| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-0661 | 0.00 | — | 0.01 | Feb 1, 2007 | Intel Enterprise Southbridge 2 Baseboard Management Controller (BMC), Intel Server Boards 5000XAL, S5000PAL, S5000PSL, S5000XVN, S5000VCL, S5000VSA, SC5400RA, and OEM Firmware for Intel Enterprise Southbridge Baseboard Management Controller before 20070119, when Intelligent… | |||
| CVE-2007-0662 | 0.03 | — | 0.03 | Feb 1, 2007 | PHP remote file inclusion vulnerability in includes/usercp_viewprofile.php in Hailboards 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||
| CVE-2007-0663 | 0.03 | — | 0.01 | Feb 1, 2007 | SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the qid parameter, a different vector than CVE-2007-0631. NOTE: The provenance of this information is unknown; the details are… | |||
| CVE-2007-0650 | 0.00 | — | 0.04 | Feb 1, 2007 | Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in teTeX might allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename. NOTE: other overflows exist but might not be exploitable, such as a heap-based… | |||
| CVE-2007-0648 | 0.00 | — | 0.04 | Feb 1, 2007 | Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP. | |||
| CVE-2007-0649 | 0.03 | — | 0.06 | Feb 1, 2007 | Variable overwrite vulnerability in interface/globals.php in OpenEMR 2.8.2 and earlier allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as conduct (a) remote file inclusion attacks via the srcdir parameter in… | |||
| CVE-2007-0644 | 0.03 | — | 0.02 | Feb 1, 2007 | Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit… | |||
| CVE-2007-0645 | 0.03 | — | 0.02 | Feb 1, 2007 | Format string vulnerability in iPhoto 6.0.5 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling certain Apple AppKit functions. | |||
| CVE-2007-0646 | 0.04 | — | 0.10 | Feb 1, 2007 | Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the… | |||
| CVE-2007-0647 | 0.03 | — | 0.03 | Feb 1, 2007 | Format string vulnerability in Help Viewer 3.0.0 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSBeginAlertSheet Apple AppKit function. | |||
| CVE-2007-0634 | 0.04 | — | 0.09 | Jan 31, 2007 | Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets. | |||
| CVE-2007-0635 | 0.04 | — | 0.09 | Jan 31, 2007 | Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) config[path] parameter to (a) common_foot.php or (b) blogs.php, or (2) the config[theme] parameter to (c) admin/gallery_head.php. | |||
| CVE-2007-0636 | 0.00 | — | 0.00 | Jan 31, 2007 | Unspecified vulnerability in inotify before 0.3.5 has unknown impact and attack vectors, related to "access rights to watched files." | |||
| CVE-2007-0637 | 0.03 | — | 0.04 | Jan 31, 2007 | Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file,… | |||
| CVE-2007-0638 | 0.03 | — | 0.03 | Jan 31, 2007 | show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers to obtain sensitive information (database contents) via a % (percent) character in the dbfieldv parameter. | |||
| CVE-2007-0639 | 0.04 | — | 0.07 | Jan 31, 2007 | Multiple static code injection vulnerabilities in error.php in GuppY 4.5.16 and earlier allow remote attackers to inject arbitrary PHP code into a .inc file in the data/ directory via (1) a REMOTE_ADDR cookie or (2) a cookie specifying an element of the msg array with an error… | |||
| CVE-2007-0640 | 0.00 | — | 0.02 | Jan 31, 2007 | Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses." | |||
| CVE-2007-0641 | 0.03 | — | 0.04 | Jan 31, 2007 | Buffer overflow in the EnumPrintersA function in dapcnfsd.dll 0.6.4.0 in Shaffer Solutions (SSC) DiskAccess NFS Client allows remote attackers to execute arbitrary code via a long argument, an issue similar to CVE-2006-5854 and CVE-2007-0444. | |||
| CVE-2007-0642 | 0.00 | — | 0.02 | Jan 31, 2007 | SQL injection vulnerability in tForum 2.00 in the Raymond BERTHOU script collection (aka RBL - ASP) allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) pass to user_confirm.asp. | |||
| CVE-2007-0643 | 0.04 | — | 0.07 | Jan 31, 2007 | Stack-based buffer overflow in Bloodshed Dev-C++ 4.9.9.2 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp file. | |||
