Max CVSS 10.0 Min CVSS 1.5 Total Count62
IDCVSSSummaryLast (major) updatePublished
CVE-2007-4091 6.8
Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function.
06-01-2017 - 21:59 15-08-2007 - 20:17
CVE-2007-2756 4.3
The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng.
05-11-2012 - 22:39 18-05-2007 - 14:30
CVE-2007-2728 4.3
The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-2727.
05-11-2012 - 22:39 16-05-2007 - 18:30
CVE-2007-2727 2.6
The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), whi
05-11-2012 - 22:39 16-05-2007 - 18:30
CVE-2007-3820 2.6
konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed.
30-10-2012 - 22:39 16-07-2007 - 21:30
CVE-2007-3799 4.3
The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the sessio
30-10-2012 - 22:39 16-07-2007 - 18:30
CVE-2007-3507 9.3
Stack-based buffer overflow in the local__vcentry_parse_value function in vorbiscomment.c in flac123 (aka flac-tools or flac) before 0.0.10 allows user-assisted remote attackers to execute arbitrary code via a large comment value_length.
30-10-2012 - 22:38 02-07-2007 - 15:30
CVE-2007-3477 5.0
The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value.
30-10-2012 - 22:38 28-06-2007 - 14:30
CVE-2007-3476 4.3
Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a se
30-10-2012 - 22:38 28-06-2007 - 14:30
CVE-2007-3474 2.6
Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 have unspecified impact and user-assisted remote attack vectors.
30-10-2012 - 22:38 28-06-2007 - 14:30
CVE-2007-3473 4.3
The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure.
30-10-2012 - 22:38 28-06-2007 - 14:30
CVE-2007-3472 4.3
Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact.
30-10-2012 - 22:38 28-06-2007 - 14:30
CVE-2007-3410 9.3
Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 through 10.0.8, allo
30-10-2012 - 22:38 26-06-2007 - 18:30
CVE-2007-3372 2.1
The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of service (exit) via empty TXT data over D-Bus, which triggers an assert error.
30-10-2012 - 22:38 22-06-2007 - 17:30
CVE-2007-3193 10.0
lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, might allow remote attackers to bypass authentication via an empty password, which causes ldap_bind to return true when used with certai
30-10-2012 - 22:37 12-06-2007 - 19:30
CVE-2007-2872 6.8
Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments.
30-10-2012 - 22:36 04-06-2007 - 13:30
CVE-2007-2748 4.3
The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375.
30-10-2012 - 22:36 17-05-2007 - 16:30
CVE-2007-0242 4.3
The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences t
18-06-2012 - 22:27 03-04-2007 - 12:19
CVE-2007-3106 6.8
lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid (1) blocksize_0 and (2) blocksize_1 values, which trigger a "heap
11-10-2011 - 00:00 26-07-2007 - 17:30
CVE-2007-2834 9.3
Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which
11-10-2011 - 00:00 18-09-2007 - 17:17
CVE-2007-4658 7.5
The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.
20-06-2011 - 00:00 04-09-2007 - 18:17
CVE-2007-3381 1.5
The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of
07-04-2011 - 00:00 07-08-2007 - 06:17
CVE-2007-5056 6.8
Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequ
07-03-2011 - 22:00 24-09-2007 - 18:17
CVE-2007-5046 4.3
Cross-site scripting (XSS) vulnerability in the Webmail interface for IceWarp Merak Mail Server before 9.0.0 allows remote attackers to inject arbitrary JavaScript via a javascript: URI in an attribute of an element in an email message body, as demon
07-03-2011 - 21:59 23-09-2007 - 20:17
CVE-2007-4977 3.5
Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter.
07-03-2011 - 21:59 19-09-2007 - 14:17
CVE-2007-4976 6.5
Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the log parameter.
07-03-2011 - 21:59 19-09-2007 - 14:17
CVE-2007-4894 7.5
Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XM
07-03-2011 - 21:59 14-09-2007 - 14:17
CVE-2007-4828 4.3
Cross-site scripting (XSS) vulnerability in the API pretty-printing mode in MediaWiki 1.8.0 through 1.8.4, 1.9.0 through 1.9.3, 1.10.0 through 1.10.1, and the 1.11 development versions before 1.11.0 allows remote attackers to inject arbitrary web scr
07-03-2011 - 21:59 12-09-2007 - 15:17
CVE-2007-4730 4.3
Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap
07-03-2011 - 21:59 11-09-2007 - 15:17
CVE-2007-4569 6.8
backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors.
07-03-2011 - 21:58 21-09-2007 - 15:17
CVE-2007-4565 5.0
sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.
