Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2007-6018

Summary
Assigner-flexera
Assigner Org ID-44d08088-2bea-4760-83a6-1e9be26b15ab
Published At-11 Jan, 2008 | 02:00
Updated At-07 Aug, 2024 | 15:54
Rejected At-
Credits

IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:flexera
Assigner Org ID:44d08088-2bea-4760-83a6-1e9be26b15ab
Published At:11 Jan, 2008 | 02:00
Updated At:07 Aug, 2024 | 15:54
Rejected At:
▼CVE Numbering Authority (CNA)

IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/29186
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=428625
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
vendor-advisory
x_refsource_SUSE
https://exchange.xforce.ibmcloud.com/vulnerabilities/39595
vdb-entry
x_refsource_XF
http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17&r2=1.17.2.1&ty=h
x_refsource_CONFIRM
http://lists.horde.org/archives/announce/2008/000365.html
mailing-list
x_refsource_MLIST
http://lists.horde.org/archives/announce/2008/000360.html
mailing-list
x_refsource_MLIST
http://secunia.com/advisories/34418
third-party-advisory
x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html
vendor-advisory
x_refsource_FEDORA
http://www.securityfocus.com/bid/27223
vdb-entry
x_refsource_BID
http://lists.horde.org/archives/announce/2008/000366.html
mailing-list
x_refsource_MLIST
http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12&r2=1.12.2.1&ty=h
x_refsource_CONFIRM
http://secunia.com/secunia_research/2007-102/advisory/
x_refsource_MISC
http://secunia.com/advisories/28020
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/29185
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/28546
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/29184
third-party-advisory
x_refsource_SECUNIA
http://www.debian.org/security/2008/dsa-1470
vendor-advisory
x_refsource_DEBIAN
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://secunia.com/advisories/29186
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=428625
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/39595
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17&r2=1.17.2.1&ty=h
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.horde.org/archives/announce/2008/000365.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://lists.horde.org/archives/announce/2008/000360.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://secunia.com/advisories/34418
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.securityfocus.com/bid/27223
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://lists.horde.org/archives/announce/2008/000366.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12&r2=1.12.2.1&ty=h
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/secunia_research/2007-102/advisory/
Resource:
x_refsource_MISC
Hyperlink: http://secunia.com/advisories/28020
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/29185
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/28546
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/29184
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.debian.org/security/2008/dsa-1470
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html
Resource:
vendor-advisory
x_refsource_FEDORA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/29186
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=428625
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/39595
vdb-entry
x_refsource_XF
x_transferred
http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17&r2=1.17.2.1&ty=h
x_refsource_CONFIRM
x_transferred
http://lists.horde.org/archives/announce/2008/000365.html
mailing-list
x_refsource_MLIST
x_transferred
http://lists.horde.org/archives/announce/2008/000360.html
mailing-list
x_refsource_MLIST
x_transferred
http://secunia.com/advisories/34418
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.securityfocus.com/bid/27223
vdb-entry
x_refsource_BID
x_transferred
http://lists.horde.org/archives/announce/2008/000366.html
mailing-list
x_refsource_MLIST
x_transferred
http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12&r2=1.12.2.1&ty=h
x_refsource_CONFIRM
x_transferred
http://secunia.com/secunia_research/2007-102/advisory/
x_refsource_MISC
x_transferred
http://secunia.com/advisories/28020
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/29185
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/28546
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/29184
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.debian.org/security/2008/dsa-1470
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://secunia.com/advisories/29186
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=428625
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/39595
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17&r2=1.17.2.1&ty=h
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.horde.org/archives/announce/2008/000365.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://lists.horde.org/archives/announce/2008/000360.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://secunia.com/advisories/34418
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/27223
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://lists.horde.org/archives/announce/2008/000366.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12&r2=1.12.2.1&ty=h
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/secunia_research/2007-102/advisory/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://secunia.com/advisories/28020
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/29185
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/28546
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/29184
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.debian.org/security/2008/dsa-1470
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:PSIRT-CNA@flexerasoftware.com
Published At:11 Jan, 2008 | 02:46
Updated At:29 Jul, 2017 | 01:33

IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
Type: Primary
Version: 2.0
Base score: 5.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N
CPE Matches
Horde LLC
horde
>>framework>>3.1.5
cpe:2.3:a:horde:framework:3.1.5:*:*:*:*:*:*:*
Horde LLC
horde
>>groupware_webmail_edition>>1.0.3
cpe:2.3:a:horde:groupware_webmail_edition:1.0.3:*:*:*:*:*:*:*
Horde LLC
horde
>>horde>>3.1.5
cpe:2.3:a:horde:horde:3.1.5:*:*:*:*:*:*:*
Horde LLC
horde
>>imp>>4.1.5
cpe:2.3:a:horde:imp:4.1.5:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-264Primarynvd@nist.gov
CWE ID: CWE-264
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17&r2=1.17.2.1&ty=hPSIRT-CNA@flexerasoftware.com
N/A
http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12&r2=1.12.2.1&ty=hPSIRT-CNA@flexerasoftware.com
N/A
http://lists.horde.org/archives/announce/2008/000360.htmlPSIRT-CNA@flexerasoftware.com
N/A
http://lists.horde.org/archives/announce/2008/000365.htmlPSIRT-CNA@flexerasoftware.com
N/A
http://lists.horde.org/archives/announce/2008/000366.htmlPSIRT-CNA@flexerasoftware.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.htmlPSIRT-CNA@flexerasoftware.com
N/A
http://secunia.com/advisories/28020PSIRT-CNA@flexerasoftware.com
Vendor Advisory
http://secunia.com/advisories/28546PSIRT-CNA@flexerasoftware.com
N/A
http://secunia.com/advisories/29184PSIRT-CNA@flexerasoftware.com
N/A
http://secunia.com/advisories/29185PSIRT-CNA@flexerasoftware.com
N/A
http://secunia.com/advisories/29186PSIRT-CNA@flexerasoftware.com
N/A
http://secunia.com/advisories/34418PSIRT-CNA@flexerasoftware.com
N/A
http://secunia.com/secunia_research/2007-102/advisory/PSIRT-CNA@flexerasoftware.com
Vendor Advisory
http://www.debian.org/security/2008/dsa-1470PSIRT-CNA@flexerasoftware.com
N/A
http://www.securityfocus.com/bid/27223PSIRT-CNA@flexerasoftware.com
Patch
https://bugzilla.redhat.com/show_bug.cgi?id=428625PSIRT-CNA@flexerasoftware.com
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/39595PSIRT-CNA@flexerasoftware.com
N/A
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.htmlPSIRT-CNA@flexerasoftware.com
N/A
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.htmlPSIRT-CNA@flexerasoftware.com
N/A
Hyperlink: http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17&r2=1.17.2.1&ty=h
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12&r2=1.12.2.1&ty=h
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://lists.horde.org/archives/announce/2008/000360.html
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://lists.horde.org/archives/announce/2008/000365.html
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://lists.horde.org/archives/announce/2008/000366.html
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/28020
Source: PSIRT-CNA@flexerasoftware.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/28546
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/29184
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/29185
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/29186
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/34418
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://secunia.com/secunia_research/2007-102/advisory/
Source: PSIRT-CNA@flexerasoftware.com
Resource:
Vendor Advisory
Hyperlink: http://www.debian.org/security/2008/dsa-1470
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/27223
Source: PSIRT-CNA@flexerasoftware.com
Resource:
Patch
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=428625
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/39595
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

9Records found
CVE-2005-3759
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-5.8||MEDIUM
EPSS-0.71% / 71.41%
||
7 Day CHG~0.00%
Published-22 Nov, 2005 | 21:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments.

Action-Not Available
Vendor-n/aHorde LLC
Product-horden/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-7219
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.06% / 76.77%
||
7 Day CHG~0.00%
Published-13 Sep, 2009 | 22:00
Updated-17 Sep, 2024 | 01:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not validate ownership when performing share changes, which has unknown impact and attack vectors.

Action-Not Available
Vendor-n/aHorde LLC
Product-nag_h3kronolith_h3mnemo_h3groupware_webmail_editiongroupwaren/a
CWE ID-CWE-264
Not Available
CVE-2008-0807
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.56% / 67.11%
||
7 Day CHG~0.00%
Published-19 Feb, 2008 | 00:00
Updated-07 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book.

Action-Not Available
Vendor-n/aHorde LLCDebian GNU/Linux
Product-groupwaredebian_linuxgroupware_webmail_editionturba_contact_managern/a
CWE ID-CWE-264
Not Available
CVE-2009-1888
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.8||MEDIUM
EPSS-4.05% / 88.06%
||
7 Day CHG~0.00%
Published-24 Jun, 2009 | 22:00
Updated-07 Aug, 2024 | 05:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxSamba
Product-ubuntu_linuxdebian_linuxsamban/a
CWE ID-CWE-264
Not Available
CVE-2008-4698
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.79% / 72.87%
||
7 Day CHG~0.00%
Published-23 Oct, 2008 | 21:00
Updated-07 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 9.61 does not properly block scripts during preview of a news feed, which allows remote attackers to create arbitrary new feed subscriptions and read the contents of arbitrary feeds.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-264
Not Available
CVE-2008-0792
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.58% / 67.80%
||
7 Day CHG~0.00%
Published-15 Feb, 2008 | 01:00
Updated-07 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted CAB archive.

Action-Not Available
Vendor-n/aF-Secure Corporation
Product-f-secure_anti-virusf-secure_protection_service_for_businessf-secure_anti-virus_for_linuxf-secure_anti-virus_linux_client_securityf-secure_anti-virus_client_securityf-secure_internet_securityf-secure_protection_service_for_consumersf-secure_anti-virus_for_workstationsn/a
CWE ID-CWE-264
Not Available
CVE-2008-0898
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.23% / 45.42%
||
7 Day CHG~0.00%
Published-22 Feb, 2008 | 21:00
Updated-07 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The distributed queue feature in JMS in BEA WebLogic Server 9.0 through 10.0, in certain configurations, does not properly handle when a client cannot send a message to a member of a distributed queue, which allows remote authenticated users to bypass intended access restrictions for protected distributed queues.

Action-Not Available
Vendor-n/aBEA Systems, Inc.
Product-weblogic_servern/a
CWE ID-CWE-264
Not Available
CVE-2007-6636
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.36% / 57.20%
||
7 Day CHG~0.00%
Published-04 Jan, 2008 | 00:00
Updated-07 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the StorageFarabDb module in Bitflu before 0.42 allows user-assisted remote attackers to create or append data to arbitrary files via a crafted .torrent file.

Action-Not Available
Vendor-bitflun/a
Product-bitflun/a
CWE ID-CWE-264
Not Available
CVE-2007-4174
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-16.54% / 94.64%
||
7 Day CHG~0.00%
Published-07 Aug, 2007 | 10:00
Updated-07 Aug, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid authentication, as demonstrated by an HTML form (1) hosted on a web site or (2) injected by a Tor exit node.

Action-Not Available
Vendor-torn/a
Product-torn/a
CWE ID-CWE-264
Not Available
Details not found