The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2007-1063 | The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device. | HIGH | May 23, 2019 | n/a |
| CVE-2007-1062 | The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and Station 7936 3.3(12) and earlier does not properly handle administrator HTTP sessions, which allows remote attackers to bypass authentication controls via a direct URL request to the administrative HTTP interface for a limited time | HIGH | May 23, 2019 | n/a |
| CVE-2007-0994 | A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges. | MEDIUM | Oct 9, 2019 | n/a |
| CVE-2007-0992 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2007-0991 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2007-0990 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2007-0989 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2007-0955 | The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable Professional 2.35 and earlier allows remote attackers to cause a denial of service (application crash) via certain base64-encoded data following an AUTHENTICATE NTLM command to the imap port (143/tcp), which results in an out-of-bounds read. | HIGH | Oct 2, 2019 | n/a |
| CVE-2007-0941 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2007-0937 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2007-0935 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2007-0899 | There is a possible heap overflow in libclamav/fsg.c before 0.100.0. | HIGH | Nov 8, 2019 | n/a |
| CVE-2007-0780 | browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI. | MEDIUM | Oct 9, 2019 | n/a |
| CVE-2007-0778 | The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain sensitive information or enable further attack vectors when the target page is reloaded from the cache. | MEDIUM | Oct 9, 2019 | n/a |
| CVE-2007-0777 | The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption. | HIGH | Oct 9, 2019 | n/a |
| CVE-2007-0727 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2007-0212 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2007-0207 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2007-0158 | thttpd 2007 has buffer underflow. | HIGH | Jan 8, 2020 | n/a |
| CVE-2007-0086 | The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal | -- | Nov 6, 2023 | n/a |
| CVE-2007-0063 | Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed DHCP packet that triggers a stack-based buffer overflow. | HIGH | Jul 16, 2019 | n/a |
| CVE-2007-0061 | The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed packet that triggers \"corrupt stack memory.\" | HIGH | Jul 16, 2019 | n/a |
| CVE-2007-0037 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2007-0036 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2007-0032 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2007-0009 | Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid \"Client Master Key\" length values. | MEDIUM | Oct 9, 2019 | n/a |
| CVE-2006-20001 | A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. | -- | Jan 25, 2023 | n/a |
| CVE-2006-10001 | A vulnerability, which was classified as problematic, was found in Subscribe to Comments Plugin up to 2.0.7 on WordPress. This affects an unknown part of the file subscribe-to-comments.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.0.8 is able to address this issue. The identifier of the patch is 9683bdf462fcac2f32b33be98f0b96497fbd1bb6. It is recommended to upgrade the affected component. The identifier VDB-222321 was assigned to this vulnerability. | -- | Mar 5, 2023 | n/a |
| CVE-2006-7254 | The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon. | Low | Apr 10, 2019 | n/a |
| CVE-2006-7251 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2006-7249 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-7250, CVE-2012-1410. Reason: this candidate was intended for one issue, but CVE users may have associated it with multiple unrelated issues. Notes: All CVE users should consult CVE-2006-7250 for the OpenSSL candidate or CVE-2012-1410 for the Kadu candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 | n/a |
| CVE-2006-7248 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-7250, CVE-2012-1410. Reason: this candidate was intended for one issue, but CVE users may have associated it with multiple unrelated issues. Notes: All CVE users should consult CVE-2006-7250 for the OpenSSL candidate or CVE-2012-1410 for the Kadu candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 | n/a |
| CVE-2006-7246 | NetworkManager 0.9.x does not pin a certificate\'s subject to an ESSID when 802.11X authentication is used. | LOW | Jan 31, 2020 | n/a |
| CVE-2006-6737 | Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 5 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_10 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to \"access data in other applets,\" aka \"The first issue.\" | MEDIUM | Aug 1, 2019 | n/a |
| CVE-2006-6736 | Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 6 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to \"access data in other applets,\" aka \"The second issue.\" | MEDIUM | Aug 1, 2019 | n/a |
| CVE-2006-6731 | Multiple buffer overflows in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allow attackers to develop Java applets that read, write, or execute local files, possibly related to (1) integer overflows in the Java_sun_awt_image_ImagingLib_convolveBI, awt_parseRaster, and awt_parseColorModel functions; (2) a stack overflow in the Java_sun_awt_image_ImagingLib_lookupByteRaster function; and (3) improper handling of certain negative values in the Java_sun_font_SunLayoutEngine_nativeLayout function. NOTE: some of these details are obtained from third party information. | HIGH | Aug 1, 2019 | n/a |
| CVE-2006-6684 | Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd before 2.4 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long X-Forwarded-For HTTP header. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | HIGH | Nov 13, 2019 | n/a |
| CVE-2006-6683 | Pedro Lineu Orso chetcpasswd 2.4.1 and earlier verifies and updates user accounts via custom code that processes /etc/shadow and does not follow the PAM configuration, which might allow remote attackers to bypass intended restrictions implemented through PAM. | HIGH | Nov 13, 2019 | n/a |
| CVE-2006-6682 | Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message when a request with a valid username fails, compared to a request with an invalid username, which allows remote attackers to determine valid usernames on the system. | MEDIUM | Nov 14, 2019 | n/a |
| CVE-2006-6679 | Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For HTTP header when verifying a client\'s status on an IP address ACL, which allows remote attackers to gain unauthorized access by spoofing this header. | HIGH | Nov 13, 2019 | n/a |
| CVE-2006-6589 | Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information. | MEDIUM | Jul 17, 2019 | n/a |
| CVE-2006-6588 | The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact. | HIGH | Jul 17, 2019 | n/a |
| CVE-2006-6587 | Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message. | MEDIUM | Jul 17, 2019 | n/a |
| CVE-2006-6500 | Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by setting the CSS cursor to certain images that cause an incorrect size calculation when converting to a Windows bitmap. | MEDIUM | Oct 9, 2019 | n/a |
| CVE-2006-6499 | The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision. | MEDIUM | Oct 9, 2019 | n/a |
| CVE-2006-6291 | Stack overflow in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.83 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.40 and 2.0 through 2.33, allows remote authenticated users to cause a denial of service (crash) via a long argument containing * (asterisk) and ? (question mark) characters to the DELETE command, as addressed by the ME-10020 hotfix. | MEDIUM | Oct 3, 2019 | n/a |
| CVE-2006-6006 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2006-6005 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2006-6004 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2006-6003 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none | -- | Nov 7, 2023 | n/a |
