CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2901 CVE-2007-3822 XSS 2007-07-16 2018-10-15
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Webcit before 7.11 allow remote attackers to inject arbitrary web script or HTML via (1) the who parameter to showuser; and other vectors involving (2) calendar mode, (3) bulletin board mode, (4) room names, and (5) uploaded file names.
2902 CVE-2007-3820 2007-07-16 2018-10-15
2.6
None Remote High Not required None Partial None
konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed.
2903 CVE-2007-3807 XSS 2007-07-16 2018-10-15
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum before 7.3 allow remote attackers to inject arbitrary web script or HTML via the user name field in the login procedure, and other unspecified vectors.
2904 CVE-2007-3724 DoS 2007-07-12 2008-11-15
2.1
None Local Low Not required None None Partial
The process scheduler in the Microsoft Windows XP kernel does not make use of the process statistics kept by the kernel, performs scheduling based on CPU billing gathered from periodic process sampling ticks, and gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
2905 CVE-2007-3723 DoS 2007-07-12 2008-11-15
2.1
None Local Low Not required None None Partial
The process scheduler in the Sun Solaris kernel does not make use of the process statistics kept by the kernel and performs scheduling based upon CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
2906 CVE-2007-3722 DoS 2007-07-12 2008-11-15
2.1
None Local Low Not required None None Partial
The 4BSD process scheduler in the FreeBSD kernel performs scheduling based on CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption) by performing voluntary nanosecond sleeps that result in the process not being active during a clock interrupt, as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
2907 CVE-2007-3721 DoS 2007-07-12 2008-11-15
2.1
None Local Low Not required None None Partial
The ULE process scheduler in the FreeBSD kernel gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
2908 CVE-2007-3720 DoS 2007-07-12 2008-11-15
2.1
None Local Low Not required None None Partial
The process scheduler in the Linux kernel 2.4 performs scheduling based on CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption) by performing voluntary nanosecond sleeps that result in the process not being active during a clock interrupt, as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
2909 CVE-2007-3719 DoS 2007-07-12 2008-11-15
2.1
None Local Low Not required None None Partial
The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
2910 CVE-2007-3706 2007-07-11 2018-10-15
2.1
None Local Low Not required None Partial None
The _sanitize_globals function in CodeIgniter 1.5.3 before 20070628 allows remote attackers to unset arbitrary global variables with unspecified impact, as demonstrated by a _SERVER cookie.
2911 CVE-2007-3688 CSRF 2007-07-11 2017-07-28
2.6
None Remote High Not required None Partial None
Multiple cross-site request forgery (CSRF) vulnerabilities in DotClear 1.2.6 allow remote attackers to perform actions as arbitrary users via the (1) tool_url parameter to ecrire/tools.php and multiple fields on the (2) blogconf, (3) blogroll, (4) ecrire/redacteur.php, and (5) ecrire/user_prefs.php pages.
2912 CVE-2007-3685 XSS 2007-07-11 2017-07-28
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in rpc.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
2913 CVE-2007-3654 20 DoS 2007-09-17 2017-07-28
2.1
None Local Low Not required None None Partial
The display driver allocattr functions in NetBSD 3.0 through 4.0_BETA2, and NetBSD-current before 20070728, allow local users to cause a denial of service (panic) via a (1) negative or (2) large value in an ioctl call, as demonstrated by the vga_allocattr function.
2914 CVE-2007-3622 DoS 2007-07-09 2017-07-28
2.6
None Remote High Not required None None Partial
Unspecified vulnerability in DomainPOP in Alt-N Technologies MDaemon before 9.61 allows remote attackers to cause a denial of service (crash) via malformed messages.
2915 CVE-2007-3601 2007-07-06 2008-11-15
2.1
None Remote High Single system Partial None None
vtiger CRM before 5.0.3, when a migrated build is used, allows remote authenticated users to read certain other users' calendar activities via a (1) home page or (2) event list view.
