Primary Vendor -- Product | Description | | CVSS Score | Source & Patch Info | 3Com -- TippingPoint IPS TOS
| Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2.5.x before 2.5.2 on TippingPoint IPS allows remote attackers to avoid detection by sending certain fragmented packets. | | 7.5 | CVE-2007-3711 OTHER-REF FRSIRT SECUNIA
| Adobe -- Flash Player
| Unspecified vulnerability in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a crafted SWF file, related to an "input validation error." | | 9.3 | CVE-2007-3456 OTHER-REF BID FRSIRT SECUNIA
| Adobe -- Flash Player
| Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which potentially allows remote attackers to conduct a CSRF attack via a crafted SWF file. | | 9.3 | CVE-2007-3457 OTHER-REF FRSIRT SECUNIA
| Aigaion -- Aigaion
| SQL injection vulnerability in pagetopic.php in Aigaion 1.3.3 and earlier allows remote attackers to execute arbitrary SQL commands via the topic_id parameter. | | 7.5 | CVE-2007-3683 MILW0RM BID SECUNIA
| Apple -- Safari
| Multiple unspecified vulnerabilities in the SVG parsing engine in Apple Safari 3 Beta for Windows have unspecified remote attack vectors and impact. NOTE: this issue contains no actionable information, but it was released by a reliable researcher. | | 7.5 | CVE-2007-3718 OTHER-REF BID
| AsteriDex -- AsteriDex
| Multiple CRLF injection vulnerabilities in callboth.php in AsteriDex 3.0 and earlier allow remote attackers to inject arbitrary shell commands via the (1) IN and (2) OUT parameters. | | 7.5 | CVE-2007-3621 BUGTRAQ MILW0RM OTHER-REF BID FRSIRT SECUNIA
| AV Scripts -- AV Arcade
| admin/index.php in AV Arcade 2.1b grants administrative privileges when the ava_userid cookie value is 1, which allows remote attackers to perform certain administrative actions. | | 10.0 | CVE-2007-3643 BUGTRAQ BID XF
| Computer Associates -- ERwin Process Modeler
| Buffer overflow in LICRCMD.EXE in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.1 allows attackers to execute arbitrary code via a long filename. NOTE: the researcher does not suggest any circumstances in which the filename would come from an untrusted source, and therefore perhaps the issue does not cross privilege boundaries and should not be included in CVE. | | 10.0 | CVE-2007-3695 OTHER-REF BID
| Computer Associates -- ERwin Data Model Validator
| CA ERwin Data Model Validator (formerly AllFusion Data Model Validator) allows remote attackers to (1) cause a denial of service (application hang) via a malformed .EXP database file and (2) cause a denial of service (aaplication crash) via a crafted .EXP database file, which triggers a NULL dereference. | | 7.8 | CVE-2007-3696 OTHER-REF BID
| Drupal -- Print Module
| The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments. | | 7.8 | CVE-2007-3689 OTHER-REF OTHER-REF OTHER-REF FRSIRT
| Drupal -- Forward Module
| The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments. | | 7.8 | CVE-2007-3690 OTHER-REF OTHER-REF OTHER-REF FRSIRT
| eMeeting -- Online Dating Software
| Multiple SQL injection vulnerabilities in eMeeting Online Dating Software 5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) b.php and (2) account/gallery.php, and other unspecified vectors. | | 7.5 | CVE-2007-3609 MILW0RM
| Entertainment CMS -- Entertainment CMS
| Entertainment CMS allows remote attackers to bypass authentication and perform certain administrative actions by setting the adminLogged cookie to "Administrator." | | 7.5 | CVE-2007-3704 BUGTRAQ BID
| FlashGameScript -- FlashGameScript
| SQL injection vulnerability in index.php in FlashGameScript 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a member action. | | 7.5 | CVE-2007-3646 MILW0RM OTHER-REF BID FRSIRT SECUNIA
| FreeBSD -- libarchive
| archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow. | | 9.3 | CVE-2007-3641 OTHER-REF OTHER-REF FREEBSD BID FRSIRT SECTRACK SECUNIA SECUNIA
| FuseTalk Inc. -- FuseTalk
| SQL injection vulnerability in FuseTalk 2.0 allows remote attackers to execute arbitrary SQL commands via the FTVAR_SUBCAT (txForumID) parameter to forum/index.cfm and possibly other unspecified components, related to forum/include/error/forumerror.cfm. | | 7.5 | CVE-2007-3705 BUGTRAQ
| GameSiteScript -- GameSiteScript
| SQL injection vulnerability in index.php in GameSiteScript (gss) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the params parameter, related to missing input validation of the id field. | | 7.5 | CVE-2007-3631 MILW0RM
