259501
|
4.3 |
MEDIUM
|
asp_indir
|
cvmatik
|
Multiple cross-site scripting (XSS) vulnerabilities in cv.asp in Asp cvmatik 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Adiniz (Ady), (2) Soyadiniz (Soy…
|
NVD-CWE-Other
|
CVE-2007-3991
|
2011-03-8 11:57 |
2007-07-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259502
|
9.3 |
HIGH
|
citrix mozilla
|
access_gateway endpoint_analysis_client firefox
|
Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis Client) in a Firefox plugin directory, and (3) a …
|
NVD-CWE-Other
|
CVE-2007-4013
|
2011-03-8 11:57 |
2007-07-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259503
|
9.3 |
HIGH
|
citrix mozilla
|
access_gateway endpoint_analysis_client firefox
|
Access Gateway is software offered also as an appliance.
|
NVD-CWE-Other
|
CVE-2007-4013
|
2011-03-8 11:57 |
2007-07-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259504
|
6.8 |
MEDIUM
|
citrix
|
access_gateway
|
Unspecified vulnerability in the client components in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows attackers to execute arbitrary code via unspecifie…
|
NVD-CWE-Other
|
CVE-2007-4016
|
2011-03-8 11:57 |
2007-07-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259505
|
6.8 |
MEDIUM
|
citrix
|
access_gateway
|
Citrix Access Gateway is available as software or as a hardware device.
|
NVD-CWE-Other
|
CVE-2007-4016
|
2011-03-8 11:57 |
2007-07-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259506
|
5.8 |
MEDIUM
|
tor
|
tor
|
Buffer overflow in Tor before 0.1.2.15, when using BSD natd support, allows remote attackers to cause a denial of service via unspecified vectors.
|
NVD-CWE-Other
|
CVE-2007-4096
|
2011-03-8 11:57 |
2007-07-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259507
|
6.4 |
MEDIUM
|
tor
|
tor
|
Tor before 0.1.2.15 sends "destroy cells" containing the reason for tearing down a circuit, which allows remote attackers to obtain sensitive information, contrary to specifications.
|
NVD-CWE-Other
|
CVE-2007-4097
|
2011-03-8 11:57 |
2007-07-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259508
|
5.8 |
MEDIUM
|
tor
|
tor
|
Tor before 0.1.2.15 does not properly distinguish "streamids from different exits," which might allow remote attackers with control over Tor routers to inject cells into arbitrary streams.
|
NVD-CWE-Other
|
CVE-2007-4098
|
2011-03-8 11:57 |
2007-07-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259509
|
5.8 |
MEDIUM
|
tor
|
tor
|
Tor before 0.1.2.15 can select a guard node beyond the first listed never-before-connected-to guard node, which allows remote attackers with control of certain guard nodes to obtain sensitive informa…
|
NVD-CWE-Other
|
CVE-2007-4099
|
2011-03-8 11:57 |
2007-07-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259510
|
7.5 |
HIGH
|
phpmyforum
|
phpmyforum
|
SQL injection vulnerability in editpost.php in phpMyForum before 4.1.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained fro…
|
NVD-CWE-Other
|
CVE-2007-4107
|
2011-03-8 11:57 |
2007-07-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259511
|
5.0 |
MEDIUM
|
tibco
|
rendezvous
|
index.html in the HTTP administration interface in certain daemons in TIBCO Rendezvous (RV) 7.5.2 allows remote attackers to obtain sensitive information, such as a user name and IP addresses, via a …
|
NVD-CWE-Other
|
CVE-2007-4159
|
2011-03-8 11:57 |
2007-08-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259512
|
5.0 |
MEDIUM
|
tibco
|
rendezvous
|
The default configuration of TIBCO Rendezvous (RV) 7.5.2 clients, when -no-multicast is omitted, uses a multicast group as the destination for a network message, which might make it easier for remote…
|
NVD-CWE-Other
|
CVE-2007-4160
|
2011-03-8 11:57 |
2007-08-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259513
|
4.3 |
MEDIUM
|
tibco
|
rendezvous
|
rvd in TIBCO Rendezvous (RV) 7.5.2, when -no-lead-wc is omitted, might allow remote attackers to cause a denial of service (network instability) via a subject name with a leading (1) '*' (asterisk) o…
|
NVD-CWE-Other
|
CVE-2007-4161
|
2011-03-8 11:57 |
2007-08-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259514
|
7.8 |
HIGH
|
tibco
|
rendezvous
|
TIBCO Rendezvous (RV) 7.5.2 does not protect confidentiality or integrity of inter-daemon communication, which allows remote attackers to capture and spoof traffic.
