Total
10018 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4459 | 1 Cisco | 2 Voip Phone Cp-7940, Voip Phone Cp-7960 | 2024-02-04 | 7.1 HIGH | N/A |
| Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP firmware before 8.7(0), allows remote attackers to cause a denial of service (device reboot) via (1) a certain sequence of 10 invalid SIP INVITE and OPTIONS messages; or (2) a certain invalid SIP INVITE message that contains a remote tag, followed by a certain set of two related SIP OPTIONS messages. | |||||
| CVE-2007-5830 | 1 Avaya | 2 Message Networking, Messaging Storage Server | 2024-02-04 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the administrative interface in Avaya Messaging Storage Server (MSS) 3.1 before SP1, and Message Networking (MN) 3.1, allows remote attackers to cause a denial of service via unspecified vectors related to "input validation." | |||||
| CVE-2008-0406 | 1 Hfs | 1 Http File Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name. | |||||
| CVE-2007-0197 | 1 Apple | 1 Mac Os X | 2024-02-04 | 6.8 MEDIUM | N/A |
| Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long volume name in a DMG disk image, which results in memory corruption. | |||||
| CVE-2007-4738 | 1 Speedtech | 1 Stphplibrary | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) db_conf or (2) ADODB_DIR parameter to utils/stphpimage_show.php; or a URL in the STPHPLIB_DIR parameter to (3) stphpbutton.php, (4) stphpcheckbox.php, (5) stphpcheckboxwithcaption.php, (6) stphpcheckgroup.php, (7) stphpcomponent.php, (8) stphpcontrolwithcaption.php, (9) stphpedit.php, (10) stphpeditwithcaption.php, (11) stphphr.php, (12) stphpimage.php, (13) stphpimagewithcaption.php, (14) stphplabel.php, (15) stphplistbox.php, (16) stphplistboxwithcaption.php, (17) stphplocale.php, (18) stphppanel.php, (19) stphpradiobutton.php, (20) stphpradiobuttonwithcaption.php, (21) stphpradiogroup.php, (22) stphprichbutton.php, (23) stphpspacer.php, (24) stphptable.php, (25) stphptablecell.php, (26) stphptablerow.php, (27) stphptabpanel.php, (28) stphptabtitle.php, (29) stphptextarea.php, (30) stphptextareawithcaption.php, (31) stphptoolbar.php, (32) stphpwindow.php, (33) stphpxmldoc.php, or (34) stphpxmlelement.php, a different set of vectors than CVE-2007-4737. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-5559 | 1 Microsoft | 4 Data Access Components, Windows 2000, Windows 2003 Server and 1 more | 2024-02-04 | 9.3 HIGH | N/A |
| The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments. | |||||
| CVE-2007-4216 | 1 Checkpoint | 1 Zonealarm | 2024-02-04 | 7.2 HIGH | N/A |
| vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before 7.0.362 allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in a METHOD_NEITHER (1) IOCTL 0x8400000F or (2) IOCTL 0x84000013 request, which can be used to overwrite arbitrary memory locations. | |||||
| CVE-2007-5556 | 1 Avaya | 1 Voip Handset | 2024-02-04 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the Avaya VoIP Handset allows remote attackers to cause a denial of service (reboot) via crafted packets. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2007-3731 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 4.9 MEDIUM | N/A |
| The Linux kernel 2.6.20 and 2.6.21 does not properly handle an invalid LDT segment selector in %cs (the xcs field) during ptrace single-step operations, which allows local users to cause a denial of service (NULL dereference and OOPS) via certain code that makes ptrace PTRACE_SETREGS and PTRACE_SINGLESTEP requests, related to the TRACE_IRQS_ON function, and possibly related to the arch_ptrace function. | |||||
| CVE-2007-3389 | 1 Wireshark | 1 Wireshark | 2024-02-04 | 5.0 MEDIUM | N/A |
| Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload. | |||||
| CVE-2007-5281 | 1 Hitachi | 8 Ucosminexus Application Server Enterprise, Ucosminexus Application Server Standard, Ucosminexus Client and 5 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| The Java Secure Socket Extension (JSSE) in the Hitachi Cosminexus Developer's Kit for Java in various Hitachi Cosminexus 7.5 products before 07-50-01, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service via certain SSL/TLS handshake requests. NOTE: this may be the same as CVE-2007-3698. | |||||
| CVE-2007-1441 | 1 Rim | 3 Blackberry, Blackberry 8100, Blackberry Browser | 2024-02-04 | 4.3 MEDIUM | N/A |
| The 4thPass browser (BlackBerry Browser) on the RIM BlackBerry 8100 (Pearl) before 4.2.1 allows remote attackers to cause a denial of service (temporary functionality loss) via a long href attribute in a link in a WML page. | |||||
| CVE-2007-6527 | 1 Rickard Andersson | 1 Punbb | 2024-02-04 | 5.8 MEDIUM | N/A |
| uploadimg.php in the Automatic Image Upload with Thumbnails (imgUpload) module 1.3.2 for PunBB only verifies the Content-type field of uploaded files, which allows remote attackers to upload and execute arbitrary content via a file with a (1) JPG, (2) GIF, or (3) PNG MIME type. | |||||
| CVE-2007-5824 | 1 Firefly | 1 Media Server | 2024-02-04 | 7.1 HIGH | N/A |
| webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a stats method action to /xml-rpc with (1) an empty Authorization header line, which triggers a crash in the ws_decodepassword function; or (2) a header line without a ':' character, which triggers a crash in the ws_getheaders function. | |||||
| CVE-2008-0116 | 1 Microsoft | 4 Excel, Excel Viewer, Office and 1 more | 2024-02-04 | 9.3 HIGH | N/A |
| Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability." | |||||
| CVE-2007-6444 | 2024-02-04 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6113. Reason: This candidate is a duplicate of CVE-2007-6113, Notes: All CVE users should reference CVE-2007-6113 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2007-5893 | 1 Alhem | 1 C\+\+ Sockets Library | 2024-02-04 | 5.0 MEDIUM | N/A |
| HTTPSocket.cpp in the C++ Sockets Library before 2.2.5 allows remote attackers to cause a denial of service (crash) via an HTTP request with a missing protocol version number, which triggers an exception. NOTE: some of these details were obtained from third party information. | |||||
| CVE-2007-0035 | 1 Microsoft | 2 Office, Works | 2024-02-04 | 9.3 HIGH | N/A |
| Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability." | |||||
| CVE-2008-0526 | 1 Cisco | 3 Session Initiation Protocol \(sip\) Firmware, Skinny Client Control Protocol \(sccp\) Firmware, Unified Ip Phone | 2024-02-04 | 7.8 HIGH | N/A |
| Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP firmware allows remote attackers to cause a denial of service (reboot) via a long ICMP echo request (ping) packet. | |||||
| CVE-2007-5128 | 2 Boesch-it, Php | 2 Simpnews, Php | 2024-02-04 | 5.0 MEDIUM | N/A |
| SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows. | |||||