Search Results (Refine Search)

Search Parameters:
There are 155,940 matching records.
Displaying matches 129,441 through 129,460.
Vuln ID Summary CVSS Severity
CVE-2007-4499

Unrestricted file upload vulnerability in output.php in American Financing eMail Image Upload 4.1 allows remote attackers to upload and execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published: August 23, 2007; 3:17:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-4500

Unspecified vulnerability in TunnelRunner in SSHKeychain before 0.8.2 beta, and possibly later versions, allows local users to gain privileges via unspecified vectors.

Published: August 23, 2007; 3:17:00 PM -0400
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2007-4501

Unspecified vulnerability in PassphraseRequester in SSHKeychain before 0.8.2 beta allows attackers to obtain sensitive information (passwords) via unknown vectors, related to "poor protection."

Published: August 23, 2007; 3:17:00 PM -0400
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2007-4502

SQL injection vulnerability in index.php in the BibTeX component (com_jombib) 1.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the afilter parameter.

Published: August 23, 2007; 3:17:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-4503

SQL injection vulnerability in index.php in the Nice Talk component (com_nicetalk) 0.9.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the tagid parameter.

Published: August 23, 2007; 3:17:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-4504

Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter in a files.display action.

Published: August 23, 2007; 3:17:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-4505

SQL injection vulnerability in index.php in the RemoSitory component (com_remository) for Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action.

Published: August 23, 2007; 3:17:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-4506

SQL injection vulnerability in index.php in the NeoRecruit component (com_neorecruit) 1.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an offer_view action.

Published: August 23, 2007; 3:17:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-4507

Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 allow context-dependent attackers to cause a denial of service or execute arbitrary code via long arguments to the (1) ntuser_getuserlist, (2) ntuser_getuserinfo, (3) ntuser_getusergroups, or (4) ntuser_getdomaincontroller functions.

Published: August 23, 2007; 3:17:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-4508

Stack-based buffer overflow in Rebellion Asura engine, as used for the server in Rogue Trooper 1.0 and earlier and Prism 1.1.1.0 and earlier, allows remote attackers to execute arbitrary code via a long string in a 0xf007 packet for the challenge B query.

Published: August 23, 2007; 3:17:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-4509

SQL injection vulnerability in index.php in the EventList component (com_eventlist) 0.8 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the did parameter in a details action.

Published: August 23, 2007; 3:17:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-4510

ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_normalise function in libclamav/htmlnorm.c. NOTE: some of these details are obtained from third party information.

Published: August 23, 2007; 3:17:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-4511

The Sun Admin Console in Sun Application Server 9.0_0.1 does not apply certain configuration changes persistently, which causes the (1) SSL and (2) SSL_MutualAuth ORB listener services to enable all protocols and ciphers after the services are restarted, possibly allowing remote attackers to bypass intended policy.

Published: August 23, 2007; 3:17:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-4493

eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulnerability in the discount functionality in the shop module.

Published: August 22, 2007; 9:17:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2007-4494

The tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9.3, does not limit access by anonymous users, which allows remote attackers to conduct spam attacks.

Published: August 22, 2007; 9:17:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-4495

Unspecified vulnerability in the ata disk driver in Sun Solaris 10 on the x86 platform before 20070821 allows local users to cause a denial of service (system panic) via an unspecified ioctl function, aka Bug 6433124.

Published: August 22, 2007; 9:17:00 PM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2007-4491

SQL injection vulnerability in uyeler2.php in Gurur haber 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Published: August 22, 2007; 8:17:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-4492

Multiple unspecified vulnerabilities in the ata disk driver in Sun Solaris 8, 9, and 10 on the x86 platform before 20070821 allow local users to cause a denial of service (system panic) via unspecified ioctl functions, aka Bug 6433123.

Published: August 22, 2007; 8:17:00 PM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2007-3873

Stack-based buffer overflow in vstlib32.dll 1.2.0.1012 in the SSAPI Engine 5.0.0.1066 through 5.2.0.1012 in Trend Micro AntiSpyware 3.5 and PC-Cillin Internet Security 2007 15.0 through 15.3, when the Venus Spy Trap (VST) feature is enabled, allows local users to cause a denial of service (service crash) or execute arbitrary code via a file with a long pathname, which triggers the overflow during a ReadDirectoryChangesW callback notification.

Published: August 22, 2007; 7:17:00 PM -0400
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2007-4218

Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allow remote attackers to execute arbitrary code via certain RPC requests to certain TCP ports that are processed by the (1) RPCFN_ENG_NewManualScan, (2) RPCFN_ENG_TimedNewManualScan, and (3) RPCFN_SetComputerName functions in (a) StRpcSrv.dll; the (4) RPCFN_CMON_SetSvcImpersonateUser and (5) RPCFN_OldCMON_SetSvcImpersonateUser functions in (b) Stcommon.dll; the (6) RPCFN_ENG_TakeActionOnAFile and (7) RPCFN_ENG_AddTaskExportLogItem functions in (c) Eng50.dll; the (8) NTF_SetPagerNotifyConfig function in (d) Notification.dll; or the (9) RPCFN_CopyAUSrc function in the (e) ServerProtect Agent service.

Published: August 22, 2007; 7:17:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH