Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-23 | CVE-2007-0432 | Products Multiple vulnerability in BEA Aqualogic Service BUS 2.0/2.1/2.5 BEA AquaLogic Service Bus 2.0, 2.1, and 2.5 does not properly reject malformed request messages to a proxy service, which might allow remote attackers to bypass authorization policies and route requests to back-end services or conduct other unauthorized activities. | 7.5 |
| 2007-01-23 | CVE-2007-0431 | Remote Denial of Service vulnerability in AVM Fritzbox 7050 AVM Fritz!Box 7050, and possibly other product models, allows remote attackers to cause a denial of service (VoIP application crash) via a zero-length UDP packet to the SIP port (port 5060). | 7.8 |
| 2007-01-23 | CVE-2006-6948 | SQL-Injection vulnerability in Myodbc Japanese2.50.25/Japanese2.50.29/Japanese3.51.06 MyODBC Japanese conversion edition 3.51.06, 2.50.29, and 2.50.25 allows remote attackers to cause a denial of service via a certain string in a response, which has unspecified impact on the MySQL database. | 7.8 |
| 2007-01-23 | CVE-2006-6947 | Remote Security vulnerability in Multiwriter 1700C The FTP server in the NEC MultiWriter 1700C allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command, a variant of CVE-1999-0017. | 7.8 |
| 2007-01-23 | CVE-2006-6946 | Remote Security vulnerability in Multiwriter 1700C The web server in the NEC MultiWriter 1700C allows remote attackers to modify the device configuration via unspecified vectors. | 7.5 |
| 2007-01-23 | CVE-2007-0425 | Remote Security vulnerability in JRockit Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 through 8.1 SP5, and JRockit 1.4.2 R4.5 and earlier, allows attackers to gain privileges via unspecified vectors, related to an "overflow condition," probably a buffer overflow. | 7.5 |
| 2007-01-23 | CVE-2007-0418 | Products Multiple vulnerability in BEA BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1 does not enforce a security policy that declares permissions for EJB methods that have array parameters, which allows remote attackers to obtain unauthorized access to these methods. | 7.5 |
| 2007-01-23 | CVE-2007-0416 | Products Multiple vulnerability in BEA The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and 9.1 does not verify credentials when decrypting client messages, which allows remote attackers to bypass application security. | 7.5 |
| 2007-01-23 | CVE-2007-0408 | Products Multiple vulnerability in BEA BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate client certificates when reusing cached connections, which allows remote attackers to obtain access via an untrusted X.509 certificate. | 7.5 |
| 2007-01-23 | CVE-2007-0404 | Remote Arbitrary Command Execution vulnerability in Django Project Django 0.95 bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a (1) .po or (2) .mo file. | 7.5 |