| CVE-2007-0622 | 0.00 | — | 0.01 | Jan 31, 2007 | Cross-site request forgery (CSRF) vulnerability in MyBB (aka MyBulletinBoard) 1.2.2 allows remote attackers to send messages to arbitrary users. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||
| CVE-2007-0623 | 0.03 | — | 0.02 | Jan 31, 2007 | SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows remote attackers to execute arbitrary SQL commands via the startrow parameter. | |||
| CVE-2007-0624 | 0.00 | — | 0.01 | Jan 31, 2007 | user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the full path via a ' (quote) character, and possibly other invalid values, in the uname parameter in a userinfo operation. | |||
| CVE-2007-0625 | 0.00 | — | 0.00 | Jan 31, 2007 | nxconfigure.sh in NoMachine NX Server before 2.1.0-18 does not validate the invoking user, which allows local users to modify server configuration keys in /usr/NX/etc/server.cfg, resulting in an unspecified denial of service. | |||
| CVE-2007-0626 | 0.00 | — | 0.03 | Jan 31, 2007 | The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not… | |||
| CVE-2007-0627 | 0.00 | — | 0.00 | Jan 31, 2007 | Michael Still gtalkbot before 1.2 places username and password arguments on the command line, which allows local users to obtain sensitive information by listing the process. | |||
| CVE-2007-0628 | 0.00 | — | 0.02 | Jan 31, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the (1) goto or (2) gx-charset parameter. NOTE: some of these… | |||
| CVE-2007-0629 | 0.00 | — | 0.01 | Jan 31, 2007 | The www_purgeList method in Plain Black WebGUI before 7.3.8 does not properly check user permissions, which allows attackers to delete unauthorized assets. NOTE: some of these details are obtained from third party information. | |||
| CVE-2007-0630 | 0.00 | — | 0.01 | Jan 31, 2007 | Multiple SQL injection vulnerabilities in the generate_csv function in classes/class.news.php in X-dev xNews 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) from, and (3) q parameters, different vectors than CVE-2007-0569. NOTE: The… | |||
| CVE-2007-0631 | 0.03 | — | 0.01 | Jan 31, 2007 | SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||
| CVE-2007-0632 | 0.00 | — | 0.01 | Jan 31, 2007 | SQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via a username cookie, a different vector than CVE-2007-0560. | |||
| CVE-2007-0633 | 0.03 | — | 0.03 | Jan 31, 2007 | PHP remote file inclusion vulnerability in include/themes/themefunc.php in MyNews 4.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter. | |||
| CVE-2007-0612 | 0.06 | — | 0.43 | Jan 31, 2007 | Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2)… | |||
| CVE-2007-0613 | 0.04 | — | 0.07 | Jan 31, 2007 | The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 does not check for duplicate entries when adding newly discovered available contacts, which allows remote attackers to cause a denial of service (disrupted… | |||
| CVE-2007-0614 | 0.04 | — | 0.08 | Jan 31, 2007 | The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (persistent application crash) via a crafted phsh hash attribute in a TXT key. | |||
| CVE-2007-0615 | 0.00 | — | 0.02 | Jan 31, 2007 | Unspecified vulnerability in Hitachi JP1/HIBUN Advanced Edition Management Server and Log Server before 20070124 allows remote attackers to cause a denial of service (application stop) via unexpected data. | |||
| CVE-2007-0616 | 0.00 | — | 0.02 | Jan 31, 2007 | Directory traversal vulnerability in zen/template-functions.php in zenphoto 1.0.4 up to 1.0.6 allows remote attackers to list arbitrary directories via ".." sequences in the album parameter to index.php. | |||
| CVE-2007-0617 | 0.00 | — | 0.01 | Jan 31, 2007 | The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked "safe for scripting," which allows remote attackers to add arbitrary e-mail addresses and domains to the spam blocker whitelist via the (1) AddSenderToWhitelist and (2) AddDomainToWhitelist functions. | |||
| CVE-2007-0618 | 0.00 | — | 0.02 | Jan 31, 2007 | Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability." | |||
