Primary Vendor -- Product | Description | | CVSS Score | Source & Patch Info | Apache Software Foundation -- Apache HTTP Server Apache Software Foundation -- Tomcat
| Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache. | | 3.3 | CVE-2007-0450 BID BUGTRAQ OTHER-REF OTHER-REF
| Asterisk -- Asterisk
| Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP INVITE message with an SDP containing one valid and one invalid IP address. | | 3.3 | CVE-2007-1561 FULLDISC BID FRSIRT SECTRACK XF
| Asterisk -- Asterisk
| The handle_response function in chan_sip.c in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP Response code 0 in a SIP packet. | | 2.3 | CVE-2007-1594 BUGTRAQ MLIST OTHER-REF OTHER-REF OTHER-REF OTHER-REF BID SECUNIA
| Avaya -- Communication Manager
| Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allow remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors (aka "shell command injection"). | | 3.4 | CVE-2007-1490 OTHER-REF SECUNIA
| CARE2X -- CARE2X
| CARE2X 2.2, and possibly earlier, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 2.3 | CVE-2007-1574 SECUNIA
| Cisco -- Security Device Manager Cisco -- Call Manager Cisco -- Network Analysis Module Cisco -- Unified MeetingPlace Cisco -- Wireless LAN Solution Engine Cisco -- MeetingPlace Cisco -- Unified Videoconferencing Manager Cisco -- ACS Solution Engine Cisco -- Unified MeetingPlace Express Cisco -- Unified Video Advantage Cisco -- 2006 Wireless LAN Controllers Cisco -- WAN Manager Cisco -- VPN Client Cisco -- Unified Personal Communicator Cisco -- CiscoWorks Cisco -- Wireless Control System Cisco -- IP Communicator Cisco -- Unified Videoconferencing
| Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form. | | 1.1 | CVE-2007-1467 BUGTRAQ BUGTRAQ CISCO BID
| Cisco -- 7960 Cisco -- 7940
| Unspecified vulnerability in the Cisco IP Phone 7940 and 7960 running firmware before POS8-6-0 allows remote attackers to cause a denial of service via the Remote-Party-ID sipURI field in a SIP INVITE request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 2.3 | CVE-2007-1542 BID FRSIRT SECUNIA
| Cyber Inside -- WebLog Sascha Schroeder -- WebLog CyberTeddy -- WebLog
| Directory traversal vulnerability in index.php in Sascha Schroeder (aka CyberTeddy or Cyber-inside) WebLog allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a showarticles action. | | 2.3 | CVE-2007-1487 MILW0RM FRSIRT SECUNIA
| FTPDMIN -- FTPDMIN
| FTPDMIN 0.96 allows remote attackers to cause a denial of service (daemon crash) via a long LIST command. NOTE: some of these details are obtained from third party information. | | 1.9 | CVE-2007-1580 MILW0RM BID XF
| Fujitsu -- Interstage Apworks Fujitsu -- Interstage Application Server
| Cross-site scripting (XSS) vulnerability in the Servlet Service in Fujitsu Interstage Application Server (IJServer) 8.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving web.xml and HTTP 404 and 500 status codes. | | 1.9 | CVE-2007-1504 OTHER-REF OTHER-REF OTHER-REF FRSIRT SECUNIA
| Fujitsu -- Systemwalker Desktop Encryption Fujitsu -- FENCE-Pro
| Fujistu FENCE-Pro before V5L01, and Systemwalker Desktop Encryption V12.0L10, V12.0L10A, V12.0L10B, V12.0L20 and V13.0.0 allows local users to obtain sensitive information by extracting the decoding password from certain "self-decoding" file types. | | 1.6 | CVE-2007-1505 OTHER-REF OTHER-REF OTHER-REF BID SECUNIA SECUNIA
| Geblog -- Geblog
| Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php. | | 2.3 | CVE-2007-1577 MILW0RM BID XF
| Gentoo -- Linux
| The Linux Security Auditing Tool (LSAT) allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using /tmp/lsat1.lsat. | | 2.9 | CVE-2007-1500 OTHER-REF GENTOO SECUNIA
| Glue Software -- NewsGlue
| Cross-site scripting (XSS) vulnerability in the RSS reader in Glue Software NewsGlue before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via a feed. | | 1.9 | CVE-2007-1610 OTHER-REF OTHER-REF
