Exploit Intelligence Platform

CVE-2007-5460 4.6 MEDIUM EPSS 0.01

Microsoft Windows Mobile - Broken Cryptographic Algorithm

Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process.

CWE-327 Oct 15, 2007

CVE-2007-4465 6.1 MEDIUM EPSS 0.03

Apache HTTP Server <2.2.6 - XSS

Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.

CWE-79 Sep 14, 2007

CVE-2007-4786 5.3 MEDIUM EPSS 0.00

Cisco Adaptive Security Appliance Software - Cleartext Transmission

Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to a remote syslog server or places them in a local logging buffer, which allows context-dependent attackers to obtain sensitive information.

CWE-319 Sep 10, 2007

CVE-2007-3968 5.3 MEDIUM EPSS 0.00

Dirlist Php < 0.1.1 - Incorrect Authorization

index.php in dirLIST before 0.1.1 allows remote attackers to list the contents of an excluded folder via a modified URL containing the folder name.

CWE-264 Jul 25, 2007

CVE-2007-3484 6.1 MEDIUM EPSS 0.01

Google Custom Search Engine - XSS

Cross-site scripting (XSS) vulnerability in search.php in Google Custom Search Engine allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this issue is disputed by the Google Security Team, who states that "Google does not provide the 'search.php' script referenced. When a user creates a custom search engine, we provide them with a block of javascript to include on their site. Some users write additional code around this block of javascript to further customize their website.

CWE-79 Jun 28, 2007

CVE-2007-2237 5.5 MEDIUM 2 PoCs Analysis EPSS 0.61

Microsoft Windows XP - Divide By Zero

Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error.

CWE-369 Jun 06, 2007

CVE-2007-2723 5.5 MEDIUM EPSS 0.01

Media Player Classic 6.4.9.0 - DoS

Media Player Classic 6.4.9.0 allows user-assisted remote attackers to cause a denial of service (web browser crash) via an "empty" .MPA file, which triggers a divide-by-zero error.

CWE-369 May 16, 2007

CVE-2007-2479 5.9 MEDIUM EPSS 0.01

Cerulean Studios Trillian Pro <3.1.5.1 - Info Disclosure

Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a server message to be sent to the attacker.

CWE-200 May 03, 2007

CVE-2007-1679 5.4 MEDIUM EPSS 0.00

Horde Groupware - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in (1) imp/search.php and (2) ingo/rule.php. NOTE: this issue has been disputed by the vendor, noting that the search.php issue was resolved in CVE-2006-4255, and attackers can only use rule.php to inject XSS into their own pages

CWE-79 Mar 26, 2007

CVE-2006-7031 6.5 MEDIUM 1 PoC Analysis EPSS 0.25

Microsoft Internet Explorer < 6.0.2900 - Denial of Service

Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an "unhandled exception" in mshtml.dll.

Feb 23, 2007

CVE-2006-6811 6.5 MEDIUM 1 PoC Analysis EPSS 0.06

KsIRC 1.3.12 - DoS

KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference. NOTE: this issue was originally reported as a buffer overflow.

CWE-617 Dec 29, 2006

CVE-2006-5648 5.5 MEDIUM EPSS 0.00

Ubuntu Linux - Denial of Service

Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (resource consumption) by using the (1) sys_get_robust_list and (2) sys_set_robust_list functions to create processes that cannot be killed.

CWE-400 Dec 14, 2006

CVE-2006-5649 5.5 MEDIUM EPSS 0.00

Ubuntu Linux - Denial of Service

Unspecified vulnerability in the "alignment check exception handling" in Ubuntu 5.10, 6.06 LTS, and 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (kernel panic) via unspecified vectors.

CWE-400 Dec 14, 2006

CVE-2006-6016 6.5 MEDIUM EPSS 0.01

Wordpress < 2.0.4 - Out-of-Bounds Read

wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter.

CWE-125 Nov 21, 2006

CVE-2006-6017 6.5 MEDIUM EPSS 0.03

Wordpress < 2.0.5 - Denial of Service

WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display.

CWE-400 Nov 21, 2006

CVE-2006-5847 6.1 MEDIUM 1 PoC Analysis EPSS 0.04

Freewebshop < 2.2.2 - XSS

Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

CWE-79 Nov 10, 2006

CVE-2006-5632 6.1 MEDIUM EPSS 0.00

IG Shop - XSS

Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-5631. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Oct 31, 2006

CVE-2006-5393 5.5 MEDIUM EPSS 0.00

Cisco Secure Desktop - Out-of-Bounds Read

Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user's SSL VPN session.

CWE-125 Oct 18, 2006

CVE-2006-4342 5.5 MEDIUM EPSS 0.00

Redhat Enterprise Linux - Improper Locking

The kernel in Red Hat Enterprise Linux 3, when running on SMP systems, allows local users to cause a denial of service (deadlock) by running the shmat function on an shm at the same time that shmctl is removing that shm (IPC_RMID), which prevents a spinlock from being unlocked.

CWE-667 Oct 17, 2006

CVE-2006-3547 5.5 MEDIUM EPSS 0.00

EMC VMware Player - DoS

EMC VMware Player allows user-assisted attackers to cause a denial of service (unrecoverable application failure) via a long value of the ide1:0.fileName parameter in the .vmx file of a virtual machine. NOTE: third parties have disputed this issue, saying that write access to the .vmx file enables other ways of stopping the virtual machine, so no privilege boundaries are crossed

Jul 13, 2006

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps