| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-0218 | 0.02 | — | 0.31 | Jun 12, 2007 | Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function. | |||
| CVE-2007-0934 | 0.02 | — | 0.31 | Jun 12, 2007 | Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption. | |||
| CVE-2007-0936 | 0.02 | — | 0.31 | Jun 12, 2007 | Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability." | |||
| CVE-2007-1750 | 0.02 | — | 0.31 | Jun 12, 2007 | Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption. | |||
| CVE-2007-1751 | 0.05 | — | 0.61 | Jun 12, 2007 | Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka "Uninitialized Memory Corruption Vulnerability." | |||
| CVE-2007-2218 | 0.01 | — | 0.13 | Jun 12, 2007 | Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL… | |||
| CVE-2007-2222 | 0.08 | — | 0.58 | Jun 12, 2007 | Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption,… | |||
| CVE-2007-2229 | 0.00 | — | 0.02 | Jun 12, 2007 | Microsoft Windows Vista uses insecure default permissions for unspecified "local user information data stores" in the registry and the file system, which allows local users to obtain sensitive information such as administrative passwords, aka "Permissive User Information Store… | |||
| CVE-2007-3027 | 0.03 | — | 0.35 | Jun 12, 2007 | Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka "Language Pack Installation Vulnerability." | |||
| CVE-2007-2796 | 0.00 | — | 0.02 | Jun 12, 2007 | Arris Cadant C3 CMTS allows remote attackers to cause a denial of service (service termination) via a malformed IP packet with an invalid IP option. | |||
| CVE-2007-3180 | 0.00 | — | 0.03 | Jun 12, 2007 | Buffer overflow in Help and Support Center before 4.4 C on HP Windows systems allows remote attackers to read or write arbitrary files via unknown vectors. | |||
| CVE-2007-2453 | 0.00 | — | 0.00 | Jun 11, 2007 | The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed pools when there is no entropy, or (2) uses an incorrect cast when extracting entropy, which might cause the random number generator to provide the same… | |||
| CVE-2007-2873 | 0.00 | — | 0.00 | Jun 11, 2007 | SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as root in unusual configurations using vpopmail or virtual users, allows local users to cause a denial of service (corrupt arbitrary files) via a symlink attack on a file that is used by spamd. | |||
| CVE-2007-2876 | 0.00 | — | 0.01 | Jun 11, 2007 | The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, allows remote attackers to cause a denial of service by causing certain invalid states that trigger a NULL… | |||
| CVE-2007-3179 | 0.00 | — | 0.01 | Jun 11, 2007 | Multiple SQL injection vulnerabilities in archives.php in Particle Blogger 1.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the month parameter and other unspecified vectors. | |||
| CVE-2007-2875 | 0.00 | — | 0.00 | Jun 11, 2007 | Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file. | |||
| CVE-2007-2920 | 0.01 | — | 0.07 | Jun 11, 2007 | Multiple stack-based buffer overflows in the Zoomify Viewer ActiveX control in ZActiveX.dll might allow remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2007-3151 | 0.04 | — | 0.07 | Jun 11, 2007 | rpttop.htm in the web management interface in Packeteer PacketShaper 7.3.0g2 and 7.5.0g1 allows remote attackers to cause a denial of service (device reboot) via a request with empty values of the OP.MEAS.DATAQUERY and MEAS.TYPE parameters. | |||
| CVE-2007-3152 | 0.00 | — | 0.01 | Jun 11, 2007 | c-ares before 1.4.0 uses a predictable seed for the random number generator for the DNS Transaction ID field, which might allow remote attackers to spoof DNS responses by guessing the field value. | |||
| CVE-2007-3153 | 0.00 | — | 0.01 | Jun 11, 2007 | The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random number sequence (Unix rand), which makes it easier for remote attackers to spoof DNS responses by guessing certain values. | |||
| CVE-2007-3154 | 0.00 | — | 0.02 | Jun 11, 2007 | Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka wz_tooltips) before 4.01, as used by eGroupWare before 1.2.107-2 and other packages, has unknown impact and remote attack vectors. | |||