| CVE-2007-0619 | 0.00 | — | 0.05 | Jan 31, 2007 | chmlib before 0.39 allows user-assisted remote attackers to execute arbitrary code via a crafted page block length in a CHM file, which triggers memory corruption. | |||
| CVE-2007-0620 | 0.03 | — | 0.04 | Jan 31, 2007 | download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php. | |||
| CVE-2007-0467 | 0.03 | — | 0.02 | Jan 31, 2007 | crashdump in Apple Mac OS X 10.4.8 allows local users in the admin group to modify arbitrary files or gain privileges via a symlink attack on application logs in /Library/Logs/CrashReporter/. | |||
| CVE-2007-0465 | 0.04 | — | 0.18 | Jan 31, 2007 | Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4.8 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a (1) PKG, (2) DISTZ, or (3) MPKG package filename. | |||
| CVE-2007-0466 | 0.03 | — | 0.06 | Jan 31, 2007 | Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 allows remote attackers to execute arbitrary code via a crafted ASF_File_Properties_Object size field in a WMV file, which triggers memory corruption. | |||
| CVE-2007-0610 | 0.00 | — | 0.01 | Jan 31, 2007 | Cross-site scripting (XSS) vulnerability in the mailform feature in CMSimple 2.7 fix1 allows remote attackers to inject arbitrary web script or HTML via the sender parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party… | |||
| CVE-2007-0611 | 0.00 | — | 0.01 | Jan 31, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) inc.page.php and (2) inc.text.php. | |||
| CVE-2006-5753 | 0.00 | — | 0.00 | Jan 30, 2007 | Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is present, allows local users to cause a denial of service (data corruption) and possibly gain privileges via unknown vectors. | |||
| CVE-2006-5754 | 0.00 | — | 0.00 | Jan 30, 2007 | The aio_setup_ring function in Linux kernel does not properly initialize a variable, which allows local users to cause a denial of service (crash) via an unspecified error path that causes an incorrect free operation. | |||
| CVE-2006-6535 | 0.00 | — | 0.03 | Jan 30, 2007 | The dev_queue_xmit function in Linux kernel 2.6 can fail before calling the local_bh_disable function, which could lead to data corruption and "node lockups." NOTE: it is not clear whether this issue is exploitable. | |||
| CVE-2007-0588 | 0.00 | — | 0.06 | Jan 30, 2007 | The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that… |
- CVE-2007-0661Feb 1, 2007risk 0.00cvss —epss 0.01
Intel Enterprise Southbridge 2 Baseboard Management Controller (BMC), Intel Server Boards 5000XAL, S5000PAL, S5000PSL, S5000XVN, S5000VCL, S5000VSA, SC5400RA, and OEM Firmware for Intel Enterprise Southbridge Baseboard Management Controller before 20070119, when Intelligent…
- CVE-2007-0662Feb 1, 2007risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in includes/usercp_viewprofile.php in Hailboards 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
- CVE-2007-0663Feb 1, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the qid parameter, a different vector than CVE-2007-0631. NOTE: The provenance of this information is unknown; the details are…
- CVE-2007-0650Feb 1, 2007risk 0.00cvss —epss 0.04
Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in teTeX might allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename. NOTE: other overflows exist but might not be exploitable, such as a heap-based…
- CVE-2007-0648Feb 1, 2007risk 0.00cvss —epss 0.04
Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP.
- CVE-2007-0649Feb 1, 2007risk 0.03cvss —epss 0.06
Variable overwrite vulnerability in interface/globals.php in OpenEMR 2.8.2 and earlier allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as conduct (a) remote file inclusion attacks via the srcdir parameter in…
- CVE-2007-0644Feb 1, 2007risk 0.03cvss —epss 0.02
Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit…
- CVE-2007-0645Feb 1, 2007risk 0.03cvss —epss 0.02
Format string vulnerability in iPhoto 6.0.5 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling certain Apple AppKit functions.
- CVE-2007-0646Feb 1, 2007risk 0.04cvss —epss 0.10
Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the…
- CVE-2007-0647Feb 1, 2007risk 0.03cvss —epss 0.03
Format string vulnerability in Help Viewer 3.0.0 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSBeginAlertSheet Apple AppKit function.
- CVE-2007-0634Jan 31, 2007risk 0.04cvss —epss 0.09
Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets.
- CVE-2007-0635Jan 31, 2007risk 0.04cvss —epss 0.09
Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) config[path] parameter to (a) common_foot.php or (b) blogs.php, or (2) the config[theme] parameter to (c) admin/gallery_head.php.
- CVE-2007-0636Jan 31, 2007risk 0.00cvss —epss 0.00
Unspecified vulnerability in inotify before 0.3.5 has unknown impact and attack vectors, related to "access rights to watched files."
- CVE-2007-0637Jan 31, 2007risk 0.03cvss —epss 0.04
Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file,…
- CVE-2007-0638Jan 31, 2007risk 0.03cvss —epss 0.03
show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers to obtain sensitive information (database contents) via a % (percent) character in the dbfieldv parameter.
- CVE-2007-0639Jan 31, 2007risk 0.04cvss —epss 0.07
Multiple static code injection vulnerabilities in error.php in GuppY 4.5.16 and earlier allow remote attackers to inject arbitrary PHP code into a .inc file in the data/ directory via (1) a REMOTE_ADDR cookie or (2) a cookie specifying an element of the msg array with an error…
- CVE-2007-0640Jan 31, 2007risk 0.00cvss —epss 0.02
Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses."
- CVE-2007-0641Jan 31, 2007risk 0.03cvss —epss 0.04
Buffer overflow in the EnumPrintersA function in dapcnfsd.dll 0.6.4.0 in Shaffer Solutions (SSC) DiskAccess NFS Client allows remote attackers to execute arbitrary code via a long argument, an issue similar to CVE-2006-5854 and CVE-2007-0444.
- CVE-2007-0642Jan 31, 2007risk 0.00cvss —epss 0.02
SQL injection vulnerability in tForum 2.00 in the Raymond BERTHOU script collection (aka RBL - ASP) allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) pass to user_confirm.asp.
- CVE-2007-0643Jan 31, 2007risk 0.04cvss —epss 0.07
Stack-based buffer overflow in Bloodshed Dev-C++ 4.9.9.2 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp file.
- CVE-2007-0622Jan 31, 2007risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in MyBB (aka MyBulletinBoard) 1.2.2 allows remote attackers to send messages to arbitrary users. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2007-0623Jan 31, 2007risk 0.03cvss —epss 0.02
SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows remote attackers to execute arbitrary SQL commands via the startrow parameter.
- CVE-2007-0624Jan 31, 2007risk 0.00cvss —epss 0.01
user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the full path via a ' (quote) character, and possibly other invalid values, in the uname parameter in a userinfo operation.
- CVE-2007-0625Jan 31, 2007risk 0.00cvss —epss 0.00
nxconfigure.sh in NoMachine NX Server before 2.1.0-18 does not validate the invoking user, which allows local users to modify server configuration keys in /usr/NX/etc/server.cfg, resulting in an unspecified denial of service.
- CVE-2007-0626Jan 31, 2007risk 0.00cvss —epss 0.03
The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not…
- CVE-2007-0627Jan 31, 2007risk 0.00cvss —epss 0.00
Michael Still gtalkbot before 1.2 places username and password arguments on the command line, which allows local users to obtain sensitive information by listing the process.
- CVE-2007-0628Jan 31, 2007risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the (1) goto or (2) gx-charset parameter. NOTE: some of these…
- CVE-2007-0629Jan 31, 2007risk 0.00cvss —epss 0.01
The www_purgeList method in Plain Black WebGUI before 7.3.8 does not properly check user permissions, which allows attackers to delete unauthorized assets. NOTE: some of these details are obtained from third party information.
