Total
258583 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1651 | 1 Openid | 1 Openid | 2008-11-13 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in OpenID allows remote attackers to restore the login session of a user on an OpenID enabled site via unspecified vectors related to an arbitrary remote web site and cached tokens, after the user has signed into an OpenID server, logged into the OpenID enabled site, and then logged out of the OpenID enabled site. | |||||
| CVE-2007-1574 | 1 Care2x | 1 Care2x | 2008-11-13 | 5.0 MEDIUM | N/A |
| CARE2X 2.2, and possibly earlier, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-1494 | 1 Nukescripts | 1 Nukesentinel | 2008-11-13 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "filters for https:// and http://". | |||||
| CVE-2007-1492 | 1 Microsoft | 1 Windows Xp | 2008-11-13 | 7.1 HIGH | N/A |
| winmm.dll in Microsoft Windows XP allows user-assisted remote attackers to cause a denial of service (infinite loop) via a large cch argument value to the mmioRead function, as demonstrated by a crafted WAV file. | |||||
| CVE-2007-1435 | 1 D-link | 1 Tftp Server | 2008-11-13 | 10.0 HIGH | N/A |
| Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to cause a denial of service (crash) via a long (1) GET or (2) PUT request, which triggers memory corruption. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-1354 | 1 Jboss | 1 Jboss Application Server | 2008-11-13 | 6.0 MEDIUM | N/A |
| The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition and gain privileges by logging in during a session by a more privileged administrator, as demonstrated by privilege escalation from Read Mode to Write Mode. | |||||
| CVE-2007-1341 | 1 Simple Invoices | 1 Simple Invoices | 2008-11-13 | 5.0 MEDIUM | N/A |
| include/auth/auth.php in Simple Invoices before 2007 03 05 does not use the login system to protect print preview pages for invoices, which might allow attackers to obtain sensitive information. | |||||
| CVE-2007-0641 | 1 Shaffer Solutions Corp | 1 Dapcnfsd.dll | 2008-11-13 | 7.5 HIGH | N/A |
| Buffer overflow in the EnumPrintersA function in dapcnfsd.dll 0.6.4.0 in Shaffer Solutions (SSC) DiskAccess NFS Client allows remote attackers to execute arbitrary code via a long argument, an issue similar to CVE-2006-5854 and CVE-2007-0444. | |||||
| CVE-2007-0574 | 1 Spoonlabs | 1 Vivvo Article Management Cms | 2008-11-13 | 7.5 HIGH | N/A |
| SQL injection vulnerability in rss/show_webfeed.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.40 allows remote attackers to execute arbitrary SQL commands via the wcHeadlines parameter, a different vector than CVE-2006-4715. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0461 | 1 Dazuko | 1 Dazuko | 2008-11-13 | 5.0 MEDIUM | N/A |
| Multiple memory leaks in the Dazuko anti-virus helper module before 2.3.2 allow attackers to cause a denial of service (memory consumption) via unknown vectors. | |||||
| CVE-2007-0434 | 1 Bea | 1 Aqualogic Enterprise Security | 2008-11-13 | 4.6 MEDIUM | N/A |
| BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2 does not properly set the severity level of audit events when the system load is high, which might make it easier for attackers to avoid detection. | |||||
| CVE-2007-0433 | 1 Bea | 1 Aqualogic Service Bus | 2008-11-13 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2, when using Active Directory LDAP for authentication, allows remote authenticated users to access the server even after the account has been disabled. | |||||
| CVE-2007-0432 | 1 Bea | 1 Aqualogic Service Bus | 2008-11-13 | 7.5 HIGH | N/A |
| BEA AquaLogic Service Bus 2.0, 2.1, and 2.5 does not properly reject malformed request messages to a proxy service, which might allow remote attackers to bypass authorization policies and route requests to back-end services or conduct other unauthorized activities. | |||||
| CVE-2007-0386 | 1 Postnuke Software Foundation | 1 Postnuke | 2008-11-13 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the rating section in PostNuke 0.764 has unknown impact and attack vectors, related to "an interesting bug." | |||||
| CVE-2007-0385 | 1 Postnuke Software Foundation | 1 Postnuke | 2008-11-13 | 7.8 HIGH | N/A |
| The faq section in PostNuke 0.764 allows remote attackers to obtain sensitive information (the full path) via "unvalidated output" in FAQ/index.php, possibly involving an undefined id_cat variable. | |||||
| CVE-2007-0384 | 1 Postnuke Software Foundation | 1 Postnuke | 2008-11-13 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in preview in the reviews section in PostNuke 0.764 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-0381 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2008-11-13 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: CVE analysis suggests that the vendor fixed these issues. | |||||
| CVE-2007-0380 | 1 Docman | 1 Docman | 2008-11-13 | 5.0 MEDIUM | N/A |
| DocMan 1.3 RC2 allows remote attackers to obtain sensitive information (the full path) via unspecified vectors. | |||||
| CVE-2007-0379 | 1 Docman | 1 Docman | 2008-11-13 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in DocMan 1.3 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-0378 | 1 Docman | 1 Docman | 2008-11-13 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DocMan 1.3 RC2 allow attackers to execute arbitrary SQL commands via unspecified vectors. | |||||