Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3637 | 1 Mkportal | 1 Mkportal | 2008-11-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in MKPortal 1.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka ZD-00000008. this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. | |||||
| CVE-2007-6610 | 1 Debian | 1 Unp | 2008-11-15 | 10.0 HIGH | N/A |
| unp 1.0.12, and other versions before 1.0.14, does not properly escape file names, which might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument. NOTE: this might only be a vulnerability when unp is invoked by a third party product. | |||||
| CVE-2007-4614 | 1 Bea | 1 Weblogic Server | 2008-11-13 | 7.5 HIGH | N/A |
| BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log to temporarily unavailable managed servers, which might allow attackers to bypass intended restrictions, a different vulnerability than CVE-2007-0426. | |||||
| CVE-2007-3617 | 1 Vtiger | 1 Vtiger Crm | 2008-11-13 | 4.0 MEDIUM | N/A |
| The report module in vtiger CRM before 5.0.3 does not properly apply security rules, which allows remote authenticated users to read arbitrary private module entries. | |||||
| CVE-2007-3604 | 1 Vtiger | 1 Vtiger Crm | 2008-11-13 | 4.0 MEDIUM | N/A |
| vtiger CRM before 5.0.3 allows remote authenticated users with access to the Analytics DashBoard menu to bypass data restrictions and read the pipeline of the entire organization, possibly involving modules/Potentials/Potentials.php. | |||||
| CVE-2007-3603 | 1 Vtiger | 1 Vtiger Crm | 2008-11-13 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the dashboard (include/utils/SearchUtils.php) in vtiger CRM before 5.0.3 allows remote authenticated users to execute arbitrary SQL commands via the assigned_user_id parameter in a Potentials ListView action to index.php. | |||||
| CVE-2007-3335 | 1 Phpecho Cms | 1 Phpecho Cms | 2008-11-13 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the admin panel in PHPEcho CMS before 1.6 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2007-2906 | 1 Sun | 1 Java Embedding Plugin | 2008-11-13 | 5.0 MEDIUM | N/A |
| Java Embedding Plugin 0.9.6.1 allows remote attackers to cause a denial of service (browser crash) via a Thread subclass that calls super.run from its run method. | |||||
| CVE-2007-2188 | 1 Extremail | 1 Extremail | 2008-11-13 | 10.0 HIGH | N/A |
| eXtremail 2.1.1 and earlier does not verify the ID field (aka transaction id) in DNS responses, which makes it easier for remote attackers to conduct DNS spoofing. | |||||
| CVE-2007-2269 | 1 Swsoft | 1 Plesk | 2008-11-13 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in top.php3 in SWsoft Plesk for Windows 8.1 and 8.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter. | |||||
| CVE-2007-2195 | 1 Alvaro | 1 Alvaros Messenger | 2008-11-13 | 5.0 MEDIUM | N/A |
| aMSN (aka Alvaro's Messenger) 0.96 and earlier allows remote attackers to cause a denial of service (application crash) by sending invalid data to TCP port 31337. | |||||
| CVE-2007-2318 | 1 Filezilla | 1 Filezilla | 2008-11-13 | 9.3 HIGH | N/A |
| Multiple format string vulnerabilities in FileZilla before 2.2.32 allow remote attackers to execute arbitrary code via format string specifiers in (1) FTP server responses or (2) data sent by an FTP server. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2429 | 1 Manageengine | 1 Passwordmanager Pro | 2008-11-13 | 10.0 HIGH | N/A |
| ManageEngine PasswordManager Pro (PMP) allows remote attackers to obtain administrative access to a database by injecting a certain command line for the mysql program, as demonstrated by the "-port 2345" and "-u root" arguments. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2423 | 1 Moinmoin | 1 Moinmoin | 2008-11-13 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in MoinMoin 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the do parameter in an AttachFile action, a different vulnerability than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2073 | 1 Ivan Gallery Script | 1 Ivan Gallery Script | 2008-11-13 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Ivan Gallery Script 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the gallery parameter in a new session. | |||||
| CVE-2007-1955 | 1 Signkorea | 1 Skcommax Activex Control | 2008-11-13 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in the SignKorea SKCrypAX ActiveX control module 5.4.1.2 allow remote attackers to execute arbitrary code via a long string in unspecified arguments to the (1) DownloadCert, (2) DecryptFileByKey, and (3) EncryptFileByKey functions, a different module and vectors than CVE-2007-1722. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2023 | 1 Secustick | 1 Secustick Usb Flash Drive | 2008-11-13 | 7.2 HIGH | N/A |
| USB20.dll in Secustick USB flash drive decouples the authorization and file access routines, which allows local users to bypass authentication requirements by altering the return value of the VerifyPassWord function. | |||||
| CVE-2007-1823 | 1 T-mobile | 1 Voice Mail Systems | 2008-11-13 | 10.0 HIGH | N/A |
| T-Mobile voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID). | |||||
| CVE-2007-1820 | 1 Nortel | 2 Callpilot, Meridian Mail | 2008-11-13 | 9.3 HIGH | N/A |
| Nortel Networks CallPilot and Meridian Mail voicemail systems, when a mailbox has auto logon enabled, allow remote attackers to retrieve or remove messages, or reconfigure the mailbox, by spoofing Calling Number Identification (CNID, aka Caller ID). | |||||
| CVE-2007-1829 | 1 Web-app.net | 1 Webapp | 2008-11-13 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in web-app.net WebAPP have unknown impact and attack vectors, described as "[having] other [security] issues too, not as bad as letting users take over your admin account, but bad too." | |||||