Primary Vendor -- Product | Description | | CVSS Score | Source & Patch Info | ALeadSoft.com -- Search Engine Builder Professional
| Cross-site scripting (XSS) vulnerability in search.html in Search Engine Builder allows remote attackers to inject arbitrary web script or HTML via the searWords parameter. | | 4.3 | CVE-2007-4479 BUGTRAQ OTHER-REF OTHER-REF
| American Financing -- eMail Image Upload
| Unrestricted file upload vulnerability in output.php in American Financing eMail Image Upload 4.1 allows remote attackers to upload and execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 6.8 | CVE-2007-4499 BID
| Ampache -- Ampache
| SQL injection vulnerability in albums.php in Ampache before 3.3.3.5 allows remote attackers to execute arbitrary SQL commands via the match parameter. NOTE: some details are obtained from third party information. | | 6.8 | CVE-2007-4437 OTHER-REF SECUNIA
| Ampache -- Ampache
| Session fixation vulnerability in Ampache before 3.3.3.5 allows remote attackers to hijack web sessions via unspecified vectors. | | 6.8 | CVE-2007-4438 OTHER-REF SECUNIA
| Apache -- Apache HTTP Server
| The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read. | | 5.0 | CVE-2007-3847 MLIST MLIST MLIST
| Apple -- Safari
| Apple Safari for Windows 3.0.3 and earlier does not prompt the user before downloading a file, which allows remote attackers to download arbitrary files to the desktop of a client system via certain HTML, as demonstrated by a filename in the DATA attribute of an OBJECT element. NOTE: it could be argued that this is not a vulnerability because a dangerous file is not actually launched, but as of 2007, it is generally accepted that web browsers should prompt users before saving dangerous content. | | 4.3 | CVE-2007-4424 BUGTRAQ BUGTRAQ SECTRACK
| Apple -- Safari
| Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka "classic JavaScript frame hijacking." | | 6.8 | CVE-2007-4431 OTHER-REF OTHER-REF OTHER-REF BID
| Aspindir -- Text File Search
| Cross-site scripting (XSS) vulnerability in textfilesearch.aspx in the Text File Search ASP.NET edition allows remote attackers to inject arbitrary web script or HTML via the search field. | | 4.3 | CVE-2007-4433 OTHER-REF BID
| Aspindir -- Text File Search
| Cross-site scripting (XSS) vulnerability in textfilesearch.asp in the Text File Search ASP (Classic) edition allows remote attackers to inject arbitrary web script or HTML via the query parameter. | | 4.3 | CVE-2007-4434 OTHER-REF BID
| Asterisk -- AsteriskNOW Asterisk -- Asterisk Asterisk -- Asterisk Appliance Developer Kit
| The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i (Asterisk Appliance) 1.x before 1.0.3 allows remote attackers to cause a denial of service (memory exhaustion) via a SIP dialog that causes a large number of history entries to be created. | | 5.0 | CVE-2007-4455 FULLDISC OTHER-REF
| Butterfly -- Butterfly
| PHP remote file inclusion vulnerability in visitor.php in Butterfly online visitors counter 1.08, when used with certain older versions of PHP with improper SERVER superglobal handling, allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter. NOTE: it could be argued that this vulnerability is caused by a problem in PHP and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Butterfly online visitors counter. | | 6.8 | CVE-2007-4485 BUGTRAQ OTHER-REF OTHER-REF
| Cisco -- CLI Cisco -- IOS Cisco -- CBOS Cisco -- IDS Cisco -- IOS_XR
| Unspecified vulnerability in Cisco IOS allows context-dependent attackers to cause a denial of service (device restart and BGP routing table rebuild) via certain regular expressions in a "show ip bgp regexp" command. NOTE: unauthenticated remote attacks are possible in environments with anonymous telnet and Looking Glass access. | | 5.0 | CVE-2007-4430 OTHER-REF BID
| Drupal -- Project Issue Tracking Module Drupal -- Project
| The Drupal Project module before 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3 and Project issue tracking module before 5.x-1.0, 4.7.x-2.4, and 4.7.x-1.4 does not properly enforce permissions, which allows remote attackers to (1) obtain sensitive via the Tracker Module and the Recent posts page; (2) obtain project names via unspecified vectors; (3) obtain sensitive information via the statistics pages; and (4) read CVS project activity. | | 5.0 | CVE-2007-4436 OTHER-REF SECUNIA
| dscripting.com -- D22-Shoutbox
