259551
|
7.8 |
HIGH
|
interchange_development_group
|
interchange
|
The vendor has addressed this issue with the following product update:
Upgrade to Interchange version 5.4.2:
http://ftp.icdevgroup.org/interchange/5.4/
|
NVD-CWE-Other
|
CVE-2007-2635
|
2011-03-8 11:54 |
2007-05-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259552
|
4.3 |
MEDIUM
|
canon
|
network_camera_server_vb100 network_camera_server_vb101 network_camera_server_vb150
|
Cross-site scripting (XSS) vulnerability in the management interface in Canon Network Camera Server VB100 and VB101 with firmware 3.0 R69 and earlier, and VB150 with firmware 1.1 R39 and earlier, all…
|
NVD-CWE-Other
|
CVE-2007-2680
|
2011-03-8 11:54 |
2007-05-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259553
|
4.3 |
MEDIUM
|
bea
|
weblogic_server
|
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0 GA, and 9.1 GA allow remote attackers to inject …
|
NVD-CWE-Other
|
CVE-2007-2694
|
2011-03-8 11:54 |
2007-05-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259554
|
4.3 |
MEDIUM
|
group-office
|
group-office_groupware
|
Group-Office before 2.16-13 does not properly validate user IDs, which allows remote attackers to obtain sensitive information via certain requests for (1) message.php and (2) messages.php in modules…
|
NVD-CWE-Other
|
CVE-2007-2720
|
2011-03-8 11:54 |
2007-05-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259555
|
7.5 |
HIGH
|
xoops
|
myconference_module
|
SQL injection vulnerability in index.php in the MyConference 1.0 module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the provenance of this inform…
|
NVD-CWE-Other
|
CVE-2007-2737
|
2011-03-8 11:54 |
2007-05-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259556
|
3.5 |
LOW
|
plain_black
|
webgui
|
The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in Plain Black WebGUI before 7.3.14 does not properly use data structures containing privilege information, which allows remote authentic…
|
NVD-CWE-Other
|
CVE-2007-2746
|
2011-03-8 11:54 |
2007-05-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259557
|
6.8 |
MEDIUM
|
kaspersky_lab
|
kaspersky_anti-virus kaspersky_internet_security
|
Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2…
|
NVD-CWE-Other
|
CVE-2007-1881
|
2011-03-8 11:53 |
2007-04-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259558
|
6.8 |
MEDIUM
|
daniel_naber
|
languagetool
|
Cross-site scripting (XSS) vulnerability in the embedded webserver in Daniel Naber LanguageTool before 0.8.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors inv…
|
NVD-CWE-Other
|
CVE-2007-1939
|
2011-03-8 11:53 |
2007-04-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259559
|
5.0 |
MEDIUM
|
tinymux
|
tinymux
|
Buffer overflow in TinyMUX before 2.4 allows attackers to cause a denial of service via unspecified vectors related to "too many substring matches in a regexp $-command." NOTE: some of these details …
|
NVD-CWE-Other
|
CVE-2007-1958
|
2011-03-8 11:53 |
2007-04-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259560
|
10.0 |
HIGH
|
tinymux
|
tinymux
|
Unspecified vulnerability in the process_cmdent function in command.cpp in TinyMUX before 2.4 has unknown impact and attack vectors, related to lack of the "'other half' of buffer overflow protection…
|
NVD-CWE-Other
|
CVE-2007-1959
|
2011-03-8 11:53 |
2007-04-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259561
|
7.8 |
HIGH
|
metamod-p
|
metamod-p
|
The safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier on Windows allows remote attackers to cause a denial of service (daemon crash) via a long meta list command.