| CVE-2007-3155 | 0.00 | — | 0.02 | Jun 11, 2007 | Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown impact and attack vectors related to ADOdb. NOTE: due to lack of details from the vendor, it is uncertain whether this issue is already covered by another CVE identifier. | |||
| CVE-2007-3156 | 0.00 | — | 0.02 | Jun 11, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. NOTE: some of these details are obtained… | |||
| CVE-2007-3157 | 0.04 | — | 0.09 | Jun 11, 2007 | IPSecDrv.sys 10.4.0.12 in SafeNET High Assurance Remote 1.4.0 Build 12, and SoftRemote, allows remote attackers to cause a denial of service (infinite loop and system hang) via an invalid packet with certain bytes in an option header, possibly related to the IPv6 support for… | |||
| CVE-2007-3158 | 0.03 | — | 0.02 | Jun 11, 2007 | download_script.asp in ASP Folder Gallery allows remote attackers to read arbitrary files via a filename in the file parameter. | |||
| CVE-2007-3159 | 0.03 | — | 0.03 | Jun 11, 2007 | http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a denial of service (application crash) via a negative value in the Content-Length HTTP header. | |||
| CVE-2007-3160 | 0.03 | — | 0.03 | Jun 11, 2007 | PHP remote file inclusion vulnerability in admin/header.php in PHP Real Estate Classifieds Premium Plus allows remote attackers to execute arbitrary PHP code via a URL in the loc parameter. | |||
| CVE-2007-3161 | 0.03 | — | 0.03 | Jun 11, 2007 | Buffer overflow in Ace-FTP Client 1.24a allows user-assisted, remote FTP servers to execute arbitrary code via a long response. | |||
| CVE-2007-3162 | 0.04 | — | 0.08 | Jun 11, 2007 | Buffer overflow in the NotSafe function in the idaiehlp ActiveX control in idaiehlp.dll 1.9.1.74 in Internet Download Accelerator (ida) 5.2 allows remote attackers to cause a denial of service (Internet Explorer crash) via a long argument. | |||
| CVE-2007-3163 | 0.00 | — | 0.02 | Jun 11, 2007 | Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by .php::$DATA filenames, a related issue to CVE-2006-0658. | |||
| CVE-2007-3164 | 0.01 | — | 0.10 | Jun 11, 2007 | Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentication for an IDN web site, uses ACE labels for the domain name in the status bar, but uses internationalized labels for this name in the authentication dialog, which might allow remote attackers to perform… | |||
| CVE-2007-3165 | 0.00 | — | 0.01 | Jun 11, 2007 | Tor before 0.1.2.14 can construct circuits in which an entry guard is in the same family as the exit node, which might compromise the anonymity of traffic sources and destinations by exposing traffic to inappropriate remote observers. | |||
| CVE-2007-3166 | 0.03 | — | 0.02 | Jun 11, 2007 | Buffer overflow in Qualcomm Eudora 7.1.0.9 allows user-assisted, remote IMAP servers to execute arbitrary code via a long FLAGS response to a SELECT INBOX command. | |||
| CVE-2007-3167 | 0.03 | — | 0.06 | Jun 11, 2007 | Stack-based buffer overflow in the Vivotek Motion Jpeg ActiveX control (aka MjpegControl) in MjpegDecoder.dll 2.0.0.13 allows remote attackers to execute arbitrary code via a long PtzUrl property value. | |||
| CVE-2007-3168 | 0.04 | — | 0.06 | Jun 11, 2007 | A certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to delete arbitrary files via the DeleteLocalFile method. | |||
| CVE-2007-3169 | 0.04 | — | 0.12 | Jun 11, 2007 | Buffer overflow in a certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long first argument… | |||
| CVE-2007-3170 | 0.03 | — | 0.02 | Jun 11, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Uebimiau Webmail allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to redirect.php or (2) the selected_theme parameter to demo/pop3/error.php. | |||
| CVE-2007-3171 | 0.03 | — | 0.02 | Jun 11, 2007 | Uebimiau Webmail allows remote attackers to obtain sensitive information via a request to demo/pop3/error.php with an invalid value of the (1) smarty or (2) selected_theme parameter, which reveals the path in various error messages. | |||
| CVE-2007-3172 | 0.00 | — | 0.02 | Jun 11, 2007 | Directory traversal vulnerability in demo/pop3/error.php in Uebimiau Webmail allows remote attackers to determine the existence of arbitrary directories via an absolute pathname and .. (dot dot) in the selected_theme parameter. | |||
