U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
There are 168,605 matching records.
Displaying matches 145,561 through 145,580.
Vuln ID Summary CVSS Severity
CVE-2007-0777

The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption.

Published: February 26, 2007; 2:28:00 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-0995

Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions.

Published: February 26, 2007; 2:28:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-1092

Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects.

Published: February 26, 2007; 12:28:00 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-1093

Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager (NNM) before 07-10-05, and before 08-00-02 in the 08-x series, allow remote attackers to execute arbitrary code, cause a denial of service, or trigger invalid Web utility behavior.

Published: February 26, 2007; 12:28:00 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2007-1094

Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (NULL dereference and application crash) via JavaScript onUnload handlers that modify the structure of a document.

Published: February 26, 2007; 12:28:00 PM -0500
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-1095

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.

Published: February 26, 2007; 12:28:00 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-1096

Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart before 20070116 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue might overlap CVE-2007-0376.

Published: February 26, 2007; 12:28:00 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-1097

Unrestricted file upload vulnerability in the onAttachFiles function in the upload tool (inc/lib/attachment.lib.php) in Wiclear before 0.11.1 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to filename validation. NOTE: some details were obtained from third party information.

Published: February 26, 2007; 12:28:00 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2007-1098

Multiple unspecified vulnerabilities in ScryMUD before 2.1.11 have unknown impact and attack vectors, possibly related to denial of service caused by a search that begins with a .* sequence.

Published: February 26, 2007; 12:28:00 PM -0500
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-1099

dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which might allow remote attackers to conduct man-in-the-middle attacks.

Published: February 26, 2007; 12:28:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-1100

Directory traversal vulnerability in download.php in Ahmet Sacan Pickle before 20070301 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

Published: February 26, 2007; 12:28:00 PM -0500
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-1101

Multiple cross-site scripting (XSS) vulnerabilities in Photostand 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) message ("comment") or (2) name field, or the (3) q parameter in a search action in index.php.

Published: February 26, 2007; 12:28:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-1102

Photostand 1.2.0 allows remote attackers to obtain sensitive information via a ' (quote) character in (1) a PHPSESSID cookie or (2) the id parameter in an article action in index.php, which reveal the path in various error messages.

Published: February 26, 2007; 12:28:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-1103

Tor does not verify a node's uptime and bandwidth advertisements, which allows remote attackers who operate a low resource node to make false claims of greater resources, which places the node into use for many circuits and compromises the anonymity of traffic sources and destinations.

Published: February 26, 2007; 12:28:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-1104

PHP remote file inclusion vulnerability in top.php in PHP Module Implementation (PHP-MIP) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the laypath parameter.

Published: February 26, 2007; 12:28:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-1105

PHP remote file inclusion vulnerability in functions.php in Extreme phpBB (aka phpBB Extreme) 3.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

Published: February 26, 2007; 12:28:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-1106

PHP remote file inclusion vulnerability in includes/functions_nomoketos_rules.php in the NoMoKeTos Rules 0.0.1 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

Published: February 26, 2007; 12:28:00 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-1107

SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using similar cookies.

Published: February 26, 2007; 12:28:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-1108

PHP remote file inclusion vulnerability in index.php in Christian Schneider CS-Gallery 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the album parameter during a securealbum todo action.

Published: February 26, 2007; 12:28:00 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-1109

Multiple cross-site scripting (XSS) vulnerabilities in Phpwebgallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) login or (2) mail_address field in Register.php, or the (3) search_author, (4) mode, (5) start_year, (6) end_year, or (7) date_type field in Search.php, a different vulnerability than CVE-2006-1674. NOTE: 1.6.2 and other versions might also be affected.

Published: February 26, 2007; 12:28:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM