Waitman Gobble

irc://irc.y0m4m4.com/ Radio Puke.World Wiki OOO

CVE List 2007 (page: 1)

2021 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999

Name Description
CVE-2007-6763 SAS Drug Development (SDD) before 32DRG02 mishandles logout actions, which allows a user (who was previously logged in) to access resources by pressing a back or forward button in a web browser.
CVE-2007-6762 In the Linux kernel before 2.6.20, there is an off-by-one bug in net/netlabel/netlabel_cipso_v4.c where it is possible to overflow the doi_def->tags[] array.
CVE-2007-6761 drivers/media/video/videobuf-vmalloc.c in the Linux kernel before 2.6.24 does not initialize videobuf_mapping data structures, which allows local users to trigger an incorrect count value and videobuf [...]
CVE-2007-6760 Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCCOOKIE cookie.
CVE-2007-6759 Dataprobe iBootBar (with 2007-09-20 and possibly later released firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCRABBIT cookie.
CVE-2007-6758 Server-side request forgery (SSRF) vulnerability in feed-proxy.php in extjs 5.0.0.
CVE-2007-6757 GE Healthcare Centricity DMS 4.2, 4.1, and 4.0 has a password of Muse!Admin for the Museadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is [...]
CVE-2007-6756 ZOLL Defibrillator / Monitor M Series, E Series, and R Series have a default password for System Configuration mode, which allows physically proximate attackers to modify device configuration and [...]
CVE-2007-6755 The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain [...]
CVE-2007-6754 The ipalloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD does not properly allocate memory, which makes it easier for context-dependent attackers to perform [...]
CVE-2007-6753 Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as [...]
CVE-2007-6752 ** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that end a session via [...]
CVE-2007-6751 Cross-site scripting (XSS) vulnerability in the MailForm plugin before 1.20 for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-6750 The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the [...]
CVE-2007-6746 telepathy-idle before 0.1.15 does not verify (1) that the issuer is a trusted CA, (2) that the server hostname matches a domain name in the subject's Common Name (CN), or (3) the expiration date of [...]
CVE-2007-6745 clamav 0.91.2 suffers from a floating point exception when using ScanOLE2.
CVE-2007-6744 Flexera Macrovision InstallShield before 2008 sends a digital-signature password to an unintended application during certain signature operations involving .spc and .pvk files, which might allow local [...]
CVE-2007-6743 Double free vulnerability in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0005 allows remote authenticated users to cause a denial of service (ABEND) via search operations that [...]
CVE-2007-6742 The get_filter_list function in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0006 does not properly perform certain sub filter parsing, which allows remote authenticated users to [...]
CVE-2007-6741 The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from [...]
CVE-2007-6740 The ftp_STOU function in FTPServer.py in pyftpdlib before 0.2.0 does not limit the number of attempts to discover a unique filename, which might allow remote authenticated users to cause a denial of [...]
CVE-2007-6739 FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to cause a denial of service via a long command.
CVE-2007-6738 pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the [...]
CVE-2007-6737 FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access [...]
CVE-2007-6736 Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote authenticated users to access arbitrary files and directories via a .. (dot dot) in a (1) LIST, (2) [...]
CVE-2007-6735 NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not properly handle partial matches for container names in the FTPREST.TXT file, which allows remote attackers to bypass intended [...]
CVE-2007-6734 NWFTPD.nlm before 5.08.07 in the FTP server in Novell NetWare 6.5 SP7 does not properly implement the FTPREST.TXT NOREMOTE restriction, which allows remote authenticated users to access directories [...]
CVE-2007-6733 The nfs_lock function in fs/nfs/file.c in the Linux kernel 2.6.9 does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a [...]
CVE-2007-6732 Multiple buffer overflows in the dtt_load function in loaders/dtt_load.c Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via unspecified vectors related [...]
CVE-2007-6731 Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via an OXM file with a negative value, which bypasses a check in (1) test_oxm and (2) decrunch_oxm [...]
CVE-2007-6730 Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in the ZyXEL P-330W router allow remote attackers to hijack the authentication of administrators for requests [...]
CVE-2007-6729 Cross-site scripting (XSS) vulnerability in the web management interface in the ZyXEL P-330W router allows remote attackers to inject arbitrary web script or HTML via the pingstr parameter and other [...]
CVE-2007-6728 Cross-site scripting (XSS) vulnerability in XMB 1.5 allows remote attackers to inject arbitrary web script or HTML via the MSN field during user registration.