|
NVD-CWE-Other
|
CVE-2007-1981
|
2011-03-8 11:53 |
2007-04-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259562
|
7.5 |
HIGH
|
sam_crew
|
myblog
|
PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlog, possibly 1.0 through 1.6, allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, a different vec…
|
NVD-CWE-Other
|
CVE-2007-1990
|
2011-03-8 11:53 |
2007-04-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259563
|
7.5 |
HIGH
|
mynews
|
mynews
|
PHP remote file inclusion vulnerability in include/blocks/week_events.php in MyNews 4.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter…
|
NVD-CWE-Other
|
CVE-2007-2014
|
2011-03-8 11:53 |
2007-04-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259564
|
6.8 |
MEDIUM
|
avant-garde_solutions
|
mosmedia
|
Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite 1.0.6 and earlier module for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the …
|
NVD-CWE-Other
|
CVE-2007-2042
|
2011-03-8 11:53 |
2007-04-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259565
|
7.5 |
HIGH
|
openads
|
openads
|
Multiple CRLF injection vulnerabilities in adclick.php in (a) Openads (phpAdsNew) 2.0.11 and earlier and (b) Openads for PostgreSQL (phpPgAds) 2.0.11 and earlier allow remote attackers to inject arbi…
|
NVD-CWE-Other
|
CVE-2007-2046
|
2011-03-8 11:53 |
2007-04-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259566
|
7.5 |
HIGH
|
openads
|
openads
|
CRLF injection vulnerability in www/delivery/ck.php in Openads 2.3 (aka Max Media Manager, MMM) before 0.3.31-alpha-pr3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP respo…
|
NVD-CWE-Other
|
CVE-2007-2047
|
2011-03-8 11:53 |
2007-04-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259567
|
5.0 |
MEDIUM
|
bftpd
|
bftpd
|
Buffer overflow in the parsecmd function in bftpd before 1.8 has unknown impact and attack vectors related to the confstr variable.
|
NVD-CWE-Other
|
CVE-2007-2051
|
2011-03-8 11:53 |
2007-04-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259568
|
4.3 |
MEDIUM
|
open-gorotto
|
open-gorotto
|
Multiple cross-site scripting (XSS) vulnerabilities in Open-gorotto 2.0a 2006/02/08 edition, 2006/03/19 edition, and 2006/04/07 edition before 20070416 allow remote attackers to inject arbitrary web …
|
NVD-CWE-Other
|
CVE-2007-2071
|
2011-03-8 11:53 |
2007-04-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259569
|
7.5 |
HIGH
|
limesoft
|
limesoft_guestbook
|
Direct static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook) allows remote attackers to inject arbitrary PHP code into posts.txt via the name parameter. NOTE: …
|
NVD-CWE-Other
|
CVE-2007-2092
|
2011-03-8 11:53 |
2007-04-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259570
|
7.5 |
HIGH
|
rha7_downloads
|
rha7_downloads
|
SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector…
|
NVD-CWE-Other
|
CVE-2007-2107
|
2011-03-8 11:53 |
2007-04-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259571
|
7.5 |
HIGH
|
minigal
|
minigal
|
The imagecomments function in classes.php in MiniGal b13 allow remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the (1) name or (2) email parameter. NOTE: the p…
|
NVD-CWE-Other
|
CVE-2007-2146
|
2011-03-8 11:53 |
2007-04-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259572
|
4.3 |
MEDIUM
|
drupal
|
database_administration_module
|
Multiple cross-site scripting (XSS) vulnerabilities in the Database Administration (dba) module 4.6.x-*, and before 4.7.x-1.2 in the 4.7.x-1.* series, for Drupal allow remote attackers to inject arbi…
|
NVD-CWE-Other
|
CVE-2007-2159
|
2011-03-8 11:53 |
2007-04-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259573
|
7.5 |
HIGH
|
drupal
|
database_administration_module
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Database Administration (dba) module 4.6.x-*, and before 4.7.x-1.2 in the 4.7.x-1.* series, for Drupal allow remote attackers to perf…
|
NVD-CWE-Other
|
CVE-2007-2160
|
2011-03-8 11:53 |
2007-04-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259574
|
6.8 |
MEDIUM
|
microgaming
|
download_helper_activex_control
|
Stack-based buffer overflow in the Microgaming Download Helper ActiveX control (dlhelper.dll) before 7.2.0.19, and the WebHandler Class control, allows remote attackers to execute arbitrary code via …
|
NVD-CWE-Other
|
CVE-2007-2177
|
2011-03-8 11:53 |
2007-04-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259575
|
4.3 |
MEDIUM
|
lan_management_system
|
lan_management_system
|
Cross-site scripting (XSS) vulnerability in LAN Management System (LMS) before 1.6.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably involving the OD …
|
NVD-CWE-Other
|
CVE-2007-2198
|
2011-03-8 11:53 |
2007-04-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259576
|
5.0 |
MEDIUM
|
swsoft
|
plesk
|
Multiple directory traversal vulnerabilities in SWsoft Plesk for Windows 7.6.1, 8.1.0, and 8.1.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter to (1) lo…
|
NVD-CWE-Other
|
CVE-2007-2268
|
2011-03-8 11:53 |
2007-04-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259577
|
4.3 |
MEDIUM
|
flowers
|
flowers
|
Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 allows remote attackers to inject arbitrary web script or HTML via the den parameter. NOTE: the provenance of this information is u…
|
NVD-CWE-Other
|
CVE-2007-2309
|
2011-03-8 11:53 |
2007-04-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259578
|
7.8 |
HIGH
|
minishare
|
minimal_http_server
|
MiniShare 1.5.4, and possibly earlier, allows remote attackers to cause a denial of service (application crash) via a flood of requests for new connections.
