Primary Vendor -- Product | Description | | CVSS Score | Source & Patch Info | Advanced Searchbar -- Advanced Searchbar
| The isChecked function in Toolbar.DLL in Advanced Searchbar allows remote attackers to cause a denial of service (NULL dereference and browser crash) via unspecified vectors. | | 4.3 | CVE-2007-4250 BUGTRAQ
| AMG Soft -- Webdirector
| Cross-site scripting (XSS) vulnerability in index.php in WebDirector 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the deslocal parameter. | | 5.0 | CVE-2007-4178 OTHER-REF BID SECUNIA
| Apache -- Tomcat
| Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages. | | 4.3 | CVE-2007-3384 BUGTRAQ OTHER-REF BID SECTRACK
| Atheros -- wireless adapter drivers
| Unspecified vulnerability in Atheros 802.11 a/b/g wireless adapter drivers before 5.3.0.35, and 6.x before 6.0.3.67, on Windows allows remote attackers to cause a denial of service via a crafted 802.11 management frame. | | 5.0 | CVE-2007-2927 CERT-VN BID FRSIRT
| BlueSky -- BlueSkychat
| Heap-based buffer overflow in the BlueSkychat (BlueSkyCat) ActiveX control (V2.V2Ctrl.1) in v2.ocx 8.1.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the second argument to the ConnecttoServer method. | | 4.3 | CVE-2007-4145 BUGTRAQ FULLDISC OTHER-REF OTHER-REF BID XF
| Brian Carrier -- The Slueth Kit
| icat in Brian Carrier The Sleuth Kit (TSK) before 2.09 misinterprets a certain memory location as the holder of a loop iteration count, which allows user-assisted remote attackers to cause a denial of service (long loop) and prevent examination of certain NTFS files via a malformed NTFS image. | | 5.0 | CVE-2007-4196 BUGTRAQ BUGTRAQ MLIST OTHER-REF BID
| Brian Carrier -- The Slueth Kit
| icat in Brian Carrier The Sleuth Kit (TSK) before 2.09 omits NULL pointer checks in certain code paths, which allows user-assisted remote attackers to cause a denial of service (NULL dereference and application crash) and prevent examination of certain NTFS files via a malformed NTFS image. | | 4.3 | CVE-2007-4197 BUGTRAQ BUGTRAQ MLIST OTHER-REF BID
| Brian Carrier -- The Slueth Kit
| The fs_data_put_str function in ntfs.c in fls in Brian Carrier The Sleuth Kit (TSK) before 2.09 does not validate a certain length value, which allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image, which triggers a buffer over-read. | | 4.3 | CVE-2007-4198 BUGTRAQ BUGTRAQ MLIST OTHER-REF BID
| Brian Carrier -- The Slueth Kit
| Brian Carrier The Sleuth Kit (TSK) before 2.09 allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image that triggers (1) dereference of a certain integer value by ntfs_dent.c in fls, or (2) dereference of a certain other integer value by ntfs.c in fsstat. | | 4.3 | CVE-2007-4199 BUGTRAQ BUGTRAQ MLIST OTHER-REF BID
| Brian Carrier -- The Slueth Kit
| ntfs.c in fsstat in Brian Carrier The Sleuth Kit (TSK) before 2.09 interprets a certain variable as a byte count rather than a count of 32-bit integers, which allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image. | | 4.3 | CVE-2007-4200 BUGTRAQ BUGTRAQ MLIST OTHER-REF BID
| C-SAM -- OneWallet
| Cross-site scripting (XSS) vulnerability in user/forgotPassStep2.jsp in the admin interface in C-SAM oneWallet 210_07062007;1.0 allows remote attackers to inject arbitrary web script or HTML via the loginID parameter. | | 4.3 | CVE-2007-4239 BUGTRAQ BID
| Camera Life -- Camera Life
| Multiple unspecified vulnerabilities in Camera Life before 2.6 allow attackers to cause a denial of service via unknown vectors. | | 4.3 | CVE-2007-4233 OTHER-REF OTHER-REF BID
| Camera Life -- Camera Life
| Unspecified vulnerability in Camera Life before 2.6 allows remote attackers to download private photos via unspecified vectors associated with the names of the photos. NOTE: some of these details are obtained from third party information. | | 4.3 | CVE-2007-4234 OTHER-REF OTHER-REF SECUNIA
| Chilkat Software -- ASP String
