cpe:/o:redhat:enterprise_linux:4.0::linux_kernel_2.6.9

CVE-2007-0001

2007-03-02T16:18:00.000-05:00

2017-10-10T21:31:31.440-04:00

4.7

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov MISC http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=223129 REDHAT RHSA-2007:0085 BID 22737 SECTRACK 1017705 The file watch implementation in the audit subsystem (auditctl -w) in the Red Hat Enterprise Linux (RHEL) 4 kernel 2.6.9 allows local users to cause a denial of service (kernel panic) by replacing a watched file, which does not cause the watch on the old inode to be dropped.

cpe:/a:libwpd:libwpd_library:0.8.2 cpe:/a:libwpd:libwpd_library:0.8.6 cpe:/a:libwpd:libwpd_library:0.8.7 cpe:/a:libwpd:libwpd_library:0.8.8

CVE-2007-0002

2007-03-16T17:19:00.000-04:00

2018-10-16T12:29:52.837-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

FEDORA FEDORA-2007-350 IDEFENSE 20070316 Multiple Vendor libwpd Multiple Buffer Overflow Vulnerabilities SUSE SUSE-SA:2007:023 GENTOO GLSA-200704-07 SLACKWARE SSA-2007-085-02 CONFIRM http://sourceforge.net/project/shownotes.php?release_id=494122 SUNALERT 102863 DEBIAN DSA-1268 DEBIAN DSA-1270 GENTOO GLSA-200704-12 MANDRIVA MDKSA-2007:063 MANDRIVA MDKSA-2007:064 REDHAT RHSA-2007:0055 BUGTRAQ 20070316 rPSA-2007-0057-1 libwpd BID 23006 SECTRACK 1017789 UBUNTU USN-437-1 VUPEN ADV-2007-0976 VUPEN ADV-2007-1032 VUPEN ADV-2007-1339 Multiple heap-based buffer overflows in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allow user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file in which values to loop counters are not properly handled in the (1) WP3TablesGroup::_readContents and (2) WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup functions. NOTE: the integer overflow has been split into CVE-2007-1466.

cpe:/o:andrew_morgan:linux_pam:0.99.7.0

CVE-2007-0003

2007-01-23T16:28:00.000-05:00

2017-07-28T21:29:53.610-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SUSE SUSE-SR:2007:003 MLIST [fedora-devel-list] 20070122 Re: rawhide report: 20070120 changes MLIST [fedora-devel-list] 20070122 Re: rawhide report: 20070120 changes BID 22204 VUPEN ADV-2007-0323 XF linuxpam-pamunix-security-bypass(31739) MLIST [pam-list] 20070123 Linux-PAM 0.99.7.1 released pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters.

cpe:/o:redhat:enterprise_linux:3.0

CVE-2007-0004

2007-09-18T15:17:00.000-04:00

2008-09-05T17:16:46.527-04:00

1.9

LOCAL

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2007-09-19T15:34:00.000-04:00

CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=199715 The NFS client implementation in the kernel in Red Hat Enterprise Linux (RHEL) 3, when a filesystem is mounted with the noacl option, checks permissions for the open system call via vfs_permission (mode bits) data rather than an NFS ACCESS call to the server, which allows local client processes to obtain a false success status from open calls that the server would deny, and possibly obtain sensitive information about file permissions on the server, as demonstrated in a root_squash environment. NOTE: it is uncertain whether any scenarios involving this issue cross privilege boundaries.

cpe:/a:omnikey.aaitg:omnikey_cardman_4040

CVE-2007-0005

2007-03-09T19:19:00.000-05:00

2018-10-16T12:29:56.227-04:00

6.9

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

FEDORA FEDORA-2007-335 FEDORA FEDORA-2007-336 CONFIRM http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.21-rc3 DEBIAN DSA-1286 MANDRIVA MDKSA-2007:078 REDHAT RHSA-2007:0099 BUGTRAQ 20070309 Buffer Overflow in Linux Drivers for Omnikey CardMan 4040 (CVE-2007-0005) BUGTRAQ 20070615 rPSA-2007-0124-1 kernel xen BID 22870 UBUNTU USN-486-1 UBUNTU USN-489-1 VUPEN ADV-2007-0872 XF kernel-cardman4040drivers-bo(32880) CONFIRM https://issues.rpath.com/browse/RPL-1035 Multiple buffer overflows in the (1) read and (2) write handlers in the Omnikey CardMan 4040 driver in the Linux kernel before 2.6.21-rc3 allow local users to gain privileges.

cpe:/o:linux:linux_kernel:2.6.9:2.6.20 cpe:/o:linux:linux_kernel:2.6.20

CVE-2007-0006

2007-02-06T14:28:00.000-05:00

2017-10-10T21:31:31.703-04:00

1.9

LOCAL

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://bugzilla.kernel.org/show_bug.cgi?id=7727 MANDRIVA MDKSA-2007:047 MANDRIVA MDKSA-2007:060 SUSE SUSE-SA:2007:021 REDHAT RHSA-2007:0085 REDHAT RHSA-2007:0099 BUGTRAQ 20070615 rPSA-2007-0124-1 kernel xen BID 22539 UBUNTU USN-451-1 CONFIRM https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=227495 CONFIRM https://issues.rpath.com/browse/RPL-1097 The key serial number collision avoidance code in the key_alloc_serial function in Linux kernel 2.6.9 up to 2.6.20 allows local users to cause a denial of service (crash) via vectors that trigger a null dereference, as originally reported as "spinlock CPU recursion."

cpe:/a:gnucash:gnucash:2.0.4

CVE-2007-0007

2007-02-19T21:28:00.000-05:00

2017-07-28T21:29:53.733-04:00

3.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov FEDORA FEDORA-2007-256 CONFIRM http://sourceforge.net/project/shownotes.php?group_id=192&release_id=487446 MANDRIVA MDKSA-2007:046 BID 22610 VUPEN ADV-2007-0653 CONFIRM https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=223233 XF gnucash-symlink(32558) gnucash 2.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) gnucash.trace, (2) qof.trace, and (3) qof.trace.[PID] temporary files.

cpe:/a:mozilla:firefox:0.1 cpe:/a:mozilla:firefox:0.2 cpe:/a:mozilla:firefox:0.3 cpe:/a:mozilla:firefox:0.4 cpe:/a:mozilla:firefox:0.5 cpe:/a:mozilla:firefox:0.6 cpe:/a:mozilla:firefox:0.6.1 cpe:/a:mozilla:firefox:0.7 cpe:/a:mozilla:firefox:0.7.1 cpe:/a:mozilla:firefox:0.8 cpe:/a:mozilla:firefox:0.9 cpe:/a:mozilla:firefox:0.9:rc cpe:/a:mozilla:firefox:0.9.1 cpe:/a:mozilla:firefox:0.9.2 cpe:/a:mozilla:firefox:0.9.3 cpe:/a:mozilla:firefox:0.10 cpe:/a:mozilla:firefox:0.10.1 cpe:/a:mozilla:firefox:1.0 cpe:/a:mozilla:firefox:1.0:preview_release cpe:/a:mozilla:firefox:1.0.1 cpe:/a:mozilla:firefox:1.0.2 cpe:/a:mozilla:firefox:1.0.3 cpe:/a:mozilla:firefox:1.0.4 cpe:/a:mozilla:firefox:1.0.5 cpe:/a:mozilla:firefox:1.0.6 cpe:/a:mozilla:firefox:1.0.7 cpe:/a:mozilla:firefox:1.0.8 cpe:/a:mozilla:firefox:1.4.1 cpe:/a:mozilla:firefox:1.5 cpe:/a:mozilla:firefox:1.5.0.1 cpe:/a:mozilla:firefox:1.5.0.2 cpe:/a:mozilla:firefox:1.5.0.3 cpe:/a:mozilla:firefox:1.5.0.4 cpe:/a:mozilla:firefox:1.5.0.5 cpe:/a:mozilla:firefox:1.5.0.6 cpe:/a:mozilla:firefox:1.5.0.7 cpe:/a:mozilla:firefox:1.5.0.8 cpe:/a:mozilla:firefox:1.5.0.9 cpe:/a:mozilla:firefox:1.5.0.10 cpe:/a:mozilla:firefox:1.5.0.11 cpe:/a:mozilla:firefox:1.5.0.12 cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:network_security_services:3.11.2 cpe:/a:mozilla:network_security_services:3.11.3 cpe:/a:mozilla:network_security_services:3.11.4 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:thunderbird:0.1 cpe:/a:mozilla:thunderbird:0.2 cpe:/a:mozilla:thunderbird:0.3 cpe:/a:mozilla:thunderbird:0.4 cpe:/a:mozilla:thunderbird:0.5 cpe:/a:mozilla:thunderbird:0.6 cpe:/a:mozilla:thunderbird:0.7 cpe:/a:mozilla:thunderbird:0.7.1 cpe:/a:mozilla:thunderbird:0.7.2 cpe:/a:mozilla:thunderbird:0.7.3 cpe:/a:mozilla:thunderbird:0.8 cpe:/a:mozilla:thunderbird:0.9 cpe:/a:mozilla:thunderbird:1.0 cpe:/a:mozilla:thunderbird:1.0.1 cpe:/a:mozilla:thunderbird:1.0.2 cpe:/a:mozilla:thunderbird:1.0.3 cpe:/a:mozilla:thunderbird:1.0.4 cpe:/a:mozilla:thunderbird:1.0.5 cpe:/a:mozilla:thunderbird:1.0.6 cpe:/a:mozilla:thunderbird:1.0.7 cpe:/a:mozilla:thunderbird:1.0.8 cpe:/a:mozilla:thunderbird:1.5 cpe:/a:mozilla:thunderbird:1.5:beta2 cpe:/a:mozilla:thunderbird:1.5.0.1 cpe:/a:mozilla:thunderbird:1.5.0.2 cpe:/a:mozilla:thunderbird:1.5.0.3 cpe:/a:mozilla:thunderbird:1.5.0.4 cpe:/a:mozilla:thunderbird:1.5.0.5 cpe:/a:mozilla:thunderbird:1.5.0.6 cpe:/a:mozilla:thunderbird:1.5.0.7 cpe:/a:mozilla:thunderbird:1.5.0.8 cpe:/a:mozilla:thunderbird:1.5.0.9

CVE-2007-0008

2007-02-26T15:28:00.000-05:00

2018-10-16T12:29:58.257-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SGI 20070202-01-P SGI 20070301-01-P FEDORA FEDORA-2007-278 FEDORA FEDORA-2007-279 FEDORA FEDORA-2007-281 FEDORA FEDORA-2007-293 FEDORA FEDORA-2007-308 FEDORA FEDORA-2007-309 HP HPSBUX02153 IDEFENSE 20070223 Mozilla Network Security Services SSLv2 Client Integer Underflow Vulnerability SUSE SUSE-SA:2007:019 REDHAT RHSA-2007:0077 GENTOO GLSA-200703-18 SLACKWARE SSA:2007-066-05 SLACKWARE SSA:2007-066-04 SLACKWARE SSA:2007-066-03 SUNALERT 102856 SUNALERT 102945 DEBIAN DSA-1336 GENTOO GLSA-200703-22 CERT-VN VU#377812 MANDRIVA MDKSA-2007:050 MANDRIVA MDKSA-2007:052 CONFIRM http://www.mozilla.org/security/announce/2007/mfsa2007-06.html SUSE SUSE-SA:2007:022 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html REDHAT RHSA-2007:0078 REDHAT RHSA-2007:0079 REDHAT RHSA-2007:0097 REDHAT RHSA-2007:0108 BUGTRAQ 20070226 rPSA-2007-0040-1 firefox BUGTRAQ 20070303 rPSA-2007-0040-3 firefox thunderbird BID 22694 BID 64758 SECTRACK 1017696 UBUNTU USN-428-1 UBUNTU USN-431-1 VUPEN ADV-2007-0718 VUPEN ADV-2007-0719 VUPEN ADV-2007-1165 VUPEN ADV-2007-2141 MISC https://bugzilla.mozilla.org/show_bug.cgi?id=364319 XF nss-mastersecret-bo(32666) CONFIRM https://issues.rpath.com/browse/RPL-1081 CONFIRM https://issues.rpath.com/browse/RPL-1103 Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow.