CVE-2007-6727 SQL injection vulnerability in topic.php in KerviNet Forum 1.1 allows remote attackers to execute arbitrary SQL commands via the forum parameter.
CVE-2007-6726 Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified [...]
CVE-2007-6725 The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF [...]
CVE-2007-6724 Vidalia bundle before 0.1.2.18, when running on Windows, installs Privoxy with a configuration file (config.txt or config) that contains an insecure enable-remote-http-toggle setting, which allows [...]
CVE-2007-6723 TorK before 0.22, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions [...]
CVE-2007-6722 Vidalia bundle before 0.1.2.18, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) [...]
CVE-2007-6721 The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher [...]
CVE-2007-6720 libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain [...]
CVE-2007-6719 SQL injection vulnerability in Wiz-Ad 1.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained [...]
CVE-2007-6718 MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (SIGSEGV and application crash) via (1) a malformed MP3 file, as demonstrated by lol-mplayer.mp3; (2) a malformed Ogg [...]
CVE-2007-6717 Buffer overflow in tftp in bos.net.tcp.client in IBM AIX 5.2.0 and 5.3.0 allows local users to gain privileges via unspecified vectors.
CVE-2007-6716 fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a [...]
CVE-2007-6715 Mozilla Firefox allows remote attackers to cause a denial of service (crash) via crafted image, as demonstrated by the zzuf lol-firefox.gif test case.
CVE-2007-6714 DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which [...]
CVE-2007-6713 Unspecified vulnerability in Flip4Mac WMV before 2.2.0.49 has unknown impact and attack vectors related to malformed WMV files.
CVE-2007-6712 Integer overflow in the hrtimer_forward function (hrtimer.c) in Linux kernel 2.6.21-rc4, when running on 64-bit systems, allows local users to cause a denial of service (infinite loop) via a timer [...]
CVE-2007-6711 Unspecified vulnerability in customer.php in FreeWebshop.org 2.2.5, 2.2.6 and 2.2.7WIP1/2 allows remote attackers to gain administrator privileges via unknown vectors.
CVE-2007-6709 The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain [...]
CVE-2007-6708 Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as [...]
CVE-2007-6707 Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to inject arbitrary web script or HTML [...]
CVE-2007-6706 Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH or 7.0.3, and possibly 8.0 allows remote attackers to execute arbitrary code via crafted text in [...]
CVE-2007-6705 The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon [...]
CVE-2007-6704 Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject [...]
CVE-2007-6703 Unspecified vulnerability in vdccm before 0.10.1 in SynCE (SynCE-dccm) might allow attackers to cause a denial of service via unspecified vectors.
CVE-2007-6702 goform/QuickStart_c0 on the GoAhead Web Server on the FS4104-AW (aka rooter) VDSL device contains a password in the typepassword field, which allows remote attackers to obtain this password by reading [...]
CVE-2007-6701 Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP4 for Windows allow remote attackers to execute arbitrary code via long arguments to multiple [...]
CVE-2007-6700 Cross-site scripting (XSS) vulnerability in cgi-bin/bgplg in the web interface for the BGPD daemon in OpenBSD 4.1 allows remote attackers to inject arbitrary web script or HTML via the cmd parameter.
CVE-2007-6699 Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control in YGPPicEdit.dll in AOL You've Got Pictures (YGP) Picture Editor allow remote attackers to cause a denial of service (browser [...]
CVE-2007-6698 The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to [...]
CVE-2007-6697 Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a [...]
CVE-2007-6696 Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) an event description, (2) the query string to pref.php, [...]
CVE-2007-6695 Cross-site scripting (XSS) vulnerability in index.php in Drake CMS 0.4.9 allows remote attackers to inject arbitrary web script or HTML via the option parameter.
CVE-2007-6694 The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 through 2.6.18-53, when running on PowerPC, might allow local users to cause a denial of service (crash) via unknown vectors that [...]
CVE-2007-6693 Unspecified vulnerability in the WebCam module in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to a "proxied request."
CVE-2007-6692 Open redirect vulnerability in Menalto Gallery before 2.2.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) Core and (2) print [...]
CVE-2007-6691 Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to (1) "hotlink protection" in the URL rewrite module, (2) a WebDAV view in the WebDAV module, (3) a [...]
CVE-2007-6690 The Gallery Remote module in Menalto Gallery before 2.2.4 does not check permissions for unspecified GR commands, which has unknown impact and attack vectors.