|
NVD-CWE-Other
|
CVE-2007-2315
|
2011-03-8 11:53 |
2007-04-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259579
|
10.0 |
HIGH
|
open_business_management
|
open_business_management
|
Unspecified vulnerability in the admin script in Open Business Management (OBM) before 2.0.0 allows remote attackers to have an unknown impact by calling the script "in txt mode from a browser."
|
NVD-CWE-Other
|
CVE-2007-2316
|
2011-03-8 11:53 |
2007-04-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259580
|
4.3 |
MEDIUM
|
virtuemart
|
virtuemart
|
Cross-site scripting (XSS) vulnerability in virtuemart_parser.php in VirtueMart before 20070213 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this iss…
|
NVD-CWE-Other
|
CVE-2007-1361
|
2011-03-8 11:52 |
2007-03-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259581
|
6.4 |
MEDIUM
|
joris_guisson
|
ktorrent
|
Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.2 allows remote attackers to overwrite arbitrary files via ".." sequences in a torrent filename.
|
NVD-CWE-Other
|
CVE-2007-1384
|
2011-03-8 11:52 |
2007-03-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259582
|
6.4 |
MEDIUM
|
joris_guisson
|
ktorrent
|
This vulnerability has been addressed with the following product update:
http://ktorrent.org/index.php?page=downloads
|
NVD-CWE-Other
|
CVE-2007-1384
|
2011-03-8 11:52 |
2007-03-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259583
|
7.5 |
HIGH
|
joris_guisson
|
ktorrent
|
chunkcounter.cpp in KTorrent before 2.1.2 allows remote attackers to cause a denial of service (crash) and heap corruption via a negative or large idx value.
|
NVD-CWE-Other
|
CVE-2007-1385
|
2011-03-8 11:52 |
2007-03-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259584
|
7.5 |
HIGH
|
joris_guisson
|
ktorrent
|
This vulnerability has been addressed in the following product update:
http://ktorrent.org/index.php?page=downloads
|
NVD-CWE-Other
|
CVE-2007-1385
|
2011-03-8 11:52 |
2007-03-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259585
|
6.9 |
MEDIUM
|
plesh
|
plesh
|
Plash permits sandboxed processes to open /dev/tty, which allows local users to escape sandbox restrictions and execute arbitrary commands by sending characters to a shell process on the same termima…
|
NVD-CWE-Other
|
CVE-2007-1400
|
2011-03-8 11:52 |
2007-03-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259586
|
4.3 |
MEDIUM
|
sun
|
java_dynamic_management_kit
|
The Java Management Extensions Remote API Remote Method Invocation over Internet Inter-ORB Protocol (JMX RMI-IIOP) API in Java Dynamic Management Kit 5.1 before 20070309 does not properly enforce the…
|
NVD-CWE-Other
|
CVE-2007-1419
|
2011-03-8 11:52 |
2007-03-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259587
|
7.8 |
HIGH
|
astrocam
|
astrocam
|
The web interface in AstroCam 2.0.0 through 2.6.5 allows remote attackers to cause a denial of service (daemon shutdown) via requests that contain a large amount of data in the "a" variable, which "f…
|
CWE-20
不適切な入力確認
|
CVE-2007-1426
|
2011-03-8 11:52 |
2007-03-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259588
|
7.8 |
HIGH
|
pennmush
|
pennmush
|
Multiple unspecified vulnerabilities in PennMUSH 1.8.3 before 1.8.3p1 and 1.8.2 before 1.8.2p3 allow attackers to cause a denial of service (crash) related to the (1) speak and (2) buy functions.
