| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-2882 | 0.00 | — | 0.03 | May 30, 2007 | Unspecified vulnerability in the NFS client module in Sun Solaris 8 through 10 before 20070524, when operating as an NFS server, allows remote attackers to cause a denial of service (crash) via certain Access Control List (acl) packets. | |||
| CVE-2007-2883 | 0.00 | — | 0.00 | May 30, 2007 | Credant Mobile Guardian Shield for Windows 5.2.1.105 and earlier stores account names and passwords in plaintext in memory, which allows local users to obtain sensitive information by (1) reading the paging file or (2) dumping and searching the memory image. NOTE: This issue… | |||
| CVE-2007-2884 | 0.06 | — | 0.36 | May 30, 2007 | Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allow user-assisted remote attackers to cause a denial of service (CPU consumption) or execute arbitrary code via a Visual Basic Project (vbp) file with a long (1) Description or (2) Company Name… | |||
| CVE-2007-2885 | 0.01 | — | 0.09 | May 30, 2007 | The NotSafe function in the MSVDTDatabaseDesigner7 ActiveX control in VDT70.DLL in Microsoft Visual Database Tools (MSVDT) Database Designer 7.0 allows remote attackers to cause a denial of service (Internet Explorer 6 crash) via a long argument. | |||
| CVE-2007-2886 | 0.00 | — | 0.02 | May 30, 2007 | Unspecified vulnerability in the Nortel CS 1000 M media card in Enterprise VoIP-Core-CS 1000E, 1000M, and 1000S 04.50W before 20070523 in Meridian/CS 1000 allows remote attackers to cause a denial of service (card hang) via unspecified vectors. | |||
| CVE-2007-2887 | 0.03 | — | 0.02 | May 30, 2007 | Cross-site scripting (XSS) vulnerability in index.php in Web Icerik Yonetim Sistemi (WIYS) 1.0 allows remote attackers to inject arbitrary web script or HTML via the No parameter in the Sayfa page. | |||
| CVE-2007-2888 | 0.07 | — | 0.55 | May 30, 2007 | Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows user-assisted remote attackers to execute arbitrary code via a long FILE string (filename) in a .cue file, a related issue to CVE-2007-2761. NOTE: some details are obtained from third party information. | |||
| CVE-2007-2889 | 0.03 | — | 0.02 | May 30, 2007 | SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the scormcontopen parameter. | |||
| CVE-2007-2890 | 0.03 | — | 0.01 | May 30, 2007 | SQL injection vulnerability in category.php in cpCommerce 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id_category parameter. | |||
| CVE-2007-2891 | 0.04 | — | 0.08 | May 30, 2007 | Multiple PHP remote file inclusion vulnerabilities in FirmWorX 0.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bank_data[root] parameter to modules/bank/includes/design/main.inc.php, or the (2) fm_data[root] parameter to (a)… | |||
| CVE-2007-2892 | 0.03 | — | 0.01 | May 30, 2007 | Cross-site scripting (XSS) vulnerability in news.asp in ASP-Nuke 2.0.7 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||
| CVE-2007-2893 | 0.00 | — | 0.00 | May 30, 2007 | Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that… | |||
| CVE-2007-2894 | 0.03 | — | 0.01 | May 30, 2007 | The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error. | |||
| CVE-2007-2895 | 0.03 | — | 0.05 | May 30, 2007 | Buffer overflow in a certain ActiveX control in LTRDF14e.DLL 14.5.0.44 in LeadTools Raster Dialog File Object allows remote attackers to execute arbitrary code via a long Directory property value. | |||
| CVE-2007-2896 | 0.00 | — | 0.02 | May 30, 2007 | Race condition in the Symantec Enterprise Security Manager (ESM) 6.5.3 managers and agents on Windows before 20070524 allows remote attackers to cause a denial of service (CPU consumption and application hang) via certain network scans to ESM ports. | |||
| CVE-2007-0246 | 0.00 | — | 0.02 | May 29, 2007 | plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATH_INFO. | |||
| CVE-2007-2388 | 0.00 | — | 0.06 | May 29, 2007 | Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to… | |||
| CVE-2007-2389 | 0.00 | — | 0.03 | May 29, 2007 | Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets. | |||