| Cross-site scripting (XSS) vulnerability in D22-Shoutbox for Invision Power Board (IPB or IP.Board) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | | 4.3 | CVE-2007-4487 BUGTRAQ OTHER-REF
| eCentrex -- VOIP Client module
| Buffer overflow in the IUAComFormX ActiveX control in uacomx.ocx 2.0.1 in the eCentrex VOIP Client module allows remote attackers to execute arbitrary code via a long Username argument to the ReInit method. | | 6.8 | CVE-2007-4489 MILW0RM BID XF
| EDraw -- Office Viewer Component
| Absolute path traversal vulnerability in a certain ActiveX control in officeviewer.ocx 5.1.199.1 in EDraw Office Viewer Component 5.1 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the HttpDownloadFile method, a different vulnerability than CVE-2007-3168 and CVE-2007-3169. | | 6.8 | CVE-2007-4420 MILW0RM BID XF
| Epic Games -- Unreal Engine
| Stack-based buffer overflow in the logging function in the Unreal engine, possibly 2003 and 2004, as used in the internal web server, allows remote attackers to cause a denial of service (application crash) via a request for a long .gif filename in the images/ directory, related to conversion from Unicode to ASCII. | | 5.0 | CVE-2007-4442 BUGTRAQ SECUNIA
| Epic Games -- Unreal Engine
| The UCC dedicated server for the Unreal engine, possibly 2003 and 2004, on Windows allows remote attackers to cause a denial of service (continuous beep and server slowdown) via a string containing many 0x07 characters in (1) a request to the images/ directory, (2) the Content-Type field, (3) a HEAD request, and possibly other unspecified vectors. | | 5.0 | CVE-2007-4443 BUGTRAQ SECUNIA
| eZ Systems -- eZ publish
| The tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9.3, does not limit access by anonymous users, which allows remote attackers to conduct spam attacks. | | 5.0 | CVE-2007-4494 OTHER-REF OTHER-REF OTHER-REF
| Florian Mahieu -- Dalai Forum
| Directory traversal vulnerability in forumreply.php in Dalai Forum 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the chemin parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 6.4 | CVE-2007-4457 BID
| Ghisler -- Total Commander Fransois Gannier -- FileInfo plugin
| The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service (unhandled exception) via an invalid RVA address function pointer in (1) an IMAGE_THUNK_DATA structure, involving the (a) OriginalFirstThunk and (b) FirstThunk IMAGE_IMPORT_DESCRIPTOR fields, or (2) the AddressOfNames IMAGE_EXPORT_DIRECTORY field in a PE file. | | 5.0 | CVE-2007-4463 BUGTRAQ OTHER-REF OTHER-REF BID
| Ghisler -- Total Commander Fransois Gannier -- FileInfo plugin
| CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to spoof the information in the Image File Header tab via strings with CLRF sequences in the IMAGE_EXPORT_DIRECTORY array in a PE file, which would complicate forensics investigations. | | 4.3 | CVE-2007-4464 BUGTRAQ OTHER-REF OTHER-REF
| IBM -- DB2 Universal Database
| IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 does not properly revoke privileges on methods, which allows remote authenticated users to execute a method after revocation until the routine auth cache is flushed. | | 6.0 | CVE-2007-4417 OTHER-REF OTHER-REF AIXAPAR AIXAPAR SECUNIA
| IBM -- DB2 Universal Database
| IBM DB2 UDB 8 before Fixpak 15 does not properly check authorization, which allows remote authenticated users with a certain SELECT privilege to have an unknown impact via unspecified vectors. NOTE: this issue is probably related to CVE-2007-1089, but this is uncertain due to lack of details. | | 5.5 | CVE-2007-4418 OTHER-REF AIXAPAR SECUNIA
| IBM -- DB2 Universal Database
| Unspecified vulnerability in the AUTH_LIST_GROUPS_FOR_AUTHID function in IBM DB2 UDB 9.1 before Fixpak 3 allows attackers to cause a denial of service. | | 5.0 | CVE-2007-4423 OTHER-REF AIXAPAR SECUNIA
| Jelsoft -- vBulletin
| ** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the (1) s parameter to index.php, and the (2) q parameter to (a) faq.php, (b) member.php, (c) memberlist.php, (d) calendar.php, (e) search.php, (f) forumdisplay.php, (g) showgroups.php, (h) online.php, and (i) sendmessage.php. NOTE: these issues have been disputed by the vendor, stating "I can't reproduce a single one of these". The researcher is known to be unreliable. | | 4.3 | CVE-2007-4453 BUGTRAQ BUGTRAQ
| Joomla -- RSfiles
| Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter in a files.display action. | | 5.0 | CVE-2007-4504 MILW0RM
| Kolab -- Kolab Server Clam Anti-Virus -- ClamAV
| ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_normalise function in libclamav/htmlnorm.c. NOTE: some of these details are obtained from third party information. | | 4.3 | CVE-2007-4510 OTHER-REF OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECUNIA SECUNIA XF XF
| Lhaz -- Lhaz
| Lhaz 1.33 allows remote attackers to execute arbitrary code via unknown vectors, as actively exploited in August 2007 by the Exploit-LHAZ.a gzip file, a different issue than CVE-2006-4116. | | 6.8 | CVE-2007-4428 OTHER-REF OTHER-REF BID
| Live for Speed -- Live for Speed
| Multiple buffer overflows in Live for Speed (LFS) demo, S1, and S2 allow remote authenticated users to (1) cause a denial of service (server crash) and probably execute arbitrary code via an ID 3 packet with a long nickname field, and (2) cause a denial of service (server crash) via an ID 10 packet containing a long string corresponding to an unavailable track. | | 6.0 | CVE-2007-4425 BUGTRAQ FULLDISC XF
| Live for Speed -- Live for Speed
| Live for Speed (LFS) S1 and S2 allows remote attackers to cause a denial of service (server crash) via (1) a certain 0x00 byte in a pre-login ID 3 packet, which triggers a NULL dereference; or (2) a pre-login ID 5 packet that lacks certain strings, which triggers an invalid pointer dereference. | | 5.0 | CVE-2007-4426 BUGTRAQ FULLDISC XF XF
| Microsoft -- Internet Explorer
| Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6.0 allows user-assisted remote attackers to inject arbitrary web script or HTML in the local zone via a URI, when the document at the associated URL is saved to a local file, which then contains the URI string along with the document's original content. | | 4.3 | CVE-2007-4478 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF
| NuFW -- NuFW
| NuFW 2.2.3, and certain other versions after 2.0, allows remote attackers to bypass time-based packet filtering rules via certain "out of period" choices of packet transmission time. | | 4.3 | CVE-2007-4461 OTHER-REF SECUNIA
| Olate -- OlateDownload
| Eval injection vulnerability in environment.php in Olate Download (od) 3.4.1 allows context-dependent attackers to execute arbitrary code via a crafted version string, as referenced by the (1) PDO::ATTR_SERVER_VERSION or (2) PDO::ATTR_CLIENT_VERSION attribute. | | 6.8 | CVE-2007-4454 BUGTRAQ OTHER-REF BID XF
| PHP -- PHP
| Buffer overflow in php_win32std.dll in the win32std extension for PHP 5.2.0 and earlier allows context-dependent attackers to execute arbitrary code via a long string in the filename argument to the win_browse_file function. | | 4.6 | CVE-2007-4441 MILW0RM
| PHP -- PHP
| Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 allow context-dependent attackers to cause a denial of service or execute arbitrary code via long arguments to the (1) ntuser_getuserlist, (2) ntuser_getuserinfo, (3) ntuser_getusergroups, or (4) ntuser_getdomaincontroller functions. | | 6.8 | CVE-2007-4507 MILW0RM
| Planet Technology Corp -- VC-200M VDSL2
| The administration interface in the Planet VC-200M VDSL2 router allows remote attackers to cause a denial of service (administration interface outage) via an HTTP request without a Host header. | | 5.0 | CVE-2007-4477 BUGTRAQ OTHER-REF OTHER-REF
| Rival Interactive -- Prism Rebellion -- Rogue Trooper
| Stack-based buffer overflow in Rebellion Asura engine, as used for the server in Rogue Trooper 1.0 and earlier and Prism 1.1.1.0 and earlier, allows remote attackers to execute arbitrary code via a long string in a 0xf007 packet for the challenge B query. | | 6.8 | CVE-2007-4508 BUGTRAQ BID
| Siemens -- Gigaset SE361 WLAN router
| Multiple cross-site scripting (XSS) vulnerabilities in the Siemens Gigaset SE361 WLAN router with firmware 1.00.0 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI immediately following the filename for (1) a GIF filename, which triggers display of the GIF file in text format and an unspecified denial of service (crash); or (2) the login.tri filename, which triggers a continuous loop of the browser attempting to visit the login page. | | 4.3 | CVE-2007-4488 BUGTRAQ
| Skype Technologies -- Skype