07-03-2011 - 21:58 27-08-2007 - 21:17
CVE-2007-4560 7.6
clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."
07-03-2011 - 21:58 27-08-2007 - 21:17
CVE-2007-4543 4.3
Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla 2.17.1 through 2.20.4, 2.22.x before 2.22.3, and 3.x before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the buildid field in the "guided form."
07-03-2011 - 21:58 27-08-2007 - 17:17
CVE-2007-4539 5.0
The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote attackers to obtain sensitive information via certain XML-RPC requests, as demonstrated by the
07-03-2011 - 21:58 27-08-2007 - 17:17
CVE-2007-4538 5.0
email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers to execute arbitrary commands via the -f (From address) option to the Email::Send::Sendmail function, probably involving shell metacharacters.
07-03-2011 - 21:58 27-08-2007 - 17:17
CVE-2007-4510 4.3
ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function
07-03-2011 - 21:58 23-08-2007 - 15:17
CVE-2007-4225 6.8
Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion.
07-03-2011 - 21:58 08-08-2007 - 17:17
CVE-2007-4224 4.3
KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property.
07-03-2011 - 21:58 08-08-2007 - 17:17
CVE-2007-4138 6.9
The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for
07-03-2011 - 21:57 13-09-2007 - 21:17
CVE-2007-4137 7.5
Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error
07-03-2011 - 21:57 18-09-2007 - 15:17
CVE-2007-4131 6.8
Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
07-03-2011 - 21:57 24-08-2007 - 20:17
CVE-2007-4029 6.8
libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) inva
07-03-2011 - 21:57 26-07-2007 - 18:30
CVE-2007-3998 5.0
The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certai
07-03-2011 - 21:57 04-09-2007 - 14:17
CVE-2007-3996 6.8
Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a la
07-03-2011 - 21:57 04-09-2007 - 14:17
CVE-2007-3478 4.3
Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TT
07-03-2011 - 21:56 28-06-2007 - 14:30
CVE-2007-3388 6.8
Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote at
07-03-2011 - 21:56 03-08-2007 - 16:17
CVE-2007-1900 5.0
CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression
07-03-2011 - 21:53 10-04-2007 - 14:19
CVE-2007-1788 6.8
Flyspray 0.9.9, when output_buffering is disabled or "set to a low value," allows remote attackers to bypass authentication via a crafted post request.
07-03-2011 - 21:52 31-03-2007 - 06:19
CVE-2007-1399 10.0
Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from
07-03-2011 - 21:52 10-03-2007 - 17:19
CVE-2006-7196 4.3
Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via
07-03-2011 - 21:48 09-05-2007 - 20:19
CVE-2006-4965 5.0
Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources
07-03-2011 - 21:42 24-09-2006 - 20:07
CVE-2007-3999 10.0
Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third
07-03-2011 - 00:00 05-09-2007 - 06:17
CVE-2007-3387 6.8
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute
07-03-2011 - 00:00 30-07-2007 - 19:17
CVE-2007-3475 4.3
The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map.
19-01-2011 - 01:16 28-06-2007 - 14:30
CVE-2007-4670 5.0
Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285.
21-08-2010 - 01:10 04-09-2007 - 20:17
CVE-2007-4066 4.3
Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 132
21-08-2010 - 01:09 21-09-2007 - 15:17
CVE-2007-4065 4.3
lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted OGG file, aka trac Changeset 13217.
21-08-2010 - 01:09 21-09-2007 - 15:17
CVE-2007-2807 6.8
Stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop 1.6.18, and possibly earlier, allows user-assisted, remote IRC servers to execute arbitrary code via a long private message.
10-07-2009 - 01:05 22-05-2007 - 15:30
CVE-2007-5057 10.0
NetSupport Manager Client before 10.20.0004 allows remote attackers to bypass the (1) basic and (2) authentication schemes by spoofing the NetSupport Manager.
05-09-2008 - 17:29 24-09-2007 - 18:17
CVE-2007-4462 3.3
lib/Locale/Po4a/Po.pm in po4a before 0.32 allows local users to overwrite arbitrary files via a symlink attack on the gettextization.failed.po temporary file.
05-09-2008 - 17:28 21-08-2007 - 17:17
CVE-2007-4460 7.2
The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) 3.8.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file whose name is constructed from the name of a file being tagged.
05-09-2008 - 17:28 21-08-2007 - 17:17
CVE-2007-1375 5.0
Integer overflow in the substr_compare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991.
05-09-2008 - 17:20 09-03-2007 - 19:19
Back to Top Mark selected
Back to Top