Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-07-24 | CVE-2007-3953 | Denial Of Service vulnerability in Norman Virus Control DOC OLE File Parsing The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote attackers to cause a denial of service via a crafted DOC file that triggers a divide-by-zero error. network norman | 4.3 |
| 2007-07-24 | CVE-2007-3952 | Unspecified vulnerability in Norman Normon Antivirus The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote attackers to bypass the malware detection via a crafted DOC file, resulting from an "integer cast around". | 7.5 |
| 2007-07-24 | CVE-2007-3951 | Buffer-Overflow vulnerability in Multiple Norman Virus Control Products LZH Multiple buffer overflows in Norman Antivirus 5.90 allow remote attackers to execute arbitrary code via a crafted (1) ACE or (2) LZH file, resulting from an "integer cast around." | 7.5 |
| 2007-07-24 | CVE-2007-2926 | Remote Cache Poisoning vulnerability in ISC BIND 9 ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning. network isc | 4.3 |
| 2007-07-24 | CVE-2007-2925 | Unspecified vulnerability in ISC Bind 9.4.0/9.4.1/9.5.0 The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache. network isc | 5.8 |
| 2007-07-24 | CVE-2007-3950 | Unspecified vulnerability in Lighttpd lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the (1) mod_scgi, (2) mod_fastcgi, and (3) mod_webdav modules. network lighttpd | 4.3 |
| 2007-07-24 | CVE-2007-3949 | Unspecified vulnerability in Lighttpd mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote attackers to bypass url.access-deny settings. network lighttpd | 8.3 |
| 2007-07-24 | CVE-2007-3948 | Unspecified vulnerability in Lighttpd connections.c in lighttpd before 1.4.16 might accept more connections than the configured maximum, which allows remote attackers to cause a denial of service (failed assertion) via a large number of connection attempts. network lighttpd | 4.3 |
| 2007-07-24 | CVE-2007-3947 | Unspecified vulnerability in Lighttpd request.c in lighttpd 1.4.15 allows remote attackers to cause a denial of service (daemon crash) by sending an HTTP request with duplicate headers, as demonstrated by a request containing two Location header lines, which results in a segmentation fault. network lighttpd | 5.8 |
| 2007-07-24 | CVE-2007-3946 | Unspecified vulnerability in Lighttpd mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving (1) a memory leak, (2) use of md5-sess without a cnonce, (3) base64 encoded strings, and (4) trailing whitespace in the Auth-Digest header. | 6.4 |