| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-3615 | 0.00 | — | 0.02 | Jul 6, 2007 | Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to… | |||
| CVE-2007-3616 | 0.00 | — | 0.01 | Jul 6, 2007 | index.php in vtiger CRM before 5.0.3 allows remote authenticated users to perform administrative changes to arbitrary profile settings via a certain profilePrivileges action in the Users module. | |||
| CVE-2007-3617 | 0.00 | — | 0.01 | Jul 6, 2007 | The report module in vtiger CRM before 5.0.3 does not properly apply security rules, which allows remote authenticated users to read arbitrary private module entries. | |||
| CVE-2007-3591 | 0.00 | — | 0.01 | Jul 6, 2007 | Unspecified vulnerability in Profile.php in Elite Bulletin Board before 1.0.10 allows remote attackers to modify profile information via unspecified vectors related to "a remote form," probably related to direct requests and missing authorization checks. | |||
| CVE-2007-3592 | 0.00 | — | 0.01 | Jul 6, 2007 | PM.php in Elite Bulletin Board before 1.0.10 allows remote authenticated users to delete arbitrary PM messages and conduct other attacks via modified id fields. | |||
| CVE-2007-3593 | 0.03 | — | 0.04 | Jul 6, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine NetFlow Analyzer 5 allow remote attackers to inject arbitrary web script or HTML via the (1) alpha parameter in (a) netflow/jspui/applicationList.jsp, the (2) task parameter in (b) netflow/jspui/appConfig.jsp,… | |||
| CVE-2007-3594 | 0.03 | — | 0.06 | Jul 6, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in map/; the (2) reportName, (3) displayName, and (4)… | |||
| CVE-2007-3596 | 0.00 | — | 0.01 | Jul 6, 2007 | inc/vul_check.inc in phpVideoPro before 0.8.8 permits non-alphanumeric characters in the sess_id parameter, which has unknown impact and remote attack vectors, probably cross-site scripting (XSS). | |||
| CVE-2007-3597 | 0.00 | — | 0.02 | Jul 6, 2007 | Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows remote attackers to hijack web sessions by setting the Cookie parameter. | |||
| CVE-2007-3589 | — | 0.03 | — | 0.01 | Jul 5, 2007 | Multiple SQL injection vulnerabilities in b1gbb 2.24.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showthread.php or (2) showboard.php. | ||
| CVE-2007-3590 | — | 0.03 | — | 0.03 | Jul 5, 2007 | Cross-site scripting (XSS) vulnerability in visitenkarte.php in b1gBB 2.24.0 allows remote attackers to inject arbitrary web script or HTML via the user parameter. | ||
| CVE-2007-2839 | 0.03 | — | 0.01 | Jul 5, 2007 | gfax 0.4.2 and probably other versions creates temporary files insecurely, which allows local users to execute arbitrary commands via unknown vectors. | |||
| CVE-2006-7216 | 0.00 | — | 0.02 | Jul 5, 2007 | Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables. | |||
| CVE-2006-7217 | 0.00 | — | 0.02 | Jul 5, 2007 | Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode. | |||
| CVE-2007-3572 | 0.04 | — | 0.08 | Jul 5, 2007 | Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in the web interface on the Yoggie Pico and Pico Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the param parameter, as demonstrated by URL encoded "`" (backtick) characters… | |||
| CVE-2007-3573 | 0.00 | — | 0.01 | Jul 5, 2007 | Multiple SQL injection vulnerabilities in akocomment allow remote attackers to execute arbitrary SQL commands via the (1) acparentid or (2) acitemid parameter to an unspecified component, different vectors than CVE-2006-1421. | |||
| CVE-2007-3574 | 0.03 | — | 0.02 | Jul 5, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3) snmp_getcomm, or (4) snmp_setcomm… | |||
| CVE-2007-3575 | 0.00 | — | 0.02 | Jul 5, 2007 | SQL injection vulnerability in includes/functions in FreeDomain.co.nr Clone allows remote attackers to execute arbitrary SQL commands via the logindomain parameter to members.php. | |||
| CVE-2007-3576 | 0.01 | — | 0.13 | Jul 5, 2007 | Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the "script" character sequence, using the (1) vbscript: handler for scheme names with 7 through 9 characters, and the (2) javascript: handler for scheme names with 10 or more… | |||
| CVE-2007-3577 | 0.00 | — | 0.01 | Jul 5, 2007 | PHPIDS before 20070703 does not properly handle use of the substr method in (1) document.location.search and (2) document.referrer; (3) certain use of document.location.hash; (4) certain "window[eval" and similar expressions; (5) certain Function expressions; (6) certain '='… | |||
