259401
|
6.4 |
MEDIUM
|
mongrel
|
mongrel
|
Directory traversal vulnerability in DirHandler (lib/mongrel/handlers.rb) in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double…
|
CWE-22
パス・トラバーサル
|
CVE-2007-6612
|
2011-03-8 12:03 |
2008-01-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259402
|
2.1 |
LOW
|
ibm
|
aix
|
Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to an error in the …
|
NVD-CWE-Other
|
CVE-2007-6680
|
2011-03-8 12:03 |
2008-01-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259403
|
9.3 |
HIGH
|
ibm
|
lotus_notes
|
Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH or 7.0.3, and possibly 8.0 allows remote attackers to execute arbitrary code via crafted text in …
|
CWE-94
コード・インジェクション
|
CVE-2007-6706
|
2011-03-8 12:03 |
2008-03-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259404
|
6.0 |
MEDIUM
|
xunlei
|
web_thunder
|
Heap-based buffer overflow in the PPlayer.XPPlayer.1 ActiveX control in pplayer.dll_1_work in Xunlei Thunder 5.7.4.401 allows remote attackers to execute arbitrary code via a long string in a FlvPlay…
|
CWE-119
バッファエラー
|
CVE-2007-6144
|
2011-03-8 12:02 |
2007-11-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259405
|
5.0 |
MEDIUM
|
hitachi
|
jp1_file_transmission_server
|
Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-02 on Windows might allow remote attackers to cause a denial of service (service stop) via a "specific file" argument to an FTP command.
|
CWE-20
不適切な入力確認
|
CVE-2007-6146
|
2011-03-8 12:02 |
2007-11-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259406
|
10.0 |
HIGH
|
adobe
|
connect_enterprise_server flash_media_server_2
|
Use-after-free vulnerability in the Edge server in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allows remote attackers to execute arbitrary code via an unspec…
|
CWE-399
リソース管理の問題
|
CVE-2007-6148
|
2011-03-8 12:02 |
2008-02-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259407
|
7.5 |
HIGH
|
vu
|
case_manager
|
SQL injection vulnerability in default.asp in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the username parameter, a different vector than CVE-2007-6143. NOTE: the p…
|
CWE-89
SQLインジェクション
|
CVE-2007-6168
|
2011-03-8 12:02 |
2007-11-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259408
|
3.5 |
LOW
|
cisco
|
unified_ip_phone
|
The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on t…
|
CWE-200
情報漏えい
|
CVE-2007-6190
|
2011-03-8 12:02 |
2007-11-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259409
|
4.3 |
MEDIUM
|
ibm
|
tivoli_netcool_security_manager
|
Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool Security Manager 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2007-6219
|
2011-03-8 12:02 |
2007-12-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259410
|
9.3 |
HIGH
|
sonicwall
|
global_vpn_client
|
Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string …
|
CWE-134
書式文字列の問題
|
CVE-2007-6273
|
2011-03-8 12:02 |
2007-12-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259411
|
10.0 |
HIGH
|
ibm
|
hardware_management_console
|
Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 6 R1.3 allow attackers to gain privileges via "some HMC commands."
|
NVD-CWE-noinfo
|
CVE-2007-6293
|
2011-03-8 12:02 |
2007-12-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259412
|
4.6 |
MEDIUM
|
ibm
|
hardware_management_console
|
Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 7 R3.2.0 allow attackers to gain privileges via "some HMC commands."
|
CWE-264 CWE-119
認可・権限・アクセス制御 バッファエラー
|
CVE-2007-6305
|
2011-03-8 12:02 |
2007-12-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259413
|
6.5 |
MEDIUM
|
mysql
|
mysql_community_server
|
MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG, which allows remote authorized users to execute arbitrary BINLOG statements.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2007-6313
|
2011-03-8 12:02 |
2008-02-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259414
|
10.0 |
HIGH
|
clam_anti-virus
|
clamav
|
Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors.
