Vulnerabilities > Configuration
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-09-14 | CVE-2007-4749 | Configuration vulnerability in Autodesk Backburner 3.0.2 The cmdjob utility in Autodesk Backburner 3.0.2 allows remote attackers to execute arbitrary commands on render servers by queueing jobs that contain these commands. | 6.8 |
| 2007-09-10 | CVE-2007-4789 | Configuration vulnerability in Cisco products Cisco Content Switching Modules (CSM) 4.2 before 4.2.7, and Cisco Content Switching Module with SSL (CSM-S) 2.1 before 2.1.6, when service termination is enabled, allow remote attackers to cause a denial of service (reboot) via unspecified vectors related to high network utilization, aka CSCsh57876. | 7.8 |
| 2007-08-14 | CVE-2007-2216 | Configuration vulnerability in Microsoft Internet Explorer 5.01/6/7 The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explorer 5.01, 6 SP1, and 7 uses an incorrect IObjectsafety implementation, which allows remote attackers to execute arbitrary code by requesting the HelpString property, involving a crafted DLL file argument to the TypeLibInfoFromFile function, which overwrites the HelpStringDll property to call the DLLGetDocumentation function in another DLL file, aka "ActiveX Object Vulnerability." | 9.3 |
| 2007-08-03 | CVE-2007-3742 | Configuration vulnerability in Apple Safari 3.0.0B/3.0.1B WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing "look-alike characters" (homographs) and possibly perform phishing attacks. | 4.3 |
| 2007-07-30 | CVE-2007-4074 | Configuration vulnerability in multiple products The default configuration of Centre for Speech Technology Research (CSTR) Festival 1.95 beta (aka 2.0 beta) on Gentoo Linux, SUSE Linux, and possibly other distributions, is run locally with elevated privileges without requiring authentication, which allows local and remote attackers to execute arbitrary commands via the local daemon on port 1314, a different vulnerability than CVE-2001-0956. | 10.0 |
| 2007-07-20 | CVE-2007-3380 | Configuration vulnerability in Linux Kernel 2.6.15 The Distributed Lock Manager (DLM) in the cluster manager for Linux kernel 2.6.15 allows remote attackers to cause a denial of service (loss of lock services) by connecting to the DLM port, which probably prevents other processes from accessing the service. | 5.0 |
| 2007-03-26 | CVE-2007-1692 | Configuration vulnerability in Microsoft Windows 2000 and Windows 2003 Server The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as demonstrated using Internet Explorer. | 7.5 |
| 2007-03-20 | CVE-2007-1507 | Configuration vulnerability in Openafs The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the cache. | 7.5 |
| 2007-03-02 | CVE-2007-1184 | Configuration vulnerability in Web-App.Org Webapp The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA setting of "no," which makes it easier for automated programs to submit false data. | 5.0 |
| 2007-02-23 | CVE-2007-1084 | Configuration vulnerability in Mozilla Firefox Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page. | 6.8 |