Slovenije (PIRS) 2007 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long search string in certain fields in the GUI. NOTE: this may cross privilege…
- risk 0.49cvss 7.5epss 0.02
JWIG might allow context-dependent attackers to cause a denial of service (service degradation) via loops of references to external templates. NOTE: this issue has been disputed by multiple third parties who state that only the application developer can trigger the issue, so no…
- CVE-2007-3800Jul 16, 2007risk 0.00cvss —epss 0.00
Unspecified vulnerability in the Real-time scanner (RTVScan) component in Symantec AntiVirus Corporate Edition 9.0 through 10.1 and Client Security 2.0 through 3.1, when the Notification Message window is enabled, allows local users to gain privileges via crafted code.
- CVE-2007-3803Jul 16, 2007risk 0.00cvss —epss 0.02
The SMTP ALG in Clavister CorePlus before 8.80.04, and 8.81.00, does not properly parse SMTP commands in certain circumstances, which allows remote attackers to bypass address blacklists.
- CVE-2007-3804Jul 16, 2007risk 0.00cvss —epss 0.02
The AntiVirus engine in the HTTP-ALG in Clavister CorePlus before 8.81.00 and 8.80.03 might allow remote attackers to bypass scanning via small files.
- CVE-2007-3805Jul 16, 2007risk 0.00cvss —epss 0.01
The IKE implementation in Clavister CorePlus before 8.80.03, and 8.80.00, does not properly validate certificates during IKE negotiation, which allows remote attackers to cause a denial of service (gateway stop) via certain certificates.
- risk 0.72cvss 9.8epss 0.70
Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.
- CVE-2007-3799Jul 16, 2007risk 0.04cvss —epss 0.08
The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the…
- CVE-2007-3013Jul 15, 2007risk 0.03cvss —epss 0.03
SQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/picture_real_edit.asp, and probably other unspecified vectors.
- CVE-2007-3014Jul 15, 2007risk 0.03cvss —epss 0.04
Multiple cross-site scripting (XSS) vulnerabilities in activeWeb contentserver before 5.6.2964 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) errors/rights.asp or (2) errors/transaction.asp, or (3) the name of a MIME type (mimetype).
- CVE-2007-3784Jul 15, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Belkin G Plus Router F5D7231-4 with firmware 4.05.03 allows remote attackers to inject arbitrary web script or HTML via a hostname of a DHCP client.
- CVE-2007-3785Jul 15, 2007risk 0.03cvss —epss 0.02
Absolute path traversal vulnerability in a certain ActiveX control in PGPBBox.dll in EldoS SecureBlackbox (sbb) 5.1.0.112 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveToFile method. NOTE: the provenance of this…
- CVE-2007-3786Jul 15, 2007risk 0.00cvss —epss 0.03
Cross-site request forgery (CSRF) vulnerability on the eSoft InstaGate EX2 UTM device before firmware 3.1.20070615 allows remote attackers to perform privileged actions as administrators. NOTE: the vendor disputes the distribution of the vulnerable software, stating that it was…
- CVE-2007-3787Jul 15, 2007risk 0.00cvss —epss 0.01
The eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password, which might allow remote attackers to gain privileges by conducting a CSRF attack, making a password change from an unattended workstation, or other attacks.
- CVE-2007-3788Jul 15, 2007risk 0.00cvss —epss 0.01
The eSoft InstaGate EX2 UTM device stores the admin password within the settings HTML document, which might allow context-dependent attackers to obtain sensitive information by reading this document.
- CVE-2007-3789Jul 15, 2007risk 0.03cvss —epss 0.02
SQL injection vulnerability in admin/index.php in Inmostore 4.0 allows remote attackers to execute arbitrary SQL commands via the Password field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2007-3790Jul 15, 2007risk 0.03cvss —epss 0.03
The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allows context-dependent attackers to cause a denial of service via a long argument.
- CVE-2007-3791Jul 15, 2007risk 0.00cvss —epss 0.04
Buffer overflow in the w_read function in sockets.c in Cami Sardinha and Nigel Kukard policyd before 1.81 for Postfix allows remote attackers to cause a denial of service and possibly execute arbitrary code via long SMTP commands. NOTE: some of these details are obtained from…
- CVE-2007-3792Jul 15, 2007risk 0.03cvss —epss 0.05
Multiple PHP remote file inclusion vulnerabilities in AzDG Dating Gold 3.0.5 allow remote attackers to execute arbitrary PHP code via a URL in the int_path parameter to (1) header.php, (2) footer.php, or (3) secure.admin.php in templates/.
- CVE-2007-3793Jul 15, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in Job Management Partner 1/NETM/DM (JP1/NETM/DM) Manager on Windows before 20070413 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2007-3794Jul 15, 2007risk 0.00cvss —epss 0.02
Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit for XML before 20070511, Developer's Kit for Java before 20070312, and third-party products that use this software, allows attackers to have an unknown impact via certain GIF images, related to use of GIF image…
- CVE-2007-3795Jul 15, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in Hitachi TP1/Server Base before 03-05-/P, 05-00-x before 05-00-/G, 05-01-x before 05-01-/A, and 05-02-x before 05-02-/C on HP-UX 11.0 through 11i v3 allows attackers to cause a denial of service by sending certain data to a port.
- CVE-2006-4169Jul 15, 2007risk 0.00cvss —epss 0.02
Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin 2.0, and 2.1dev before 20070614, for Squirrelmail allow remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the help parameter to (1) gpg_help.php or (2)…
- CVE-2006-5278Jul 15, 2007risk 0.01cvss —epss 0.09
Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based…
- CVE-2007-3103Jul 15, 2007risk 0.03cvss —epss 0.01
The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.
- CVE-2007-3771Jul 15, 2007risk 0.00cvss —epss 0.00
Stack-based buffer overflow in the Internet E-mail Auto-Protect feature in Symantec AntiVirus Corporate Edition before 10.1, and Client Security before 3.1, allows local users to cause a denial of service (service crash) via a long (1) To, (2) From, or (3) Subject header in an…
- CVE-2007-3772Jul 15, 2007risk 0.03cvss —epss 0.02
Directory traversal vulnerability in news/show.php in PsNews 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newspath parameter.
- CVE-2007-3773Jul 15, 2007risk 0.00cvss —epss 0.02
Cross-site request forgery (CSRF) vulnerability in the Email-Template module in Generic YouTube Clone Script allows remote attackers to upload files with arbitrary file types to templates/emails/ as administrators.
- CVE-2007-3774Jul 15, 2007risk 0.00cvss —epss 0.01
Dvbbs 7.1.0 SP1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Data/Dvbbs7.mdb.