cpe:/a:mozilla:firefox:1.5 cpe:/a:mozilla:firefox:1.5:beta1 cpe:/a:mozilla:firefox:1.5:beta2 cpe:/a:mozilla:firefox:1.5.0.1 cpe:/a:mozilla:firefox:1.5.0.2 cpe:/a:mozilla:firefox:1.5.0.3 cpe:/a:mozilla:firefox:1.5.0.4 cpe:/a:mozilla:firefox:1.5.0.5 cpe:/a:mozilla:firefox:1.5.0.6 cpe:/a:mozilla:firefox:1.5.0.7 cpe:/a:mozilla:firefox:1.5.0.8 cpe:/a:mozilla:firefox:1.5.0.9 cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:network_security_services:- cpe:/a:mozilla:network_security_services:3.1 cpe:/a:mozilla:network_security_services:3.1.1 cpe:/a:mozilla:network_security_services:3.2 cpe:/a:mozilla:network_security_services:3.2.1 cpe:/a:mozilla:network_security_services:3.3 cpe:/a:mozilla:network_security_services:3.3.1 cpe:/a:mozilla:network_security_services:3.3.2 cpe:/a:mozilla:network_security_services:3.4 cpe:/a:mozilla:network_security_services:3.4.1 cpe:/a:mozilla:network_security_services:3.4.2 cpe:/a:mozilla:network_security_services:3.4.3 cpe:/a:mozilla:network_security_services:3.5 cpe:/a:mozilla:network_security_services:3.6 cpe:/a:mozilla:network_security_services:3.6.1 cpe:/a:mozilla:network_security_services:3.7 cpe:/a:mozilla:network_security_services:3.7.1 cpe:/a:mozilla:network_security_services:3.7.2 cpe:/a:mozilla:network_security_services:3.7.3 cpe:/a:mozilla:network_security_services:3.7.5 cpe:/a:mozilla:network_security_services:3.7.7 cpe:/a:mozilla:network_security_services:3.8 cpe:/a:mozilla:network_security_services:3.9 cpe:/a:mozilla:network_security_services:3.9.1 cpe:/a:mozilla:network_security_services:3.9.2 cpe:/a:mozilla:network_security_services:3.9.3 cpe:/a:mozilla:network_security_services:3.9.4 cpe:/a:mozilla:network_security_services:3.9.5 cpe:/a:mozilla:network_security_services:3.10 cpe:/a:mozilla:network_security_services:3.10.1 cpe:/a:mozilla:network_security_services:3.10.2 cpe:/a:mozilla:network_security_services:3.11 cpe:/a:mozilla:network_security_services:3.11.1 cpe:/a:mozilla:network_security_services:3.11.2 cpe:/a:mozilla:network_security_services:3.11.3 cpe:/a:mozilla:network_security_services:3.11.4 cpe:/a:mozilla:seamonkey:- cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:seamonkey:1.0:alpha cpe:/a:mozilla:seamonkey:1.0:beta cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:thunderbird:- cpe:/a:mozilla:thunderbird:0.1 cpe:/a:mozilla:thunderbird:0.2 cpe:/a:mozilla:thunderbird:0.3 cpe:/a:mozilla:thunderbird:0.4 cpe:/a:mozilla:thunderbird:0.5 cpe:/a:mozilla:thunderbird:0.6 cpe:/a:mozilla:thunderbird:0.7 cpe:/a:mozilla:thunderbird:0.7:- cpe:/a:mozilla:thunderbird:0.7:rc cpe:/a:mozilla:thunderbird:0.7.1 cpe:/a:mozilla:thunderbird:0.7.2 cpe:/a:mozilla:thunderbird:0.7.3 cpe:/a:mozilla:thunderbird:0.8 cpe:/a:mozilla:thunderbird:0.9 cpe:/a:mozilla:thunderbird:1.0 cpe:/a:mozilla:thunderbird:1.0:- cpe:/a:mozilla:thunderbird:1.0:rc cpe:/a:mozilla:thunderbird:1.0.2 cpe:/a:mozilla:thunderbird:1.0.5 cpe:/a:mozilla:thunderbird:1.0.6 cpe:/a:mozilla:thunderbird:1.0.7 cpe:/a:mozilla:thunderbird:1.0.8 cpe:/a:mozilla:thunderbird:1.1:alpha1 cpe:/a:mozilla:thunderbird:1.1:alpha2 cpe:/a:mozilla:thunderbird:1.5 cpe:/a:mozilla:thunderbird:1.5:- cpe:/a:mozilla:thunderbird:1.5:beta1 cpe:/a:mozilla:thunderbird:1.5:beta2 cpe:/a:mozilla:thunderbird:1.5:rc1 cpe:/a:mozilla:thunderbird:1.5:rc2 cpe:/a:mozilla:thunderbird:1.5.0.2 cpe:/a:mozilla:thunderbird:1.5.0.4 cpe:/a:mozilla:thunderbird:1.5.0.5 cpe:/a:mozilla:thunderbird:1.5.0.7 cpe:/a:mozilla:thunderbird:1.5.0.8 cpe:/a:mozilla:thunderbird:1.5.0.9 cpe:/o:canonical:ubuntu_linux:5.10 cpe:/o:canonical:ubuntu_linux:6.06::~~lts~~~ cpe:/o:canonical:ubuntu_linux:6.10 cpe:/o:debian:debian_linux:3.1 cpe:/o:debian:debian_linux:4.0

CVE-2007-0009

2007-02-26T15:28:00.000-05:00

2019-10-09T18:51:51.787-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SGI 20070202-01-P SGI 20070301-01-P FEDORA FEDORA-2007-278 FEDORA FEDORA-2007-279 FEDORA FEDORA-2007-308 FEDORA FEDORA-2007-309 HP HPSBUX02153 IDEFENSE 20070223 Mozilla Network Security Services SSLv2 Server Stack Overflow Vulnerability SUSE SUSE-SA:2007:019 REDHAT RHSA-2007:0077 GENTOO GLSA-200703-18 SLACKWARE SSA:2007-066-05 SLACKWARE SSA:2007-066-04 SLACKWARE SSA:2007-066-03 SUNALERT 102856 SUNALERT 102945 DEBIAN DSA-1336 GENTOO GLSA-200703-22 CERT-VN VU#592796 MANDRIVA MDKSA-2007:050 MANDRIVA MDKSA-2007:052 CONFIRM http://www.mozilla.org/security/announce/2007/mfsa2007-06.html SUSE SUSE-SA:2007:022 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html REDHAT RHSA-2007:0078 REDHAT RHSA-2007:0079 REDHAT RHSA-2007:0097 REDHAT RHSA-2007:0108 BUGTRAQ 20070226 rPSA-2007-0040-1 firefox BUGTRAQ 20070303 rPSA-2007-0040-3 firefox thunderbird BID 64758 SECTRACK 1017696 UBUNTU USN-428-1 UBUNTU USN-431-1 VUPEN ADV-2007-0718 VUPEN ADV-2007-0719 VUPEN ADV-2007-1165 VUPEN ADV-2007-2141 MISC https://bugzilla.mozilla.org/show_bug.cgi?id=364323 XF nss-clientmasterkey-bo(32663) CONFIRM https://issues.rpath.com/browse/RPL-1081 CONFIRM https://issues.rpath.com/browse/RPL-1103 Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.

cpe:/a:the_gimp_team:gimp_toolkit:2.4.12

CVE-2007-0010

2007-01-24T14:28:00.000-05:00

2017-10-10T21:31:32.017-04:00

2.1

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov SECTRACK 1017552 MANDRIVA MDKSA-2007:039 SUSE SUSE-SR:2007:002 REDHAT RHSA-2007:0019 BID 22209 UBUNTU USN-415-1 VUPEN ADV-2007-0331 CONFIRM https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218932 CONFIRM https://issues.rpath.com/browse/RPL-984 DEBIAN DSA-1256 The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.

cpe:/a:citrix:access_gateway:4.0 cpe:/a:citrix:access_gateway:4.2 cpe:/a:citrix:access_gateway:4.5::advanced cpe:/a:citrix:access_gateway:4.5::standard

CVE-2007-0011

2007-11-05T12:46:00.000-05:00

2018-10-16T12:30:16.790-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SECTRACK 1018435 CONFIRM http://support.citrix.com/article/CTX112803 CONFIRM http://support.citrix.com/article/CTX113814 BUGTRAQ 20071022 Corsaire Security Advisory - Citrix Access Gateway session ID disclosure issue BID 24975 VUPEN ADV-2007-2583 XF citrix-access-unspeci-information-disclosure(35510) The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading "residual information", including the a referer log, browser history, or browser cache.

cpe:/a:sun:jre:1.5.0:update10 cpe:/a:sun:jre:1.5.0:update11 cpe:/a:sun:jre:1.5.0:update12 cpe:/a:sun:jre:1.5.0:update13 cpe:/a:sun:jre:1.5.0:update7 cpe:/a:sun:jre:1.5.0:update8 cpe:/a:sun:jre:1.5.0:update9

CVE-2007-0012

2008-01-09T18:46:00.000-05:00

2018-10-16T12:30:17.367-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov SREASON 3527 BUGTRAQ 20080108 Corsaire Security Advisory: Sun J2RE DoS issue BID 27185 XF sun-java-jpiexp32-dos(39549) Sun JRE 5.0 before update 14 allows remote attackers to cause a denial of service (Internet Explorer crash) via an object tag with an encoded applet and an undefined name attribute, which triggers a NULL pointer dereference in jpiexp32.dll when the applet is decoded and passed to the JVM.

cpe:/a:sun:chainkey_java_code_protection

CVE-2007-0014

2007-01-16T19:28:00.000-05:00

2018-10-16T12:30:17.680-04:00

4.4

LOCAL

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070112 Corsaire Security Advisory: ChainKey Java Code Protection Bypass issue BUGTRAQ 20070112 Re: Corsaire Security Advisory: ChainKey Java Code Protection Bypass issue ChainKey Java Code Protection allows attackers to decompile Java class files via a Java class loader with a modified defineClass method that saves the bytecode to a file before it is passed to the JVM.

cpe:/a:apple:quicktime:7.1.3

CVE-2007-0015

2007-01-01T18:28:00.000-05:00

2017-10-18T21:29:55.503-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=304989 MISC http://isc.sans.org/diary.html?storyid=2094 MISC http://landonf.bikemonkey.org/code/macosx/MOAB_Day_1.20070102060815.15950.zadder.local.html APPLE APPLE-SA-2007-01-23 MISC http://projects.info-pull.com/moab/MOAB-01-01-2007.html SECTRACK 1017461 CERT-VN VU#442497 BID 21829 CERT TA07-005A VUPEN ADV-2007-0001 XF quicktime-rtsp-url-bo(31203) EXPLOIT-DB 3064 Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI.

cpe:/a:netfarer:movieplay:4.76

CVE-2007-0016

2007-01-02T21:28:00.000-05:00

2017-10-10T21:31:32.080-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

BID 21840 EXPLOIT-DB 4051 Stack-based buffer overflow in MoviePlay 4.76 allows remote attackers to execute arbitrary code via a long filename in a LST file.

cpe:/a:videolan:vlc_media_player:0.7.0 cpe:/a:videolan:vlc_media_player:0.7.1 cpe:/a:videolan:vlc_media_player:0.7.2 cpe:/a:videolan:vlc_media_player:0.8.0 cpe:/a:videolan:vlc_media_player:0.8.1 cpe:/a:videolan:vlc_media_player:0.8.2 cpe:/a:videolan:vlc_media_player:0.8.4 cpe:/a:videolan:vlc_media_player:0.8.4a cpe:/a:videolan:vlc_media_player:0.8.5 cpe:/a:videolan:vlc_media_player:0.8.6

CVE-2007-0017

2007-01-02T21:28:00.000-05:00

2017-10-10T21:31:32.157-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

MISC http://applefun.blogspot.com/2007/01/moab-02-01-2007-vlc-media-player-udp.html MISC http://landonf.bikemonkey.org/code/macosx/MOAB_Day_2.20070103045559.6753.timor.html MISC http://projects.info-pull.com/moab/MOAB-02-01-2007.html GENTOO GLSA-200701-24 SECTRACK 1017464 CONFIRM http://trac.videolan.org/vlc/changeset/18481 DEBIAN DSA-1252 SUSE SUSE-SA:2007:013 BID 21852 MLIST [vlc-devel] 20070102 Security hole in VLC media player for Mac... CONFIRM http://www.videolan.org/patches/vlc-0.8.6-MOAB-02-01-2007.patch CONFIRM http://www.videolan.org/sa0701.html VUPEN ADV-2007-0026 XF vlcmediaplayer-udp-format-string(31226) Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file.

cpe:/a:altdo:convert_mp3_master:1.1 cpe:/a:altdo:mp3_record_and_edit_audio_master:1.2 cpe:/a:americanshareware:mp3_wav_converter:3.1.8 cpe:/a:audio_edit_magic:audio_edit_magic:9.2.3_389 cpe:/a:bearshare:bearshare:6.0.2.26789 cpe:/a:cdburnerxp:cdburnerxp_pro:3.0.116 cpe:/a:cheetahburner:cheetah_cd_burner:3.56 cpe:/a:cheetahburner:cheetah_dvd_burner:1.79 cpe:/a:code-it_softare:abasic_editor:10.1 cpe:/a:code-it_softare:wave_mp3_editor:10.1 cpe:/a:dandans_digital_media_products:easy_audio_editor:7.4 cpe:/a:dandans_digital_media_products:full_audio_converter:4.2 cpe:/a:dandans_digital_media_products:music_editing_master:5.2 cpe:/a:dandans_digital_media_products:visual_video_converter:4.4 cpe:/a:digital_borneo:audio_mixer_and_editor:1.1.0 cpe:/a:easy_ringtone_maker:easy_ringtone_maker:2.0.5 cpe:/a:expstudio:audio_editor:4.0.2 cpe:/a:iaudiosoft.com:absolute_mp3_splitter:2.5.4 cpe:/a:iaudiosoft.com:absolute_sound_recorder:3.4.5 cpe:/a:iaudiosoft.com:absolute_video_to_audio_converter:2.7.9 cpe:/a:imesh.com:imesh:7.0.2.26789 cpe:/a:j_hepple_products:fx_audio_concat:1.2.0_beta cpe:/a:j_hepple_products:fx_audio_editor:4.7.11 cpe:/a:j_hepple_products:fx_audio_tools:7.3.4 cpe:/a:j_hepple_products:fx_magic_music:5.7.7 cpe:/a:j_hepple_products:fx_movie_joiner:6.2.8 cpe:/a:j_hepple_products:fx_movie_joiner_and_splitter:6.2.8 cpe:/a:j_hepple_products:fx_movie_splitter:6.4.7 cpe:/a:j_hepple_products:fx_new_sound:5.1.1 cpe:/a:j_hepple_products:fx_video_converter:7.51.21 cpe:/a:joshua_mediasoft:audio_convertor_plus:2.2 cpe:/a:joshua_mediasoft:video_converter_plus:3.01 cpe:/a:magicvideosoftare:magic_audio_converter:8.2.6_build_719 cpe:/a:magicvideosoftare:magic_audio_recorder:5.3.7 cpe:/a:magicvideosoftare:magic_music_editor:5.2.2 cpe:/a:mcfunsoft:audio_editor:6.3.3_build_489 cpe:/a:mcfunsoft:audio_recorder_for_free:6.1 cpe:/a:mcfunsoft:audio_studio:6.6.3_build_479 cpe:/a:mcfunsoft:ipod_audio_studio:6.2.4 cpe:/a:mcfunsoft:ipod_music_converter:5.1 cpe:/a:mcfunsoft:recording_to_ipod_solution:5.1 cpe:/a:mediatox:aurora_media_workshop:3.3.25 cpe:/a:movavi:chiliburner:2.3 cpe:/a:movavi:convertmovie:4.4 cpe:/a:movavi:dvd_to_ipod:1.0 cpe:/a:movavi:splitmovie:1.4 cpe:/a:movavi:suite:3.5 cpe:/a:movavi:videomessage:1.0 cpe:/a:mp3-soft:mp3_normalizer:1.03 cpe:/a:mystik_media_products:audioedit_deluxe:4.10 cpe:/a:mystik_media_products:blaze_media_pro:7.0 cpe:/a:mystik_media_products:blaze_mediaconvert:3.4 cpe:/a:mystik_media_products:contextconvert_pro:3.1 cpe:/a:nctsoft_products:nctaudioeditor:2.7.1 cpe:/a:nctsoft_products:nctaudiofile2 cpe:/a:nctsoft_products:nctaudiostudio:2.7.1 cpe:/a:nctsoft_products:nctdialogicvoice:2.7.1 cpe:/a:nextlevel_systems:audio_editor_gold:9.2.5_build_424 cpe:/a:nextlevel_systems:audio_studio_gold:7.0.1.1_build_500 cpe:/a:quikscribe:quikscribe_player:5.022.05 cpe:/a:quikscribe:quikscribe_recorder:5.021.29 cpe:/a:recordnrip:recordnrip:1.0 cpe:/a:rmbsoft:audioconvert:3.1.0.125 cpe:/a:rmbsoft:soundedit_pro:2.1 cpe:/a:roemer_software:easy_hi-q_converter:1.7 cpe:/a:roemer_software:easy_hi-q_recorder:2.0 cpe:/a:roemer_software:free_hi-q_recorder:1.9 cpe:/a:sienzo:digital_music_mentor:2.6.0.3 cpe:/a:smart_media_systems:power_audio_editor:11.0.1 cpe:/a:softdiv_softare:dexster:3.0 cpe:/a:softdiv_softare:ivideomax:3.9 cpe:/a:softdiv_softare:mp3_to_wav_converter:3.0 cpe:/a:softdiv_softare:snosh:1.4 cpe:/a:softdiv_softare:videozilla:2.5 cpe:/a:virtual_cd:virtual_cd:6.0.0.7 cpe:/a:virtual_cd:virtual_cd:7.1.0.2 cpe:/a:virtual_cd:virtual_cd:8.0.0.6 cpe:/a:virtual_cd:virtual_cd_file_server:7.1.0.3 cpe:/a:xrlly_software:arial_audio_converter:2.3.40 cpe:/a:xrlly_software:arial_sound_recorder:1.4.3 cpe:/a:xrlly_software:text_to_speech_maker:1.3.8 cpe:/a:xwaver.com:magic_audio_editor_pro:10.3.1_build_476 cpe:/a:xwaver.com:magic_music_studio_pro:7.0.2.1_build_500