CVE-2007-6689 Menalto Gallery before 2.2.4 does not properly check for malicious file extensions during file uploads, which allows attackers to execute arbitrary code via the (1) Core application or (2) MIME [...]
CVE-2007-6688 Unspecified vulnerability in the Installation application in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to "web-accessibility protection of the storage folder."
CVE-2007-6687 Multiple cross-site scripting (XSS) vulnerabilities in Menalto Gallery before 2.2.4 allow remote attackers to inject arbitrary web script or HTML via crafted filenames to the (1) Core or (2) add-item [...]
CVE-2007-6686 The URL rewrite module in Menalto Gallery before 2.2.4 allows attackers to include and execute arbitrary local files via unknown vectors related to the admin controller.
CVE-2007-6685 Unspecified vulnerability in the Publish XP module Menalto Gallery before 2.2.4 allows attackers to create albums and upload files via unknown vectors.
CVE-2007-6684 The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference.
CVE-2007-6683 The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 [...]
CVE-2007-6682 Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection [...]
CVE-2007-6681 Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file.
CVE-2007-6680 Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to an error in the [...]
CVE-2007-6679 Unspecified vulnerability in the Administrative Console in IBM WebSphere Application Server 6.1 before Fix Pack 13 has unknown impact and attack vectors, related to "security concerns with monitor [...]
CVE-2007-6677 Cross-site scripting (XSS) vulnerability in Peter's Random Anti-Spam Image 0.2.4 and earlier plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the comment field [...]
CVE-2007-6676 The default configuration of Uber Uploader (UU) 5.3.6 and earlier does not block uploads of (1) .html, (2) .asp, and other possibly dangerous extensions, which allows remote attackers to use these [...]
CVE-2007-6675 The b_system_comments_show function in htdocs/modules/system/blocks/system_blocks.php in XOOPS before 2.0.18 does not check permissions, which allows remote attackers to read the comments in [...]
CVE-2007-6674 Cross-site scripting (XSS) vulnerability in Default.asp in RapidShare Database allows remote attackers to inject arbitrary web script or HTML via the Arayalim parameter.
CVE-2007-6673 Cross-site scripting (XSS) vulnerability in Makale Scripti allows remote attackers to inject arbitrary web script or HTML via the ara parameter to the default URI under Ara/ in a search action.
CVE-2007-6672 Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read the source of files via multiple '/' (slash) characters in the URI.
CVE-2007-6671 SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Password parameter, a different product than [...]
CVE-2007-6670 SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to execute arbitrary SQL commands via the string parameter.
CVE-2007-6669 Cross-site scripting (XSS) vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the string parameter.
CVE-2007-6668 admin/uploadgames.php in MySpace Content Zone (MCZ) 3.x does not require administrative privileges, which allows remote attackers to perform unrestricted file uploads, as demonstrated by uploading (1) [...]
CVE-2007-6667 SQL injection vulnerability in faq.php in MyPHP Forum 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the member.php vector is already covered by [...]
CVE-2007-6666 SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the albumnr parameter.
CVE-2007-6665 SQL injection vulnerability in admin/login.asp in Netchemia oneSCHOOL allows remote attackers to execute arbitrary SQL commands via the txtLoginID parameter.
CVE-2007-6664 SQL injection vulnerability in index.php in WebPortal CMS 0.6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter.
CVE-2007-6663 SQL injection vulnerability in (1) Puarcade.php and (2) PUarcade.html.php in Pragmatic Utopia PU Arcade (com_puarcade) 2.0.3, 2.1.2, and 2.1.3 Beta component for Joomla! allows remote attackers to [...]
CVE-2007-6662 Directory traversal vulnerability in file.php in CuteNews 2.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, as demonstrated by reading the admin username [...]
CVE-2007-6661 2z project 0.9.6.1 allows attackers to change the password without supplying the old password.
CVE-2007-6660 2z project 0.9.6.1 allows remote attackers to obtain sensitive information via (1) a request to index.php with an invalid template or (2) a request to the default URI with certain year and month [...]
CVE-2007-6659 Multiple cross-site scripting (XSS) vulnerabilities in 2z project 0.9.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) contentshort or (2) contentfull parameter in an [...]
CVE-2007-6658 SQL injection vulnerability in admin.php/vars.php in CustomCMS (CCMS) 3.1 Demo allows remote attackers to execute arbitrary SQL commands via the p parameter in the Console page.
CVE-2007-6657 PHP remote file inclusion vulnerability in source/includes/load_forum.php in Mihalism Multi Forum Host 3.0.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the [...]