| Absolute path traversal vulnerability in a certain ActiveX control in CkString.dll 1.1 and earlier in CHILKAT ASP String allows remote attackers to create or overwrite arbitrary files via a full pathname in the first argument to the SaveToFile method, a different vulnerability than CVE-2007-3633. | | 5.8 | CVE-2007-4252 MILW0RM
| Cisco -- IOS
| Unspecified vulnerability in the server side of the Secure Copy (SCP) implementation in Cisco 12.2-based IOS allows remote authenticated users to read, write or overwrite any file on the device's filesystem via unknown vectors. | | 6.0 | CVE-2007-4263 CISCO BID XF
| Cisco -- MeetingPlace Web Confrencing
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified MeetingPlace Web Conferencing (MP) 5.3.235.0 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) Success Template (STPL) and (2) Failure Template (FTPL) parameters, which are not properly handled in an error message. | | 4.3 | CVE-2007-4284 BUGTRAQ BUGTRAQ FULLDISC CISCO BID FRSIRT XF
| Cisco -- IOS
| Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to 12.3, including some versions before 12.3(15) and 12.3(14)T, allows remote attackers to obtain sensitive information or cause a denial of service (router or component crash) via crafted IPv6 packets with a Type 0 routing header. | | 5.8 | CVE-2007-4285 CISCO FRSIRT
| Cisco -- Unified Communications Manager
| Unspecified vulnerability in Cisco Unified Communications Manager (CUCM) 5.0, 5.1, and 6.0, and IOS 12.0 through 12.4, allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80102. | | 6.8 | CVE-2007-4294 CISCO BID SECTRACK SECUNIA
| Cisco -- IOS
| Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80749. | | 6.8 | CVE-2007-4295 CISCO BID SECTRACK SECUNIA
| DiMeMa -- CONTENTdm
| Cross-site scripting (XSS) vulnerability in Search.php in DiMeMa CONTENTdm (CDM) allows remote attackers to inject arbitrary web script or HTML via a search. | | 4.3 | CVE-2007-4245 BUGTRAQ BID
| Dovecot -- Dovecot
| The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command. | | 6.0 | CVE-2007-4211 MLIST BID SECUNIA XF
| EQdkp -- EQdkp plus
| Multiple unspecified vulnerabilities in EQDKP Plus before 0.4.4.5 have unknown impact and attack vectors. | | 6.8 | CVE-2007-4176 OTHER-REF SECUNIA
| ExportNation -- ExportNation Toolbar
| The isChecked function in Toolbar.DLL in the ExportNation toolbar for Internet Explorer allows remote attackers to cause a denial of service (NULL dereference and browser crash) via unspecified vectors. | | 4.3 | CVE-2007-4249 BUGTRAQ XF
| EZ photo sales -- EZ photo sales
| EZPhotoSales 1.9.3 and earlier allows remote attackers to download arbitrary image files via (1) a direct request for a URL under OnlineViewing/galleries/ or (2) navigation of the gallery user interface with JavaScript disabled. | | 5.0 | CVE-2007-4259 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF
| EZ photo sales -- EZ photo sales
| EZPhotoSales 1.9.3 and earlier has a default "admin" account for galleries, which allows remote attackers to access arbitrary galleries by specifying this username. | | 5.0 | CVE-2007-4260 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF
| Guidance Software -- EnCase
| Guidance Software EnCase 5.0 allows user-assisted remote attackers to cause a denial of service (stack memory consumption) and possibly have other unspecified impact via a malformed file, related to "EnCase's file system parsing." NOTE: this information is based upon a vague pre-advisory. It might overlap CVE-2007-4036. | | 4.3 | CVE-2007-4194 BUGTRAQ
| Guidance Software -- EnCase
| Guidance Software EnCase 6.2 and 6.5 does not properly handle a volume with more than 25 partitions, which might allow remote attackers to prevent examination of certain data, a related issue to CVE-2007-4035. | | 5.0 | CVE-2007-4201 BUGTRAQ BUGTRAQ OTHER-REF
| Guidance Software -- EnCase
