Lucene search
K

901 matches found

NVD
NVD
added 2007/07/26 9:30 p.m.16 views

CVE-2007-3106

lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid 1 blocksize0 and 2 blocksize1 values, which trigger a "heap overwrite" in the 01inverse function in res0.c. NOTE...

6.8CVSS7.2AI score0.0314EPSS
Exploits0References27
securityvulns
securityvulns
added 2007/07/20 12:0 a.m.49 views

[CVE-2007-3816][Advisory] JWIG Context-Dependent Template Calling Dos

Advisory : JWIG Context-Dependent Template Calling Dos CVE- 2007-3816 Dated : 12 July 2007 Vulnerable Software : BRICS, JWIG Severity : Intermediate Explanation: JWIG might allow context-dependent attackers to cause a denial of service service degradation via loops of references to external...

7.8CVSS7.4AI score0.02109EPSS
Exploits0
CVE
CVE
added 2007/07/15 11:0 p.m.58 views

CVE-2007-3790

The vulnerability CVE-2007-3790 affects PHP 5.2.3 with the bz2 extension, where the com_print_typeinfo function can be exploited by a crafted long argument to cause a denial of service. Connected sources confirm the affected component and impact, but no specific patch version or remediation is pr...

5.8CVSS6.3AI score0.03017EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2007/07/10 12:30 a.m.22 views

Cross site scripting

Adobe Integrated Runtime AIR, aka Apollo allows context-dependent attackers to modify arbitrary files within an executing .air file compiled AIR application and perform cross-site scripting XSS attacks, as demonstrated by an application that modifies an HTML file inside itself via JavaScript that...

4.3CVSS5.8AI score0.02562EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2007/07/03 6:30 p.m.18 views

CVE-2007-3528

The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC cryptography by 1 discarding random bits by the blowfish::makeivec function in libdar/crypto.cpp that results in predictable and repeating IV values, and 2 direct use of a password for keying, which makes it easier for context-dependent...

5CVSS5.9AI score0.0176EPSS
Exploits0References1
Prion
Prion
added 2007/07/03 6:30 p.m.18 views

Design/Logic Flaw

The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC cryptography by 1 discarding random bits by the blowfish::makeivec function in libdar/crypto.cpp that results in predictable and repeating IV values, and 2 direct use of a password for keying, which makes it easier for context-dependent...

5CVSS7.1AI score0.0176EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2007/06/04 5:30 p.m.22 views

CVE-2007-2999

Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account...

1.8CVSS6.4AI score0.01641EPSS
Exploits0References4
NVD
NVD
added 2007/06/04 5:30 p.m.29 views

CVE-2007-3007

PHP 5 before 5.2.3 does not enforce the openbasedir or safemode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function...

5CVSS7.5AI score0.02695EPSS
Exploits0References13
UbuntuCve
UbuntuCve
added 2007/06/04 5:30 p.m.34 views

CVE-2007-3007

PHP 5 before 5.2.3 does not enforce the openbasedir or safemode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function...

5CVSS6AI score0.02695EPSS
Exploits0References1
CVE
CVE
added 2007/06/04 5:0 p.m.58 views

CVE-2007-2999

CVE-2007-2999 affects Microsoft Windows Server 2003 where time-restricted user accounts produce different error messages for failed logins with valid usernames versus invalid usernames. This behavior enables context-dependent attackers to enumerate valid Active Directory account names. The vulner...

1.8CVSS6.5AI score0.01641EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2007/06/04 5:0 p.m.51 views

CVE-2007-3007

PHP 5 before 5.2.3 does not enforce the openbasedir or safemode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function...

7.4AI score0.02695EPSS
Exploits0References13
Prion
Prion
added 2007/05/24 6:30 p.m.22 views

Design/Logic Flaw

The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safemode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI...

10CVSS6.7AI score0.07112EPSS
Exploits1References3Affected Software1
UbuntuCve
UbuntuCve
added 2007/05/24 2:30 a.m.35 views

CVE-2006-7205

The arrayfill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 allows context-dependent attackers to cause a denial of service memory consumption via a large num value...

5CVSS5.9AI score0.01261EPSS
Exploits1References1
Prion
Prion
added 2007/05/17 8:30 p.m.27 views

Information disclosure

The substrcount function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375...

4.3CVSS5.9AI score0.08156EPSS
Exploits1References7Affected Software1
UbuntuCve
UbuntuCve
added 2007/05/16 10:30 p.m.49 views

CVE-2007-2727

The mcryptcreateiv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls phprandr with an uninitialized seed variable and therefore always generates the same initialization vector IV, which might allow context-dependent attackers to decrypt...

2.6CVSS6.1AI score0.0186EPSS
Exploits1References1
Cvelist
Cvelist
added 2007/05/16 10:0 p.m.38 views

CVE-2007-2727

The mcryptcreateiv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls phprandr with an uninitialized seed variable and therefore always generates the same initialization vector IV, which might allow context-dependent attackers to decrypt...

7.5AI score0.0186EPSS
Exploits1References10
NVD
NVD
added 2007/04/10 11:19 p.m.21 views

CVE-2007-1926

Cross-site scripting XSS vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via 1 http or 2 ftp requests logged in /var/log/directadmin/security.log; 3 allows context-dependent...

6.8CVSS5.5AI score0.01551EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2007/04/10 11:19 p.m.2 views

CVE-2007-1926

Cross-site scripting XSS vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via 1 http or 2 ftp requests logged in /var/log/directadmin/security.log; 3 allows context-dependent...

6.8CVSS5.6AI score0.01551EPSS
Exploits1References8
Cvelist
Cvelist
added 2007/04/06 1:0 a.m.31 views

CVE-2007-1886

Integer overflow in the strreplace function in PHP 4.4.5 and PHP 5.2.1 allows context-dependent attackers to have an unknown impact via a single character search string in conjunction with a single character replacement string, which causes an "off by one overflow."...

6.6AI score0.0169EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2007/03/28 12:19 a.m.49 views

CVE-2007-1717

The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ '\0' byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NOTE: this issue might be security-relevant in cases...

5CVSS5.9AI score0.0465EPSS
Exploits2References1
Rows per page
Query Builder