|
NVD-CWE-noinfo
|
CVE-2007-6337
|
2011-03-8 12:02 |
2008-01-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259415
|
4.3 |
MEDIUM
|
hp
|
openview_network_node_manager
|
Cross-site scripting (XSS) vulnerability in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2007-6343
|
2011-03-8 12:02 |
2007-12-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259416
|
5.0 |
MEDIUM
|
aertherwide
|
exiftags
|
exiftags before 1.01 allows attackers to cause a denial of service (infinite loop) via recursive IFD references in the EXIF data in a JPEG image.
|
CWE-399
リソース管理の問題
|
CVE-2007-6356
|
2011-03-8 12:02 |
2007-12-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259417
|
7.1 |
HIGH
|
nokia
|
n95
|
Nokia N95 cell phone with RM-159 12.0.013 firmware allows remote attackers to cause a denial of service (device inoperability) via a SIP INVITE message accompanied by an immediately subsequent SIP CA…
|
CWE-20
不適切な入力確認
|
CVE-2007-6371
|
2011-03-8 12:02 |
2007-12-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259418
|
5.5 |
MEDIUM
|
chandler_project
|
chandler_server
|
The DAV component in Chandler Server (Cosmo) before 0.10.1 does not check resource creation permissions, which allows remote authenticated users to create arbitrary resources in another user's home c…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2007-6383
|
2011-03-8 12:02 |
2007-12-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259419
|
7.5 |
HIGH
|
jboss
|
seam
|
The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order paramet…
|
CWE-20
不適切な入力確認
|
CVE-2007-6433
|
2011-03-8 12:02 |
2007-12-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259420
|
2.1 |
LOW
|
linux
|
linux_kernel
|
Linux kernel 2.6.23 allows local users to create low pages in virtual userspace memory and bypass mmap_min_addr protection via a crafted executable file that calls the do_brk function.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2007-6434
|
2011-03-8 12:02 |
2007-12-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259421
|
4.3 |
MEDIUM
|
ganglia
|
ganglia
|
Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in Ganglia before 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) c and (2) h parameters to (a) web/…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2007-6465
|
2011-03-8 12:02 |
2007-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259422
|
9.3 |
HIGH
|
hammer_of_thyrion
|
hammer_of_thyrion
|
Buffer overflow in the HuffDecode function in hw_utils/hwrcon/huffman.c and hexenworld/Client/huffman.c in Hammer of Thyrion 1.4.2 allows remote attackers to execute arbitrary code or cause a denial …
|
CWE-119
バッファエラー
|
CVE-2007-6468
|
2011-03-8 12:02 |
2007-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259423
|
10.0 |
HIGH
|
swiftview
|
viewer
|
Multiple stack-based buffer overflows in SwiftView Viewer before 8.3.5, as used by SwiftView and SwiftSend, allow remote attackers to execute arbitrary code via unspecified vectors to the (1) svocx.o…
|
CWE-119
バッファエラー
|
CVE-2007-5602
|
2011-03-8 12:01 |
2008-02-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259424
|
5.0 |
MEDIUM
|
nagios
|
plugins
|
Buffer overflow in the check_snmp function in Nagios Plugins (nagios-plugins) 1.4.10 allows remote attackers to cause a denial of service (crash) via crafted snmpget replies.
|
CWE-119
バッファエラー
|
CVE-2007-5623
|
2011-03-8 12:01 |
2007-10-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259425
|
7.2 |
HIGH
|
novell
|
zenworks_endpoint_security_management
|
STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security Management (ESM) 3.5, and other ESM versions before 3.5.0.82, dynamically creates scripts in a world-writable directory when generating diag…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2007-5665
|
2011-03-8 12:01 |
2008-01-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259426
|
10.0 |
HIGH
|
novell
|
bordermanager
|
Heap-based buffer overflow in the Client Trust application (clntrust.exe) in Novell BorderManager 3.8 before Update 1.5 allows remote attackers to execute arbitrary code via a validation request in w…
|
CWE-119
バッファエラー
|
CVE-2007-5767
|
2011-03-8 12:01 |
2007-11-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259427
|
7.1 |
HIGH
|
stonesoft
|
stonegate_ips
|
Stonesoft StoneGate IPS before 4.0 does not properly decode Fullwidth/Halfwidth Unicode encoded data, which makes it easier for remote attackers to scan or penetrate systems and avoid detection.