| Grandstream -- BudgeTone 200
| The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and bootloader 1.1.1.5, allows remote attackers to cause a denial of service (device crash) via SIP (1) INVITE, (2) CANCEL, or unspecified other messages with a WWW-Authenticate header containing a crafted Digest domain. | | 2.3 | CVE-2007-1590 FULLDISC FRSIRT SECUNIA
| Guestbara -- Guestbara
| admin/configuration.php in Guestbara 1.2 and earlier allows remote attackers to modify the e-mail, name, and password of the admin account by setting the zapis parameter to "ok" and providing modified admin_mail, login, and pass parameters. | | 2.3 | CVE-2007-1553 MILW0RM
| Holtstraeter -- ROT 13
| Directory traversal vulnerability in enkrypt.php in Sascha Schroeder krypt (aka Holtstraeter Rot 13) allows remote attackers to read arbitrary files via a .. (dot dot) in the datei parameter. | | 1.9 | CVE-2007-1509 BUGTRAQ BID
| Horde -- IMP
| Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4.1.3, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via (1) the email Subject header in thread.php, (2) the edit_query parameter in search.php, or other unspecified parameters in search.php. NOTE: some of these details are obtained from third party information. | | 1.9 | CVE-2007-1515 BUGTRAQ FULLDISC MLIST BID SECUNIA
| IBM -- Websphere Application Server
| SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests. | | 1.9 | CVE-2006-7164 AIXAPAR
| IBM -- WebSphere Application Server
| IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows remote attackers to obtain JSP source code and other sensitive information via certain "special URIs." | | 1.9 | CVE-2006-7165 OTHER-REF AIXAPAR BID FRSIRT SECUNIA
| IBM -- WebSphere Application Server
| IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows remote attackers to obtain JSP source code and other sensitive information via "a specific JSP URL." | | 2.3 | CVE-2006-7166 OTHER-REF AIXAPAR BID FRSIRT SECUNIA
| JBMC Software -- DirectAdmin
| Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAdmin allows remote attackers to inject arbitrary web script or HTML via the RESULT parameter, a different vector than CVE-2006-5983. | | 1.9 | CVE-2007-1508 BUGTRAQ BID
| Jelsoft -- vBulletin
| SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached Before" field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 3.4 | CVE-2007-1573 SECUNIA
| KDE -- Konqueror
| Konqueror 3.5.5 allows remote attackers to cause a denial of service (crash) by using JavaScript to read a child iframe having an ftp:// URI. | | 3.3 | CVE-2007-1565 OTHER-REF
| Koan Software -- Mega Mall
| product_review.php in Koan Software Mega Mall allows remote attackers to obtain the installation path via a request with an empty value of the x[] parameter. | | 2.3 | CVE-2006-7171 BUGTRAQ XF
| LedgerSMB -- LedgerSMB SQL-Ledger -- SQL-Ledger
| Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 and earlier, and LedgerSMB before 1.2.0 allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence and trailing NULL (%00) in the login parameter. NOTE: this issue was reportedly addressed in SQL-Ledger 2.6.27, however third-party researchers claim that the file is still executed even though an error is generated. | | 1.9 | CVE-2007-1540 BUGTRAQ OTHER-REF OTHER-REF BID SECUNIA SECUNIA
| Linksys -- WAG200G
| The Linksys WAG200G with firmware 1.01.01 allows remote attackers to obtain sensitive information (passwords and configuration data) via a packet to UDP port 916. | | 2.3 | CVE-2007-1585 BUGTRAQ BID
| Linux -- Kernel
| nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows attackers to cause a denial of service (crash) via unspecified vectors involving the (1) nfulnl_recv_config function, (2) using "multiple packets per netlink message", and (3) bridged packets, which trigger a NULL pointer dereference. | | 3.3 | CVE-2007-1496 OTHER-REF BID SECUNIA
| Linux -- Kernel
