VYPR

CVEs

344,693 total · page 6379 of 6,894

  • CVE-2007-3775Jul 15, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allows remote attackers to cause a denial of service (loss of cluster services) via unspecified vectors, aka (1) CSCsj09859 and (2) CSCsj19985.

  • CVE-2007-3776Jul 15, 2007
    risk 0.00cvss epss 0.01

    Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allow remote attackers to obtain sensitive information via unspecified vectors that reveal the SNMP community strings and configuration settings, aka (1) CSCsj20668 and (2)…

  • CVE-2007-3777Jul 15, 2007
    risk 0.00cvss epss 0.00

    avg7core.sys 7.5.0.444 in Grisoft AVG Anti-Virus 7.5.448 and Free Edition 7.5.446, provides an internal function that copies data to an arbitrary address, which allows local users to gain privileges via arbitrary address arguments to a function provided by the 0x5348E004 IOCTL…

  • CVE-2007-3778Jul 15, 2007
    risk 0.00cvss epss 0.03

    The G/PGP (GPG) Plugin 2.0, and 2.1dev before 20060912, for Squirrelmail allows remote attackers to execute arbitrary commands via shell metacharacters in the messageSignedText parameter to the gpg_check_sign_pgp_mime function in gpg_hook_functions.php. NOTE: a parameter value…

  • CVE-2007-3779Jul 15, 2007
    risk 0.00cvss epss 0.01

    PHP local file inclusion vulnerability in gpg_pop_init.php in the G/PGP (GPG) Plugin before 20070707 for Squirrelmail allows remote attackers to include and execute arbitrary local files, related to the MOD parameter.

  • CVE-2007-3780Jul 15, 2007
    risk 0.01cvss epss 0.14

    MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol.

  • CVE-2007-3781Jul 15, 2007
    risk 0.00cvss epss 0.02

    MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.

  • CVE-2007-3782Jul 15, 2007
    risk 0.00cvss epss 0.02

    MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.

  • CVE-2007-3783Jul 15, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in default.asp in enVivo!CMS allows remote attackers to execute arbitrary SQL commands via the ID parameter in an article action. NOTE: this is probably different from CVE-2005-1413.4.

  • CVE-2006-5277Jul 15, 2007
    risk 0.01cvss epss 0.10

    Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that triggers a heap-based buffer…

  • CVE-2007-2392Jul 15, 2007
    risk 0.00cvss epss 0.06

    Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via a crafted movie file that triggers memory corruption.

  • CVE-2007-2393Jul 15, 2007
    risk 0.01cvss epss 0.07

    The design of QuickTime for Java in Apple Quicktime before 7.2 allows remote attackers to bypass certain security controls and write to process memory via Java applets, possibly leading to arbitrary code execution.

  • CVE-2007-2394Jul 15, 2007
    risk 0.04cvss epss 0.12

    Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation.

  • CVE-2007-2396Jul 15, 2007
    risk 0.01cvss epss 0.07

    The JDirect support in QuickTime for Java in Apple Quicktime before 7.2 exposes certain dangerous interfaces, which allows remote attackers to execute arbitrary code via crafted Java applets.

  • CVE-2007-2397Jul 15, 2007
    risk 0.01cvss epss 0.07

    QuickTime for Java in Apple Quicktime before 7.2 does not properly check permissions, which allows remote attackers to disable security controls and execute arbitrary code via crafted Java applets.

  • CVE-2007-2402Jul 15, 2007
    risk 0.00cvss epss 0.03

    QuickTime for Java in Apple Quicktime before 7.2 does not perform sufficient "access control," which allows remote attackers to obtain sensitive information (screen content) via crafted Java applets.

  • CVE-2007-2417Jul 15, 2007
    risk 0.01cvss epss 0.16

    Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via…

  • CVE-2007-3645Jul 15, 2007
    risk 0.00cvss epss 0.03

    archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (crash) via (1) an end-of-file condition within a tar header that follows a pax extension header or (2) a malformed pax extension header in an (a) PAX…

  • CVE-2007-3673Jul 15, 2007
    risk 0.03cvss epss 0.01

    Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus Corporate Edition 9 through 10.1 and Client Security 2.0 through 3.1, Norton AntiSpam 2005, and Norton AntiVirus, Internet Security, Personal Firewall, and System Works 2005 and 2006; allows local users to…

  • CVE-2007-3768Jul 15, 2007
    risk 0.00cvss epss 0.02

    The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command.

  • CVE-2007-3769Jul 15, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to inject arbitrary web script or HTML via a malformed response without a status code, which is reflected to the user in the resulting…

  • CVE-2007-3770Jul 15, 2007
    risk 0.00cvss epss 0.02

    The terminal_helper_execute function in terminal/terminal.c in Xfce Terminal 0.2.6 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a crafted link, as demonstrated using the "Open Link" functionality.

  • CVE-2007-3641Jul 14, 2007
    risk 0.01cvss epss 0.07

    archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary…

  • CVE-2007-3644Jul 14, 2007
    risk 0.00cvss epss 0.04

    archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (infinite loop) via (1) an end-of-file condition within a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR…

  • CVE-2007-3727Jul 12, 2007
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in Webmatic before 2.7 have unknown impact and attack vectors, related to the "administration area."

  • CVE-2007-3728Jul 12, 2007
    risk 0.00cvss epss 0.03

    Buffer overflow in lib/silcclient/client_notify.c of SILC Client and SILC Toolkit before 1.1.2 allows remote attackers to cause a denial of service via "NICK_CHANGE" notifications.

