Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-01-08 | CVE-2008-0141 | Use of Insufficiently Random Values vulnerability in Webportal CMS Project Webportal CMS 0.6.0 actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of day, which makes it easier for remote attackers to obtain access to any account via a lostpass action. | 7.5 |
| 2007-11-20 | CVE-2007-6033 | Incorrect Permission Assignment for Critical Resource vulnerability in Wonderware Intouch 8.0 Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure permissions (Everyone/Full Control), which allows remote authenticated attackers, and possibly anonymous users, to execute arbitrary programs. | 8.8 |
| 2007-11-19 | CVE-2007-6013 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash. | 9.8 |
| 2007-11-15 | CVE-2007-4268 | Incorrect Conversion between Numeric Types vulnerability in Apple mac OS X Integer signedness error in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk message with a negative value, which satisfies a signed comparison during mbuf allocation but is later interpreted as an unsigned value, which triggers a heap-based buffer overflow. | 7.8 |
| 2007-11-15 | CVE-2007-3749 | Improper Initialization vulnerability in Apple mac OS X The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach Thread Port or Thread Exception Port when executing a setuid program, which allows local users to execute arbitrary code by creating the port before launching the setuid program, then writing to the address space of the setuid process. | 7.8 |
| 2007-11-01 | CVE-2007-5778 | Cleartext Storage of Sensitive Information vulnerability in Flexispy Mobile SPY Mobile Spy (1) stores login credentials in cleartext under the RetinaxStudios registry key, and (2) sends login credentials and log data over a cleartext HTTP connection, which allows attackers to obtain sensitive information by reading the registry or sniffing the network. | 7.5 |
| 2007-10-29 | CVE-2007-5544 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Lotus Notes IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus Script or other character sequences into a session. | 7.8 |
| 2007-10-23 | CVE-2007-5626 | Cleartext Transmission of Sensitive Information vulnerability in Bacula make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network. | 5.5 |
| 2007-10-15 | CVE-2007-5460 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Microsoft Windows Mobile 5.0 Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process. | 4.6 |
| 2007-09-24 | CVE-2007-4988 | Incorrect Conversion between Numeric Types vulnerability in multiple products Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. | 7.8 |