Primary Vendor -- Product | Description | | CVSS Score | Source & Patch Info | Apple -- Quicktime
| Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via a crafted movie file that triggers memory corruption. | | 9.3 | CVE-2007-2392 OTHER-REF APPLE CERT-VN BID FRSIRT SECUNIA XF
| Apple -- Quicktime
| The design of QuickTime for Java in Apple Quicktime before 7.2 allows remote attackers to bypass certain security controls and write to process memory via Java applets, possibly leading to arbitrary code execution. | | 9.3 | CVE-2007-2393 OTHER-REF APPLE BID FRSIRT SECUNIA XF
| Apple -- Quicktime
| Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation. | | 9.3 | CVE-2007-2394 IDEFENSE OTHER-REF APPLE BID FRSIRT SECUNIA XF
| Apple -- Quicktime
| The JDirect support in QuickTime for Java in Apple Quicktime before 7.2 exposes certain dangerous interfaces, which allows remote attackers to execute arbitrary code via crafted Java applets. | | 9.3 | CVE-2007-2396 OTHER-REF APPLE BID FRSIRT SECUNIA XF
| Apple -- Quicktime
| QuickTime for Java in Apple Quicktime before 7.2 does not properly check permissions, which allows remote attackers to disable security controls and execute arbitrary code via crafted Java applets. | | 9.3 | CVE-2007-2397 OTHER-REF APPLE BID FRSIRT SECUNIA XF
| Apple -- Mac OS X
| Unspecified vulnerability in mDNSResponder in Apple Mac OS X allows remote attackers to execute arbitrary code via unspecified vectors, a related issue to CVE-2007-2386. | | 10.0 | CVE-2007-3828 OTHER-REF BID
| Aspindir -- husrevforum
| SQL injection vulnerability in philboard_forum.asp in husrevforum 1.0.1 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 7.5 | CVE-2007-3884 BID FRSIRT SECUNIA
| Asterisk -- s800i Appliance Asterisk -- AsteriskNOW Asterisk -- Asterisk Asterisk -- Asterisk Appliance Developer Kit
| Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame. | | 9.3 | CVE-2007-3762 OTHER-REF FRSIRT
| BRICS -- JWIG
| JWIG might allow context-dependent attackers to cause a denial of service (service degradation) via loops of references to external templates. | | 7.8 | CVE-2007-3816 BUGTRAQ OTHER-REF
| CA -- Alert Notification Server CA -- BrightStor ARCserve Client CA -- Anti-Virus CA -- Threat Manager CA -- Protection Suites CA -- BrightStor Enterprise Backup CA -- BrightStor ARCserve Backup
| Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA (formerly Computer Associates) Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve products, and BrightStor Enterprise Backup, allow remote attackers to execute arbitrary code by sending certain data to unspecified RPC procedures. | | 9.3 | CVE-2007-3825 IDEFENSE OTHER-REF FRSIRT SECUNIA
| Cerulean Studios -- Trillian
| Buffer overflow in the AOL Instant Messenger (AIM) protocol handler in AIM.DLL in Cerulean Studios Trillian allows remote attackers to execute arbitrary code via a malformed aim: URI, as demonstrated by a long URI beginning with the aim:///#1111111/ substring. | | 7.5 | CVE-2007-3832 OTHER-REF CERT-VN BID
| Cisco -- Unified CallManager Cisco -- Unified Communications Manager
| Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that triggers a heap-based buffer overflow. | | 9.3 | CVE-2006-5277 ISS CISCO BID SECTRACK SECUNIA XF
| Cisco -- Unified CallManager Cisco -- Unified Communications Manager
| Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow. | | 10.0 | CVE-2006-5278 ISS CISCO BID SECTRACK SECUNIA XF
| Cisco -- Unified Presence Server Cisco -- Unified Communications Manager
| Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allows remote attackers to cause a denial of service (loss of cluster services) via unspecified vectors, aka (1) CSCsj09859 and (2) CSCsj19985. | | 7.8 | CVE-2007-3775 CISCO BID SECTRACK
| Citadel -- WebCit
| Cross-site request forgery (CSRF) vulnerability in Webcit before 7.11 allows remote attackers to modify configurations and perform other actions as arbitrary users via unspecified vectors. | | 7.5 | CVE-2007-3821 BUGTRAQ BID SECUNIA
| Clavister -- Clavister CorePlus
| The SMTP ALG in Clavister CorePlus before 8.80.04, and 8.81.00, does not properly parse SMTP commands in certain circumstances, which allows remote attackers to bypass address blacklists. | | 10.0 | CVE-2007-3803 OTHER-REF OTHER-REF SECUNIA
