Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 98066 entries
IDDescriptionPriorityModified date
CVE-2007-6034 ngIRCd before 0.10.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted IRC JOIN command. High Dec 12, 2007
CVE-2007-6033 Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure permissions (Everybody/Full Control), which allows remote authenticated attackers, possibly anonymous users, to execute arbitrary programs. High Dec 13, 2007
CVE-2007-6032 SQL injection vulnerability in calendar/page.asp in Aleris Web Publishing Server 3.0 allows remote attackers to execute arbitrary SQL commands via the mode parameter. High Nov 20, 2007
CVE-2007-6031 Unspecified vulnerability in VanDyke VShell 3.0.1 allows remote attackers to cause a denial of service via unspecified vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. High Nov 20, 2007
CVE-2007-6030 Unspecified vulnerability in Weird Solutions BOOTPTurbo 1.2 has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. High Nov 20, 2007
CVE-2007-6029 Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via a crafted e-mail message. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. High Nov 20, 2007
CVE-2007-6028 Multiple stack-based buffer overflows in the VSFlexGrid.VSFlexGridL ActiveX control in ComponentOne FlexGrid 7.1 Light allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long string in the (1) Text, (2) EditSelText, (3) EditText, and (4) CellFontName property values. Medium Nov 20, 2007
CVE-2007-6027 PHP remote file inclusion vulnerability in admin.jjgallery.php in the Carousel Flash Image Gallery (com_jjgallery) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. Medium Nov 20, 2007
CVE-2007-6026 Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file. High Dec 13, 2007
CVE-2007-6025 Stack-based buffer overflow in driver_wext.c in wpa_supplicant 0.6.0 and earlier allows remote attackers to cause a denial of service (crash) via crafted TSF data. High Nov 20, 2007
CVE-2007-6021 Heap-based buffer overflow in Adobe PageMaker 7.0.1 and 7.0.2 allows user-assisted remote attackers to execute arbitrary code via a .PMD file with a crafted font structure. High Nov 11, 2008
CVE-2007-6020 Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat File speed reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a long attribute value in a (1) DI, (2) FD, (3) FT, (4) JD, (5) JL, (6) LE, (7) OB, (8) OD, (9) OL, (10) PN, (11) PS, (12) PW, (13) RD, (14) QL, or (15) TS tag in a .fff file. High Sep 5, 2008
CVE-2007-6019 Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly. High Sep 5, 2008
CVE-2007-6018 IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) purge deleted emails via a crafted email message. Medium Sep 5, 2008
CVE-2007-6017 The PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, exposes the unsafe Save method, which allows remote attackers to cause a denial of service (browser crash), or create or overwrite arbitrary files, via string values of the (1) _DOWText0, (2) _DOWText1, (3) _DOWText2, (4) _DOWText3, (5) _DOWText4, (6) _DOWText5, (7) _DOWText6, (8) _MonthText0, (9) _MonthText1, (10) _MonthText2, (11) _MonthText3, (12) _MonthText4, (13) _MonthText5, (14) _MonthText6, (15) _MonthText7, (16) _MonthText8, (17) _MonthText9, (18) _MonthText10, and (19) _MonthText11 properties. NOTE: the vendor states Authenticated user involvement required, but authentication is not needed to attack a client machine that loads this control. Medium Sep 5, 2008
CVE-2007-6016 Multiple stack-based buffer overflows in the PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, allow remote attackers to execute arbitrary code via a long (1) _DOWText0, (2) _DOWText1, (3) _DOWText2, (4) _DOWText3, (5) _DOWText4, (6) _DOWText5, (7) _DOWText6, (8) _MonthText0, (9) _MonthText1, (10) _MonthText2, (11) _MonthText3, (12) _MonthText4, (13) _MonthText5, (14) _MonthText6, (15) _MonthText7, (16) _MonthText8, (17) _MonthText9, (18) _MonthText10, or (19) _MonthText11 property value when executing the Save method. NOTE: the vendor states Authenticated user involvement required, but authentication is not needed to attack a client machine that loads this control. High Sep 5, 2008
CVE-2007-6015 Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the domain logons option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request. High Sep 10, 2008
CVE-2007-6014 SQL injection vulnerability in post.php in Beehive Forum 0.7.1 and earlier allows remote attackers to execute arbitrary SQL commands via the t_dedupe parameter. High Sep 5, 2008
CVE-2007-6013 Wordpress 1.5 to 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash. Medium Dec 13, 2007
CVE-2007-6012 SQL injection vulnerability in SearchR.asp in DocuSafe 4.1.0 allows remote attackers to execute arbitrary SQL commands via the artnr parameter (aka the search section). NOTE: some of these details are obtained from third party information. High Mar 4, 2008
CVE-2007-6011 Unspecified vulnerability in main.php of BugHotel Reservation System before 4.9.9 P3 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. High Nov 19, 2007
CVE-2007-6010 Unspecified vulnerability in pioneers (formerly gnocatan) 0.11.3 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors that trigger an assert error. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-5933. High Nov 19, 2007
CVE-2007-6009 Multiple buffer overflows in ACD products allow user-assisted remote attackers to execute arbitrary code via a long section string in a (1) XBM or (2) XPM file to (a) ID_X.apl or (b) IDE_ACDStd.apl. NOTE: the PSP and LHA vectors are already covered by CVE-2007-4344 and CVE-2007-6007. NOTE: these might be integer overflows rather than buffer overflows. High Nov 19, 2007
