| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
2801 |
CVE-2007-3129 |
|
|
XSS |
2007-06-19 |
2018-10-16 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in login.php in Utopia News Pro 1.4.0 allows remote attackers to inject arbitrary web script or HTML via the password parameter. |
|
2802 |
CVE-2007-3107 |
|
|
DoS |
2007-07-10 |
2017-10-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The signal handling in the Linux kernel before 2.6.22, including 2.6.2, when running on PowerPC systems using HTX, allows local users to cause a denial of service via unspecified vectors involving floating point corruption and concurrency, related to clearing of MSR bits. |
|
2803 |
CVE-2007-3100 |
|
|
DoS |
2007-06-14 |
2017-10-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 uses a semaphore with insecure permissions (world-writable/world-readable) for managing log messages using shared memory, which allows local users to cause a denial of service (hang) by grabbing the semaphore. |
|
2804 |
CVE-2007-3099 |
|
|
DoS |
2007-06-14 |
2017-10-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service (iscsid exit or iSCSI connection loss). |
|
2805 |
CVE-2007-3024 |
|
|
|
2007-06-07 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files. |
|
2806 |
CVE-2007-2894 |
|
|
DoS |
2007-05-29 |
2017-07-28 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error. |
|
2807 |
CVE-2007-2875 |
189 |
|
|
2007-06-11 |
2018-10-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file. |
|
2808 |
CVE-2007-2797 |
|
|
|
2007-08-27 |
2018-10-16 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in Debian GNU/Linux, sets the wrong group ownership of tty devices, which allows local users to write data to other users' terminals. |
|
2809 |
CVE-2007-2727 |
|
|
|
2007-05-16 |
2018-10-30 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow context-dependent attackers to decrypt certain data more easily because of the guessable encryption keys. |
|
2810 |
CVE-2007-2617 |
|
|
|
2007-05-11 |
2017-10-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options. |
|
2811 |
CVE-2007-2509 |
20 |
|
|
2007-05-08 |
2018-10-30 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands. |
|
2812 |
CVE-2007-2448 |
|
|
+Info |
2007-06-14 |
2012-11-05 |
2.1 |
None |
Remote |
High |
Single system |
Partial |
None |
None |
|
Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit. |
|
2813 |
CVE-2007-2037 |
399 |
|
DoS |
2007-04-16 |
2018-11-01 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
|
Cisco Wireless LAN Controller (WLC) before 3.2.116.21, and 4.0.x before 4.0.155.0, allows remote attackers on a local network to cause a denial of service (device crash) via malformed Ethernet traffic. |
|
2814 |
CVE-2007-1903 |
|
|
XSS |
2007-05-14 |
2018-10-16 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in search.php in SonicBB 1.0 allows remote attackers to inject arbitrary web script or HTML via the part parameter. |
|
2815 |
CVE-2007-1858 |
|
|
+Info |
2007-05-09 |
2018-10-16 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts. |
|
2816 |
CVE-2007-1856 |
|
|
DoS |
2007-04-17 |
2017-10-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure permissions, which allows local users to cause a denial of service (cron failure) by creating hard links, which results in a failed st_nlink check in database.c. |
|
2817 |
CVE-2007-1773 |
22 |
|
Dir. Trav. |
2007-03-29 |
2017-07-28 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Multiple directory traversal vulnerabilities in aBitWhizzy allow remote attackers to list arbitrary directories via a .. (dot dot) in the d parameter to (1) whizzery/whizzypic.php or (2) whizzery/whizzylink.php, different vectors than CVE-2006-6384. |
|
2818 |
CVE-2007-1589 |
|
|
DoS |
2007-03-21 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
TrueCrypt before 4.3, when set-euid mode is used on Linux, allows local users to cause a denial of service (filesystem unavailability) by dismounting a volume mounted by a different user. |
|
2819 |
CVE-2007-1558 |
|
|
|
2007-04-16 |
2018-10-16 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products. |
|
2820 |
CVE-2007-1505 |
|
|
+Info |
2007-03-19 |