| CVE-2007-2451 | 0.00 | — | 0.02 | May 29, 2007 | Unspecified vulnerability in drivers/crypto/geode-aes.c in GEODE-AES in the Linux kernel before 2.6.21.3 allows attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2007-2877 | 0.00 | — | 0.00 | May 29, 2007 | Buffer overflow in tcl/win/tclWinReg.c in Tcl (Tcl/Tk) before 8.5a6 allows local users to gain privileges via long registry key paths. | |||
| CVE-2007-2878 | 0.03 | — | 0.01 | May 29, 2007 | The VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run on a 64-bit system, allow local users to corrupt a kernel_dirent struct and cause a denial of service (system crash) via unknown vectors. | |||
| CVE-2007-2879 | 0.03 | — | 0.02 | May 29, 2007 | Cross-site scripting (XSS) vulnerability in mods.php in GTP GNUTurk Portal System 3G allows remote attackers to inject arbitrary web script or HTML via the month parameter. | |||
| CVE-2007-2880 | 0.00 | — | 0.01 | May 29, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Digirez 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Room_name parameter to room/info_book.asp or the (2) curYear parameter to room/week.asp. | |||
| CVE-2007-2881 | 0.02 | — | 0.26 | May 29, 2007 | Multiple stack-based buffer overflows in the SOCKS proxy support (sockd) in Sun Java Web Proxy Server before 4.0.5 allow remote attackers to execute arbitrary code via crafted packets during protocol negotiation. | |||
| CVE-2007-1860 | 0.01 | — | 0.13 | May 25, 2007 | mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded ..… | |||
| CVE-2007-2865 | 0.03 | — | 0.06 | May 25, 2007 | Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter. | |||
| CVE-2007-2866 | 0.00 | — | 0.01 | May 25, 2007 | Multiple SQL injection vulnerabilities in modules/admin/modules/gallery.php in PHPEcho CMS 2.0-rc1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter and possibly other parameters. NOTE: some of these details are obtained from third party… | |||
| CVE-2007-0740 | 0.00 | — | 0.01 | May 24, 2007 | Alias Manager in Apple Mac OS X 10.3.9 and 10.4.9 does not display files with the same name in mounted disk images that have the same name, which might allow user-assisted attackers to trick a user into executing malicious files. | |||
| CVE-2007-0750 | 0.00 | — | 0.04 | May 24, 2007 | Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to 10.4.9 allows remote user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted PDF file. | |||
| CVE-2007-0751 | 0.00 | — | 0.00 | May 24, 2007 | A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9 might delete filesystems that have been mounted in /tmp, which might allow local users to cause a denial of service, related to the find command. | |||
| CVE-2007-0752 | 0.03 | — | 0.01 | May 24, 2007 | The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check. | |||
| CVE-2007-0753 | 0.03 | — | 0.01 | May 24, 2007 | Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter. | |||
| CVE-2007-2386 | 0.07 | — | 0.50 | May 24, 2007 | Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet. | |||
| CVE-2007-2390 | 0.01 | — | 0.09 | May 24, 2007 | Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet. | |||
| CVE-2007-2852 | 0.01 | — | 0.07 | May 24, 2007 | Multiple stack-based buffer overflows in ESET NOD32 Antivirus before 2.70.37.0 allow remote attackers to execute arbitrary code during (1) delete/disinfect or (2) rename operations via a crafted directory name. | |||
| CVE-2007-2853 | 0.03 | — | 0.05 | May 24, 2007 | The VCDAPILibApi ActiveX control in vc9api.DLL 9.0.0.57 in Virtual CD 9.0.0.2 allows remote attackers to execute arbitrary commands via a command line in the first argument to the VCDLaunchAndWait function. | |||
| CVE-2007-2854 | 0.03 | — | 0.01 | May 24, 2007 | Multiple SQL injection vulnerabilities in account_change.php in BtiTracker 1.4.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) style or (2) langue parameter. | |||
| CVE-2007-2855 | 0.00 | — | 0.05 | May 24, 2007 | Buffer overflow in a certain ActiveX control in DartZipLite.dll 1.8.5.3 in Dart ZipLite Compression for ActiveX allows user-assisted remote attackers to execute arbitrary code via a long first argument to the QuickZip function, a related issue to CVE-2007-2856. | |||
