Search Results (Refine Search)

Search Parameters:
There are 153,882 matching records.
Displaying matches 129,401 through 129,420.
Vuln ID Summary CVSS Severity
CVE-2007-2496

The WordOCX ActiveX control in WordViewer.ocx 3.2.0.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) GotoPage, (6) Save, (7) SaveWebFile, (8) HttpDownloadFile, (9) Open, (10) OpenWebFile, (11) SaveAs, or (12) ShowWordStandardDialog property value.

Published: May 03, 2007; 8:19:00 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-2497

RealNetworks RealPlayer 10 Gold allows remote attackers to cause a denial of service (memory consumption) via a certain .ra file. NOTE: this issue was referred to as a "memory leak," but it is not clear if this is correct.

Published: May 03, 2007; 8:19:00 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-2498

libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary code via a certain .MP4 file. NOTE: some of these details are obtained from third party information.

Published: May 03, 2007; 8:19:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-2499

Multiple cross-site scripting (XSS) vulnerabilities in DVDdb 0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the movieid parameter to loan.php or (2) the s parameter to listmovies.php.

Published: May 03, 2007; 8:19:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-2500

server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an arbitrary address, probably resultant from a buffer overflow.

Published: May 03, 2007; 8:19:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2007-2489

Heap-based buffer overflow in LiveData Protocol Server 5.00.045, and other versions before update 500062 (5.00.062), allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted request for a WSDL file that causes a negative length to be used in a strncpy call.

Published: May 03, 2007; 7:19:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2007-2490

Unspecified vulnerability in LiveData Server before 5.00.62 allows remote attackers to cause a denial of service (exit) via crafted Connection-Oriented Transport Protocol (COTP) packets.

Published: May 03, 2007; 7:19:00 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-2480

The _udp_lib_get_port function in net/ipv4/udp.c in Linux kernel 2.6.21 and earlier does not prevent a bind to a port with a local address when there is already a bind to that port with a wildcard local address, which might allow local users to intercept local traffic for daemons or other applications.

Published: May 03, 2007; 1:19:00 PM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2007-2481

PHP remote file inclusion vulnerability in wordtube-button.php in the wordTube 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter.

Published: May 03, 2007; 1:19:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-2482

Directory traversal vulnerability in wordtube-button.php in the wordTube 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the wpPATH parameter.

Published: May 03, 2007; 1:19:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-2483

Directory traversal vulnerability in js/wptable-button.php in the wp-Table 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the wpPATH parameter.

Published: May 03, 2007; 1:19:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-2484

PHP remote file inclusion vulnerability in js/wptable-button.php in the wp-Table 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter.

Published: May 03, 2007; 1:19:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-2485

PHP remote file inclusion vulnerability in myflash-button.php in the myflash 1.00 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter.

Published: May 03, 2007; 1:19:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-2486

Directory traversal vulnerability in download.asp in Motobit 1.3 and 1.5 (aka PStruh-CZ) allows remote attackers to read arbitrary files via a .. (dot dot) in the File parameter.

Published: May 03, 2007; 1:19:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-2487

Stack-based buffer overflow in AtomixMP3 allows remote attackers to execute arbitrary code via a long filename in an MP3 file, a different vector than CVE-2006-6287.

Published: May 03, 2007; 1:19:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-2477

** DISPUTED ** PHP remote file inclusion vulnerability in phpMyChat.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the {ChatPath} parameter. NOTE: this has been disputed by multiple third parties and CVE because $ChatPath is set to a constant value.

Published: May 02, 2007; 8:19:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-2478

Multiple heap-based buffer overflows in the IRC component in Cerulean Studios Trillian Pro before 3.1.5.1 allow remote attackers to corrupt memory and possibly execute arbitrary code via (1) a URL with a long UTF-8 string, which triggers the overflow when the user highlights it, or (2) a font HTML tag with a face attribute containing a long UTF-8 string.

Published: May 02, 2007; 8:19:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-2479

Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a server message to be sent to the attacker.

Published: May 02, 2007; 8:19:00 PM -0400
V3.0: 5.9 MEDIUM
V2.0: 7.1 HIGH
CVE-2007-2469

SQL injection vulnerability in index.php in FileRun 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the fid parameter.

Published: May 02, 2007; 7:19:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-2470

Multiple cross-site scripting (XSS) vulnerabilities in index.php in FileRun 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) module, or (3) section parameter.

Published: May 02, 2007; 7:19:00 PM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM