Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-06-06 | CVE-2007-2237 | Divide By Zero vulnerability in Microsoft Windows XP Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error. | 5.5 |
| 2007-05-16 | CVE-2007-2723 | Divide By Zero vulnerability in Mpc-Hc Media Player Classic 6.4.9.0 Media Player Classic 6.4.9.0 allows user-assisted remote attackers to cause a denial of service (web browser crash) via an "empty" .MPA file, which triggers a divide-by-zero error. | 5.5 |
| 2007-05-03 | CVE-2007-2479 | Information Exposure vulnerability in Cerulean Studios Trillian 3.1 Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a server message to be sent to the attacker. | 5.9 |
| 2007-03-07 | CVE-2006-7142 | Use of Hard-coded Credentials vulnerability in Utimaco Safeguard 4.30 The centralized management feature for Utimaco Safeguard stores hard-coded cryptographic keys in executable programs for encrypted configuration files, which allows attackers to recover the keys from the configuration files and decrypt the disk drive. | 7.8 |
| 2007-03-06 | CVE-2007-1285 | Uncontrolled Recursion vulnerability in multiple products The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines. | 7.5 |
| 2007-03-02 | CVE-2006-7079 | Improper Control of Dynamically-Managed Code Resources vulnerability in Exv2 Content Management System Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute arbitrary code by modifying the $xoopsOption['pagetype'] variable. | 9.8 |
| 2007-02-16 | CVE-2007-0897 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor. | 7.5 |
| 2007-02-03 | CVE-2007-0681 | Insufficiently Protected Credentials vulnerability in Extcalendar Project Extcalendar 2 profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to register.php. | 9.8 |
| 2007-01-16 | CVE-2006-6767 | Reachable Assertion vulnerability in Time-Travellers Oftpd oftpd before 0.3.7 allows remote attackers to cause a denial of service (daemon abort) via a (1) LPRT or (2) LPASV command with an unsupported address family, which triggers an assertion failure. | 7.5 |
| 2006-12-29 | CVE-2006-6811 | Reachable Assertion vulnerability in multiple products KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference. | 6.5 |