| CMScout -- CMScout
| SQL injection vulnerability in forums.php in CMScout 1.23 and earlier allows remote attackers to execute arbitrary SQL commands via the f parameter in a forums action to index.php. | | 7.5 | CVE-2007-3812 MILW0RM OTHER-REF BID SECUNIA XF
| Dvbbs -- Dvbbs
| Dvbbs 7.1.0 SP1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Data/Dvbbs7.mdb. | | 7.8 | CVE-2007-3774 BUGTRAQ
| EnvivoSoft -- enVivo!CMS
| SQL injection vulnerability in default.asp in enVivo!CMS allows remote attackers to execute arbitrary SQL commands via the ID parameter in an article action. NOTE: this is probably different from CVE-2005-1413.4. | | 7.5 | CVE-2007-3783 BUGTRAQ OTHER-REF FRSIRT SECUNIA
| eSoft -- InstaGate EX2 UTM
| ** DISPUTED ** Cross-site request forgery (CSRF) vulnerability on the eSoft InstaGate EX2 UTM device before firmware 3.1.20070615 allows remote attackers to perform privileged actions as administrators. NOTE: the vendor disputes the distribution of the vulnerable software, stating that it was a custom build for a former customer. | | 9.3 | CVE-2007-3786 OTHER-REF OTHER-REF OTHER-REF XF
| eSoft -- InstaGate EX2 UTM
| The eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password, which might allow remote attackers to gain privileges by conducting a CSRF attack, making a password change from an unattended workstation, or other attacks. | | 7.5 | CVE-2007-3787 OTHER-REF OTHER-REF
| eSoft -- InstaGate EX2 UTM
| The eSoft InstaGate EX2 UTM device stores the admin password within the settings HTML document, which might allow context-dependent attackers to obtain sensitive information by reading this document. | | 7.6 | CVE-2007-3788 OTHER-REF OTHER-REF
| eSyndicat -- eSyndiCat Directory
| Multiple SQL injection vulnerabilities in eSyndiCat allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php or (2) the name parameter to page.php. | | 7.5 | CVE-2007-3811 MILW0RM BID
| fedoraproject -- fedora_core Red Hat -- Enterprise Linux AS Red Hat -- Enterprise Linux ES Red Hat -- Enterprise Linux WS Red Hat -- Desktop
| The init.d script for the X.Org X11 xfs font server on Red Hat Enterprise Linux (RHEL) 4 and 5 before 20070712, and Fedora Core 6, might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file. | | 7.2 | CVE-2007-3103 IDEFENSE OTHER-REF REDHAT REDHAT
| Generic YouTube Clone Script -- Generic YouTube Clone Script
| Cross-site request forgery (CSRF) vulnerability in the Email-Template module in Generic YouTube Clone Script allows remote attackers to upload files with arbitrary file types to templates/emails/ as administrators. | | 10.0 | CVE-2007-3773 BUGTRAQ OTHER-REF
| Grisoft -- AVG Antivirus
| avg7core.sys 7.5.0.444 in Grisoft AVG Anti-Virus 7.5.448 and Free Edition 7.5.446, provides an internal function that copies data to an arbitrary address, which allows local users to gain privileges via arbitrary address arguments to a function provided by the 0x5348E004 IOCTL for the generic DeviceIoControl handler. | | 7.2 | CVE-2007-3777 BUGTRAQ BID SECTRACK SECUNIA
| Hitachi -- JP1-NETM-DM Manager
| SQL injection vulnerability in Job Management Partner 1/NETM/DM (JP1/NETM/DM) Manager on Windows before 20070413 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | | 7.5 | CVE-2007-3793 OTHER-REF BID SECUNIA XF
| Hitachi -- uCosminexus Service Platform Hitachi -- Cosminexus Studio Hitachi -- uCosminexus Application Server Hitachi -- uCosminexus Operator Hitachi -- uCosminexus Client Hitachi -- uCosminexus Developer Hitachi -- uCosminexus Service Architect Hitachi -- Cosminexus Developer Hitachi -- Cosminexus Client Hitachi -- Cosminexus Server Hitachi -- Cosminexus Application Server
| Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit for XML before 20070511, Developer's Kit for Java before 20070312, and third-party products that use this software, allows attackers to have an unknown impact via certain GIF images, related to use of GIF image processing APIs by a Java application. | | 10.0 | CVE-2007-3794 OTHER-REF BID SECUNIA
| Hitachi -- TPI Server Base
