Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-05-16 | CVE-2007-2445 | Remote Denial of Service vulnerability in Libpng Library The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value. | 5.0 |
2007-05-16 | CVE-2007-1898 | Unspecified vulnerability in Jetbox CMS 2.1 formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters. | 5.8 |
2007-05-16 | CVE-2007-1173 | Remote Buffer Overflow vulnerability in Multiple Vendor XFERWAN.EXE Multiple buffer overflows in the CentennialIPTransferServer service (XFERWAN.EXE), as used by (1) Centennial Discovery 2006 Feature Pack 1, (2) Numara Asset Manager 8.0, and (3) Symantec Discovery 6.5, allow remote attackers to execute arbitrary code via long strings in a crafted TCP packet. | 10.0 |
2007-05-16 | CVE-2007-1689 | Buffer Overflow vulnerability in Symantec Norton Personal Firewall 2004 ActiveX Control Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL for Norton Personal Firewall 2004 and Internet Security 2004 allows remote attackers to execute arbitrary code via long arguments to the (1) Get and (2) Set functions. | 10.0 |
2007-05-16 | CVE-2007-2720 | Security Bypass vulnerability in Group-Office Groupware 2.16.12 Group-Office before 2.16-13 does not properly validate user IDs, which allows remote attackers to obtain sensitive information via certain requests for (1) message.php and (2) messages.php in modules/email/. network group-office | 4.3 |
2007-05-16 | CVE-2007-2719 | Improper Authentication vulnerability in HP Systems Insight Manager 4.2/5.0 Session fixation vulnerability in HP Systems Insight Manager (SIM) 4.2 and 5.0 SP4 and SP5 allows remote attackers to hijack web sessions by setting the JSESSIONID cookie. | 10.0 |
2007-05-16 | CVE-2007-2718 | Cross-site scripting (XSS) vulnerability in the WebMail system in Stalker CommuniGate Pro 5.1.8 and earlier, when using Microsoft Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via crafted STYLE tags. | 4.3 |
2007-05-16 | CVE-2007-2717 | SQL Injection vulnerability in Igeneric IG Shop 1.4 SQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the type_id[] parameter, a different vector than CVE-2005-0537. | 7.5 |
2007-05-16 | CVE-2007-2716 | Cross-Site Scripting vulnerability in EQDKP Show Variable Multiple cross-site scripting (XSS) vulnerabilities in EQdkp 1.3.2c and earlier allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) listmembers.php and (2) stats.php. network eqdkp | 6.8 |
2007-05-16 | CVE-2007-2441 | Information Disclosure vulnerability in Caucho Resin Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to obtain the system path via certain URLs associated with (1) deploying web applications or (2) displaying .xtp files. | 5.0 |