| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-3501 | 0.00 | — | 0.01 | Jun 30, 2007 | Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAdmin 1.30.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a different vector than CVE-2007-1508. | |||
| CVE-2007-3502 | 0.00 | — | 0.02 | Jun 30, 2007 | Unspecified vulnerability in the web-based product configuration system in Kaspersky Anti-Spam before 3.0 MP1 allows remote attackers to obtain access to certain directories. | |||
| CVE-2007-3503 | 0.00 | — | 0.03 | Jun 30, 2007 | The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2007-3504 | 0.01 | — | 0.06 | Jun 30, 2007 | Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants… | |||
| CVE-2006-7211 | 0.00 | — | 0.00 | Jun 29, 2007 | fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the semaphore array, which allows local users to cause a denial of service (blocked query processing) by locking semaphores. | |||
| CVE-2006-7212 | 0.00 | — | 0.01 | Jun 29, 2007 | Multiple buffer overflows in Firebird 1.5, one of which affects WNET, have unknown impact and attack vectors. NOTE: this issue might overlap CVE-2006-1240. | |||
| CVE-2006-7213 | 0.00 | — | 0.01 | Jun 29, 2007 | Firebird 1.5 allows remote authenticated users without SYSDBA and owner permissions to overwrite a database by creating a database. | |||
| CVE-2006-7214 | 0.00 | — | 0.02 | Jun 29, 2007 | Multiple unspecified vulnerabilities in Firebird 1.5 allow remote attackers to (1) cause a denial of service (application crash) by sending many remote protocol versions; and (2) cause a denial of service (connection drop) via certain network traffic, as demonstrated by Nessus… | |||
| CVE-2007-3378 | 0.00 | — | 0.05 | Jun 29, 2007 | The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as… | |||
| CVE-2007-3487 | 0.04 | — | 0.09 | Jun 29, 2007 | Absolute path traversal in a certain ActiveX control in hpqxml.dll 2.0.0.133 in Hewlett-Packard (HP) Photo Digital Imaging allows remote attackers to create or overwrite arbitrary files via the argument to the saveXMLAsFile method. | |||
| CVE-2007-3488 | 0.04 | — | 0.16 | Jun 29, 2007 | Heap-based buffer overflow in the viewer ActiveX control in Sony Network Camera SNC-RZ25N before 1.30; SNC-P1 and SNC-P5 before 1.29; SNC-CS10 and SNC-CS11 before 1.06; SNC-DF40N and SNC-DF70N before 1.18; SNC-RZ50N and SNC-CS50N before 2.22; SNC-DF85N, SNC-DF80N, and SNC-DF50N… | |||
| CVE-2007-3489 | 0.00 | — | 0.03 | Jun 29, 2007 | Cross-site request forgery (CSRF) vulnerability in pop/WizU.html in the management interface in Check Point VPN-1 Edge X Embedded NGX 7.0.33x on the Check Point VPN-1 UTM Edge allows remote attackers to perform privileged actions as administrators, as demonstrated by a request… | |||
| CVE-2007-3490 | 0.06 | — | 0.37 | Jun 29, 2007 | Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls. | |||
| CVE-2007-3491 | 0.00 | — | 0.03 | Jun 29, 2007 | Buffer overflow in _mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to have an unknown impact via a malformed TCP/IP message. | |||
| CVE-2007-3492 | 0.03 | — | 0.03 | Jun 29, 2007 | Conti FtpServer 1.0 allows remote authenticated users to cause a denial of service (daemon crash) via a certain string containing "//A:" in the argument to the LIST command. | |||
| CVE-2007-3493 | 0.06 | — | 0.31 | Jun 29, 2007 | A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTAudioStudio (NCTAudioStudio2) 2.7, as used by Sienzo DMM and probably other products, allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the CreateFile method,… | |||
| CVE-2007-3494 | 0.00 | — | 0.02 | Jun 29, 2007 | Papoo CMS 3.6, and possibly earlier, does not verify user privileges when accessing the backend administration plugins, which allows remote authenticated users to (1) read the entire database by accessing the database backup plugin via a devtools/templates/newdump_backend.html… | |||
| CVE-2007-3495 | 0.00 | — | 0.01 | Jun 29, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in the SAP Internet Communication Framework (BC-MID-ICF) in the SAP Basis component 700 before SP12, and 640 before SP20, allow remote attackers to inject arbitrary web script or HTML via certain parameters associated with the… | |||