2916 CVE-2007-3594 XSS 2007-07-06 2017-07-28
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in map/; the (2) reportName, (3) displayName, and (4) selectedNode parameters to (c) reports/ReportViewAction.do; the (5) operation parameter to (d) admin/ServiceConfiguration.do; and the (6) selectedNode and (7) selectedTab parameters to (e) admin/DeviceAssociation.do. NOTE: the searchTerm parameter in Search.do is already covered by CVE-2006-2343.
2917 CVE-2007-3474 2007-06-28 2018-10-16
2.6
None Remote High Not required None None Partial
Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 have unspecified impact and user-assisted remote attack vectors.
2918 CVE-2007-3443 DoS 2007-06-26 2017-07-28
2.3
None Local Network Medium Single system None None Partial
The Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 does not properly manage transaction states, which allows remote attackers to cause a denial of service (temporary device hang) by sending a certain SIP INVITE message, but not providing an ACK when the call is answered.
2919 CVE-2007-3442 DoS 2007-06-26 2017-07-28
2.3
None Local Network Medium Single system None None Partial
Format string vulnerability on the Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 allows remote attackers to cause a denial of service (blocked call reception and calling) via format string specifiers in an SIP INVITE message that lacks a host name in the Contact header.
2920 CVE-2007-3379 DoS 2007-09-17 2017-10-10
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in the kernel in Red Hat Enterprise Linux (RHEL) 4 on the x86_64 platform allows local users to cause a denial of service (OOPS) via unspecified vectors related to the get_gate_vma function and the fuser command.
2921 CVE-2007-3372 DoS 2007-06-22 2018-10-16
2.1
None Local Low Not required None None Partial
The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of service (exit) via empty TXT data over D-Bus, which triggers an assert error.
2922 CVE-2007-3337 2007-06-22 2018-10-16
2.1
None Local Low Not required None Partial None
wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file.
2923 CVE-2007-3129 XSS 2007-06-19 2018-10-16
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in login.php in Utopia News Pro 1.4.0 allows remote attackers to inject arbitrary web script or HTML via the password parameter.
2924 CVE-2007-3107 DoS 2007-07-10 2017-10-10
2.1
None Local Low Not required None None Partial
The signal handling in the Linux kernel before 2.6.22, including 2.6.2, when running on PowerPC systems using HTX, allows local users to cause a denial of service via unspecified vectors involving floating point corruption and concurrency, related to clearing of MSR bits.
2925 CVE-2007-3100 DoS 2007-06-14 2017-10-10
2.1
None Local Low Not required None None Partial
usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 uses a semaphore with insecure permissions (world-writable/world-readable) for managing log messages using shared memory, which allows local users to cause a denial of service (hang) by grabbing the semaphore.
2926 CVE-2007-3099 DoS 2007-06-14 2017-10-10
2.1
None Local Low Not required None None Partial
usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service (iscsid exit or iSCSI connection loss).
2927 CVE-2007-3024 2007-06-07 2008-09-05
2.1
None Local Low Not required Partial None None
libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files.
2928 CVE-2007-2894 DoS 2007-05-29 2017-07-28
2.1
None Local Low Not required None None Partial
The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error.
2929 CVE-2007-2875 189 2007-06-11 2018-10-19
2.1
None Local Low Not required Partial None None
Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file.
2930 CVE-2007-2797 2007-08-27 2018-10-16
2.1
None Local Low Not required None Partial None
xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in Debian GNU/Linux, sets the wrong group ownership of tty devices, which allows local users to write data to other users' terminals.
2931 CVE-2007-2727 2007-05-16 2018-10-30
2.6
None Remote High Not required Partial None None
The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow context-dependent attackers to decrypt certain data more easily because of the guessable encryption keys.
2932 CVE-2007-2617 2007-05-11 2017-10-10
2.1
None Local Low Not required Partial None None
srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options.
2933 CVE-2007-2509 20 2007-05-08 2018-10-30
2.6
None Remote High Not required None Partial None
CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands.
2934 CVE-2007-2448 +Info 2007-06-14 2012-11-05
2.1
None Remote High Single system Partial None None
Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit.