2017-08-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Fujitsu FENCE-Pro before V5L01, and Systemwalker Desktop Encryption V12.0L10, V12.0L10A, V12.0L10B, V12.0L20 and V13.0.0 allows local users to obtain sensitive information by extracting the decoding password from certain "self-decoding" file types. |
|
2821 |
CVE-2007-1448 |
|
|
DoS |
2007-03-16 |
2017-07-28 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The Tape Engine in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to cause a denial of service (disabled interface) by calling an unspecified RPC function. |
|
2822 |
CVE-2007-1420 |
|
|
DoS |
2007-03-12 |
2018-10-16 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function. |
|
2823 |
CVE-2007-1358 |
79 |
|
XSS |
2007-05-09 |
2018-10-16 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616". |
|
2824 |
CVE-2007-1353 |
|
|
+Info |
2007-04-24 |
2017-10-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The setsockopt function in the L2CAP and HCI Bluetooth support in the Linux kernel before 2.4.34.3 allows context-dependent attackers to read kernel memory and obtain sensitive information via unspecified vectors involving the copy_from_user function accessing an uninitialized stack buffer. |
|
2825 |
CVE-2007-1194 |
200 |
|
+Info |
2007-03-02 |
2018-10-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Norman SandBox Analyzer does not use the proper range for Interrupt Descriptor Table (IDT) entries, which allows local users to determine that the local machine is an emulator, or a similar environment not based on a physical Intel processor, which allows attackers to produce malware that is more difficult to analyze. |
|
2826 |
CVE-2007-1191 |
|
|
+Info |
2007-03-02 |
2017-07-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Social Bookmarks (del.icio.us) plug-in 8F in Quicksilver writes usernames and passwords in plaintext to the /Library/Logs/Console/UID/Console.log file, which allows local users to obtain sensitive information by reading this file. |
|
2827 |
CVE-2007-1008 |
|
|
DoS Mem. Corr. |
2007-02-19 |
2018-10-16 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation. |
|
2828 |
CVE-2007-0958 |
|
|
|
2007-02-15 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable binaries by using the interpreter (PT_INTERP) functionality and triggering a core dump, a variant of CVE-2004-1073. |
|
2829 |
CVE-2007-0895 |
|
|
|
2007-02-12 |
2018-10-30 |
2.6 |
None |
Local |
High |
Not required |
None |
Partial |
Partial |
|
Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which causes rm to chdir to a ".." directory that is higher than expected, possibly up to the root file system, a related issue to CVE-2002-0435. |
|
2830 |
CVE-2007-0859 |
|
|
+Info |
2007-02-15 |
2018-10-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Find feature in Palm OS Treo smart phones operates despite the system password lock, which allows attackers with physical access to obtain sensitive information (memory contents) by doing (1) text searches or (2) paste operations after pressing certain keyboard shortcut keys. |
|
2831 |
CVE-2007-0805 |
|
|
+Info |
2007-02-07 |
2018-10-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The ps (/usr/ucb/ps) command on HP Tru64 UNIX 5.1 1885 allows local users to obtain sensitive information, including environment variables of arbitrary processes, via the "auxewww" argument, a similar issue to CVE-1999-1587. |
|
2832 |
CVE-2007-0751 |
|
|
DoS |
2007-05-24 |
2017-07-28 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9 might delete filesystems that have been mounted in /tmp, which might allow local users to cause a denial of service, related to the find command. |
|
2833 |
CVE-2007-0710 |
399 |
|
DoS |
2007-02-16 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows remote attackers to cause a denial of service (persistent application crash) via unspecified vectors, possibly related to CVE-2007-0614. |
|
2834 |
CVE-2007-0685 |
|
|
DoS Overflow |
2007-02-02 |
2017-07-28 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows attackers to cause a denial of service (application crash and device instability) via unspecified vectors, possibly related to a buffer overflow. |
|
2835 |
CVE-2007-0636 |
|
|
|
2007-01-31 |
2008-11-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in inotify before 0.3.5 has unknown impact and attack vectors, related to "access rights to watched files." |