| CVE-2007-3578 | 0.00 | — | 0.01 | Jul 5, 2007 | PHPIDS before 20070703 does not properly handle (1) arithmetic expressions and (2) unclosed comments, which allows remote attackers to inject arbitrary web script. | |||
| CVE-2007-3579 | 0.00 | — | 0.01 | Jul 5, 2007 | PHPIDS before 20070703 does not properly handle setting the .text property of a SCRIPT element before its attachment to the DOM, which allows remote attackers to inject arbitrary web script. | |||
| CVE-2007-3580 | 0.00 | — | 0.01 | Jul 5, 2007 | PHPIDS does not properly handle certain code containing newlines, as demonstrated by a try/catch block within a loop, which allows user-assisted remote attackers to inject arbitrary web script. | |||
| CVE-2007-3581 | 0.00 | — | 0.02 | Jul 5, 2007 | The Jedox Palo 1.5 client transmits the password in cleartext, which might allow remote attackers to obtain the password by sniffing the network, as demonstrated by starting Excel with the Palo plugin, opening a cube, and performing an Insert View. | |||
| CVE-2007-3582 | 0.03 | — | 0.02 | Jul 5, 2007 | SQL injection vulnerability in index.php in SuperCali PHP Event Calendar 0.4.0 allows remote attackers to execute arbitrary SQL commands via the o parameter. | |||
| CVE-2007-3583 | 0.03 | — | 0.01 | Jul 5, 2007 | SQL injection vulnerability in details_news.php in Girlserv ads 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the idnew parameter. | |||
| CVE-2007-3584 | 0.03 | — | 0.01 | Jul 5, 2007 | SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i and earlier for Postnuke allows remote attackers to execute arbitrary SQL commands via the order parameter. | |||
| CVE-2007-3585 | 0.03 | — | 0.02 | Jul 5, 2007 | PHP remote file inclusion vulnerability in games.php in MyCMS 0.9.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the id parameter. | |||
| CVE-2007-3586 | 0.03 | — | 0.02 | Jul 5, 2007 | Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 and earlier allow remote attackers to inject arbitrary PHP code into (1) a _score.txt file via the score parameter, or (2) a _setby.txt file via a login cookie, which is then included by games.php. NOTE:… | |||
| CVE-2007-3587 | 0.03 | — | 0.03 | Jul 5, 2007 | MyCMS 0.9.8 and earlier allows remote attackers to gain privileges via the admin cookie parameter, as demonstrated by a post to admin/settings.php that injects PHP code into settings.inc, which can then be executed via a direct request to index.php. | |||
| CVE-2007-3588 | 0.00 | — | 0.01 | Jul 5, 2007 | SQL injection vulnerability in reply.php in VBZooM 1.12 allows remote attackers to execute arbitrary SQL commands via the UserID parameter to sub-join.php. NOTE: this may be the same as CVE-2006-3691.4. | |||
| CVE-2007-3011 | 0.03 | — | 0.04 | Jul 5, 2007 | The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens Computers ServerView before 4.50.09 allows remote attackers to execute arbitrary commands via shell metacharacters in the Servername subparameter of the ParameterList parameter. | |||
| CVE-2007-3012 | 0.00 | — | 0.02 | Jul 5, 2007 | The web interface in Fujitsu-Siemens Computers PRIMERGY BX300 Switch Blade allows remote attackers to obtain sensitive information by canceling the authentication dialog when accessing a sub-page, which still displays the form field contents of the sub-page, as demonstrated… | |||
| CVE-2007-3567 | 0.00 | — | 0.03 | Jul 5, 2007 | MySQLDumper 1.21b through 1.23 REV227 uses a "Limit GET" statement in the .htaccess authentication mechanism, which allows remote attackers to bypass authentication requirements via HTTP POST requests. | |||
| CVE-2007-3568 | 0.00 | — | 0.02 | Jul 5, 2007 | The _LoadBMP function in imlib 1.9.15 and earlier allows context-dependent attackers to cause a denial of service (infinite loop) via a BMP image with a Bits Per Page (BPP) value of 0. | |||
| CVE-2007-3569 | 0.03 | — | 0.04 | Jul 5, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Oliver Library Management System allow remote attackers to inject arbitrary web script or HTML via the (1) updateform and (2) displayform parameter to (a) gateway/gateway.exe; the (3) TERMS, (4) database, (5) srchad, (6)… | |||
