Max CVSS 10.0 Min CVSS 2.1 Total Count62
IDCVSSSummaryLast (major) updatePublished
CVE-2006-6942 6.8
Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b)
21-11-2016 - 09:17 18-01-2007 - 21:28
CVE-2007-4752 7.5
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted
08-08-2014 - 16:37 11-09-2007 - 21:17
CVE-2007-1862 5.0
The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentiall
10-10-2013 - 22:33 04-06-2007 - 19:30
CVE-2007-3847 5.0
The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffe
17-07-2013 - 11:25 23-08-2007 - 18:17
CVE-2006-5752 4.3
Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML vi
17-07-2013 - 11:01 27-06-2007 - 13:30
CVE-2007-3851 6.0
The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a
13-07-2013 - 02:04 13-08-2007 - 15:17
CVE-2007-3806 6.8
The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platform
05-11-2012 - 22:43 16-07-2007 - 20:30
CVE-2007-2878 4.9
The VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run on a 64-bit system, allow local users to corrupt a kernel_dirent struct and cause a denial of service (system crash) via unknown vectors.
05-11-2012 - 22:40 29-05-2007 - 16:30
CVE-2007-1799 6.4
Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.3 only checks for the ".." string, which allows remote attackers to overwrite arbitrary files via modified ".." sequences in a torrent filename, as demonstrated by "../" sequence
05-11-2012 - 22:36 02-04-2007 - 18:19
CVE-2007-3304 4.7
Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the m
30-10-2012 - 22:38 20-06-2007 - 18:30
CVE-2007-3303 4.9
Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creati
30-10-2012 - 22:38 20-06-2007 - 18:30
CVE-2007-3193 10.0
lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, might allow remote attackers to bypass authentication via an empty password, which causes ldap_bind to return true when used with certai
30-10-2012 - 22:37 12-06-2007 - 19:30
CVE-2007-3191 9.4
Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to obtain configuration information via a direct request to admin/adm/test.php, which calls the phpinfo function.
30-10-2012 - 22:37 12-06-2007 - 19:30
CVE-2007-2951 9.3
The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc 3.2.0 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an (1) irc:// or (2) irc6:// URI.
30-10-2012 - 22:36 26-06-2007 - 14:30
CVE-2007-2876 6.1
The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, allows remote attackers to cause a denial of service by causing certain invalid
30-10-2012 - 22:36 11-06-2007 - 19:30
CVE-2007-2875 2.1
Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading th
30-10-2012 - 22:36 11-06-2007 - 18:30
CVE-2007-2872 6.8
Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments.
30-10-2012 - 22:36 04-06-2007 - 13:30
CVE-2007-1863 5.0
cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with
30-10-2012 - 22:32 27-06-2007 - 13:30
CVE-2007-3819 5.0
Opera 9.21 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed.
29-10-2012 - 22:53 16-07-2007 - 21:30
CVE-2007-0242 4.3
The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences t
18-06-2012 - 22:27 03-04-2007 - 12:19
CVE-2007-3142 5.8
Visual truncation vulnerability in Opera 9.21 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after 34 characters, as demonstrated by a phishing attack using HTTP Basic Au
08-06-2012 - 00:00 11-06-2007 - 14:30
CVE-2007-3740 4.4
The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges.
19-03-2012 - 00:00 13-09-2007 - 21:17
CVE-2007-4652 4.4
The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.
23-08-2011 - 00:00 04-09-2007 - 15:17
CVE-2007-4658 7.5
The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.
20-06-2011 - 00:00 04-09-2007 - 18:17
CVE-2007-4966 6.8
SQL injection vulnerability in www/people/editprofile.php in GForge 4.6b2 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_delete[] parameter.
07-03-2011 - 21:59 18-09-2007 - 18:17
CVE-2007-4743 10.0
The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check th
07-03-2011 - 21:59 06-09-2007 - 18:17
CVE-2007-4730 4.3
Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap
07-03-2011 - 21:59 11-09-2007 - 15:17
CVE-2007-4727 6.8
Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long
07-03-2011 - 21:59 12-09-2007 - 15:17
CVE-2007-4663 7.5
Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function.
07-03-2011 - 21:58 04-09-2007 - 18:17
CVE-2007-4662 7.5
Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors.
07-03-2011 - 21:58 04-09-2007 - 18:17
CVE-2007-4660 7.5
Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation.
07-03-2011 - 21:58 04-09-2007 - 18:17
CVE-2007-4659 7.5
The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors.
07-03-2011 - 21:58 04-09-2007 - 18:17
CVE-2007-4657 7.5
Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn func
07-03-2011 - 21:58 04-09-2007 - 18:17
CVE-2007-4565 5.0
sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.
