259451
|
10.0 |
HIGH
|
irc_services
|
irc_services
|
Unspecified vulnerability in IRC Services 5.1.8 has unknown impact and attack vectors.
|
NVD-CWE-noinfo
|
CVE-2007-6123
|
2011-03-8 12:01 |
2007-11-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259452
|
5.0 |
MEDIUM
|
gnu
|
gnump3d
|
gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions.
|
CWE-287
不適切な認証
|
CVE-2007-6130
|
2011-03-8 12:01 |
2007-11-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259453
|
2.1 |
LOW
|
redhat
|
fedora_core
|
buttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite arbitrary files via a symlink attack on the (1) scan.pnm and (2) scan.jpg temporary files.
|
CWE-16
環境設定
|
CVE-2007-6131
|
2011-03-8 12:01 |
2007-11-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259454
|
6.8 |
MEDIUM
|
xunlei
|
web_thunder
|
Buffer overflow in a certain ActiveX control in Xunlei Web Thunder 5.6.9.344, possibly the DapPlayer ActiveX control in DapPlayer_Now.dll, allows remote attackers to execute arbitrary code via a long…
|
CWE-119
バッファエラー
|
CVE-2007-5064
|
2011-03-8 12:00 |
2007-09-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259455
|
2.1 |
LOW
|
kaspersky_lab
|
kaspersky_anti-virus kaspersky_internet_security
|
Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not properly validate certain parameters to System Service Descriptor Table (SSDT) and Shadow SSDT function handlers, which allows lo…
|
CWE-20
不適切な入力確認
|
CVE-2007-5086
|
2011-03-8 12:00 |
2007-09-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259456
|
6.8 |
MEDIUM
|
phpbb
|
phpbb_plus
|
Multiple PHP remote file inclusion vulnerabilities in phpBB Plus 1.53, and 1.53a before 20070922, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in t…
|
CWE-94
コード・インジェクション
|
CVE-2007-5100
|
2011-03-8 12:00 |
2007-09-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259457
|
4.3 |
MEDIUM
|
dragonfrugal
|
dfd_cart
|
Cross-site scripting (XSS) vulnerability in DFD Cart 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2007-5136
|
2011-03-8 12:00 |
2007-09-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259458
|
7.5 |
HIGH
|
xoops
|
xoops
|
Unspecified vulnerability in the XOOPS uploader class in Xoops 2.0.17.1-RC1 and earlier allows remote attackers to upload arbitrary files via unspecified vectors related to improper upload configurat…
|
NVD-CWE-noinfo
|
CVE-2007-5188
|
2011-03-8 12:00 |
2007-10-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259459
|
6.8 |
MEDIUM
|
nagios
|
plugins
|
Buffer overflow in the redir function in check_http.c in Nagios Plugins before 1.4.10, when running with the -f (follow) option, allows remote web servers to execute arbitrary code via Location heade…
|
CWE-119
バッファエラー
|
CVE-2007-5198
|
2011-03-8 12:00 |
2007-10-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259460
|
5.0 |
MEDIUM
|
hp
|
openvms
|
Buffer overflow in NET$CSMACD.EXE in HP OpenVMS 8.3 and earlier allows local users to cause a denial of service (machine crash) via the "MCR MCL SHOW CSMA-CD Port * All" command, which overwrites a N…
|
CWE-119
バッファエラー
|
CVE-2007-5241
|
2011-03-8 12:00 |
2007-10-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259461
|
4.3 |
MEDIUM
|
hp
|
openvms
|
Unspecified vulnerability in (1) SYS$EI1000.EXE and (2) SYS$EI1000_MON.EXE in HP OpenVMS 8.3 and earlier allows remote attackers to cause a denial of service (machine crash) via an "oversize" packet,…
|
NVD-CWE-Other
|
CVE-2007-5242
|
2011-03-8 12:00 |
2007-10-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259462
|
6.9 |
MEDIUM
|
gnu
|
tramp
|
The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file functions in Tramp 2.1.10 extension for Emacs, and possibly earlier 2.1.x versions, allows local users to overwrite arbitrary files via…
|
CWE-59
リンク解釈の問題
|
CVE-2007-5377
|
2011-03-8 12:00 |
2007-10-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259463
|
6.8 |
MEDIUM
|
david_hansson
|
ruby_on_rails
|
Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."
