Total
7426 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-3008 | 1 Mbedthis Software | 1 Mbedthis Appweb Http Server | 2024-11-21 | 4.3 MEDIUM | N/A |
Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing (XST) attacks, a related issue to CVE-2004-2320 and CVE-2005-3398. | |||||
CVE-2007-2780 | 1 Psychostats | 1 Psychostats | 2024-11-21 | 5.0 MEDIUM | N/A |
PsychoStats 3.0.6b and earlier allows remote attackers to obtain sensitive information via a request for server.php with a missing or invalid newtheme parameter, which reveals a path in an error message. | |||||
CVE-2007-2768 | 2 Netapp, Openbsd | 5 Hci Management Node, Hci Storage Node, Solidfire and 2 more | 2024-11-21 | 4.3 MEDIUM | N/A |
OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243. | |||||
CVE-2007-2748 | 1 Php | 1 Php | 2024-11-21 | 4.3 MEDIUM | N/A |
The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375. | |||||
CVE-2007-2590 | 1 Nokia | 3 Groupwise Mobile Server, Intellisync Mobile Suite, Intellisync Wireless Email Express | 2024-11-21 | 6.4 MEDIUM | N/A |
Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to obtain user names and other sensitive information via a direct request to (1) usrmgr/userList.asp or (2) usrmgr/userStatusList.asp. | |||||
CVE-2007-2552 | 1 Wikkawiki | 1 Wikkawiki | 2024-11-21 | 5.0 MEDIUM | N/A |
The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to obtain the names, and possibly revision notes and dates, of private pages via RSS feeds. | |||||
CVE-2007-2479 | 1 Cerulean Studios | 1 Trillian | 2024-11-21 | 7.1 HIGH | 5.9 MEDIUM |
Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a server message to be sent to the attacker. | |||||
CVE-2007-2402 | 1 Apple | 1 Quicktime | 2024-11-21 | 4.3 MEDIUM | N/A |
QuickTime for Java in Apple Quicktime before 7.2 does not perform sufficient "access control," which allows remote attackers to obtain sensitive information (screen content) via crafted Java applets. | |||||
CVE-2007-2379 | 2 Jquery, Netapp | 2 Jquery, Snapcenter | 2024-11-21 | 5.0 MEDIUM | N/A |
The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | |||||
CVE-2007-2353 | 1 Apache | 1 Axis | 2024-11-21 | 5.0 MEDIUM | N/A |
Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message. | |||||
CVE-2007-2253 | 1 Exponent | 1 Exponent Cms | 2024-11-21 | 5.0 MEDIUM | N/A |
Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain path information via a direct request for (1) sdk/blanks/formcontrol.php and (2) sdk/blanks/file_modules.php. | |||||
CVE-2007-2022 | 2 Adobe, Opera | 2 Flash Player, Opera Browser | 2024-11-21 | 6.8 MEDIUM | N/A |
Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet. | |||||
CVE-2007-1564 | 1 Kde | 1 Konqueror | 2024-11-21 | 6.8 MEDIUM | N/A |
The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. | |||||
CVE-2007-1563 | 1 Opera | 1 Opera Browser | 2024-11-21 | 6.8 MEDIUM | N/A |
The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. | |||||
CVE-2007-1562 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-11-21 | 6.8 MEDIUM | N/A |
The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. | |||||
CVE-2007-1237 | 1 Bj Sintay | 1 Sitex | 2024-11-21 | 5.0 MEDIUM | N/A |
sitex allows remote attackers to obtain potentially sensitive information via a ' (quote) value for certain parameters, as demonstrated by parameters used in forum and search, which forces a SQL error. | |||||
CVE-2007-1194 | 1 Norman | 1 Norman Sandbox Analyzer | 2024-11-21 | 2.1 LOW | N/A |
Norman SandBox Analyzer does not use the proper range for Interrupt Descriptor Table (IDT) entries, which allows local users to determine that the local machine is an emulator, or a similar environment not based on a physical Intel processor, which allows attackers to produce malware that is more difficult to analyze. | |||||
CVE-2007-1167 | 1 Dzcp | 1 Dev\!l\'z Clanportal | 2024-11-21 | 5.0 MEDIUM | N/A |
inc/filebrowser/browser.php in deV!L`z Clanportal (DZCP) 1.4.5 and earlier allows remote attackers to obtain MySQL data via the inc/mysql.php value of the file parameter. | |||||
CVE-2007-1116 | 1 Mozilla | 1 Firefox | 2024-11-21 | 5.0 MEDIUM | N/A |
The CheckLoadURI function in Mozilla Firefox 1.8 lists the about: URI as a ChromeProtocol and can be loaded via JavaScript, which allows remote attackers to obtain sensitive information by querying the browser's session history. | |||||
CVE-2007-1044 | 1 Pearson Education | 1 Powerschool | 2024-11-21 | 5.0 MEDIUM | N/A |
Pearson Education PowerSchool 4.3.6 allows remote attackers to list the contents of the admin folder via a URI composed of the admin/ directory name and an arbitrary filename ending in ".js." NOTE: it was later reported that this issue had been addressed by 5.1.2. |