Max CVSS | 10.0 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2006-2842 | 7.5 |
PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array p
|
07-08-2024 - 18:15 | 06-06-2006 - 20:06 | |
CVE-2007-2442 | 10.0 |
The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cl
|
09-02-2024 - 03:23 | 26-06-2007 - 22:30 | |
CVE-2007-1860 | 5.0 |
mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly in
|
13-02-2023 - 02:17 | 25-05-2007 - 18:30 | |
CVE-2007-0450 | 5.0 |
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence
|
13-02-2023 - 02:17 | 16-03-2007 - 22:19 | |
CVE-2007-2798 | 9.0 |
Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.
|
02-02-2021 - 18:32 | 26-06-2007 - 22:30 | |
CVE-2007-2443 | 8.3 |
Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value.
|
02-02-2021 - 18:28 | 26-06-2007 - 22:30 | |
CVE-2005-0758 | 4.6 |
zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.
|
16-10-2019 - 20:01 | 13-05-2005 - 04:00 | |
CVE-2005-2090 | 4.3 |
Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header
|
15-04-2019 - 16:29 | 05-07-2005 - 04:00 | |
CVE-2007-1358 | 2.6 |
Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform
|
25-03-2019 - 11:29 | 10-05-2007 - 00:19 | |
CVE-2007-1717 | 5.0 |
The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NO
|
30-10-2018 - 16:25 | 28-03-2007 - 00:19 | |
CVE-2007-1001 | 6.8 |
Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP)
|
30-10-2018 - 16:25 | 06-04-2007 - 00:19 | |
CVE-2007-1583 | 6.8 |
The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with
|
30-10-2018 - 16:25 | 21-03-2007 - 23:19 | |
CVE-2007-1484 | 4.6 |
The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zval_dtor, which triggers memory corruption and allows local users to bypass safe_mode and execute arbitrary code via a certain unset operatio
|
19-10-2018 - 18:18 | 16-03-2007 - 21:19 | |
CVE-2006-4019 | 6.4 |
Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users. This vulnerability is addressed
|
17-10-2018 - 21:32 | 11-08-2006 - 21:04 | |
CVE-2007-2447 | 6.0 |
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled,
|
16-10-2018 - 16:43 | 14-05-2007 - 21:19 | |
CVE-2007-2446 | 10.0 |
Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notif
|
16-10-2018 - 16:43 | 14-05-2007 - 21:19 | |
CVE-2007-1711 | 6.8 |
Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to (1) the GLOBALS array or (2) the session data in _SESSION. NOTE: this issue was in
|
16-10-2018 - 16:40 | 27-03-2007 - 01:19 | |
CVE-2007-0478 | 4.3 |
WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding
|
16-10-2018 - 16:32 | 25-01-2007 - 00:28 | |
CVE-2007-2589 | 5.0 |
Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element.
|
11-10-2017 - 01:32 | 11-05-2007 - 04:20 | |
CVE-2006-6142 | 6.8 |
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in
|
11-10-2017 - 01:31 | 05-12-2006 - 11:28 | |
CVE-2007-1262 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII char
|
11-10-2017 - 01:31 | 11-05-2007 - 04:20 | |
CVE-2004-2541 | 6.9 |
Buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long #include line that is later browsed by the target.
|
11-10-2017 - 01:29 | 31-12-2004 - 05:00 | |
CVE-2007-3744 | 5.8 |
Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in mDNSResponder on Apple Mac OS X 10.4.10 before 20070731 allows network-adjacent remote attackers to execute arbitrary code via
|
29-07-2017 - 01:32 | 03-08-2007 - 10:17 | |
CVE-2007-3747 | 6.8 |
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not restrict object instantiation and manipulation to valid heap addresses, which allows remote attackers to execute arbitrary code via a crafted applet.
|
29-07-2017 - 01:32 | 03-08-2007 - 10:17 | |
CVE-2007-3748 | 5.4 |
Buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in iChat on Apple Mac OS X 10.3.9 and 10.4.10 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet.
|
29-07-2017 - 01:32 | 03-08-2007 - 10:17 | |
CVE-2007-3746 | 6.8 |
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not properly check the bounds of heap read and write operations, which allows remote attackers to execute arbitrary code via a crafted applet.
|
29-07-2017 - 01:32 | 03-08-2007 - 10:17 | |
CVE-2007-3745 | 6.8 |
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 contains an unsafe interface that is exposed by JDirect, which allows remote attackers to free arbitrary memory and thereby execute arbitrary code.
|
29-07-2017 - 01:32 | 03-08-2007 - 10:17 | |
CVE-2007-2404 | 5.0 |
CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an unspecified context. NOTE: t
|
29-07-2017 - 01:31 | 03-08-2007 - 10:17 | |
CVE-2007-2409 | 4.3 |
Cross-domain vulnerability in WebCore on Apple Mac OS X 10.3.9 and 10.4.10 allows remote attackers to obtain sensitive information via a popup window, which is able to read the current URL of the parent window.
|
29-07-2017 - 01:31 | 03-08-2007 - 10:17 | |
CVE-2007-2403 | 6.8 |
CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 does not properly validate ftp: URIs, which allows remote attackers to trigger the transmission of arbitrary FTP commands to arbitrary FTP servers.
|
29-07-2017 - 01:31 | 03-08-2007 - 10:17 | |
CVE-2007-2405 | 6.8 |
Integer underflow in Preview in PDFKit on Apple Mac OS X 10.4.10 allows remote attackers to execute arbitrary code via a crafted PDF file.
|
29-07-2017 - 01:31 | 03-08-2007 - 10:17 | |
CVE-2007-2410 | 4.3 |
WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties of certain global objects when a new URL is visited in the same window, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
|
29-07-2017 - 01:31 | 03-08-2007 - 10:17 | |
CVE-2007-2407 | 4.0 |
The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows file sharing is enabled, does not enforce disk quotas after dropping privileges, which allows remote authenticated users to use disk space in excess of quota.
|
29-07-2017 - 01:31 | 03-08-2007 - 10:17 | |
CVE-2007-2406 | 6.8 |
Quartz Composer on Apple Mac OS X 10.4.10 does not initialize a certain object pointer, which might allow user-assisted remote attackers to execute arbitrary code via a crafted Quartz Composer file.
|
29-07-2017 - 01:31 | 03-08-2007 - 10:17 | |
CVE-2006-3174 | 2.6 |
Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter.
|
20-07-2017 - 01:32 | 23-06-2006 - 00:02 | |
CVE-2005-3128 | 4.3 |
Cross-site scripting (XSS) vulnerability in add.php in Address Add Plugin 1.9 and 2.0 for Squirrelmail allows remote attackers to inject arbitrary web script or HTML via the IMG tag.
|
11-07-2017 - 01:33 | 04-10-2005 - 22:02 | |
CVE-2004-0996 | 2.1 |
main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.
|
11-07-2017 - 01:30 | 10-01-2005 - 05:00 | |
CVE-2007-1461 | 7.8 |
The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended direct
|
13-07-2011 - 04:00 | 14-03-2007 - 18:19 | |
CVE-2007-1460 | 5.0 |
The zip:// URL wrapper provided by the PECL zip extension in PHP before 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or open_basedir checks, which allows remote attackers to read ZIP archives located outside of the intended directories.
|
24-05-2011 - 04:00 | 14-03-2007 - 18:19 | |
CVE-2007-1521 | 6.8 |
Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a
|
08-03-2011 - 02:52 | 20-03-2007 - 20:19 | |
CVE-2007-1287 | 4.3 |
A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as origina
|
08-03-2011 - 02:51 | 06-03-2007 - 20:19 |