CVE-2007-0018

2007-01-24T16:28:00.000-05:00

2018-10-16T12:30:18.023-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CERT-VN VU#292713 BUGTRAQ 20070124 Secunia Research: NCTsoft Products NCTAudioFile2 ActiveX ControlBuffer Overflow BUGTRAQ 20070124 Secunia Research: Sienzo Digital Music Mentor NCTAudioFile2ActiveX Control Buffer Overflow BUGTRAQ 20070124 Re: Secunia Research: NCTsoft Products NCTAudioFile2 ActiveXControl Buffer Overflow BID 22196 BID 23892 VUPEN ADV-2007-0310 XF nctaudiofile2-multiple-bo(31707) Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the products include (1) NCTsoft NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice; (2) Magic Audio Recorder, Music Editor, and Audio Converter; (3) Aurora Media Workshop; DB Audio Mixer And Editor; (4) J. Hepple Products including Fx Audio Editor and others; (5) EXPStudio Audio Editor; (6) iMesh; (7) Quikscribe; (8) RMBSoft AudioConvert and SoundEdit Pro 2.1; (9) CDBurnerXP; (10) Code-it Software Wave MP3 Editor and aBasic Editor; (11) Movavi VideoMessage, DVD to iPod, and others; (12) SoftDiv Software Dexster, iVideoMAX, and others; (13) Sienzo Digital Music Mentor (DMM); (14) MP3 Normalizer; (15) Roemer Software FREE and Easy Hi-Q Recorder, and Easy Hi-Q Converter; (16) Audio Edit Magic; (17) Joshua Video and Audio Converter; (18) Virtual CD; (19) Cheetah CD and DVD Burner; (20) Mystik Media AudioEdit Deluxe, Blaze Media, and others; (21) Power Audio Editor; (22) DanDans Digital Media Full Audio Converter, Music Editing Master, and others; (23) Xrlly Software Text to Speech Makerand Arial Sound Recorder / Audio Converter; (24) Absolute Sound Recorder, Video to Audio Converter, and MP3 Splitter; (25) Easy Ringtone Maker; (26) RecordNRip; (27) McFunSoft iPod Audio Studio, Audio Recorder for Free, and others; (28) MP3 WAV Converter; (29) BearShare 6.0.2.26789; and (30) Oracle Siebel SimBuilder and CRM 7.x.

cpe:/a:maxum_development_corporation:rumpus_ftp_server:5.1

CVE-2007-0019

2007-01-19T16:28:00.000-05:00

2017-07-28T21:29:54.437-04:00

6.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://projects.info-pull.com/moab/MOAB-18-01-2007.html XF rumpus-ftp-http-bo(31594) Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earlier (1) allow remote authenticated users to execute arbitrary code via a long LIST command and other unspecified requests to the FTP service, and (2) allow remote attackers to execute arbitrary code via unspecified requests to the HTTP service.

cpe:/a:panic_transmit:panic_transmit:3.5.5

CVE-2007-0020

2007-01-23T20:28:00.000-05:00

2017-10-18T21:29:55.550-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

MISC http://projects.info-pull.com/moab/MOAB-19-01-2007.html BID 22145 VUPEN ADV-2007-0273 XF transmit-url-handler-bo(31673) EXPLOIT-DB 3160 Heap-based buffer overflow in the SFTP protocol handler for Panic Transmit (Transmit.app) up to 3.5.5 allows remote attackers to execute arbitrary code via a long ftps:// URL.

cpe:/a:apple:ichat:3.1.6

CVE-2007-0021

2007-01-22T19:28:00.000-05:00

2017-07-28T21:29:54.547-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=305102 APPLE APPLE-SA-2007-02-15 MISC http://projects.info-pull.com/moab/MOAB-20-01-2007.html CERT-VN VU#794752 BID 22146 SECTRACK 1017661 CERT TA07-047A VUPEN ADV-2007-0274 XF ichat-aim-format-string(31679) Format string vulnerability in Apple iChat 3.1.6 allows remote attackers to cause a denial of service (null pointer dereference and application crash) and possibly execute arbitrary code via format string specifiers in an aim:// URI.

cpe:/o:apple:mac_os_x:10.4.8

CVE-2007-0022

2007-01-22T19:28:00.000-05:00

2017-07-28T21:29:54.610-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=305391 APPLE APPLE-SA-2007-04-19 MISC http://projects.info-pull.com/moab/MOAB-21-01-2007.html BID 22148 SECTRACK 1017941 CERT TA07-109A VUPEN ADV-2007-0074 VUPEN ADV-2007-1470 XF macos-writeconfig-privilege-escalation(31677) Untrusted search path vulnerability in writeconfig in Apple Mac OS X 10.4.8 allows local users to gain privileges via a modified PATH that points to a malicious launchctl program.

cpe:/o:apple:mac_os_x:10.4.8

CVE-2007-0023

2007-01-23T20:28:00.000-05:00

2017-07-28T21:29:54.670-04:00

6.9

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=305102 APPLE APPLE-SA-2007-02-15 MISC http://projects.info-pull.com/moab/MOAB-22-01-2007.html SECTRACK 1017542 CERT-VN VU#315856 BID 22188 CERT TA07-047A VUPEN ADV-2007-0074 XF macos-inputmanager-privilege-escalation(31676) The CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, when used in combination with diskutil, allows local users to gain privileges via a malicious InputManager in Library/InputManagers in a user's home directory, which is executed when Cocoa applications attempt to notify the user.

cpe:/a:microsoft:ie:5.01:sp4 cpe:/a:microsoft:ie:6.0:sp1 cpe:/a:microsoft:ie:7.0

CVE-2007-0024

2007-01-09T18:28:00.000-05:00

2018-10-16T12:30:32.743-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

IDEFENSE 20070109 Microsoft Windows VML Element Integer Overflow Vulnerability SECTRACK 1017489 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm MSKB 929969 CERT-VN VU#122084 BUGTRAQ 20070116 MS07-004 VML Integer Overflow Exploit BUGTRAQ 20070117 Re: MS07-004 VML Integer Overflow Exploit HP HPSBST02184 BID 21930 CERT TA07-009A VUPEN ADV-2007-0105 VUPEN ADV-2007-0129 MS MS07-004 XF ie-vml-record-bo(31287) Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."

cpe:/a:microsoft:visual_studio_.net:2000 cpe:/a:microsoft:visual_studio_.net:2000:sp1 cpe:/a:microsoft:visual_studio_.net:2003:gold cpe:/o:microsoft:windows_2003_server:2000:sp4 cpe:/o:microsoft:windows_2003_server:2003:sp2 cpe:/o:microsoft:windows_2003_server:xp_sp2

CVE-2007-0025

2007-02-13T15:28:00.000-05:00

2018-10-12T17:42:00.530-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CERT-VN VU#932041 BID 22476 SECTRACK 1017638 CERT TA07-044A VUPEN ADV-2007-0581 MS MS07-012 The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll.

cpe:/o:microsoft:windows_2000 cpe:/o:microsoft:windows_2003_server:sp1 cpe:/o:microsoft:windows_xp::sp2:tablet_pc

CVE-2007-0026

2007-02-13T15:28:00.000-05:00

2018-10-12T17:42:01.373-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CERT-VN VU#497756 BID 22483 SECTRACK 1017637 CERT TA07-044A VUPEN ADV-2007-0580 MS MS07-011 The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.

cpe:/a:microsoft:excel:2000 cpe:/a:microsoft:excel:2002 cpe:/a:microsoft:excel:2003 cpe:/a:microsoft:excel_viewer:2003 cpe:/a:microsoft:office:2000:sp3 cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:office:2004::mac cpe:/a:microsoft:office:v.x::mac cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:works:2004 cpe:/a:microsoft:works:2005

CVE-2007-0027

2007-01-09T17:28:00.000-05:00

2018-10-16T12:30:34.523-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SECTRACK 1017487 CERT-VN VU#749964 HP HPSBST02184 BID 21856 CERT TA07-009A VUPEN ADV-2007-0103 MS MS07-002 Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.

CVE-2007-0028

2007-01-09T18:28:00.000-05:00

2018-10-16T12:30:35.273-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SECTRACK 1017485 MISC http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-30.html MISC http://www.fortinet.com/FortiGuardCenter/advisory/FGA-2007-01.html CERT-VN VU#493185 HP HPSBST02184 BID 21952 CERT TA07-009A VUPEN ADV-2007-0103 MS MS07-002 Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used.

CVE-2007-0029

2007-01-09T18:28:00.000-05:00

2018-10-16T12:30:36.227-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SECTRACK 1017487 HP HPSBST02184 BID 21877 CERT TA07-009A VUPEN ADV-2007-0103 MS MS07-002 Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability."

CVE-2007-0030

2007-01-09T18:28:00.000-05:00

2018-10-16T12:30:36.883-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

IDEFENSE 20070109 Microsoft Excel Invalid Column Heap Corruption Vulnerability SECTRACK 1017487 CERT-VN VU#302836 HP HPSBST02184 BID 21925 CERT TA07-009A VUPEN ADV-2007-0103 MS MS07-002 Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.

CVE-2007-0031

2007-01-09T18:28:00.000-05:00

2018-10-16T12:30:37.710-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

IDEFENSE 20070109 Microsoft Excel Long Palette Heap Overflow Vulnerability SECTRACK 1017487 CERT-VN VU#625532 HP HPSBST02184 BID 21922 CERT TA07-009A VUPEN ADV-2007-0103 MS MS07-002 Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries.

CVE-2007-0032

2017-05-11T10:29:05.447-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none.

cpe:/a:microsoft:office:2000:sp3 cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:outlook:2000 cpe:/a:microsoft:outlook:2002 cpe:/a:microsoft:outlook:2003

CVE-2007-0033

2007-01-09T18:28:00.000-05:00

2018-10-16T12:30:38.587-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SECTRACK 1017488 CERT-VN VU#476900 HP HPSBST02184 BID 21931 CERT TA07-009A VUPEN ADV-2007-0104 MS MS07-003 Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.

cpe:/a:microsoft:office:2000:sp3 cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:outlook:2000 cpe:/a:microsoft:outlook:2002 cpe:/a:microsoft:outlook:2003

CVE-2007-0034

2007-01-09T18:28:00.000-05:00

2018-10-16T12:30:39.337-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SECTRACK 1017488 MISC http://www.computerterrorism.com/research/ct09-01-2007.htm CERT-VN VU#271860 BUGTRAQ 20070111 Computer Terrorism (UK) :: Incident Response Centre - Microsoft Outlook Vulnerability HP HPSBST02184 BID 21936 CERT TA07-009A VUPEN ADV-2007-0104 MS MS07-003 Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability."

cpe:/a:microsoft:office:2000:sp3 cpe:/a:microsoft:office:2003 cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:office:2004::mac cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:works:2004 cpe:/a:microsoft:works:2005 cpe:/a:microsoft:works:2006

CVE-2007-0035

2007-05-08T18:19:00.000-04:00

2018-10-30T12:26:20.590-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CERT-VN VU#260777 HP HPSBST02214 BID 23804 SECTRACK 1018013 CERT TA07-128A VUPEN ADV-2007-1709 MS MS07-024 Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."

CVE-2007-0036

2017-05-11T10:29:05.463-04:00

2017-05-11T10:29:05.480-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none.