- CVE-2007-0630Jan 31, 2007risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in the generate_csv function in classes/class.news.php in X-dev xNews 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) from, and (3) q parameters, different vectors than CVE-2007-0569. NOTE: The…
- CVE-2007-0631Jan 31, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
- CVE-2007-0632Jan 31, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via a username cookie, a different vector than CVE-2007-0560.
- CVE-2007-0633Jan 31, 2007risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in include/themes/themefunc.php in MyNews 4.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter.
- CVE-2007-0612Jan 31, 2007risk 0.06cvss —epss 0.43
Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2)…
- CVE-2007-0613Jan 31, 2007risk 0.04cvss —epss 0.07
The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 does not check for duplicate entries when adding newly discovered available contacts, which allows remote attackers to cause a denial of service (disrupted…
- CVE-2007-0614Jan 31, 2007risk 0.04cvss —epss 0.08
The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (persistent application crash) via a crafted phsh hash attribute in a TXT key.
- CVE-2007-0615Jan 31, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in Hitachi JP1/HIBUN Advanced Edition Management Server and Log Server before 20070124 allows remote attackers to cause a denial of service (application stop) via unexpected data.
- CVE-2007-0616Jan 31, 2007risk 0.00cvss —epss 0.02
Directory traversal vulnerability in zen/template-functions.php in zenphoto 1.0.4 up to 1.0.6 allows remote attackers to list arbitrary directories via ".." sequences in the album parameter to index.php.
- CVE-2007-0617Jan 31, 2007risk 0.00cvss —epss 0.01
The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked "safe for scripting," which allows remote attackers to add arbitrary e-mail addresses and domains to the spam blocker whitelist via the (1) AddSenderToWhitelist and (2) AddDomainToWhitelist functions.
- CVE-2007-0618Jan 31, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
- CVE-2007-0619Jan 31, 2007risk 0.00cvss —epss 0.05
chmlib before 0.39 allows user-assisted remote attackers to execute arbitrary code via a crafted page block length in a CHM file, which triggers memory corruption.
- CVE-2007-0620Jan 31, 2007risk 0.03cvss —epss 0.04
download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php.
- CVE-2007-0467Jan 31, 2007risk 0.03cvss —epss 0.02
crashdump in Apple Mac OS X 10.4.8 allows local users in the admin group to modify arbitrary files or gain privileges via a symlink attack on application logs in /Library/Logs/CrashReporter/.
- CVE-2007-0465Jan 31, 2007risk 0.04cvss —epss 0.18
Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4.8 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a (1) PKG, (2) DISTZ, or (3) MPKG package filename.
- CVE-2007-0466Jan 31, 2007risk 0.03cvss —epss 0.06
Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 allows remote attackers to execute arbitrary code via a crafted ASF_File_Properties_Object size field in a WMV file, which triggers memory corruption.
- CVE-2007-0610Jan 31, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the mailform feature in CMSimple 2.7 fix1 allows remote attackers to inject arbitrary web script or HTML via the sender parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party…
- CVE-2007-0611Jan 31, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) inc.page.php and (2) inc.text.php.
- CVE-2006-5753Jan 30, 2007risk 0.00cvss —epss 0.00
Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is present, allows local users to cause a denial of service (data corruption) and possibly gain privileges via unknown vectors.
- CVE-2006-5754Jan 30, 2007risk 0.00cvss —epss 0.00
The aio_setup_ring function in Linux kernel does not properly initialize a variable, which allows local users to cause a denial of service (crash) via an unspecified error path that causes an incorrect free operation.
- CVE-2006-6535Jan 30, 2007risk 0.00cvss —epss 0.03
The dev_queue_xmit function in Linux kernel 2.6 can fail before calling the local_bh_disable function, which could lead to data corruption and "node lockups." NOTE: it is not clear whether this issue is exploitable.
- CVE-2007-0588Jan 30, 2007risk 0.00cvss —epss 0.06
The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that…