| Guidance Software EnCase Enterprise Edition (EEE) 6 does not properly verify the identity of the acquisition target during communication with the EnCase Servlet (EEE servlet), which might allow remote attackers to spoof the disk image. | | 4.3 | CVE-2007-4202 BUGTRAQ BUGTRAQ OTHER-REF
| IBM -- AIX
| Buffer overflow in lpd in bos.rte.printers in AIX 5.2 and 5.3 allows local users with printq group privileges to gain root privileges. | | 6.9 | CVE-2007-4236 AIXAPAR AIXAPAR FRSIRT SECTRACK
| IBM -- AIX
| Buffer overflow in the atm subset in arp in devices.common.IBM.atm.rte in AIX 5.2 and 5.3 allows local users to gain root privileges. | | 6.9 | CVE-2007-4237 AIXAPAR AIXAPAR FRSIRT SECTRACK
| IBM -- AIX
| AIX 5.2 and 5.3 install pioinit with user and group ownership of bin, which allows local users with bin or possibly printq privileges to gain root privileges by modifying pioinit. | | 6.9 | CVE-2007-4238 AIXAPAR AIXAPAR FRSIRT SECTRACK
| IDE Group -- DVD Rental System DRS
| Multiple cross-site scripting (XSS) vulnerabilities in IDE Group DVD Rental System (DRS) 5.1 before 20070801 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is not clear whether IDE Group updates all DRS installations in its role as an application service provider. If so, then this issue should not be included in CVE. | | 4.3 | CVE-2007-4192 FULLDISC BID
| IDE Group -- DVD Rental System DRS
| Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in IDE Group DVD Rental System (DRS) 5.1 before 20070801 allow remote attackers to perform certain actions as arbitrary users, as demonstrated by (1) modifying data or (2) canceling a subscription. NOTE: it is not clear whether IDE Group updates all DRS installations in its role as an application service provider. If so, then this issue should not be included in CVE. | | 4.3 | CVE-2007-4193 FULLDISC
| iDevspot -- PHPHostBot
| PHP remote file inclusion vulnerability in order/login.php in IDevSpot PhpHostBot 1.06 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the svr_rootscript parameter, a different vector than CVE-2007-4094 and CVE-2006-3776. | | 6.8 | CVE-2007-4231 MILW0RM BID XF
| Interact -- Interact
| Multiple cross-site scripting (XSS) vulnerabilities in Interact before 2.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2007-3328. | | 4.3 | CVE-2007-4177 OTHER-REF OTHER-REF SECUNIA
| Joomla -- Joomla
| Joomla! 1.0.12 allows remote attackers to obtain sensitive information via a direct request for (1) Stat.php (2) OutputFilter.php, (3) OutputCache.php, (4) Modifier.php, (5) Reader.php, and (6) TemplateCache.php in includes/patTemplate/patTemplate/; (7) includes/Cache/Lite/Output.php; and other unspecified components, which reveal the path in various error messages. | | 5.0 | CVE-2007-4185 BUGTRAQ
| Joomla -- Joomla
| Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the (1) com_search, (2) com_content, and (3) mod_login components. NOTE: some of these details are obtained from third party information. | | 4.3 | CVE-2007-4189 OTHER-REF FRSIRT SECUNIA
| Joomla -- Joomla
| CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. NOTE: some of these details are obtained from third party information. | | 4.3 | CVE-2007-4190 OTHER-REF FRSIRT SECUNIA
| Justsystem -- Ichitaro
| Unspecified vulnerability, possibly a buffer overflow, in Justsystem Ichitaro 2007 and earlier allows remote attackers to execute arbitrary code via a modified document, as actively exploited in August 2007 by malware such as Tarodrop.D (Tarodrop.Q), a different vulnerability than CVE-2006-4326, CVE-2006-5424, CVE-2006-6400, and CVE-2007-1938. | | 6.8 | CVE-2007-4246 OTHER-REF OTHER-REF OTHER-REF BID SECUNIA
| Kai Blankenhorn Bitfolge -- Simple and Nice Index File
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) 1.5.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) path and (2) download parameters. | | 4.3 | CVE-2007-4264 OTHER-REF BID XF
| Kaspersky Lab -- Kaspersky Anti-Spam
