Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2268 | 1 Swsoft | 1 Plesk | 2011-03-08 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in SWsoft Plesk for Windows 7.6.1, 8.1.0, and 8.1.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter to (1) login.php3 or (2) login_up.php3. | |||||
| CVE-2007-2051 | 1 Bftpd | 1 Bftpd | 2011-03-08 | 5.0 MEDIUM | N/A |
| Buffer overflow in the parsecmd function in bftpd before 1.8 has unknown impact and attack vectors related to the confstr variable. | |||||
| CVE-2007-1522 | 1 Php | 1 Php | 2011-03-08 | 6.8 MEDIUM | N/A |
| Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted, as demonstrated by triggering a memory limit violation or certain PHP errors. | |||||
| CVE-2007-1400 | 1 Plesh | 1 Plesh | 2011-03-08 | 6.9 MEDIUM | N/A |
| Plash permits sandboxed processes to open /dev/tty, which allows local users to escape sandbox restrictions and execute arbitrary commands by sending characters to a shell process on the same termimal via the TIOCSTI ioctl. | |||||
| CVE-2007-1656 | 1 Katalog Plyt Audio | 1 Katalog Plyt Audio | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Katalog Plyt Audio 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fraza and (2) litera parameters, different vectors than CVE-2007-1612. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-1595 | 1 Asterisk | 1 Asterisk | 2011-03-08 | 7.5 HIGH | N/A |
| The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form. | |||||
| CVE-2007-1831 | 1 Web-app.org | 1 Webapp | 2011-03-08 | 6.0 MEDIUM | N/A |
| web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to open files and write "wrong data" via a crafted QUERY_STRING. | |||||
| CVE-2007-1526 | 1 Sun | 1 Java System Web Server | 2011-03-08 | 6.0 MEDIUM | N/A |
| Sun Java System Web Server 6.1 before 20070314 allows remote authenticated users with revoked client certificates to bypass the Certificate Revocation List (CRL) authorization control and access secure web server instances running under an account different from that used for the admin server via unspecified vectors. | |||||
| CVE-2007-1498 | 1 Mcafee | 2 Epolicy Orchestrator, Protectionpilot | 2011-03-08 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ActiveX control (SiteManager.dll) in the ePO management console in McAfee ePolicy Orchestrator (ePO) before 3.6.1 Patch 1 and ProtectionPilot (PRP) before 1.5.0 HotFix allow remote attackers to execute arbitrary code via a long argument to the (1) ExportSiteList and (2) VerifyPackageCatalog functions, and (3) unspecified vectors involving a swprintf function call. | |||||
| CVE-2007-1361 | 1 Virtuemart | 1 Virtuemart | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in virtuemart_parser.php in VirtueMart before 20070213 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue is probably different than CVE-2007-0376. | |||||
| CVE-2007-1444 | 1 Netperf | 1 Netperf | 2011-03-08 | 4.4 MEDIUM | N/A |
| netserver in netperf 2.4.3 allows local users to overwrite arbitrary files via a symlink attack on /tmp/netperf.debug. | |||||
| CVE-2007-1572 | 1 Sourceforge | 1 Jgbbs | 2011-03-08 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter, a different vector than CVE-2007-1440. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-1637 | 1 Ipswitch | 4 Imail, Imail Plus, Imail Premium and 1 more | 2011-03-08 | 9.3 HIGH | N/A |
| Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailUserCollection control. | |||||
| CVE-2007-1624 | 1 Realguestbook | 1 Realguestbook | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in realGuestbook 5.01 allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) homepage, and (4) text parameters to save_entry.php, as reachable through add_entry.php; and possibly other unspecified parameters and files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-1788 | 1 Flyspray | 1 Flyspray | 2011-03-08 | 6.8 MEDIUM | N/A |
| Flyspray 0.9.9, when output_buffering is disabled or "set to a low value," allows remote attackers to bypass authentication via a crafted post request. | |||||
| CVE-2007-1457 | 1 Christian Scheurer | 2 Unrarlib, Urarfilelib | 2011-03-08 | 10.0 HIGH | N/A |
| Buffer overflow in the urarlib_get function in Christian Scheurer UniquE RAR File Library (unrarlib, aka URARFileLib) 0.4 allows context-dependent attackers to execute arbitrary code via a long (1) filename, (2) rarfile, or (3) libpassword argument. | |||||
| CVE-2007-1589 | 2 Linux, Truecrypt Foundation | 2 Linux Kernel, Truecrypt | 2011-03-08 | 2.1 LOW | N/A |
| TrueCrypt before 4.3, when set-euid mode is used on Linux, allows local users to cause a denial of service (filesystem unavailability) by dismounting a volume mounted by a different user. | |||||
| CVE-2007-1828 | 1 Web-app.org | 1 Webapp | 2011-03-08 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in web-app.org WebAPP before 0.9.9.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the QUERY_STRING corresponding to drop downs or (2) various forms. | |||||
| CVE-2007-1385 | 1 Joris Guisson | 1 Ktorrent | 2011-03-08 | 7.5 HIGH | N/A |
| chunkcounter.cpp in KTorrent before 2.1.2 allows remote attackers to cause a denial of service (crash) and heap corruption via a negative or large idx value. | |||||
| CVE-2007-1521 | 1 Php | 1 Php | 2011-03-08 | 6.8 MEDIUM | N/A |
| Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation. | |||||