| CVE-2007-2856 | 0.04 | — | 0.07 | May 24, 2007 | Buffer overflow in the Dart Communications PowerTCP ZIP Compression ActiveX control in DartZip.dll 1.8.5.3, when Internet Explorer 6 is used, allows user-assisted remote attackers to execute arbitrary code via a long first argument to the QuickZip function, a related issue to… | |||
| CVE-2007-2857 | 0.03 | — | 0.03 | May 24, 2007 | PHP remote file inclusion vulnerability in sample/xls2mysql in ABC Excel Parser Pro 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the parser_path parameter. | |||
| CVE-2007-2858 | 0.00 | — | 0.01 | May 24, 2007 | SQL injection vulnerability in the IP-Search functionality in the IP-Tracking Mod for phpBB 2.0.x allows remote authenticated administrators to execute arbitrary SQL commands via the Search Query field. | |||
| CVE-2007-2859 | 0.00 | — | 0.02 | May 24, 2007 | Multiple PHP remote file inclusion vulnerabilities in SimpGB 1.46.0 allow remote attackers to execute arbitrary PHP code via a URL in the path_simpgb parameter to (1) guestbook.php, (2) search.php, (3) mailer.php, (4) avatars.php, (5) ccode.php, (6) comments.php, (7)… | |||
| CVE-2007-2860 | 0.00 | — | 0.01 | May 24, 2007 | user.php in BoastMachine 3.0 platinum allows remote authenticated users to gain privileges via a modified id parameter, as demonstrated by an edit_post action. | |||
| CVE-2007-2861 | 0.00 | — | 0.02 | May 24, 2007 | Multiple PHP remote file inclusion vulnerabilities in Simple Accessible XHTML Online News (SAXON) 4.6 allow remote attackers to execute arbitrary PHP code via a URL in the template parameter to (1) news.php, (2) preview.php, or (3) archive-display.php. | |||
| CVE-2007-2862 | 0.00 | — | 0.01 | May 24, 2007 | Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow remote attackers to execute arbitrary SQL commands via an unspecified parameter to cart.inc.php and certain other files in an include directory, related to missing sanitization of the $option variable and… | |||
| CVE-2007-0448 | 0.04 | — | 0.07 | May 24, 2007 | The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI. | |||
| CVE-2007-2843 | 0.03 | — | 0.03 | May 24, 2007 | Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed… | |||
| CVE-2007-2844 | 0.00 | — | 0.03 | May 24, 2007 | PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain… | |||
| CVE-2007-2845 | 0.01 | — | 0.06 | May 24, 2007 | Heap-based buffer overflow in the CAB unpacker in avast! Anti-Virus Managed Client before 4.7.700 allows user-assisted remote attackers to execute arbitrary code via a crafted CAB archive, resulting from an "integer cast around". | |||
| CVE-2007-2846 | 0.01 | — | 0.08 | May 24, 2007 | Heap-based buffer overflow in the SIS unpacker in avast! Anti-Virus Managed Client before 4.7.700 allows user-assisted remote attackers to execute arbitrary code via a crafted SIS archive, resulting from an "integer cast around." |
- CVE-2007-2882May 30, 2007risk 0.00cvss —epss 0.03
Unspecified vulnerability in the NFS client module in Sun Solaris 8 through 10 before 20070524, when operating as an NFS server, allows remote attackers to cause a denial of service (crash) via certain Access Control List (acl) packets.
- CVE-2007-2883May 30, 2007risk 0.00cvss —epss 0.00
Credant Mobile Guardian Shield for Windows 5.2.1.105 and earlier stores account names and passwords in plaintext in memory, which allows local users to obtain sensitive information by (1) reading the paging file or (2) dumping and searching the memory image. NOTE: This issue…
- CVE-2007-2884May 30, 2007risk 0.06cvss —epss 0.36
Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allow user-assisted remote attackers to cause a denial of service (CPU consumption) or execute arbitrary code via a Visual Basic Project (vbp) file with a long (1) Description or (2) Company Name…
- CVE-2007-2885May 30, 2007risk 0.01cvss —epss 0.09
The NotSafe function in the MSVDTDatabaseDesigner7 ActiveX control in VDT70.DLL in Microsoft Visual Database Tools (MSVDT) Database Designer 7.0 allows remote attackers to cause a denial of service (Internet Explorer 6 crash) via a long argument.
- CVE-2007-2886May 30, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Nortel CS 1000 M media card in Enterprise VoIP-Core-CS 1000E, 1000M, and 1000S 04.50W before 20070523 in Meridian/CS 1000 allows remote attackers to cause a denial of service (card hang) via unspecified vectors.
