259701
|
7.1 |
HIGH
|
apple
|
mac_os_x
|
Integer overflow in the byte_swap_sbin function in bsd/ufs/ufs/ufs_byte_order.c in Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service (kernel panic) by mounting a craf…
|
NVD-CWE-Other
|
CVE-2007-0299
|
2011-03-8 11:49 |
2007-01-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259702
|
10.0 |
HIGH
|
pancake.org
|
zina
|
Multiple unspecified vulnerabilities in Zina 1.0rc1 and earlier have unknown impact and attack vectors related to "Potential security bugs."
|
NVD-CWE-Other
|
CVE-2007-0303
|
2011-03-8 11:49 |
2007-01-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259703
|
7.8 |
HIGH
|
apple
|
mac_os_x
|
The do_hfs_truncate function in Mac OS X 10.4.8 allows context-dependent attackers to cause a denial of service (kernel panic) via a crafted HFS+ filesystem in a DMG image, which causes an access of …
|
NVD-CWE-Other
|
CVE-2007-0318
|
2011-03-8 11:49 |
2007-01-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259704
|
9.3 |
HIGH
|
trend_micro
|
client-server-messaging_security officescan_corporate_edition
|
Multiple buffer overflows in the Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX control in OfficeScanSetupINI.dll, as used in OfficeScan 7.0 before Build 1344, OfficeScan 7.3 before Build…
|
CWE-119
バッファエラー
|
CVE-2007-0325
|
2011-03-8 11:49 |
2007-02-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259705
|
9.3 |
HIGH
|
trend_micro
|
client-server-messaging_security officescan_corporate_edition
|
Successful exploitation requires that OfficeScan client was installed using web deployment.
|
CWE-119
バッファエラー
|
CVE-2007-0325
|
2011-03-8 11:49 |
2007-02-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259706
|
9.3 |
HIGH
|
trend_micro
|
client-server-messaging_security officescan_corporate_edition
|
The vendor has issued a fix (7.0 Security Patch - Build 1344; 7.3 Security Patch - Build 1241).
|
CWE-119
バッファエラー
|
CVE-2007-0325
|
2011-03-8 11:49 |
2007-02-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259707
|
7.5 |
HIGH
|
bea
|
weblogic_server
|
BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate client certificates when reusing cached connections, which allows remote attackers to obtain access via an untrusted X.509 certifica…
|
NVD-CWE-Other
|
CVE-2007-0408
|
2011-03-8 11:49 |
2007-01-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259708
|
1.5 |
LOW
|
bea
|
weblogic_server
|
BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users…
|
NVD-CWE-Other
|
CVE-2007-0409
|
2011-03-8 11:49 |
2007-01-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259709
|
6.8 |
MEDIUM
|
bea
|
weblogic_server
|
BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when WS-Security is used, does not properly validate certificates, which allows remote attackers to conduct a man-in-the-middle (MITM)…
|
NVD-CWE-Other
|
CVE-2007-0411
|
2011-03-8 11:49 |
2007-01-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259710
|
4.4 |
MEDIUM
|
bea
|
weblogic_server
|
BEA WebLogic Server 8.1 through 8.1 SP5 stores cleartext data in a backup of config.xml after offline editing, which allows local users to obtain sensitive information by reading this backup file.
|
NVD-CWE-Other
|
CVE-2007-0413
|
2011-03-8 11:49 |
2007-01-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259711
|
5.0 |
MEDIUM
|
bea
|
weblogic_server
|
BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, and 9.0 allows remote attackers to cause a denial of service (server hang) via certain requests that cause muxer thr…
|
NVD-CWE-Other
|
CVE-2007-0414
|
2011-03-8 11:49 |
2007-01-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259712
|
5.0 |
MEDIUM
|
bea
|
weblogic_server
|
BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce access control after a dynamic update and dynamic redeployment of an application that is implemented through exploded jars, which all…
|
NVD-CWE-Other
|
CVE-2007-0415
|
2011-03-8 11:49 |
2007-01-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259713
|
7.5 |
HIGH
|
bea
|
weblogic_server
|
The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and 9.1 does not verify credentials when decrypting client messages, which allows remote attackers to bypass application security.