2935 CVE-2007-2037 399 DoS 2007-04-16 2018-11-01
2.9
None Local Network Medium Not required None None Partial
Cisco Wireless LAN Controller (WLC) before 3.2.116.21, and 4.0.x before 4.0.155.0, allows remote attackers on a local network to cause a denial of service (device crash) via malformed Ethernet traffic.
2936 CVE-2007-1903 XSS 2007-05-14 2018-10-16
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.php in SonicBB 1.0 allows remote attackers to inject arbitrary web script or HTML via the part parameter.
2937 CVE-2007-1858 +Info 2007-05-09 2018-10-16
2.6
None Remote High Not required Partial None None
The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
2938 CVE-2007-1856 DoS 2007-04-17 2017-10-10
2.1
None Local Low Not required None None Partial
Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure permissions, which allows local users to cause a denial of service (cron failure) by creating hard links, which results in a failed st_nlink check in database.c.
2939 CVE-2007-1773 22 Dir. Trav. 2007-03-29 2017-07-28
2.6
None Remote High Not required Partial None None
Multiple directory traversal vulnerabilities in aBitWhizzy allow remote attackers to list arbitrary directories via a .. (dot dot) in the d parameter to (1) whizzery/whizzypic.php or (2) whizzery/whizzylink.php, different vectors than CVE-2006-6384.
2940 CVE-2007-1589 DoS 2007-03-21 2008-09-05
2.1
None Local Low Not required None None Partial
TrueCrypt before 4.3, when set-euid mode is used on Linux, allows local users to cause a denial of service (filesystem unavailability) by dismounting a volume mounted by a different user.
2941 CVE-2007-1558 2007-04-16 2018-10-16
2.6
None Remote High Not required Partial None None
The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.
2942 CVE-2007-1505 +Info 2007-03-19 2017-08-16
2.1
None Local Low Not required Partial None None
Fujitsu FENCE-Pro before V5L01, and Systemwalker Desktop Encryption V12.0L10, V12.0L10A, V12.0L10B, V12.0L20 and V13.0.0 allows local users to obtain sensitive information by extracting the decoding password from certain "self-decoding" file types.
2943 CVE-2007-1448 DoS 2007-03-16 2017-07-28
2.1
None Local Low Not required None None Partial
The Tape Engine in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to cause a denial of service (disabled interface) by calling an unspecified RPC function.
2944 CVE-2007-1420 DoS 2007-03-12 2018-10-16
2.1
None Local Low Not required None None Partial
MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function.
2945 CVE-2007-1358 79 XSS 2007-05-09 2018-10-16
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
2946 CVE-2007-1353 +Info 2007-04-24 2017-10-10
2.1
None Local Low Not required Partial None None
The setsockopt function in the L2CAP and HCI Bluetooth support in the Linux kernel before 2.4.34.3 allows context-dependent attackers to read kernel memory and obtain sensitive information via unspecified vectors involving the copy_from_user function accessing an uninitialized stack buffer.
2947 CVE-2007-1194 200 +Info 2007-03-02 2018-10-16
2.1
None Local Low Not required Partial None None
Norman SandBox Analyzer does not use the proper range for Interrupt Descriptor Table (IDT) entries, which allows local users to determine that the local machine is an emulator, or a similar environment not based on a physical Intel processor, which allows attackers to produce malware that is more difficult to analyze.
2948 CVE-2007-1191 +Info 2007-03-02 2017-07-28
2.1
None Local Low Not required Partial None None
The Social Bookmarks (del.icio.us) plug-in 8F in Quicksilver writes usernames and passwords in plaintext to the /Library/Logs/Console/UID/Console.log file, which allows local users to obtain sensitive information by reading this file.
2949 CVE-2007-1008 DoS Mem. Corr. 2007-02-19 2018-10-16
2.6
None Remote High Not required None None Partial
Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation.
2950 CVE-2007-0958 2007-02-15 2018-10-30
2.1
None Local Low Not required Partial None None
Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable binaries by using the interpreter (PT_INTERP) functionality and triggering a core dump, a variant of CVE-2004-1073.
Total number of vulnerabilities : 4508   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 (This Page)60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.