Vulnerabilities (CVE)

Filter

130145 total CVE
CVE Vendors Products Updated CVSS
CVE-2007-3197 1 Jelsoft 1 Vbsupport Integrated Ticket System 2008-11-15 7.5
SQL injection vulnerability in vBSupport.php in vBSupport 1.1 before 1.1a allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2007-3150 1 Google 1 Desktop 2008-11-15 9.3
Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a...
CVE-2007-3130 1 Joomla 1 Jd-wiki 2008-11-15 6.8
Multiple PHP remote file inclusion vulnerabilities in the OpenWiki (formerly JD-Wiki) component (com_jd-wiki) 1.0.2, and possibly earlier, for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path...
CVE-2007-3075 1 Microsoft 1 Ie 2008-11-15 7.8
Directory traversal vulnerability in Microsoft Internet Explorer allows remote attackers to read arbitrary files via directory traversal sequences in a URI with a certain scheme, possibly related to "..%5C" (encoded backslash) sequences.
CVE-2007-3046 1 Advanced Software Production Line 1 Vortex Library 2008-11-15 5.0
Buffer overflow in Advanced Software Production Line Vortex Library before 1.0.3 allows remote attackers to cause a denial of service (listener crash) via unspecified vectors related to the select I/O implementation and the file set buffer. ...
CVE-2007-2912 1 Jelsoft 1 Vbulletin 2008-11-15 5.0
Unspecified vulnerability in Jelsoft vBulletin before 3.6.6, when unauthenticated User Infraction Permissions is disabled, allows remote attackers to see the infraction "red flag" for a deleted user.
CVE-2007-2904 1 Sun 1 Java System Messaging Server 2008-11-15 4.3
Cross-site scripting (XSS) vulnerability in Sun Java System Messaging Server 6.0 through 6.3, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a related issue to...
CVE-2007-2885 1 Microsoft 1 Visual Database Tools Database Designer 2008-11-15 4.3
The NotSafe function in the MSVDTDatabaseDesigner7 ActiveX control in VDT70.DLL in Microsoft Visual Database Tools (MSVDT) Database Designer 7.0 allows remote attackers to cause a denial of service (Internet Explorer 6 crash) via a long argument.
CVE-2007-2843 1 Apple 1 Safari 2008-11-15 10.0
Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably...
CVE-2007-2806 1 Galix 1 Galix 2008-11-15 5.8
Multiple cross-site scripting (XSS) vulnerabilities in index.php in GaliX 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) galix_cat_detail, (2) galix_gal_detail, and (3) galix_cat_detail_sort parameters.
CVE-2007-2557 1 Mambo 1 Mambo 2008-11-15 4.0
MOStlyDB Admin in Mambo 4.6.1 does not properly check privileges, which allows remote authenticated administrators to have an unknown impact via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained...
CVE-2007-2455 1 Parallels 1 Parallels Desktop 2008-11-15 6.1
Parallels allows local users to cause a denial of service (virtual machine abort) via (1) certain INT instructions, as demonstrated by INT 0xAA; (2) an IRET instruction when an invalid address is at the top of the stack; (3) a malformed MOVNTI...
CVE-2007-2454 1 Parallels 1 Parallels Desktop 2008-11-15 6.8
Heap-based buffer overflow in the VGA device in Parallels allows local users, with root access to the guest operating system, to terminate the virtual machine and possibly execute arbitrary code in the host operating system via unspecified...
CVE-2007-1588 1 Myserver 1 Myserver 2008-11-15 7.5
server.cpp in MyServer 0.8.5 calls Process::setuid before calling Process::setgid and thus does not properly drop privileges, which might allow remote attackers to execute CGI programs with unintended privileges.
CVE-2007-1462 1 Conga 1 Conga 2008-11-15 4.3
The luci server component in conga preserves the password between page loads for the Add System/Cluster task flow by storing the password in the Value attribute of a password entry field, which allows attackers to steal the password by performing...
CVE-2007-1442 1 Oracle 1 Database Server 2008-11-15 7.2
Oracle Database 10g uses a NULL pDacl parameter when calling the SetSecurityDescriptorDacl function to create discretionary access control lists (DACLs), which allows local users to gain privileges.
CVE-2007-1402 1 Rediff 1 Toolbar 2008-11-15 7.5
The Rediff Toolbar 2.0 ActiveX control in redifftoolbar.dll allows remote attackers to cause a denial of service via unspecified manipulations, possibly involving improper initialization or blank arguments.
CVE-2007-1222 1 Parallels 1 Parallels Desktop 2008-11-15 7.2
Parallels Desktop for Mac before 20070216 implements Drag and Drop by sharing the entire host filesystem as the .psf share, which allows local users of the guest operating system to write arbitrary files to the host filesystem, and execute...
CVE-2007-1198 1 Taskfreak 1 Taskfreak 2008-11-15 4.3
Cross-site scripting (XSS) vulnerability in TaskFreak! before 0.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a variant of CVE-2007-0982.
CVE-2007-1197 1 Epiware 1 Epiware 2008-11-15 9.3
Multiple unspecified vulnerabilities in Epiware before 4.7.5 have unknown impact and attack vectors, possibly related to cross-site scripting (XSS) and other unspecified issues.