Total
2480 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2007-5195 | 1 Suse | 1 Suse Linux | 2024-08-07 | N/A |
Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5196. | ||||
CVE-2007-4960 | 1 Linden Lab | 1 Second Life | 2024-08-07 | N/A |
Argument injection vulnerability in the Linden Lab Second Life secondlife:// protocol handler, as used in Internet Explorer and possibly Firefox, allows remote attackers to obtain sensitive information via a '" ' (double-quote space) sequence followed by the -autologin and -loginuri arguments, which cause the handler to post login credentials and software installation details to an arbitrary URL. | ||||
CVE-2007-4926 | 1 Axis | 1 207w Camera | 2024-08-07 | N/A |
The AXIS 207W camera uses a base64-encoded cleartext username and password for authentication, which allows remote attackers to obtain sensitive information by sniffing the wireless network or by leveraging unspecified other vectors. | ||||
CVE-2007-4928 | 1 Axis | 1 207w Network Camera | 2024-08-07 | N/A |
The AXIS 207W camera stores a WEP or WPA key in cleartext in the configuration file, which might allow local users to obtain sensitive information. | ||||
CVE-2007-4751 | 1 Data-vision | 1 Remotedocs R-viewer | 2024-08-07 | N/A |
RemoteDocs R-Viewer before 1.6.3768 stores encrypted RDZ file data in unencrypted temporary files, which allows local users to obtain sensitive information by reading the temporary files. | ||||
CVE-2007-4750 | 1 Data-vision | 1 Remotedocs R-viewer | 2024-08-07 | N/A |
Unspecified vulnerability in RemoteDocs R-Viewer before 1.6.3768 allows user-assisted remote attackers to execute arbitrary code via a crafted RDZ archive in which the first file has an executable extension. | ||||
CVE-2007-4613 | 1 Bea | 1 Weblogic Server | 2024-08-07 | N/A |
SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP5 might allow remote attackers to obtain plaintext from an SSL stream via a man-in-the-middle attack that injects crafted data and measures the elapsed time before an error response, a different vulnerability than CVE-2006-2461. | ||||
CVE-2007-4656 | 1 Backup Manager | 1 Backup Manager | 2024-08-07 | N/A |
backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than CVE-2007-2766. | ||||
CVE-2007-4311 | 1 Linux | 1 Linux Kernel | 2024-08-07 | N/A |
The xfer_secondary_pool function in drivers/char/random.c in the Linux kernel 2.4 before 2.4.35 performs reseed operations on only the first few bytes of a buffer, which might make it easier for attackers to predict the output of the random number generator, related to incorrect use of the sizeof operator. | ||||
CVE-2007-3805 | 1 Clavister | 1 Clavister Coreplus | 2024-08-07 | N/A |
The IKE implementation in Clavister CorePlus before 8.80.03, and 8.80.00, does not properly validate certificates during IKE negotiation, which allows remote attackers to cause a denial of service (gateway stop) via certain certificates. | ||||
CVE-2007-0014 | 1 Sun | 1 Chainkey Java Code Protection | 2024-08-07 | N/A |
ChainKey Java Code Protection allows attackers to decompile Java class files via a Java class loader with a modified defineClass method that saves the bytecode to a file before it is passed to the JVM. | ||||
CVE-2008-7270 | 2 Openssl, Redhat | 3 Openssl, Enterprise Linux, Jboss Enterprise Web Server | 2024-08-07 | N/A |
OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180. | ||||
CVE-2008-7252 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-08-07 | N/A |
libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors. | ||||
CVE-2008-7113 | 1 Kyoceramita | 1 Scanner File Utility | 2024-08-07 | N/A |
The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 uses a small space of predictable user identification numbers for access control, which allows remote attackers to upload documents via a brute force attack. | ||||
CVE-2008-7138 | 1 Eye.fi | 1 Eye-fi Manager | 2024-08-07 | N/A |
The Manager in Eye-Fi 1.1.2 generates predictable snonce values based on the time of day, which allows remote attackers to bypass authentication and upload arbitrary images by guessing the snonce. | ||||
CVE-2008-7020 | 1 Mcafee | 1 Safeboot Device Encryption | 2024-08-07 | N/A |
McAfee SafeBoot Device Encryption 4 build 4750 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | ||||
CVE-2008-7023 | 1 Arubanetworks | 2 Aruba Mobility Controller, Arubaos | 2024-08-07 | N/A |
Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other versions, installs the same default X.509 certificate for all installations, which allows remote attackers to bypass authentication. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation. | ||||
CVE-2008-6908 | 2 Drupal, Marc Ingram | 2 Drupal, Services | 2024-08-07 | N/A |
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, uses an insecure hash when signing requests, which allows remote attackers to impersonate other users and gain privileges. | ||||
CVE-2008-6909 | 2 Drupal, Marc Ingram | 2 Drupal, Services | 2024-08-07 | N/A |
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not sign all required data in requests, which has unspecified impact, probably related to man-in-the-middle attacks that modify critical data and allow remote attackers to impersonate other users and gain privileges. | ||||
CVE-2008-6910 | 2 Drupal, Marc Ingram | 2 Drupal, Services | 2024-08-07 | N/A |
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not use timeouts for signed requests, which allows remote attackers to impersonate other users and gain privileges via a replay attack that sends the same request. |