ReportizFlow
Filtered by vendor
Subscriptions
Total
5469 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-6413 | 1 Sun | 1 Solaris | 2025-04-09 | N/A |
| Sun Solaris 10 with the 120011-04 and 120012-04 patches, and later 120011-* and 120012-* patches, allows remote attackers to bypass certain netgroup restrictions and obtain root access to a filesystem via NFS requests from a client root user. | ||||
| CVE-2007-6319 | 1 Lyris | 1 List Manager | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in Lyris ListManager 8.x before 8.95d, 9.2 before 9.2c, and 9.3 before 9.3b allow remote attackers to (1) gain list administrator privileges or (2) access arbitrary mailing lists via unknown vectors related to modification of client-side information; and (3) allow remote authenticated administrators to modify other account data by creating "new accounts that collide with existing accounts." | ||||
| CVE-2007-3782 | 2 Mysql, Redhat | 3 Community Server, Enterprise Linux, Rhel Application Stack | 2025-04-09 | N/A |
| MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table. | ||||
| CVE-2007-6222 | 1 Crm Ctt | 1 Interleave | 2025-04-09 | N/A |
| The CheckCustomerAccess function in functions.php in CRM-CTT Interleave before 4.2.0 (formerly CRM-CTT) does not properly verify user privileges, which allows remote authenticated users with the LIMITTOCUSTOMERS privilege to bypass intended access restrictions and edit non-active user settings. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-6165 | 1 Apple | 1 Mac Os X | 2025-04-09 | N/A |
| Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. NOTE: this is a regression error related to CVE-2006-0395. | ||||
| CVE-2007-3242 | 2 Web-app.net, Web-app.org | 2 Webapp, Webapp | 2025-04-09 | N/A |
| The Menu Manager Mod for (1) web-app.net WebAPP (aka WebAPP NE) 0.9.9.3.3 through 0.9.9.8, and (2) web-app.org WebAPP before 0.9.9.6, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the titles of items in a personal menu. | ||||
| CVE-2007-6081 | 1 Adventnet | 1 Eventlog Analyzer | 2025-04-09 | N/A |
| AdventNet EventLog Analyzer build 4030 for Windows, and possibly other versions and platforms, installs a mysql instance with a default "root" account without a password, which allows remote attackers to gain privileges and modify logs. Fixed in EventLog Analyzer Build 6000. | ||||
| CVE-2007-2435 | 2 Redhat, Sun | 5 Network Satellite, Rhel Extras, Java Enterprise System and 2 more | 2025-04-09 | N/A |
| Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files. | ||||
| CVE-2007-4609 | 1 Eyeos Project | 1 Eyeos | 2025-04-09 | N/A |
| eyeOS uses predictable checksum values in the checknum parameter for access control, which allows remote attackers to register many accounts via doCreateUser actions, add many eyeBoard messages via addMsg actions, and cause a denial of service or conduct certain unauthorized activities, by guessing valid parameter values. | ||||
| CVE-2007-4569 | 2 Kde, Redhat | 2 Kde, Enterprise Linux | 2025-04-09 | N/A |
| backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors. | ||||
| CVE-2007-4497 | 2 Canonical, Vmware | 5 Ubuntu Linux, Ace, Player and 2 more | 2025-04-09 | N/A |
| Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows users with login access to a guest operating system to cause a denial of service (guest outage and host process crash or hang) via unspecified vectors. | ||||
| CVE-2007-5945 | 1 Usvn | 1 User-friendly Svn | 2025-04-09 | N/A |
| USVN before 0.6.5 allows remote attackers to obtain a list of repository contents via unspecified vectors. | ||||
| CVE-2007-5835 | 1 Bosdev | 1 Bosnews | 2025-04-09 | N/A |
| Install.php in BosDev BosNews 4 and 5 does not require authentication for replacing an existing product installation or creating a new admin account, which allows remote attackers to cause a denial of service (overwritten files) and possibly obtain administrative access. | ||||
| CVE-2007-5751 | 1 Liferea | 1 Liferea | 2025-04-09 | N/A |
| Liferea before 1.4.6 uses weak permissions (0644) for the feedlist.opml backup file, which allows local users to obtain credentials. | ||||
| CVE-2007-4338 | 1 Haudenschilt | 1 Family Connections Cms | 2025-04-09 | N/A |
| index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 allows remote attackers to access an arbitrary account by placing the account's name in the value of an fcms_login_id cookie. NOTE: this can be leveraged for code execution via a POST with PHP code in the content parameter. | ||||
| CVE-2007-5571 | 1 Cisco | 1 Firewall Services Module | 2025-04-09 | N/A |
| Cisco Firewall Services Module (FWSM) 3.1(6), and 3.2(2) and earlier, does not properly enforce edited ACLs, which might allow remote attackers to bypass intended restrictions on network traffic, aka CSCsj52536. | ||||
| CVE-2007-4174 | 1 Tor | 1 Tor | 2025-04-09 | N/A |
| Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid authentication, as demonstrated by an HTML form (1) hosted on a web site or (2) injected by a Tor exit node. | ||||
| CVE-2007-4798 | 1 Ibm | 1 Aix | 2025-04-09 | N/A |
| Unspecified vulnerability in invscout in Inventory Scout in invscout.rte in IBM AIX 5.2 and 5.3 allows local users to delete system files that have names matching the final substring of a hostname alias, as demonstrated by hostnames ending in "unix". | ||||
| CVE-2009-2171 | 1 Mahara | 1 Mahara | 2025-04-09 | N/A |
| Mahara 1.1 before 1.1.5 does not apply permission checks when saving a view that contains artefacts, which allows remote authenticated users to read another user's artefact. | ||||
| CVE-2007-2279 | 1 Symantec | 1 Veritas Storage Foundation | 2025-04-09 | N/A |
| The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\VxSvc\CurrentVersion\Schedules specifying future command execution. | ||||