Total
288393 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1276 | 2 Usermin, Webmin | 2 Usermin, Webmin | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename. | ||||
| CVE-2007-1273 | 2 Navision, Netbsd | 2 Financials Server, Netbsd | 2024-11-21 | N/A |
| Integer overflow in the ktruser function in NetBSD-current before 20061022, NetBSD 3 and 3-0 before 20061024, and NetBSD 2 before 20070209, when the kernel is built with the COMPAT_FREEBSD or COMPAT_DARWIN option, allows local users to cause a denial of service and possibly gain privileges. | ||||
| CVE-2007-1271 | 1 Vmware | 1 Esx | 2024-11-21 | N/A |
| Buffer overflow in VMware ESX Server 3.0.0 and 3.0.1 might allow attackers to gain privileges or cause a denial of service (application crash) via unspecified vectors. | ||||
| CVE-2007-1270 | 1 Vmware | 2 Esx, Esx Server | 2024-11-21 | N/A |
| Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows attackers to cause a denial of service (crash), obtain sensitive information, or possibly execute arbitrary code via unspecified vectors. | ||||
| CVE-2007-1269 | 1 Gnu | 1 Gnumail | 2024-11-21 | N/A |
| GNUMail 1.1.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents GNUMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | ||||
| CVE-2007-1268 | 1 Mutt | 1 Mutt | 2024-11-21 | N/A |
| Mutt 1.5.13 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Mutt from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | ||||
| CVE-2007-1267 | 1 Sylpheed | 1 Sylpheed | 2024-11-21 | N/A |
| Sylpheed 2.2.7 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Sylpheed from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | ||||
| CVE-2007-1266 | 1 Gnome | 1 Evolution | 2024-11-21 | N/A |
| Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | ||||
| CVE-2007-1265 | 1 Kde | 1 K-mail | 2024-11-21 | N/A |
| KMail 1.9.5 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents KMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | ||||
| CVE-2007-1264 | 1 Enigmail | 1 Enigmail | 2024-11-21 | N/A |
| Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | ||||
| CVE-2007-1263 | 3 Gnu, Gnupg, Redhat | 3 Gpgme, Gnupg, Enterprise Linux | 2024-11-21 | N/A |
| GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection. | ||||
| CVE-2007-1262 | 2 Redhat, Squirrelmail | 2 Enterprise Linux, Squirrelmail | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer. | ||||
| CVE-2007-1261 | 1 Openbiblio | 1 Openbiblio | 2024-11-21 | N/A |
| Unspecified vulnerability in the reports system in OpenBiblio before 0.6.0 allows attackers to gain privileges via unspecified vectors. | ||||
| CVE-2007-1260 | 1 Webmod | 1 Webmod | 2024-11-21 | N/A |
| Stack-based buffer overflow in the connectHandle function in server.cpp in WebMod 0.48 allows remote attackers to execute arbitrary code via a long string in the Content-Length HTTP header. | ||||
| CVE-2007-1259 | 1 Web-app.org | 1 Webapp | 2024-11-21 | N/A |
| Multiple unspecified vulnerabilities in WebAPP before 0.9.9.6 have unknown impact and attack vectors. | ||||
| CVE-2007-1258 | 1 Cisco | 4 Catalyst 6000, Catalyst 6500, Catalyst 7600 and 1 more | 2024-11-21 | N/A |
| Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and the MSFC2, MSFC2a and MSFC3 running in Hybrid Mode on Cisco Catalyst 6000, 6500 and Cisco 7600 series systems; allows remote attackers on a local network segment to cause a denial of service (software reload) via a certain MPLS packet. | ||||
| CVE-2007-1257 | 1 Cisco | 10 Catalyst 6000 Ws-svc-nam-1, Catalyst 6000 Ws-svc-nam-2, Catalyst 6000 Ws-x6380-nam and 7 more | 2024-11-21 | N/A |
| The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM's own IP address. | ||||
| CVE-2007-1256 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A |
| Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address bar, favicons, and document source, and perform updates in the context of arbitrary websites, by repeatedly setting document.location in the onunload attribute when linking to another website, a variant of CVE-2007-1092. | ||||
| CVE-2007-1255 | 1 Connectix | 1 Connectix Boards | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated administrators to execute arbitrary PHP code by uploading a crafted GIF smiley image with a .php extension via the uploadimage parameter to admin.php, which can be later accessed via a direct request for the file in smileys/. NOTE: this can be leveraged with a separate SQL injection issue for remote unauthenticated attacks. | ||||
| CVE-2007-1254 | 1 Connectix | 1 Connectix Boards | 2024-11-21 | N/A |
| SQL injection vulnerability in part.userprofile.php in Connectix Boards 0.7 and earlier allows remote authenticated users to execute arbitrary SQL commands and obtain privileges via the p_skin parameter to index.php. | ||||