VYPR

CVEs

344,562 total · page 6422 of 6,892

  • CVE-2007-1319Mar 19, 2007
    risk 0.01cvss epss 0.09

    Unspecified vulnerability in the IOPCServer::RemoveGroup function in the OPCDA interface in Takebishi Electric DeviceXPlorer OLE for Process Control (OPC) Server before 3.12 Build3 allows remote attackers to execute arbitrary code via unspecified vectors involving access to…

  • CVE-2007-1500Mar 19, 2007
    risk 0.00cvss epss 0.00

    The Linux Security Auditing Tool (LSAT) allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using /tmp/lsat1.lsat.

  • CVE-2007-1501Mar 19, 2007
    risk 0.03cvss epss 0.06

    Stack-based buffer overflow in Avant Browser 11.0 build 26 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Content-Type HTTP header.

  • CVE-2007-1502Mar 19, 2007
    risk 0.00cvss epss 0.03

    Multiple buffer overflows in Rhapsody IRC 0.28b allow remote attackers to execute arbitrary code via a (1) long command, (2) long server argument to the (a) connect or (b) server commands, (3) long nick argument to the (c) nick command, or a long (4) nick or (5) message argument…

  • CVE-2007-1503Mar 19, 2007
    risk 0.00cvss epss 0.03

    Multiple format string vulnerabilities in comm.c in Rhapsody IRC 0.28b allow remote attackers to execute arbitrary code via format string specifiers to the create_ctcp_message function using the message argument to the (1) me or (2) ctcp commands, and possibly related vectors…

  • CVE-2007-1504Mar 19, 2007
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the Servlet Service in Fujitsu Interstage Application Server (IJServer) 8.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving web.xml and HTTP 404 and 500 status…

  • CVE-2007-1505Mar 19, 2007
    risk 0.00cvss epss 0.00

    Fujitsu FENCE-Pro before V5L01, and Systemwalker Desktop Encryption V12.0L10, V12.0L10A, V12.0L10B, V12.0L20 and V13.0.0 allows local users to obtain sensitive information by extracting the decoding password from certain "self-decoding" file types.

  • CVE-2007-1506Mar 19, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_warning_screen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the (1) p_oldurl and (2) p_newurl parameters.

  • CVE-2007-0237Mar 19, 2007
    risk 0.00cvss epss 0.00

    The ndeb-binary feature in Lookup (lookup-el) allows local users to overwrite arbitrary files via a symlink attack on temporary files.

  • CVE-2007-1499Mar 17, 2007
    risk 0.05cvss epss 0.30

    Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation…

  • CVE-2007-1447Mar 16, 2007
    risk 0.01cvss epss 0.14

    The Tape Engine in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC procedure arguments, which result in memory corruption, a different…

  • CVE-2007-1448Mar 16, 2007
    risk 0.00cvss epss 0.01

    The Tape Engine in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to cause a denial of service (disabled interface) by calling an unspecified RPC function.

  • CVE-2007-0450Mar 16, 2007
    risk 0.03cvss epss 0.91

    Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/"…

  • CVE-2007-1490Mar 16, 2007
    risk 0.00cvss epss 0.01

    Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allow remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors (aka "shell command injection").

  • CVE-2007-1491Mar 16, 2007
    risk 0.00cvss epss 0.00

    Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.

  • CVE-2007-1492Mar 16, 2007
    risk 0.04cvss epss 0.14

    winmm.dll in Microsoft Windows XP allows user-assisted remote attackers to cause a denial of service (infinite loop) via a large cch argument value to the mmioRead function, as demonstrated by a crafted WAV file.

  • CVE-2007-1493Mar 16, 2007
    risk 0.03cvss epss 0.03

    nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172.

  • CVE-2007-1494Mar 16, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "filters for https:// and http://".

  • CVE-2007-1495Mar 16, 2007
    risk 0.00cvss epss 0.00

    The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.1.7, and possibly other products using symevent.sys 12.0.0.20, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data,…

  • CVE-2007-1496Mar 16, 2007
    risk 0.00cvss epss 0.00

    nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows attackers to cause a denial of service (crash) via unspecified vectors involving the (1) nfulnl_recv_config function, (2) using "multiple packets per netlink message", and (3) bridged packets, which trigger a…

  • CVE-2007-1497Mar 16, 2007
    risk 0.00cvss epss 0.03

    nf_conntrack in netfilter in the Linux kernel before 2.6.20.3 does not set nfctinfo during reassembly of fragmented packets, which leaves the default value as IP_CT_ESTABLISHED and might allow remote attackers to bypass certain rulesets using IPv6 fragments.

  • CVE-2007-1498Mar 16, 2007
    risk 0.01cvss epss 0.08

    Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ActiveX control (SiteManager.dll) in the ePO management console in McAfee ePolicy Orchestrator (ePO) before 3.6.1 Patch 1 and ProtectionPilot (PRP) before 1.5.0 HotFix allow remote attackers to execute arbitrary…

  • CVE-2007-0002Mar 16, 2007
    risk 0.01cvss epss 0.07

    Multiple heap-based buffer overflows in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allow user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file in which values to loop…

  • CVE-2007-1466Mar 16, 2007
    risk 0.00cvss epss 0.03

    Integer overflow in the WP6GeneralTextPacket::_readContents function in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted…

  • CVE-2007-1467Mar 16, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP…

  • CVE-2007-1468Mar 16, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest (CQ) Web 7.0.0.0 allows remote attackers to inject arbitrary web script or HTML via an attachment to a defect log entry.

