Security Vulnerabilities, CVEs, Published In November 2007 (Bypass)
Unspecified vulnerability in Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-01 allows remote attackers to bypass authentication and "view files" via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.48%
Published
2007-11-27
Updated
2017-07-29
gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions.
Max CVSS
5.0
EPSS Score
0.64%
Published
2007-11-26
Updated
2011-03-08
Unspecified vulnerability in main.php of BugHotel Reservation System before 4.9.9 P3 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
10.0
EPSS Score
0.31%
Published
2007-11-16
Updated
2008-09-05
TestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.34%
Published
2007-11-15
Updated
2008-11-15
blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user accounts, which allows remote attackers to post shoutbox entries as arbitrary users via a modified nick field.
Max CVSS
7.5
EPSS Score
1.28%
Published
2007-11-15
Updated
2017-07-29
details.php in BtiTracker before 1.4.5, when torrent viewing is disabled for guests, allows remote attackers to bypass protection mechanisms via a direct request, as demonstrated by (1) reading the details of an arbitrary torrent and (2) modifying a torrent owned by a guest.
Max CVSS
6.8
EPSS Score
1.28%
Published
2007-11-15
Updated
2017-07-29
dirsys/modules/auth.php in JBC Explorer 7.20 RC1 and earlier does not require authentication, which allows remote attackers to (1) delete auth.inc.php via the suppr parameter, and (2) re-create the auth.inc.php file with contents that specify a new account name and password for JBC Explorer via the login and password parameters.
Max CVSS
6.8
EPSS Score
1.93%
Published
2007-11-10
Updated
2018-10-15
SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
Max CVSS
7.5
EPSS Score
0.62%
Published
2007-11-03
Updated
2011-03-08
The Vonage Motorola Phone Adapter VT 2142-VD does not properly verify that a SIP INVITE message originated from a legitimate server, which allows remote attackers to send spoofed INVITE messages, as demonstrated by a flood of messages triggering a denial of service, and by phone calls with malicious content.
Max CVSS
10.0
EPSS Score
3.56%
Published
2007-11-01
Updated
2017-07-29
The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162.
Max CVSS
5.0
EPSS Score
0.60%
Published
2007-11-14
Updated
2017-09-29
The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access to bypass the authentication dialog of the screen saver and send keystrokes to a process, related to "handling of keyboard focus between secure text fields."
Max CVSS
7.2
EPSS Score
0.28%
Published
2007-11-15
Updated
2017-07-29
The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab.
Max CVSS
4.3
EPSS Score
0.76%
Published
2007-11-15
Updated
2017-07-29
CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack.
Max CVSS
6.8
EPSS Score
1.07%
Published
2007-11-15
Updated
2017-07-29
13 vulnerabilities found