CVE-2007-6008 Heap-based buffer overflow in emlsr.dll before 2.0.0.4 in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK allows remote attackers to execute arbitrary code via a long Content-Type header line in an EML file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. High Nov 19, 2007
CVE-2007-6007 Integer overflow in the ID_PSP.apl plug-in for ACD ACDSee Photo Manager 9.0 build 108, Pro Photo Manager 8.1 build 99, and Photo Editor 4.0 build 195 allows user-assisted remote attackers to execute arbitrary code via a crafted PSP image that triggers a heap-based buffer overflow. Medium Nov 16, 2007
CVE-2007-6006 TestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors. High Nov 16, 2007
CVE-2007-6005 Unspecified vulnerability in the GpcContainer.GpcContainer.1 ActiveX control in WebEx allows remote attackers to cause a denial of service (memory access violation and crash) via (1) an invalid argument to the InitParam method or (2) an unspecified vector involving the SetParam method. Medium Nov 19, 2007
CVE-2007-6004 Multiple SQL injection vulnerabilities in index.php in Toko Instan 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an artikel action or (2) the katid parameter in a produk action. High Nov 16, 2007
CVE-2007-6003 Cross-site scripting (XSS) vulnerability in cgi/b/ic/connect in the Thomson SpeedTouch 716 with firmware 5.4.0.14 allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Medium Nov 16, 2007
CVE-2007-6002 Cross-site scripting (XSS) vulnerability in Fenriru (1) Sleipnir 2.5.17 R2 and earlier and (2) Grani 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search field in a search for additions to the Favorites section. Medium Nov 16, 2007
CVE-2007-6001 Multiple cross-site scripting (XSS) vulnerabilities in index.php in Bandersnatch 0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) func or (2) date parameter, or the jid parameter in a (3) log or (4) user action, a different vulnerability than CVE-2007-3910. Medium Mar 4, 2008
CVE-2007-6000 KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a denial of service (crash) via large HTTP cookie parameters. Medium Mar 4, 2008
CVE-2007-5999 SQL injection vulnerability in product_desc.php in Softbiz Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter. High Mar 4, 2008
CVE-2007-5998 SQL injection vulnerability in ads.php in Softbiz Ad Management plus Script 1 allows remote authenticated users to execute arbitrary SQL commands via the package parameter. Medium Mar 4, 2008
CVE-2007-5997 SQL injection vulnerability in campaign_stats.php in Softbiz Banner Exchange Network Script 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter. Medium Mar 5, 2008
CVE-2007-5996 SQL injection vulnerability in searchresult.php in Softbiz Link Directory Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter, a related issue to CVE-2007-5449. High Mar 5, 2008
CVE-2007-5995 PHP remote file inclusion vulnerability in examples/patExampleGen/bbcodeSource.php in patBBcode 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the example parameter. Medium Nov 16, 2007
CVE-2007-5994 PHP remote file inclusion vulnerability in check_noimage.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the config[path_src_include] parameter. Medium Nov 16, 2007
CVE-2007-5993 Cross-site scripting (XSS) vulnerability in Visionary Technology in Library Solutions (VTLS) vtls.web.gateway before 48.1.1 allows remote attackers to inject arbitrary web script or HTML via the searchtype parameter. Medium Nov 16, 2007
CVE-2007-5992 SQL injection vulnerability in index.php in datecomm Social Networking Script allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewcat s action on the forums page. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. High Dec 13, 2007
CVE-2007-5991 SQL injection vulnerability in index.php in ExoPHPdesk allows remote attackers to execute arbitrary SQL commands via the user parameter in a profile fn action. High Nov 16, 2007
CVE-2007-5990 Cross-site scripting (XSS) vulnerability in ExoPHPdesk allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a user profile. Medium Dec 13, 2007
CVE-2007-5989 Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via short string values that result in heap corruption. Medium Nov 15, 2008
CVE-2007-5988 blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user accounts, which allows remote attackers to post shoutbox entries as arbitrary users via a modified nick field. High Nov 15, 2007
CVE-2007-5987 details.php in BtiTracker before 1.4.5, when torrent viewing is disabled for guests, allows remote attackers to bypass protection mechanisms via a direct request, as demonstrated by (1) reading the details of an arbitrary torrent and (2) modifying a torrent owned by a guest. Medium Nov 15, 2007
CVE-2007-5986 SQL injection vulnerability in include/functions.php in BtiTracker before 1.4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Medium Nov 15, 2007
CVE-2007-5985 Multiple cross-site scripting (XSS) vulnerabilities in BtiTracker before 1.4.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) account.php, (2) moresmiles.php, or (3) recover.php; or (4) the "to" parameter to usercp.php. Medium Nov 15, 2007
CVE-2007-5984 classes/Url.php in Justin Hagstrom AutoIndex PHP Script before 2.2.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via a %00 sequence in the dir parameter to index.php, which triggers an erroneous "recursive calculation." High Nov 15, 2007
CVE-2007-5983 Cross-site scripting (XSS) vulnerability in index.php in Justin Hagstrom AutoIndex PHP Script before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). Medium Nov 15, 2007
CVE-2007-5982 Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4, 2.0.5, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) room parameter to sources/frame.php, the (2) theme_c parameter to help/index.php, or the (3) INSTALL_X7CHATVERSION parameter to upgradev1.php. Medium Nov 15, 2007
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version.
Live chat
Online