Search Results (Refine Search)

Search Parameters:
There are 155,532 matching records.
Displaying matches 129,381 through 129,400.
Vuln ID Summary CVSS Severity
CVE-2007-4159

index.html in the HTTP administration interface in certain daemons in TIBCO Rendezvous (RV) 7.5.2 allows remote attackers to obtain sensitive information, such as a user name and IP addresses, via a direct request.

Published: August 03, 2007; 5:17:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-4160

The default configuration of TIBCO Rendezvous (RV) 7.5.2 clients, when -no-multicast is omitted, uses a multicast group as the destination for a network message, which might make it easier for remote attackers to capture message contents by sniffing the network.

Published: August 03, 2007; 5:17:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-4161

rvd in TIBCO Rendezvous (RV) 7.5.2, when -no-lead-wc is omitted, might allow remote attackers to cause a denial of service (network instability) via a subject name with a leading (1) '*' (asterisk) or (2) '>' (greater than) wildcard character.

Published: August 03, 2007; 5:17:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-4162

TIBCO Rendezvous (RV) 7.5.2 does not protect confidentiality or integrity of inter-daemon communication, which allows remote attackers to capture and spoof traffic.

Published: August 03, 2007; 5:17:00 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-4163

Multiple SQL injection vulnerabilities in IndexScript 2.7 and 2.8 before 20070726 allow remote attackers to execute arbitrary SQL commands via the (1) cat_id, (2) start_id, (3) row[parent_id], and (4) row[cat_id] parameters to unspecified components, related to use of these parameters within include/utils.php. NOTE: the show_cat.php cat_id vector is already covered by CVE-2007-4069.

Published: August 03, 2007; 5:17:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-2408

WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly recognize an unchecked "Enable Java" setting, which allows remote attackers to execute Java applets via a crafted web page.

Published: August 03, 2007; 4:17:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-3388

Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message.

Published: August 03, 2007; 4:17:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-3742

WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing "look-alike characters" (homographs) and possibly perform phishing attacks.

Published: August 03, 2007; 4:17:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-3743

Stack-based buffer overflow in bookmark handling in Apple Safari 3 Beta before Update 3.0.3 on Windows allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a bookmark with a long title.

Published: August 03, 2007; 4:17:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-4142

Cross-site scripting (XSS) vulnerability in IBM Lotus Sametime Server 7.5.1 before 20070731 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a crafted Sametime meeting.

Published: August 03, 2007; 4:17:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-4143

user.php in the Billing Control Panel in phpCoupon allows remote authenticated users to obtain Premium Member status, and possibly acquire free coupons, via a modified URL containing a certain billing parameter and REQ=auth, status=success, and custom=upgrade substrings, possibly related to PayPal transactions.

Published: August 03, 2007; 4:17:00 PM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2007-4144

Cross-site scripting (XSS) vulnerability in sample-forms/simple-contact-form-with-preview/simple-contact-form-with-preview.html in MitriDAT eMail Form Processor Pro allows remote attackers to inject arbitrary web script or HTML via the base_path parameter, possibly related to (1) formprocessorpro.php in the PHP version of the product, and (2) formprocessorpro.pl in the Perl version of the product.

Published: August 03, 2007; 4:17:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-4145

Heap-based buffer overflow in the BlueSkychat (BlueSkyCat) ActiveX control (V2.V2Ctrl.1) in v2.ocx 8.1.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the second argument to the ConnecttoServer method.

Published: August 03, 2007; 4:17:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-4146

Cross-site scripting (XSS) vulnerability in webevent.cgi in WebEvent 2.61 through 4.03 allows remote attackers to inject arbitrary web script or HTML via the cmd parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published: August 03, 2007; 4:17:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-4147

Multiple unspecified vulnerabilities in Interspire ArticleLive NX before 1.7.1.2 have unknown impact and attack vectors, possibly related to (1) AL_SANITIZE and (2) "Calling the constructor to make sure things are checked, safe mode, etc."

Published: August 03, 2007; 4:17:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-4148

Heap-based buffer overflow in the Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to cause a denial of service (persistent daemon crashes) or execute arbitrary code via a long filename in a "LOG." command.

Published: August 03, 2007; 4:17:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2007-4149

The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 does not require authentication for (1) the "LOG." command, which allows remote attackers to create or overwrite arbitrary files; (2) the SETTINGSFILE command, which allows remote attackers to overwrite the ini file, and reconfigure VSAOD or cause a denial of service; or (3) the UNINSTALL command, which allows remote attackers to cause a denial of service (daemon shutdown). NOTE: vector 1 can be leveraged for code execution by writing to a Startup folder.

Published: August 03, 2007; 4:17:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2007-4150

The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 uses weak cryptography (XOR) when (1) transmitting passwords, which allows remote attackers to obtain sensitive information by sniffing the network; and (2) storing passwords in the configuration file, which allows local users to obtain sensitive information by reading this file.

Published: August 03, 2007; 4:17:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2007-4151

The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to obtain sensitive information via (1) a LOG.ON command, which reveals the logging pathname in the server response; (2) a VER command, which reveals the version number in the server response; and (3) a connection, which reveals the version number in the banner.

Published: August 03, 2007; 4:17:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-4152

The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to conduct replay attacks by capturing and resending data from the DETAILS and PROCESS sections of a session that schedules an audit.

Published: August 03, 2007; 4:17:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH