Microsoft: >> All Windows Security Vulnerabilities
MyServer before 0.8.8 allows remote attackers to cause a denial of service via unspecified vectors.
CVSS Score
7.8
EPSS Score
0.017
Published
2007-05-01
The safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier on Windows allows remote attackers to cause a denial of service (daemon crash) via a long meta list command.
CVSS Score
7.8
EPSS Score
0.007
Published
2007-04-12
The dynamic DNS update mechanism in the DNS Server service on Microsoft Windows does not properly authenticate clients in certain deployments or configurations, which allows remote attackers to change DNS records for a web proxy server and conduct man-in-the-middle (MITM) attacks on web traffic, conduct pharming attacks by poisoning DNS records, and cause a denial of service (erroneous name resolution).
CVSS Score
10.0
EPSS Score
0.313
Published
2007-03-24
The PHP COM extensions for PHP on Windows systems allow context-dependent attackers to execute arbitrary code via a WScript.Shell COM object, as demonstrated by using the Run method of this object to execute cmd.exe, which bypasses PHP's safe mode.
CVSS Score
6.8
EPSS Score
0.002
Published
2007-03-10
Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux allows remote attackers to cause a denial of service (CPU consumption) via a crafted UPX compressed file with a negative offset, which triggers an infinite loop during decompression.
CVSS Score
7.8
EPSS Score
0.015
Published
2007-03-06
Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager (NNM) before 07-10-05, and before 08-00-02 in the 08-x series, allow remote attackers to execute arbitrary code, cause a denial of service, or trigger invalid Web utility behavior.
CVSS Score
10.0
EPSS Score
0.126
Published
2007-02-26
Clearswift MAILsweeper for SMTP 4.3.6 SP1 does not execute custom "on strip unsuccessful" hooks, which allows remote attackers to bypass e-mail attachment filtering policies via an attachment that MAILsweeper can detect but not remove.
CVSS Score
5.0
EPSS Score
0.002
Published
2003-12-31
Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters.
CVSS Score
4.3
EPSS Score
0.003
Published
2003-12-31
CryptoBuddy 1.0 and 1.2 does not use the user-supplied passphrase to encrypt data, which could allow local users to use their own passphrase to decrypt the data.
CVSS Score
6.6
EPSS Score
0.008
Published
2003-12-31
Petitforum stores the liste.txt data file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as e-mail addresses and encrypted passwords.
CVSS Score
5.0
EPSS Score
0.002
Published
2003-12-31