| net/ipv6/tcp_ipv6.c in Linux kernel 2.4 and 2.6.x up to 2.6.21-rc3 inadvertently copies the ipv6_fl_socklist from a listening TCP socket to child sockets, which allows local users to cause a denial of service (OOPS) or double-free by opening a listeing IPv6 socket, attaching a flow label, and connecting to that socket. | | 2.3 | CVE-2007-1592 MLIST
| Microsoft -- Windows XP
| winmm.dll in Microsoft Windows XP allows user-assisted remote attackers to cause a denial of service (infinite loop) via a large cch argument value to the mmioRead function, as demonstrated by a crafted WAV file. | | 2.7 | CVE-2007-1492 VULNWATCH BID
| Microsoft -- Internet Explorer
| Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks via a res: URI to navcancl.htm page with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link. | | 1.9 | CVE-2007-1499 BUGTRAQ OTHER-REF OTHER-REF
| Microsoft -- Windows Vista
| The LLTD Mapper in Microsoft Windows Vista does not verify that an IP address in a TLV type 0x07 field in a HELLO packet corresponds to a valid IP address for the local network, which allows remote attackers to trick users into communicating with an external host by sending a HELLO packet with the MW characteristic and a spoofed TLV type 0x07 field, aka the "Spoof and Management URL IP Redirect" attack. | | 2.3 | CVE-2007-1527 BUGTRAQ OTHER-REF
| Microsoft -- Windows Vista
| The LLTD Mapper in Microsoft Windows Vista allows remote attackers to spoof hosts, and nonexistent bridge relationships, into the network topology map by using a MAC address that differs from the MAC address provided in the Real Source field of the LLTD BASE header of a HELLO packet, aka the "Spoof on Bridge" attack. | | 2.3 | CVE-2007-1528 BUGTRAQ OTHER-REF
| Microsoft -- Windows Vista
| The LLTD Responder in Microsoft Windows Vista does not send the Mapper a response to a DISCOVERY packet if another host has sent a spoofed response first, which allows remote attackers to spoof arbitrary hosts via a network-based race condition, aka the "Total Spoof" attack. | | 1.9 | CVE-2007-1529 BUGTRAQ OTHER-REF
| Microsoft -- Windows Vista
| The LLTD Mapper in Microsoft Windows Vista does not properly gather responses to EMIT packets, which allows remote attackers to cause a denial of service (mapping failure) by omitting an ACK response, which triggers an XML syntax error. | | 2.3 | CVE-2007-1530 BUGTRAQ OTHER-REF
| Microsoft -- Windows Vista
| Microsoft Windows Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host. | | 2.3 | CVE-2007-1531 BUGTRAQ OTHER-REF
| Microsoft -- Windows Vista
| The Teredo implementation in Microsoft Windows Vista uses the same nonce for communication with different UDP ports within a solicitation session, which makes it easier for remote attackers to spoof the nonce through brute force attacks. | | 2.3 | CVE-2007-1533 BUGTRAQ OTHER-REF
| Microsoft -- Windows 2003 Microsoft -- Windows XP
| \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP2 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function. | | 3.3 | CVE-2007-1537 BUGTRAQ OTHER-REF BID
| Oracle -- Application Server Portal 10g
| Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_warning_screen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the (1) p_oldurl and (2) p_newurl parameters. | | 1.9 | CVE-2007-1506 BUGTRAQ BID
| Oracle -- Oracle Application Server
| Cross-site scripting (XSS) vulnerability in servlet/Spy in Dynamic Monitoring Services (DMS) in Oracle Application Server (OAS) 10g 10.1.2.0.0 allows remote attackers to inject arbitrary web script or HTML via the table parameter. NOTE: This may be related to CVE-2002-0563. | | 1.9 | CVE-2007-1609 BUGTRAQ
| PHP-Nuke -- PHP-Nuke
| Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke 8.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module, a different product than CVE-2006-3948. | | 1.9 | CVE-2007-1519 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF
| PHP-Nuke -- PHP-Nuke