| CVE-2007-3496 | 0.00 | — | 0.02 | Jun 29, 2007 | Cross-site scripting (XSS) vulnerability in SAP Web Dynpro Java (BC-WD-JAV) in SAP NetWeaver Nw04 SP15 through SP19 and Nw04s SP7 through SP11, aka SAP Java Technology Services 640 before SP20 and SAP Web Dynpro Runtime Core Components 700 before SP12, allows remote attackers to… | |||
| CVE-2007-3497 | 0.01 | — | 0.10 | Jun 29, 2007 | Microsoft Internet Explorer 7 allows remote attackers to determine the existence of page history via the history.length JavaScript variable. | |||
| CVE-2007-3498 | 0.00 | — | 0.01 | Jun 29, 2007 | Cross-site scripting (XSS) vulnerability in smoketests/configForm.php in HTML Purifier before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "unescaped print_r output." | |||
| CVE-2007-3499 | 0.00 | — | 0.01 | Jun 29, 2007 | SlackRoll before 8 accepts gpg exit codes other than 0 and 1 as evidence of a valid signature, which allows remote Slackware mirror sites or man-in-the-middle attackers to cause a denial of service (data inconsistency) or possibly install Trojan horse packages via malformed gpg… | |||
| CVE-2007-3500 | 0.00 | — | 0.03 | Jun 29, 2007 | Xeweb XEForum allows remote attackers to gain privileges via a modified xeforum cookie. | |||
| CVE-2007-3483 | 0.00 | — | 0.01 | Jun 28, 2007 | Research in Motion BlackBerry Enterprise Server 4.0 through 4.1 has a default configuration that permits installation of arbitrary third-party applications on BlackBerry devices, which might facilitate loading of malware. | |||
| CVE-2007-3484 | Med | 0.40 | 6.1 | 0.00 | Jun 28, 2007 | Cross-site scripting (XSS) vulnerability in search.php in Google Custom Search Engine allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this issue is disputed by the Google Security Team, who states that "Google does not provide the… | ||
| CVE-2007-3485 | 0.00 | — | 0.01 | Jun 28, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Yandex.Server allow remote attackers to inject arbitrary web script or HTML via the (1) query or (2) within parameter to the default URI. | |||
| CVE-2007-3486 | 0.00 | — | 0.01 | Jun 28, 2007 | Cross-site scripting (XSS) vulnerability in AltaVista search engine allows remote attackers to inject arbitrary web script or HTML via the text parameter to the default URI. | |||
| CVE-2007-2800 | 0.00 | — | 0.01 | Jun 28, 2007 | index.php in eTicket 1.5.5.1 and earlier allows remote attackers to obtain sensitive information via the (1) name[], (2) email[], (3) phone[], or (4) subject[] parameters, which reveals the installation path in the resulting error messages. | |||
| CVE-2007-3469 | 0.00 | — | 0.00 | Jun 28, 2007 | Unspecified vulnerability in the TCP Loopback/Fusion implementation in Sun Solaris 10 allows local users to cause a denial of service (resource exhaustion and service hang) via unspecified vectors. | |||
| CVE-2007-3470 | 0.00 | — | 0.03 | Jun 28, 2007 | Multiple unspecified vulnerabilities in the KSSL kernel module in Sun Solaris 10, when configured with the KSSL proxy, allow remote attackers to cause a denial of service (kernel panic) via unspecified vectors related to "memory buffers" of Secure Socket Layer (SSL) records. | |||
| CVE-2007-3471 | 0.00 | — | 0.00 | Jun 28, 2007 | Buffer overflow in the dtsession Common Desktop Environment (CDE) Session Manager in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via unspecified vectors. | |||
| CVE-2007-3472 | 0.01 | — | 0.07 | Jun 28, 2007 | Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact. | |||
| CVE-2007-3473 | 0.04 | — | 0.13 | Jun 28, 2007 | The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. | |||
| CVE-2007-3474 | 0.00 | — | 0.03 | Jun 28, 2007 | Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 have unspecified impact and user-assisted remote attack vectors. | |||
| CVE-2007-3475 | 0.00 | — | 0.02 | Jun 28, 2007 | The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. | |||
| CVE-2007-3476 | 0.00 | — | 0.02 | Jun 28, 2007 | Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault. | |||
| CVE-2007-3477 | 0.00 | — | 0.05 | Jun 28, 2007 | The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value. | |||
| CVE-2007-3478 | 0.00 | — | 0.02 | Jun 28, 2007 | Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support. | |||