07-03-2011 - 21:58 27-08-2007 - 21:17
CVE-2007-4465 4.3
Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using t
07-03-2011 - 21:58 13-09-2007 - 20:17
CVE-2007-4367 9.3
Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a "virtual function call on an invalid pointer."
07-03-2011 - 21:58 15-08-2007 - 19:17
CVE-2007-4337 5.8
Multiple buffer overflows in the httplib_parse_sc_header function in lib/http.c in Streamripper before 1.62.2 allow remote attackers to execute arbitrary code via long (1) Location and (2) Server HTTP headers, a different vulnerability than CVE-2006-
07-03-2011 - 21:58 14-08-2007 - 14:17
CVE-2007-4138 6.9
The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for
07-03-2011 - 21:57 13-09-2007 - 21:17
CVE-2007-4137 7.5
Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error
07-03-2011 - 21:57 18-09-2007 - 15:17
CVE-2007-4000 8.5
The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow
07-03-2011 - 21:57 05-09-2007 - 06:17
CVE-2007-3998 5.0
The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certai
07-03-2011 - 21:57 04-09-2007 - 14:17
CVE-2007-3997 7.5
The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.
07-03-2011 - 21:57 04-09-2007 - 14:17
CVE-2007-3996 6.8
Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a la
07-03-2011 - 21:57 04-09-2007 - 14:17
CVE-2007-3929 9.3
Use-after-free vulnerability in the BitTorrent support in Opera before 9.22 allows user-assisted remote attackers to execute arbitrary code via a crafted header in a torrent file, which leaves a dangling pointer to an invalid object.
07-03-2011 - 21:57 20-07-2007 - 20:30
CVE-2007-2245 6.8
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the fieldkey parameter to browse_foreigners.php or (2) certain input to the PMA_sanitize function.
07-03-2011 - 21:53 25-04-2007 - 12:19
CVE-2007-2024 6.8
Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.x allows remote attackers to upload arbitrary PHP files with a (1) php3, (2) php4, or (3) php5 extension.
07-03-2011 - 21:53 13-04-2007 - 14:19
CVE-2007-1688 9.3
Buffer overflow in the PhPInfo ActiveX control in PhPCtrl.dll in Callisto PhotoParade Player allows remote attackers to execute arbitrary code via the FileVersionof property.
07-03-2011 - 21:52 13-09-2007 - 20:17
CVE-2007-1325 7.1
The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array
07-03-2011 - 21:51 07-03-2007 - 16:19
CVE-2006-6944 7.5
phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers.
07-03-2011 - 21:47 18-01-2007 - 21:28
CVE-2007-3999 10.0
Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third
07-03-2011 - 00:00 05-09-2007 - 06:17
CVE-2007-3378 6.8
The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execu
07-03-2011 - 00:00 29-06-2007 - 14:30
CVE-2007-1217 6.9
Buffer overflow in the bufprint function in capiutil.c in libcapi, as used in Linux kernel 2.6.9 to 2.6.20 and isdn4k-utils, allows local users to cause a denial of service (crash) and possibly gain privileges via a crafted CAPI packet.
30-11-2010 - 01:01 02-03-2007 - 16:18
CVE-2007-4670 5.0
Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285.
21-08-2010 - 01:10 04-09-2007 - 20:17
CVE-2007-3843 4.3
The Linux kernel before 2.6.23-rc1 checks the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing
21-08-2010 - 01:08 09-08-2007 - 17:17
CVE-2007-3739 4.7
mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not prevent stack expansion from entering into reserved kernel page memory, which allows local users to cause a denial of service (OOPS) via unspecified vectors.
21-08-2010 - 01:08 13-09-2007 - 21:17
CVE-2007-1395 4.3
Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an
13-11-2008 - 01:34 10-03-2007 - 17:19
CVE-2007-4909 9.3
Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by
05-09-2008 - 17:29 17-09-2007 - 13:17
CVE-2007-4661 7.5
The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting
05-09-2008 - 17:28 04-09-2007 - 18:17
CVE-2007-4460 7.2
The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) 3.8.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file whose name is constructed from the name of a file being tagged.
05-09-2008 - 17:28 21-08-2007 - 17:17
CVE-2007-3913 7.5
SQL injection vulnerability in Gforge before 3.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
05-09-2008 - 17:26 06-09-2007 - 18:17
CVE-2007-2025 7.5
Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being
05-09-2008 - 17:22 13-04-2007 - 14:19
CVE-2007-1743 4.4
suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the
05-09-2008 - 17:21 13-04-2007 - 13:19
Back to Top Mark selected
Back to Top