| CVE-2007-3173 | 0.00 | — | 0.01 | Jun 11, 2007 | Almnzm allows remote attackers to obtain sensitive information via an activateorder request to index.php with an invalid orderid parameter, probably related to '[' and ']' characters. | |||
| CVE-2007-3174 | — | 0.00 | — | 0.01 | Jun 11, 2007 | Cross-site scripting (XSS) vulnerability in auth.w2b in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the adtype parameter, a different vector than CVE-2006-1980. | ||
| CVE-2007-3175 | — | 0.01 | — | 0.17 | Jun 11, 2007 | Multiple SQL injection vulnerabilities in W2B Online Banking allow remote attackers to execute arbitrary SQL commands via (1) the draft parameter to mailer.w2b or (2) the listDocPay parameter to DocPay.w2b. | ||
| CVE-2007-3176 | 0.00 | — | 0.01 | Jun 11, 2007 | Unspecified vulnerability in Ingate Firewall and SIParator before 4.5.2 allows remote authenticated users without full privileges to download a Support Report. | |||
| CVE-2007-3177 | 0.00 | — | 0.01 | Jun 11, 2007 | Ingate Firewall and SIParator before 4.5.2 allow remote attackers to bypass SIP authentication via a certain maddr parameter. | |||
| CVE-2007-3178 | 0.00 | — | 0.01 | Jun 11, 2007 | Multiple SQL injection vulnerabilities in Zindizayn Okul Web Sistemi 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) pass parameter to (a) mezungiris.asp or (b) ogretmenkontrol.asp. | |||
| CVE-2006-3974 | — | 0.03 | — | 0.02 | Jun 11, 2007 | Cross-site scripting (XSS) vulnerability in cgi-bin/admin in 3Com OfficeConnect Secure Router with firmware 1.04-168 allows remote attackers to inject arbitrary web script or HTML via the tk parameter. | ||
| CVE-2007-3150 | 0.00 | — | 0.01 | Jun 11, 2007 | Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .exe file, which is… | |||
| CVE-2007-3141 | 0.03 | — | 0.02 | Jun 11, 2007 | PHP remote file inclusion vulnerability in core/editor.php in phpWebThings 1.5.2 allows remote attackers to execute arbitrary PHP code via a URL in the editor_insert_top parameter. NOTE: the editor_insert_bottom vector is already covered by CVE-2006-6042. | |||
| CVE-2007-3142 | 0.00 | — | 0.01 | Jun 11, 2007 | Visual truncation vulnerability in Opera 9.21 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after 34 characters, as demonstrated by a phishing attack using HTTP Basic Authentication. | |||
| CVE-2007-3143 | 0.00 | — | 0.02 | Jun 11, 2007 | Visual truncation vulnerability in Konqueror 3.5.5 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic… |
- CVE-2007-0218Jun 12, 2007risk 0.02cvss —epss 0.31
Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function.
- CVE-2007-0934Jun 12, 2007risk 0.02cvss —epss 0.31
Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption.
- CVE-2007-0936Jun 12, 2007risk 0.02cvss —epss 0.31
Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability."
- CVE-2007-1750Jun 12, 2007risk 0.02cvss —epss 0.31
Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption.
- CVE-2007-1751Jun 12, 2007risk 0.05cvss —epss 0.61
Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka "Uninitialized Memory Corruption Vulnerability."
- CVE-2007-2218Jun 12, 2007risk 0.01cvss —epss 0.13
Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL…
- CVE-2007-2222Jun 12, 2007risk 0.08cvss —epss 0.58
Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption,…
- CVE-2007-2229Jun 12, 2007risk 0.00cvss —epss 0.02
Microsoft Windows Vista uses insecure default permissions for unspecified "local user information data stores" in the registry and the file system, which allows local users to obtain sensitive information such as administrative passwords, aka "Permissive User Information Store…
- CVE-2007-3027Jun 12, 2007risk 0.03cvss —epss 0.35
Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka "Language Pack Installation Vulnerability."
- CVE-2007-2796Jun 12, 2007risk 0.00cvss —epss 0.02
Arris Cadant C3 CMTS allows remote attackers to cause a denial of service (service termination) via a malformed IP packet with an invalid IP option.
- CVE-2007-3180Jun 12, 2007risk 0.00cvss —epss 0.03
Buffer overflow in Help and Support Center before 4.4 C on HP Windows systems allows remote attackers to read or write arbitrary files via unknown vectors.
- CVE-2007-2453Jun 11, 2007risk 0.00cvss —epss 0.00
The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed pools when there is no entropy, or (2) uses an incorrect cast when extracting entropy, which might cause the random number generator to provide the same…
- CVE-2007-2873Jun 11, 2007risk 0.00cvss —epss 0.00
SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as root in unusual configurations using vpopmail or virtual users, allows local users to cause a denial of service (corrupt arbitrary files) via a symlink attack on a file that is used by spamd.
- CVE-2007-2876Jun 11, 2007risk 0.00cvss —epss 0.01
The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, allows remote attackers to cause a denial of service by causing certain invalid states that trigger a NULL…
- CVE-2007-3179Jun 11, 2007risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in archives.php in Particle Blogger 1.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the month parameter and other unspecified vectors.
- CVE-2007-2875Jun 11, 2007risk 0.00cvss —epss 0.00
Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file.
- CVE-2007-2920Jun 11, 2007risk 0.01cvss —epss 0.07
Multiple stack-based buffer overflows in the Zoomify Viewer ActiveX control in ZActiveX.dll might allow remote attackers to execute arbitrary code via unspecified vectors.
- CVE-2007-3151Jun 11, 2007risk 0.04cvss —epss 0.07
rpttop.htm in the web management interface in Packeteer PacketShaper 7.3.0g2 and 7.5.0g1 allows remote attackers to cause a denial of service (device reboot) via a request with empty values of the OP.MEAS.DATAQUERY and MEAS.TYPE parameters.
- CVE-2007-3152Jun 11, 2007risk 0.00cvss —epss 0.01
c-ares before 1.4.0 uses a predictable seed for the random number generator for the DNS Transaction ID field, which might allow remote attackers to spoof DNS responses by guessing the field value.
- CVE-2007-3153Jun 11, 2007risk 0.00cvss —epss 0.01
The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random number sequence (Unix rand), which makes it easier for remote attackers to spoof DNS responses by guessing certain values.
- CVE-2007-3154Jun 11, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka wz_tooltips) before 4.01, as used by eGroupWare before 1.2.107-2 and other packages, has unknown impact and remote attack vectors.
- CVE-2007-3155Jun 11, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown impact and attack vectors related to ADOdb. NOTE: due to lack of details from the vendor, it is uncertain whether this issue is already covered by another CVE identifier.
- CVE-2007-3156Jun 11, 2007risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. NOTE: some of these details are obtained…
- CVE-2007-3157Jun 11, 2007risk 0.04cvss —epss 0.09
IPSecDrv.sys 10.4.0.12 in SafeNET High Assurance Remote 1.4.0 Build 12, and SoftRemote, allows remote attackers to cause a denial of service (infinite loop and system hang) via an invalid packet with certain bytes in an option header, possibly related to the IPv6 support for…
- CVE-2007-3158Jun 11, 2007risk 0.03cvss —epss 0.02
download_script.asp in ASP Folder Gallery allows remote attackers to read arbitrary files via a filename in the file parameter.
- CVE-2007-3159Jun 11, 2007risk 0.03cvss —epss 0.03
http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a denial of service (application crash) via a negative value in the Content-Length HTTP header.
- CVE-2007-3160Jun 11, 2007risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in admin/header.php in PHP Real Estate Classifieds Premium Plus allows remote attackers to execute arbitrary PHP code via a URL in the loc parameter.
- CVE-2007-3161Jun 11, 2007risk 0.03cvss —epss 0.03
Buffer overflow in Ace-FTP Client 1.24a allows user-assisted, remote FTP servers to execute arbitrary code via a long response.
- CVE-2007-3162Jun 11, 2007risk 0.04cvss —epss 0.08
Buffer overflow in the NotSafe function in the idaiehlp ActiveX control in idaiehlp.dll 1.9.1.74 in Internet Download Accelerator (ida) 5.2 allows remote attackers to cause a denial of service (Internet Explorer crash) via a long argument.
- CVE-2007-3163Jun 11, 2007risk 0.00cvss —epss 0.02
Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by .php::$DATA filenames, a related issue to CVE-2006-0658.