| CVE-2007-3570 | 0.00 | — | 0.02 | Jul 5, 2007 | The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request. | |||
| CVE-2007-3571 | 0.00 | — | 0.01 | Jul 5, 2007 | The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address. | |||
| CVE-2007-3557 | 0.00 | — | 0.01 | Jul 4, 2007 | SQL injection vulnerability in admin/login.php in Wheatblog (wB) 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter. | |||
| CVE-2007-3558 | 0.03 | — | 0.01 | Jul 4, 2007 | SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component. | |||
| CVE-2007-3559 | 0.00 | — | 0.01 | Jul 4, 2007 | Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or HTML via the URI, related to the FUSION_QUERY constant. | |||
| CVE-2007-3560 | 0.00 | — | 0.01 | Jul 4, 2007 | Multiple unspecified vulnerabilities in Esqlanelapse before 2.6 have unknown impact and attack vectors. | |||
| CVE-2007-3561 | 0.00 | — | 0.01 | Jul 4, 2007 | Cross-site scripting (XSS) vulnerability in ara.asp in Efendy Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the ara parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||
| CVE-2007-3562 | 0.03 | — | 0.02 | Jul 4, 2007 | SQL injection vulnerability in videos.php in PHP Director 0.21 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2007-3563 | 0.03 | — | 0.01 | Jul 4, 2007 | SQL injection vulnerability in includes/view_page.php in AV Arcade 2.1b allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_page action to index.php. | |||
| CVE-2007-2949 | 0.01 | — | 0.07 | Jul 4, 2007 | Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value. | |||
| CVE-2007-3554 | 0.04 | — | 0.18 | Jul 4, 2007 | Stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX control in sdd.dll in HP Instant Support - Driver Check before 1.5.0.3 allows remote attackers to execute arbitrary code via a long argument to the queryHub function. | |||
| CVE-2007-3555 | 0.00 | — | 0.03 | Jul 4, 2007 | Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability than CVE-2004-1424. | |||
| CVE-2007-3556 | 0.03 | — | 0.03 | Jul 4, 2007 | Liesbeth base CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an include file containing account credentials via a direct request for config.inc. | |||
| CVE-2006-7215 | 0.00 | — | 0.00 | Jul 3, 2007 | The Intel Core 2 Extreme processor X6800 and Core 2 Duo desktop processor E6000 and E4000 incorrectly set the memory page Access (A) bit for a page in certain circumstances involving proximity of the code segment limit to the end of a code page, which has unknown impact and… |
- CVE-2007-3615Jul 6, 2007risk 0.00cvss —epss 0.02
Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to…
- CVE-2007-3616Jul 6, 2007risk 0.00cvss —epss 0.01
index.php in vtiger CRM before 5.0.3 allows remote authenticated users to perform administrative changes to arbitrary profile settings via a certain profilePrivileges action in the Users module.
- CVE-2007-3617Jul 6, 2007risk 0.00cvss —epss 0.01
The report module in vtiger CRM before 5.0.3 does not properly apply security rules, which allows remote authenticated users to read arbitrary private module entries.
- CVE-2007-3591Jul 6, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in Profile.php in Elite Bulletin Board before 1.0.10 allows remote attackers to modify profile information via unspecified vectors related to "a remote form," probably related to direct requests and missing authorization checks.
- CVE-2007-3592Jul 6, 2007risk 0.00cvss —epss 0.01
PM.php in Elite Bulletin Board before 1.0.10 allows remote authenticated users to delete arbitrary PM messages and conduct other attacks via modified id fields.
- CVE-2007-3593Jul 6, 2007risk 0.03cvss —epss 0.04
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine NetFlow Analyzer 5 allow remote attackers to inject arbitrary web script or HTML via the (1) alpha parameter in (a) netflow/jspui/applicationList.jsp, the (2) task parameter in (b) netflow/jspui/appConfig.jsp,…
- CVE-2007-3594Jul 6, 2007risk 0.03cvss —epss 0.06
Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in map/; the (2) reportName, (3) displayName, and (4)…
- CVE-2007-3596Jul 6, 2007risk 0.00cvss —epss 0.01
inc/vul_check.inc in phpVideoPro before 0.8.8 permits non-alphanumeric characters in the sess_id parameter, which has unknown impact and remote attack vectors, probably cross-site scripting (XSS).
- CVE-2007-3597Jul 6, 2007risk 0.00cvss —epss 0.02
Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows remote attackers to hijack web sessions by setting the Cookie parameter.
- CVE-2007-3589Jul 5, 2007risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in b1gbb 2.24.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showthread.php or (2) showboard.php.
- CVE-2007-3590Jul 5, 2007risk 0.03cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in visitenkarte.php in b1gBB 2.24.0 allows remote attackers to inject arbitrary web script or HTML via the user parameter.
- CVE-2007-2839Jul 5, 2007risk 0.03cvss —epss 0.01
gfax 0.4.2 and probably other versions creates temporary files insecurely, which allows local users to execute arbitrary commands via unknown vectors.
- CVE-2006-7216Jul 5, 2007risk 0.00cvss —epss 0.02
Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
- CVE-2006-7217Jul 5, 2007risk 0.00cvss —epss 0.02
Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
- CVE-2007-3572Jul 5, 2007risk 0.04cvss —epss 0.08
Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in the web interface on the Yoggie Pico and Pico Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the param parameter, as demonstrated by URL encoded "`" (backtick) characters…
- CVE-2007-3573Jul 5, 2007risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in akocomment allow remote attackers to execute arbitrary SQL commands via the (1) acparentid or (2) acitemid parameter to an unspecified component, different vectors than CVE-2006-1421.
- CVE-2007-3574Jul 5, 2007risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3) snmp_getcomm, or (4) snmp_setcomm…
- CVE-2007-3575Jul 5, 2007risk 0.00cvss —epss 0.02
SQL injection vulnerability in includes/functions in FreeDomain.co.nr Clone allows remote attackers to execute arbitrary SQL commands via the logindomain parameter to members.php.
- CVE-2007-3576Jul 5, 2007risk 0.01cvss —epss 0.13
Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the "script" character sequence, using the (1) vbscript: handler for scheme names with 7 through 9 characters, and the (2) javascript: handler for scheme names with 10 or more…
- CVE-2007-3577Jul 5, 2007risk 0.00cvss —epss 0.01
PHPIDS before 20070703 does not properly handle use of the substr method in (1) document.location.search and (2) document.referrer; (3) certain use of document.location.hash; (4) certain "window[eval" and similar expressions; (5) certain Function expressions; (6) certain '='…
- CVE-2007-3578Jul 5, 2007risk 0.00cvss —epss 0.01
PHPIDS before 20070703 does not properly handle (1) arithmetic expressions and (2) unclosed comments, which allows remote attackers to inject arbitrary web script.
- CVE-2007-3579Jul 5, 2007risk 0.00cvss —epss 0.01
PHPIDS before 20070703 does not properly handle setting the .text property of a SCRIPT element before its attachment to the DOM, which allows remote attackers to inject arbitrary web script.
- CVE-2007-3580Jul 5, 2007risk 0.00cvss —epss 0.01
PHPIDS does not properly handle certain code containing newlines, as demonstrated by a try/catch block within a loop, which allows user-assisted remote attackers to inject arbitrary web script.
- CVE-2007-3581Jul 5, 2007risk 0.00cvss —epss 0.02
The Jedox Palo 1.5 client transmits the password in cleartext, which might allow remote attackers to obtain the password by sniffing the network, as demonstrated by starting Excel with the Palo plugin, opening a cube, and performing an Insert View.
- CVE-2007-3582Jul 5, 2007risk 0.03cvss —epss 0.02
SQL injection vulnerability in index.php in SuperCali PHP Event Calendar 0.4.0 allows remote attackers to execute arbitrary SQL commands via the o parameter.
- CVE-2007-3583Jul 5, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in details_news.php in Girlserv ads 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the idnew parameter.
- CVE-2007-3584Jul 5, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i and earlier for Postnuke allows remote attackers to execute arbitrary SQL commands via the order parameter.
- CVE-2007-3585Jul 5, 2007risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in games.php in MyCMS 0.9.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.
