Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3428 | 1 Zoneo-soft | 1 Phptraffica | 2008-11-15 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in phpTrafficA before 1.4.2 allow remote attackers to have an unknown impact via the file parameter to (1) plotStatBar.php or (2) plotStatPie.php, different vectors than CVE-2007-1076. | |||||
| CVE-2007-3422 | 1 Web-app.org | 1 Webapp | 2008-11-15 | 7.5 HIGH | N/A |
| The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 attempts to parse query strings that contain (1) non-printing characters, (2) certain printing characters that do not commonly occur in URLs, or (3) invalid URL encoding sequences, which has unknown impact and remote attack vectors. | |||||
| CVE-2007-3397 | 1 Ibm | 1 Websphere Application Server | 2008-11-15 | 5.0 MEDIUM | N/A |
| The web container in IBM WebSphere Application Server (WAS) before 6.0.2.21, and 6.1.x before 6.1.0.9, sends response data intended for a different request in certain circumstances after a closed connection error, which might allow remote attackers to obtain sensitive information. | |||||
| CVE-2007-3359 | 1 Iptel | 1 Serweb | 2008-11-15 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SerWeb 0.9.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _SERWEB[serwebdir] parameter to (1) html/load_apu.php or (2) html/mail_prepend.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-3420 | 1 Web-app.org | 1 Webapp | 2008-11-15 | 7.5 HIGH | N/A |
| The Random Cookie Password functionality in the loaduser function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 does not clear the (1) username, (2) password, (3) usertheme, and (4) userlang cookies for unauthorized users, which has unknown impact and remote attack vectors. | |||||
| CVE-2007-3423 | 1 Web-app.org | 1 Webapp | 2008-11-15 | 7.5 HIGH | N/A |
| cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the (1) imview2 or (2) imview3 function reads (a) an internal IM, or a message from a (b) guest or (c) removed member, which has unknown impact and remote attack vectors. | |||||
| CVE-2007-3424 | 1 Web-app.org | 1 Webapp | 2008-11-15 | 7.5 HIGH | N/A |
| The moveim function in cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the tocat parameter as a subdirectory name when moving an instant message, which has unknown impact and remote attack vectors. | |||||
| CVE-2007-3197 | 1 Jelsoft | 1 Vbsupport Integrated Ticket System | 2008-11-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in vBSupport.php in vBSupport 1.1 before 1.1a allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2007-3150 | 1 Google | 1 Desktop | 2008-11-15 | 9.3 HIGH | N/A |
| Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .exe file, which is displayed in the "results stored on your computer" portion of the search results, and when clicked invokes Google Desktop to execute this file. | |||||
| CVE-2007-3130 | 1 Joomla | 1 Jd-wiki | 2008-11-15 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the OpenWiki (formerly JD-Wiki) component (com_jd-wiki) 1.0.2, and possibly earlier, for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) dwpage.php or (2) wantedpages.php, different vectors than CVE-2006-4074. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-3046 | 1 Advanced Software Production Line | 1 Vortex Library | 2008-11-15 | 5.0 MEDIUM | N/A |
| Buffer overflow in Advanced Software Production Line Vortex Library before 1.0.3 allows remote attackers to cause a denial of service (listener crash) via unspecified vectors related to the select I/O implementation and the file set buffer. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2806 | 1 Galix | 1 Galix | 2008-11-15 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in GaliX 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) galix_cat_detail, (2) galix_gal_detail, and (3) galix_cat_detail_sort parameters. | |||||
| CVE-2007-2885 | 1 Microsoft | 1 Visual Database Tools Database Designer | 2008-11-15 | 4.3 MEDIUM | N/A |
| The NotSafe function in the MSVDTDatabaseDesigner7 ActiveX control in VDT70.DLL in Microsoft Visual Database Tools (MSVDT) Database Designer 7.0 allows remote attackers to cause a denial of service (Internet Explorer 6 crash) via a long argument. | |||||
| CVE-2007-2843 | 1 Apple | 1 Safari | 2008-11-15 | 10.0 HIGH | N/A |
| Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed events. | |||||
| CVE-2007-2912 | 1 Jelsoft | 1 Vbulletin | 2008-11-15 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Jelsoft vBulletin before 3.6.6, when unauthenticated User Infraction Permissions is disabled, allows remote attackers to see the infraction "red flag" for a deleted user. | |||||
| CVE-2007-2904 | 1 Sun | 1 Java System Messaging Server | 2008-11-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Sun Java System Messaging Server 6.0 through 6.3, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a related issue to CVE-2006-5653. | |||||
| CVE-2007-2557 | 1 Mambo | 1 Mambo | 2008-11-15 | 4.0 MEDIUM | N/A |
| MOStlyDB Admin in Mambo 4.6.1 does not properly check privileges, which allows remote authenticated administrators to have an unknown impact via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2454 | 1 Parallels | 1 Parallels Desktop | 2008-11-15 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the VGA device in Parallels allows local users, with root access to the guest operating system, to terminate the virtual machine and possibly execute arbitrary code in the host operating system via unspecified vectors related to bitblt operations. | |||||
| CVE-2007-2455 | 1 Parallels | 1 Parallels Desktop | 2008-11-15 | 6.1 MEDIUM | N/A |
| Parallels allows local users to cause a denial of service (virtual machine abort) via (1) certain INT instructions, as demonstrated by INT 0xAA; (2) an IRET instruction when an invalid address is at the top of the stack; (3) a malformed MOVNTI instruction, as demonstrated by using a register as a destination; or a write operation to (4) SEGR6 or (5) SEGR7. | |||||
| CVE-2007-1588 | 1 Myserver | 1 Myserver | 2008-11-15 | 7.5 HIGH | N/A |
| server.cpp in MyServer 0.8.5 calls Process::setuid before calling Process::setgid and thus does not properly drop privileges, which might allow remote attackers to execute CGI programs with unintended privileges. | |||||