CVE-2007-6656 SQL injection vulnerability in content_css.php in the TinyMCE module for CMS Made Simple 1.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter.
CVE-2007-6655 PHP remote file inclusion vulnerability in includes/function.php in Kontakt Formular 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.
CVE-2007-6654 Buffer overflow in a certain ActiveX control in Macrovision InstallShield Update Service Web Agent 5.1.100.47363 allows remote attackers to execute arbitrary code via a long string in the ProductCode [...]
CVE-2007-6653 Directory traversal vulnerability in download.php in Mihalism Multi Host 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2007-6652 cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct direct static code injection attacks and execute arbitrary code via [...]
CVE-2007-6651 Directory traversal vulnerability in wiki/edit.php in Bitweaver R2 CMS allows remote attackers to obtain sensitive information (script source code) via a .. (dot dot) in the suck_url parameter.
CVE-2007-6650 Unrestricted file upload vulnerability in fisheye/upload.php in Bitweaver R2 CMS allows remote attackers to upload arbitrary files by using the image/gif content type, and possibly other image and PDF [...]
CVE-2007-6649 PHP remote file inclusion vulnerability in includes/tumbnail.php in MatPo Bilder Galerie 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter.
CVE-2007-6648 Directory traversal vulnerability in index.php in SanyBee Gallery 0.1.0 and 0.1.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p [...]
CVE-2007-6647 SQL injection vulnerability in index.php in w-Agora 4.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2007-6646 Multiple cross-site scripting (XSS) vulnerabilities in LiveCart 1.0.1, and possibly other versions before 1.1.0, allow remote attackers to inject arbitrary web script or HTML via (1) the return [...]
CVE-2007-6645 Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote authenticated users to gain privileges via unspecified vectors, aka "registered user privilege escalation vulnerability."
CVE-2007-6644 Joomla! before 1.5 RC4 allows remote authenticated administrators to promote arbitrary users to the administrator group, in violation of the intended security model.
CVE-2007-6643 Cross-site scripting (XSS) vulnerability in the com_poll component in Joomla! before 1.5 RC4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-6642 Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla! before 1.5 RC4 allow remote attackers to (1) add a Super Admin, (2) upload an extension containing arbitrary PHP code, and (3) [...]
CVE-2007-6641 Cross-site scripting (XSS) vulnerability in dir.php in milliscripts Redirection allows remote attackers to inject arbitrary web script or HTML via the cat parameter in a browse action.
CVE-2007-6640 Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not properly prevent access to dangerous functions, which allows remote attackers to read the configuration, modify the configuration, or [...]
CVE-2007-6639 SQL injection vulnerability in index.php in IPTBB 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewdir action.
CVE-2007-6638 March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses [...]
CVE-2007-6637 Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file, related to "pre-generated SWF files" and [...]
CVE-2007-6636 Unspecified vulnerability in the StorageFarabDb module in Bitflu before 0.42 allows user-assisted remote attackers to create or append data to arbitrary files via a crafted .torrent file.
CVE-2007-6635 FAQMasterFlexPlus, possibly 1.5 or 1.52, stores the admin password in cleartext in a database, which might allow context-dependent attackers to obtain the password via unspecified database access.
CVE-2007-6634 Multiple SQL injection vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote attackers to execute arbitrary SQL commands via the category_id parameter to faq.php, and unspecified [...]
CVE-2007-6633 Multiple cross-site scripting (XSS) vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote attackers to inject arbitrary web script or HTML via (1) the cat_name parameter to faq.php; [...]
CVE-2007-6632 showCode.php in xml2owl 0.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter.
CVE-2007-6631 Multiple buffer overflows in LScube libnemesi 0.6.4-rc1 and earlier allow remote attackers to execute arbitrary code via (1) a reply that begins with a long version string, which triggers an overflow [...]
CVE-2007-6630 The Url_init function in utils/url.c in Netembryo 0.0.4, when used by LScube Feng, allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a malformed URI [...]
CVE-2007-6629 Interpretation conflict in LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a User-Agent header line that contains a [...]
CVE-2007-6628 LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via (1) a malformed Transport header, which triggers misparsing in [...]
CVE-2007-6627 Integer overflow in the RTSP_remove_msg function in RTSP_lowlevel.c in LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code [...]