| Hitachi -- Cosminexus TPBroker Hitachi -- Cosminexus Application Server Hitachi -- uCosminexus Application Server Hitachi -- TPBroker Developer Hitachi -- TPBroker
| Unspecified vulnerability in the ADM daemon in Hitachi TPBroker before 20070706 allows remote attackers to cause a denial of service (daemon crash) via a certain request. | | 7.8 | CVE-2007-3626 OTHER-REF SECUNIA
| IBM -- AIX
| Stack-based buffer overflow in the odm_searchpath function in libodm in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary code via a long ODMPATH environment variable. | | 7.2 | CVE-2007-3680 IDEFENSE OTHER-REF AIXAPAR BID FRSIRT SECTRACK SECUNIA
| KDDI -- EZFactory Download CGI
| Directory traversal vulnerability in download.cgi in EZFactory KDDI Download CGI 1.x allows remote attackers to read and download arbitrary files via a .. (dot dot) in the name parameter. | | 7.8 | CVE-2007-3692 OTHER-REF OTHER-REF FRSIRT SECTRACK
| Konst -- CenterICQ
| Multiple buffer overflows in Konst CenterICQ 4.9.11 through 4.21 allow remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this might overlap CVE-2007-0160. | | 7.5 | CVE-2007-3713 BID
| Levent Veysi Portal -- Levent Veysi Portal
| SQL injection vulnerability in oku.asp in Levent Veysi Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 10.0 | CVE-2007-3629 SECUNIA
| Linux -- Kernel
| The decode_choice function in net/netfilter/bf_conntrack_h323_asn1.c in the Linux kernel before 2.6.22 allows remote attackers to cause a denial of service (crash) via an encoded, out-of-range index value for a choice field, which triggers a NULL pointer dereference. | | 7.8 | CVE-2007-3642 OTHER-REF SECUNIA
| Masuga Design -- Unobtrusive Ajax Star Rating Bar
| Multiple SQL injection vulnerabilities in Unobtrusive Ajax Star Rating Bar before 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) q and (2) t parameters in (a) db.php and (b) rpc.php. | | 7.5 | CVE-2007-3684 OTHER-REF OSVDB OSVDB SECUNIA
| Masuga Design -- Unobtrusive Ajax Star Rating Bar
| CRLF injection vulnerability in db.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary HTTP headers and data via CRLF sequences in the HTTP_REFERER parameter. | | 7.5 | CVE-2007-3686 OTHER-REF OSVDB SECUNIA
| maxsi -- evisit analyst
| Multiple SQL injection vulnerabilities in Maxsi eVisit Analyst allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) idsp1.pl, (2) ip.pl, and (3) einsite_director.pl. NOTE: this issue can be leveraged for path disclosure from resulting error messages. | | 7.5 | CVE-2007-3677 OTHER-REF BID
| McAfee -- ProtectionPilot McAfee -- e-Business Server
| Integer underflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.6.0.453 and earlier allows remote attackers to execute arbitrary code via a crafted UDP packet, which causes stack corruption. | | 7.6 | CVE-2006-5271 ISS OTHER-REF FRSIRT SECUNIA XF
| McAfee -- ProtectionPilot McAfee -- e-Business Server McAfee -- CMA
| Stack-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.6.0.453 and earlier allows remote attackers to execute arbitrary code via a crafted ping packet. | | 7.5 | CVE-2006-5272 ISS OTHER-REF FRSIRT SECUNIA XF
| McAfee -- ProtectionPilot McAfee -- e-Business Server McAfee -- CMA
| Heap-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 through 3.6.0.453 allows remote attackers to execute arbitrary code via a crafted packet. | | 7.6 | CVE-2006-5273 ISS OTHER-REF FRSIRT SECUNIA XF
| McAfee -- CMA McAfee -- ePolicy Orchestrator McAfee -- ProtectionPilot
| Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 allows remote attackers to cause a denial of service (CMA Framework service crash) and possibly execute arbitrary code via unspecified vectors. | | 7.6 | CVE-2006-5274 ISS OTHER-REF FRSIRT SECUNIA XF
| Microsoft -- windows
| The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes." | | 10.0 | CVE-2007-0040 MS
| Microsoft -- .NET Framework
| The PE Loader service in Microsoft .NET Framework 2.0 SP2 and earlier for Windows 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow. | | 9.3 | CVE-2007-0041 MS
| Microsoft -- .NET Framework
| ASP.NET in Microsoft .NET Framework 2.0 SP2 and earlier for Windows 2000, XP, and Server 2003; and 2.0 and earlier for Windows Vista allows remote attackers to access configuration files and obtain sensitive information via "invalid URLs," probably containing a terminating NULL byte. | | 7.8 | CVE-2007-0042 MS
