| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-3225 | 0.00 | — | 0.02 | Jun 14, 2007 | Unspecified vulnerability in Sun Java System Directory Server (slapd) 6.0, and 5.2 with Patch 3 or 4, allows remote attackers to modify certain data via unknown vectors. | |||
| CVE-2007-3226 | 0.00 | — | 0.01 | Jun 14, 2007 | Cross-site scripting (XSS) vulnerability in dotProject before 2.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-2851 and CVE-2006-3240. | |||
| CVE-2007-3227 | 0.03 | — | 0.04 | Jun 14, 2007 | Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values. | |||
| CVE-2007-3228 | 0.08 | — | 0.67 | Jun 14, 2007 | PHP remote file inclusion vulnerability in saf/lib/PEAR/PhpDocumentor/Documentation/tests/bug-559668.php in Sitellite CMS 4.2.12 and earlier might allow remote attackers to execute arbitrary PHP code via a URL in the FORUM[LIB] parameter. NOTE: by default, access to the… | |||
| CVE-2007-3229 | 0.00 | — | 0.01 | Jun 14, 2007 | index.php in Singapore Gallery allows remote attackers to obtain sensitive information via a request with a non-directory gallery parameter, which reveals the path in an error message. | |||
| CVE-2007-3230 | 0.08 | — | 0.68 | Jun 14, 2007 | PHP remote file inclusion vulnerability in phphtml.php in Idan Sofer PHP::HTML 0.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the htmlclass_path parameter. | |||
| CVE-2007-3231 | 0.00 | — | 0.01 | Jun 14, 2007 | Buffer overflow in MeCab before 0.96 has unknown impact and attack vectors. | |||
| CVE-2007-3212 | 0.03 | — | 0.02 | Jun 14, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in links.php in Beehive Forum 0.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) viewmode, (2) fid, and (3) sort_dir parameters, different vectors than CVE-2005-4460. | |||
| CVE-2007-3213 | 0.00 | — | 0.01 | Jun 14, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in comments.cgi in Sporum Forum 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view and (2) mode parameters. | |||
| CVE-2007-3214 | 0.03 | — | 0.01 | Jun 14, 2007 | SQL injection vulnerability in style.php in e-Vision CMS 2.02 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the template parameter. | |||
| CVE-2007-3215 | 0.00 | — | 0.02 | Jun 14, 2007 | PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php. | |||
| CVE-2007-3216 | 0.08 | — | 0.59 | Jun 14, 2007 | Multiple buffer overflows in the LGServer component of CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.1 allow remote attackers to execute arbitrary code via crafted arguments to the (1) rxsAddNewUser, (2) rxsSetUserInfo, (3) rxsRenameUser, (4)… | |||
| CVE-2007-3217 | 0.04 | — | 0.10 | Jun 14, 2007 | Multiple PHP remote file inclusion vulnerabilities in Prototype of an PHP application 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the path_inc parameter to (1) index.php in gestion/; (2) identification.php, (3) disconnect.php, (4) loginliste.php, (5)… | |||
| CVE-2007-3218 | 0.00 | — | 0.01 | Jun 14, 2007 | Cross-site scripting (XSS) vulnerability in request.php in PHP Live! 3.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the pagex parameter. | |||
| CVE-2007-3219 | 0.00 | — | 0.02 | Jun 14, 2007 | Unspecified vulnerability in sources/action_public/xmlout.php in Invision Power Board (IPB or IP.Board) 2.2.0 through 2.2.2 allows remote attackers to modify another user's profile data, such as an AIM screen name or Yahoo! identity. | |||
| CVE-2006-4168 | 0.00 | — | 0.04 | Jun 14, 2007 | Integer overflow in the exif_data_load_data_entry function in libexif/exif-data.c in Libexif before 0.6.16 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via an image with many EXIF components, which triggers a heap-based… | |||
| CVE-2007-3099 | 0.00 | — | 0.01 | Jun 14, 2007 | usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service (iscsid exit or… | |||
| CVE-2007-3100 | 0.00 | — | 0.00 | Jun 14, 2007 | usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 uses a semaphore with insecure permissions (world-writable/world-readable) for managing log messages using shared memory, which allows local users to cause a denial of service (hang) by grabbing the… | |||
| CVE-2007-3208 | 0.00 | — | 0.06 | Jun 14, 2007 | CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 allows remote attackers to obtain administrative access via requests to (1) register.pl or (2) profile.pl that write CRLF sequences to a .vars file. NOTE: this can be leveraged to execute arbitrary code. | |||
| CVE-2007-3209 | 0.00 | — | 0.01 | Jun 14, 2007 | Mail Notification 4.0, when WITH_SSL is set to 0 at compile time, uses unencrypted connections for accounts configured with SSL/TLS, which allows remote attackers to obtain sensitive information by sniffing the network. | |||
| CVE-2007-3210 | 0.00 | — | 0.04 | Jun 14, 2007 | Stack-based buffer overflow in nptoken.mox in the Cellosoft Tokens Object 2.0.0.6 extension for Vitalize! allows remote attackers to execute arbitrary code via a long string argument to the RemoveChr method. NOTE: the provenance of this information is unknown; the details are… | |||
| CVE-2007-3211 | 0.00 | — | 0.01 | Jun 14, 2007 | Cross-site scripting (XSS) vulnerability in 404.php in Domain Technologie Control (DTC) before 0.25.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI). NOTE: the provenance of this information is unknown; the details are obtained… | |||
| CVE-2007-2391 | 0.00 | — | 0.01 | Jun 14, 2007 | Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via a web page that includes a windows.setTimeout function that is activated after the user has moved from the current page. | |||
| CVE-2007-3205 | 0.00 | — | 0.02 | Jun 13, 2007 | The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is… | |||
| CVE-2007-3181 | 0.04 | — | 0.13 | Jun 12, 2007 | Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows remote attackers to execute arbitrary code via a large p_cnct_count value in a p_cnct structure in a connect (0x01) request to port 3050/tcp, related to "an InterBase version of gds32.dll." | |||
| CVE-2007-3188 | 0.03 | — | 0.01 | Jun 12, 2007 | SQL injection vulnerability in down_indir.asp in Fullaspsite GeometriX Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2007-3189 | 0.03 | — | 0.04 | Jun 12, 2007 | Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter. | |||
| CVE-2007-3190 | 0.03 | — | 0.01 | Jun 12, 2007 | Multiple SQL injection vulnerabilities in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) pass parameters. | |||
| CVE-2007-3191 | 0.04 | — | 0.08 | Jun 12, 2007 | Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to obtain configuration information via a direct request to admin/adm/test.php, which calls the phpinfo function. | |||
| CVE-2007-3192 | 0.03 | — | 0.04 | Jun 12, 2007 | admin/setup.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to read and modify configuration settings via a direct request. | |||
| CVE-2007-3193 | 0.00 | — | 0.04 | Jun 12, 2007 | lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, might allow remote attackers to bypass authentication via an empty password, which causes ldap_bind to return true when used with certain LDAP implementations. | |||
| CVE-2007-3194 | Cri | 0.64 | 9.8 | 0.02 | Jun 12, 2007 | Multiple PHP remote file inclusion vulnerabilities in myBloggie 2.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the bloggie_root_path parameter to (1) config.php; (2) db.php, (3) template.php, (4) functions.php, and (5) classes.php in includes/; (6)… | ||
| CVE-2007-3195 | 0.00 | — | 0.01 | Jun 12, 2007 | Cross-site scripting (XSS) vulnerability in index.php in ERFAN WIKI 1.00 allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||
| CVE-2007-3196 | 0.03 | — | 0.01 | Jun 12, 2007 | SQL injection vulnerability in vBSupport.php in vSupport Integrated Ticket System 3.x.x allows remote attackers to execute arbitrary SQL commands via the ticketid parameter in a showticket action. | |||
| CVE-2007-3197 | 0.00 | — | 0.01 | Jun 12, 2007 | SQL injection vulnerability in vBSupport.php in vBSupport 1.1 before 1.1a allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2007-3198 | 0.03 | — | 0.02 | Jun 12, 2007 | Cross-site scripting (XSS) vulnerability in comments.php in Maran PHP Blog (Maran Blog), possibly only versions before 20070610, allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||
| CVE-2007-3199 | 0.03 | — | 0.03 | Jun 12, 2007 | Unrestricted file upload vulnerability in Link Request Contact Form 3.4 allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension and an image content type, as demonstrated by image/jpeg. | |||
