Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6031 | 1 Van Dyke Technologies | 1 Vshell | 2008-11-15 | 7.8 HIGH | N/A |
| Unspecified vulnerability in VanDyke VShell 3.0.1 allows remote attackers to cause a denial of service via unspecified vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. | |||||
| CVE-2007-5832 | 1 Ssl-explorer | 1 Ssl-explorer | 2008-11-15 | 7.5 HIGH | N/A |
| Unspecified vulnerability in selectLanguage.do in SSL-Explorer before 0.2.15 allows remote attackers to inject (1) headers or (2) body data in an HTTP transaction, a different vulnerability than CVE-2007-2907. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-5807 | 1 Ssreader | 1 Ultra Star Reader | 2008-11-15 | 6.8 MEDIUM | N/A |
| Buffer overflow in the register function in Ultra Star Reader ActiveX control in SSReader allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-5801 | 1 Work System E-commerce | 1 Work System E-commerce | 2008-11-15 | 7.5 HIGH | N/A |
| Unspecified vulnerability in WORK system e-commerce before 4.0.2 has unknown impact and attack vectors related to "Ajax pages." | |||||
| CVE-2007-5830 | 1 Avaya | 2 Message Networking, Messaging Storage Server | 2008-11-15 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the administrative interface in Avaya Messaging Storage Server (MSS) 3.1 before SP1, and Message Networking (MN) 3.1, allows remote attackers to cause a denial of service via unspecified vectors related to "input validation." | |||||
| CVE-2007-5939 | 1 Heimdal | 1 Heimdal | 2008-11-15 | 10.0 HIGH | N/A |
| The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact via an invalid username. NOTE: the vulnerability was originally reported for ftpd.c, but this is incorrect. | |||||
| CVE-2007-5890 | 1 Easygb | 1 Easygb | 2008-11-15 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in index.php in easyGB 2.1.1 allows remote attackers to include arbitrary files via the DatabaseType parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-5994 | 1 Yappa-ng | 1 Yappa-ng | 2008-11-15 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in check_noimage.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the config[path_src_include] parameter. | |||||
| CVE-2007-5952 | 1 Helioscalendar | 1 Helios Calendar | 2008-11-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/index.php in Helios Calendar 1.2.1 Beta allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-5982 | 1 X7 Group | 1 X7 Chat | 2008-11-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4, 2.0.5, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) room parameter to sources/frame.php, the (2) theme_c parameter to help/index.php, or the (3) INSTALL_X7CHATVERSION parameter to upgradev1.php. | |||||
| CVE-2007-5816 | 1 Contentcustomizer | 1 Contentcustomizer | 2008-11-15 | 5.0 MEDIUM | N/A |
| dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to obtain sensitive author credentials by making a request with an editauthor action, then reading the value of the newlocalpassword password input field in the HTML source of the resulting page. | |||||
| CVE-2007-5563 | 1 Virtuemart | 1 Virtuemart | 2008-11-15 | 7.5 HIGH | N/A |
| Unspecified vulnerability in VirtueMart before 1.0.13 allows remote attackers to execute arbitrary PHP code via unspecified vectors. | |||||
| CVE-2007-5548 | 1 Cisco | 1 Ios | 2008-11-15 | 6.9 MEDIUM | N/A |
| Multiple stack-based buffer overflows in Command EXEC in Cisco IOS allow local users to gain privileges via unspecified vectors, aka (1) PSIRT-0474975756 and (2) PSIRT-0388256465. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2007-5675 | 1 Multixtpm | 1 Application Server | 2008-11-15 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the DebugPrint function in MultiXTpm Application Server before 4.0.2d allows remote attackers to execute arbitrary code via a long string argument. | |||||
| CVE-2007-5648 | 1 Rnote | 1 Rnote | 2008-11-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in rnote.php in rNote 0.9.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) d or the (2) u parameter. | |||||
| CVE-2007-5547 | 1 Cisco | 1 Ios | 2008-11-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco IOS allows remote attackers to inject arbitrary web script or HTML, and execute IOS commands, via unspecified vectors, aka PSIRT-2022590358. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2007-5715 | 1 Denyhosts | 1 Denyhosts | 2008-11-15 | 4.3 MEDIUM | N/A |
| DenyHosts 2.6 processes OpenSSH sshd "not listed in AllowUsers" log messages with an incorrect regular expression that does not match an IP address, which might allow remote attackers to avoid detection and blocking when making invalid login attempts with a username not present in AllowUsers, as demonstrated by the root username, a different vulnerability than CVE-2007-4323. | |||||
| CVE-2007-5470 | 1 Microsoft | 1 Expression Media | 2008-11-15 | 2.1 LOW | N/A |
| Microsoft Expression Media stores the catalog password in cleartext in the catalog IVC file, which allows local users to obtain sensitive information and gain access to the catalog by reading the IVC file. | |||||
| CVE-2007-5599 | 1 Awrate | 1 Awrate | 2008-11-15 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in awrate 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to (1) 404.php or (2) topbar.php, different vectors than CVE-2006-6368. | |||||
| CVE-2007-5549 | 1 Cisco | 1 Ios | 2008-11-15 | 2.1 LOW | N/A |
| Unspecified vulnerability in Command EXEC in Cisco IOS allows local users to bypass command restrictions and obtain sensitive information via an unspecified "variation of an IOS command" involving "two different methods", aka CSCsk16129. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||