259651
|
4.3 |
MEDIUM
|
php
|
php
|
A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, whic…
|
NVD-CWE-Other
|
CVE-2007-1287
|
2011-03-8 11:51 |
2007-03-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259652
|
10.0 |
HIGH
|
intel lenovo
|
pro_1000_lan_adapter thinkpad
|
Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors.
|
NVD-CWE-Other
|
CVE-2007-1307
|
2011-03-8 11:51 |
2007-03-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259653
|
9.0 |
HIGH
|
novell
|
access_manager
|
Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2007-1309
|
2011-03-8 11:51 |
2007-03-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259654
|
7.1 |
HIGH
|
phpmyadmin
|
phpmyadmin
|
The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a…
|
NVD-CWE-Other
|
CVE-2007-1325
|
2011-03-8 11:51 |
2007-03-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259655
|
7.1 |
HIGH
|
phpmyadmin
|
phpmyadmin
|
This vulnerability is addressed in the following product update:
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-3
|
NVD-CWE-Other
|
CVE-2007-1325
|
2011-03-8 11:51 |
2007-03-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259656
|
6.6 |
MEDIUM
|
sun
|
sun_fire
|
Unspecified vulnerability in ipmitool for Sun Fire X2100M2 and X2200M2 allows local users to gain privileges and reset or turn off the server.
|
NVD-CWE-Other
|
CVE-2007-1346
|
2011-03-8 11:51 |
2007-03-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259657
|
7.8 |
HIGH
|
linux
|
linux_kernel
|
The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before 2.6.21, and possibly 2.4.x, allows remote attackers to cause a denial of service (crash) via an AppleTalk frame that is shorter t…
|
NVD-CWE-Other
|
CVE-2007-1357
|
2011-03-8 11:51 |
2007-04-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259658
|
7.5 |
HIGH
|
grigoriadis
|
mini_web_server
|
Multiple buffer overflows in Nickolas Grigoriadis Mini Web server (MiniWebsvr) before 0.05 have unknown impact and attack vectors.
|
NVD-CWE-Other
|
CVE-2007-0525
|
2011-03-8 11:50 |
2007-01-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259659
|
7.5 |
HIGH
|
vote_pro
|
vote_pro
|
Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly earlier, allow remote attackers to execute arbitrary code via requests to unspecified PHP scripts with the poll_id parameter, wh…
|
NVD-CWE-Other
|
CVE-2007-0535
|
2011-03-8 11:50 |
2007-01-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259660
|
4.3 |
MEDIUM
|
cgi-rescue
|
webform
|
Cross-site scripting (XSS) vulnerability in CGI-RESCUE WebFORM 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
NVD-CWE-Other
|
CVE-2007-0547
|
2011-03-8 11:50 |
2007-01-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259661
|
6.8 |
MEDIUM
|
phproxy
|
phproxy
|
Multiple cross-site scripting (XSS) vulnerabilities in index.inc.php in PHProxy before 0.5 beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) data[realm] and (2) _url pa…
|
NVD-CWE-Other
|
CVE-2007-0553
|
2011-03-8 11:50 |
2007-01-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259662
|
4.0 |
MEDIUM
|
symantec
|
web_security
|
The license registering interface in Symantec Web Security (SWS) before 3.0.1.85 allows attackers to cause a denial of service (CPU consumption) by submitting a large file.
|
NVD-CWE-Other
|
CVE-2007-0564
|
2011-03-8 11:50 |
2007-01-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259663
|
4.0 |
MEDIUM
|
symantec
|
web_security
|
This vulnerablity is addressed in the following product release:
Symantec, Symantec Web Security, 3.0.1.85
|
NVD-CWE-Other
|
CVE-2007-0564
|
2011-03-8 11:50 |
2007-01-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259664
|
4.3 |
MEDIUM
|
mpg123
|
mpg123
|
The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early.