| Unspecified vulnerability in Skype allows remote attackers to cause a denial of service (server hang) via unknown vectors related to sending long URIs, as claimed to be actively exploited on 20070817 using a "call to a specific number." NOTE: this identifier is for the en.securitylab.ru disclosure. According to the vendor, this issue is separate from the "sign-on issues" that reduced Skype service on 20070817, which appears to be a site-specific problem that did not occur because of any attack. As of 20070820, it is not clear whether this issue is simply a symptom of the larger sign-on problem. | | 5.0 | CVE-2007-4429 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF OTHER-REF OTHER-REF
| SSHKeychain -- SSHKeychain
| Unspecified vulnerability in TunnelRunner in SSHKeychain before 0.8.2 beta, and possibly later versions, allows local users to gain privileges via unspecified vectors. | | 6.9 | CVE-2007-4500 MLIST MLIST MLIST BID
| Sun -- Java System Application Server
| The Sun Admin Console in Sun Application Server 9.0_0.1 does not apply certain configuration changes persistently, which causes the (1) SSL and (2) SSL_MutualAuth ORB listener services to enable all protocols and ciphers after the services are restarted, possibly allowing remote attackers to bypass intended policy. | | 5.0 | CVE-2007-4511 BUGTRAQ BID XF
| SuSE -- SuSE Linux Enterprise Desktop SuSE -- SuSE Linux
| Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX environment variables. | | 4.6 | CVE-2007-4432 SUSE
| Toribash -- Toribash
| The server in Toribash 2.71 and earlier does not properly handle partially joined clients that are temporarily assigned the ID of -1, which allows remote attackers to cause a denial of service (daemon crash) via a GRIP command with the ID of -1. | | 5.0 | CVE-2007-4448 BUGTRAQ OTHER-REF BID SECUNIA
| Toribash -- Toribash
| The client in Toribash 2.71 and earlier allows remote attackers to cause a denial of service (application hang) via a command without an LF character, as demonstrated by a SAY command. | | 5.0 | CVE-2007-4449 BUGTRAQ OTHER-REF BID SECUNIA
| Toribash -- Toribash
| The server in Toribash 2.71 and earlier does not properly handle long commands, which allows remote attackers to trigger a protocol violation in which data is sent to other clients without a required LF character, as demonstrated by a SAY command. NOTE: the security impact of this violation is not clear, although it probably makes exploitation of CVE-2007-???? easier. | | 5.0 | CVE-2007-4450 BUGTRAQ OTHER-REF BID SECUNIA
| Toribash -- Toribash
| The server in Toribash 2.71 and earlier on Windows allows remote attackers to cause a denial of service (continuous beep and server hang) via certain commands that contain many 0x07 or other invalid characters. | | 5.0 | CVE-2007-4451 BUGTRAQ OTHER-REF BID SECUNIA
| Toribash -- Toribash
| The client in Toribash 2.71 and earlier allows remote attackers to cause a denial of service (disconnection) via a long (1) emote or (2) SPEC command. | | 5.0 | CVE-2007-4452 BUGTRAQ OTHER-REF BID SECUNIA
| Trend Micro -- AntiSpyware Trend Micro -- PC-Cillin Internet Security 2007
| Stack-based buffer overflow in vstlib32.dll 1.2.0.1012 in the SSAPI Engine 5.0.0.1066 through 5.2.0.1012 in Trend Micro AntiSpyware 3.5 and PC-Cillin Internet Security 2007 15.0 through 15.3, when the Venus Spy Trap (VST) feature is enabled, allows local users to cause a denial of service (service crash) or execute arbitrary code via a file with a long pathname, which triggers the overflow during a ReadDirectoryChangesW callback notification. | | 6.9 | CVE-2007-3873 IDEFENSE OTHER-REF BID FRSIRT SECTRACK SECUNIA
| WordPress -- Sirius
| Cross-site scripting (XSS) vulnerability in index.php in the Sirius 1.0 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). | | 4.3 | CVE-2007-4480 BUGTRAQ OTHER-REF OTHER-REF
| WordPress -- Blix
| Cross-site scripting (XSS) vulnerability in index.php in the (1) Blix 0.9.1 and (2) Blix 0.9.1 Rus themes for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). | | 4.3 | CVE-2007-4481 BUGTRAQ OTHER-REF OTHER-REF
| WordPress -- Pool
| Cross-site scripting (XSS) vulnerability in index.php in the Pool 1.0.7 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). | | 4.3 | CVE-2007-4482 BUGTRAQ OTHER-REF OTHER-REF
| WordPress -- WordPressClassic
| Cross-site scripting (XSS) vulnerability in index.php in the WordPress Classic 1.5 theme in WordPress before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). | | 4.3 | CVE-2007-4483 BUGTRAQ OTHER-REF OTHER-REF
|