| Kaspersky Anti-Spam 3.0 MP1 before Critical Fix 2 (3.0.278.4) sets incorrect permissions for application files in certain upgrade scenarios, which might allow local users to gain privileges. | | 4.4 | CVE-2007-4206 OTHER-REF BID SECUNIA XF
| KDE -- Konqueror
| KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property. | | 6.8 | CVE-2007-4224 FULLDISC
| KDE -- Konqueror
| Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion. | | 6.8 | CVE-2007-4225 FULLDISC
| KDE -- Konqueror
| Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows remote attackers to cause a denial of service (failed assertion and application crash) via certain malformed HTML, as demonstrated by a document containing TEXTAREA, BUTTON, BR, BDO, PRE, FRAMESET, and A tags. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 4.3 | CVE-2007-4229 OTHER-REF BID
| Kerberos Internet Services -- Gallery In A Box
| SQL injection vulnerability in admin_console/index.asp in Gallery In A Box allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password field. | | 6.4 | CVE-2007-4207 BUGTRAQ BID
| knowledgetree -- Open Source
| Cross-site scripting (XSS) vulnerability in KnowledgeTree Open Source 3.4 and 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the login field on the login page, and other unspecified vectors. | | 4.3 | CVE-2007-4281 OTHER-REF OTHER-REF OTHER-REF FRSIRT SECUNIA
| LFS -- Live for speed
| Multiple buffer overflows in Live for Speed (LFS) S1 and S2 allow user-assisted remote attackers to execute arbitrary code via (1) a .spr file (single player replay file) containing a long user name or (2) a .ply file containing a long number plate string, different vectors than CVE-2007-4140. | | 6.8 | CVE-2007-4257 MILW0RM MILW0RM
| Linux -- Kernel
| The Linux kernel before 2.6.23-rc1 checks the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing despite sec=ntlmv2i in a SetupAndX request. | | 5.8 | CVE-2007-3843 OTHER-REF OTHER-REF SECUNIA
| Microsoft -- Internet Explorer
| Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain JPG file, as demonstrated by something.jpg. NOTE: this issue might be related to CVE-2007-3958. | | 4.3 | CVE-2007-4227 BUGTRAQ BID
| Microsoft -- windows
| Windows Calendar on Microsoft Windows Vista allows remote attackers to cause a denial of service (NULL dereference and persistent application crash) via a malformed ICS file. | | 4.3 | CVE-2007-4247 BUGTRAQ BID
| Microsoft -- Windows Media Player
| Microsoft Windows Media Player 11 (wmplayer.exe) allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .au file that triggers a divide-by-zero error, as demonstrated by iapetus.au. | | 4.3 | CVE-2007-4288 BUGTRAQ OTHER-REF BID
| Mozilla -- SeaMonkey Mozilla -- Firefox Mozilla -- Thunderbird
| Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression. | | 4.3 | CVE-2007-3844 OTHER-REF OTHER-REF BID SECTRACK SECTRACK SECTRACK SECUNIA
| Mozilla -- SeaMonkey Mozilla -- Firefox Mozilla -- Thunderbird
| Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler." | | 6.5 | CVE-2007-3845 OTHER-REF OTHER-REF
| Open WebMail -- Open WebMail
| Multiple cross-site scripting (XSS) vulnerabilities in Open Webmail (OWM) 2.52 20060831 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) searchtype, (2) longpage, and (3) page parameters to (a) openwebmail-main.pl; the (4) prefs_caller, (5) userfirsttime, (6) page, (7) sort, (8) folder, and (9) message_id parameters to (b) openwebmail-prefs.pl; the (10) compose_caller, (11) msgdatetype, (12) keyword, (13) searchtype, (14) folder, (15) page, and (16) sort parameters to (c) openwebmail-send.pl; the (17) folder, (18) page, and (19) sort parameters to (d) openwebmail-folder.pl; the (20) searchtype, (21) page, (22) filesort, (23) singlepage, (24) showhidden, (25) showthumbnail, and (26) message_id parameters to (e) openwebmail-webdisk.pl; the (27) folder parameteter to (f) openwebmail-advsearch.pl; and the (28) abookcollapse, (29) abooksearchtype, (30) abooksort, (31) abooklongpage, (32) abookpage, (33) message_id, (34) searchtype, (35) !
