Vulnerabilities (CVE)

Total 287228 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-4665 1 Firebirdsql 1 Firebird 2024-11-21 5.0 MEDIUM N/A
Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to cause a denial of service (daemon crash) via an XNET session that makes multiple simultaneous requests to register events, aka CORE-1403.
CVE-2007-4664 1 Firebirdsql 1 Firebird 2024-11-21 7.5 HIGH N/A
Unspecified vulnerability in the (1) attach database and (2) create database functionality in Firebird before 2.0.2, when a filename exceeds MAX_PATH_LEN, has unknown impact and attack vectors, aka CORE-1405.
CVE-2007-4663 1 Php 1 Php 2024-11-21 7.5 HIGH N/A
Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function.
CVE-2007-4662 1 Php 1 Php 2024-11-21 7.5 HIGH N/A
Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors.
CVE-2007-4661 1 Php 1 Php 2024-11-21 7.5 HIGH N/A
The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting in a heap-based buffer overflow. NOTE: this is due to an incomplete fix for CVE-2007-2872.
CVE-2007-4660 1 Php 1 Php 2024-11-21 7.5 HIGH N/A
Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation.
CVE-2007-4659 1 Php 1 Php 2024-11-21 7.5 HIGH N/A
The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors.
CVE-2007-4658 1 Php 1 Php 2024-11-21 7.5 HIGH N/A
The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.
CVE-2007-4657 3 Canonical, Debian, Php 3 Ubuntu Linux, Debian Linux, Php 2024-11-21 7.5 HIGH N/A
Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996.
CVE-2007-4656 1 Backup Manager 1 Backup Manager 2024-11-21 2.1 LOW N/A
backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than CVE-2007-2766.
CVE-2007-4655 1 Cgi-rescue 1 Shopping Basket Professional 2024-11-21 5.0 MEDIUM N/A
Multiple directory traversal vulnerabilities in CGI RESCUE Shopping Basket Professional 7.51 and earlier allow remote attackers to list arbitrary directories, and possibly read arbitrary files, via directory traversal sequences in unspecified parameters to (1) list.cgi or (2) list2.cgi.
CVE-2007-4654 3 Cisco, Openbsd, Teamf1 4 Content Services Switch 11000, Webns, Openssh and 1 more 2024-11-21 5.0 MEDIUM N/A
Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on Cisco WebNS 8.20.0.1 on Cisco Content Services Switch (CSS) series 11000 devices allows remote attackers to cause a denial of service (connection slot exhaustion and device crash) via a series of large packets designed to exploit the SSH CRC32 attack detection overflow (CVE-2001-0144), possibly a related issue to CVE-2002-1024.
CVE-2007-4653 1 Phpbb 1 Phpbb 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in links.php in the Links MOD 1.2.2 and earlier for phpBB 2.0.22 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter in a search action.
CVE-2007-4652 1 Php 1 Php 2024-11-21 4.4 MEDIUM N/A
The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.
CVE-2007-4651 1 Adobe 1 Connect Enterprise Server 2024-11-21 5.0 MEDIUM N/A
Unspecified vulnerability in Adobe Connect Enterprise Server 6 allows remote attackers to read certain pages that are restricted to the administrator via unknown vectors.
CVE-2007-4650 1 Bharat Mediratta 1 Gallery 2024-11-21 6.4 MEDIUM N/A
Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to (1) rename items, (2) read and modify item properties, or (3) lock and replace items via unknown vectors in (a) the WebDAV module; and (4) edit unspecified data files using "linked items" in WebDAV and (b) Reupload modules.
CVE-2007-4649 1 Microworld Technologies 3 Escan Anti-virus, Escan Internet Security, Escan Virus Control 2024-11-21 7.2 HIGH N/A
MicroWorld eScan Virus Control 9.0.722.1, Anti-Virus 9.0.722.1, and Internet Security 9.0.722.1 use weak permissions (Everyone:Full Control) for their installation directory trees, which allows local users to gain privileges by replacing application files, as demonstrated by traysser.exe.
CVE-2007-4648 1 Norman 1 Norman Virus Control 2024-11-21 7.2 HIGH N/A
The nvcoaft51 driver in Norman Virus Control (NVC) 5.82 uses weak permissions (unrestricted write access) for the NvcOa device, which allows local users to gain privileges by (1) triggering a buffer overflow in a kernel pool via a string argument to ioctl 0xBF67201C; or by (2) sending a crafted KEVENT structure through ioctl 0xBF672028 to overwrite arbitrary memory locations.
CVE-2007-4647 1 2coolcode 1 Our Space 2024-11-21 5.0 MEDIUM N/A
newswire/uploadmedia.cgi in 2coolcode Our Space (Ourspace) 2.0.9 allows remote attackers to upload certain files via unspecified vectors, probably involving unrestricted functionality in uploadmedia.cgi.
CVE-2007-4646 1 Hexamail 1 Hexamail Server 2024-11-21 10.0 HIGH N/A
Buffer overflow in the pop3 service in Hexamail Server 3.0.0.001 Lite allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long USER command.