|
NVD-CWE-Other
|
CVE-2007-4162
|
2011-03-8 11:57 |
2007-08-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259515
|
4.3 |
MEDIUM
|
amg_soft
|
webdirector
|
Cross-site scripting (XSS) vulnerability in index.php in WebDirector 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the deslocal parameter.
|
NVD-CWE-Other
|
CVE-2007-4178
|
2011-03-8 11:57 |
2007-08-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259516
|
7.5 |
HIGH
|
spey
|
spey
|
SQL injection vulnerability in Spey before 0.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to MessageProcessor.cc and possibly other components.
|
NVD-CWE-Other
|
CVE-2007-3298
|
2011-03-8 11:56 |
2007-06-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259517
|
4.3 |
MEDIUM
|
awffull
|
awffull
|
Cross-site scripting (XSS) vulnerability in AWFFull before 3.7.4, when AllSearchStr (aka the All Search Terms report) is enabled, allows remote attackers to inject arbitrary web script or HTML via a …
|
NVD-CWE-Other
|
CVE-2007-3299
|
2011-03-8 11:56 |
2007-06-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259518
|
7.5 |
HIGH
|
dia
|
dia
|
Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have unspecified attack vectors and impact, probably involving the use of vulnerable FreeType libraries that contain CVE-2007-2754 and/or C…
|
NVD-CWE-Other
|
CVE-2007-3408
|
2011-03-8 11:56 |
2007-06-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259519
|
7.5 |
HIGH
|
dia
|
dia
|
Vulnerability type and impact were gathered from hyperlink resources.
|
NVD-CWE-Other
|
CVE-2007-3408
|
2011-03-8 11:56 |
2007-06-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259520
|
4.3 |
MEDIUM
|
claroline
|
claroline
|
Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) index.php, (2) demo/claroline1…
|
NVD-CWE-Other
|
CVE-2007-3517
|
2011-03-8 11:56 |
2007-07-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259521
|
4.3 |
MEDIUM
|
rainworx
|
rwauction_pro
|
Multiple cross-site scripting (XSS) vulnerabilities in search.asp in rwAuction Pro 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) show, (3) searchtype, (4) …
|
NVD-CWE-Other
|
CVE-2007-3540
|
2011-03-8 11:56 |
2007-07-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259522
|
7.5 |
HIGH
|
novell
|
access_manager
|
The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data…
|
NVD-CWE-Other
|
CVE-2007-3570
|
2011-03-8 11:56 |
2007-07-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259523
|
5.0 |
MEDIUM
|
pear
|
structures_datagrid_datasource_mdb2
|
Unspecified vulnerability in the fetch function in MDB2.php in PEAR Structures-DataGrid-DataSource-MDB2 0.1.9 and earlier allows attackers to "manipulate the generated sorting queries."
|
NVD-CWE-Other
|
CVE-2007-3628
|
2011-03-8 11:56 |
2007-07-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259524
|
7.5 |
HIGH
|
valarsoft
|
webmatic
|
SQL injection vulnerability in Webmatic before 2.6.2, and possibly other versions before 2.7, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly related to ad…
|
NVD-CWE-Other
|
CVE-2007-3648
|
2011-03-8 11:56 |
2007-07-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259525
|
7.5 |
HIGH
|
phpecho_cms
|
phpecho_cms
|
Multiple SQL injection vulnerabilities in modules/admin/modules/gallery.php in PHPEcho CMS 2.0-rc1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter and possib…
|
NVD-CWE-Other
|
CVE-2007-2866
|
2011-03-8 11:55 |
2007-05-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259526
|
5.8 |
MEDIUM
|
redhat
|
fedora_core
|
Buffer overflow in the wpa_printf function in the debugging code in wpa_supplicant in the Fedora NetworkManager package before 0.6.5-3.fc7 allows user-assisted remote attackers to execute arbitrary c…
|
NVD-CWE-Other
|
CVE-2007-2874
|
2011-03-8 11:55 |
2007-07-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259527
|
4.3 |
MEDIUM
|
mbedthis_software
|
mbedthis_appweb_http_server
|
Format string vulnerability in the MprLogToFile::logEvent function in Mbedthis AppWeb 2.0.5-4, when the build supports logging but the configuration disables logging, allows remote attackers to cause…
|
NVD-CWE-Other
|
CVE-2007-3009
|
2011-03-8 11:55 |
2007-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259528
|
7.8 |
HIGH
|
zenturi
|
zenturi_programchecker
|
A certain ActiveX control in sasatl.dll in Zenturi ProgramChecker allows remote attackers to download arbitrary files to the client system via the DownloadFile function.