|
NVD-CWE-Other
|
CVE-2007-5380
|
2011-03-8 12:00 |
2007-10-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259464
|
10.0 |
HIGH
|
hp
|
select_identity
|
Unspecified vulnerability in HP Select Identity 4.01 through 4.01.010 and 4.10 through 4.13.001 allows remote attackers to obtain unspecified access via unknown vectors.
|
CWE-287
不適切な認証
|
CVE-2007-5391
|
2011-03-8 12:00 |
2007-10-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259465
|
9.0 |
HIGH
|
sitebar
|
sitebar
|
Directory traversal vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to chmod arbitrary files to 0777 via ".." sequences in the lang paramet…
|
CWE-22
パス・トラバーサル
|
CVE-2007-5491
|
2011-03-8 12:00 |
2007-10-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259466
|
9.0 |
HIGH
|
sitebar
|
sitebar
|
Refer to:
http://sitebar.org/downloads.php and
http://teamforge.net/viewcvs/viewcvs.cgi/tags/release-3.3.9/doc/history.txt?view=markup for patch information.
|
CWE-22
パス・トラバーサル
|
CVE-2007-5491
|
2011-03-8 12:00 |
2007-10-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259467
|
4.3 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to "page transitions" in Safari.
|
CWE-362
競合状態
|
CVE-2007-4696
|
2011-03-8 11:59 |
2007-11-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259468
|
3.5 |
LOW
|
claroline
|
claroline
|
Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) dir parameter in admin/admin…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2007-4717
|
2011-03-8 11:59 |
2007-09-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259469
|
5.1 |
MEDIUM
|
claroline
|
claroline
|
Directory traversal vulnerability in inc/lib/language.lib.php in Claroline before 1.8.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language paramet…
|
CWE-22
パス・トラバーサル
|
CVE-2007-4718
|
2011-03-8 11:59 |
2007-09-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259470
|
10.0 |
HIGH
|
hitachi
|
ucosminexus_application_server_enterprise ucosminexus_application_server_standard ucosminexus_service_platform
|
Multiple buffer overflows in the image-processing APIs in Cosminexus Developer's Kit for Java in Cosminexus 4 through 7 allow remote attackers to cause a denial of service or execute arbitrary code v…
|
CWE-119
バッファエラー
|
CVE-2007-4758
|
2011-03-8 11:59 |
2007-09-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259471
|
5.0 |
MEDIUM
|
hitachi
|
ucosminexus_application_server_enterprise ucosminexus_application_server_standard ucosminexus_service_platform
|
Multiple unspecified vulnerabilities in the image-processing APIs in Cosminexus Developer's Kit for Java in Cosminexus 4 through 7 allow remote attackers to cause a denial of service via unspecified …
|
CWE-119
バッファエラー
|
CVE-2007-4759
|
2011-03-8 11:59 |
2007-09-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259472
|
7.2 |
HIGH
|
ibm
|
aix
|
Buffer overflow in xlplm in plm.server.rte in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.
|
CWE-119
バッファエラー
|
CVE-2007-4793
|
2011-03-8 11:59 |
2007-09-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259473
|
7.2 |
HIGH
|
ibm
|
aix
|
Buffer overflow in mkpath in bos.rte.methods in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long ODM name.
|
CWE-119
バッファエラー
|
CVE-2007-4795
|
2011-03-8 11:59 |
2007-09-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259474
|
7.2 |
HIGH
|
ibm
|
aix
|
Buffer overflow in uucp in bos.net.uucp in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.
|
CWE-119
バッファエラー
|
CVE-2007-4796
|
2011-03-8 11:59 |
2007-09-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259475
|
7.2 |
HIGH
|
ibm
|
aix
|
Multiple buffer overflows in unspecified svprint (System V print) commands in bos.svprint.rte in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors.