| Microsoft -- .NET Framework
| The Just In Time (JIT) Compiler service in Microsoft .NET Framework 2.0 through 2.0 SP2 for Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability". | | 9.3 | CVE-2007-0043 MS
| Microsoft -- Publisher
| Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page, aka the "Publisher Invalid Memory Reference Vulnerability". | | 9.3 | CVE-2007-1754 MS
| Microsoft -- Office Microsoft -- Excel
| Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability". | | 9.3 | CVE-2007-1756 MS
| Microsoft -- Office Microsoft -- Excel
| Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption. | | 9.3 | CVE-2007-3029 MS
| Microsoft -- Excel Microsoft -- Excel Viewer
| Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability". | | 7.6 | CVE-2007-3030 MS
| Microsoft -- windows
| The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka "Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability." | | 7.8 | CVE-2007-3038 MS
| Microsoft -- windows
| Unspecified vulnerability in the kernel in Microsoft Windows Vista has unspecified remote attack vectors and impact, as shown in the "0day IPO" presentation at SyScan'07. | | 7.8 | CVE-2007-3671 OTHER-REF OTHER-REF BID
| MKPortal -- MKPortal
| SQL injection vulnerability in MKPortal 1.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka ZD-00000008. NOTE: this information is based upon a vague pre-advisory. | | 7.5 | CVE-2007-3637 MLIST OTHER-REF BID
| Nonnoi Solutions -- ASP Barcode
| The Nonnoi ASP/Barcode ActiveX control (nonnoi_ASPBarcode.dll) allows remote attackers to overwrite arbitrary files via an argument to the SaveBarcode function. | | 7.5 | CVE-2007-3660 BUGTRAQ OTHER-REF
| OpenLD -- OpenLD
| SQL injection vulnerability in index.php in OpenLD 1.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | | 7.5 | CVE-2007-3682 MILW0RM BID SECUNIA
| PHP Comet-Server -- PHP Comet-Server
| PHP remote file inclusion vulnerability in example/gamedemo/inc.functions.php in PHP Comet-Server allows remote attackers to execute arbitrary PHP code via a URL in the projectPath parameter. | | 7.5 | CVE-2007-3710 BUGTRAQ
| PHP Lite -- Calendar Express
| Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) login.php, (2) auth.php, and (3) subscribe.php. NOTE: the month.php, year.php, week.php, and day.php vectors are already covered by CVE-2005-4009. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 7.5 | CVE-2007-3627 BID
| PowerPhlogger -- PowerPhlogger
| SQL injection vulnerability in include/get_userdata.php in PowerPhlogger (PPhlogger) 2.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 7.5 | CVE-2007-3595 FRSIRT
| Quark -- QuarkXPress
| Stack-based buffer overflow in the MSWord text-import extension (Word 6-2000 Filter.xnt) in QuarkXPress 7.2 for Windows, when using the Rectangle Text Box tool for importing text, allows user-assisted remote attackers to execute arbitrary code via a long font name. | | 7.6 | CVE-2007-3678 OTHER-REF SECUNIA
| SAP -- SAPLPD SAP -- SAPSPRINT
| Unspecified vulnerability in SAP SAPLPD and SAPSPRINT allows remote attackers to cause a denial of service (application crash) via a certain print job request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 7.8 | CVE-2006-7220 BID
| SAP -- EnjoySAP
| Stack-based buffer overflow in the kweditcontrol.kwedit.1 ActiveX control in FrontEnd\SapGui\kwedit.dll in the EnjoySAP SAP GUI allows remote attackers to execute arbitrary code via a long argument to the PrepareToPostHTML function. | | 7.6 | CVE-2007-3605 BUGTRAQ MILW0RM BID BID XF
| SAP -- EnjoySAP
| Heap-based buffer overflow in the rfcguisink.rfcguisink.1 ActiveX control in the EnjoySAP SAP GUI, on systems using ASCII versions, allows remote attackers to execute arbitrary code via a long first argument to the LaunchGui function. | | 7.6 | CVE-2007-3606 MILW0RM BID BID XF
| SAP -- SAP DB
| Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB Web Server) in SAP DB, possibly 7.3 through 7.5, allow remote attackers to execute arbitrary code via (1) a certain cookie value; (2) a certain additional parameter, related to sapdbwa_GetQueryString; and other unspecified vectors related to "numerous other fields." | | 7.5 | CVE-2007-3614 BUGTRAQ BID
| SAP -- SAP Web Application Server SAP -- Internet Communication Manager
| Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache. | | 7.8 | CVE-2007-3615 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA
| SAP -- SAP Message Server
| Heap-based buffer overflow in the Message HTTP Server in SAP Message Server allows remote attackers to execute arbitrary code via a long string in the group parameter to /msgserver/html/group. | | 10.0 | CVE-2007-3624 BUGTRAQ OTHER-REF BID SECUNIA
| SquirrelMail -- SquirrelMail SquirrelMail -- GPG Plugin
| Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher. | | 7.5 | CVE-2007-3636 MLIST
| Sun -- Java System Application Server Sun -- Java System Web Server
| Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-????. | | 9.3 | CVE-2007-3715 SUNALERT BID FRSIRT SECUNIA
| Sun -- JDK Sun -- JRE
| The Java XML Digital Signature implementation in Sun JDK and JRE 6 before Update 2 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-????. | | 9.3 | CVE-2007-3716 SUNALERT FRSIRT SECUNIA
| Symantec -- Veritas Backup Exec
| Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exec for Windows Servers 10.0, 10d, and 11d allows remote attackers to cause a denial of service (process exit) and possibly execute arbitrary code via crafted ncacn_ip_tcp requests. | | 7.5 | CVE-2007-3509 IDEFENSE OTHER-REF BID SECUNIA
| Symantec -- Ghost
| Buffer overflow in RemoteCommand.DLL in Symantec Norton Ghost 12.0 allows remote attackers to execute arbitrary code via the Connect function. | | 7.5 | CVE-2007-3666 BUGTRAQ BUGTRAQ OTHER-REF
| The GIMP Team -- GIMP
| Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files. | | 9.3 | CVE-2006-4519 IDEFENSE OTHER-REF OTHER-REF FRSIRT SECTRACK
| Tipping Point -- Tipping Point 3Com -- TippingPoint IPS TOS
| TippingPoint IPS before 20070710 does not properly handle a hex-encoded alternate Unicode '/' (slash) character, which might allow remote attackers to send certain network traffic and avoid detection, as demonstrated by a cmd.exe attack. | | 7.5 | CVE-2007-3701 BUGTRAQ OTHER-REF OTHER-REF BID
| TUFaT -- FlashBB
| PHP remote file inclusion vulnerability in phpbb/sendmsg.php in FlashBB 1.1.8 and earlier allows remote attackers to execute arbitrary code via a URL in the phpbb_root_path parameter. | | 7.5 | CVE-2007-3697 BUGTRAQ MILW0RM
| Valarsoft -- WebMatic
| SQL injection vulnerability in Webmatic before 2.6.2, and possibly other versions before 2.7, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly related to admin/admin_album.php and admin/admin_downloads.php. NOTE: some of these details are obtained from third party information. | | 7.5 | CVE-2007-3648 OTHER-REF FRSIRT
| Valarsoft -- WebMatic
| Multiple unspecified vulnerabilities in Webmatic before 2.7 have unknown impact and attack vectors, related to the "administration area." | | 7.5 | CVE-2007-3727 OTHER-REF FRSIRT
| Vastal I-Tech -- phpVID
| SQL injection vulnerability in categories_type.php in phpVID 0.9.9 allows remote attackers to execute arbitrary SQL commands via the cat parameter. | | 7.5 | CVE-2007-3610 MILW0RM FRSIRT
| Visual IRC -- Visual IRC
| Stack-based buffer overflow in Visual IRC (ViRC) 2.0 allows remote IRC servers to execute arbitrary code via a long response to a JOIN command. | | 7.5 | CVE-2007-3612 MILW0RM
| VRNews -- VRNews
| admin.php in VRNews 1.1.1, and possibly other 1.x versions, does not require authentication, which allows remote attackers to perform certain administrative actions via a direct request with a (1) edit, (2) add, (3) config, or (4) del value in the act parameter. | | 9.3 | CVE-2007-3611 MILW0RM
| vtiger -- vtiger CRM
| vtiger CRM before 5.0.3 allows remote authenticated users to import and export the information for a contact even when they only have the View permission. | | 8.5 | CVE-2007-3599 OTHER-REF OTHER-REF
| Zen Cart -- Zen Cart
| Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows remote attackers to hijack web sessions by setting the Cookie parameter. | | 8.5 | CVE-2007-3597 BUGTRAQ OTHER-REF OTHER-REF SECUNIA
| ZoneO-Soft -- phpTrafficA
| The isloggedin function in Php/login.inc.php in phpTrafficA 1.4.3 and earlier allows remote attackers to bypass authentication and obtain administrative access by setting the username cookie to "traffic." NOTE: some of these details are obtained from third party information. | | 10.0 | CVE-2007-3647 BUGTRAQ OTHER-REF SECUNIA
|