|
NVD-CWE-Other
|
CVE-2007-0416
|
2011-03-8 11:49 |
2007-01-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259714
|
10.0 |
HIGH
|
bea
|
weblogic_server
|
BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm, allows attackers to execute certain EJB container persistence opera…
|
NVD-CWE-Other
|
CVE-2007-0417
|
2011-03-8 11:49 |
2007-01-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259715
|
7.5 |
HIGH
|
bea
|
weblogic_server
|
BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1 does not enforce a security policy that declares permissions for EJB methods that have array parameters, which allows remote…
|
NVD-CWE-Other
|
CVE-2007-0418
|
2011-03-8 11:49 |
2007-01-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259716
|
5.0 |
MEDIUM
|
bea
|
weblogic_server
|
The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
|
NVD-CWE-Other
|
CVE-2007-0419
|
2011-03-8 11:49 |
2007-01-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259717
|
5.0 |
MEDIUM
|
bea
|
weblogic_server
|
BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to obtain sensitive information via malformed HTTP requests, which reveal data from previous requests.
|
NVD-CWE-Other
|
CVE-2007-0420
|
2011-03-8 11:49 |
2007-01-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259718
|
5.0 |
MEDIUM
|
bea
|
weblogic_server
|
BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, allows remote attackers to cause a denial of service (server inaccessibility) via manipulated socket connections.
|
NVD-CWE-Other
|
CVE-2007-0422
|
2011-03-8 11:49 |
2007-01-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259719
|
5.0 |
MEDIUM
|
bea
|
weblogic_server
|
Unspecified vulnerability in the BEA WebLogic Server proxy plug-in for Netscape Enterprise Server before September 2006 for Netscape Enterprise Server allow remote attackers to cause a denial of serv…
|
NVD-CWE-Other
|
CVE-2007-0424
|
2011-03-8 11:49 |
2007-01-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259720
|
7.5 |
HIGH
|
bea
|
jrockit weblogic_server
|
Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 through 8.1 SP5, and JRockit 1.4.2 R4.5 and earlier, allows attackers to gain privileges via unspecified vectors, related to an "over…
|
NVD-CWE-Other
|
CVE-2007-0425
|
2011-03-8 11:49 |
2007-01-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259721
|
5.0 |
MEDIUM
|
apple
|
software_update
|
Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X 10.4.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string spec…
|
NVD-CWE-Other
|
CVE-2007-0463
|
2011-03-8 11:49 |
2007-01-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259722
|
10.0 |
HIGH
|
telestream
|
flip4mac_windows_media_components_for_quicktime
|
Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 allows remote attackers to execute arbitrary code via a crafted ASF_File_Properties_Object size field in a WMV file, which triggers…
|
NVD-CWE-Other
|
CVE-2007-0466
|
2011-03-8 11:49 |
2007-01-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259723
|
3.7 |
LOW
|
smb4k
|
smb4k
|
Multiple race conditions in Smb4K before 0.8.0 allow local users to (1) modify arbitrary files via unspecified manipulations of Smb4K's lock file, which is not properly handled by the remove_lock_fil…
|
NVD-CWE-Other
|
CVE-2007-0472
|
2011-03-8 11:49 |
2007-02-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259724
|
1.9 |
LOW
|
smb4k
|
smb4k
|
The writeFile function in core/smb4kfileio.cpp in Smb4K before 0.8.0 does not preserve /etc/sudoers permissions across modifications, which allows local users to obtain sensitive information (/etc/su…
|
NVD-CWE-Other
|
CVE-2007-0473
|
2011-03-8 11:49 |
2007-02-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259725
|
3.3 |
LOW
|
smb4k
|
smb4k
|
Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to kill arbitrary processes, related to a "design issue with smb4k_kill."