CVE-2007-6626 Multiple buffer overflows in the RTSP_valid_response_msg function in RTSP_state_machine.c in LScube Feng 0.1.15 and earlier allow remote attackers to execute arbitrary code via (1) a long first line [...]
CVE-2007-6625 The Platform Service Process (asampsp) in Fan-Out Driver Platform Services for Novell Identity Manager (IDM) 3.5.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified [...]
CVE-2007-6624 Directory traversal vulnerability in printview.php in PNphpBB2 1.2i and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter.
CVE-2007-6623 Absolute path traversal vulnerability in ZeusCMS 0.3 and earlier might allow remote attackers to list arbitrary directories via a full pathname in the dir parameter.
CVE-2007-6622 SQL injection vulnerability in security.php in ZeusCMS 0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header.
CVE-2007-6621 Directory traversal vulnerability in joovili.images.php in Joovili 3.0.0 through 3.0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the picture parameter.
CVE-2007-6620 Directory traversal vulnerability in include/images.inc.php in Joovili 2.x allows remote attackers to read arbitrary files via a .. (dot dot) in the picture parameter.
CVE-2007-6619 The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language.
CVE-2007-6618 JIRA Enterprise Edition before 3.12.1 allows remote attackers to delete another user's shared filter via a modified filter ID.
CVE-2007-6617 Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA Enterprise Edition before 3.12.1 allows remote attackers to inject arbitrary web script or HTML, which is not properly handled when [...]
CVE-2007-6616 Cross-site scripting (XSS) vulnerability in simpleforum.cgi in SimpleForum 4.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchkey parameter in a search [...]
CVE-2007-6615 Directory traversal vulnerability in includes/block.php in Agares Media phpAutoVideo 2.21 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the [...]
CVE-2007-6614 PHP remote file inclusion vulnerability in admin/frontpage_right.php in Agares Media phpAutoVideo 2.21 allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter, a [...]
CVE-2007-6613 Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info.c) in GNU Compact Disc Input and Control Library (libcdio) 0.79 and earlier allows context-dependent [...]
CVE-2007-6612 Directory traversal vulnerability in DirHandler (lib/mongrel/handlers.rb) in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing [...]
CVE-2007-6611 Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php.
CVE-2007-6610 unp 1.0.12, and other versions before 1.0.14, does not properly escape file names, which might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename [...]
CVE-2007-6609 Multiple stack-based buffer overflows in the CPLI_ReadTag_OGG function in CPI_PlaylistItem.c in CoolPlayer 217 and earlier allow user-assisted remote attackers to execute arbitrary code via a long (1) [...]
CVE-2007-6608 Multiple cross-site scripting (XSS) vulnerabilities in OpenBiblio 0.5.2-pre4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) LAST and (2) FIRST parameters to [...]
CVE-2007-6607 OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain sensitive information via a direct request for (1) shared/footer.php, (2) circ/mbr_fields.php, or (3) [...]
CVE-2007-6606 OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.
CVE-2007-6605 Buffer overflow in a certain ActiveX control in SkyFexClient.ocx 1.0.2.77 in SkyFex Client 1.0 allows remote attackers to execute arbitrary code via long strings in the first four arguments to the [...]
CVE-2007-6604 Multiple directory traversal vulnerabilities in index.php in XCMS 1.82 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the s parameter to the admin page or (2) the [...]
CVE-2007-6603 Hot or Not Clone has insufficient access control for producing and reading database backups, which allows remote attackers to obtain the administrator username and password via a direct request to [...]
CVE-2007-6602 SQL injection vulnerability in app/models/identity.php in NoseRub 0.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the username field to the login script.
CVE-2007-6601 The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote [...]
CVE-2007-6600 PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE [...]
CVE-2007-6599 Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back [...]
CVE-2007-6598 Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a [...]
CVE-2007-6597 Multiple cross-site scripting (XSS) vulnerabilities in IPortalX before Build 033 allow remote attackers to inject arbitrary web script or HTML via the (1) KW and (2) SF parameters to [...]
CVE-2007-6596 ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file.
CVE-2007-6595 ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files used by the cli_gentempfd function in libclamav/others.c or on (2) .ascii files used by sigtool, [...]
CVE-2007-6594 IBM Lotus Notes 8 for Linux before 8.0.1 uses (1) unspecified weak permissions for the installation kit obtained through a Notes 8 download and (2) 0777 permissions for the installdata file that is [...]
CVE-2007-6593 Multiple stack-based buffer overflows in l123sr.dll in Autonomy (formerly Verity) KeyView SDK, as used by IBM Lotus Notes 5.x through 8.x, allow user-assisted remote attackers to execute arbitrary [...]
CVE-2007-6592 Apple Safari 2, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in [...]
CVE-2007-6591 KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in [...]
CVE-2007-6589 The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows [...]
CVE-2007-6588 Cross-site scripting (XSS) vulnerability in PHCDownload 1.10 allows remote attackers to inject arbitrary web script or HTML via the username field in an unspecified component. NOTE: the provenance of [...]
CVE-2007-6587 SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-6586 SQL injection vulnerability in sezione_news.php in nicLOR-CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a sezione page action to index.php.
CVE-2007-6585 PHP remote file inclusion vulnerability in confirmUnsubscription.php in NmnNewsletter 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the output parameter.
CVE-2007-6584 Multiple directory traversal vulnerabilities in 1024 CMS 1.3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang parameter to [...]
CVE-2007-6583 SQL injection vulnerability in admin/ops/findip/ajax/search.php in 1024 CMS 1.3.1 allows remote attackers to execute arbitrary SQL commands via the ip parameter.
CVE-2007-6582 Directory traversal vulnerability in index.php in mBlog 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter in a page mode action.
CVE-2007-6581 Multiple directory traversal vulnerabilities in Social Engine 2.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the global_lang parameter to (1) [...]
CVE-2007-6580 Multiple SQL injection vulnerabilities in Wallpaper Site 1.0.09 allow remote attackers to execute arbitrary SQL commands via (1) the catid parameter to category.php or (2) the groupid parameter to [...]
CVE-2007-6579 Multiple SQL injection vulnerabilities in Ip Reg 0.3 allow remote attackers to execute arbitrary SQL commands via the vlan_id parameter to (1) vlanview.php, (2) vlanedit.php, and (3) vlandel.php; the [...]
CVE-2007-6578 SQL injection vulnerability in go.php in PHP ZLink 0.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-6577 Multiple SQL injection vulnerabilities in index.php in zBlog 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the categ parameter in a categ action or (2) the article parameter in [...]
CVE-2007-6576 Multiple SQL injection vulnerabilities in Adult Script 1.6.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) videolink_count.php or (2) links.php.
CVE-2007-6575 SQL injection vulnerability in default.php in MMSLamp allows remote attackers to execute arbitrary SQL commands via the idpro parameter in a prodotti_dettaglio action.
CVE-2007-6574 Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the origin parameter to work/work.php in a [...]
CVE-2007-6573 QK SMTP Server 3 allows remote attackers to cause a denial of service (daemon crash) via a long (1) HELO, (2) MAIL FROM, or (3) RCPT TO command; or (4) a long string in the message sent after the DATA [...]
CVE-2007-6572 Cross-site scripting (XSS) vulnerability in Sun Java System Web Server 6.1 before SP8 and 7.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, [...]
CVE-2007-6571 Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka [...]
CVE-2007-6570 Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary [...]
CVE-2007-6569 Cross-site scripting (XSS) vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via [...]
CVE-2007-6568 PHP remote file inclusion vulnerability in config.inc.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path_escape [...]
CVE-2007-6567 Directory traversal vulnerability in index.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the [...]
CVE-2007-6566 SQL injection vulnerability in post.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatid parameter to index.php.
CVE-2007-6565 Multiple SQL injection vulnerabilities in Blakord Portal 1.3.A Beta and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to an arbitrary component.
CVE-2007-6564 Cross-site scripting (XSS) vulnerability in admin.php in Limbo CMS 1.0.4.2 allows remote attackers to inject arbitrary web script or HTML via the com_option parameter.
CVE-2007-6563 Heap-based buffer overflow in WinAce 2.65 and earlier, and possibly other versions before 2.69, allows user-assisted remote attackers to execute arbitrary code via a long filename in a compressed UUE [...]
CVE-2007-6562 Multiple stack-based buffer overflows in the use of FD_SET in TCPreen before 1.4.4 allow remote attackers to cause a denial of service via multiple concurrent connections, which result in overflows in [...]
CVE-2007-6561 Multiple stack-based buffer overflows in PDFLib allow user-assisted remote attackers to execute arbitrary code via a long filename argument to the PDF_load_image function that results in an overflow [...]
CVE-2007-6560 Multiple cross-site scripting (XSS) vulnerabilities in Logaholic before 2.0 RC8 allow remote attackers to inject arbitrary web script or HTML via (1) the newconfname parameter to profiles.php or (2) [...]
