Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-09-18 | CVE-2007-4961 | Missing Encryption of Sensitive Data vulnerability in Lindenlab Second Life The login_to_simulator method in Linden Lab Second Life, as used by the secondlife:// protocol handler and possibly other Second Life login mechanisms, sends an MD5 hash in cleartext in the passwd field, which allows remote attackers to login to an account by sniffing the network and then sending this hash to a Second Life authentication server. | 7.5 |
| 2007-08-03 | CVE-2007-4150 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Visionsoft Audit 12.4.0.0 The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 uses weak cryptography (XOR) when (1) transmitting passwords, which allows remote attackers to obtain sensitive information by sniffing the network; and (2) storing passwords in the configuration file, which allows local users to obtain sensitive information by reading this file. | 7.5 |
| 2007-07-31 | CVE-2007-4103 | Missing Release of Resource after Effective Lifetime vulnerability in Digium Asterisk and Asterisk Appliance Developer KIT The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of calls that do not complete a 3-way handshake, which causes an ast_channel to be allocated but not released. | 7.5 |
| 2007-07-18 | CVE-2007-3268 | Divide By Zero vulnerability in IBM Tivoli Provisioning Manager OS Deployment 5.1.0.2 The TFTP implementation in IBM Tivoli Provisioning Manager for OS Deployment 5.1 before Fix Pack 3 allows remote attackers to cause a denial of service (rembo.exe crash and multiple service outage) via a read (RRQ) request with an invalid blksize (blocksize), which triggers a divide-by-zero error. | 7.5 |
| 2007-06-26 | CVE-2007-3409 | Uncontrolled Recursion vulnerability in multiple products Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop. | 7.5 |
| 2007-06-22 | CVE-2007-3365 | Improper Handling of Case Sensitivity vulnerability in Myserverproject Myserver 0.8.9 MyServer 0.8.9 and earlier does not properly handle uppercase characters in filename extensions, which allows remote attackers to obtain sensitive information (script source code) via a modified extension, as demonstrated by post.mscgI. | 7.5 |
| 2007-03-07 | CVE-2006-7142 | Use of Hard-coded Credentials vulnerability in Utimaco Safeguard 4.30 The centralized management feature for Utimaco Safeguard stores hard-coded cryptographic keys in executable programs for encrypted configuration files, which allows attackers to recover the keys from the configuration files and decrypt the disk drive. | 7.8 |
| 2007-03-06 | CVE-2007-1285 | Uncontrolled Recursion vulnerability in multiple products The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines. | 7.5 |
| 2007-02-16 | CVE-2007-0897 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor. | 7.5 |
| 2007-01-16 | CVE-2006-6767 | Reachable Assertion vulnerability in Time-Travellers Oftpd oftpd before 0.3.7 allows remote attackers to cause a denial of service (daemon abort) via a (1) LPRT or (2) LPASV command with an unsupported address family, which triggers an assertion failure. | 7.5 |