Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1222 | 2 Apple, Parallels | 2 Mac Os X, Parallels Desktop | 2008-11-15 | 7.2 HIGH | N/A |
| Parallels Desktop for Mac before 20070216 implements Drag and Drop by sharing the entire host filesystem as the .psf share, which allows local users of the guest operating system to write arbitrary files to the host filesystem, and execute arbitrary code via launchd by writing a plist file to a LaunchAgents directory. | |||||
| CVE-2007-1192 | 1 Hyperbook | 1 Guestbook | 2008-11-15 | 5.0 MEDIUM | N/A |
| Thomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an admin password hash via a direct request for data/gbconfiguration.dat. | |||||
| CVE-2007-1190 | 1 Bsalsa | 1 Embeddedwb Web Browser | 2008-11-15 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the EmbeddedWB Web Browser ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0821 | 1 Cedric | 1 Claire Portailphp | 2008-11-15 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Cedric CLAIRE PortailPhp 2 allow remote attackers to read arbitrary files via a .. (dot dot) in the chemin parameter to (1) mod_news/index.php or (2) mod_news/goodies.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0869 | 1 Jelsoft | 1 Vbulletin | 2008-11-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Attachment Manager (admincp/attachment.php) in Jelsoft vBulletin 3.6.4 allows remote attackers to inject arbitrary web script or HTML via the Extension field. NOTE: this might be a duplicate of CVE-2007-0830.5. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0840 | 1 Hlstats | 1 Hlstats | 2008-11-15 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HLstats before 1.35 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the search class. NOTE: it is possible that this issue overlaps CVE-2006-4543.3 or CVE-2006-4454. | |||||
| CVE-2007-0913 | 1 Microsoft | 1 Powerpoint | 2008-11-15 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues. | |||||
| CVE-2007-0823 | 1 Slackware | 1 Slackware Linux | 2008-11-15 | 1.9 LOW | N/A |
| xterm on Slackware Linux 10.2 stores information that had been displayed for a different user account using the same xterm process, which might allow local users to bypass file permissions and read other users' files, or obtain other sensitive information, by reading the xterm process memory. NOTE: it could be argued that this is an expected consequence of multiple users sharing the same interactive process, in which case this is not a vulnerability. | |||||
| CVE-2007-1018 | 1 Virtualsystem | 1 Vs-news-system | 2008-11-15 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in tpl/header.php in VirtualSystem VS-News-System 1.2.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the newsordner parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0868 | 1 Yahoo | 1 Messenger | 2008-11-15 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Chat Room functionality in Yahoo! Messenger 8.1.0.239 and earlier allows remote attackers to cause a denial of service via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0852 | 1 Techexcel Inc. | 1 Devtrack | 2008-11-15 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote attackers to inject arbitrary web script or HTML via the "Keyword search" form field and unspecified other form fields that populate a public saved query. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0877 | 1 March Networks | 5 3108 Dvr, 3204 Dvr, 4210 Dvr and 2 more | 2008-11-15 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in March Networks DVR 3000 and 4000 Digital Video Recorders allows attackers to cause an unspecified denial of service. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0902 | 1 Moinmoin | 1 Moinmoin | 2008-11-15 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the "Show debugging information" feature in MoinMoin 1.5.7 allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0901 | 1 Moinmoin | 1 Moinmoin | 2008-11-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Info pages in MoinMoin 1.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) hitcounts and (2) general parameters, different vectors than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0604 | 1 Six Apart Ltd | 1 Movable Type | 2008-11-15 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Movable Type (MT) before 3.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the MTCommentPreviewIsStatic tag, which can open the "comment entry screen," a different vulnerability than CVE-2007-0231. | |||||
| CVE-2007-0759 | 1 Umberto Caldera | 1 Easymoblog | 2008-11-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in EasyMoblog 0.5.1 allow remote attackers to execute arbitrary SQL commands via the (1) i or (2) post_id parameter to add_comment.php, which triggers an injection in libraries.inc.php; or (3) the i parameter to list_comments.php, which triggers an injection in libraries.inc.php. | |||||
| CVE-2007-0565 | 1 Cgi-rescue | 1 Shopping Basket Professional | 2008-11-15 | 7.5 HIGH | N/A |
| CGI-Rescue Shopping Basket Professional 7.50 and earlier allows remote attackers to inject arbitrary operating system commands via unspecified vectors. | |||||
| CVE-2007-0557 | 1 Rmake | 1 Rmake | 2008-11-15 | 7.2 HIGH | N/A |
| rMake before 1.0.4 drops root privileges in a way that retains the original supplemental groups, which might allow attackers to gain privileges via a crafted recipe file, a different vulnerability than CVE-2007-0536. | |||||
| CVE-2007-0622 | 1 Mybb | 1 Mybb | 2008-11-15 | 5.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in MyBB (aka MyBulletinBoard) 1.2.2 allows remote attackers to send messages to arbitrary users. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0442 | 1 Ibm | 1 Os 400 | 2008-11-15 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown impact and remote attack vectors, related to an "Integrity Problem" involving LIC-TCPIP and TCP reset. NOTE: it is possible that this issue is related to CVE-2004-0230, but this is not certain. | |||||