| Unspecified vulnerability in Hitachi TP1/Server Base before 03-05-/P, 05-00-x before 05-00-/G, 05-01-x before 05-01-/A, and 05-02-x before 05-02-/C on HP-UX 11.0 through 11i v3 allows attackers to cause a denial of service by sending certain data to a port. | | 7.1 | CVE-2007-3795 OTHER-REF BID SECUNIA XF
| HydraIRC -- HydraIRC
| Format string vulnerability in HydraIRC 0.3.151 allows remote attackers to cause a denial of service via format string specifiers in certain data related to failed DCC file transfer negotiation. | | 7.8 | CVE-2007-3836 OTHER-REF XF
| HydraIRC -- HydraIRC
| Heap-based buffer overflow in HydraIRC 0.3.151 allows remote IRC servers to cause a denial of service (application crash) via a long CTCP request message containing '%' (percent) characters. | | 7.8 | CVE-2007-3837 OTHER-REF XF
| IBM -- Proventia Network IPS GX5108 IBM -- Proventia Network IPS GX5008
| PHP remote file inclusion in main.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | | 9.3 | CVE-2007-3831 OTHER-REF FRSIRT SECUNIA
| Inmostore -- Inmostore
| SQL injection vulnerability in admin/index.php in Inmostore 4.0 allows remote attackers to execute arbitrary SQL commands via the Password field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 7.5 | CVE-2007-3789 BID
| Insanely Simple Blog -- Insanely Simple Blog
| Multiple SQL injection vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the current_subsection parameter to index.php and other unspecified vectors. | | 7.5 | CVE-2007-3889 BUGTRAQ BID SECUNIA
| Ipswitch -- WS_FTP
| The Logging Server (Logsrv.exe) in IPSwitch WS_FTP 7.5.29.0 allows remote attackers to cause a denial of service (daemon crash) by sending a crafted packet containing a long string to port 5151/udp. | | 7.8 | CVE-2007-3823 OTHER-REF SECUNIA XF
| IT747 -- Realtor 747
| SQL injection vulnerability in index.php in Realtor 747 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter. | | 7.5 | CVE-2007-3810 MILW0RM
| libcURL -- libcURL
| libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions. | | 7.5 | CVE-2007-3564 OTHER-REF UBUNTU BID FRSIRT SECUNIA SECUNIA
| MailMarshal -- MailMarshal SMTP
| The password reset feature in the Spam Quarantine HTTP interface for MailMarshal SMTP 6.2.0.x before 6.2.1 allows remote attackers to modify arbitrary account information via a UserId variable with a large amount of trailing whitespace followed by a malicious value, which triggers SQL buffer truncation due to length inconsistencies between variables. | | 7.6 | CVE-2007-3796 FULLDISC OTHER-REF BID SECUNIA
| Mehmet Zati Karahan -- MzK Blog
| SQL injection vulnerability in katgoster.asp in MzK Blog (tr) allows remote attackers to execute arbitrary SQL commands via the katID parameter. | | 10.0 | CVE-2007-3824 OTHER-REF FRSIRT SECUNIA
| Microsoft -- Internet Explorer
| Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called. | | 9.3 | CVE-2007-3826 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF
| MKPortal -- MKPortal
| Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the idurlo field in the delete_urlo function in (a) index.php in the urlobox module; the iden field in the (2) update_file and (3) del_file functions in (b) index.php in the reviews module; the (4) idnews field in the delete_news function and the (5) idcomm field in the del_comment function in (c) index.php in the news module; the (6) idcomm field in the delete_comments function in (d) index.php in the gallery module; the iden field in the (7) edit_file, (8) update_file, and (9) del_file functions in index.php in the gallery module; the (10) ide and (11) cat fields in the slide_update function in index.php in the gallery module; the iden field in the (12) update_file and (13) del_file functions in (d) index.php in the downloads module; and other unspecified vectors. | | 7.5 | CVE-2007-3814 BUGTRAQ MILW0RM BID BID XF
| Mozilla -- Firefox
| Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary code with chrome privileges by calling an event handler from an unspecified "element outside of a document." | | 7.5 | CVE-2007-3737 OTHER-REF FRSIRT SECUNIA
| Mozilla -- Firefox
| Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 allow remote attackers to execute arbitrary code via a crafted XPCNativeWrapper. | | 7.5 | CVE-2007-3738 OTHER-REF FRSIRT SECUNIA