| CVE-2007-3479 | 0.03 | — | 0.03 | Jun 28, 2007 | Stack-based buffer overflow in PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to execute arbitrary code via a long string in the "used DLL" field in a WDP project file. | |||
| CVE-2007-3480 | 0.00 | — | 0.02 | Jun 28, 2007 | PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to cause a denial of service (infinite loop and resource consumption) via a malformed WDP project file. | |||
| CVE-2007-3481 | 0.01 | — | 0.16 | Jun 28, 2007 | Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute.… | |||
| CVE-2007-3482 | 0.00 | — | 0.01 | Jun 28, 2007 | Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. | |||
| CVE-2007-3467 | 0.00 | — | 0.03 | Jun 27, 2007 | Integer overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a WAV file with a large sample rate. | |||
| CVE-2007-3468 | 0.00 | — | 0.03 | Jun 27, 2007 | input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a crafted WAV file that causes an uninitialized i_nb_resamplers variable to be used. | |||
| CVE-2007-3254 | 0.00 | — | 0.02 | Jun 27, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to inject arbitrary web script or HTML via (1) a saved Workflow name; (2) a Workflow name, related to… | |||
| CVE-2007-3255 | 0.00 | — | 0.02 | Jun 27, 2007 | Multiple cross-site request forgery (CSRF) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to execute commands as arbitrary users via (1) a saved Workflow name or (2) the Content-Type HTTP… | |||
| CVE-2007-3256 | 0.00 | — | 0.01 | Jun 27, 2007 | Xythos Enterprise Document Manager (XEDM), Digital Locker (XDL), and possibly WebFile Server before 6.0.46.1 allow remote authenticated users to associate arbitrary Content-Type HTTP headers with documents, which might facilitate malware distribution. | |||
| CVE-2007-3459 | 0.03 | — | 0.03 | Jun 27, 2007 | A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax Vector 1.3 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the WriteMovie method. | |||
| CVE-2007-3460 | 0.03 | — | 0.03 | Jun 27, 2007 | Multiple PHP remote file inclusion vulnerabilities in index.php3 in EVA-Web 1.1 through 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) aide or (2) perso parameter. | |||
| CVE-2007-3461 | 0.03 | — | 0.01 | Jun 27, 2007 | SQL injection vulnerability in property.php in elkagroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter. |
- CVE-2007-3501Jun 30, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAdmin 1.30.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a different vector than CVE-2007-1508.
- CVE-2007-3502Jun 30, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in the web-based product configuration system in Kaspersky Anti-Spam before 3.0 MP1 allows remote attackers to obtain access to certain directories.
- CVE-2007-3503Jun 30, 2007risk 0.00cvss —epss 0.03
The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2007-3504Jun 30, 2007risk 0.01cvss —epss 0.06
Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants…
- CVE-2006-7211Jun 29, 2007risk 0.00cvss —epss 0.00
fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the semaphore array, which allows local users to cause a denial of service (blocked query processing) by locking semaphores.
- CVE-2006-7212Jun 29, 2007risk 0.00cvss —epss 0.01
Multiple buffer overflows in Firebird 1.5, one of which affects WNET, have unknown impact and attack vectors. NOTE: this issue might overlap CVE-2006-1240.
- CVE-2006-7213Jun 29, 2007risk 0.00cvss —epss 0.01
Firebird 1.5 allows remote authenticated users without SYSDBA and owner permissions to overwrite a database by creating a database.
- CVE-2006-7214Jun 29, 2007risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in Firebird 1.5 allow remote attackers to (1) cause a denial of service (application crash) by sending many remote protocol versions; and (2) cause a denial of service (connection drop) via certain network traffic, as demonstrated by Nessus…
- CVE-2007-3378Jun 29, 2007risk 0.00cvss —epss 0.05
The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as…
- CVE-2007-3487Jun 29, 2007risk 0.04cvss —epss 0.09
Absolute path traversal in a certain ActiveX control in hpqxml.dll 2.0.0.133 in Hewlett-Packard (HP) Photo Digital Imaging allows remote attackers to create or overwrite arbitrary files via the argument to the saveXMLAsFile method.
- CVE-2007-3488Jun 29, 2007risk 0.04cvss —epss 0.16
Heap-based buffer overflow in the viewer ActiveX control in Sony Network Camera SNC-RZ25N before 1.30; SNC-P1 and SNC-P5 before 1.29; SNC-CS10 and SNC-CS11 before 1.06; SNC-DF40N and SNC-DF70N before 1.18; SNC-RZ50N and SNC-CS50N before 2.22; SNC-DF85N, SNC-DF80N, and SNC-DF50N…
- CVE-2007-3489Jun 29, 2007risk 0.00cvss —epss 0.03
Cross-site request forgery (CSRF) vulnerability in pop/WizU.html in the management interface in Check Point VPN-1 Edge X Embedded NGX 7.0.33x on the Check Point VPN-1 UTM Edge allows remote attackers to perform privileged actions as administrators, as demonstrated by a request…
- CVE-2007-3490Jun 29, 2007risk 0.06cvss —epss 0.37
Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls.
- CVE-2007-3491Jun 29, 2007risk 0.00cvss —epss 0.03
Buffer overflow in _mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to have an unknown impact via a malformed TCP/IP message.
- CVE-2007-3492Jun 29, 2007risk 0.03cvss —epss 0.03
Conti FtpServer 1.0 allows remote authenticated users to cause a denial of service (daemon crash) via a certain string containing "//A:" in the argument to the LIST command.
- CVE-2007-3493Jun 29, 2007risk 0.06cvss —epss 0.31
A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTAudioStudio (NCTAudioStudio2) 2.7, as used by Sienzo DMM and probably other products, allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the CreateFile method,…
- CVE-2007-3494Jun 29, 2007risk 0.00cvss —epss 0.02
Papoo CMS 3.6, and possibly earlier, does not verify user privileges when accessing the backend administration plugins, which allows remote authenticated users to (1) read the entire database by accessing the database backup plugin via a devtools/templates/newdump_backend.html…
- CVE-2007-3495Jun 29, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in the SAP Internet Communication Framework (BC-MID-ICF) in the SAP Basis component 700 before SP12, and 640 before SP20, allow remote attackers to inject arbitrary web script or HTML via certain parameters associated with the…
- CVE-2007-3496Jun 29, 2007risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in SAP Web Dynpro Java (BC-WD-JAV) in SAP NetWeaver Nw04 SP15 through SP19 and Nw04s SP7 through SP11, aka SAP Java Technology Services 640 before SP20 and SAP Web Dynpro Runtime Core Components 700 before SP12, allows remote attackers to…
- CVE-2007-3497Jun 29, 2007risk 0.01cvss —epss 0.10
Microsoft Internet Explorer 7 allows remote attackers to determine the existence of page history via the history.length JavaScript variable.
- CVE-2007-3498Jun 29, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in smoketests/configForm.php in HTML Purifier before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "unescaped print_r output."
- CVE-2007-3499Jun 29, 2007risk 0.00cvss —epss 0.01
SlackRoll before 8 accepts gpg exit codes other than 0 and 1 as evidence of a valid signature, which allows remote Slackware mirror sites or man-in-the-middle attackers to cause a denial of service (data inconsistency) or possibly install Trojan horse packages via malformed gpg…
- CVE-2007-3500Jun 29, 2007risk 0.00cvss —epss 0.03
Xeweb XEForum allows remote attackers to gain privileges via a modified xeforum cookie.
- CVE-2007-3483Jun 28, 2007risk 0.00cvss —epss 0.01
Research in Motion BlackBerry Enterprise Server 4.0 through 4.1 has a default configuration that permits installation of arbitrary third-party applications on BlackBerry devices, which might facilitate loading of malware.
- risk 0.40cvss 6.1epss 0.00
Cross-site scripting (XSS) vulnerability in search.php in Google Custom Search Engine allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this issue is disputed by the Google Security Team, who states that "Google does not provide the…
- CVE-2007-3485Jun 28, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Yandex.Server allow remote attackers to inject arbitrary web script or HTML via the (1) query or (2) within parameter to the default URI.
