Total
289055 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1345 | 1 Broadcom | 1 Etrust Admin | 2024-11-21 | N/A |
| Unspecified vulnerability in cube.exe in the GINA component for CA (Computer Associates) eTrust Admin 8.1.0 through 8.1.2 allows attackers with physical interactive or Remote Desktop access to bypass authentication and gain privileges via the password reset interface. | ||||
| CVE-2007-1344 | 1 Xiph | 1 Icecast Ezstream | 2024-11-21 | N/A |
| Multiple buffer overflows in src/ezstream.c in Ezstream before 0.3.0 allow remote attackers to execute arbitrary code via a crafted XML configuration file processed by the (1) urlParse function, which causes a stack-based overflow and the (2) ReplaceString function, which causes a heap-based overflow. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-1343 | 1 Webcalendar | 1 Webcalendar | 2024-11-21 | N/A |
| includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that probably include remote file inclusion and other issues. | ||||
| CVE-2007-1342 | 1 Jelsoft | 1 Vbulletin | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the add rss url form. | ||||
| CVE-2007-1341 | 1 Simple Invoices | 1 Simple Invoices | 2024-11-21 | N/A |
| include/auth/auth.php in Simple Invoices before 2007 03 05 does not use the login system to protect print preview pages for invoices, which might allow attackers to obtain sensitive information. | ||||
| CVE-2007-1340 | 1 Weltennetz | 1 News-letterman | 2024-11-21 | N/A |
| PHP remote file inclusion vulnerability in eintrag.php in Weltennetz News-Letterman 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the sqllog parameter. | ||||
| CVE-2007-1339 | 1 Monitor-line | 1 Links Management | 2024-11-21 | N/A |
| SQL injection vulnerability in index.php in Links Management Application 1.0 allows remote attackers to execute arbitrary SQL commands via the lcnt parameter. | ||||
| CVE-2007-1338 | 1 Apple | 1 Airport Extreme | 2024-11-21 | N/A |
| The default configuration of the AirPort utility in Apple AirPort Extreme creates an IPv6 tunnel but does not enable the "Block incoming IPv6 connections" setting, which might allow remote attackers to bypass intended access restrictions by establishing IPv6 sessions that would have been rejected over IPv4. | ||||
| CVE-2007-1337 | 1 Vmware | 1 Workstation | 2024-11-21 | N/A |
| The virtual machine process (VMX) in VMware Workstation before 5.5.4 does not properly read state information when moving from the ACPI sleep state to the run state, which allows attackers to cause a denial of service (virtual machine reboot) via unknown vectors. | ||||
| CVE-2007-1332 | 1 Tks Banking Solutions | 1 Eportfolio | 2024-11-21 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java allow remote attackers to perform unspecified restricted actions in the context of certain accounts by bypassing the client-side protection scheme. | ||||
| CVE-2007-1331 | 1 Tks Banking Solutions | 1 Eportfolio | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java allow remote attackers to inject arbitrary web script or HTML via unspecified vectors that bypass the client-side protection scheme, one of which may be the q parameter to the search program. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-1330 | 1 Comodo | 1 Comodo Firewall Pro | 2024-11-21 | N/A |
| Comodo Firewall Pro (CFP) (formerly Comodo Personal Firewall) 2.4.18.184 and earlier allows local users to bypass driver protections on the HKLM\SYSTEM\Software\Comodo\Personal Firewall registry key by guessing the name of a named pipe under \Device\NamedPipe\OLE and attempting to open it multiple times. | ||||
| CVE-2007-1329 | 2 Ledgersmb, Sql-ledger | 2 Ledgersmb, Sql-ledger | 2024-11-21 | N/A |
| Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting functions that filter these strings and collapse into .. (dot dot) sequences. | ||||
| CVE-2007-1328 | 1 Bernard Joly | 1 Bj Webring | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in formulaire.php in Bernard JOLY BJ Webring allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter related to the add link menu. | ||||
| CVE-2007-1327 | 1 Silc | 1 Silc-server | 2024-11-21 | N/A |
| The SILC_SERVER_CMD_FUNC function in apps/silcd/command.c in silc-server 1.0.2 allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a request without a cipher algorithm and an invalid HMAC algorithm. | ||||
| CVE-2007-1326 | 1 Serendipity | 1 Serendipity | 2024-11-21 | N/A |
| SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[multiCat][] parameter. | ||||
| CVE-2007-1325 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | N/A |
| The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions. NOTE: it could be argued that this vulnerability is caused by a problem in PHP (CVE-2006-1549) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpMyAdmin. | ||||
| CVE-2007-1324 | 1 Snapgear | 6 560, 580, 585 and 3 more | 2024-11-21 | N/A |
| SnapGear 560, 585, 580, 640, 710, and 720 appliances before the 3.1.4u5 firmware allow remote attackers to cause a denial of service (complete packet loss) via a packet flood, a different vulnerability than CVE-2006-4613. | ||||
| CVE-2007-1322 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | N/A |
| QEMU 0.8.2 allows local users to halt a virtual machine by executing the icebp instruction. | ||||
| CVE-2007-1321 | 5 Debian, Fedoraproject, Qemu and 2 more | 6 Debian Linux, Fedora, Fedora Core and 3 more | 2024-11-21 | N/A |
| Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled "NE2000 network driver and the socket code," but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730. | ||||