Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:microsoft:windows_xp:-:gold:tablet_pc:*:*:*:*:*
  • CPE Name Search: true
There are 234 matching records.
Displaying matches 161 through 180.
Vuln ID Summary CVSS Severity
CVE-2007-1945

Unspecified vulnerability in the Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) before 6.1.0.7 has unknown impact and attack vectors.

Published: April 10, 2007; 9:19:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-1912

Heap-based buffer overflow in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file.

Published: April 10, 2007; 7:19:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-1727

Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, 7.50, and 7.51 allows remote authenticated users to access certain privileged "facilities" via unspecified vectors.

Published: March 28, 2007; 6:19:00 AM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2007-1531

Microsoft Windows XP and Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host.

Published: March 20, 2007; 4:19:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-1499

Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability."

Published: March 17, 2007; 6:19:00 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-1492

winmm.dll in Microsoft Windows XP allows user-assisted remote attackers to cause a denial of service (infinite loop) via a large cch argument value to the mmioRead function, as demonstrated by a crafted WAV file.

Published: March 16, 2007; 6:19:00 PM -0400
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2007-1090

Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder.

Published: February 26, 2007; 6:28:00 AM -0500
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2007-1086

Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allow local users to create or modify arbitrary files via unspecified environment variables related to "unsafe file access."

Published: February 23, 2007; 5:28:00 PM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2007-1089

IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1 allows local users with table SELECT privileges to perform unauthorized UPDATE and DELETE SQL commands via unknown vectors.

Published: February 23, 2007; 5:28:00 PM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2006-7030

Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed HTML, possibly involving applet and base tags without required arguments, which triggers a null pointer dereference in mshtml.dll.

Published: February 22, 2007; 10:28:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-7031

Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an "unhandled exception" in mshtml.dll.

Published: February 22, 2007; 10:28:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-7034

SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter.

Published: February 22, 2007; 10:28:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-7037

Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to (1) bypass password protection by replacing the password field with a hash of a known password, (2) modify timestamps to avoid detection of modifications, (3) remove locks by removing the "is-locked" attribute, and (4) view locked data, which is stored in plaintext.

Published: February 22, 2007; 10:28:00 PM -0500
V3.x:(not available)
V2.0: 4.4 MEDIUM
CVE-2006-7039

The IMAP4 service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a message with a long subject field.

Published: February 22, 2007; 10:28:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-0843

The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.

Published: February 22, 2007; 9:28:00 PM -0500
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2007-1043

Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.

Published: February 21, 2007; 12:28:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-1070

Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll.

Published: February 21, 2007; 6:28:00 AM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2006-6797

The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than CVE-2006-6696.

Published: December 28, 2006; 10:28:00 AM -0500
V3.x:(not available)
V2.0: 6.6 MEDIUM
CVE-2006-6601

Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a .MID (MIDI) file with a malformed header chunk without any track chunks, possibly involving (1) number of tracks of (2) time division fields that are set to 0.

Published: December 15, 2006; 5:28:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-6261

Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) M3u or (2) M3u-8 file; or a (3) crafted PLS file with a long value in the (a) NumberofEntries, (b) Length (aka Length1), (c) Filename (aka File1), (d) Title (aka Title1) field, or other unspecified fields.

Published: December 04, 2006; 6:28:00 AM -0500
V3.x:(not available)
V2.0: 9.3 HIGH