|
NVD-CWE-Other
|
CVE-2007-5793
|
2011-03-8 12:01 |
2007-11-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259428
|
7.5 |
HIGH
|
apache
|
geronimo
|
SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username …
|
CWE-287
不適切な認証
|
CVE-2007-5797
|
2011-03-8 12:01 |
2007-11-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259429
|
4.3 |
MEDIUM
|
hitachi
|
cosminexus_application_server_enterprise cosminexus_application_server_standard cosminexus_developer_light_version_6 cosminexus_developer_professional_version_6 cosminexus_developer_stand…
|
Cross-site scripting (XSS) vulnerability in Hitachi Web Server 01-00 through 03-10, as used by certain Cosminexus products, allows remote attackers to inject arbitrary web script or HTML via unspecif…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2007-5809
|
2011-03-8 12:01 |
2007-11-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259430
|
5.0 |
MEDIUM
|
hitachi
|
cosminexus_application_server_enterprise cosminexus_application_server_standard cosminexus_developer_light_version_6 cosminexus_developer_professional_version_6 cosminexus_developer_stand…
|
Hitachi Web Server 01-00 through 03-00-01, as used by certain Cosminexus products, does not properly validate SSL client certificates, which might allow remote attackers to spoof authentication via a…
|
CWE-20
不適切な入力確認
|
CVE-2007-5810
|
2011-03-8 12:01 |
2007-11-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259431
|
9.4 |
HIGH
|
apple
|
mac_os_x
|
Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet.
|
CWE-287
不適切な認証
|
CVE-2007-5862
|
2011-03-8 12:01 |
2007-12-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259432
|
9.3 |
HIGH
|
activepdf autonomy ibm symantec
|
docconverter keyview_export_sdk keyview_filter_sdk keyview_viewer_sdk lotus_notes mail_security
|
Stack-based buffer overflow in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, wp6sr.dll in IBM Lotus Notes 8.0 and before 7.0.3,…
|
CWE-119
バッファエラー
|
CVE-2007-5910
|
2011-03-8 12:01 |
2007-11-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259433
|
4.3 |
MEDIUM
|
ibm
|
lotus_domino
|
Cross-site scripting (XSS) vulnerability in the Web Server (HTTP) task in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.2 FP2, allows remote authenticated users to inject arbitrary web script…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2007-5924
|
2011-03-8 12:01 |
2007-11-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259434
|
4.3 |
MEDIUM
|
pear
|
structures_datagrid_datasource_mdb2
|
The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request to store a URL string as a request to retrieve and store the contents of the URL, which might allow remote attackers to use MDB2…
|
CWE-200
情報漏えい
|
CVE-2007-5934
|
2011-03-8 12:01 |
2007-11-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259435
|
4.6 |
MEDIUM
|
tug
|
texlive_2007
|
feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file.
