Vulnerabilities > Configuration
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-11-15 | CVE-2007-4687 | Configuration vulnerability in Apple mac OS X and mac OS X Server The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private directory and access arbitrary files. | 9.3 |
2007-11-14 | CVE-2007-5943 | Configuration vulnerability in Simple Machines Simple Machines Forum 1.1.4 Simple Machines Forum (SMF) 1.1.4 allows remote attackers to read a message in private forums by using the advanced search module with the "show results as messages" option, then searching for possible keywords contained in that message. | 5.0 |
2007-11-14 | CVE-2007-3898 | Configuration vulnerability in Microsoft products The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors. | 6.4 |
2007-11-06 | CVE-2007-5838 | Configuration vulnerability in Symantec Altiris Deployment Solution 6/6.8 Aclient in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows local users to gain local System privileges via the "Enable key-based authentication to Deployment server" browser option, a different issue than CVE-2007-4380. | 7.2 |
2007-10-30 | CVE-2007-5715 | Configuration vulnerability in Denyhosts 2.6 DenyHosts 2.6 processes OpenSSH sshd "not listed in AllowUsers" log messages with an incorrect regular expression that does not match an IP address, which might allow remote attackers to avoid detection and blocking when making invalid login attempts with a username not present in AllowUsers, as demonstrated by the root username, a different vulnerability than CVE-2007-4323. | 4.3 |
2007-10-21 | CVE-2007-5334 | Configuration vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displaying XUL markup language documents, which makes it easier for remote attackers to conduct phishing and spoofing attacks by setting the hidechrome attribute. | 4.3 |
2007-10-12 | CVE-2007-5422 | Configuration vulnerability in SUN Sunos 5.10 Unspecified vulnerability in "Solaris Auditing" in the Basic Security Module (BSM) in Sun Solaris 10, when configured for auditing of networking (nt) events, allows local users to cause a denial of service (panic) via unspecified vectors. | 4.9 |
2007-10-12 | CVE-2007-5419 | Configuration vulnerability in 3Com 3Crwe554G72T 3Crwer10075 The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an optional virtual server, configures this server to accept all source IP addresses on the external (Internet) interface unless the user selects other options, which might expose the router to unintended incoming traffic from remote attackers, as demonstrated by setting up a virtual server on port 80, which allows remote attackers to access the web management interface. | 10.0 |
2007-09-27 | CVE-2007-3759 | Configuration vulnerability in Apple Safari Safari in Apple iPhone 1.1.1, when requested to disable Javascript, does not disable it until Safari is restarted, which might leave Safari open to attacks that the user does not expect. | 6.8 |
2007-09-24 | CVE-2007-5071 | Configuration vulnerability in Alexander Palmo Simple PHP Blog Incomplete blacklist vulnerability in upload_img_cgi.php in Simple PHP Blog before 0.5.1 allows remote attackers to upload dangerous files and execute arbitrary code, as demonstrated by a filename ending in .php. | 7.5 |