| CVE-2007-3200 | 0.00 | — | 0.00 | Jun 12, 2007 | NMASINST in Novell Modular Authentication Service (NMAS) 3.1.2 and earlier on NetWare logs its invoking command line to NMASINST.LOG, which might allow local users to obtain the admin username and password by reading this file. | |||
| CVE-2007-3201 | 0.03 | — | 0.03 | Jun 12, 2007 | Visual truncation vulnerability in Windows Privacy Tray (WinPT) 1.2.0 allows user-assisted remote attackers to install a key listed under the wrong user ID, and possibly cause the user to encrypt a victim's correspondence with this attacker-supplied key, via a key ID composed of… | |||
| CVE-2007-3202 | 0.00 | — | 0.01 | Jun 12, 2007 | Cross-site scripting (XSS) vulnerability in the rich text editor in Webwiz allows remote attackers to inject arbitrary web script or HTML via URL-encoded HTML composed of a frameset in which a frame has a SRC attribute pointing to a JavaScript document. | |||
| CVE-2007-3203 | 0.00 | — | 0.04 | Jun 12, 2007 | Stack-based buffer overflow in smtpdll.dll in the SMTP service in 602Pro LAN SUITE 2003 2003.0.03.0828 allows remote attackers to execute arbitrary code via an e-mail message with a long address. NOTE: the provenance of this information is unknown; the details are obtained… | |||
| CVE-2007-3204 | 0.00 | — | 0.01 | Jun 12, 2007 | SQL injection vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.4-pre2 allows remote attackers to execute arbitrary SQL commands via the pass parameter. NOTE: this issue reportedly exists because of an initial incomplete fix for CVE-2007-3190. The… | |||
| CVE-2007-3185 | 0.00 | — | 0.02 | Jun 12, 2007 | Apple Safari Beta 3.0.1 for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi. | |||
| CVE-2007-3186 | 0.03 | — | 0.05 | Jun 12, 2007 | Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI. | |||
| CVE-2007-3187 | 0.00 | — | 0.03 | Jun 12, 2007 | Multiple unspecified vulnerabilities in Apple Safari for Windows allow remote attackers to cause a denial of service or execute arbitrary code, possibly involving memory corruption, and a different issue from CVE-2007-3185 and CVE-2007-3186. NOTE: as of 20070612, the original… | |||
| CVE-2007-0245 | 0.00 | — | 0.06 | Jun 12, 2007 | Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier allows remote attackers to execute arbitrary code via a RTF file with a crafted prtdata tag with a length parameter inconsistency, which causes vtable entries to be overwritten. | |||
| CVE-2007-2227 | 0.02 | — | 0.25 | Jun 12, 2007 | The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition… | |||
| CVE-2007-3184 | 0.00 | — | 0.01 | Jun 12, 2007 | Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu when the Access Control Server (ACS) produces a user notification… | |||
| CVE-2007-2219 | 0.03 | — | 0.32 | Jun 12, 2007 | Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function. | |||
| CVE-2007-2225 | 0.02 | — | 0.25 | Jun 12, 2007 | A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing… |
- CVE-2007-3225Jun 14, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in Sun Java System Directory Server (slapd) 6.0, and 5.2 with Patch 3 or 4, allows remote attackers to modify certain data via unknown vectors.
- CVE-2007-3226Jun 14, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in dotProject before 2.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-2851 and CVE-2006-3240.
- CVE-2007-3227Jun 14, 2007risk 0.03cvss —epss 0.04
Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values.
- CVE-2007-3228Jun 14, 2007risk 0.08cvss —epss 0.67
PHP remote file inclusion vulnerability in saf/lib/PEAR/PhpDocumentor/Documentation/tests/bug-559668.php in Sitellite CMS 4.2.12 and earlier might allow remote attackers to execute arbitrary PHP code via a URL in the FORUM[LIB] parameter. NOTE: by default, access to the…
- CVE-2007-3229Jun 14, 2007risk 0.00cvss —epss 0.01
index.php in Singapore Gallery allows remote attackers to obtain sensitive information via a request with a non-directory gallery parameter, which reveals the path in an error message.
- CVE-2007-3230Jun 14, 2007risk 0.08cvss —epss 0.68
PHP remote file inclusion vulnerability in phphtml.php in Idan Sofer PHP::HTML 0.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the htmlclass_path parameter.
