MicroWorld eScan Virus Control 9.0.722.1, Anti-Virus 9.0.722.1, and Internet Security 9.0.722.1 use weak permissions (Everyone:Full Control) for their installation directory trees, which allows local users to gain privileges by replacing application files, as demonstrated by traysser.exe.
Max CVSS
7.2
EPSS Score
0.04%
Published
2007-08-31
Updated
2017-07-29
The nvcoaft51 driver in Norman Virus Control (NVC) 5.82 uses weak permissions (unrestricted write access) for the NvcOa device, which allows local users to gain privileges by (1) triggering a buffer overflow in a kernel pool via a string argument to ioctl 0xBF67201C; or by (2) sending a crafted KEVENT structure through ioctl 0xBF672028 to overwrite arbitrary memory locations.
Max CVSS
7.2
EPSS Score
0.04%
Published
2007-08-31
Updated
2018-10-15
newswire/uploadmedia.cgi in 2coolcode Our Space (Ourspace) 2.0.9 allows remote attackers to upload certain files via unspecified vectors, probably involving unrestricted functionality in uploadmedia.cgi.
Max CVSS
5.0
EPSS Score
1.81%
Published
2007-08-31
Updated
2017-09-29
Buffer overflow in the pop3 service in Hexamail Server 3.0.0.001 Lite allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long USER command.
Max CVSS
10.0
EPSS Score
75.38%
Published
2007-08-31
Updated
2017-09-29
SQL injection vulnerability in index.php in NMDeluxe 2.0.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a newspost do action, a different vulnerability than CVE-2006-1108.
Max CVSS
6.4
EPSS Score
0.49%
Published
2007-08-31
Updated
2017-09-29
Format string vulnerability in the Cl_GetPackets function in cl_main.c in the client in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allows remote Doomsday servers to execute arbitrary code via format string specifiers in a PSV_CONSOLE_TEXT message.
Max CVSS
7.5
EPSS Score
0.79%
Published
2007-08-31
Updated
2018-10-15
Integer underflow in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via a PKT_CHAT packet with a data length less than 3, which triggers an erroneous malloc, possibly related to the Sv_HandlePacket function in sv_main.c.
Max CVSS
5.0
EPSS Score
4.75%
Published
2007-08-31
Updated
2018-10-15
Multiple buffer overflows in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allow remote attackers to execute arbitrary code via a long chat (PKT_CHAT) message that is not properly handled by the (1) D_NetPlayerEvent function in d_net.c or the (2) Msg_Write function in net_msg.c, or (3) many commands that are not properly handled by the NetSv_ReadCommands function in d_netsv.c; or (4) cause a denial of service (daemon crash) via a chat (PKT_CHAT) message without a final '\0' character.
Max CVSS
10.0
EPSS Score
21.62%
Published
2007-08-31
Updated
2018-10-15
Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
Max CVSS
6.4
EPSS Score
0.34%
Published
2007-08-31
Updated
2017-09-29
Unrestricted file upload vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to upload and execute arbitrary PHP files in uploads/ via an Uploads action.
Max CVSS
6.4
EPSS Score
0.59%
Published
2007-08-31
Updated
2017-09-29
EnterpriseDB Advanced Server 8.2 does not properly handle certain debugging function calls that occur before a call to pldbg_create_listener, which allows remote authenticated users to cause a denial of service (daemon crash) and possibly execute arbitrary code via a SELECT statement that invokes a pldbg_ function, as demonstrated by (1) pldbg_get_stack and (2) pldbg_abort_target, which triggers use of an uninitialized pointer.
Max CVSS
6.5
EPSS Score
2.75%
Published
2007-08-31
Updated
2024-02-09
Blizzard Entertainment StarCraft Brood War 1.15.1 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed map, which triggers an out-of-bounds read during a minimap preview.
Max CVSS
4.3
EPSS Score
3.36%
Published
2007-08-31
Updated
2018-10-15
xGB.php in xGB 2.0 does not require authentication for an admin edit action, which allows remote attackers to make unspecified changes via an unknown series of steps.
Max CVSS
6.4
EPSS Score
1.43%
Published
2007-08-31
Updated
2017-09-29
Multiple PHP remote file inclusion vulnerabilities in phpBG 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to (1) intern/admin/other/backup.php, (2) intern/admin/, (3) intern/clan/member_add.php, (4) intern/config/key_2.php, or (5) intern/config/forum.php.
Max CVSS
7.5
EPSS Score
22.23%
Published
2007-08-31
Updated
2017-09-29
Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service (application crash) via certain file-transfer packets, possibly involving a buffer overflow, as demonstrated by ym8bug.exe. NOTE: this might be related to CVE-2007-4515. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
5.0
EPSS Score
17.04%
Published
2007-08-31
Updated
2008-09-05
Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to execute arbitrary SQL commands via the lang variable to the (1) user or (2) admin logon page, aka CSCsi64265.
Max CVSS
9.3
EPSS Score
0.15%
Published
2007-08-31
Updated
2017-07-29
Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to inject arbitrary web script or HTML via the lang variable to the (1) user or (2) admin logon page, aka CSCsi10728.
Max CVSS
4.3
EPSS Score
0.26%
Published
2007-08-31
Updated
2017-07-29
Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabled, which allows remote attackers to bypass authentication and obtain a terminal session, a different vulnerability than CVE-1999-0293 and CVE-2005-2105.
Max CVSS
4.3
EPSS Score
0.42%
Published
2007-08-31
Updated
2018-10-26
The DataLoader::doStart function in dataloader.cpp in QGit 1.5.6 and other versions up to 2pre1 allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on temporary files with predictable filenames.
Max CVSS
6.9
EPSS Score
0.04%
Published
2007-08-31
Updated
2017-07-29
Cross-site scripting (XSS) vulnerability in xlaapmview.asp in Absolute Poll Manager XE 4.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
Max CVSS
4.3
EPSS Score
0.33%
Published
2007-08-31
Updated
2018-10-15
Buffer overflow in the processLine function in maptemplate.c in MapServer before 4.10.3 allows attackers to cause a denial of service and possibly execute arbitrary code via a mapfile with a long layer name, group name, or metadata entry name.
Max CVSS
7.5
EPSS Score
1.90%
Published
2007-08-31
Updated
2016-06-15
SQL injection vulnerability in shownews.php in phpns 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
0.81%
Published
2007-08-31
Updated
2017-09-29
SQL injection vulnerability in index.php in ABC eStore 3.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
Max CVSS
7.5
EPSS Score
29.86%
Published
2007-08-31
Updated
2017-09-29
Unspecified vulnerability in Polipo before 1.0.2 allows remote attackers to cause a denial of service (daemon crash) via certain network traffic associated with entities larger than 2 Gb.
Max CVSS
5.0
EPSS Score
0.20%
Published
2007-08-31
Updated
2008-09-05
Polipo before 1.0.2 allows remote HTTP servers to cause a denial of service (daemon crash) by aborting the response to a POST request.
Max CVSS
4.3
EPSS Score
0.39%
Published
2007-08-31
Updated
2017-07-29
522 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!