| The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 does not ensure the SERVER superglobal is an array before validating the HTTP_REFERER, which allows remote attackers to conduct CSRF attacks. | | 1.9 | CVE-2007-1520 BUGTRAQ BUGTRAQ BUGTRAQ OTHER-REF OTHER-REF OTHER-REF
| PHProjekt -- PHProjekt
| Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Search (only Gecko engine driven Browsers), and (5) Notes modules; the (6) Mail summary page; and unspecified other files. | | 1.9 | CVE-2007-1576 BUGTRAQ OTHER-REF OTHER-REF BID SECUNIA
| PHPX -- PHPX
| Multiple cross-site scripting (XSS) vulnerabilities in phpx 3.5.15 allow remote attackers to inject arbitrary web script or HTML via (1) the signature in "dans profile," or (2) search.php. | | 1.9 | CVE-2007-1551 BUGTRAQ BID
| PragmaMX -- Landkarten
| Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file. | | 1.9 | CVE-2007-1539 MILW0RM SECUNIA
| Radscan -- Network Audio System
| Integer overflow in the ProcAuWriteElement function in server/dia/audispatch.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large max_samples value. | | 2.3 | CVE-2007-1544 OTHER-REF BID FRSIRT SECUNIA XF
| Radscan -- Network Audio System
| The AddResource function in server/dia/resource.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (server crash) via a nonexistent client ID. | | 2.3 | CVE-2007-1545 OTHER-REF BID FRSIRT SECUNIA XF
| Radscan -- Network Audio System
| Array index error in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) via (1) large num_action values in the ProcAuSetElements function in server/dia/audispatch.c or (2) a large inputNum parameter to the compileInputs function in server/dia/auutil.c. | | 2.3 | CVE-2007-1546 OTHER-REF BID FRSIRT SECUNIA XF
| Radscan -- Network Audio System
| The ReadRequestFromClient function in server/os/io.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) via multiple simultaneous connections, which triggers a NULL pointer dereference. | | 3.3 | CVE-2007-1547 OTHER-REF BID FRSIRT SECUNIA XF
| SourceNext -- IKANARI JIJYOU
| Cross-site scripting (XSS) vulnerability in the RSS reader in a certain SOURCENEXT product, probably IKANARI JIJYOU 1.0.0 and 1.0.1, allows remote attackers to inject arbitrary web script or HTML via the title of an article in a feed. | | 1.9 | CVE-2007-1611 OTHER-REF OTHER-REF
| Squid -- Squid
| The clientProcessRequest() function in squid/src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (system crash) via crafted TRACE requests that trigger an assertion error. | | 3.3 | CVE-2007-1560 OTHER-REF OTHER-REF FRSIRT SECUNIA
| Sun -- Java System Web Server
| Sun Java System Web Server 6.1 before 20070314 allows remote authenticated users with revoked client certificates to bypass the Certificate Revocation List (CRL) authorization control and access secure web server instances running under an account different from that used for the admin server via unspecified vectors. | | 3.4 | CVE-2007-1526 SUNALERT
| Symantec -- Norton Personal Firewall
| The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.1.7, and possibly other products using symevent.sys 12.0.0.20, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data, a reintroduction of CVE-2006-4855. | | 2.3 | CVE-2007-1495 BUGTRAQ BID
| Trend Micro -- Trend Micro AntiVirus
| VsapiNT.sys in the Scan Engine 8.0 for Trend Micro AntiVirus 14.10.1041, and other products, allows remote attackers to cause a denial of service (kernel fault and system crash) via a crafted UPX file with a certain field that triggers a divide-by-zero error. | | 2.3 | CVE-2007-1591 IDEFENSE OTHER-REF
| TrueCrypt Foundation -- TrueCrypt
| TrueCrypt before 4.3, when set-euid mode is used on Linux, allows local users to cause a denial of service (filesystem unavailability) by dismounting a volume mounted by a different user. | | 1.6 | CVE-2007-1589 OTHER-REF
| Unclassified NewsBoard -- Unclassified NewsBoard