- CVE-2007-3164Jun 11, 2007risk 0.01cvss —epss 0.10
Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentication for an IDN web site, uses ACE labels for the domain name in the status bar, but uses internationalized labels for this name in the authentication dialog, which might allow remote attackers to perform…
- CVE-2007-3165Jun 11, 2007risk 0.00cvss —epss 0.01
Tor before 0.1.2.14 can construct circuits in which an entry guard is in the same family as the exit node, which might compromise the anonymity of traffic sources and destinations by exposing traffic to inappropriate remote observers.
- CVE-2007-3166Jun 11, 2007risk 0.03cvss —epss 0.02
Buffer overflow in Qualcomm Eudora 7.1.0.9 allows user-assisted, remote IMAP servers to execute arbitrary code via a long FLAGS response to a SELECT INBOX command.
- CVE-2007-3167Jun 11, 2007risk 0.03cvss —epss 0.06
Stack-based buffer overflow in the Vivotek Motion Jpeg ActiveX control (aka MjpegControl) in MjpegDecoder.dll 2.0.0.13 allows remote attackers to execute arbitrary code via a long PtzUrl property value.
- CVE-2007-3168Jun 11, 2007risk 0.04cvss —epss 0.06
A certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to delete arbitrary files via the DeleteLocalFile method.
- CVE-2007-3169Jun 11, 2007risk 0.04cvss —epss 0.12
Buffer overflow in a certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long first argument…
- CVE-2007-3170Jun 11, 2007risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Uebimiau Webmail allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to redirect.php or (2) the selected_theme parameter to demo/pop3/error.php.
- CVE-2007-3171Jun 11, 2007risk 0.03cvss —epss 0.02
Uebimiau Webmail allows remote attackers to obtain sensitive information via a request to demo/pop3/error.php with an invalid value of the (1) smarty or (2) selected_theme parameter, which reveals the path in various error messages.
- CVE-2007-3172Jun 11, 2007risk 0.00cvss —epss 0.02
Directory traversal vulnerability in demo/pop3/error.php in Uebimiau Webmail allows remote attackers to determine the existence of arbitrary directories via an absolute pathname and .. (dot dot) in the selected_theme parameter.
- CVE-2007-3173Jun 11, 2007risk 0.00cvss —epss 0.01
Almnzm allows remote attackers to obtain sensitive information via an activateorder request to index.php with an invalid orderid parameter, probably related to '[' and ']' characters.
- CVE-2007-3174Jun 11, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in auth.w2b in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the adtype parameter, a different vector than CVE-2006-1980.
- CVE-2007-3175Jun 11, 2007risk 0.01cvss —epss 0.17
Multiple SQL injection vulnerabilities in W2B Online Banking allow remote attackers to execute arbitrary SQL commands via (1) the draft parameter to mailer.w2b or (2) the listDocPay parameter to DocPay.w2b.
- CVE-2007-3176Jun 11, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in Ingate Firewall and SIParator before 4.5.2 allows remote authenticated users without full privileges to download a Support Report.
- CVE-2007-3177Jun 11, 2007risk 0.00cvss —epss 0.01
Ingate Firewall and SIParator before 4.5.2 allow remote attackers to bypass SIP authentication via a certain maddr parameter.
- CVE-2007-3178Jun 11, 2007risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in Zindizayn Okul Web Sistemi 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) pass parameter to (a) mezungiris.asp or (b) ogretmenkontrol.asp.
- CVE-2006-3974Jun 11, 2007risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in cgi-bin/admin in 3Com OfficeConnect Secure Router with firmware 1.04-168 allows remote attackers to inject arbitrary web script or HTML via the tk parameter.
- CVE-2007-3150Jun 11, 2007risk 0.00cvss —epss 0.01
Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .exe file, which is…
- CVE-2007-3141Jun 11, 2007risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in core/editor.php in phpWebThings 1.5.2 allows remote attackers to execute arbitrary PHP code via a URL in the editor_insert_top parameter. NOTE: the editor_insert_bottom vector is already covered by CVE-2006-6042.
- CVE-2007-3142Jun 11, 2007risk 0.00cvss —epss 0.01
Visual truncation vulnerability in Opera 9.21 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after 34 characters, as demonstrated by a phishing attack using HTTP Basic Authentication.
- CVE-2007-3143Jun 11, 2007risk 0.00cvss —epss 0.02
Visual truncation vulnerability in Konqueror 3.5.5 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic…