Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2007-05-16 CVE-2007-2723 Divide By Zero vulnerability in Mpc-Hc Media Player Classic 6.4.9.0
Media Player Classic 6.4.9.0 allows user-assisted remote attackers to cause a denial of service (web browser crash) via an "empty" .MPA file, which triggers a divide-by-zero error.
local
low complexity
mpc-hc CWE-369
5.5
2007-05-03 CVE-2007-2479 Information Exposure vulnerability in Cerulean Studios Trillian 3.1
Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a server message to be sent to the attacker.
network
high complexity
cerulean-studios CWE-200
5.9
2007-03-07 CVE-2006-7142 Use of Hard-coded Credentials vulnerability in Utimaco Safeguard 4.30
The centralized management feature for Utimaco Safeguard stores hard-coded cryptographic keys in executable programs for encrypted configuration files, which allows attackers to recover the keys from the configuration files and decrypt the disk drive.
local
low complexity
utimaco CWE-798
7.8
2007-03-06 CVE-2007-1285 Uncontrolled Recursion vulnerability in multiple products
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
network
low complexity
php canonical novell suse redhat CWE-674
7.5
2007-03-02 CVE-2006-7079 Improper Control of Dynamically-Managed Code Resources vulnerability in Exv2 Content Management System
Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute arbitrary code by modifying the $xoopsOption['pagetype'] variable.
network
low complexity
exv2 CWE-913
critical
9.8
2007-02-16 CVE-2007-0897 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor.
network
low complexity
clamav apple debian CWE-772
7.5
2007-02-03 CVE-2007-0681 Insufficiently Protected Credentials vulnerability in Extcalendar Project Extcalendar 2
profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to register.php.
network
low complexity
extcalendar-project CWE-522
critical
9.8
2007-01-16 CVE-2006-6767 Reachable Assertion vulnerability in Time-Travellers Oftpd
oftpd before 0.3.7 allows remote attackers to cause a denial of service (daemon abort) via a (1) LPRT or (2) LPASV command with an unsupported address family, which triggers an assertion failure.
network
low complexity
time-travellers CWE-617
7.5
2006-12-29 CVE-2006-6811 Reachable Assertion vulnerability in multiple products
KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference.
network
low complexity
kde canonical CWE-617
6.5
2006-12-21 CVE-2006-6679 Incorrect Authorization vulnerability in Chetcpasswd Project Chetcpasswd
Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For HTTP header when verifying a client's status on an IP address ACL, which allows remote attackers to gain unauthorized access by spoofing this header.
network
low complexity
chetcpasswd-project CWE-863
7.5