|
NVD-CWE-Other
|
CVE-2007-3076
|
2011-03-8 11:55 |
2007-06-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259529
|
7.5 |
HIGH
|
zapping
|
zapping_vbi_library
|
Buffer overflow in the CCdecode function in contrib/ntsc-cc.c in the zvbi-ntsc-cc tool in Zapping VBI Library (ZVBI) before 0.2.25 allows attackers to cause a denial of service (application crash) an…
|
NVD-CWE-Other
|
CVE-2007-3121
|
2011-03-8 11:55 |
2007-06-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259530
|
7.5 |
HIGH
|
zapping
|
zapping_vbi_library
|
The vendor has addressed this issue through the release of updated version 0.2.25: http://sourceforge.net/projects/zapping/
|
NVD-CWE-Other
|
CVE-2007-3121
|
2011-03-8 11:55 |
2007-06-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259531
|
5.0 |
MEDIUM
|
tor
|
tor
|
Tor before 0.1.2.14 can construct circuits in which an entry guard is in the same family as the exit node, which might compromise the anonymity of traffic sources and destinations by exposing traffic…
|
NVD-CWE-Other
|
CVE-2007-3165
|
2011-03-8 11:55 |
2007-06-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259532
|
7.5 |
HIGH
|
bbpress
|
bbpress
|
SQL injection vulnerability in bb-includes/formatting-functions.php in bbPress before 0.8.1 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors to forums/bb-edit.ph…
|
NVD-CWE-Other
|
CVE-2007-3244
|
2011-03-8 11:55 |
2007-06-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259533
|
9.0 |
HIGH
|
nortel
|
vpn_router_1010 vpn_router_1050 vpn_router_1100 vpn_router_1700 vpn_router_1740 vpn_router_1750 vpn_router_2700 vpn_router_5000
|
Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 6_05.140 uses a fixed DES key to encrypt passwords, which allows remote authenticated users to obtain a password via a brute force …
|
NVD-CWE-Other
|
CVE-2007-2332
|
2011-03-8 11:54 |
2007-04-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259534
|
10.0 |
HIGH
|
nortel
|
contivity vpn_router_5000 vpn_router_portfolio
|
Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 includes the FIPSecryptedtest1219 and FIPSunecryptedtest1219 default ac…
|
NVD-CWE-Other
|
CVE-2007-2333
|
2011-03-8 11:54 |
2007-04-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259535
|
10.0 |
HIGH
|
nortel
|
contivity vpn_router_5000 vpn_router_portfolio
|
The vendor has addressed this issue through a product update that can be found at: http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=null
|
NVD-CWE-Other
|
CVE-2007-2333
|
2011-03-8 11:54 |
2007-04-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259536
|
7.5 |
HIGH
|
nortel
|
contivity vpn_router_5000
|
Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 has two template HTML files lacking certain verification tags, which al…
|
NVD-CWE-Other
|
CVE-2007-2334
|
2011-03-8 11:54 |
2007-04-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259537
|
7.5 |
HIGH
|
nortel
|
contivity vpn_router_5000
|
The vendor has addressed this issue with the following product update: http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=null
|
NVD-CWE-Other
|
CVE-2007-2334
|
2011-03-8 11:54 |
2007-04-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259538
|
7.5 |
HIGH
|
enterasys
|
netsight_console netsight_inventory_manager
|
Stack-based buffer overflow in the TFTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, allows remote attackers to execute arbitrary code via cr…
|
NVD-CWE-Other
|
CVE-2007-2343
|
2011-03-8 11:54 |
2007-04-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259539
|
7.8 |
HIGH
|
enterasys
|
netsight_console netsight_inventory_manager
|
The BOOTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, on Windows allows remote attackers to cause a denial of service (daemon crash) via a U…
|
NVD-CWE-Other
|
CVE-2007-2344
|
2011-03-8 11:54 |
2007-04-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259540
|
7.8 |
HIGH
|
enterasys
|
netsight_console netsight_inventory_manager
|
The vendor has addressed this issue with the following product updates:
Apply Security Patch 1 :
http://www.enterasys.com/products/management/downloads/security_and_patches/
Or upgrade to Ente…
|
NVD-CWE-Other
|
CVE-2007-2344
|
2011-03-8 11:54 |
2007-04-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259541
|
6.5 |
MEDIUM
|
freepbx
|
freepbx
|
admin/config.php in the music-on-hold module in freePBX 2.2.x allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the del parameter.