CVE-2007-0037

2017-05-11T10:29:05.497-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none.

cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_2003_server:gold cpe:/o:microsoft:windows_2003_server:gold::itanium cpe:/o:microsoft:windows_2003_server:gold::x64 cpe:/o:microsoft:windows_2003_server:sp1 cpe:/o:microsoft:windows_2003_server:sp1::itanium cpe:/o:microsoft:windows_2003_server:sp2 cpe:/o:microsoft:windows_2003_server:sp2::itanium cpe:/o:microsoft:windows_2003_server:sp2::x64 cpe:/o:microsoft:windows_vista::gold cpe:/o:microsoft:windows_vista::gold:x64 cpe:/o:microsoft:windows_xp::gold:professional_x64 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_xp::sp2:professional_x64

CVE-2007-0038

2007-03-30T16:19:00.000-04:00

2018-10-16T12:30:41.087-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

FULLDISC 20070330 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038) SREASON 2542 MISC http://www.determina.com/security_center/security_advisories/securityadvisory_0day_032907.asp CERT-VN VU#191609 BUGTRAQ 20070330 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038) BUGTRAQ 20070330 Re: 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038) BUGTRAQ 20070331 Re: 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038) BUGTRAQ 20070331 RE: [Full-disclosure] 0-day ANI vulnerability in Microsoft Windows(CVE-2007-0038) BUGTRAQ 20070402 More information on ZERT patch for ANI 0day BUGTRAQ 20070402 MS announces out-of-band patch for ANI 0day HP HPSBST02206 CERT TA07-089A CERT TA07-093A CERT TA07-100A VUPEN ADV-2007-1215 MS MS07-017 XF win-ani-code-execution(33301) Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred.

cpe:/a:microsoft:exchange_server:2000:sp3 cpe:/a:microsoft:exchange_server:2003:sp1 cpe:/a:microsoft:exchange_server:2003:sp2 cpe:/a:microsoft:exchange_server:2007

CVE-2007-0039

2007-05-08T19:19:00.000-04:00

2018-10-16T12:30:43.257-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov FULLDISC 20070509 Exchange Calendar MODPROPS Denial of Service (CVE-2007-0039) MISC http://www.determina.com/security.research/vulnerabilities/exchange-ical-modprops.html BUGTRAQ 20070508 Exchange Calendar MODPROPS Denial of Service (CVE-2007-0039) HP HPSBST02214 BID 23808 SECTRACK 1018015 CERT TA07-128A VUPEN ADV-2007-1711 MS MS07-026 XF exchange-ical-dos(33888) The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.

cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_2003_server:::x64 cpe:/o:microsoft:windows_2003_server::sp1 cpe:/o:microsoft:windows_2003_server::sp1:itanium cpe:/o:microsoft:windows_2003_server::sp2 cpe:/o:microsoft:windows_2003_server::sp2:x64

CVE-2007-0040

2007-07-10T18:30:00.000-04:00

2019-04-30T10:27:13.913-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

HP SSRT071446 ISS 20070710 Microsoft Windows Active Directory Remote Code Execution CERT-VN VU#487905 BID 24800 SECTRACK 1018355 CERT TA07-191A VUPEN ADV-2007-2481 MS MS07-039 The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."

cpe:/a:microsoft:.net_framework:1.0 cpe:/a:microsoft:.net_framework:1.1 cpe:/a:microsoft:.net_framework:2.0

CVE-2007-0041

2007-07-10T18:30:00.000-04:00

2018-10-30T12:25:38.340-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

HP SSRT071446 BID 24778 SECTRACK 1018356 CERT TA07-191A VUPEN ADV-2007-2482 MS MS07-040 XF ms-dotnet-pe-loader-bo(34637) The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.

cpe:/a:microsoft:.net_framework:1.0 cpe:/a:microsoft:.net_framework:1.1 cpe:/a:microsoft:.net_framework:2.0

CVE-2007-0042

2007-07-10T18:30:00.000-04:00

2018-10-30T12:25:38.340-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

NONE

http://nvd.nist.gov HP SSRT071446 MISC http://security-assessment.com/files/advisories/2007-07-11_Multiple_.NET_Null_Byte_Injection_Vulnerabilities.pdf SECTRACK 1018356 CERT TA07-191A VUPEN ADV-2007-2482 MS MS07-040 Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."

cpe:/a:microsoft:.net_framework:1.0 cpe:/a:microsoft:.net_framework:1.1 cpe:/a:microsoft:.net_framework:2.0

CVE-2007-0043

2007-07-10T18:30:00.000-04:00

2018-10-30T12:25:38.340-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

HP SSRT071446 BID 24811 SECTRACK 1018356 CERT TA07-191A VUPEN ADV-2007-2482 MS MS07-040 XF ms-dotnet-jit-bo(34639) The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".

cpe:/a:adobe:acrobat:7.0::professional cpe:/a:adobe:acrobat:7.0::standard cpe:/a:adobe:acrobat:7.0.1::professional cpe:/a:adobe:acrobat:7.0.1::standard cpe:/a:adobe:acrobat:7.0.2::professional cpe:/a:adobe:acrobat:7.0.2::standard cpe:/a:adobe:acrobat:7.0.3::professional cpe:/a:adobe:acrobat:7.0.3::standard cpe:/a:adobe:acrobat:7.0.4::professional cpe:/a:adobe:acrobat:7.0.4::standard cpe:/a:adobe:acrobat:7.0.5::professional cpe:/a:adobe:acrobat:7.0.5::standard cpe:/a:adobe:acrobat:7.0.6::professional cpe:/a:adobe:acrobat:7.0.6::standard cpe:/a:adobe:acrobat:7.0.7::professional cpe:/a:adobe:acrobat:7.0.7::standard cpe:/a:adobe:acrobat:7.0.8::elements cpe:/a:adobe:acrobat:7.0.8::professional cpe:/a:adobe:acrobat:7.0.8::standard cpe:/a:adobe:acrobat_3d cpe:/a:adobe:acrobat_reader:6.0 cpe:/a:adobe:acrobat_reader:6.0.1 cpe:/a:adobe:acrobat_reader:6.0.2 cpe:/a:adobe:acrobat_reader:6.0.3 cpe:/a:adobe:acrobat_reader:6.0.4 cpe:/a:adobe:acrobat_reader:6.0.5 cpe:/a:adobe:acrobat_reader:7.0 cpe:/a:adobe:acrobat_reader:7.0.1 cpe:/a:adobe:acrobat_reader:7.0.2 cpe:/a:adobe:acrobat_reader:7.0.3 cpe:/a:adobe:acrobat_reader:7.0.4 cpe:/a:adobe:acrobat_reader:7.0.5 cpe:/a:adobe:acrobat_reader:7.0.6 cpe:/a:adobe:acrobat_reader:7.0.7 cpe:/a:adobe:acrobat_reader:7.0.8

CVE-2007-0044

2007-01-03T16:28:00.000-05:00

2018-10-16T12:30:44.477-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov MISC http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf SUSE SUSE-SA:2007:011 GENTOO GLSA-200701-16 SREASON 2090 SECTRACK 1017469 REDHAT RHSA-2008:0144 BUGTRAQ 20070103 Adobe Acrobat Reader Plugin - Multiple Vulnerabilities BID 21858 VUPEN ADV-2007-0032 MISC http://www.wisec.it/vulns.php?page=9 XF adobe-acrobat-pdf-csrf(31266) Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding."

CVE-2007-0045

2007-01-03T16:28:00.000-05:00

2018-10-16T12:30:46.040-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html HP HPSBUX02153 SUSE SUSE-SA:2007:011 GENTOO GLSA-200701-16 SREASON 2090 SECTRACK 1017469 SECTRACK 1023007 SLACKWARE SSA:2007-066-05 SUNALERT 102847 CONFIRM http://www.adobe.com/support/security/advisories/apsa07-01.html CONFIRM http://www.adobe.com/support/security/advisories/apsa07-02.html CONFIRM http://www.adobe.com/support/security/bulletins/apsb07-01.html CONFIRM http://www.adobe.com/support/security/bulletins/apsb09-15.html MISC http://www.disenchant.ch/blog/hacking-with-browser-plugins/34 CONFIRM http://www.gnucitizen.org/blog/danger-danger-danger/ MISC http://www.gnucitizen.org/blog/universal-pdf-xss-after-party CERT-VN VU#815960 CONFIRM http://www.mozilla.org/security/announce/2007/mfsa2007-02.html REDHAT RHSA-2007:0021 BUGTRAQ 20070103 Universal XSS with PDF files: highly dangerous BUGTRAQ 20070103 Re: Universal XSS with PDF files: highly dangerous BUGTRAQ 20070103 Adobe Acrobat Reader Plugin - Multiple Vulnerabilities BUGTRAQ 20070103 Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous BUGTRAQ 20070103 RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous BUGTRAQ 20070104 Universal PDF XSS After Party BID 21858 CERT TA09-286B VUPEN ADV-2007-0032 VUPEN ADV-2007-0957 VUPEN ADV-2009-2898 MISC http://www.wisec.it/vulns.php?page=9 XF adobe-acrobat-pdf-xss(31271) REDHAT RHSA-2007:0017 Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)."

cpe:/a:adobe:acrobat_reader:7.0.8

CVE-2007-0046

2007-01-03T16:28:00.000-05:00

2018-10-16T12:30:51.367-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf SUSE SUSE-SA:2007:011 GENTOO GLSA-200701-16 SREASON 2090 SECTRACK 1017469 SUNALERT 102847 CONFIRM http://www.adobe.com/support/security/bulletins/apsb07-01.html REDHAT RHSA-2007:0021 BUGTRAQ 20070103 Adobe Acrobat Reader Plugin - Multiple Vulnerabilities VUPEN ADV-2007-0032 VUPEN ADV-2007-0957 MISC http://www.wisec.it/vulns.php?page=9 XF adobe-acrobat-msvcrt-code-execution(31272) REDHAT RHSA-2007:0017 Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.

cpe:/a:adobe:acrobat_reader:7.0.8

CVE-2007-0047

2007-01-03T16:28:00.000-05:00

2017-07-28T21:29:55.360-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf SUSE SUSE-SA:2007:011 SECTRACK 1017469 VUPEN ADV-2007-0032 XF adobe-acrobat-xmlhttp-response-splitting(31291) CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.

CVE-2007-0048

2007-01-03T16:28:00.000-05:00

2018-10-16T12:30:52.883-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov MISC http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf CONFIRM http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html SUSE SUSE-SA:2007:011 GENTOO GLSA-200701-16 SREASON 2090 SECTRACK 1017469 SECTRACK 1023007 CONFIRM http://www.adobe.com/support/security/bulletins/apsb07-01.html CONFIRM http://www.adobe.com/support/security/bulletins/apsb09-15.html BUGTRAQ 20070103 Adobe Acrobat Reader Plugin - Multiple Vulnerabilities CERT TA09-286B VUPEN ADV-2007-0032 VUPEN ADV-2009-2898 MISC http://www.wisec.it/vulns.php?page=9 XF adobe-acrobat-character-dos(31273) Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a "cross-site scripting issue."

cpe:/a:geckovich:tasktracker:1.4 cpe:/a:geckovich:tasktracker_pro:1.5

CVE-2007-0049

2007-01-04T06:28:00.000-05:00

2017-10-18T21:29:55.627-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 21847 XF tasktrackerpro-customize-auth-bypass(31235) EXPLOIT-DB 3068 Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to add administrative or other accounts via an Add action with a modified GroupID in a direct request to Customize.asp.

cpe:/a:openpinboard:openpinboard:2.0

CVE-2007-0050

2007-01-04T06:28:00.000-05:00

2018-10-16T12:30:54.523-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070106 Re: OpenPinboard <= Remote File Include BUGTRAQ 20070103 OpenPinboard <= Remote File Include BUGTRAQ 20070103 Re: OpenPinboard <= Remote File Include ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in OpenPinboard 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the language parameter. NOTE: this issue has been disputed by the developer and a third party, since the variable is set before use. CVE analysis suggests that there is a small time window of risk before the installation is complete.

cpe:/a:apple:iphoto:6.0.5

CVE-2007-0051

2007-01-04T13:28:00.000-05:00

2018-10-16T12:30:54.820-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

FULLDISC 20070104 DMA[2007-0104a] - 'iLife iPhoto Photocasing Format String Vulnerability' CONFIRM http://docs.info.apple.com/article.html?artnum=305215 APPLE APPLE-SA-2007-03-13 MISC http://projects.info-pull.com/moab/MOAB-04-01-2007.html BUGTRAQ 20070104 DMA[2007-0104a] - 'iLife iPhoto Photocasing Format String Vulnerability' BID 21871 VUPEN ADV-2007-0057 XF iphoto-xmltitle-format-string(31281) EXPLOIT-DB 3080 Format string vulnerability in Apple iPhoto 6.0.5 (316), and other versions before 6.0.6, allows remote user-assisted attackers to execute arbitrary code via a crafted photocast with format string specifiers in the title of an RSS iPhoto feed.

cpe:/a:vizayn_haber:vizayn_haber

CVE-2007-0052

2007-01-04T17:28:00.000-05:00

2017-10-18T21:29:55.737-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 21836 VUPEN ADV-2007-0015 XF vicayn-haberdetay-sql-injection(31213) EXPLOIT-DB 3061 SQL injection vulnerability in haberdetay.asp in Vizayn Haber allows remote attackers to execute arbitrary SQL commands via the id parameter.

cpe:/a:asp_siteware:autodealer:2.0

CVE-2007-0053

2007-01-04T17:28:00.000-05:00

2017-10-18T21:29:55.783-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 21833 VUPEN ADV-2007-0016 XF autodealer-detail-sql-injection(31219) EXPLOIT-DB 3062 SQL injection vulnerability in detail.asp in ASP SiteWare autoDealer 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the iPro parameter.

cpe:/a:belchior_foundry:vcard_pro

CVE-2007-0054

2007-01-04T17:28:00.000-05:00

2018-10-16T12:30:55.790-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070101 vBulletin vCard PRO XSS BID 21844 XF vcard-gbrowse-xss(31182) Cross-site scripting (XSS) vulnerability in gbrowse.php in Belchior Foundry vCard PRO allows remote attackers to inject arbitrary web script or HTML via the sortby parameter.

