Security Vulnerabilities, CVEs, Published In April 2007 (Denial of service)
admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier provides access to configuration modification before login, which allows remote attackers to cause a denial of service (loss of configuration data), and possibly perform direct static code injection, via a saveGlobalconfig action.
Max CVSS
10.0
EPSS Score
0.33%
Published
2007-04-30
Updated
2017-10-11
Buffer overflow in wserve_console.exe in Wserve HTTP Server (whttp) 4.6 allows remote attackers to cause a denial of service (forced application exit) via a long directory name in the URI.
Max CVSS
10.0
EPSS Score
4.44%
Published
2007-04-30
Updated
2018-10-16
Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) cause a denial of service (daemon crash) and possibly execute arbitrary code via a certain update, which triggers a heap-based buffer overflow in update.c; and (2) cause a denial of service (daemon crash) via unspecified vectors that trigger an off-by-one stack-based buffer overflow in update.c.
Max CVSS
9.0
EPSS Score
9.30%
Published
2007-04-30
Updated
2017-07-29
The BOOTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, on Windows allows remote attackers to cause a denial of service (daemon crash) via a UDP packet that contains an invalid "packet type" field.
Max CVSS
7.8
EPSS Score
2.58%
Published
2007-04-27
Updated
2011-03-08
Unspecified vulnerability in InterVations NaviCOPA Web Server 2.01 20070323 allows remote attackers to cause a denial of service (daemon crash) via crafted HTTP requests, as demonstrated by long requests containing '\A' characters, probably a different issue than CVE-2006-5112 and CVE-2007-1733. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.8
EPSS Score
0.54%
Published
2007-04-27
Updated
2017-07-29
NMMediaServer.exe in Nero MediaHome 2.5.5.0 and CE 1.3.0.4 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted packet that contains two CRLF sequences. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.8
EPSS Score
1.26%
Published
2007-04-27
Updated
2017-07-29
MiniShare 1.5.4, and possibly earlier, allows remote attackers to cause a denial of service (application crash) via a flood of requests for new connections.
Max CVSS
7.8
EPSS Score
1.18%
Published
2007-04-26
Updated
2011-03-08
The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash).
Max CVSS
7.8
EPSS Score
11.40%
Published
2007-04-26
Updated
2018-10-16
The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference.
Max CVSS
7.8
EPSS Score
11.24%
Published
2007-04-26
Updated
2018-10-16
3Com TippingPoint IPS allows remote attackers to cause a denial of service (device hang) via a flood of packets on TCP port 80 with sequentially increasing source ports, related to a "badly written loop." NOTE: the vendor disputes this issue, stating that the product has "performed as expected with no DoS emerging.
Max CVSS
7.8
EPSS Score
1.83%
Published
2007-04-25
Updated
2024-03-21
The BitTorrent implementation in Opera 9.2 allows remote attackers to cause a denial of service (CPU consumption and application crash) via a malformed torrent file. NOTE: the original disclosure refers to this as a memory leak, but it is not certain.
Max CVSS
7.8
EPSS Score
0.40%
Published
2007-04-25
Updated
2022-02-26
The Linksys SPA941 VoIP Phone allows remote attackers to cause a denial of service (device reboot) via a 0377 (0xff) character in the From header, and possibly certain other locations, in a SIP INVITE request.
Max CVSS
7.8
EPSS Score
16.03%
Published
2007-04-25
Updated
2017-10-11
Unspecified vulnerability in Sun Cluster 3.1 and Solaris Cluster 3.2 before 20070424 allows remote authenticated users, operating from a different cluster node, to cause a denial of service (data corruption or send_mondo panic) via unspecified vectors, as demonstrated by EMC Symcli backup software 6.2.1.
Max CVSS
6.8
EPSS Score
1.06%
Published
2007-04-25
Updated
2017-07-29
Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when running sendmail 8.9.3 or 8.11.1; and HP-UX B.11.23 when running sendmail 8.11.1; allows remote attackers to cause a denial of service via unknown attack vectors. NOTE: due to the lack of details from HP, it is not known whether this issue is a duplicate of another CVE such as CVE-2006-1173 or CVE-2006-4434.
Max CVSS
7.8
EPSS Score
5.56%
Published
2007-04-25
Updated
2019-10-09
The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers.
Max CVSS
7.8
EPSS Score
10.45%
Published
2007-04-25
Updated
2018-10-16
Unspecified vulnerability in the Initialize function in NetscapeFTPHandler in WS_FTP Home and Professional 2007 allows remote attackers to cause a denial of service (NULL dereference and application crash) via unspecified vectors related to "improper arguments."
Max CVSS
7.8
EPSS Score
3.81%
Published
2007-04-24
Updated
2018-10-16
A certain ActiveX control in askPopStp.dll in Netsprint Ask IE Toolbar 1.1 allows remote attackers to cause a denial of service (Internet Explorer crash) via a long AddAllowed property value, related to "improper memory handling," possibly a buffer overflow.
Max CVSS
7.8
EPSS Score
5.38%
Published
2007-04-24
Updated
2018-10-16
aMSN (aka Alvaro's Messenger) 0.96 and earlier allows remote attackers to cause a denial of service (application crash) by sending invalid data to TCP port 31337.
Max CVSS
5.0
EPSS Score
2.96%
Published
2007-04-24
Updated
2008-11-13
Foxit Reader 2.0 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.
Max CVSS
5.0
EPSS Score
5.38%
Published
2007-04-24
Updated
2017-10-11
Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file.
Max CVSS
7.1
EPSS Score
0.99%
Published
2007-04-24
Updated
2018-10-16
Multiple unspecified vulnerabilities in IXceedCompression in XceddZipLib (RaidenFTPD.dll) in RaidenFTPD 2.4 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving the (1) CalculateCrc, (2) Compress, and (3) Uncompress functions, which result in a NULL pointer dereference.
Max CVSS
7.8
EPSS Score
1.28%
Published
2007-04-24
Updated
2018-10-16
Multiple unspecified vulnerabilities in Objective Development Sharity before 3.3 allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors.
Max CVSS
7.8
EPSS Score
1.83%
Published
2007-04-24
Updated
2017-07-29
Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service (browser crash or abort) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
Max CVSS
5.0
EPSS Score
1.14%
Published
2007-04-22
Updated
2018-10-16
Apple Safari allows remote attackers to cause a denial of service (browser crash) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
Max CVSS
5.0
EPSS Score
0.30%
Published
2007-04-22
Updated
2018-10-16
(1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote attackers to cause a denial of service (browser crash or system hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
Max CVSS
7.8
EPSS Score
0.67%
Published
2007-04-22
Updated
2018-10-16