|
CWE-119
バッファエラー
|
CVE-2007-4797
|
2011-03-8 11:59 |
2007-09-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259476
|
4.9 |
MEDIUM
|
ibm
|
aix
|
The perfstat kernel extension in bos.perf.perfstat in AIX 5.3 does not verify privileges when processing a SET call, which allows local users to cause a denial of service (system hang or crash) via u…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2007-4799
|
2011-03-8 11:59 |
2007-09-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259477
|
2.1 |
LOW
|
hp
|
system_management_homepage
|
HP System Management Homepage (SMH) for Windows, when used in conjunction with HP Version Control Agent or Version Control Repository Manager, leaves old OpenSSL software active after an OpenSSL upda…
|
NVD-CWE-Other
|
CVE-2007-4931
|
2011-03-8 11:59 |
2007-09-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259478
|
6.8 |
MEDIUM
|
phpffl
|
phpffl
|
Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFL_FILE_ROOT parameter to (1) admin.php, (2) custom_pages.p…
|
CWE-94
コード・インジェクション
|
CVE-2007-4935
|
2011-03-8 11:59 |
2007-09-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259479
|
9.3 |
HIGH
|
baofeng
|
storm
|
Multiple buffer overflows in a certain ActiveX control in sparser.dll in Baofeng Storm 2.8 and earlier allow remote attackers to execute arbitrary code via malformed input in an unknown set of argume…
|
CWE-119
バッファエラー
|
CVE-2007-4943
|
2011-03-8 11:59 |
2007-09-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259480
|
7.5 |
HIGH
|
redhat
|
certificate_server
|
Certificate Server 7.2 in Red Hat Certificate System (RHCS) does not properly handle new revocations that occur while a Certificate Revocation List (CRL) is being generated, which might prevent certa…
|
CWE-255
証明書・パスワード管理
|
CVE-2007-4994
|
2011-03-8 11:59 |
2007-11-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259481
|
6.8 |
MEDIUM
|
gnome
|
balsa
|
Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command.
|
CWE-119
バッファエラー
|
CVE-2007-5007
|
2011-03-8 11:59 |
2007-12-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259482
|
4.3 |
MEDIUM
|
icewarp
|
merak_mail_server
|
Cross-site scripting (XSS) vulnerability in the Webmail interface for IceWarp Merak Mail Server before 9.0.0 allows remote attackers to inject arbitrary JavaScript via a javascript: URI in an attribu…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2007-5046
|
2011-03-8 11:59 |
2007-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259483
|
6.9 |
MEDIUM
|
ibm
|
aix
|
Buffer overflow in lpd in bos.rte.printers in AIX 5.2 and 5.3 allows local users with printq group privileges to gain root privileges.
|
NVD-CWE-Other
|
CVE-2007-4236
|
2011-03-8 11:58 |
2007-08-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259484
|
6.9 |
MEDIUM
|
ibm
|
aix
|
Buffer overflow in the atm subset in arp in devices.common.IBM.atm.rte in AIX 5.2 and 5.3 allows local users to gain root privileges.
|
NVD-CWE-Other
|
CVE-2007-4237
|
2011-03-8 11:58 |
2007-08-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259485
|
6.9 |
MEDIUM
|
ibm
|
aix
|
AIX 5.2 and 5.3 install pioinit with user and group ownership of bin, which allows local users with bin or possibly printq privileges to gain root privileges by modifying pioinit.
