Vulnerabilities (CVE)

Filter

127277 total CVE
CVE Vendors Products Updated CVSS
CVE-2007-1574 1 Care2x 1 Care2x 2008-11-13 5.0
CARE2X 2.2, and possibly earlier, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained...
CVE-2007-1494 1 Nukescripts 1 Nukesentinel 2008-11-13 6.8
Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "filters for https:// and http://".
CVE-2007-1492 1 Microsoft 1 Windows Xp 2008-11-13 7.1
winmm.dll in Microsoft Windows XP allows user-assisted remote attackers to cause a denial of service (infinite loop) via a large cch argument value to the mmioRead function, as demonstrated by a crafted WAV file.
CVE-2007-1435 1 D-link 1 Tftp Server 2008-11-13 10.0
Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to cause a denial of service (crash) via a long (1) GET or (2) PUT request, which triggers memory corruption. NOTE: the provenance of this information is unknown; the details are...
CVE-2007-1354 1 Jboss 1 Jboss Application Server 2008-11-13 6.0
The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated...
CVE-2007-1341 1 Simple Invoices 1 Simple Invoices 2008-11-13 5.0
include/auth/auth.php in Simple Invoices before 2007 03 05 does not use the login system to protect print preview pages for invoices, which might allow attackers to obtain sensitive information.
CVE-2007-0641 1 Shaffer Solutions Corp 1 Dapcnfsd.dll 2008-11-13 7.5
Buffer overflow in the EnumPrintersA function in dapcnfsd.dll 0.6.4.0 in Shaffer Solutions (SSC) DiskAccess NFS Client allows remote attackers to execute arbitrary code via a long argument, an issue similar to CVE-2006-5854 and CVE-2007-0444.
CVE-2007-0574 1 Spoonlabs 1 Vivvo Article Management Cms 2008-11-13 7.5
SQL injection vulnerability in rss/show_webfeed.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.40 allows remote attackers to execute arbitrary SQL commands via the wcHeadlines parameter, a different vector than CVE-2006-4715. ...
CVE-2007-0461 1 Dazuko 1 Dazuko 2008-11-13 5.0
Multiple memory leaks in the Dazuko anti-virus helper module before 2.3.2 allow attackers to cause a denial of service (memory consumption) via unknown vectors.
CVE-2007-0434 1 Bea 1 Aqualogic Enterprise Security 2008-11-13 4.6
BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2 does not properly set the severity level of audit events when the system load is high, which might make it easier for attackers to avoid detection.
CVE-2007-0433 1 Bea 1 Aqualogic Service Bus 2008-11-13 6.5
Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2, when using Active Directory LDAP for authentication, allows remote authenticated users to access the server even after the account...
CVE-2007-0432 1 Bea 1 Aqualogic Service Bus 2008-11-13 7.5
BEA AquaLogic Service Bus 2.0, 2.1, and 2.5 does not properly reject malformed request messages to a proxy service, which might allow remote attackers to bypass authorization policies and route requests to back-end services or conduct other...
CVE-2007-0386 1 Postnuke Software Foundation 1 Postnuke 2008-11-13 10.0
Unspecified vulnerability in the rating section in PostNuke 0.764 has unknown impact and attack vectors, related to "an interesting bug."
CVE-2007-0385 1 Postnuke Software Foundation 1 Postnuke 2008-11-13 7.8
The faq section in PostNuke 0.764 allows remote attackers to obtain sensitive information (the full path) via "unvalidated output" in FAQ/index.php, possibly involving an undefined id_cat variable.
CVE-2007-0384 1 Postnuke Software Foundation 1 Postnuke 2008-11-13 5.1
Cross-site scripting (XSS) vulnerability in preview in the reviews section in PostNuke 0.764 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-0383 1 Wdaemon 1 Wdaemon 2008-11-13 5.0
** DISPUTED ** WDaemon 9.5.4 allows remote attackers to access the /WorldClient.dll URI on TCP port 3000, which has unknown impact. NOTE: The researcher reports that the vendor response was "this is not a security bug."
CVE-2007-0381 1 Adaptive Technology Resource Centre 1 Atutor 2008-11-13 7.5
Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: CVE analysis suggests that the vendor fixed these issues.
CVE-2007-0380 1 Docman 1 Docman 2008-11-13 5.0
DocMan 1.3 RC2 allows remote attackers to obtain sensitive information (the full path) via unspecified vectors.
CVE-2007-0379 1 Docman 1 Docman 2008-11-13 6.8
Cross-site scripting (XSS) vulnerability in DocMan 1.3 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-0378 1 Docman 1 Docman 2008-11-13 7.5
Multiple SQL injection vulnerabilities in DocMan 1.3 RC2 allow attackers to execute arbitrary SQL commands via unspecified vectors.