LiveActive security incident?Get immediate response
CVE archive

April 2007

Browse CVE records published in April 2007, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 639 matching CVEs · Page 1 of 13.

Unknown · CVSS Not scored

CVE-2007-2065: PHP remote file inclusion vulnerability in db/PollDB.php in Robert Ladstaetter ActionPoll 1.1.1 allows remo...

PHP remote file inclusion vulnerability in db/PollDB.php in Robert Ladstaetter ActionPoll 1.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG_DATAREADERWRITER parameter, a different vector than CVE-2001-1297. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Apr 18, 2007 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2007-6020: Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat File speed reader in Autonomy (forme...

Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat File speed reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a long attribute value in a (1) DI, (2) FD, (3) FT, (4) JD, (5) JL, (6) LE, (7) OB, (8) OD, (9) OL, (10) PN, (11) PS, (12) PW, (13) RD, (14) QL, or (15) TS tag in a .fff file.

Published Apr 10, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-5406: kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as us...

kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, does not properly parse long tokens, which allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted .ag file.

Published Apr 10, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-5399: Multiple heap-based buffer overflows in emlsr.dll in the EML reader in Autonomy (formerly Verity) KeyView 1...

Multiple heap-based buffer overflows in emlsr.dll in the EML reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, allow remote attackers to execute arbitrary code via a long (1) To, (2) Cc, (3) Bcc, (4) From, (5) Date, (6) Subject, (7) Priority, (8) Importance, or (9) X-MSMail-Priority header; (10) a long string at the beginning of an RFC2047 encoded-word in a header; (11) a long text string in an RFC2047 encoded-word in a header; or (12) a long Subject header, related to creation of an associated filename.

Published Apr 10, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-5405: Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (fo...

Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a .ag file with (1) a long ENCODING attribute in a *BEGIN tag, (2) a long token, or (3) the initial *BEGIN tag.

Published Apr 10, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4620: Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8....

Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager for the Enterprise 8.1 and r8, allow remote authenticated users to execute arbitrary code via crafted RPC requests.

Published Apr 7, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-2379: The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protectio...

The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."

Published Apr 30, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-2383: The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSO...

The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."

Published Apr 30, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-2348: mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote...

mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as "get" which could overwrite executable files.

Published Apr 27, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-2339: Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow remote attackers to execute arbitrary...

Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow remote attackers to execute arbitrary SQL commands via (1) a modified recipients parameter name in (a) pm.php; (2) the curr parameter to the (b) badwords (aka censorlist) or (c) banlist module in admin.php; or (3) the "Edit groups / Add group" field in the (d) groups module in admin.php.

Published Apr 27, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-2382: The Moo.fx framework exchanges data using JavaScript Object Notation (JSON) without an associated protectio...

The Moo.fx framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."

Published Apr 30, 2007 · Updated Aug 7, 2024