Total
5458 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3912 | 1 Debian | 1 Debian-goodies | 2024-11-21 | N/A |
| checkrestart in debian-goodies before 0.34 allows local users to gain privileges via shell metacharacters in the name of the executable file for a running process. | ||||
| CVE-2007-3852 | 2 Redhat, Sysstat | 2 Enterprise Linux, Sysstat | 2024-11-21 | N/A |
| The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code. | ||||
| CVE-2007-3849 | 1 Redhat | 1 Enterprise Linux | 2024-11-21 | N/A |
| Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced Intrusion Detection Environment (AIDE) before 0.13.1 with a database that lacks checksum information, which allows context-dependent attackers to bypass file integrity checks and modify certain files. | ||||
| CVE-2007-3804 | 1 Clavister | 1 Clavister Coreplus | 2024-11-21 | N/A |
| The AntiVirus engine in the HTTP-ALG in Clavister CorePlus before 8.81.00 and 8.80.03 might allow remote attackers to bypass scanning via small files. | ||||
| CVE-2007-3782 | 2 Mysql, Redhat | 3 Community Server, Enterprise Linux, Rhel Application Stack | 2024-11-21 | N/A |
| MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table. | ||||
| CVE-2007-3740 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | N/A |
| The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges. | ||||
| CVE-2007-3532 | 2 Gentoo, Nvidia | 2 Linux, Video Driver | 2024-11-21 | N/A |
| NVIDIA drivers (nvidia-drivers) before 1.0.7185, 1.0.9639, and 100.14.11, as used in Gentoo Linux and possibly other distributions, creates /dev/nvidia* device files with insecure permissions, which allows local users to modify video card settings, cause a denial of service (crash or physical video card damage), and obtain sensitive information. | ||||
| CVE-2007-3500 | 1 Xeforum | 1 Xeforum | 2024-11-21 | N/A |
| Xeweb XEForum allows remote attackers to gain privileges via a modified xeforum cookie. | ||||
| CVE-2007-3455 | 1 Trend Micro | 1 Officescan | 2024-11-21 | N/A |
| cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to "stored decrypted user logon information." | ||||
| CVE-2007-3378 | 1 Php | 1 Php | 2024-11-21 | N/A |
| The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess. | ||||
| CVE-2007-3285 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2024-11-21 | N/A |
| Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would. | ||||
| CVE-2007-3278 | 3 Debian, Postgresql, Redhat | 4 Debian Linux, Postgresql, Enterprise Linux and 1 more | 2024-11-21 | N/A |
| PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1. | ||||
| CVE-2007-3242 | 2 Web-app.net, Web-app.org | 2 Webapp, Webapp | 2024-11-21 | N/A |
| The Menu Manager Mod for (1) web-app.net WebAPP (aka WebAPP NE) 0.9.9.3.3 through 0.9.9.8, and (2) web-app.org WebAPP before 0.9.9.6, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the titles of items in a personal menu. | ||||
| CVE-2007-3186 | 1 Apple | 1 Safari | 2024-11-21 | N/A |
| Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI. | ||||
| CVE-2007-3036 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Services For Unix and 2 more | 2024-11-21 | N/A |
| Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files." | ||||
| CVE-2007-3007 | 1 Php | 1 Php | 2024-11-21 | N/A |
| PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function. | ||||
| CVE-2007-2985 | 1 Pheap | 1 Pheap | 2024-11-21 | N/A |
| Pheap 2.0 allows remote attackers to bypass authentication by setting a pheap_login cookie value to the administrator's username, which can be used to (1) obtain sensitive information, including the administrator password, via settings.php or (2) upload and execute arbitrary PHP code via an update_doc action in edit.php. | ||||
| CVE-2007-2975 | 1 Ignite Realtime | 1 Openfire | 2024-11-21 | N/A |
| The admin console in Ignite Realtime Openfire 3.3.0 and earlier (formerly Wildfire) does not properly specify a filter mapping in web.xml, which allows remote attackers to gain privileges and execute arbitrary code by accessing functionality that is exposed through DWR, as demonstrated using the downloader. | ||||
| CVE-2007-2944 | 1 Wabcms | 1 Wabcms | 2024-11-21 | N/A |
| WabCMS 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/wabcmsn.mdb. NOTE: this issue was originally reported for "webCMS," but this was an error by an unreliable researcher. | ||||
| CVE-2007-2815 | 1 Microsoft | 1 Internet Information Services | 2024-11-21 | N/A |
| The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw. | ||||