CVE-2007-6559 Multiple SQL injection vulnerabilities in Logaholic before 2.0 RC8 allow remote attackers to execute arbitrary SQL commands via (1) the from parameter to index.php or (2) the page parameter to [...]
CVE-2007-6558 TotalPlayer 3.0 allows user-assisted remote attackers to cause a denial of service (application crash) via a large .m3u file. NOTE: this might be a duplicate of CVE-2006-6288.
CVE-2007-6557 Multiple SQL injection vulnerabilities in MeGaCheatZ 1.1 allow remote attackers to execute arbitrary SQL commands via the ItemID parameter to (1) comments.php, (2) view.php, (3) [...]
CVE-2007-6556 Multiple SQL injection vulnerabilities in websihirbazi 5.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to default.asp in a news page action or (2) the pageid [...]
CVE-2007-6555 PHP remote file inclusion vulnerability in modules/mod_pxt_latest.php in the mosDirectory (com_directory) 2.3.2 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in [...]
CVE-2007-6554 Multiple directory traversal vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) [...]
CVE-2007-6553 Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONF[app_root] parameter to (1) [...]
CVE-2007-6552 Directory traversal vulnerability in index.php in AuraCMS 2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the act parameter, possibly involving [...]
CVE-2007-6551 SQL injection vulnerability in showMsg.php in MailMachine Pro 2.2.4, and other versions before 2.2.6, allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-6550 form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the [...]
CVE-2007-6549 Unspecified vulnerability in RunCMS before 1.6.1 has unknown impact and attack vectors, related to "pagetype using."
CVE-2007-6548 Multiple direct static code injection vulnerabilities in RunCMS before 1.6.1 allow remote authenticated administrators to inject arbitrary PHP code via the (1) header and (2) footer parameters to [...]
CVE-2007-6547 RunCMS before 1.6.1 does not require entry of the old password during a password change, which allows context-dependent attackers to change passwords upon obtaining temporary access to a session.
CVE-2007-6546 RunCMS before 1.6.1 uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id.
CVE-2007-6545 Multiple cross-site scripting (XSS) vulnerabilities in RunCMS before 1.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) the subject parameter to modules/news/submit.php; (2) [...]
CVE-2007-6544 Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php [...]
CVE-2007-6543 SQL injection vulnerability in suggest-link.php in eSyndiCat Link Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-6542 PHP remote file inclusion vulnerability in admin/frontpage_right.php in Arcadem LE 2.04 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter.
CVE-2007-6541 Multiple cross-site scripting (XSS) vulnerabilities in neuron news 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the topic parameter in a viewtopic action, or the (2) [...]
CVE-2007-6540 SQL injection vulnerability in neuron news 1.0 allows remote attackers to execute arbitrary SQL commands via the q parameter to the default URI in patch/.
CVE-2007-6539 PHP local file inclusion vulnerability in index.php in IDevspot iSupport 1.8 allows remote attackers to include local files via the include_file parameter.
CVE-2007-6538 SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-6537 Stack-based buffer overflow in the zfile_gunzip function in zfile.c in WinUAE 1.4.4 and earlier allows user-assisted remote attackers to execute arbitrary code via a long filename in a gzipped [...]
CVE-2007-6536 The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, [...]
CVE-2007-6535 Buffer overflow in the YShortcut ActiveX control in YShortcut.dll 2006.8.15.1 in Yahoo! Toolbar might allow attackers to execute arbitrary code via a long string to the IsTaggedBM method.
CVE-2007-6534 Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving [...]
CVE-2007-6533 Buffer overflow in Zoom Player 6.00 beta 2 and earlier allows user-assisted remote attackers to execute arbitrary code via an HTTP link to a PLS file in a crafted ZPL file, which causes an overflow in [...]
CVE-2007-6532 Double free vulnerability in the Widget Library (libxfcegui4) in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via unknown vectors related to the "cliend id, program name [...]
CVE-2007-6531 Stack-based buffer overflow in the Panel (xfce4-panel) component in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via Launcher tooltips. NOTE: a second buffer overflow [...]
CVE-2007-6530 Buffer overflow in the XUpload.ocx ActiveX control in Persits Software XUpload 2.1.0.1, and probably other versions before 3.0, as used by HP Mercury LoadRunner and Groove Virtual Office, allows [...]
CVE-2007-6529 Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have unknown impact and attack vectors involving (1) tiki-edit_css.php, (2) tiki-list_games.php, or (3) tiki-g-admin_shared_source.php.