  • CVE-2007-1469Mar 16, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in gallery.asp in Absolute Image Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action.

  • CVE-2007-1470Mar 16, 2007
    risk 0.00cvss epss 0.03

    Multiple buffer overflows in LIBFtp 5.0 allow user-assisted remote attackers to execute arbitrary code via certain long arguments to the (1) FtpArchie, (2) FtpDebugDebug, (3) FtpOpenDir, (4) FtpSize, or (5) FtpChmod function.

  • CVE-2007-1471Mar 16, 2007
    risk 0.04cvss epss 0.07

    admin/default.asp in Orion-Blog 2.0 allows remote attackers to bypass authentication controls and gain privileges via a direct URL request for admin/AdminBlogNewsEdit.asp.

  • CVE-2007-1472Mar 16, 2007
    risk 0.03cvss epss 0.03

    Variable overwrite vulnerability in groupit/base/groupit.start.inc in Groupit 2.00b5 allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via arguments that are written to $_GLOBALS, as demonstrated using a URL in the c_basepath…

  • CVE-2007-1473Mar 16, 2007
    risk 0.03cvss epss 0.05

    Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php.

  • CVE-2007-1474Mar 16, 2007
    risk 0.03cvss epss 0.05

    Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames.

  • CVE-2007-1475Mar 16, 2007
    risk 0.03cvss epss 0.02

    Multiple buffer overflows in the (1) ibase_connect and (2) ibase_pconnect functions in the interbase extension in PHP 4.4.6 and earlier allow context-dependent attackers to execute arbitrary code via a long argument.

  • CVE-2007-1476Mar 16, 2007
    risk 0.03cvss epss 0.01

    The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Firewall 2006 9.1.1.7 and earlier, Internet Security 2005 and 2006, AntiVirus Corporate Edition 3.0.x through 10.1.x, and other Norton products, allows local users to cause a denial of service (system crash) by…

  • CVE-2007-1477Mar 16, 2007
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in index.php in PHP Point Of Sale for osCommerce 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cfg_language parameter. NOTE: this issue has been disputed by CVE, since the cfg_language…

  • CVE-2007-1478Mar 16, 2007
    risk 0.03cvss epss 0.03

    download.php in McGallery 0.5b allows remote attackers to read arbitrary files and obtain script source code via the filename parameter.

  • CVE-2007-1479Mar 16, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Guestbook.php in Creative Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.

  • CVE-2007-1480Mar 16, 2007
    risk 0.03cvss epss 0.02

    Creative Guestbook 1.0 allows remote attackers to add an administrative account via a direct request to createadmin.php with Name, Email, and PASSWORD parameters set.

  • CVE-2007-1481Mar 16, 2007
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in index.php in WBBlog allows remote attackers to execute arbitrary SQL commands via the e_id parameter in a viewentry cmd.

  • CVE-2007-1482Mar 16, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in index.php in WBBlog allows remote attackers to inject arbitrary web script or HTML via the e_id parameter in a viewentry cmd.

  • CVE-2007-1483Mar 16, 2007
    risk 0.03cvss epss 0.04

    Multiple PHP remote file inclusion vulnerabilities in WebCalendar 0.9.45 allow remote attackers to execute arbitrary PHP code via a URL in the includedir parameter to (1) login.php, (2) get_reminders.php, or (3) get_events.php.

  • CVE-2007-1484Mar 16, 2007
    risk 0.03cvss epss 0.01

    The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zval_dtor, which triggers memory corruption and allows local users to bypass safe_mode and execute arbitrary code via a certain unset operation after…

  • CVE-2007-1485Mar 16, 2007
    risk 0.00cvss epss 0.03

    Buffer overflow in the set_umask function in QFTP in LIBFtp 3.1-1 allows local users to execute arbitrary code via a long -m argument. NOTE: CVE disputes this issue because QFTP is not setuid, and it is unlikely that there are web interfaces to QFTP that would accept untrusted…

  • CVE-2007-1486Mar 16, 2007
    risk 0.00cvss epss 0.03

    PHP remote file inclusion vulnerability in template.class.php in Carbonize Lazarus Guestbook before 1.7.3 allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to admin.php, probably due to a dynamic variable evaluation vulnerability.

  • CVE-2007-1487Mar 16, 2007
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in index.php in Sascha Schroeder (aka CyberTeddy or Cyber-inside) WebLog allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a showarticles action.

  • CVE-2007-1488Mar 16, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 before 20070315 allows remote attackers to "gain unauthorized access to data", possibly involving a sample application.

  • CVE-2007-1489Mar 16, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in web-app.org Web Automated Perl Portal (WebAPP) 0.9.9.4 to 0.9.9.6 allows remote attackers to obtain admin access by modifying cookies and performing "certain consecutive actions," possibly due to a cross-site request forgery (CSRF) vulnerability.

  • CVE-2007-1278Mar 16, 2007
    risk 0.02cvss epss 0.26

    Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root.

  • CVE-2007-1462Mar 15, 2007
    risk 0.00cvss epss 0.01

    The luci server component in conga preserves the password between page loads for the Add System/Cluster task flow by storing the password in the Value attribute of a password entry field, which allows attackers to steal the password by performing a "view source" or other…

  • CVE-2007-1449Mar 14, 2007
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.