| Unclassified NewsBoard 1.6.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain (1) the board log via a direct request for logs/board-YYYY-MM-DD.log, (2) the mail and private message (PM) log via a direct request for logs/email-YY-MM-DD-HH-MM-SS.log, (3) the SQL error message log via a direct request for logs/error-YY-MM.log, and (4) the IP log via a direct request for logs/ip.log. | | 2.3 | CVE-2007-1597 BUGTRAQ
| W-Agora -- W-Agora
| w-agora 4.2.1 allows remote attackers to obtain sensitive information by via the (1) bn[] array parameter to index.php, which expects a string, and (2) certain parameters to delete_forum.php, which displays the path name in the resulting error message. | | 2.3 | CVE-2007-0606 BUGTRAQ OTHER-REF OSVDB OSVDB XF
| W-Agora -- W-Agora
| W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores globals.inc under the web document root with insufficient access control, which allows remote attackers to obtain application path information via a direct request. | | 1.9 | CVE-2007-0607 BUGTRAQ OTHER-REF OSVDB
| W-Agora -- W-Agora
| w-Agora (Web-Agora) allows remote attackers to obtain sensitive information via a request to rss.php with an invalid (1) site or (2) bn parameter, (3) a certain value of the site[] parameter, or (4) an empty value of the bn[] parameter; a request to index.php with a certain value of the (5) site[] or (6) sort[] parameter; (7) a request to profile.php with an empty value of the site[] parameter; or a request to search.php with (8) an empty value of the bn[] parameter or a certain value of the (9) pattern[] or (10) search_date[] parameter, which reveal the path in various error messages, probably related to variable type inconsistencies. NOTE: the bn[] parameter to index.php is already covered by CVE-2007-0606.1. | | 2.3 | CVE-2007-1605 BUGTRAQ BID SECUNIA
| W-Agora -- W-Agora
| Multiple cross-site scripting (XSS) vulnerabilities in w-Agora (Web-Agora) allow remote attackers to inject arbitrary web script or HTML via (1) the showuser parameter to profile.php, the (2) search_forum or (3) search_user parameter to search.php, or (4) the userid parameter to change_password.php. | | 1.9 | CVE-2007-1606 BUGTRAQ BID SECUNIA
| W-Agora -- W-Agora
| search.php in w-Agora (Web-Agora) allows remote attackers to obtain potentially sensitive information via a ' (quote) value followed by certain SQL sequences in the (1) search_forum or (2) search_user parameter, which force a SQL error. | | 2.3 | CVE-2007-1607 BUGTRAQ BID SECUNIA
| Weekly Drawing Contest -- Weekly Drawing Contest
| ** DISPUTED ** Directory traversal vulnerability in check_vote.php in Weekly Drawing Contest 0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the order parameter. NOTE: another researcher disputes this vulnerability, noting that the order variable is not used in any context that allows opening files. | | 2.3 | CVE-2007-1601 BUGTRAQ BUGTRAQ
| WordPress -- WordPress
| wp-login.php in WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information via the redirect_to parameter. | | 1.4 | CVE-2007-1599 BUGTRAQ OTHER-REF
| Xen -- Qemu
| The VNC server implementation in QEMU allows local users of a guest operating system to read arbitrary files on the host operating system via unspecified vectors related to QEMU monitor mode, as demonstrated by mapping files to a CDROM device. NOTE: some of these details are obtained from third party information. | | 1.9 | CVE-2007-0998 REDHAT BID SECTRACK
| Zomplog -- Zomplog
| Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then included via themes/default/. | | 2.3 | CVE-2007-1524 MILW0RM BID
| Zope -- Zope
| Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request. | | 1.9 | CVE-2007-0240 OTHER-REF FRSIRT
| ZyXEL -- ZyNOS
| ZynOS 3.40 allows remote attackers to cause a denial of service (link restart) by sending a request for the name \M via the SMB Mail Slot Protocol. | | 2.3 | CVE-2007-1586 BUGTRAQ BID SECTRACK
|