CVE-2007-6528 Directory traversal vulnerability in tiki-listmovies.php in TikiWiki before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and modified filename in the movie parameter.
CVE-2007-6527 uploadimg.php in the Automatic Image Upload with Thumbnails (imgUpload) module 1.3.2 for PunBB only verifies the Content-type field of uploaded files, which allows remote attackers to upload and [...]
CVE-2007-6526 Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via the area_name parameter.
CVE-2007-6525 Unspecified vulnerability in eClient in IBM DB2 Content Manager (CM) Toolkit 8.3 before fix pack 7 for z/OS has unknown impact and attack vectors, related to "scripting."
CVE-2007-6524 Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap (BMP) file, as demonstrated using a CANVAS element and JavaScript in an HTML document for [...]
CVE-2007-6523 Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x before 9.25 allows remote attackers to cause a denial of service (CPU consumption) via a crafted bitmap (BMP) file that triggers a large [...]
CVE-2007-6522 The rich text editing functionality in Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks by using designMode to modify contents of pages in other domains.
CVE-2007-6521 Unspecified vulnerability in Opera before 9.25 allows remote attackers to execute arbitrary code via crafted TLS certificates.
CVE-2007-6520 Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vectors related to plug-ins.
CVE-2007-6519 Unspecified vulnerability in the File-on-File Mounting File System (FFM) in HP Tru64 UNIX 5.1B-4 and 5.1B-3 allows local users to cause a denial of service (system crash) via unspecified vectors.
CVE-2007-6518 Multiple SQL injection vulnerabilities in search.php in WoltLab Burning Board (wBB) Lite 1.0.2 pl3e allow remote attackers to execute arbitrary SQL commands via the (1) showposts, (2) sortby, and (3) [...]
CVE-2007-6517 SQL injection vulnerability in the forget password section (LostPwd.asp) in Eagle Software Aeries Browser Interface (ABI) 3.7.9.17 allows remote attackers to execute arbitrary SQL commands via the [...]
CVE-2007-6516 Buffer overflow in RavWare Software MAS Flic ActiveX Control (masflc.ocx) 1.0.0.1 allows remote attackers to execute arbitrary code via a long FileName property.
CVE-2007-6515 support/dispatch.cgi in SiteScape Forum allows remote attackers to execute arbitrary TCL code via code separator characters in the query string.
CVE-2007-6514 Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via [...]
CVE-2007-6513 HP eSupportDiagnostics ActiveX control (hpediag.dll) 1.0.11.0 exports dangerous methods, which allows remote attackers to (1) read arbitrary files via the ReadTextFile method, or (2) read arbitrary [...]
CVE-2007-6512 PHP MySQL Banner Exchange 2.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database information via a direct request to [...]
CVE-2007-6511 Websense Enterprise 6.3.1 allows remote attackers to bypass content filtering by visiting http URLs with a (1) RealPlayer G2, (2) MSMSGS, or (3) StoneHttpAgent User-Agent header, which results in a [...]
CVE-2007-6510 Multiple stack-based buffer overflows in ProWizard 4 PC (prowiz) 1.62 and earlier allow remote attackers to execute arbitrary code via a crafted file to the (1) AMOS-MusicBank, (2) FuzzacPacker, and [...]
CVE-2007-6509 Unspecified vulnerability in Appian Enterprise Business Process Management (BPM) Suite 5.6 SP1 allows remote attackers to cause a denial of service via a crafted packet to port 5400/tcp.
CVE-2007-6508 Directory traversal vulnerability in view.php in xeCMS 1.0 allows remote attackers to read arbitrary files via a ..%2F (dot dot slash) in the list parameter.
Page:


Copyright © 1999–2021, The MITRE Corporation

LICENSE

Submissions: For all materials you submit to the Common Vulnerabilities and Exposures (CVE®), you hereby grant to The MITRE Corporation (MITRE) and all CVE Numbering Authorities (CNAs) a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute such materials and derivative works. Unless required by applicable law or agreed to in writing, you provide such materials on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE.

CVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.

DISCLAIMERS

ALL DOCUMENTS AND THE INFORMATION CONTAINED THEREIN PROVIDED BY MITRE ARE PROVIDED ON AN "AS IS" BASIS AND THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE MITRE CORPORATION, ITS BOARD OF TRUSTEES, OFFICERS, AGENTS, AND EMPLOYEES, DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION THEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.