- CVE-2007-2887May 30, 2007risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in index.php in Web Icerik Yonetim Sistemi (WIYS) 1.0 allows remote attackers to inject arbitrary web script or HTML via the No parameter in the Sayfa page.
- CVE-2007-2888May 30, 2007risk 0.07cvss —epss 0.55
Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows user-assisted remote attackers to execute arbitrary code via a long FILE string (filename) in a .cue file, a related issue to CVE-2007-2761. NOTE: some details are obtained from third party information.
- CVE-2007-2889May 30, 2007risk 0.03cvss —epss 0.02
SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the scormcontopen parameter.
- CVE-2007-2890May 30, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in category.php in cpCommerce 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id_category parameter.
- CVE-2007-2891May 30, 2007risk 0.04cvss —epss 0.08
Multiple PHP remote file inclusion vulnerabilities in FirmWorX 0.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bank_data[root] parameter to modules/bank/includes/design/main.inc.php, or the (2) fm_data[root] parameter to (a)…
- CVE-2007-2892May 30, 2007risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in news.asp in ASP-Nuke 2.0.7 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2007-2893May 30, 2007risk 0.00cvss —epss 0.00
Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that…
- CVE-2007-2894May 30, 2007risk 0.03cvss —epss 0.01
The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error.
- CVE-2007-2895May 30, 2007risk 0.03cvss —epss 0.05
Buffer overflow in a certain ActiveX control in LTRDF14e.DLL 14.5.0.44 in LeadTools Raster Dialog File Object allows remote attackers to execute arbitrary code via a long Directory property value.
- CVE-2007-2896May 30, 2007risk 0.00cvss —epss 0.02
Race condition in the Symantec Enterprise Security Manager (ESM) 6.5.3 managers and agents on Windows before 20070524 allows remote attackers to cause a denial of service (CPU consumption and application hang) via certain network scans to ESM ports.
- CVE-2007-0246May 29, 2007risk 0.00cvss —epss 0.02
plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATH_INFO.
- CVE-2007-2388May 29, 2007risk 0.00cvss —epss 0.06
Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to…
- CVE-2007-2389May 29, 2007risk 0.00cvss —epss 0.03
Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets.
- CVE-2007-2451May 29, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in drivers/crypto/geode-aes.c in GEODE-AES in the Linux kernel before 2.6.21.3 allows attackers to obtain sensitive information via unspecified vectors.
- CVE-2007-2877May 29, 2007risk 0.00cvss —epss 0.00
Buffer overflow in tcl/win/tclWinReg.c in Tcl (Tcl/Tk) before 8.5a6 allows local users to gain privileges via long registry key paths.
- CVE-2007-2878May 29, 2007risk 0.03cvss —epss 0.01
The VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run on a 64-bit system, allow local users to corrupt a kernel_dirent struct and cause a denial of service (system crash) via unknown vectors.
- CVE-2007-2879May 29, 2007risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in mods.php in GTP GNUTurk Portal System 3G allows remote attackers to inject arbitrary web script or HTML via the month parameter.
- CVE-2007-2880May 29, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Digirez 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Room_name parameter to room/info_book.asp or the (2) curYear parameter to room/week.asp.
- CVE-2007-2881May 29, 2007risk 0.02cvss —epss 0.26
Multiple stack-based buffer overflows in the SOCKS proxy support (sockd) in Sun Java Web Proxy Server before 4.0.5 allow remote attackers to execute arbitrary code via crafted packets during protocol negotiation.
- CVE-2007-1860May 25, 2007risk 0.01cvss —epss 0.13
mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded ..…
- CVE-2007-2865May 25, 2007risk 0.03cvss —epss 0.06
Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter.
- CVE-2007-2866May 25, 2007risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in modules/admin/modules/gallery.php in PHPEcho CMS 2.0-rc1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter and possibly other parameters. NOTE: some of these details are obtained from third party…
- CVE-2007-0740May 24, 2007risk 0.00cvss —epss 0.01
Alias Manager in Apple Mac OS X 10.3.9 and 10.4.9 does not display files with the same name in mounted disk images that have the same name, which might allow user-assisted attackers to trick a user into executing malicious files.
- CVE-2007-0750May 24, 2007risk 0.00cvss —epss 0.04
Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to 10.4.9 allows remote user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted PDF file.
- CVE-2007-0751May 24, 2007risk 0.00cvss —epss 0.00
A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9 might delete filesystems that have been mounted in /tmp, which might allow local users to cause a denial of service, related to the find command.
