Filtered by vendor
Subscriptions
Total
316 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2007-6210 | 1 Zabbix | 1 Zabbix Agentd | 2024-11-21 | N/A |
zabbix_agentd 1.1.4 in ZABBIX before 1.4.3 runs "UserParameter" scripts with gid 0, which might allow local users to gain privileges. | ||||
CVE-2007-6199 | 2 Rsync, Slackware | 2 Rsync, Slackware Linux | 2024-11-21 | N/A |
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy. | ||||
CVE-2007-6131 | 1 Redhat | 1 Fedora Core | 2024-11-21 | N/A |
buttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite arbitrary files via a symlink attack on the (1) scan.pnm and (2) scan.jpg temporary files. | ||||
CVE-2007-5964 | 1 Redhat | 1 Enterprise Linux | 2024-11-21 | N/A |
The default configuration of autofs 5 in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 5, omits the nosuid option for the hosts (/net filesystem) map, which allows local users to gain privileges via a setuid program on a remote NFS server. | ||||
CVE-2007-5943 | 1 Simple Machines | 1 Simple Machines Forum | 2024-11-21 | N/A |
Simple Machines Forum (SMF) 1.1.4 allows remote attackers to read a message in private forums by using the advanced search module with the "show results as messages" option, then searching for possible keywords contained in that message. | ||||
CVE-2007-5856 | 1 Apple | 1 Mac Os X | 2024-11-21 | N/A |
Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information. | ||||
CVE-2007-5838 | 1 Symantec | 1 Altiris Deployment Solution | 2024-11-21 | N/A |
Aclient in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows local users to gain local System privileges via the "Enable key-based authentication to Deployment server" browser option, a different issue than CVE-2007-4380. | ||||
CVE-2007-5715 | 1 Denyhosts | 1 Denyhosts | 2024-11-21 | N/A |
DenyHosts 2.6 processes OpenSSH sshd "not listed in AllowUsers" log messages with an incorrect regular expression that does not match an IP address, which might allow remote attackers to avoid detection and blocking when making invalid login attempts with a username not present in AllowUsers, as demonstrated by the root username, a different vulnerability than CVE-2007-4323. | ||||
CVE-2007-5422 | 1 Sun | 1 Sunos | 2024-11-21 | N/A |
Unspecified vulnerability in "Solaris Auditing" in the Basic Security Module (BSM) in Sun Solaris 10, when configured for auditing of networking (nt) events, allows local users to cause a denial of service (panic) via unspecified vectors. | ||||
CVE-2007-5420 | 1 3com | 1 3crwe554g72t | 2024-11-21 | N/A |
The 3Com 3CRWER100-75 router with 1.2.10ww software, when remote management is disabled but a web server has been configured, serves a web page to external clients, which might allow remote attackers to obtain information about the router's existence and product details. | ||||
CVE-2007-5419 | 1 3com | 1 3crwe554g72t | 2024-11-21 | N/A |
The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an optional virtual server, configures this server to accept all source IP addresses on the external (Internet) interface unless the user selects other options, which might expose the router to unintended incoming traffic from remote attackers, as demonstrated by setting up a virtual server on port 80, which allows remote attackers to access the web management interface. | ||||
CVE-2007-5375 | 1 Sun | 1 Java Virtual Machine | 2024-11-21 | N/A |
Interpretation conflict in the Sun Java Virtual Machine (JVM) allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context, when an intranet web server has an HTML document that references a "mayscript=true" Java applet through a local relative URI, which may be associated with different IP addresses by the browser and the JVM. | ||||
CVE-2007-5338 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2024-11-21 | N/A |
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed. | ||||
CVE-2007-5334 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2024-11-21 | N/A |
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displaying XUL markup language documents, which makes it easier for remote attackers to conduct phishing and spoofing attacks by setting the hidechrome attribute. | ||||
CVE-2007-5071 | 1 Alexander Palmo | 1 Simple Php Blog | 2024-11-21 | N/A |
Incomplete blacklist vulnerability in upload_img_cgi.php in Simple PHP Blog before 0.5.1 allows remote attackers to upload dangerous files and execute arbitrary code, as demonstrated by a filename ending in .php. or a .htaccess file, a different vector than CVE-2005-2733. NOTE: the vulnerability was also present in a 0.5.1 download available in the early morning of 20070923. NOTE: the original 20070920 disclosure provided an incorrect filename, img_upload_cgi.php. | ||||
CVE-2007-4789 | 1 Cisco | 2 Content Switching Module With Ssl, Content Switching Modules | 2024-11-21 | N/A |
Cisco Content Switching Modules (CSM) 4.2 before 4.2.7, and Cisco Content Switching Module with SSL (CSM-S) 2.1 before 2.1.6, when service termination is enabled, allow remote attackers to cause a denial of service (reboot) via unspecified vectors related to high network utilization, aka CSCsh57876. | ||||
CVE-2007-4749 | 1 Autodesk | 1 Backburner | 2024-11-21 | N/A |
The cmdjob utility in Autodesk Backburner 3.0.2 allows remote attackers to execute arbitrary commands on render servers by queueing jobs that contain these commands. NOTE: this is only a vulnerability in environments in which the administrator has not followed documentation that outlines the security risks of operating Backburner on untrusted networks. | ||||
CVE-2007-4687 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-11-21 | N/A |
The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private directory and access arbitrary files. | ||||
CVE-2007-4074 | 2 Centre For Speech Technology Research, Suse | 2 Gentoo Linux, Suse Linux | 2024-11-21 | N/A |
The default configuration of Centre for Speech Technology Research (CSTR) Festival 1.95 beta (aka 2.0 beta) on Gentoo Linux, SUSE Linux, and possibly other distributions, is run locally with elevated privileges without requiring authentication, which allows local and remote attackers to execute arbitrary commands via the local daemon on port 1314, a different vulnerability than CVE-2001-0956. NOTE: this issue is local in some environments, but remote on others. | ||||
CVE-2007-3898 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Server 2003 | 2024-11-21 | N/A |
The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors. |