cpe:/a:fersch:formbankserver:1.9

CVE-2007-0055

2007-01-04T17:28:00.000-05:00

2017-10-18T21:29:55.847-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov VUPEN ADV-2007-0012 XF formbankserver-name-directory-traversal(31214) EXPLOIT-DB 3063 Directory traversal vulnerability in formbankcgi.exe/AbfrageForm in Formbankserver 1.9 allows remote attackers to read arbitrary files via directory traversal sequences in the Name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:ashopsoftware:ashop_administration_panel cpe:/a:ashopsoftware:ashop_deluxe:4.5

CVE-2007-0056

2007-01-04T17:28:00.000-05:00

2018-10-16T12:30:56.117-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2091 BUGTRAQ 20070101 AShop Shopping Cart Multiple XSS Vulnerabilities BID 21845 VUPEN ADV-2007-0028 XF ashop-multiple-scripts-xss(31178) Multiple cross-site scripting (XSS) vulnerabilities in AShop Deluxe 4.5 and AShop Administration Panel allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to (a) ashop/catalogue.php and (b) ashop/basket.php, the (2) exp parameter to ashop/catalogue.php, the (3) searchstring parameter to (c) ashop/search.php, the (4) checkout and (5) action parameters to (d) ashop/shipping.php, the cat parameter to (f) cart-path/admin/editcatalogue.php, and the (7) resultpage parameter to (g) cart-path/admin/salesadmin.php.

cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.6.0.1 cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.6.1 cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.6.1.1 cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.6.2 cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.6.2.1 cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.6.2.2 cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.6.3 cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.6.4 cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.6.4.0.1 cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.6.4.1 cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.6.4.2 cpe:/a:cisco:network_admission_control_manager_and_server_system_software:4.0.0.1 cpe:/a:cisco:network_admission_control_manager_and_server_system_software:4.0.1 cpe:/a:cisco:network_admission_control_manager_and_server_system_software:4.0.2 cpe:/a:cisco:network_admission_control_manager_and_server_system_software:4.0.2.1 cpe:/a:cisco:network_admission_control_manager_and_server_system_software:4.0.2.2 cpe:/a:cisco:network_admission_control_manager_and_server_system_software:4.0.3 cpe:/a:cisco:network_admission_control_manager_and_server_system_software:4.0.3.1

CVE-2007-0057

2007-01-04T17:28:00.000-05:00

2018-11-01T12:53:19.347-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2018-10-22T11:51:05.483-04:00

ALLOWS_ADMIN_ACCESS

SECTRACK 1017465 CISCO 20070103 Multiple Vulnerabilities in Cisco Clean Access VUPEN ADV-2007-0030 Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3.2 does not properly configure or allow modification of a shared secret authentication key, which causes all devices to have the same shared sercet and allows remote attackers to gain unauthorized access.

cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.5.1 cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.5.2 cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.5.3 cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.5.4 cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.5.5 cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.5.9 cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.6.0.1 cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.6.1 cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.6.1.1

CVE-2007-0058

2007-01-04T17:28:00.000-05:00

2018-10-30T12:25:04.370-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

NONE

http://nvd.nist.gov

2018-10-18T09:35:34.963-04:00

SECTRACK 1017465 CISCO 20070103 Multiple Vulnerabilities in Cisco Clean Access VUPEN ADV-2007-0030 Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 on the Clean Access Manager (CAM) allows remote attackers to bypass authentication and download arbitrary manual database backups by guessing the snapshot filename using brute force, then making a direct request for the file.

cpe:/a:apple:quicktime:3.0 cpe:/a:apple:quicktime:7.1.3

CVE-2007-0059

2007-01-04T19:28:00.000-05:00

2018-10-30T12:25:17.370-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=305149 APPLE APPLE-SA-2007-03-05 MISC http://projects.info-pull.com/moab/MOAB-03-01-2007.html MISC http://www.gnucitizen.org/blog/backdooring-quicktime-movies/ CERT-VN VU#304064 Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm.

cpe:/a:ca:advantage_data_transport:3.0 cpe:/a:ca:brightstor_portal:11.1 cpe:/a:ca:brightstor_san_manager:11.1 cpe:/a:ca:brightstor_san_manager:11.5 cpe:/a:ca:cleverpath_aion:10.0 cpe:/a:ca:cleverpath_ecm:3.5 cpe:/a:ca:cleverpath_olap:5.1 cpe:/a:ca:cleverpath_predictive_analysis_server:2.0 cpe:/a:ca:cleverpath_predictive_analysis_server:3.0 cpe:/a:ca:etrust_admin:2.1 cpe:/a:ca:etrust_admin:2.4 cpe:/a:ca:etrust_admin:2.7 cpe:/a:ca:etrust_admin:2.9 cpe:/a:ca:etrust_admin:8.0 cpe:/a:ca:etrust_admin:8.1 cpe:/a:ca:unicenter_application_performance_monitor:3.0 cpe:/a:ca:unicenter_application_performance_monitor:3.5 cpe:/a:ca:unicenter_asset_management:3.1 cpe:/a:ca:unicenter_asset_management:3.2 cpe:/a:ca:unicenter_asset_management:3.2:sp1 cpe:/a:ca:unicenter_asset_management:3.2:sp2 cpe:/a:ca:unicenter_asset_management:4.0 cpe:/a:ca:unicenter_asset_management:4.0:sp1 cpe:/a:ca:unicenter_data_transport_option:2.0 cpe:/a:ca:unicenter_enterprise_job_manager:1.0:sp1 cpe:/a:ca:unicenter_enterprise_job_manager:1.0:sp2 cpe:/a:ca:unicenter_jasmine:3.0 cpe:/a:ca:unicenter_management:4.0::lotus_notes_domino cpe:/a:ca:unicenter_management:4.0::microsoft_exchange cpe:/a:ca:unicenter_management:4.1::microsoft_exchange cpe:/a:ca:unicenter_management:5.0::web_servers cpe:/a:ca:unicenter_management:5.0.1::web_servers cpe:/a:ca:unicenter_network_and_systems_management:3.0 cpe:/a:ca:unicenter_network_and_systems_management:3.1 cpe:/a:ca:unicenter_nsm_wireless_network_management_option:3.0 cpe:/a:ca:unicenter_remote_control:6.0 cpe:/a:ca:unicenter_remote_control:6.0:sp1 cpe:/a:ca:unicenter_service_level_management:3.0 cpe:/a:ca:unicenter_service_level_management:3.0.1 cpe:/a:ca:unicenter_service_level_management:3.0.2 cpe:/a:ca:unicenter_service_level_management:3.5 cpe:/a:ca:unicenter_software_delivery:3.0 cpe:/a:ca:unicenter_software_delivery:3.1 cpe:/a:ca:unicenter_software_delivery:3.1:sp1 cpe:/a:ca:unicenter_software_delivery:3.1:sp2 cpe:/a:ca:unicenter_software_delivery:4.0 cpe:/a:ca:unicenter_software_delivery:4.0:sp1 cpe:/a:ca:unicenter_tng:2.1 cpe:/a:ca:unicenter_tng:2.2 cpe:/a:ca:unicenter_tng:2.2:::ja cpe:/a:ca:unicenter_tng:2.4 cpe:/a:ca:unicenter_tng:2.4.2

CVE-2007-0060

2007-07-25T20:30:00.000-04:00

2018-10-16T12:30:57.010-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://supportconnectw.ca.com/public/dto_transportit/infodocs/camsgquevul-secnot.asp CONFIRM http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149809 ISS 20070724 CA Message Queuing Server (Cam.exe) Overflow BUGTRAQ 20070725 [CAID 35527]: CA Message Queuing (CAM / CAFT) Buffer Overflow Vulnerability BID 25051 SECTRACK 1018449 VUPEN ADV-2007-2638 XF systems-management-bo(32234) Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104.

cpe:/a:vmware:ace:1.0 cpe:/a:vmware:ace:1.0.1 cpe:/a:vmware:ace:1.0.2 cpe:/a:vmware:ace:2.0 cpe:/a:vmware:player:1.0 cpe:/a:vmware:player:1.0.0 cpe:/a:vmware:player:1.0.1 cpe:/a:vmware:player:1.0.2 cpe:/a:vmware:player:1.0.3 cpe:/a:vmware:player:1.0.4 cpe:/a:vmware:player:2.0 cpe:/a:vmware:server:1.0 cpe:/a:vmware:server:1.0.1 cpe:/a:vmware:server:1.0.1_build_29996 cpe:/a:vmware:server:1.0.2 cpe:/a:vmware:server:1.0.3 cpe:/a:vmware:workstation:5.5 cpe:/a:vmware:workstation:5.5.0_build_13124 cpe:/a:vmware:workstation:5.5.1 cpe:/a:vmware:workstation:5.5.1_build_19175 cpe:/a:vmware:workstation:5.5.2 cpe:/a:vmware:workstation:5.5.3 cpe:/a:vmware:workstation:5.5.3_build_34685 cpe:/a:vmware:workstation:5.5.3_build_42958 cpe:/a:vmware:workstation:5.5.4 cpe:/a:vmware:workstation:5.5.4_build_44386 cpe:/a:vmware:workstation:6.0 cpe:/o:canonical:ubuntu_linux:6.06::~~lts~~~ cpe:/o:canonical:ubuntu_linux:6.10 cpe:/o:canonical:ubuntu_linux:7.04 cpe:/o:vmware:esx:2.0.2 cpe:/o:vmware:esx:2.1.3 cpe:/o:vmware:esx:2.5.3 cpe:/o:vmware:esx:2.5.4 cpe:/o:vmware:esx:3.0.0 cpe:/o:vmware:esx:3.0.1

CVE-2007-0061

2007-09-21T15:17:00.000-04:00

2019-07-16T08:20:24.747-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2019-07-02T08:56:22.300-04:00

ALLOWS_ADMIN_ACCESS

FULLDISC 20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player GENTOO GLSA-200711-23 ISS 20070919 VMWare DHCP Server Remote Code Execution Vulnerabilities BID 25729 SECTRACK 1018717 UBUNTU USN-543-1 CONFIRM http://www.vmware.com/support/ace/doc/releasenotes_ace.html CONFIRM http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html CONFIRM http://www.vmware.com/support/player/doc/releasenotes_player.html CONFIRM http://www.vmware.com/support/player2/doc/releasenotes_player2.html CONFIRM http://www.vmware.com/support/server/doc/releasenotes_server.html CONFIRM http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html CONFIRM http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html VUPEN ADV-2007-3229 XF dhcp-malformed-packet-bo(33101) The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed packet that triggers "corrupt stack memory."

cpe:/a:vmware:ace:1.0.3 cpe:/a:vmware:ace:2.0 cpe:/a:vmware:player:1.0.4 cpe:/a:vmware:player:2.0 cpe:/a:vmware:server:1.0.3 cpe:/a:vmware:vmware_workstation:6.0.1 cpe:/a:vmware:workstation:3.4 cpe:/a:vmware:workstation:4.0 cpe:/a:vmware:workstation:4.0.1 cpe:/a:vmware:workstation:4.0.2 cpe:/a:vmware:workstation:4.5.2 cpe:/a:vmware:workstation:5.5.0_build_13124 cpe:/a:vmware:workstation:5.5.1 cpe:/a:vmware:workstation:5.5.1_build_19175 cpe:/a:vmware:workstation:5.5.3_build_34685 cpe:/a:vmware:workstation:5.5.3_build_42958 cpe:/a:vmware:workstation:5.5.4 cpe:/a:vmware:workstation:5.5.4_build_44386 cpe:/a:vmware:workstation:6.0

CVE-2007-0062

2007-09-21T15:17:00.000-04:00

2018-10-16T12:30:57.820-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=227135 FULLDISC 20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player SUSE SUSE-SR:2009:005 GENTOO GLSA-200711-23 GENTOO GLSA-200808-05 CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0041 ISS 20070919 VMWare DHCP Server Remote Code Execution Vulnerabilities MANDRIVA MDVSA-2009:153 BUGTRAQ 20090312 rPSA-2009-0041-1 dhclient dhcp libdhcp4client BID 25729 SECTRACK 1018717 UBUNTU USN-543-1 CONFIRM http://www.vmware.com/support/ace/doc/releasenotes_ace.html CONFIRM http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html CONFIRM http://www.vmware.com/support/player/doc/releasenotes_player.html CONFIRM http://www.vmware.com/support/player2/doc/releasenotes_player2.html CONFIRM http://www.vmware.com/support/server/doc/releasenotes_server.html CONFIRM http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html CONFIRM http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html VUPEN ADV-2007-3229 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=339561 XF dhcp-param-overflow(33102) Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients.