- CVE-2007-3586Jul 5, 2007risk 0.03cvss —epss 0.02
Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 and earlier allow remote attackers to inject arbitrary PHP code into (1) a _score.txt file via the score parameter, or (2) a _setby.txt file via a login cookie, which is then included by games.php. NOTE:…
- CVE-2007-3587Jul 5, 2007risk 0.03cvss —epss 0.03
MyCMS 0.9.8 and earlier allows remote attackers to gain privileges via the admin cookie parameter, as demonstrated by a post to admin/settings.php that injects PHP code into settings.inc, which can then be executed via a direct request to index.php.
- CVE-2007-3588Jul 5, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in reply.php in VBZooM 1.12 allows remote attackers to execute arbitrary SQL commands via the UserID parameter to sub-join.php. NOTE: this may be the same as CVE-2006-3691.4.
- CVE-2007-3011Jul 5, 2007risk 0.03cvss —epss 0.04
The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens Computers ServerView before 4.50.09 allows remote attackers to execute arbitrary commands via shell metacharacters in the Servername subparameter of the ParameterList parameter.
- CVE-2007-3012Jul 5, 2007risk 0.00cvss —epss 0.02
The web interface in Fujitsu-Siemens Computers PRIMERGY BX300 Switch Blade allows remote attackers to obtain sensitive information by canceling the authentication dialog when accessing a sub-page, which still displays the form field contents of the sub-page, as demonstrated…
- CVE-2007-3567Jul 5, 2007risk 0.00cvss —epss 0.03
MySQLDumper 1.21b through 1.23 REV227 uses a "Limit GET" statement in the .htaccess authentication mechanism, which allows remote attackers to bypass authentication requirements via HTTP POST requests.
- CVE-2007-3568Jul 5, 2007risk 0.00cvss —epss 0.02
The _LoadBMP function in imlib 1.9.15 and earlier allows context-dependent attackers to cause a denial of service (infinite loop) via a BMP image with a Bits Per Page (BPP) value of 0.
- CVE-2007-3569Jul 5, 2007risk 0.03cvss —epss 0.04
Multiple cross-site scripting (XSS) vulnerabilities in Oliver Library Management System allow remote attackers to inject arbitrary web script or HTML via the (1) updateform and (2) displayform parameter to (a) gateway/gateway.exe; the (3) TERMS, (4) database, (5) srchad, (6)…
- CVE-2007-3570Jul 5, 2007risk 0.00cvss —epss 0.02
The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request.
- CVE-2007-3571Jul 5, 2007risk 0.00cvss —epss 0.01
The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
- CVE-2007-3557Jul 4, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in admin/login.php in Wheatblog (wB) 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter.
- CVE-2007-3558Jul 4, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component.
- CVE-2007-3559Jul 4, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or HTML via the URI, related to the FUSION_QUERY constant.
- CVE-2007-3560Jul 4, 2007risk 0.00cvss —epss 0.01
Multiple unspecified vulnerabilities in Esqlanelapse before 2.6 have unknown impact and attack vectors.
- CVE-2007-3561Jul 4, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in ara.asp in Efendy Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the ara parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2007-3562Jul 4, 2007risk 0.03cvss —epss 0.02
SQL injection vulnerability in videos.php in PHP Director 0.21 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2007-3563Jul 4, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in includes/view_page.php in AV Arcade 2.1b allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_page action to index.php.
- CVE-2007-2949Jul 4, 2007risk 0.01cvss —epss 0.07
Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value.
- CVE-2007-3554Jul 4, 2007risk 0.04cvss —epss 0.18
Stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX control in sdd.dll in HP Instant Support - Driver Check before 1.5.0.3 allows remote attackers to execute arbitrary code via a long argument to the queryHub function.
- CVE-2007-3555Jul 4, 2007risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability than CVE-2004-1424.
- CVE-2007-3556Jul 4, 2007risk 0.03cvss —epss 0.03
Liesbeth base CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an include file containing account credentials via a direct request for config.inc.
- CVE-2006-7215Jul 3, 2007risk 0.00cvss —epss 0.00
The Intel Core 2 Extreme processor X6800 and Core 2 Duo desktop processor E6000 and E4000 incorrectly set the memory page Access (A) bit for a page in certain circumstances involving proximity of the code segment limit to the end of a code page, which has unknown impact and…