Lucene search

K

5 matches found

CVE
CVE
added 2007/05/10 12:19 a.m.118 views

CVE-2007-2583

The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.

4CVSS5.8AI score0.0221EPSS
CVE
CVE
added 2007/05/16 1:19 a.m.104 views

CVE-2007-2691

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.

4.9CVSS6AI score0.01047EPSS
CVE
CVE
added 2007/05/09 12:19 a.m.102 views

CVE-2007-1864

Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.

7.5CVSS7.6AI score0.05482EPSS
CVE
CVE
added 2007/05/14 9:19 p.m.79 views

CVE-2007-2444

Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user.

7.2CVSS6.3AI score0.12221EPSS
CVE
CVE
added 2007/05/16 10:30 p.m.57 views

CVE-2007-2728

The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-2727. Note: The PHP team argue that this is not a valid security issue.

5CVSS6.3AI score0.01266EPSS