Lucene search
K

4151 matches found

UbuntuCve
UbuntuCve
added 2007/12/06 2:46 a.m.25 views

CVE-2007-4575

HSQLDB before 1.8.0.9, as used in OpenOffice.org OOo 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods."...

9.3CVSS6.2AI score0.14347EPSS
Exploits3References2
OSV
OSV
added 2007/12/06 2:46 a.m.1 views

DEBIAN-CVE-2007-4575

HSQLDB before 1.8.0.9, as used in OpenOffice.org OOo 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods."...

9.3CVSS7.8AI score0.14347EPSS
Exploits3References1
Cvelist
Cvelist
added 2007/12/06 2:0 a.m.21 views

CVE-2007-4575

HSQLDB before 1.8.0.9, as used in OpenOffice.org OOo 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods."...

7.8AI score0.14347EPSS
Exploits3References36
RedHat Linux
RedHat Linux
added 2007/12/05 2:44 p.m.7 views

OpenOffice.org-base allows Denial-of-Service and command injection

HSQLDB before 1.8.0.9, as used in OpenOffice.org OOo 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods."...

9.3CVSS6.2AI score0.14347EPSS
Exploits3References4
RedHat Linux
RedHat Linux
added 2007/12/05 2:34 p.m.7 views

OpenOffice.org-base allows Denial-of-Service and command injection

HSQLDB before 1.8.0.9, as used in OpenOffice.org OOo 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods."...

9.3CVSS6.2AI score0.14347EPSS
Exploits3References4
Gentoo Linux
Gentoo Linux
added 2007/11/25 12:0 a.m.16 views

CSTeX: Multiple vulnerabilities

Background CSTeX is a TeX distribution with Czech and Slovak support. It is used for creating and manipulating LaTeX documents. Description Multiple issues were found in the teTeX 2 codebase that CSTeX builds upon GLSA 200709-17, GLSA 200711-26. CSTeX also includes vulnerable code from the GD...

3.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2007/11/12 12:0 a.m.44 views

Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 9.1 / current : xpdf/poppler/koffice/kdegraphics (SSA:2007-316-01)

New xpdf packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, and -current. New poppler packages are available for Slackware 12.0 and -current. New koffice packages are available for Slackware 11.0, 12.0, and -current. New kdegraphics packages are available for Slackware 10.2,...

9.3CVSS6.7AI score0.08565EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2007/11/07 5:52 p.m.5 views

DCTStream:: reset()

Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow...

9.3CVSS8.1AI score0.06408EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2007/10/19 3:36 p.m.6 views

security flaw

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displaying XUL markup language documents, which makes it easier for remote attackers to conduct phishing and spoofing attacks by setting the hidechrome attribute...

4.3CVSS5.8AI score0.03017EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2007/10/17 12:0 a.m.17 views

openSUSE 10 Security Update : samba (samba-2584)

"A logic error in the deferred open code can lead to an infinite loop in Samba's smbd daemon. In addition the following changes are included with these packages : - Disable broken DCERPC funnel patch; 242833. - Avoid winbind event handler for internal domains. - Fix smbcontrol winbind offline;...

5.6AI score
Exploits0
securityvulns
securityvulns
added 2007/10/02 12:0 a.m.106 views

eGov Content Manager Cross Site Scripting Vulrnability

HSC eGov Content Manager Cross Site Scripting Vulrnability The eGov Manager was designed to simplify the efforts of government staffers who are responsible for posting public documents, news updates, events, managing staff directories and online services. This issue is due to a failure in the...

0.7AI score
Exploits0
NVD
NVD
added 2007/09/26 10:17 p.m.18 views

CVE-2007-5095

Microsoft Windows Media Player WMP 9 on Windows XP SP2 invokes Internet Explorer to render HTML documents contained inside some media files, regardless of what default web browser is configured, which might allow remote attackers to exploit vulnerabilities in software that the user does not expec...

7.5CVSS6.6AI score0.1517EPSS
Exploits0References6
Prion
Prion
added 2007/09/26 10:17 p.m.13 views

Hardcoded credentials

Microsoft Windows Media Player WMP 9 on Windows XP SP2 invokes Internet Explorer to render HTML documents contained inside some media files, regardless of what default web browser is configured, which might allow remote attackers to exploit vulnerabilities in software that the user does not expec...

7.5CVSS7.1AI score0.1517EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2007/09/14 12:17 a.m.21 views

Code injection

The "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2 associates the doc variable with the entire document content and metadata regardless of a user's view rights, which allows remote authenticated users to read arbitrary documents via a custom skin that prints the content attribu...

3.5CVSS6.7AI score0.00773EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2007/09/14 12:0 a.m.54 views

CVE-2007-4888

The CVE-2007-4888 entry concerns XWiki 1.0 B1 and 1.0 B2. The issue is an error handler flaw where the doc variable is associated with the entire document content and metadata regardless of a user’s view rights. This allows remote authenticated users to read arbitrary documents by using a custom ...

3.5CVSS6.2AI score0.00773EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2007/08/23 7:0 p.m.24 views

CVE-2007-4510

ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service application crash via 1 a crafted RTF file, which triggers a NULL dereference in the cliscanrtf function in libclamav/rtf.c; or 2 a crafted HTML document wit...

4.3CVSS6AI score0.01968EPSS
Exploits0
CERT
CERT
added 2007/08/13 12:0 a.m.35 views

InterActual Player IAMCE ActiveX control stack buffer overflow

Overview The InterActual Player IAMCE ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description InterActual Player is a video DVD playing application for Windows systems. InterActual Player wa...

9.3CVSS7.3AI score0.0818EPSS
Exploits0References2
Prion
Prion
added 2007/08/08 1:17 a.m.17 views

Unrestricted file upload

Unrestricted file upload vulnerability in index.php in WikiWebWeaver 1.1 and earlier allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension such as .gif.php, which is accessible from data/documents/...

7.5CVSS8.1AI score0.01353EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2007/08/08 1:17 a.m.17 views

CVE-2007-4182

Unrestricted file upload vulnerability in index.php in WikiWebWeaver 1.1 and earlier allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension such as .gif.php, which is accessible from data/documents/...

7.5CVSS7.5AI score0.01353EPSS
Exploits0References4
Mozilla
Mozilla
added 2007/07/17 12:0 a.m.31 views

Unauthorized access to wyciwyg:// documents — Mozilla

Michal Zalewski reported that it was possible to bypass the same-origin checks and read from cached wyciwyg documents. It is possible to access wyciwyg:// documents without proper same domain policy checks through the use of HTTP 302 redirects. This enables the attacker to steal sensitive data...

6.8CVSS0.9AI score0.01966EPSS
Exploits1References2Affected Software2
Rows per page
Query Builder