- CVE-2007-0752May 24, 2007risk 0.03cvss —epss 0.01
The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check.
- CVE-2007-0753May 24, 2007risk 0.03cvss —epss 0.01
Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter.
- CVE-2007-2386May 24, 2007risk 0.07cvss —epss 0.50
Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet.
- CVE-2007-2390May 24, 2007risk 0.01cvss —epss 0.09
Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet.
- CVE-2007-2852May 24, 2007risk 0.01cvss —epss 0.07
Multiple stack-based buffer overflows in ESET NOD32 Antivirus before 2.70.37.0 allow remote attackers to execute arbitrary code during (1) delete/disinfect or (2) rename operations via a crafted directory name.
- CVE-2007-2853May 24, 2007risk 0.03cvss —epss 0.05
The VCDAPILibApi ActiveX control in vc9api.DLL 9.0.0.57 in Virtual CD 9.0.0.2 allows remote attackers to execute arbitrary commands via a command line in the first argument to the VCDLaunchAndWait function.
- CVE-2007-2854May 24, 2007risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in account_change.php in BtiTracker 1.4.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) style or (2) langue parameter.
- CVE-2007-2855May 24, 2007risk 0.00cvss —epss 0.05
Buffer overflow in a certain ActiveX control in DartZipLite.dll 1.8.5.3 in Dart ZipLite Compression for ActiveX allows user-assisted remote attackers to execute arbitrary code via a long first argument to the QuickZip function, a related issue to CVE-2007-2856.
- CVE-2007-2856May 24, 2007risk 0.04cvss —epss 0.07
Buffer overflow in the Dart Communications PowerTCP ZIP Compression ActiveX control in DartZip.dll 1.8.5.3, when Internet Explorer 6 is used, allows user-assisted remote attackers to execute arbitrary code via a long first argument to the QuickZip function, a related issue to…
- CVE-2007-2857May 24, 2007risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in sample/xls2mysql in ABC Excel Parser Pro 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the parser_path parameter.
- CVE-2007-2858May 24, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in the IP-Search functionality in the IP-Tracking Mod for phpBB 2.0.x allows remote authenticated administrators to execute arbitrary SQL commands via the Search Query field.
- CVE-2007-2859May 24, 2007risk 0.00cvss —epss 0.02
Multiple PHP remote file inclusion vulnerabilities in SimpGB 1.46.0 allow remote attackers to execute arbitrary PHP code via a URL in the path_simpgb parameter to (1) guestbook.php, (2) search.php, (3) mailer.php, (4) avatars.php, (5) ccode.php, (6) comments.php, (7)…
- CVE-2007-2860May 24, 2007risk 0.00cvss —epss 0.01
user.php in BoastMachine 3.0 platinum allows remote authenticated users to gain privileges via a modified id parameter, as demonstrated by an edit_post action.
- CVE-2007-2861May 24, 2007risk 0.00cvss —epss 0.02
Multiple PHP remote file inclusion vulnerabilities in Simple Accessible XHTML Online News (SAXON) 4.6 allow remote attackers to execute arbitrary PHP code via a URL in the template parameter to (1) news.php, (2) preview.php, or (3) archive-display.php.
- CVE-2007-2862May 24, 2007risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow remote attackers to execute arbitrary SQL commands via an unspecified parameter to cart.inc.php and certain other files in an include directory, related to missing sanitization of the $option variable and…
- CVE-2007-0448May 24, 2007risk 0.04cvss —epss 0.07
The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI.
- CVE-2007-2843May 24, 2007risk 0.03cvss —epss 0.03
Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed…
- CVE-2007-2844May 24, 2007risk 0.00cvss —epss 0.03
PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain…
- CVE-2007-2845May 24, 2007risk 0.01cvss —epss 0.06
Heap-based buffer overflow in the CAB unpacker in avast! Anti-Virus Managed Client before 4.7.700 allows user-assisted remote attackers to execute arbitrary code via a crafted CAB archive, resulting from an "integer cast around".
- CVE-2007-2846May 24, 2007risk 0.01cvss —epss 0.08
Heap-based buffer overflow in the SIS unpacker in avast! Anti-Virus Managed Client before 4.7.700 allows user-assisted remote attackers to execute arbitrary code via a crafted SIS archive, resulting from an "integer cast around."