CVE-2007-0063

2007-09-21T15:17:00.000-04:00

2019-07-16T08:20:32.293-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2019-07-02T08:57:10.770-04:00

ALLOWS_ADMIN_ACCESS

FULLDISC 20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player GENTOO GLSA-200711-23 ISS 20070919 VMWare DHCP Server Remote Code Execution Vulnerabilities BID 25729 SECTRACK 1018717 UBUNTU USN-543-1 CONFIRM http://www.vmware.com/support/ace/doc/releasenotes_ace.html CONFIRM http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html CONFIRM http://www.vmware.com/support/player/doc/releasenotes_player.html CONFIRM http://www.vmware.com/support/player2/doc/releasenotes_player2.html CONFIRM http://www.vmware.com/support/server/doc/releasenotes_server.html CONFIRM http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html CONFIRM http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html VUPEN ADV-2007-3229 XF dhcp-param-underflow(33103) Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed DHCP packet that triggers a stack-based buffer overflow.

cpe:/a:microsoft:windows_media_format_runtime:7.1 cpe:/a:microsoft:windows_media_format_runtime:9 cpe:/a:microsoft:windows_media_format_runtime:9.5 cpe:/a:microsoft:windows_media_format_runtime:9.5::x64 cpe:/a:microsoft:windows_media_format_runtime:11 cpe:/a:microsoft:windows_media_services:9.1

CVE-2007-0064

2007-12-11T19:46:00.000-05:00

2018-10-30T12:25:38.340-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CERT-VN VU#319385 HP SSRT071506 BID 26776 SECTRACK 1019074 CERT TA07-345A VUPEN ADV-2007-4183 MS MS07-068 Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.

cpe:/a:microsoft:office:::mac%2bos cpe:/a:microsoft:visual_basic:6.0:sp6

CVE-2007-0065

2008-02-12T18:00:00.000-05:00

2018-10-12T17:42:23.983-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

HP HPSBST02314 BID 27661 SECTRACK 1019373 CERT TA08-043C VUPEN ADV-2008-0510 MS MS08-008 Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request.

cpe:/a:microsoft:home_server cpe:/a:microsoft:small_business_server:2003::sp1 cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_2003_server::gold:itanium cpe:/o:microsoft:windows_2003_server::sp1 cpe:/o:microsoft:windows_2003_server::sp2 cpe:/o:microsoft:windows_2003_server::sp2:standard cpe:/o:microsoft:windows_server_2003 cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_xp:-:sp1:x64 cpe:/o:microsoft:windows_xp:-:sp2:x64

CVE-2007-0066

2008-01-08T15:46:00.000-05:00

2019-02-26T09:04:00.853-05:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov MISC http://blogs.technet.com/swi/archive/2008/01/08/ms08-001-part-2-the-case-of-the-moderate-icmp-mitigations.aspx SECTRACK 1019166 ISS 20070108 Multiple (3) Microsoft Windows TCP/IP Remote Code Execution and DoS Vulnerabilities HP SSRT080003 BID 27139 CERT TA08-008A VUPEN ADV-2008-0069 MS MS08-001 XF win-tcpip-icmp-dos(39254) The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability."

cpe:/a:ibm:lotus_domino_web_server:6.0 cpe:/a:ibm:lotus_domino_web_server:6.0.1 cpe:/a:ibm:lotus_domino_web_server:6.0.2 cpe:/a:ibm:lotus_domino_web_server:6.0.2_cf2 cpe:/a:ibm:lotus_domino_web_server:6.0.3 cpe:/a:ibm:lotus_domino_web_server:6.0.4 cpe:/a:ibm:lotus_domino_web_server:6.0.5 cpe:/a:ibm:lotus_domino_web_server:6.5.0 cpe:/a:ibm:lotus_domino_web_server:6.5.1 cpe:/a:ibm:lotus_domino_web_server:6.5.2 cpe:/a:ibm:lotus_domino_web_server:6.5.3 cpe:/a:ibm:lotus_domino_web_server:6.5.4 cpe:/a:ibm:lotus_domino_web_server:6.5.4::fp1 cpe:/a:ibm:lotus_domino_web_server:6.5.4::fp2 cpe:/a:ibm:lotus_domino_web_server:6.5.5 cpe:/a:ibm:lotus_domino_web_server:6.5.5::fp1 cpe:/a:ibm:lotus_domino_web_server:6.5.5::fp2 cpe:/a:ibm:lotus_domino_web_server:7.0 cpe:/a:ibm:lotus_domino_web_server:7.0.1 cpe:/a:ibm:lotus_domino_web_server:7.0.2 cpe:/a:ibm:lotus_domino_web_server:7.0.2::fp1

CVE-2007-0067

2007-06-06T06:30:00.000-04:00

2017-07-28T21:29:56.890-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 24307 SECTRACK 1018189 VUPEN ADV-2007-2046 CONFIRM http://www-1.ibm.com/support/docview.wss?uid=swg21257251 XF domino-unspecified-dos(34689) Unspecified vulnerability in the Lotus Domino Web Server 6.0, 6.5.x before 6.5.6, and 7.0.x before 7.0.3 allows remote attackers to cause a denial of service (daemon crash) via requests for URLs that reference certain files.

cpe:/a:ibm:lotus_domino:7.0 cpe:/a:ibm:lotus_domino:7.0.1 cpe:/a:ibm:lotus_domino:7.0.2

CVE-2007-0068

2007-06-06T17:30:00.000-04:00

2017-07-28T21:29:57.127-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

BID 24322 VUPEN ADV-2007-2063 CONFIRM http://www-1.ibm.com/support/docview.wss?uid=swg21258784 XF domino-signature-privilege-escalation(34718) IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature on a signed scheduled agent after the agent is modified, which allows remote authenticated users to gain privileges via a modified agent in a server database.

cpe:/o:microsoft:windows_2003_server cpe:/o:microsoft:windows_vista cpe:/o:microsoft:windows_xp::sp2

CVE-2007-0069

2008-01-08T15:46:00.000-05:00

2018-10-16T12:31:01.963-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov MISC http://blogs.technet.com/swi/archive/2008/01/08/ms08-001-part-3-the-case-of-the-igmp-network-critical.aspx SECTRACK 1019166 ISS 20070108 Multiple (3) Microsoft Windows TCP/IP Remote Code Execution and DoS Vulnerabilities CERT-VN VU#115083 HP SSRT080003 BID 27100 CERT TA08-008A VUPEN ADV-2008-0069 MS MS08-001 XF win-ssm-igmp-bo(39452) XF win-ssm-mld-bo(39453) Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability."

cpe:/a:adobe:flash_player:8.0 cpe:/a:adobe:flash_player:8.0.22.0 cpe:/a:adobe:flash_player:8.0.24.0 cpe:/a:adobe:flash_player:8.0.33.0 cpe:/a:adobe:flash_player:8.0.34.0 cpe:/a:adobe:flash_player:8.0.35.0 cpe:/a:adobe:flash_player:8.0.39.0 cpe:/a:adobe:flash_player:9.0 cpe:/a:adobe:flash_player:9.0.8.0 cpe:/a:adobe:flash_player:9.0.9.0 cpe:/a:adobe:flash_player:9.0.16 cpe:/a:adobe:flash_player:9.0.16.0 cpe:/a:adobe:flash_player:9.0.18d60 cpe:/a:adobe:flash_player:9.0.20 cpe:/a:adobe:flash_player:9.0.20.0 cpe:/a:adobe:flash_player:9.0.28 cpe:/a:adobe:flash_player:9.0.28.0 cpe:/a:adobe:flash_player:9.0.31 cpe:/a:adobe:flash_player:9.0.31.0 cpe:/a:adobe:flash_player:9.0.45.0 cpe:/a:adobe:flash_player:9.0.47.0 cpe:/a:adobe:flash_player:9.0.48.0 cpe:/a:adobe:flash_player:9.0.112.0 cpe:/a:adobe:flash_player:9.0.114.0 cpe:/a:adobe:flash_player:9.0.115.0

CVE-2007-0071

2008-04-09T17:05:00.000-04:00

2018-10-30T12:26:24.687-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2018-10-17T13:18:26.483-04:00

ALLOWS_ADMIN_ACCESS

MISC http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html MISC http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf MISC http://isc.sans.org/diary.html?storyid=4465 APPLE APPLE-SA-2008-05-28 SUSE SUSE-SA:2008:022 SUNALERT 238305 CONFIRM http://www.adobe.com/support/security/bulletins/apsb08-11.html GENTOO GLSA-200804-21 ISS 20080408 Adobe Flash Player Invalid Pointer Vulnerability CERT-VN VU#159523 CERT-VN VU#395473 MISC http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/ REDHAT RHSA-2008:0221 BID 28695 BID 29386 SECTRACK 1019811 CERT TA08-100A CERT TA08-149A CERT TA08-150A VUPEN ADV-2008-1662 VUPEN ADV-2008-1697 VUPEN ADV-2008-1724 MISC http://www.zerodayinitiative.com/advisories/ZDI-08-032/ XF multimedia-file-integer-overflow(37277) Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow.

cpe:/a:trend_micro:serverprotect:5.7 cpe:/a:trend_micro:serverprotect:5.58

CVE-2007-0072

2008-11-17T18:30:00.313-05:00

2017-07-28T21:29:57.280-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov MISC http://blogs.iss.net/archive/trend.html ISS 20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3) CERT-VN VU#768681 BID 32261 VUPEN ADV-2008-3127 XF application-rpc-read-bo(38760) Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a read operation over RPC.

cpe:/a:trend_micro:serverprotect:5.7 cpe:/a:trend_micro:serverprotect:5.58

CVE-2007-0073

2008-11-17T18:30:00.343-05:00

2017-07-28T21:29:57.327-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

MISC http://blogs.iss.net/archive/trend.html ISS 20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3) CERT-VN VU#768681 BID 32261 VUPEN ADV-2008-3127 XF application-rpc-file-read-bo(39050) Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a file read operation over RPC.

cpe:/a:trend_micro:serverprotect:5.7 cpe:/a:trend_micro:serverprotect:5.58

CVE-2007-0074

2008-11-17T18:30:00.360-05:00

2017-07-28T21:29:57.563-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov MISC http://blogs.iss.net/archive/trend.html ISS 20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3) CERT-VN VU#768681 BID 32261 VUPEN ADV-2008-3127 XF application-rpc-folder-read-bo(39051) Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a folder read operation over RPC.

cpe:/a:aspbb:aspbb

CVE-2007-0075

2007-01-05T06:28:00.000-05:00

2018-10-16T12:31:03.040-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

SREASON 2100 MISC http://www.aria-security.com/forum/showthread.php?t=82 BUGTRAQ 20070102 AspBB Remote Password Disclosure XF aspbb-aspbb-info-disclosure(31230) AspBB stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user passwords via a direct request for db/aspbb.mdb.

cpe:/a:2enetworx:openforum

CVE-2007-0076

2007-01-05T06:28:00.000-05:00

2018-10-16T12:31:03.400-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2099 MISC http://www.aria-security.com/forum/showthread.php?t=80 BUGTRAQ 20070102 Openforum Remote password Disclosure XF openforum-openforum-password-disclosure(31209) Openforum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user passwords via a direct request for openforum.mdb.

cpe:/a:lblog:lblog

CVE-2007-0077

2007-01-05T06:28:00.000-05:00

2018-10-16T12:31:03.777-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2098 SECTRACK 1017462 MISC http://www.aria-security.com/forum/showthread.php?t=79 BUGTRAQ 20070102 lblog Remote Password Disclosure XF lblog-newfolder-information-disclosure(31229) lblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for a certain file in admin/db/newFolder/.

cpe:/a:battleblog:battleblog:1.0d

CVE-2007-0078

2007-01-05T06:28:00.000-05:00

2018-10-16T12:31:04.197-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2097 MISC http://www.aria-security.com/forum/showthread.php?t=76 BUGTRAQ 20070101 BattleBlog Database Download Vulnerability XF battleblog-blankmaster-info-disclosure(31224) BattleBlog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/blankmaster.mdb.

cpe:/a:rblog:rblog

CVE-2007-0079

2007-01-05T06:28:00.000-05:00

2018-10-16T12:31:04.527-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

NONE

http://nvd.nist.gov SREASON 2102 MISC http://www.aria-security.com/forum/showthread.php?t=77 BUGTRAQ 20070101 rblog Database Download Vulnerability XF rblog-database-info-disclosure(31200) rblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) data/admin.mdb or (2) data/rblog.mdb.

cpe:/a:freeradius:freeradius:1.1.3

CVE-2007-0080

2007-01-05T06:28:00.000-05:00

2018-10-16T12:31:04.947-04:00

6.6

LOCAL

MEDIUM

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SECTRACK 1017463 VIM 20070211 FreeRADIUS dispute of CVE-2007-0080 MISC http://www.freeradius.org/security.html BUGTRAQ 20070102 FreeRadius 1.1.3 SMB_Handle_Type SMB_Connect_Server arbitrary code execution BUGTRAQ 20070103 Re: FreeRadius 1.1.3 SMB_Handle_Type SMB_Connect_Server arbitrary code execution XF freeradius-smbconnectserver-bo(31248) ** DISPUTED ** Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that exploitation is limited "only to local administrators who have write access to the server configuration files." CVE concurs with the dispute.

cpe:/a:sunbelt:sunbelt_kerio_personal_firewall:4.3.246 cpe:/a:sunbelt:sunbelt_kerio_personal_firewall:4.3.268

CVE-2007-0081

2007-01-05T06:28:00.000-05:00

2018-10-16T12:31:05.417-04:00

6.8

LOCAL

LOW

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SREASON 2095 MISC http://www.matousec.com/info/advisories/Kerio-Fake-iphlpapi-DLL-injection.php BUGTRAQ 20070101 Kerio Fake 'iphlpapi' DLL injection Vulnerability BID 21828 XF kerio-directory-code-execution(31232) Sunbelt Kerio Personal Firewall (SKPF) 4.3.268 and 4.3.246, and possibly other versions allows local users to provide a Trojan horse iphlpapi.dll to SKPF by placing it in the installation directory.

cpe:/a:imgallery:imgallery:2.4 cpe:/a:imgallery:imgallery:2.5

CVE-2007-0082

2007-01-05T06:28:00.000-05:00

2017-10-18T21:29:55.910-04:00

6.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 21827 VUPEN ADV-2007-0010 XF imgallery-start1-file-upload(31237) EXPLOIT-DB 3049 users_adm/start1.php in IMGallery 2.5 and earlier does not properly handle files with multiple extensions, which allows remote authenticated users to upload and execute arbitrary PHP scripts.

cpe:/a:nuked-klan:nuked-klan:1.2 cpe:/a:nuked-klan:nuked-klan:1.2_beta cpe:/a:nuked-klan:nuked-klan:1.3 cpe:/a:nuked-klan:nuked-klan:1.3_beta cpe:/a:nuked-klan:nuked-klan:1.4 cpe:/a:nuked-klan:nuked-klan:1.5 cpe:/a:nuked-klan:nuked-klan:1.5_sp2 cpe:/a:nuked-klan:nuked-klan:1.7

CVE-2007-0083

2007-01-05T06:28:00.000-05:00

2018-10-16T12:31:05.867-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2101 BUGTRAQ 20070102 Nuked Klan <= 1.7 Remote Cookie Disclosure Exploit BID 21850 Cross-site scripting (XSS) vulnerability in Nuked Klan 1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a getURL statement in a .swf file, as demonstrated by "Remote Cookie Disclosure." NOTE: it could be argued that this is an issue in Shockwave instead of Nuked Klan.