| MySQL -- MySQL Community Server
| MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol. | | 7.8 | CVE-2007-3780 OTHER-REF
| NetWin -- SurgeFTP
| The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command. | | 8.5 | CVE-2007-3768 FULLDISC OTHER-REF FRSIRT SECUNIA XF
| Oracle -- Oracle Database
| Multiple unspecified vulnerabilities in in Oracle Database 10.2.0.3 allow remote authenticated users to have an unknown impact via (1) EXFSYS.DBMS_RLMGR_UTL in Rules Manager (DB11) and (2) Progam Interface (DB13). | | 7.5 | CVE-2007-3858 OTHER-REF OTHER-REF FRSIRT SECUNIA
| Oracle -- Collaboration Suite Oracle -- Oracle Application Server Oracle -- Oracle Database
| Unspecified vulnerability in the Oracle Internet Directory component for Oracle Database 9.2.0.8 and 9.2.0.8DV; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 10.1.2 has unknown impact and remote attack vectors, aka OID01. | | 7.5 | CVE-2007-3859 OTHER-REF OTHER-REF FRSIRT SECUNIA
| Oracle -- Application Express
| Unspecified vulnerability in Oracle Application Express (formerly Oracle HTML DB) 2.2.0.00.32 up to 3.0.0.00.20 allows developers to have an unknown impact via unknown attack vectors, aka APEX01. NOTE: a reliable researcher states that this is SQL injection in the wwv_flow_security.check_db_password function due to insufficient checks for '"' characters. | | 7.5 | CVE-2007-3860 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF FRSIRT SECUNIA
| Oracle -- Collaboration Suite Oracle -- Oracle Application Server
| Unspecified vulnerability in Oracle Jdeveloper in Oracle Application Server 10.1.2.2 and Collaboration Suite 10.1.2 allows context-dependent attackers to have an unknown impact via custom applications that use JBO.KEY, aka JDEV01. | | 7.5 | CVE-2007-3861 OTHER-REF OTHER-REF FRSIRT SECUNIA
| Oracle -- Oracle Application Server
| Unspecified vulnerability in Oracle Application Server 9.0.4.3 and 10.1.2.0.2 allows remote attackers to have an unknown impact via Oracle Single Sign On, aka AS01. | | 7.5 | CVE-2007-3862 OTHER-REF OTHER-REF FRSIRT SECUNIA
| Oracle -- Collaboration Suite Oracle -- Oracle Application Server
| Unspecified vulnerability in Oracle JDeveloper for Application Server 10.1.2.2 and 10.1.3.1, and Collaboration Suite 10.1.2, allows context-dependent attackers to have an unknown impact via custom applications that use JBO.SERVER, aka JDEV02. | | 7.5 | CVE-2007-3863 OTHER-REF OTHER-REF FRSIRT SECUNIA
| Oracle -- Collaboration Suite
| Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10.1.2 have unknown impact and remote attack vectors via (1) Instant Messaging/Presence (OCS01) and (2) Oracle Single Sign On (AS02). | | 7.5 | CVE-2007-3864 OTHER-REF OTHER-REF FRSIRT SECUNIA
| Oracle -- E-Business Suite
| Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 12.0.1 has unknown impact and remote attack vectors, aka APPS01. | | 7.5 | CVE-2007-3865 OTHER-REF OTHER-REF FRSIRT SECUNIA
| Oracle -- E-Business Suite
| Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 and 12.0.1 allow remote attackers to have an unknown impact via (a) Oracle Configurator (APPS02), (b) Oracle iExpenses (APPS03), (c) Oracle Application Object Library (APPS09), and (1) APPS12, (2) APPS13, and (3) APPS14 in (d) Oracle Payables. | | 7.5 | CVE-2007-3866 OTHER-REF OTHER-REF FRSIRT SECUNIA
| Oracle -- E-Business Suite
| Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 have unknown impact and attack vectors, related to (1) APPS04, (2) APPS05, and (3) APPS06 in (a) Oracle Application Object Library, (4) APPS07 in Oracle Customer Intelligence, (5) APPS08 in Oracle Payments, (7) APPS10 in Oracle Human Resources, and (8) APPS11 in iRecruitment. | | 7.5 | CVE-2007-3867 OTHER-REF OTHER-REF FRSIRT SECUNIA
| Oracle -- PeopleSoft Enterprise
| Multiple unspecified vulnerabilities in the Customer Relationship Management Online Marketing component in Oracle PeopleSoft Enterprise 8.9 Bundle 26 and 9.0 Bundle 7 allow remote authenticated users to have an unknown impact, aka (1) PSE04 and (2) PSE05. | | 7.5 | CVE-2007-3869 OTHER-REF OTHER-REF FRSIRT SECUNIA
| os-cillation -- Xfce Terminal
