Max CVSS 10.0 Min CVSS 3.6 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2007-6077 6.8
The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes cookie_only to be applied only to the first i
08-08-2019 - 15:42 21-11-2007 - 21:46
CVE-2007-5398 9.3
Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requ
30-10-2018 - 16:25 16-11-2007 - 18:46
CVE-2007-4572 9.3
Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon se
30-10-2018 - 16:25 16-11-2007 - 18:46
CVE-2007-1662 5.0
Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving for
16-10-2018 - 16:39 07-11-2007 - 23:46
CVE-2007-1661 6.4
Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denia
16-10-2018 - 16:39 07-11-2007 - 23:46
CVE-2007-1660 6.8
Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service
16-10-2018 - 16:39 07-11-2007 - 23:46
CVE-2007-1659 6.8
Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes.
16-10-2018 - 16:39 07-11-2007 - 23:46
CVE-2007-5863 9.3
Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" op
15-10-2018 - 21:46 19-12-2007 - 21:46
CVE-2007-5848 7.2
Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service.
15-10-2018 - 21:46 19-12-2007 - 21:46
CVE-2007-4965 5.8
Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) t
15-10-2018 - 21:39 18-09-2007 - 22:17
CVE-2007-4768 6.8
Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly opt
15-10-2018 - 21:37 07-11-2007 - 23:46
CVE-2007-4767 5.0
Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \p sequence, (2) a \P sequence, or (3) a \P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop o
15-10-2018 - 21:37 07-11-2007 - 23:46
CVE-2007-4766 7.5
Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via unspecified escape (backslash) sequences.
15-10-2018 - 21:37 07-11-2007 - 23:46
CVE-2007-4131 6.8
Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
15-10-2018 - 21:33 25-08-2007 - 00:17
CVE-2007-3798 6.8
Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.
15-10-2018 - 21:30 16-07-2007 - 22:30
CVE-2006-0024 5.1
Multiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 and earlier allow remote attackers to execute arbitrary code via a crafted SWF file.
12-10-2018 - 21:38 15-03-2006 - 16:06
CVE-2007-4351 10.0
Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-ba
03-10-2018 - 21:47 31-10-2007 - 22:46
CVE-2007-1218 6.8
Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. NOTE: this was originally re
11-10-2017 - 01:31 02-03-2007 - 21:18
CVE-2007-5770 5.0
The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which mak
29-09-2017 - 01:29 14-11-2007 - 01:46
CVE-2007-3876 6.6
Stack-based buffer overflow in SMB in Apple Mac OS X 10.4.11 allows local users to execute arbitrary code via (1) a long workgroup (-W) option to mount_smbfs or (2) an unspecified manipulation of the command line to smbutil.
29-09-2017 - 01:29 19-12-2007 - 21:46
CVE-2007-5861 6.8
Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted .XLS file that triggers memory corruption in the Microsoft
29-07-2017 - 01:33 19-12-2007 - 21:46
CVE-2007-5860 7.2
Unspecified vulnerability in Spin Tracer in Apple Mac OS X 10.5.1 allows local users to execute arbitrary code via unspecified output files, involving an "insecure file operation."
29-07-2017 - 01:33 19-12-2007 - 21:46
CVE-2007-5859 9.3
Unspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted feed: URL that triggers memory corruption.
29-07-2017 - 01:33 19-12-2007 - 21:46
CVE-2007-5858 4.3
WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) atta
29-07-2017 - 01:33 19-12-2007 - 21:46
CVE-2007-5857 6.4
Quick Look in Apple Mac OS X 10.5.1 does not prevent a movie from accessing URLs when the movie file is previewed or if an icon is created, which might allow remote attackers to obtain sensitive information via HREFTrack.
29-07-2017 - 01:33 19-12-2007 - 21:46
CVE-2007-5856 9.4
Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information.
29-07-2017 - 01:33 19-12-2007 - 21:46
CVE-2007-5855 6.4
Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has been set up using Account Assistant, can use plaintext authentication even when MD5 Challenge-Response authentication is available, which makes it easier for remote attackers to snif
29-07-2017 - 01:33 19-12-2007 - 21:46
CVE-2007-5854 4.3
Launch Services in Apple Mac OS X 10.4.11 and 10.5.1 does not treat HTML files as unsafe content, which allows attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via a crafted HTML file.
29-07-2017 - 01:33 19-12-2007 - 21:46
CVE-2007-5853 9.3
Unspecified vulnerability in IO Storage Family in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (system shutdown) or execute arbitrary code via a disk image with crafted GUID partition maps, which triggers memory
29-07-2017 - 01:33 19-12-2007 - 21:46
CVE-2007-5851 3.6
iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attackers to automatically initiate a video connection to another user via unknown vectors.
29-07-2017 - 01:33 19-12-2007 - 21:46
CVE-2007-5850 8.8
Heap-based buffer overflow in Desktop Services in Apple Mac OS X 10.4.11 allows user-assisted attackers to execute arbitrary code via a directory with a crafted .DS_Store file.
29-07-2017 - 01:33 19-12-2007 - 21:46
CVE-2007-5849 9.3
Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow.
29-07-2017 - 01:33 19-12-2007 - 21:46
CVE-2007-5847 6.6
Race condition in the CFURLWriteDataAndPropertiesToResource API in Core Foundation in Apple Mac OS X 10.4.11 creates files with insecure permissions, which might allow local users to obtain sensitive information.
29-07-2017 - 01:33 19-12-2007 - 21:46
CVE-2007-5476 10.0
Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, when running on Opera before 9.24 on Mac OS X, has unknown "Highly Severe" impact and unknown attack vectors.
29-07-2017 - 01:33 18-10-2007 - 00:17
CVE-2007-4710 9.3
Unspecified vulnerability in ColorSync in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via an image with a crafted ColorSync profile, which triggers memory corruption.
29-07-2017 - 01:33 19-12-2007 - 21:46
CVE-2007-4709 8.8
Directory traversal vulnerability in CFNetwork in Apple Mac OS X 10.5.1 allows remote attackers to overwrite arbitrary files via a crafted HTTP response.
29-07-2017 - 01:33 19-12-2007 - 21:46
CVE-2007-4708 9.3
Format string vulnerability in Address Book in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via the URL handler.
29-07-2017 - 01:33 19-12-2007 - 21:46
CVE-2007-5379 5.0
Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.from_xml (Hash#from_xml) method, which uses XmlSimple (XML::Simp
31-10-2012 - 02:44 19-10-2007 - 23:17
CVE-2007-6165 9.3
Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate
06-10-2011 - 04:00 29-11-2007 - 01:46
CVE-2007-5380 6.8
Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."
08-03-2011 - 03:00 19-10-2007 - 23:17
Back to Top Mark selected
Back to Top