|
NVD-CWE-Other
|
CVE-2007-0474
|
2011-03-8 11:49 |
2007-02-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259726
|
4.4 |
MEDIUM
|
smb4k
|
smb4k
|
Multiple stack-based buffer overflows in utilities/smb4k_*.cpp in Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to gain privileges via unspecified vectors related to t…
|
NVD-CWE-Other
|
CVE-2007-0475
|
2011-03-8 11:49 |
2007-02-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259727
|
4.6 |
MEDIUM
|
gentoo
|
linux
|
The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild in Gentoo Linux, does not create temporary directories in /tmp secur…
|
NVD-CWE-Other
|
CVE-2007-0476
|
2011-03-8 11:49 |
2007-01-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259728
|
6.8 |
MEDIUM
|
sky_gunning
|
myspeach
|
PHP remote file inclusion vulnerability in up.php in Sky GUNNING MySpeach 3.0.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the my_ms[root] parameter, a different v…
|
NVD-CWE-Other
|
CVE-2007-0491
|
2011-03-8 11:49 |
2007-01-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259729
|
5.0 |
MEDIUM
|
hitachi
|
tpi_link tpi_server_base
|
Hitachi TP1/LiNK 05-00 through 05-03-/F, 03-04 through 03-06-/K, and 03-00 through 03-03-/H; and TP1/Server Base 05-00 through 05-00-/M, 03-01-E through 03-01-FD, 03-01 through 03-01-DB, and 05-03; a…
|
NVD-CWE-Other
|
CVE-2007-0512
|
2011-03-8 11:49 |
2007-01-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259730
|
6.8 |
MEDIUM
|
hitachi
|
cosminexus_application_server cosminexus_application_server_version_5 cosminexus_developer_light_version_6 cosminexus_developer_professional_version_6 cosminexus_developer_standard_versio…
|
Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML …
|
NVD-CWE-Other
|
CVE-2007-0514
|
2011-03-8 11:49 |
2007-01-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259731
|
6.8 |
MEDIUM
|
novell
|
access_manager_identity_server
|
Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell Access Manager Identity Server before 3.0.0-1013 allows remote attackers to inject arbitrary web script or HTML via the IssueInstan…
|
NVD-CWE-Other
|
CVE-2007-0110
|
2011-03-8 11:48 |
2007-01-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259732
|
10.0 |
HIGH
|
apple
|
mac_os_x mac_os_x_server
|
DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /L…
|
NVD-CWE-Other
|
CVE-2007-0117
|
2011-03-8 11:48 |
2007-01-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259733
|
7.5 |
HIGH
|
igeneric
|
ig_shop
|
Multiple SQL injection vulnerabilities in display_review.php in iGeneric iG Shop 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) user_login_cookie param…
|
NVD-CWE-Other
|
CVE-2007-0133
|
2011-03-8 11:48 |
2007-01-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259734
|
7.5 |
HIGH
|
hp
|
openvms
|
Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in DECnet/OSI 7.3-2 for OpenVMS ALPHA, and the DECnet-Plus 7.3 feature in DECnet/OSI 7.3 for OpenVMS VAX, allows attackers to obtain "uninte…
|
NVD-CWE-Other
|
CVE-2007-0139
|
2011-03-8 11:48 |
2007-01-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259735
|
5.0 |
MEDIUM
|
cisco
|
ip_contact_center_enterprise ip_contact_center_hosted unified_contact_center_enterprise unified_contact_center_hosted
|
The JTapi Gateway process in Cisco Unified Contact Center Enterprise, Unified Contact Center Hosted, IP Contact Center Enterprise, and Cisco IP Contact Center Hosted 5.0 through 7.1 allows remote att…
|
NVD-CWE-Other
|
CVE-2007-0198
|
2011-03-8 11:48 |
2007-01-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259736
|
4.3 |
MEDIUM
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows remote attackers to obtain JSP source code and other sensitive information via certain "special URIs."