|
NVD-CWE-Other
|
CVE-2007-0578
|
2011-03-8 11:50 |
2007-01-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259665
|
6.8 |
MEDIUM
|
free_lan_intra_internet_portal
|
free_lan_intra_internet_portal
|
Multiple cross-site scripting (XSS) vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1…
|
NVD-CWE-Other
|
CVE-2007-0611
|
2011-03-8 11:50 |
2007-01-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259666
|
9.3 |
HIGH
|
chmlib
|
chmlib
|
chmlib before 0.39 allows user-assisted remote attackers to execute arbitrary code via a crafted page block length in a CHM file, which triggers memory corruption.
|
NVD-CWE-Other
|
CVE-2007-0619
|
2011-03-8 11:50 |
2007-01-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259667
|
9.3 |
HIGH
|
chmlib
|
chmlib
|
Update to version 0.39.
|
NVD-CWE-Other
|
CVE-2007-0619
|
2011-03-8 11:50 |
2007-01-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259668
|
7.5 |
HIGH
|
x-dev
|
xnews
|
Multiple SQL injection vulnerabilities in the generate_csv function in classes/class.news.php in X-dev xNews 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id, (…
|
NVD-CWE-Other
|
CVE-2007-0630
|
2011-03-8 11:50 |
2007-02-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259669
|
7.5 |
HIGH
|
asp_edge
|
asp_edge
|
SQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via a username cookie, a different vector than CVE-2007-0560.
|
NVD-CWE-Other
|
CVE-2007-0632
|
2011-03-8 11:50 |
2007-02-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259670
|
2.1 |
LOW
|
inotify
|
incron
|
Unspecified vulnerability in inotify before 0.3.5 has unknown impact and attack vectors, related to "access rights to watched files."
|
NVD-CWE-Other
|
CVE-2007-0636
|
2011-03-8 11:50 |
2007-02-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259671
|
5.4 |
MEDIUM
|
intel
|
enterprise_southbridge_2_bmc enterprise_southbridge_bmc server_board_s5000pal server_board_s5000psl server_board_s5000vcl server_board_s5000vsa server_board_s5000xal server_board…
|
The IPMI configuration does not appear to be the cause, but an extra condition for when it's possible. This is the reason for medium access complexity.
|
NVD-CWE-Other
|
CVE-2007-0661
|
2011-03-8 11:50 |
2007-02-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259672
|
5.4 |
MEDIUM
|
intel
|
enterprise_southbridge_2_bmc enterprise_southbridge_bmc server_board_s5000pal server_board_s5000psl server_board_s5000vcl server_board_s5000vsa server_board_s5000xal server_board…
|
Intel Enterprise Southbridge 2 Baseboard Management Controller (BMC), Intel Server Boards 5000XAL, S5000PAL, S5000PSL, S5000XVN, S5000VCL, S5000VSA, SC5400RA, and OEM Firmware for Intel Enterprise So…
|
NVD-CWE-Other
|
CVE-2007-0661
|
2011-03-8 11:50 |
2007-02-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259673
|
7.5 |
HIGH
|
eclectic_designs
|
cascadianfaq
|
SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the qid parameter, a different vector than CVE-…
|
NVD-CWE-Other
|
CVE-2007-0663
|
2011-03-8 11:50 |
2007-02-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259674
|
7.5 |
HIGH
|
fenrir
|
portable_sleipnir sleipnir
|
Cross-zone scripting vulnerability in Sleipnir 2.49 and earlier, and Portable Sleipnir 2.45 and earlier, allows remote attackers to bypass Web content zone restrictions via certain script contained i…
|
NVD-CWE-Other
|
CVE-2007-0705
|
2011-03-8 11:50 |
2007-02-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259675
|
7.5 |
HIGH
|
fenrir
|
darksky_rss_bar
|
Cross-zone scripting vulnerability in Darksky RSS bar for Internet Explorer before 1.29, RSS bar for Sleipnir before 1.29, and RSS bar for unDonut before 1.29 allows remote attackers to bypass Web co…
|
NVD-CWE-Other
|
CVE-2007-0706
|
2011-03-8 11:50 |
2007-02-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259676
|
6.8 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via an image with a crafted ColorSync profile.
