Total
5481 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-6334 | 2 Ingres, Microsoft | 2 Ingres, Windows Nt | 2025-04-09 | N/A |
| Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges. | ||||
| CVE-2007-6174 | 1 Phpdevshell | 1 Phpdevshell | 2025-04-09 | N/A |
| PHPDevShell before 0.7.0 allows remote authenticated users to gain privileges via a crafted request to update a user profile. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-6496 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-09 | N/A |
| Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to register arbitrary users via a request to hosting/addsubsite.asp with the loginname and password parameters set, when preceded by certain requests to hosting/default.asp and hosting/selectdomain.asp, a related issue to CVE-2005-1654. | ||||
| CVE-2006-5909 | 1 Paul Tarjan | 1 Stanford Conference And Research Forum | 2025-04-09 | N/A |
| generaloptions.php in Paul Tarjan Stanford Conference And Research Forum (SCARF) before 20070227 does not require the admin privilege, which allows remote attackers to reconfigure the application or its user accounts. | ||||
| CVE-2003-1571 | 1 Webwizguide | 1 Web Wiz Guestbook | 2025-04-09 | N/A |
| Web Wiz Guestbook 6.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for database/WWGguestbook.mdb. NOTE: it was later reported that 8.21 is also affected. | ||||
| CVE-2007-5827 | 2 Debian, Iscsitarget | 2 Debian Linux, Iscsitarget | 2025-04-09 | N/A |
| iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for /etc/ietd.conf, which allows local users to obtain passwords. | ||||
| CVE-2007-5787 | 1 Phptoys | 1 Micro Login System | 2025-04-09 | N/A |
| Micro Login System 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a password via a direct request for userpwd.txt. | ||||
| CVE-2007-5735 | 1 Efileman | 1 Efileman | 2025-04-09 | N/A |
| eFileMan 7.1.0.87-88 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain unspecified user information via a direct request for cgi-bin/efileman/efileman_config.pm. | ||||
| CVE-2007-5493 | 1 Microsoft | 1 Windows Mobile | 2025-04-09 | N/A |
| The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows attackers to hide the sender field of an SMS message via a malformed WAP PUSH message that causes the PDU to be incorrectly decoded. | ||||
| CVE-2007-5442 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-09 | N/A |
| CMS Made Simple 1.1.3.1 does not check the permissions assigned to users who attempt uploads, which allows remote authenticated users to upload unspecified files via unknown vectors. | ||||
| CVE-2008-3872 | 2 Adobe, Redhat | 2 Flash Player, Rhel Extras | 2025-04-09 | N/A |
| Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to 9.0.115.0, allows remote attackers to bypass the allowScriptAccess parameter setting via a crafted SWF file with unspecified "Filter evasion" manipulations. | ||||
| CVE-2007-6167 | 1 Suse | 1 Suse Linux | 2025-04-09 | N/A |
| Untrusted search path vulnerability in yast2-core in SUSE Linux might allow local users to execute arbitrary code by creating a malicious yast2 module in the current working directory. | ||||
| CVE-2007-5159 | 3 Ntfs-3g, Redhat, Ubuntu | 3 Ntfs-3g, Fedora, Ubuntu Linux | 2025-04-09 | N/A |
| The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g package in Ubuntu 7.10/Gutsy, assign incorrect permissions (setuid root) to mount.ntfs-3g, which allows local users with fuse group membership to read from and write to arbitrary block devices, possibly involving a file descriptor leak. | ||||
| CVE-2007-4909 | 1 Winscp | 1 Winscp | 2025-04-09 | N/A |
| Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP. NOTE: this is related to an incomplete fix for CVE-2006-3015. | ||||
| CVE-2007-4740 | 1 Telecom Italy | 1 Alice Messenger | 2025-04-09 | N/A |
| The HPRevolutionRegistryManager ActiveX control in Hp.Revolution.RegistryManager.dll 1 in Telecom Italy Alice Messenger allows remote attackers to create registry keys and values via the arguments to the WriteRegistry method. | ||||
| CVE-2007-4669 | 1 Firebirdsql | 1 Firebird | 2025-04-09 | N/A |
| The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log (firebird.log), aka CORE-1148. | ||||
| CVE-2008-7128 | 1 Xyssl | 1 Xyssl | 2025-04-09 | N/A |
| The ssl_parse_client_key_exchange function in XySSL before 0.9 does not protect against certain Bleichenbacher attacks using chosen ciphertext, which allows remote attackers to recover keys via unspecified vectors. | ||||
| CVE-2007-6690 | 1 Menalto | 1 Gallery | 2025-04-09 | N/A |
| The Gallery Remote module in Menalto Gallery before 2.2.4 does not check permissions for unspecified GR commands, which has unknown impact and attack vectors. | ||||
| CVE-2007-4651 | 1 Adobe | 1 Connect Enterprise Server | 2025-04-09 | N/A |
| Unspecified vulnerability in Adobe Connect Enterprise Server 6 allows remote attackers to read certain pages that are restricted to the administrator via unknown vectors. | ||||
| CVE-2007-4614 | 1 Bea | 1 Weblogic Server | 2025-04-09 | N/A |
| BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log to temporarily unavailable managed servers, which might allow attackers to bypass intended restrictions, a different vulnerability than CVE-2007-0426. | ||||