|
NVD-CWE-Other
|
CVE-2007-1431
|
2011-03-8 11:52 |
2007-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259589
|
4.4 |
MEDIUM
|
netperf
|
netperf
|
netserver in netperf 2.4.3 allows local users to overwrite arbitrary files via a symlink attack on /tmp/netperf.debug.
|
NVD-CWE-Other
|
CVE-2007-1444
|
2011-03-8 11:52 |
2007-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259590
|
10.0 |
HIGH
|
christian_scheurer
|
unrarlib urarfilelib
|
Buffer overflow in the urarlib_get function in Christian Scheurer UniquE RAR File Library (unrarlib, aka URARFileLib) 0.4 allows context-dependent attackers to execute arbitrary code via a long (1) f…
|
NVD-CWE-Other
|
CVE-2007-1457
|
2011-03-8 11:52 |
2007-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259591
|
9.3 |
HIGH
|
mcafee
|
epolicy_orchestrator protectionpilot
|
Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ActiveX control (SiteManager.dll) in the ePO management console in McAfee ePolicy Orchestrator (ePO) before 3.6.1 Patch 1 and Protec…
|
NVD-CWE-Other
|
CVE-2007-1498
|
2011-03-8 11:52 |
2007-03-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259592
|
6.8 |
MEDIUM
|
php
|
php
|
Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated b…
|
NVD-CWE-Other
|
CVE-2007-1521
|
2011-03-8 11:52 |
2007-03-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259593
|
6.8 |
MEDIUM
|
php
|
php
|
Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejecte…
|
NVD-CWE-Other
|
CVE-2007-1522
|
2011-03-8 11:52 |
2007-03-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259594
|
6.0 |
MEDIUM
|
sun
|
java_system_web_server
|
Sun Java System Web Server 6.1 before 20070314 allows remote authenticated users with revoked client certificates to bypass the Certificate Revocation List (CRL) authorization control and access secu…
|
NVD-CWE-Other
|
CVE-2007-1526
|
2011-03-8 11:52 |
2007-03-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259595
|
6.8 |
MEDIUM
|
guestbara
|
guestbara
|
Direct static code injection vulnerability in admin/configuration.php in Guestbara 1.2 and earlier allows remote authenticated users to inject arbitrary PHP code into config.php via the (1) admin_mai…
|
NVD-CWE-Other
|
CVE-2007-1554
|
2011-03-8 11:52 |
2007-03-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259596
|
10.0 |
HIGH
|
war_ftp_daemon
|
war_ftp_daemon
|
Stack-based buffer overflow in War FTP Daemon 1.65, and possibly earlier, allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors, as demonstrated by wa…
|
NVD-CWE-Other
|
CVE-2007-1567
|
2011-03-8 11:52 |
2007-03-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259597
|
6.8 |
MEDIUM
|
sourceforge
|
jgbbs
|
SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter, a different vector than CVE-2007-1440. NO…
|
NVD-CWE-Other
|
CVE-2007-1572
|
2011-03-8 11:52 |
2007-03-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259598
|
2.1 |
LOW
|
truecrypt_foundation
|
truecrypt
|
TrueCrypt before 4.3, when set-euid mode is used on Linux, allows local users to cause a denial of service (filesystem unavailability) by dismounting a volume mounted by a different user.
|
NVD-CWE-Other
|
CVE-2007-1589
|
2011-03-8 11:52 |
2007-03-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259599
|
7.5 |
HIGH
|
asterisk
|
asterisk
|
The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by s…
|
NVD-CWE-Other
|
CVE-2007-1595
|
2011-03-8 11:52 |
2007-03-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259600
|
9.3 |
HIGH
|
zziplib
|
zziplib
|
Stack-based buffer overflow in the zzip_open_shared_io function in zzip/file.c in ZZIPlib Library before 0.13.49 allows user-assisted remote attackers to cause a denial of service (application crash)…
|
NVD-CWE-Other
|
CVE-2007-1614
|
2011-03-8 11:52 |
2007-03-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|