|
NVD-CWE-Other
|
CVE-2007-2350
|
2011-03-8 11:54 |
2007-05-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259542
|
6.8 |
MEDIUM
|
symantec
|
backupexec_system_recovery livestate_recovery norton_ghost norton_save_and_recovery
|
Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore point images are configured, encrypt network share cr…
|
NVD-CWE-Other
|
CVE-2007-2360
|
2011-03-8 11:54 |
2007-05-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259543
|
6.8 |
MEDIUM
|
symantec
|
backupexec_system_recovery livestate_recovery norton_ghost norton_save_and_recovery
|
"In order for this exploit to have an impact, administrators would either have to configure client machines to save restore points images to a private share, or the vulnerable machine would have to b…
|
NVD-CWE-Other
|
CVE-2007-2360
|
2011-03-8 11:54 |
2007-05-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259544
|
10.0 |
HIGH
|
symantec
|
enterprise_security_manager
|
The agent remote upgrade interface in Symantec Enterprise Security Manager (ESM) before 20070405 does not verify the authenticity of upgrades, which allows remote attackers to execute arbitrary code …
|
NVD-CWE-Other
|
CVE-2007-2375
|
2011-03-8 11:54 |
2007-05-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259545
|
7.5 |
HIGH
|
firefly
|
firefly
|
PHP remote file inclusion vulnerability in modules/admin/include/config.php in FireFly 1.1.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT paramete…
|
NVD-CWE-Other
|
CVE-2007-2460
|
2011-03-8 11:54 |
2007-05-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259546
|
6.5 |
MEDIUM
|
novell
|
securelogin
|
Unspecified vulnerability in the ADSCHEMA utility in Novell SecureLogin (NSL) 6 SP1 before 6.0.106 has unknown impact and remote attack vectors, related to granting "users excess permissions to their…
|
NVD-CWE-Other
|
CVE-2007-2475
|
2011-03-8 11:54 |
2007-05-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259547
|
10.0 |
HIGH
|
novell
|
securelogin
|
Unspecified vulnerability in Novell SecureLogin (NSL) 6 SP1 before 6.0.106 has unknown impact and remote attack vectors, related to Active Directory (AD) password changes.
|
NVD-CWE-Other
|
CVE-2007-2476
|
2011-03-8 11:54 |
2007-05-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259548
|
7.2 |
HIGH
|
vmware
|
server workstation
|
The PIIX4 power management subsystem in EMC VMware Workstation 5.5.3.34685 and VMware Server 1.0.1.29996 allows local users to write to arbitrary memory locations via a crafted poke to I/O port 0x100…
|
NVD-CWE-Other
|
CVE-2007-2491
|
2011-03-8 11:54 |
2007-05-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259549
|
4.3 |
MEDIUM
|
wikkawiki
|
wikkawiki
|
Cross-site scripting (XSS) vulnerability in usersettings.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
|
NVD-CWE-Other
|
CVE-2007-2551
|
2011-03-8 11:54 |
2007-05-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259550
|
7.8 |
HIGH
|
interchange_development_group
|
interchange
|
Unspecified vulnerability in Interchange before 5.4.2 allows remote attackers to cause an unspecified denial of service (possibly server hang) via crafted HTTP requests.
|
NVD-CWE-Other
|
CVE-2007-2635
|
2011-03-8 11:54 |
2007-05-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|