|
NVD-CWE-Other
|
CVE-2006-7165
|
2011-03-8 11:48 |
2007-03-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259737
|
5.0 |
MEDIUM
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows remote attackers to obtain JSP source code and other sensitive information via "a specific JSP URL."
|
NVD-CWE-Other
|
CVE-2006-7166
|
2011-03-8 11:48 |
2007-03-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259738
|
6.3 |
MEDIUM
|
hosting_controller
|
hosting_controller
|
Directory traversal vulnerability in FolderManager/FolderManager.aspx in Hosting Controller 7c allows remote authenticated users to read and modify arbitrary files, and list arbitrary directories via…
|
NVD-CWE-Other
|
CVE-2006-6814
|
2011-03-8 11:47 |
2006-12-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259739
|
7.5 |
HIGH
|
mxmania
|
calendar_mx_basic
|
Calendar MX BASIC 1.0.2 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for cale…
|
NVD-CWE-Other
|
CVE-2006-6825
|
2011-03-8 11:47 |
2006-12-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259740
|
7.5 |
HIGH
|
efkan_forum
|
efkan_forum
|
Multiple SQL injection vulnerabilities in Efkan Forum 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the grup parameter in admin.asp, or the id parameter in (2) defa…
|
NVD-CWE-Other
|
CVE-2006-6828
|
2011-03-8 11:47 |
2006-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259741
|
7.8 |
HIGH
|
efkan_forum
|
efkan_forum
|
Efkan Forum 1.0 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum.mdb. …
|
NVD-CWE-Other
|
CVE-2006-6829
|
2011-03-8 11:47 |
2006-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259742
|
4.3 |
MEDIUM
|
joomla
|
joomla
|
Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to poll.php or the module ti…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2006-6832
|
2011-03-8 11:47 |
2006-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259743
|
7.5 |
HIGH
|
joomla
|
joomla
|
com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors.
|
NVD-CWE-Other
|
CVE-2006-6833
|
2011-03-8 11:47 |
2006-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259744
|
6.8 |
MEDIUM
|
joomla
|
joomla
|
Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have unknown impact and attack vectors related to (1) "unneeded legacy functions" and (2) "Several low level security fixes."
|
NVD-CWE-Other
|
CVE-2006-6834
|
2011-03-8 11:47 |
2006-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259745
|
6.0 |
MEDIUM
|
tdiary
|
tdiary
|
Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validati…
|
CWE-20
不適切な入力確認
|
CVE-2006-6852
|
2011-03-8 11:47 |
2006-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259746
|
6.8 |
MEDIUM
|
miredo
|
miredo
|
Miredo 0.9.8 through 1.0.5 does not properly authenticate a Teredo bubble during UDP hole punching with HMAC-MD5-64 hashing, which allows remote attackers to impersonate an arbitrary Teredo client.
|
NVD-CWE-Other
|
CVE-2006-6858
|
2011-03-8 11:47 |
2006-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259747
|
5.0 |
MEDIUM
|
avahi
|
avahi
|
The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that poi…
|
NVD-CWE-Other
|
CVE-2006-6870
|
2011-03-8 11:47 |
2006-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259748
|
5.0 |
MEDIUM
|
avahi
|
avahi
|
This vulnerability is addressed in the following product release:
Avahi, Avahi, 0.6.16
|
NVD-CWE-Other
|
CVE-2006-6870
|
2011-03-8 11:47 |
2006-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259749
|
6.8 |
MEDIUM
|
jonathon_freeman
|
ovbb
|
Cross-site scripting (XSS) vulnerability in the GetLocation function in online.php in Jonathon J. Freeman OvBB 0.13a allows remote attackers to inject arbitrary web script or HTML via the aRequest va…
|
NVD-CWE-Other
|
CVE-2006-6892
|
2011-03-8 11:47 |
2006-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259750
|
7.5 |
HIGH
|
phpmyfaq
|
phpmyfaq
|
Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to upload arbitrary PHP scripts via unspecified vectors.
|
NVD-CWE-Other
|
CVE-2006-6913
|
2011-03-8 11:47 |
2006-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|