|
CWE-59
リンク解釈の問題
|
CVE-2007-5940
|
2011-03-8 12:01 |
2007-11-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259436
|
4.3 |
MEDIUM
|
ibm
|
websphere_application_server
|
Cross-site scripting (XSS) vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server (WAS) 5.1.1.4 through 5.1.1.16 allows remote attackers to inject arbitrary web script or…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2007-5944
|
2011-03-8 12:01 |
2007-11-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259437
|
4.3 |
MEDIUM
|
script-fun
|
sf-shoutbox
|
Multiple cross-site scripting (XSS) vulnerabilities in main.php in SF-Shoutbox 1.2.1 through 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) nick (aka Name) and (2) shou…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2007-5948
|
2011-03-8 12:01 |
2007-11-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259438
|
7.5 |
HIGH
|
e-vendejo
|
0.2
|
SQL injection vulnerability in articles.php in E-Vendejo 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQLインジェクション
|
CVE-2007-5951
|
2011-03-8 12:01 |
2007-11-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259439
|
5.0 |
MEDIUM
|
really_simple_caldav_store
|
really_simple_caldav_store
|
Unspecified vulnerability in Really Simple CalDAV Store (RSCDS) before 0.9.0 allows attackers to obtain sensitive information via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2007-5953
|
2011-03-8 12:01 |
2007-11-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259440
|
4.3 |
MEDIUM
|
trolltech
|
qsslsocket
|
QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly verify SSL certificates, which might make it easier for remote attackers to trick a user into accepting an invalid server certificate …
|
CWE-264
認可・権限・アクセス制御
|
CVE-2007-5965
|
2011-03-8 12:01 |
2008-01-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259441
|
5.1 |
MEDIUM
|
symantec
|
backup_exec_for_windows_server
|
The PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0…
|
CWE-20
不適切な入力確認
|
CVE-2007-6017
|
2011-03-8 12:01 |
2008-03-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259442
|
10.0 |
HIGH
|
ibm
|
db2_universal_database
|
Unspecified vulnerability in (1) DB2WATCH and (2) DB2FREEZE in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors.
|
NVD-CWE-noinfo
|
CVE-2007-6045
|
2011-03-8 12:01 |
2007-11-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259443
|
7.2 |
HIGH
|
ibm
|
db2_universal_database
|
Unspecified vulnerability in unspecified setuid programs in IBM DB2 UDB 9.1 before Fixpak 4 allows local users to have an unknown impact.
|
NVD-CWE-noinfo
|
CVE-2007-6046
|
2011-03-8 12:01 |
2007-11-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259444
|
10.0 |
HIGH
|
ibm
|
db2_universal_database
|
Unspecified vulnerability in the DB2DART tool in IBM DB2 UDB 9.1 before Fixpak 4 allows attackers to execute arbitrary commands as the DB2 instance owner, related to invocation of TPUT by DB2DART.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2007-6047
|
2011-03-8 12:01 |
2007-11-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259445
|
10.0 |
HIGH
|
ibm
|
db2_universal_database
|
IBM DB2 UDB 9.1 before Fixpak 4 uses incorrect permissions on ACLs for DB2NODES.CFG, which has unknown impact and attack vectors. NOTE: the vendor description of this issue is too vague to be certai…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2007-6048
|
2011-03-8 12:01 |
2007-11-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259446
|
7.2 |
HIGH
|
ibm
|
db2_universal_database
|
Unspecified vulnerability in the SSL LOAD GSKIT action in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, involving a call to dlopen when the effective uid is root.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2007-6049
|
2011-03-8 12:01 |
2007-11-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259447
|
7.2 |
HIGH
|
ibm
|
db2_universal_database
|
Unspecified vulnerability in DB2LICD in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, related to creation of an "insecure directory."
|
CWE-264
認可・権限・アクセス制御
|
CVE-2007-6050
|
2011-03-8 12:01 |
2007-11-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259448
|
7.8 |
HIGH
|
ibm
|
db2_universal_database
|
IBM DB2 UDB 9.1 before Fixpak 4 does not properly perform vector aggregation, which might allow attackers to cause a denial of service (divide-by-zero error and DBMS crash), related to an "overflow."…
|
NVD-CWE-Other
|
CVE-2007-6052
|
2011-03-8 12:01 |
2007-11-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259449
|
9.3 |
HIGH
|
ibm
|
db2_universal_database
|
IBM DB2 UDB 9.1 before Fixpak 4 does not properly handle use of large numbers of file descriptors, which might allow attackers to have an unknown impact involving "memory corruption." NOTE: the vendo…
|
CWE-399
リソース管理の問題
|
CVE-2007-6053
|
2011-03-8 12:01 |
2007-11-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259450
|
4.3 |
MEDIUM
|
feed2js
|
feed2js
|
Cross-site scripting (XSS) vulnerability in Feed to JavaScript (Feed2JS) 1.91 allows remote attackers to inject arbitrary web script or HTML via a URL in a feed.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2007-6102
|
2011-03-8 12:01 |
2007-11-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|