Export limit exceeded: 342344 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (5484 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-6395 | 1 Flat Php | 1 Board | 2025-04-09 | N/A |
| Flat PHP Board 1.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials via a direct request for the username php file for any user account in users/. | ||||
| CVE-2007-6383 | 1 Chandler Project | 1 Chandler Server | 2025-04-09 | N/A |
| The DAV component in Chandler Server (Cosmo) before 0.10.1 does not check resource creation permissions, which allows remote authenticated users to create arbitrary resources in another user's home collection. | ||||
| CVE-2007-6361 | 1 Gekkoware | 1 Gekko | 2025-04-09 | N/A |
| Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server. | ||||
| CVE-2007-6350 | 1 Scponly | 1 Scponly | 2025-04-09 | N/A |
| scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including (1) unison, (2) rsync, (3) svn, and (4) svnserve, as originally demonstrated by creating a Subversion (SVN) repository with malicious hooks, then using svn to trigger execution of those hooks. | ||||
| CVE-2007-6334 | 2 Ingres, Microsoft | 2 Ingres, Windows Nt | 2025-04-09 | N/A |
| Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges. | ||||
| CVE-2007-6319 | 1 Lyris | 1 List Manager | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in Lyris ListManager 8.x before 8.95d, 9.2 before 9.2c, and 9.3 before 9.3b allow remote attackers to (1) gain list administrator privileges or (2) access arbitrary mailing lists via unknown vectors related to modification of client-side information; and (3) allow remote authenticated administrators to modify other account data by creating "new accounts that collide with existing accounts." | ||||
| CVE-2007-6313 | 1 Mysql | 1 Mysql Community Server | 2025-04-09 | N/A |
| MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG, which allows remote authorized users to execute arbitrary BINLOG statements. | ||||
| CVE-2007-6305 | 3 Ibm, Linux, Unix | 3 Hardware Management Console, Linux Kernel, Unix | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 7 R3.2.0 allow attackers to gain privileges via "some HMC commands." | ||||
| CVE-2007-6294 | 1 Ibm | 1 Hardware Management Console | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 3 R3.7 allow attackers to gain privileges via "some HMC commands." | ||||
| CVE-2007-6278 | 1 Flac | 1 Libflac | 2025-04-09 | N/A |
| Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file. | ||||
| CVE-2007-5682 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-09 | N/A |
| Incomplete blacklist vulnerability in tiki-graph_formula.php in TikiWiki before 1.9.8.2 allows remote attackers to execute arbitrary code by using variable functions and variable variables to write variables whose names match the whitelist, a different vulnerability than CVE-2007-5423. | ||||
| CVE-2007-5665 | 1 Novell | 1 Zenworks Endpoint Security Management | 2025-04-09 | N/A |
| STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security Management (ESM) 3.5, and other ESM versions before 3.5.0.82, dynamically creates scripts in a world-writable directory when generating diagnostic reports, which allows local users to gain privileges, as demonstrated by creating a cmd.exe binary in the diagnostic report directory. | ||||
| CVE-2007-5644 | 1 Lussumo | 1 Vanilla | 2025-04-09 | N/A |
| Lussumo Vanilla 1.1.3 and earlier does not require admin privileges for (1) ajax/sortcategories.php and (2) ajax/sortroles.php, which allows remote attackers to conduct unauthorized sort operations and other activities. | ||||
| CVE-2007-5597 | 1 Drupal | 1 Drupal | 2025-04-09 | N/A |
| The hook_comments API in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 does not pass publication status, which might allow attackers to bypass access restrictions and trigger e-mail with unpublished comments from some modules, as demonstrated by (1) Organic groups and (2) Subscriptions. | ||||
| CVE-2007-5587 | 2 Macrovision, Microsoft | 3 Safedisc, Windows 2003 Server, Windows Xp | 2025-04-09 | N/A |
| Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild. | ||||
| CVE-2007-5571 | 1 Cisco | 1 Firewall Services Module | 2025-04-09 | N/A |
| Cisco Firewall Services Module (FWSM) 3.1(6), and 3.2(2) and earlier, does not properly enforce edited ACLs, which might allow remote attackers to bypass intended restrictions on network traffic, aka CSCsj52536. | ||||
| CVE-2007-5493 | 1 Microsoft | 1 Windows Mobile | 2025-04-09 | N/A |
| The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows attackers to hide the sender field of an SMS message via a malformed WAP PUSH message that causes the PDU to be incorrectly decoded. | ||||
| CVE-2007-5486 | 1 Dotproject | 1 Dotproject | 2025-04-09 | N/A |
| dotProject before 2.1 does not properly check privileges when invoking the Companies module, which allows remote attackers to access this module via a crafted URL. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-5469 | 1 Openser | 1 Openser | 2025-04-09 | N/A |
| OpenSER 1.2.2 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID (aka "toll fraud and authentication forward attack"). NOTE: Debian disputes this issue, stating that "having the two URIs mismatch is allowed by the standard and happens in some setups for valid reasons. | ||||
| CVE-2007-5468 | 1 Cisco | 1 Call Manager | 2025-04-09 | N/A |
| Cisco CallManager 5.1.1.3000-5 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID (aka "toll fraud and authentication forward attack"). | ||||