| The terminal_helper_execute function in terminal/terminal.c in Xfce Terminal 0.2.6 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a crafted link, as demonstrated using the "Open Link" functionality. | | 7.8 | CVE-2007-3770 OTHER-REF SECUNIA XF
| PHP -- PHP
| The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption. | | 7.8 | CVE-2007-3806 MILW0RM
| PHP Arena -- paFileDB
| SQL injection vulnerability in includes/search.php in paFileDB 3.6 allows remote attackers to execute arbitrary SQL commands via the categories[] parameter in a search action to index.php, a different vector than CVE-2005-2000. | | 7.5 | CVE-2007-3808 MILW0RM BID
| Pictures Rating -- Pictures Rating
| SQL injection vulnerability in index.php in Pictures Rating (Picture Rating) allows remote attackers to execute arbitrary SQL commands via the msgid parameter. | | 7.5 | CVE-2007-3881 MILW0RM BID
| Pidgin -- Pidgin
| Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux allows remote authenticated users, who are listed in a users list, to execute certain commands via unspecified vectors, aka ZD-00000035. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. | | 9.0 | CVE-2007-3841 OTHER-REF BID
| policyd -- policyd
| Buffer overflow in the w_read function in sockets.c in Cami Sardinha and Nigel Kukard policyd before 1.81 for Postfix allows remote attackers to cause a denial of service and possibly execute arbitrary code via long SMTP commands. NOTE: some of these details are obtained from third party information. | | 7.5 | CVE-2007-3791 OTHER-REF OTHER-REF OTHER-REF SECUNIA
| PopScript.com -- Expert Advisor
| SQL injection vulnerability in index.php in Expert Advisor allows remote attackers to execute arbitrary SQL commands via the id parameter. | | 7.5 | CVE-2007-3882 MILW0RM BID
| ProZIlla -- ProZilla Directory Script
| Multiple SQL injection vulnerabilities in Prozilla Directory Script allow remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action to directory.php, and other unspecified vectors. | | 7.5 | CVE-2007-3809 MILW0RM
| Roxio -- CinePlayer InterActual Technologies -- InterActual Player
| Multiple stack-based buffer overflows in (a) InterActual Player 2.60.12.0717 and (b) Roxio CinePlayer 3.2 allow remote attackers to execute arbitrary code via a (1) long FailURL attribute in the IAMCE ActiveX Control (IAMCE.dll) or a (2) long URLCode attribute in the IAKey ActiveX Control (IAKey.dll). NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 9.3 | CVE-2007-3829 BID SECUNIA SECUNIA XF
| RSA -- ACE Server Progress Software Corp -- Progress Progress Software Corp -- OpenEdge RSA -- RSA Authentication Manager
| Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via crafted packets. NOTE: this issue might overlap CVE-2007-3491. | | 10.0 | CVE-2007-2417 OTHER-REF SECUNIA SECUNIA
| SiteTrafficStats -- SiteTrafficStats
| SQL injection vulnerability in referralUrl.php in Traffic Stats allows remote attackers to execute arbitrary SQL commands via the offset parameter. | | 7.5 | CVE-2007-3840 MILW0RM BID
| SquirrelMail -- GPG Plugin
| The G/PGP (GPG) Plugin 2.0, and 2.1dev before 20060912, for Squirrelmail allows remote attackers to execute arbitrary commands via shell metacharacters in the messageSignedText parameter to the gpg_check_sign_pgp_mime function in gpg_hook_functions.php. NOTE: a parameter value can be set in the contents of an e-mail message. | | 7.5 | CVE-2007-3778 IDEFENSE MLIST MLIST VIM BID FRSIRT SECUNIA
| Symantec -- Symantec AntiVirus Symantec -- Symantec Gateway Security Symantec -- Scan Engine Symantec -- Symantec AntiVirus_Filtering Domino Symantec -- Symantec Web Security Symantec -- Norton Personal Firewall Symantec -- Norton Internet Security Symantec -- BrightMail AntiSpam Symantec -- Norton System Works Symantec -- Norton AntiVirus Symantec -- Client Security Symantec -- Mail Security Symantec -- Symantec AntiVirus Scan Engine
| The Decomposer component in multiple Symantec products may allow remote attackers to execute arbitrary code via certain CAB archives, related to improper "bounds checks." | | 10.0 | CVE-2007-3802 OTHER-REF BID FRSIRT SECUNIA
| TCPDump -- TCPDump
| Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet. | | 7.5 | CVE-2007-3798 OTHER-REF
|