|
2836 |
CVE-2007-0537 |
79 |
|
XSS Bypass |
2007-01-29 |
2018-10-16 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478. |
|
2837 |
CVE-2007-0524 |
20 |
|
DoS |
2007-01-25 |
2018-10-16 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
|
The LG Chocolate KG800 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push. |
|
2838 |
CVE-2007-0296 |
|
|
|
2007-01-16 |
2017-07-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13, 8.47.11, and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE02. |
|
2839 |
CVE-2007-0286 |
|
|
|
2007-01-16 |
2017-07-28 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in Oracle Application Server 10.1.2.0.2 and 10.1.3.0, and Collaboration Suite 10.1.2, has unknown impact and attack vectors related to Containers for J2EE, aka OC4J07. |
|
2840 |
CVE-2007-0010 |
|
|
DoS |
2007-01-24 |
2017-10-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file. |
|
2841 |
CVE-2006-7215 |
|
|
|
2007-07-03 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The Intel Core 2 Extreme processor X6800 and Core 2 Duo desktop processor E6000 and E4000 incorrectly set the memory page Access (A) bit for a page in certain circumstances involving proximity of the code segment limit to the end of a code page, which has unknown impact and attack vectors on certain operating systems other than OpenBSD, aka AI90. |
|
2842 |
CVE-2006-7204 |
|
|
|
2007-05-22 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The imap_body function in PHP before 4.4.4 does not implement safemode or open_basedir checks, which allows local users to read arbitrary files or list arbitrary directory contents. |
|
2843 |
CVE-2006-7139 |
20 |
|
DoS |
2007-03-07 |
2018-10-16 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, allows remote attackers to cause a denial of service (crash) via an HTML e-mail with certain table and frameset tags that trigger a segmentation fault, possibly involving invalid free or delete operations. |
|
2844 |
CVE-2006-7129 |
|
|
Bypass |
2007-03-05 |
2018-10-16 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
ISS BlackICE PC Protection 3.6 cpj and cpu, and possibly earlier versions, allows local users to bypass the protection scheme by using the ZwDeleteFile API function to delete the critical filelock.txt file, which stores information about protected files. |
|
2845 |
CVE-2006-6980 |
|
|
DoS |
2007-02-08 |
2008-11-13 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
The magnatune.com album browser in Amarok allows attackers to cause a denial of service (application crash) via unspecified vectors. |
|
2846 |
CVE-2006-6953 |
200 |
|
+Info |
2007-01-29 |
2018-10-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The virtual keyboard implementation in GlobeTrotter Mobility Manager changes the color of a key as it is pressed, which allows local users to capture arbitrary keystrokes, such as for passwords, by shoulder surfing or grabbing periodic screenshots. |
|
2847 |
CVE-2006-6921 |
|
|
DoS |
2007-01-12 |
2017-10-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Unspecified versions of the Linux kernel allow local users to cause a denial of service (unrecoverable zombie process) via a program with certain instructions that prevent init from properly reaping a child whose parent has died. |
|
2848 |
CVE-2006-6895 |
|
|
|
2006-12-31 |
2018-10-17 |
2.9 |
None |
Local Network |
Medium |
Not required |
Partial |
None |
None |
|
The Bluetooth stack in the Sony Ericsson T60 does not properly implement "Limited discoverable" mode, which allows remote attackers to obtain unauthorized inquiry responses. |
|
2849 |
CVE-2006-6744 |
|
|
|
2006-12-26 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
phpProfiles before 2.1.1 does not have an index.php or other index file in the (1) image_data, (2) graphics/comm, or (3) users read/write directories, which might allow remote attackers to list directory contents or have other unknown impacts. |
|
2850 |
CVE-2006-6677 |
|
|
DoS |
2006-12-20 |
2018-10-17 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
ESET NOD32 Antivirus before 1.1743 allows remote attackers to cause a denial of service (crash) via a crafted .CHM file that triggers a divide-by-zero error. |