msgdatetype, (36) sort, (37) page, (38) rootxowmuid, and (39) listviewmode parameters to (g) openwebmail-abook.pl, different vectors than CVE-2005-2863, CVE-2006-2190, CVE-2006-3229, and CVE-2006-3233. | | 4.3 | CVE-2007-4172 OTHER-REF BID XF
| OpenOffice -- OpenOffice
| OpenOffice.org (OOo) 2.2 does not properly handle files with multiple extensions, which allows user-assisted remote attackers to cause a denial of service. | | 4.3 | CVE-2007-4251 BUGTRAQ
| OpenRat -- OpenRat CMS
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in OpenRat CMS 0.8-beta1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) subaction and (2) action parameters. | | 4.3 | CVE-2007-4175 OTHER-REF BID
| OpenSSL Project -- OpenSSL
| The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys. | | 4.7 | CVE-2007-3108 OTHER-REF OTHER-REF OTHER-REF CERT-VN BID FRSIRT
| Panda -- Panda AntiVirus
| Panda Antivirus 2008 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying PAVSRV51.EXE or other unspecified files, a related issue to CVE-2006-4657. | | 6.9 | CVE-2007-4191 BUGTRAQ BID
| PHP -- PHP-Nuke
| Multiple cross-site scripting (XSS) vulnerabilities in the Search Module in PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via a trailing "<" instead of a ">" in (1) the onerror attribute of an IMG element, (2) the onload attribute of an IFRAME element, or (3) redirect users to other sites via the the META tag. | | 5.0 | CVE-2007-4212 BUGTRAQ BID
| Pluck -- Pluck
| ** DISPUTED ** Directory traversal vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to read arbitrary local files via a .. (dot dot) in the file parameter. NOTE: CVE and a reliable third party dispute this vulnerability because the code uses a a fixed argument when invoking fputs, which cannot be used to read files. | | 5.0 | CVE-2007-4180 BUGTRAQ OTHER-REF VIM
| Pluck -- Pluck
| ** DISPUTED ** PHP remote file inclusion vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: A reliable third party disputes this vulnerability because the applicable include is within a function that does not receive the dir parameter from an HTTP request. | | 6.8 | CVE-2007-4181 BUGTRAQ OTHER-REF VIM
| Serendipity -- Serendipity
| The "Extended properties for entries" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and "deliver custom entryproperties settings to the Serendipity Frontend" via a certain request that modifies the password being checked. | | 5.0 | CVE-2007-4282 OTHER-REF OTHER-REF OTHER-REF OTHER-REF SECUNIA
| Sun -- Java System Portal Server
| Sun Java System Portal Server 7.0 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3715. | | 6.8 | CVE-2007-4289 BUGTRAQ OTHER-REF OTHER-REF SUNALERT SECTRACK SECUNIA XF
| Symantec -- Norton Internet Security Symantec -- Norton System Works Symantec -- Norton Antivirus
| Multiple unspecified "input validation error" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006, allows remote attackers to execute arbitrary code via (1) the AnomalyList property to AxSysListView32 and (2) Anomaly property to AxSysListView32OAA. | | 6.8 | CVE-2007-2955 OTHER-REF OTHER-REF
| Toolbar Gaming -- Toolbar Gaming
| The CallCmd function in toolbar_gaming.dll in the Toolbar Gaming toolbar for Internet Explorer allows remote attackers to cause a denial of service (NULL dereference and browser crash) via unspecified vectors. | | 4.3 | CVE-2007-4248 BUGTRAQ
| Tor -- Tor
| Unspecified vulnerability in Tor before 0.1.2.16, when ControlPort is enabled, might allow remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact, related to improper handling of multiple ControlPort authentication attempts. | | 5.8 | CVE-2007-4174 MLIST BID FRSIRT SECUNIA
| Visionera AB -- VisionProject
| Multiple cross-site scripting (XSS) vulnerabilities in VisionProject 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) projectIssueId parameter in EditProjectIssue.do, the (2) projectId parameter in ProjectSelected.do, the (3) folderId parameter in ProjectDocuments.do and the (4) sortField parameter in ProjectIssues.do. | | 4.3 | CVE-2007-4265 OTHER-REF BID SECUNIA XF
| WordPress -- WordPress
| SQL injection vulnerability in options.php in WordPress 2.2.1 allows remote authenticated administrators to execute arbitrary SQL commands via the page_options parameter to (1) options-general.php, (2) options-writing.php, (3) options-reading.php, (4) options-discussion.php, (5) options-privacy.php, (6) options-permalink.php, (7) options-misc.php, and possibly other unspecified components. | | 6.5 | CVE-2007-4154 OTHER-REF
| WordPress -- WordPress Xu Yiyang -- Blue Memories Theme
| Cross-site scripting (XSS) vulnerability in index.php in the Blue Memories theme 1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757 and CVE-2007-4014. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 4.3 | CVE-2007-4165 SECUNIA
| WordPress -- Unamed Theme WordPress -- Unamed Theme SE
| Cross-site scripting (XSS) vulnerability in index.php in the Unnamed theme 1.217, and Special Edition (SE) 1.02, before 20070804 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757, CVE-2007-4014, and CVE-2007-4165. NOTE: some of these details are obtained from third party information. | | 5.0 | CVE-2007-4166 OTHER-REF SECUNIA
| ynp -- Portal Systems
| Directory traversal vulnerability in showpage.cgi in YNP Portal System 2.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. | | 5.0 | CVE-2007-4256 MILW0RM
|