- CVE-2007-3231Jun 14, 2007risk 0.00cvss —epss 0.01
Buffer overflow in MeCab before 0.96 has unknown impact and attack vectors.
- CVE-2007-3212Jun 14, 2007risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in links.php in Beehive Forum 0.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) viewmode, (2) fid, and (3) sort_dir parameters, different vectors than CVE-2005-4460.
- CVE-2007-3213Jun 14, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in comments.cgi in Sporum Forum 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view and (2) mode parameters.
- CVE-2007-3214Jun 14, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in style.php in e-Vision CMS 2.02 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the template parameter.
- CVE-2007-3215Jun 14, 2007risk 0.00cvss —epss 0.02
PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.
- CVE-2007-3216Jun 14, 2007risk 0.08cvss —epss 0.59
Multiple buffer overflows in the LGServer component of CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.1 allow remote attackers to execute arbitrary code via crafted arguments to the (1) rxsAddNewUser, (2) rxsSetUserInfo, (3) rxsRenameUser, (4)…
- CVE-2007-3217Jun 14, 2007risk 0.04cvss —epss 0.10
Multiple PHP remote file inclusion vulnerabilities in Prototype of an PHP application 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the path_inc parameter to (1) index.php in gestion/; (2) identification.php, (3) disconnect.php, (4) loginliste.php, (5)…
- CVE-2007-3218Jun 14, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in request.php in PHP Live! 3.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the pagex parameter.
- CVE-2007-3219Jun 14, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in sources/action_public/xmlout.php in Invision Power Board (IPB or IP.Board) 2.2.0 through 2.2.2 allows remote attackers to modify another user's profile data, such as an AIM screen name or Yahoo! identity.
- CVE-2006-4168Jun 14, 2007risk 0.00cvss —epss 0.04
Integer overflow in the exif_data_load_data_entry function in libexif/exif-data.c in Libexif before 0.6.16 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via an image with many EXIF components, which triggers a heap-based…
- CVE-2007-3099Jun 14, 2007risk 0.00cvss —epss 0.01
usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service (iscsid exit or…
- CVE-2007-3100Jun 14, 2007risk 0.00cvss —epss 0.00
usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 uses a semaphore with insecure permissions (world-writable/world-readable) for managing log messages using shared memory, which allows local users to cause a denial of service (hang) by grabbing the…
- CVE-2007-3208Jun 14, 2007risk 0.00cvss —epss 0.06
CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 allows remote attackers to obtain administrative access via requests to (1) register.pl or (2) profile.pl that write CRLF sequences to a .vars file. NOTE: this can be leveraged to execute arbitrary code.
- CVE-2007-3209Jun 14, 2007risk 0.00cvss —epss 0.01
Mail Notification 4.0, when WITH_SSL is set to 0 at compile time, uses unencrypted connections for accounts configured with SSL/TLS, which allows remote attackers to obtain sensitive information by sniffing the network.
- CVE-2007-3210Jun 14, 2007risk 0.00cvss —epss 0.04
Stack-based buffer overflow in nptoken.mox in the Cellosoft Tokens Object 2.0.0.6 extension for Vitalize! allows remote attackers to execute arbitrary code via a long string argument to the RemoveChr method. NOTE: the provenance of this information is unknown; the details are…
- CVE-2007-3211Jun 14, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in 404.php in Domain Technologie Control (DTC) before 0.25.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI). NOTE: the provenance of this information is unknown; the details are obtained…
- CVE-2007-2391Jun 14, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via a web page that includes a windows.setTimeout function that is activated after the user has moved from the current page.
- CVE-2007-3205Jun 13, 2007risk 0.00cvss —epss 0.02
The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is…
- CVE-2007-3181Jun 12, 2007risk 0.04cvss —epss 0.13
Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows remote attackers to execute arbitrary code via a large p_cnct_count value in a p_cnct structure in a connect (0x01) request to port 3050/tcp, related to "an InterBase version of gds32.dll."
- CVE-2007-3188Jun 12, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in down_indir.asp in Fullaspsite GeometriX Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2007-3189Jun 12, 2007risk 0.03cvss —epss 0.04
Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter.
- CVE-2007-3190Jun 12, 2007risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) pass parameters.
- CVE-2007-3191Jun 12, 2007risk 0.04cvss —epss 0.08
Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to obtain configuration information via a direct request to admin/adm/test.php, which calls the phpinfo function.