|
NVD-CWE-Other
|
CVE-2007-4238
|
2011-03-8 11:58 |
2007-08-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259486
|
2.1 |
LOW
|
ibm
|
db2_universal_database
|
Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary files via a .. (dot dot) in an unspecified environment variable, whi…
|
CWE-22
パス・トラバーサル
|
CVE-2007-4271
|
2011-03-8 11:58 |
2007-08-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259487
|
6.6 |
MEDIUM
|
trend_micro
|
pc-cillin_internet_security_2007 scan_engine
|
The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Trend Micro PC-Cillin Internet Security 2007, and Tmxpflt.sys 8.320.1004 and 8.500.0.1002, has weak permissions (Everyone:Write) fo…
|
CWE-264 CWE-119
認可・権限・アクセス制御 バッファエラー
|
CVE-2007-4277
|
2011-03-8 11:58 |
2007-10-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259488
|
4.3 |
MEDIUM
|
knowledgetree
|
open_source
|
Cross-site scripting (XSS) vulnerability in KnowledgeTree Open Source 3.4 and 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the login field on the login page, and other uns…
|
NVD-CWE-Other
|
CVE-2007-4281
|
2011-03-8 11:58 |
2007-08-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259489
|
4.9 |
MEDIUM
|
sun
|
solaris
|
Unspecified vulnerability in the ata disk driver in Sun Solaris 10 on the x86 platform before 20070821 allows local users to cause a denial of service (system panic) via an unspecified ioctl function…
|
NVD-CWE-Other
|
CVE-2007-4495
|
2011-03-8 11:58 |
2007-08-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259490
|
4.3 |
MEDIUM
|
symantec_veritas
|
storage_foundation
|
The Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation 5.0 for Windows allows remote attackers to cause a denial of service (daemon crash or hang) via ma…
|
CWE-20
不適切な入力確認
|
CVE-2007-4516
|
2011-03-8 11:58 |
2008-02-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259491
|
4.3 |
MEDIUM
|
university_of_minnesota
|
mapserver
|
Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine func…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2007-4542
|
2011-03-8 11:58 |
2007-08-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259492
|
10.0 |
HIGH
|
realnetworks
|
helix_dna_server
|
Heap-based buffer overflow in the RTSP service in Helix DNA Server before 11.1.4 allows remote attackers to execute arbitrary code via an RSTP command containing multiple Require headers.
|
CWE-119 CWE-20
バッファエラー 不適切な入力確認
|
CVE-2007-4561
|
2011-03-8 11:58 |
2007-08-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259493
|
6.4 |
MEDIUM
|
bharat_mediratta
|
gallery
|
Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to (1) rename items, (2) read and modify item properties, or (3) lock and replace items via unknown vectors in (a) the Web…
|
NVD-CWE-noinfo CWE-264
認可・権限・アクセス制御
|
CVE-2007-4650
|
2011-03-8 11:58 |
2007-09-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259494
|
5.0 |
MEDIUM
|
firebirdsql
|
firebird
|
Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to determine the existence of arbitrary files, and possibly obtain other "file access," via unknown vectors, a…
|
CWE-264 CWE-119
認可・権限・アクセス制御 バッファエラー
|
CVE-2007-4668
|
2011-03-8 11:58 |
2007-09-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259495
|
5.0 |
MEDIUM
|
asterisk
|
asterisk asterisk_appliance_developer_kit asterisknow s800i_appliance
|
The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before…
|
NVD-CWE-Other
|
CVE-2007-3763
|
2011-03-8 11:57 |
2007-07-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259496
|
10.0 |
HIGH
|
hitachi
|
cosminexus_application_server cosminexus_client cosminexus_developer cosminexus_server cosminexus_studio ucosminexus_application_server ucosminexus_client ucosminexus_developer
|
Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit for XML before 20070511, Developer's Kit for Java before 20070312, and third-party products that use this software, allows attacker…
|
NVD-CWE-Other
|
CVE-2007-3794
|
2011-03-8 11:57 |
2007-07-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259497
|
4.3 |
MEDIUM
|
gforge
|
gforge
|
Cross-site scripting (XSS) vulnerability in account/verify.php in GForge 4.6b2 allows remote attackers to inject arbitrary web script or HTML via the confirm_hash parameter.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2007-3918
|
2011-03-8 11:57 |
2007-10-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259498
|
7.8 |
HIGH
|
ipswitch
|
imail_server
|
Ipswitch IMail Server 2006 before 2006.21 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving an "overwritten destructor."
|
NVD-CWE-Other
|
CVE-2007-3926
|
2011-03-8 11:57 |
2007-07-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259499
|
5.0 |
MEDIUM
|
ipswitch
|
imserver ipswitch_collaboration_suite
|
The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably earlier in Ipswitch Instant Messaging before 2.07 in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of serv…
|
NVD-CWE-Other
|
CVE-2007-3959
|
2011-03-8 11:57 |
2007-07-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259500
|
9.3 |
HIGH
|
ibm
|
websphere_application_server
|
Multiple unspecified vulnerabilities in IBM WebSphere Application Server (WAS) before Fix Pack 21 (6.0.2.21) have unknown impact and attack vectors, aka (1) PK33799, or (2) a "Potential security expo…
|
NVD-CWE-noinfo
|
CVE-2007-3960
|
2011-03-8 11:57 |
2007-07-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|