- CVE-2007-3486Jun 28, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in AltaVista search engine allows remote attackers to inject arbitrary web script or HTML via the text parameter to the default URI.
- CVE-2007-2800Jun 28, 2007risk 0.00cvss —epss 0.01
index.php in eTicket 1.5.5.1 and earlier allows remote attackers to obtain sensitive information via the (1) name[], (2) email[], (3) phone[], or (4) subject[] parameters, which reveals the installation path in the resulting error messages.
- CVE-2007-3469Jun 28, 2007risk 0.00cvss —epss 0.00
Unspecified vulnerability in the TCP Loopback/Fusion implementation in Sun Solaris 10 allows local users to cause a denial of service (resource exhaustion and service hang) via unspecified vectors.
- CVE-2007-3470Jun 28, 2007risk 0.00cvss —epss 0.03
Multiple unspecified vulnerabilities in the KSSL kernel module in Sun Solaris 10, when configured with the KSSL proxy, allow remote attackers to cause a denial of service (kernel panic) via unspecified vectors related to "memory buffers" of Secure Socket Layer (SSL) records.
- CVE-2007-3471Jun 28, 2007risk 0.00cvss —epss 0.00
Buffer overflow in the dtsession Common Desktop Environment (CDE) Session Manager in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via unspecified vectors.
- CVE-2007-3472Jun 28, 2007risk 0.01cvss —epss 0.07
Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact.
- CVE-2007-3473Jun 28, 2007risk 0.04cvss —epss 0.13
The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure.
- CVE-2007-3474Jun 28, 2007risk 0.00cvss —epss 0.03
Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 have unspecified impact and user-assisted remote attack vectors.
- CVE-2007-3475Jun 28, 2007risk 0.00cvss —epss 0.02
The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map.
- CVE-2007-3476Jun 28, 2007risk 0.00cvss —epss 0.02
Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault.
- CVE-2007-3477Jun 28, 2007risk 0.00cvss —epss 0.05
The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value.
- CVE-2007-3478Jun 28, 2007risk 0.00cvss —epss 0.02
Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support.
- CVE-2007-3479Jun 28, 2007risk 0.03cvss —epss 0.03
Stack-based buffer overflow in PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to execute arbitrary code via a long string in the "used DLL" field in a WDP project file.
- CVE-2007-3480Jun 28, 2007risk 0.00cvss —epss 0.02
PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to cause a denial of service (infinite loop and resource consumption) via a malformed WDP project file.
- CVE-2007-3481Jun 28, 2007risk 0.01cvss —epss 0.16
Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute.…
- CVE-2007-3482Jun 28, 2007risk 0.00cvss —epss 0.01
Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute.
- CVE-2007-3467Jun 27, 2007risk 0.00cvss —epss 0.03
Integer overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a WAV file with a large sample rate.
- CVE-2007-3468Jun 27, 2007risk 0.00cvss —epss 0.03
input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a crafted WAV file that causes an uninitialized i_nb_resamplers variable to be used.
- CVE-2007-3254Jun 27, 2007risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to inject arbitrary web script or HTML via (1) a saved Workflow name; (2) a Workflow name, related to…
- CVE-2007-3255Jun 27, 2007risk 0.00cvss —epss 0.02
Multiple cross-site request forgery (CSRF) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to execute commands as arbitrary users via (1) a saved Workflow name or (2) the Content-Type HTTP…
- CVE-2007-3256Jun 27, 2007risk 0.00cvss —epss 0.01
Xythos Enterprise Document Manager (XEDM), Digital Locker (XDL), and possibly WebFile Server before 6.0.46.1 allow remote authenticated users to associate arbitrary Content-Type HTTP headers with documents, which might facilitate malware distribution.
- CVE-2007-3459Jun 27, 2007risk 0.03cvss —epss 0.03
A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax Vector 1.3 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the WriteMovie method.
- CVE-2007-3460Jun 27, 2007risk 0.03cvss —epss 0.03
Multiple PHP remote file inclusion vulnerabilities in index.php3 in EVA-Web 1.1 through 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) aide or (2) perso parameter.
- CVE-2007-3461Jun 27, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in property.php in elkagroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.