CVE-2007-1664

CVE-2007-1664 affects ekg prior to 1:1.7~rc2-1etch1 in Debian Etch, where a NULL pointer dereference in the token OCR functionality allows remote denial of service. Related entries show Debian has a security advisory (DSA-1318-1) and Fedora/OpenVAS references tracking a الفض updates (e.g., FEDORA...

CVE-2007-1664

ekg before 1:1.7rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service NULL pointer dereference via a vector related to the token OCR functionality...

core-dumping unreadable binaries via PT_INTERP

Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable binaries by using the interpreter PTINTERP functionality and triggering a core dump, a variant of CVE-2004-1073...

Unfixed XSS vulnerability at www.nfpa.org

Security researcher CoNqUeRoR, has submitted on 06/07/2007 a cross-site-scripting XSS vulnerability affecting www.nfpa.org, which at the time of submission ranked 108056 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 07/07/2007. It is currentl...

Unfixed XSS vulnerability at caricatura.ru

Security researcher zuppergazi, has submitted on 06/03/2007 a cross-site-scripting XSS vulnerability affecting caricatura.ru, which at the time of submission ranked 54809 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/03/2007. It is current...

CVE-2007-2975

CVE-2007-2975 affects Ignite Realtime Openfire 3.3.0 and earlier (Wildfire). The root cause is an improper filter mapping specification in web.xml for the admin console, allowing remote attackers to gain privileges and execute arbitrary code via functionality exposed through DWR (demonstrated usi...

CVE-2007-2975

The admin console in Ignite Realtime Openfire 3.3.0 and earlier formerly Wildfire does not properly specify a filter mapping in web.xml, which allows remote attackers to gain privileges and execute arbitrary code by accessing functionality that is exposed through DWR, as demonstrated using the...

CVE-2007-2447

The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the 1 SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute...

Null pointer dereference

The Exchange Collaboration Data Objects EXCDO functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service crash via an Internet Calendar iCal file containing multiple X-MICROSOFT-CDO-MODPROPS MODPROPS properties in which the...

CVE-2007-2321

Unspecified vulnerability in the search functionality in SilverStripe 2.0.0 has unknown impact and attack vectors...

Code injection

Unspecified vulnerability in the search functionality in SilverStripe 2.0.0 has unknown impact and attack vectors...

CVE-2007-2321

Technical details for CVE-2007-2321 are not publicly available in the provided connected documents; no affected product/version/root-cause/fix information is present. Monitor for updates.

Unfixed XSS vulnerability at www.tripple.net

Security researcher Uber0n, has submitted on 04/12/2007 a cross-site-scripting XSS vulnerability affecting www.tripple.net, which at the time of submission ranked 38044 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 05/12/2007. It is currently...

CVE-2007-1923

1 LedgerSMB and 2 DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0...

Improper access control

1 LedgerSMB and 2 DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0...

CVE-2007-1923

1 LedgerSMB and 2 DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0...

DEBIAN-CVE-2007-1923

1 LedgerSMB and 2 DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0...

CVE-2007-1923

1 LedgerSMB and 2 DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0...

PT-2007-3268 · Dws Systems +2 · Sql-Ledger +2

Name of the Vulnerable Software and Affected Versions: LedgerSMB versions prior to 1.3.0 DWS Systems SQL-Ledger affected versions not specified Description: The issue allows remote attackers to access restricted functionality via direct requests, as access control lists are implemented by changin...

CVE-2007-1923

1 LedgerSMB and 2 DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0...