  • CVE-2007-3729Jul 12, 2007
    risk 0.00cvss epss 0.02

    The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid POP usernames.

  • CVE-2007-3730Jul 12, 2007
    risk 0.00cvss epss 0.02

    The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 does not log the source IP address or attempted username for login attempts, which might help remote attackers to avoid identification.

  • CVE-2007-3717Jul 12, 2007
    risk 0.00cvss epss 0.00

    rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call certain helper applications, which allows local users to gain privileges by creating files with certain names, possibly containing shell metacharacters or spaces, a similar issue to CVE-2006-0225.

  • CVE-2007-3718Jul 12, 2007
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in the SVG parsing engine in Apple Safari 3 Beta for Windows have unspecified remote attack vectors and impact. NOTE: this issue contains no actionable information, but it was released by a reliable researcher.

  • CVE-2007-3719Jul 12, 2007
    risk 0.00cvss epss 0.00

    The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."

  • CVE-2007-3720Jul 12, 2007
    risk 0.00cvss epss 0.00

    The process scheduler in the Linux kernel 2.4 performs scheduling based on CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption) by performing voluntary nanosecond sleeps that result in the process not…

  • CVE-2007-3721Jul 12, 2007
    risk 0.00cvss epss 0.00

    The ULE process scheduler in the FreeBSD kernel gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."

  • CVE-2007-3722Jul 12, 2007
    risk 0.00cvss epss 0.00

    The 4BSD process scheduler in the FreeBSD kernel performs scheduling based on CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption) by performing voluntary nanosecond sleeps that result in the process…

  • CVE-2007-3723Jul 12, 2007
    risk 0.00cvss epss 0.00

    The process scheduler in the Sun Solaris kernel does not make use of the process statistics kept by the kernel and performs scheduling based upon CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption),…

  • CVE-2007-3724Jul 12, 2007
    risk 0.00cvss epss 0.01

    The process scheduler in the Microsoft Windows XP kernel does not make use of the process statistics kept by the kernel, performs scheduling based on CPU billing gathered from periodic process sampling ticks, and gives preference to "interactive" processes that perform voluntary…

  • CVE-2007-3725Jul 12, 2007
    risk 0.04cvss epss 0.08

    The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference.

  • CVE-2007-3726Jul 12, 2007
    risk 0.00cvss epss 0.02

    Integer signedness error in the SET_VALUE function in rarvm.cpp in unrar 3.70 beta 3, as used in products including WinRAR and RAR for OS X, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive that causes a negative signed number…

  • CVE-2007-3509Jul 12, 2007
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exec for Windows Servers 10.0, 10d, and 11d allows remote attackers to cause a denial of service (process exit) and possibly execute arbitrary code via crafted ncacn_ip_tcp requests.

  • CVE-2006-5271Jul 12, 2007
    risk 0.00cvss epss 0.04

    Integer underflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.6.0.453 and earlier allows remote attackers to execute arbitrary code via a crafted UDP packet, which causes stack corruption.

  • CVE-2006-5272Jul 12, 2007
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.6.0.453 and earlier allows remote attackers to execute arbitrary code via a crafted ping packet.

  • CVE-2006-5273Jul 12, 2007
    risk 0.01cvss epss 0.06

    Heap-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 through 3.6.0.453 allows remote attackers to execute arbitrary code via a crafted packet.

  • CVE-2006-5274Jul 12, 2007
    risk 0.00cvss epss 0.05

    Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 allows remote attackers to cause a denial of service (CMA Framework service crash) and possibly execute arbitrary code via unspecified…

  • CVE-2007-3693Jul 11, 2007
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Gobi as of 20070711, built on Helma, allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search function.

  • CVE-2007-3700Jul 11, 2007
    risk 0.00cvss epss 0.00

    Sun Java System Access Manager (formerly Java System Identity Server) before 20070710, when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.properties, logs cleartext login passwords, which allows local users to gain privileges…

  • CVE-2007-3701Jul 11, 2007
    risk 0.04cvss epss 0.08

    TippingPoint IPS before 20070710 does not properly handle a hex-encoded alternate Unicode '/' (slash) character, which might allow remote attackers to send certain network traffic and avoid detection, as demonstrated by a cmd.exe attack.

  • CVE-2007-3702Jul 11, 2007
    risk 0.04cvss epss 0.08

    Directory traversal vulnerability in the load function in cgi-bin/mail/mailmachine.cgi in Mail Machine 3.989 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the archives parameter in a Load action.

  • CVE-2007-3703Jul 11, 2007
    risk 0.03cvss epss 0.04

    Stack-based buffer overflow in a certain ActiveX control in sasatl.dll 1.5.0.531 in Zenturi Program Checker (ProgramChecker) Pro allows remote attackers to execute arbitrary code via a long argument to the Fill method. NOTE: this is probably a different issue than CVE-2007-2987.

  • CVE-2007-3704Jul 11, 2007
    risk 0.00cvss epss 0.02

    Entertainment CMS allows remote attackers to bypass authentication and perform certain administrative actions by setting the adminLogged cookie to "Administrator."

  • CVE-2007-3705Jul 11, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in FuseTalk 2.0 allows remote attackers to execute arbitrary SQL commands via the FTVAR_SUBCAT (txForumID) parameter to forum/index.cfm and possibly other unspecified components, related to forum/include/error/forumerror.cfm.