cpe:/a:microsoft:message_compiler:1.00.5239

CVE-2007-0084

2007-01-05T06:28:00.000-05:00

2018-10-16T12:31:06.133-04:00

6.6

LOCAL

MEDIUM

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

BUGTRAQ 20070102 Windows NT Message Compiler 1.00.5239 arbitrary code execution BUGTRAQ 20070103 Re: Windows NT Message Compiler 1.00.5239 arbitrary code execution ** DISPUTED ** Buffer overflow in the Windows NT Message Compiler (MC) 1.00.5239 on Microsoft Windows XP allows local users to gain privileges via a long MC-filename. NOTE: this issue has been disputed by a reliable third party who states that the compiler is not a privileged program, so privilege boundaries cannot be crossed.

cpe:/o:openbsd:openbsd:3.9 cpe:/o:openbsd:openbsd:4.0

CVE-2007-0085

2007-01-05T06:28:00.000-05:00

2017-07-28T21:29:58.077-04:00

6.0

LOCAL

HIGH

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

MISC http://ilja.netric.org/files/Unusual%20bugs%2023c3.pdf MLIST [openbsd-cvs] 20070103 Re: CVS: cvs.openbsd.org: src MLIST [openbsd-cvs] 20070103 CVS: cvs.openbsd.org: www SECTRACK 1017468 OPENBSD [4.0] 007: SECURITY FIX: January 3, 2007 OPENBSD [3.9] 017: SECURITY FIX: January 3, 2007 VUPEN ADV-2007-0043 XF openbsd-vga-privilege-escalation(31276) Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics driver for wscons in OpenBSD 3.9 and 4.0, when the kernel is compiled with the PCIAGP option and a non-AGP device is being used, allows local users to gain privileges via unspecified vectors, possibly related to agp_ioctl NULL pointer reference.

cpe:/a:apache:http_server

CVE-2007-0086

2007-01-05T13:28:00.000-05:00

2018-10-16T12:31:06.337-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov BUGTRAQ 20070103 a cheesy Apache / IIS DoS vuln (+a question) BUGTRAQ 20070104 Re: a cheesy Apache / IIS DoS vuln (+a question) BUGTRAQ 20070104 Re: a cheesy Apache / IIS DoS vuln (+a question) BUGTRAQ 20070104 Re: a cheesy Apache / IIS DoS vuln (+a question) ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.

cpe:/a:microsoft:internet_information_server

CVE-2007-0087

2007-01-05T13:28:00.000-05:00

2018-10-16T12:31:06.650-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov BUGTRAQ 20070103 a cheesy Apache / IIS DoS vuln (+a question) BUGTRAQ 20070104 Re: a cheesy Apache / IIS DoS vuln (+a question) BUGTRAQ 20070104 Re: a cheesy Apache / IIS DoS vuln (+a question) BUGTRAQ 20070104 Re: a cheesy Apache / IIS DoS vuln (+a question) ** DISPUTED ** Microsoft Internet Information Services (IIS), when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.

cpe:/a:openmedia:openmedia

CVE-2007-0088

2007-01-05T13:28:00.000-05:00

2018-10-16T12:31:06.947-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2103 BUGTRAQ 20070102 openmedia local read file XF openmedia-page-directory-traversal(31258) Multiple directory traversal vulnerabilities in openmedia allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) src parameter to page.php or the (2) format parameter to search_form.php.

cpe:/a:jgbbs:jgbbs:3.0:beta_1

CVE-2007-0089

2007-01-05T13:28:00.000-05:00

2018-10-16T12:31:07.307-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://aria-security.com/forum/showthread.php?t=87 BUGTRAQ 20070103 jgbbs XF jgbbs-bbs-information-disclosure(31274) jgbbs stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/bbs.mdb.

cpe:/a:fermentigrafici:wineglass

CVE-2007-0090

2007-01-05T13:28:00.000-05:00

2018-10-16T12:31:07.680-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://aria-security.com/forum/showthread.php?p=112 BUGTRAQ 20070103 WineGlass "data.mdb" Remote Password Disclosure VUPEN ADV-2007-0037 WineGlass stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/data.mdb.

cpe:/a:katy_whitton_web_development:newscmslite

CVE-2007-0091

2007-01-05T13:28:00.000-05:00

2017-10-18T21:29:55.973-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

XF newscmslite-newscms-info-disclosure(31222) EXPLOIT-DB 3066 newsCMSlite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for newsCMS.mdb.

cpe:/a:e-smart_cart:e-smart_cart:1.0

CVE-2007-0092

2007-01-05T13:28:00.000-05:00

2017-10-18T21:29:56.020-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0036 XF esmartcart-productdetail-sql-injection(31243) EXPLOIT-DB 3074 SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter.

cpe:/a:cms-center:simple_web_cms

CVE-2007-0093

2007-01-05T13:28:00.000-05:00

2018-10-16T12:31:07.993-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://acid-root.new.fr/poc/18070102.txt SREASON 2106 BUGTRAQ 20070103 Simple Web Content Management System SQL Injection Exploit VUPEN ADV-2007-0040 XF swcms-page-sql-injection(31261) EXPLOIT-DB 3076 SQL injection vulnerability in page.php in Simple Web Content Management System allows remote attackers to execute arbitrary SQL commands via the id parameter.

cpe:/a:sven_moderow:sven_moderow_guestbook:0.3a

CVE-2007-0094

2007-01-05T13:28:00.000-05:00

2018-10-16T12:31:08.510-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://aria-security.com/forum/showthread.php?p=114 SREASON 2105 BUGTRAQ 20070103 GuestBook v0.3a Remote Password Disclosure XF guestbook-gbook-information-disclosure(31245) Sven Moderow GuestBook 0.3a stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for (1) gbook97.mdb or (2) gbook.mdb in ~db/.

cpe:/a:phpmyadmin:phpmyadmin:2.9.1.1

CVE-2007-0095

2007-01-05T13:28:00.000-05:00

2017-07-28T21:29:58.420-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov FULLDISC 20070102 Inforamtion Discloser Vulnerabilities in "phpMyAdmin" FULLDISC 20070102 Inforamtion Discloser Vulnerabilities in phpMyAdmin SREASON 2104 MANDRIVA MDKSA-2007:199 XF phpmyadmin-darkblueorange-path-disclosure(31223) phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message.

cpe:/a:carbon_communities:carbon_communities:2.4d

CVE-2007-0096

2007-01-05T13:28:00.000-05:00

2017-07-28T21:29:58.483-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://aria-security.com/forum/showthread.php?t=85 VUPEN ADV-2007-0038 XF carboncommunities-carbon2-info-disclosure(31253) CarbonCommunities stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for DataBase/Carbon2.4d.mdb.

cpe:/a:conexware:powerarchiver_2006:9.64.02

CVE-2007-0097

2007-01-05T13:28:00.000-05:00

2018-10-16T12:31:08.823-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

FULLDISC 20070104 [vuln.sg] PowerArchiver PAISO.DLL Buffer Overflow MISC http://vuln.sg/powarc964-en.html BUGTRAQ 20070104 [vuln.sg] PowerArchiver PAISO.DLL Buffer Overflow Vulnerability VUPEN ADV-2007-0041 XF powerarchiver-loadtree-readheader-bo(31263) Multiple stack-based buffer overflows in the (1) LoadTree and (2) ReadHeader functions in PAISO.DLL 1.7.3.0 (1.7.3 beta) in ConeXware PowerArchiver 2006 9.64.02 allow user-assisted attackers to execute arbitrary code via a crafted ISO file containing a file within several nested directories.

cpe:/a:verliadmin:verliadmin:0.3

CVE-2007-0098

2007-01-05T13:28:00.000-05:00

2017-10-18T21:29:56.127-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0035 XF verliadmin-language-file-include(31241) EXPLOIT-DB 3075 Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.

cpe:/a:microsoft:internet_explorer:6 cpe:/a:microsoft:xml_core_services:3.0

CVE-2007-0099

2007-01-08T15:28:00.000-05:00

2018-10-16T12:31:09.353-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov FULLDISC 20070104 Re: Concurrency strikes MSIE (potentially exploitablemsxml3 flaws) MISC http://isc.sans.org/diary.php?storyid=2004 HP SSRT080164 FULLDISC 20070104 Concurrency strikes MSIE (potentially exploitable msxml3 flaws) SECTRACK 1021164 BUGTRAQ 20070104 Concurrency strikes MSIE (potentially exploitable msxml3 flaws) BUGTRAQ 20070104 RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws) BUGTRAQ 20070104 Re: RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws) BID 21872 CERT TA08-316A VUPEN ADV-2008-3111 MS MS08-069 Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerability."

cpe:/a:perforce:perforce_client

CVE-2007-0100

2007-01-08T15:28:00.000-05:00

2018-10-16T12:31:10.650-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

BUGTRAQ 20070104 Perforce client: security hole by design The Perforce client does not restrict the set of files that it overwrites upon receiving a request from the server, which allows remote attackers to overwrite arbitrary files by modifying the client config file on the server, or by operating a malicious server.

cpe:/a:spine:spine:1.1

CVE-2007-0101

2007-01-08T15:28:00.000-05:00

2017-07-28T21:29:58.627-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://spine.sourceforge.net/changelog.html VUPEN ADV-2007-0042 XF spine-unspecified-csrf(31283) Cross-site request forgery (CSRF) vulnerability in SPINE allows remote attackers to perform unauthorized actions as administrators via unspecified vectors. NOTE: some of these details are obtained from third party information.

cpe:/a:apple:preview:3.0.8

CVE-2007-0102

2007-01-08T19:28:00.000-05:00

2017-07-28T21:29:58.687-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://docs.info.apple.com/article.html?artnum=305214 MISC http://projects.info-pull.com/moab/MOAB-06-01-2007.html BID 21910 SECTRACK 1017749 CERT TA07-072A VUPEN ADV-2007-0930 XF multiple-vendor-pdf-code-execution(31364) The Adobe PDF specification 1.3, as implemented by Apple Mac OS X Preview, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.

cpe:/a:adobe:acrobat_reader:7.0.8

CVE-2007-0103

2007-01-08T19:28:00.000-05:00

2017-07-28T21:29:58.733-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://docs.info.apple.com/article.html?artnum=305214 MISC http://projects.info-pull.com/moab/MOAB-06-01-2007.html BID 21910 SECTRACK 1017749 CERT TA07-072A VUPEN ADV-2007-0930 XF multiple-vendor-pdf-code-execution(31364) The Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.

cpe:/a:xpdf:xpdf:3.0 cpe:/a:xpdf:xpdf:3.0.1 cpe:/a:xpdf:xpdf:3.0.1_pl1 cpe:/a:xpdf:xpdf:3.0.1_pl2 cpe:/a:xpdf:xpdf:3.0_pl2 cpe:/o:kde:kde:3.2 cpe:/o:kde:kde:3.2.1 cpe:/o:kde:kde:3.2.2 cpe:/o:kde:kde:3.2.3 cpe:/o:kde:kde:3.3 cpe:/o:kde:kde:3.3.1 cpe:/o:kde:kde:3.3.2 cpe:/o:kde:kde:3.4 cpe:/o:kde:kde:3.4.1 cpe:/o:kde:kde:3.4.2 cpe:/o:kde:kde:3.4.3 cpe:/o:kde:kde:3.5

CVE-2007-0104

2007-01-08T19:28:00.000-05:00

2018-10-16T12:31:10.853-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://docs.info.apple.com/article.html?artnum=305214 MISC http://projects.info-pull.com/moab/MOAB-06-01-2007.html SECTRACK 1017514 CONFIRM http://support.novell.com/techcenter/psdb/44d7cb9b669d58e0ce5aa5d7ab2c7c53.html CONFIRM http://www.kde.org/info/security/advisory-20070115-1.txt MANDRIVA MDKSA-2007:018 MANDRIVA MDKSA-2007:019 MANDRIVA MDKSA-2007:020 MANDRIVA MDKSA-2007:021 MANDRIVA MDKSA-2007:022 MANDRIVA MDKSA-2007:024 SUSE SUSE-SR:2007:003 BUGTRAQ 20070116 [KDE Security Advisory] kpdf/kword/xpdf denial of service vulnerability BID 21910 SECTRACK 1017749 UBUNTU USN-410-1 UBUNTU USN-410-2 CERT TA07-072A VUPEN ADV-2007-0203 VUPEN ADV-2007-0212 VUPEN ADV-2007-0244 VUPEN ADV-2007-0930 XF multiple-vendor-pdf-code-execution(31364) CONFIRM https://issues.rpath.com/browse/RPL-964 The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.

cpe:/a:cisco:secure_access_control_server:4.0.1

CVE-2007-0105

2007-01-08T19:28:00.000-05:00

2017-07-28T21:29:58.877-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SECTRACK 1017475 CISCO 20070105 Multiple Vulnerabilities in Cisco Secure Access Control Server CERT-VN VU#744249 BID 21900 VUPEN ADV-2007-0068 XF cisco-acs-csadmin-bo(31323) Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request.

cpe:/a:wordpress:wordpress:2.0 cpe:/a:wordpress:wordpress:2.0.1 cpe:/a:wordpress:wordpress:2.0.2 cpe:/a:wordpress:wordpress:2.0.3 cpe:/a:wordpress:wordpress:2.0.4 cpe:/a:wordpress:wordpress:2.0.5

CVE-2007-0106

2007-01-08T19:28:00.000-05:00

2018-10-16T12:31:13.900-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2114 CONFIRM http://wordpress.org/development/2007/01/wordpress-206/ MISC http://www.hardened-php.net/advisory_012007.140.html BUGTRAQ 20070105 Advisory 01/2007: WordPress CSRF Protection XSS Vulnerability BID 21893 VUPEN ADV-2007-0061 Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when WordPress generates a new link to verify the request.

cpe:/a:wordpress:wordpress:2.0.5

CVE-2007-0107

2007-01-08T19:28:00.000-05:00

2018-10-16T12:31:14.383-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

GENTOO GLSA-200701-10 SREASON 2112 CONFIRM http://wordpress.org/development/2007/01/wordpress-206/ MISC http://www.hardened-php.net/advisory_022007.141.html OPENPKG OpenPKG-SA-2007.005 BUGTRAQ 20070105 Advisory 02/2007: WordPress Trackback Charset Decoding SQL Injection Vulnerability BID 21907 VUPEN ADV-2007-0061 XF wordpress-mbstring-security-bypass(31297) WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7.

