CyberSecurityBoard
Sponsor Register Login

CVE-2007-4381

Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself. Additional information regarding this CVE can be found at SecurityFocus: http://www.securityfocus.com/bid/25340

Publication date: Sat, 18 Aug 2007 02:17:00 +0000


Cyber News related to CVE-2007-4381

CVE-2022-49840 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago
CVE-2015-2503 - Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 ...
7 years ago
CVE-2007-4381 - Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to ...
8 years ago
CVE-2013-4381 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-5938. Reason: This candidate is a duplicate of CVE-2013-5938. Notes: All CVE users should reference CVE-2013-5938 instead of this candidate. All references and descriptions in ...
56 years ago Tenable.com
CVE-2006-4386 - Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie, a different issue than CVE-2006-4381. This vulnerability is addressed in the following product release: ...
7 years ago
CVE-2010-4381 - Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, and Mac RealPlayer 11.0 through 12.0.0.1444 allows remote attackers to have an unspecified impact via a crafted AAC ...
15 years ago
CVE-2005-4381 - Multiple cross-site scripting (XSS) vulnerabilities in Caravel CMS 3.0 Beta 1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fileDN and (2) folderviewer_attrs parameters. ...
14 years ago
CVE-2015-4381 - Cross-site scripting (XSS) vulnerability in the Invoice module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "Administer own invoices" permission to inject arbitrary web script or HTML ...
10 years ago
CVE-2016-4381 - HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x through 8.x before 8.4.1-02, when Replication Manager (RepMgr) and Device Manager (DevMgr) are enabled, allows local users to bypass intended access restrictions via unspecified vectors. ...
9 years ago
CVE-2009-4381 - Cross-site scripting (XSS) vulnerability in index.php in texmedia Million Pixel Script 3 allows remote attackers to inject arbitrary web script or HTML via the pa parameter. NOTE: some of these details are obtained from third party information. ...
8 years ago
CVE-2008-4381 - Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters. ...
7 years ago
CVE-2006-4381 - Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie. This vulnerability is addressed in the following product release: ...
7 years ago
CVE-2014-4381 - Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code as root via a crafted application. ...
6 years ago
CVE-2012-4381 - MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin ...
6 years ago
CVE-2020-4381 - IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.6 could allow an authenticated user to cause a denial of service during deployment or upgrade if GUI specific services are enabled. IBM X-Force ID: 179162. ...
5 years ago
CVE-2018-4381 - A resource exhaustion issue was addressed with improved input validation. This issue is fixed in tvOS 12.1, iOS 12.1. Processing a maliciously crafted message may lead to a denial of service. ...
5 years ago
CVE-2022-4381 - The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks ...
3 years ago
CVE-2019-4381 - IBM i 7.27.3 Clustering could allow a local attacker to obtain sensitive information, caused by the use of advanced node failure detection using the REST API to interface with the HMC. An attacker could exploit this vulnerability to obtain HMC ...
2 years ago
CVE-2021-4381 - The uListing plugin for WordPress is vulnerable to authorization bypass via wp_route due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::import_new_layout method in versions up to, and including, 1.6.6. This ...
2 years ago
CVE-2023-4381 - Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git. ...
2 years ago
CVE-2011-4381 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none ...
56 years ago Tenable.com
CVE-2017-4381 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none ...
56 years ago Tenable.com
CVE-2024-4381 - The CB (legacy) WordPress plugin through 0.9.4.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is ...
1 year ago
CVE-2025-4381 - The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the ‘$id’ variable of the getSpace() function in all versions up to, and including, 4.89 due to insufficient escaping on the ...
7 months ago
CVE-2013-6078 - The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager (DPM) 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm, which makes it easier for context-dependent attackers to ...
11 years ago

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)