- CVE-2007-3192Jun 12, 2007risk 0.03cvss —epss 0.04
admin/setup.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to read and modify configuration settings via a direct request.
- CVE-2007-3193Jun 12, 2007risk 0.00cvss —epss 0.04
lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, might allow remote attackers to bypass authentication via an empty password, which causes ldap_bind to return true when used with certain LDAP implementations.
- risk 0.64cvss 9.8epss 0.02
Multiple PHP remote file inclusion vulnerabilities in myBloggie 2.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the bloggie_root_path parameter to (1) config.php; (2) db.php, (3) template.php, (4) functions.php, and (5) classes.php in includes/; (6)…
- CVE-2007-3195Jun 12, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in index.php in ERFAN WIKI 1.00 allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2007-3196Jun 12, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in vBSupport.php in vSupport Integrated Ticket System 3.x.x allows remote attackers to execute arbitrary SQL commands via the ticketid parameter in a showticket action.
- CVE-2007-3197Jun 12, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in vBSupport.php in vBSupport 1.1 before 1.1a allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2007-3198Jun 12, 2007risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in comments.php in Maran PHP Blog (Maran Blog), possibly only versions before 20070610, allows remote attackers to inject arbitrary web script or HTML via the id parameter.
- CVE-2007-3199Jun 12, 2007risk 0.03cvss —epss 0.03
Unrestricted file upload vulnerability in Link Request Contact Form 3.4 allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension and an image content type, as demonstrated by image/jpeg.
- CVE-2007-3200Jun 12, 2007risk 0.00cvss —epss 0.00
NMASINST in Novell Modular Authentication Service (NMAS) 3.1.2 and earlier on NetWare logs its invoking command line to NMASINST.LOG, which might allow local users to obtain the admin username and password by reading this file.
- CVE-2007-3201Jun 12, 2007risk 0.03cvss —epss 0.03
Visual truncation vulnerability in Windows Privacy Tray (WinPT) 1.2.0 allows user-assisted remote attackers to install a key listed under the wrong user ID, and possibly cause the user to encrypt a victim's correspondence with this attacker-supplied key, via a key ID composed of…
- CVE-2007-3202Jun 12, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the rich text editor in Webwiz allows remote attackers to inject arbitrary web script or HTML via URL-encoded HTML composed of a frameset in which a frame has a SRC attribute pointing to a JavaScript document.
- CVE-2007-3203Jun 12, 2007risk 0.00cvss —epss 0.04
Stack-based buffer overflow in smtpdll.dll in the SMTP service in 602Pro LAN SUITE 2003 2003.0.03.0828 allows remote attackers to execute arbitrary code via an e-mail message with a long address. NOTE: the provenance of this information is unknown; the details are obtained…
- CVE-2007-3204Jun 12, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.4-pre2 allows remote attackers to execute arbitrary SQL commands via the pass parameter. NOTE: this issue reportedly exists because of an initial incomplete fix for CVE-2007-3190. The…
- CVE-2007-3185Jun 12, 2007risk 0.00cvss —epss 0.02
Apple Safari Beta 3.0.1 for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi.
- CVE-2007-3186Jun 12, 2007risk 0.03cvss —epss 0.05
Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI.
- CVE-2007-3187Jun 12, 2007risk 0.00cvss —epss 0.03
Multiple unspecified vulnerabilities in Apple Safari for Windows allow remote attackers to cause a denial of service or execute arbitrary code, possibly involving memory corruption, and a different issue from CVE-2007-3185 and CVE-2007-3186. NOTE: as of 20070612, the original…
- CVE-2007-0245Jun 12, 2007risk 0.00cvss —epss 0.06
Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier allows remote attackers to execute arbitrary code via a RTF file with a crafted prtdata tag with a length parameter inconsistency, which causes vtable entries to be overwritten.
- CVE-2007-2227Jun 12, 2007risk 0.02cvss —epss 0.25
The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition…
- CVE-2007-3184Jun 12, 2007risk 0.00cvss —epss 0.01
Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu when the Access Control Server (ACS) produces a user notification…
- CVE-2007-2219Jun 12, 2007risk 0.03cvss —epss 0.32
Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.
- CVE-2007-2225Jun 12, 2007risk 0.02cvss —epss 0.25
A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing…