CVE-2007-2975

CVE-2007-2975 affects Ignite Realtime Openfire 3.3.0 and earlier (Wildfire). The root cause is an improper filter mapping specification in web.xml for the admin console, allowing remote attackers to gain privileges and execute arbitrary code via functionality exposed through DWR (demonstrated usi...

CVE-2007-2975

The admin console in Ignite Realtime Openfire 3.3.0 and earlier formerly Wildfire does not properly specify a filter mapping in web.xml, which allows remote attackers to gain privileges and execute arbitrary code by accessing functionality that is exposed through DWR, as demonstrated using the...

CVE-2007-2447

The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the 1 SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute...

Null pointer dereference

The Exchange Collaboration Data Objects EXCDO functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service crash via an Internet Calendar iCal file containing multiple X-MICROSOFT-CDO-MODPROPS MODPROPS properties in which the...

Code injection

Unspecified vulnerability in the search functionality in SilverStripe 2.0.0 has unknown impact and attack vectors...

CVE-2007-2321

Unspecified vulnerability in the search functionality in SilverStripe 2.0.0 has unknown impact and attack vectors...

CVE-2007-2321

Technical details for CVE-2007-2321 are not publicly available in the provided connected documents; no affected product/version/root-cause/fix information is present. Monitor for updates.

Unfixed XSS vulnerability at www.tripple.net

Security researcher Uber0n, has submitted on 04/12/2007 a cross-site-scripting XSS vulnerability affecting www.tripple.net, which at the time of submission ranked 38044 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 05/12/2007. It is currently...

CVE-2007-1923

1 LedgerSMB and 2 DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0...

Improper access control

1 LedgerSMB and 2 DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0...

CVE-2007-1923

1 LedgerSMB and 2 DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0...

CVE-2007-1923

1 LedgerSMB and 2 DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0...

DEBIAN-CVE-2007-1923

1 LedgerSMB and 2 DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0...

CVE-2007-1923

1 LedgerSMB and 2 DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0...

PT-2007-3268 · Dws Systems +2 · Sql-Ledger +2

Name of the Vulnerable Software and Affected Versions: LedgerSMB versions prior to 1.3.0 DWS Systems SQL-Ledger affected versions not specified Description: The issue allows remote attackers to access restricted functionality via direct requests, as access control lists are implemented by changin...

CVE-2007-1923

1 LedgerSMB and 2 DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0...

CVE-2007-1893

xmlrpc xmlrpc.php in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publishposts functionality, which can be used to "publish a previously saved post."...

Mandrake Linux Security Advisory : kernel (MDKSA-2007:078)

Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel : When SELinux hooks are enabled, the kernel could allow a local user to cause a DoS crash via a malformed file stream that triggers a NULL pointer derefernece CVE-2006-6056. Multiple buffer overflows in the 1 read and 2...

Unfixed XSS vulnerability at www.fulltorrent.net

Security researcher MaXWeL, has submitted on 04/03/2007 a cross-site-scripting XSS vulnerability affecting www.fulltorrent.net, which at the time of submission ranked 45821 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/03/2007. It is...

OpenAFS: Privilege escalation

Background OpenAFS is a distributed network filesystem. Description Benjamin Bennett discovered that the OpenAFS client contains a design flaw where cache managers do not use authenticated server connections when performing actions not requested by a user. Impact If setuid is enabled on the clien...