|
NVD-CWE-Other
|
CVE-2007-0719
|
2011-03-8 11:50 |
2007-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259677
|
6.8 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
Unspecified vulnerability in diskimages-helper in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted compressed disk image tha…
|
NVD-CWE-Other
|
CVE-2007-0721
|
2011-03-8 11:50 |
2007-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259678
|
6.8 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
Integer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted AppleSingleEncoding disk image.
|
NVD-CWE-Other
|
CVE-2007-0722
|
2011-03-8 11:50 |
2007-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259679
|
8.5 |
HIGH
|
apple
|
mac_os_x mac_os_x_server
|
Unspecified vulnerability in the authentication feature for DirectoryService (DS Plug-Ins) for Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote authenticated LDAP users to modify the root …
|
NVD-CWE-Other
|
CVE-2007-0723
|
2011-03-8 11:50 |
2007-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259680
|
7.2 |
HIGH
|
apple
|
mac_os_x mac_os_x_server
|
Buffer overflow in the AirPortDriver module for AirPort in Apple Mac OS X 10.3.9 through 10.4.9, when running on hardware with the original AirPort wireless card, allows local users to execute arbitr…
|
NVD-CWE-Other
|
CVE-2007-0725
|
2011-03-8 11:50 |
2007-04-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259681
|
7.2 |
HIGH
|
apple
|
mac_os_x mac_os_x_preview.app mac_os_x_server
|
Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment before executing commands, which allows local users to gain privileges by setting unsp…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2007-0729
|
2011-03-8 11:50 |
2007-04-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259682
|
7.2 |
HIGH
|
apple
|
mac_os_x mac_os_x_server
|
Unspecified vulnerability in the CoreServices daemon in CarbonCore in Apple Mac OS X 10.4 through 10.4.9 allows local users to gain privileges via unspecified vectors involving "obtaining a send righ…
|
NVD-CWE-Other
|
CVE-2007-0732
|
2011-03-8 11:50 |
2007-04-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259683
|
7.2 |
HIGH
|
apple
|
mac_os_x mac_os_x_server
|
The vendor has addressed this issue through Mac OS software updates.
|
NVD-CWE-Other
|
CVE-2007-0732
|
2011-03-8 11:50 |
2007-04-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259684
|
9.3 |
HIGH
|
apple
|
mac_os_x mac_os_x_server
|
Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspeci…
|
NVD-CWE-Other
|
CVE-2007-0735
|
2011-03-8 11:50 |
2007-04-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259685
|
4.6 |
MEDIUM
|
apple
|
mac_os_x
|
The Login Window in Apple Mac OS X 10.3.9 through 10.4.9 does not properly check certain environment variables, which allows local users to gain privileges via unspecified vectors.
|
NVD-CWE-Other
|
CVE-2007-0737
|
2011-03-8 11:50 |
2007-04-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259686
|
4.6 |
MEDIUM
|
apple
|
mac_os_x
|
The Login Window in Apple Mac OS X 10.4 through 10.4.9 does not display the screen saver authentication dialog in certain circumstances when waking from sleep, even though the "require a password to …
|
NVD-CWE-Other
|
CVE-2007-0738
|
2011-03-8 11:50 |
2007-04-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259687
|
4.6 |
MEDIUM
|
apple
|
mac_os_x
|
The Login Window in Apple Mac OS X 10.4 through 10.4.9 displays the software update window beneath the loginwindow authentication dialog in certain circumstances related to running scheduled tasks, w…
|
NVD-CWE-Other
|
CVE-2007-0739
|
2011-03-8 11:50 |
2007-04-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259688
|
7.5 |
HIGH
|
apple
|
mac_os_x
|
Buffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9 through 10.4.9, when Internet Sharing is enabled, allows remote attackers to execute arbitrary code via malformed RTSP packets.
|
NVD-CWE-Other
|
CVE-2007-0741
|
2011-03-8 11:50 |
2007-04-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259689
|
7.8 |
HIGH
|
apple
|
mac_os_x
|
The WebFoundation framework in Apple Mac OS X 10.3.9 and earlier allows subdomain cookies to be accessed by the parent domain, which allows remote attackers to obtain sensitive information.
|
NVD-CWE-Other
|
CVE-2007-0742
|
2011-03-8 11:50 |
2007-04-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259690
|
4.9 |
MEDIUM
|
apple
|
mac_os_x
|
URLMount in Apple Mac OS X 10.3.9 through 10.4.9 passes the username and password credentials for mounting filesystems on SMB servers as command line arguments to the mount_sub command, which may all…
|
NVD-CWE-Other
|
CVE-2007-0743
|
2011-03-8 11:50 |
2007-04-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259691
|
7.2 |
HIGH
|
apple
|
mac_os_x mac_os_x_server
|
SMB in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when executing commands, which allows local users to gain privileges by setting unspecified environment variables.
|
NVD-CWE-Other
|
CVE-2007-0744
|
2011-03-8 11:50 |
2007-04-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259692
|
10.0 |
HIGH
|
apple
|
mac_os_x mac_os_x_server
|
Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via a "crafted SIP packet when initializing an au…
|
NVD-CWE-Other
|
CVE-2007-0746
|
2011-03-8 11:50 |
2007-04-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259693
|
10.0 |
HIGH
|
vbdrupal
|
vbdrupal
|
Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have unknown impact and remote attack vectors. NOTE: the vector related to Drupal is covered by CVE-2007-0626. These vulnerabilities …
|
NVD-CWE-Other
|
CVE-2007-0841
|
2011-03-8 11:50 |
2007-02-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259694
|
6.4 |
MEDIUM
|
pam_ssh
|
pam_ssh
|
The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when the allow_blank_passphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encryp…
|
NVD-CWE-Other
|
CVE-2007-0844
|
2011-03-8 11:50 |
2007-02-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259695
|
7.5 |
HIGH
|
apache_stats
|
apache_stats
|
Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
|
NVD-CWE-Other
|
CVE-2007-0930
|
2011-03-8 11:50 |
2007-02-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259696
|
10.0 |
HIGH
|
phpmyadmin
|
phpmyadmin
|
Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors.
|
NVD-CWE-Other
|
CVE-2007-0203
|
2011-03-8 11:49 |
2007-01-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259697
|
6.8 |
MEDIUM
|
six_apart
|
movable_type
|
Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, when nofollow is disabled and unmoderated comments are enabled, allows remote attackers to inject arbitrary web script or HTML via …
|
NVD-CWE-Other
|
CVE-2007-0231
|
2011-03-8 11:49 |
2007-01-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259698
|
5.0 |
MEDIUM
|
poptop
|
pptp_server
|
pptpgre.c in PoPToP Point to Point Tunneling Server (pptpd) before 1.3.4 allows remote attackers to cause a denial of service (PPTP connection tear-down) via (1) GRE packets with out-of-order sequenc…
|
NVD-CWE-Other
|
CVE-2007-0244
|
2011-03-8 11:49 |
2007-05-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259699
|
7.1 |
HIGH
|
apple
|
mac_os_x
|
Integer overflow in the byte_swap_sbin function in bsd/ufs/ufs/ufs_byte_order.c in Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service (kernel panic) by mounting a craf…
|
NVD-CWE-Other
|
CVE-2007-0299
|
2011-03-8 11:49 |
2007-01-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259700
|
10.0 |
HIGH
|
pancake.org
|
zina
|
Multiple unspecified vulnerabilities in Zina 1.0rc1 and earlier have unknown impact and attack vectors related to "Potential security bugs."
|
NVD-CWE-Other
|
CVE-2007-0303
|
2011-03-8 11:49 |
2007-01-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|