cpe:/a:novell:client:4.91:sp3

CVE-2007-0108

2007-01-08T19:28:00.000-05:00

2017-07-28T21:29:58.983-04:00

6.0

NETWORK

MEDIUM

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SECTRACK 1017471 CONFIRM http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974970.htm BID 21886 VUPEN ADV-2007-0064 XF novell-profile-security-bypass(31343) nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not delete user profiles during a Terminal Service or Citrix session, which allows remote authenticated users to invoke alternate user profiles.

cpe:/a:wordpress:wordpress:2.0 cpe:/a:wordpress:wordpress:2.0.1 cpe:/a:wordpress:wordpress:2.0.2 cpe:/a:wordpress:wordpress:2.0.3 cpe:/a:wordpress:wordpress:2.0.4 cpe:/a:wordpress:wordpress:2.0.5

CVE-2007-0109

2007-01-08T19:28:00.000-05:00

2018-10-16T12:31:15.150-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov GENTOO GLSA-200701-10 SREASON 2113 BUGTRAQ 20070103 Wordpress <= 2.x dictionnary & Bruteforce attack VUPEN ADV-2007-0062 XF wordpress-account-enumeration(31262) wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks.

cpe:/a:novell:access_manager_identity_server:3

CVE-2007-0110

2007-01-08T19:28:00.000-05:00

2011-03-07T21:48:48.813-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SECTRACK 1017483 BID 21921 VUPEN ADV-2007-0073 CONFIRM https://secure-support.novell.com/KanisaPlatform/Publishing/143/3615264_f.SAL_Public.html Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell Access Manager Identity Server before 3.0.0-1013 allows remote attackers to inject arbitrary web script or HTML via the IssueInstant parameter, which is not properly handled in the resulting error message.

cpe:/a:resco:photo_viewer:4.11 cpe:/a:resco:photo_viewer:6.11

CVE-2007-0111

2007-01-08T19:28:00.000-05:00

2011-03-07T21:48:48.953-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://blog.trendmicro.com/flaw-in-3rd-party-app-weakens-windows-mobile/ BID 21920 MISC http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+Resco+Photo+Viewer+6%2E01+Enabling+Code+Injection+and+Arbitrary+Code+Execution VUPEN ADV-2007-0072 Buffer overflow in Resco Photo Viewer for PocketPC 4.11 and 6.01, as used in mobile devices running Windows Mobile 5.0, 2003, and 2003SE, allows remote attackers to execute arbitrary code via a crafted PNG image.

cpe:/a:createauction:createauction

CVE-2007-0112

2007-01-08T19:28:00.000-05:00

2018-10-16T12:31:15.680-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2111 BUGTRAQ 20070107 createauction (cats.asp) Remote SQL Injection Vulnerability BID 21929 XF createauction-cats-sql-injection(31356) SQL injection vulnerability in cats.asp in createauction allows remote attackers to execute arbitrary SQL commands via the catid parameter.

cpe:/a:packeteer:packetwise:8.0

CVE-2007-0113

2007-01-08T19:28:00.000-05:00

2018-10-16T12:31:16.040-04:00

6.8

NETWORK

LOW

SINGLE_INSTANCE

NONE

COMPLETE

http://nvd.nist.gov SREASON 2110 BUGTRAQ 20070108 Packeteer PacketWise CLI overflow DoS BID 21933 VUPEN ADV-2007-0098 XF packetshaper-argument-dos(31357) Buffer overflow in Packeteer PacketShaper PacketWise 8.x allows remote authenticated users to cause a denial of service (reset or reboot) via (1) a long traffic class argument to the "class show" command or (2) a long POLICY parameter value in clastree.htm.

cpe:/a:sun:java_system_content_delivery_server:5.0::solaris cpe:/a:sun:java_system_content_delivery_server:5.0:pu1:solaris

CVE-2007-0114

2007-01-08T19:28:00.000-05:00

2017-07-28T21:29:59.203-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SUNALERT 102764 BID 21908 VUPEN ADV-2007-0076 XF sun-java-cds-info-disclosure(31345) Sun Java System Content Delivery Server 5.0 and 5.0 PU1 allows remote attackers to obtain sensitive information regarding "content details" via unspecified vectors.

cpe:/a:coppermine:coppermine_photo_gallery:1.4.10

CVE-2007-0115

2007-01-08T21:28:00.000-05:00

2018-10-16T12:31:16.527-04:00

6.0

NETWORK

MEDIUM

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://acid-root.new.fr/poc/19070104.txt SREASON 2107 VIM 20070108 Source verify - Coppermine Photo Gallery <= 1.4.10 code injection BUGTRAQ 20070105 Coppermine Photo Gallery <= 1.4.10 SQL Injection Exploit Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php.

cpe:/a:digger_solutions:intranet_open_source

CVE-2007-0116

2007-01-08T21:28:00.000-05:00

2018-10-16T12:31:16.917-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2109 BUGTRAQ 20070105 Intranet Open Source Remote Password Disclosure "intranet.mdb" XF intranet-intranet-info-disclosure(31308) Digger Solutions Intranet Open Source (IOS) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for data/intranet.mdb.

cpe:/o:apple:mac_os_x:10.4.8 cpe:/o:apple:mac_os_x_server:10.4.8

CVE-2007-0117

2007-01-08T21:28:00.000-05:00

2011-03-07T21:48:49.470-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

MISC http://projects.info-pull.com/moab/MOAB-05-01-2007.html BID 21899 VUPEN ADV-2007-0074 DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation.

cpe:/a:edittag:edittag:1.2

CVE-2007-0118

2007-01-08T21:28:00.000-05:00

2018-10-16T12:31:17.243-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BUGTRAQ 20070105 Multiple bugs in EditTag BID 21890 Multiple absolute path traversal vulnerabilities in EditTag 1.2 allow remote attackers to read arbitrary files via an absolute pathname in the file parameter to (1) edittag.cgi, (2) edittag.pl, (3) edittag_mp.cgi, or (4) edittag_mp.pl.

cpe:/a:edittag:edittag:1.2

CVE-2007-0119

2007-01-08T21:28:00.000-05:00

2018-10-16T12:31:17.667-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070105 Multiple bugs in EditTag BID 21891 Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 allow remote attackers to inject arbitrary web script or HTML via the plain parameter to (1) mkpw_mp.cgi, (2) mkpw.pl, or (3) mkpw.cgi.

cpe:/a:acunetix:web_vulnerability_scanner:4.0_build_2006-07-17

CVE-2007-0120

2007-01-08T21:28:00.000-05:00

2017-10-18T21:29:56.177-04:00

1.9

LOCAL

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BID 21898 XF acunetix-content-length-dos(31279) EXPLOIT-DB 3078 Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and earlier allows remote attackers to cause a denial of service (application crash) via multiple HTTP requests containing invalid Content-Length values.

cpe:/a:michael_romedahl:ri_blog:1.3

CVE-2007-0121

2007-01-08T21:28:00.000-05:00

2018-10-16T12:31:18.040-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2108 BUGTRAQ 20070105 RI Blog 1.3 XSS Vuln. BID 21880 VUPEN ADV-2007-0083 XF riblog-search-xss(31317) Cross-site scripting (XSS) vulnerability in search.asp in RI Blog 1.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

cpe:/a:coppermine:coppermine_photo_gallery:1.0 cpe:/a:coppermine:coppermine_photo_gallery:1.0_rc3 cpe:/a:coppermine:coppermine_photo_gallery:1.1 cpe:/a:coppermine:coppermine_photo_gallery:1.1_beta_2 cpe:/a:coppermine:coppermine_photo_gallery:1.2 cpe:/a:coppermine:coppermine_photo_gallery:1.2.1 cpe:/a:coppermine:coppermine_photo_gallery:1.2.2_b cpe:/a:coppermine:coppermine_photo_gallery:1.2.2_b-nuke cpe:/a:coppermine:coppermine_photo_gallery:1.3 cpe:/a:coppermine:coppermine_photo_gallery:1.3.2 cpe:/a:coppermine:coppermine_photo_gallery:1.3.3 cpe:/a:coppermine:coppermine_photo_gallery:1.3.4 cpe:/a:coppermine:coppermine_photo_gallery:1.4.4 cpe:/a:coppermine:coppermine_photo_gallery:1.4.9 cpe:/a:coppermine:coppermine_photo_gallery:1.4.10

CVE-2007-0122

2007-01-08T21:28:00.000-05:00

2018-10-16T12:31:18.510-04:00

6.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://acid-root.new.fr/poc/19070104.txt SREASON 2123 BUGTRAQ 20070105 Coppermine Photo Gallery <= 1.4.10 SQL Injection Exploit BID 21894 EXPLOIT-DB 3085 Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions.

cpe:/a:uber_uploader:uber_uploader:4.2

CVE-2007-0123

2007-01-08T21:28:00.000-05:00

2018-10-16T12:31:19.260-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2116 BUGTRAQ 20070105 Uber Uploader 4.2 Arbitrary File Upload Vulnerability XF uber-uploader-phtml-file-upload(31303) Unrestricted file upload vulnerability in Uber Uploader 4.2 allows remote attackers to upload and execute arbitrary PHP scripts by naming them with a .phtml extension, which bypasses the .php extension check but is still executable on some server configurations.

cpe:/a:drupal:drupal:4.6 cpe:/a:drupal:drupal:4.6.0 cpe:/a:drupal:drupal:4.6.1 cpe:/a:drupal:drupal:4.6.2 cpe:/a:drupal:drupal:4.6.3 cpe:/a:drupal:drupal:4.6.4 cpe:/a:drupal:drupal:4.6.5 cpe:/a:drupal:drupal:4.6.6 cpe:/a:drupal:drupal:4.6.7 cpe:/a:drupal:drupal:4.6.8 cpe:/a:drupal:drupal:4.6.9 cpe:/a:drupal:drupal:4.6.10 cpe:/a:drupal:drupal:4.7 cpe:/a:drupal:drupal:4.7.0 cpe:/a:drupal:drupal:4.7.1 cpe:/a:drupal:drupal:4.7.2 cpe:/a:drupal:drupal:4.7.3 cpe:/a:drupal:drupal:4.7.4

CVE-2007-0124

2007-01-08T21:28:00.000-05:00

2018-10-16T12:31:19.510-04:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://drupal.org/node/104238 SREASON 2115 BUGTRAQ 20070105 [DRUPAL-SA-2007-002] Drupal 4.6.11 / 4.7.5 fixes DoS issue BID 21895 VUPEN ADV-2007-0051 Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors for pages that exist.

cpe:/a:kaspersky_lab:kaspersky_antivirus_engine:5.5.10::linux cpe:/a:kaspersky_lab:kaspersky_antivirus_engine:6.0::windows

CVE-2007-0125

2007-01-08T21:28:00.000-05:00

2017-07-28T21:29:59.467-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov IDEFENSE 20070105 Kaspersky Antivirus Scan Engine PE File Denial of Service Vulnerability SECTRACK 1017476 BID 21901 VUPEN ADV-2007-0067 XF kaspersky-antivirus-pe-dos(31315) Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux before 20070102 enter an infinite loop upon encountering an invalid NumberOfRvaAndSizes value in the Optional Windows Header of a portable executable (PE) file, which allows remote attackers to cause a denial of service (CPU consumption) by scanning a crafted PE file.

cpe:/a:opera:opera_browser:9.02

CVE-2007-0126

2007-01-08T21:28:00.000-05:00

2017-07-28T21:29:59.517-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov IDEFENSE 20070105 Opera Software Opera Web Browser JPG Image DHT Marker Heap Corruption Vulnerability SUSE SUSE-SA:2007:009 SECTRACK 1017473 GENTOO GLSA-200701-08 CONFIRM http://www.opera.com/support/search/supsearch.dml?index=852 VUPEN ADV-2007-0060 XF opera-jpeg-dht-bo(31305) Heap-based buffer overflow in Opera 9.02 allows remote attackers to execute arbitrary code via a JPEG file with an invalid number of index bytes in the Define Huffman Table (DHT) marker.

cpe:/a:opera:opera_browser:1.00 cpe:/a:opera:opera_browser:2.00 cpe:/a:opera:opera_browser:2.10 cpe:/a:opera:opera_browser:2.10:beta1 cpe:/a:opera:opera_browser:2.10:beta2 cpe:/a:opera:opera_browser:2.10:beta3 cpe:/a:opera:opera_browser:2.12 cpe:/a:opera:opera_browser:3.00 cpe:/a:opera:opera_browser:3.00:beta cpe:/a:opera:opera_browser:3.10 cpe:/a:opera:opera_browser:3.21 cpe:/a:opera:opera_browser:3.50 cpe:/a:opera:opera_browser:3.51 cpe:/a:opera:opera_browser:3.60 cpe:/a:opera:opera_browser:3.61 cpe:/a:opera:opera_browser:3.62 cpe:/a:opera:opera_browser:3.62:beta cpe:/a:opera:opera_browser:4.00 cpe:/a:opera:opera_browser:4.00:beta2 cpe:/a:opera:opera_browser:4.00:beta3 cpe:/a:opera:opera_browser:4.00:beta4 cpe:/a:opera:opera_browser:4.00:beta5 cpe:/a:opera:opera_browser:4.00:beta6 cpe:/a:opera:opera_browser:4.01 cpe:/a:opera:opera_browser:4.02 cpe:/a:opera:opera_browser:5.0 cpe:/a:opera:opera_browser:5.0:beta2 cpe:/a:opera:opera_browser:5.0:beta3 cpe:/a:opera:opera_browser:5.0:beta4 cpe:/a:opera:opera_browser:5.0:beta5 cpe:/a:opera:opera_browser:5.0:beta6 cpe:/a:opera:opera_browser:5.0:beta7 cpe:/a:opera:opera_browser:5.0:beta8 cpe:/a:opera:opera_browser:5.02 cpe:/a:opera:opera_browser:5.10 cpe:/a:opera:opera_browser:5.11 cpe:/a:opera:opera_browser:5.12 cpe:/a:opera:opera_browser:6.0 cpe:/a:opera:opera_browser:6.0:beta1 cpe:/a:opera:opera_browser:6.0:beta2 cpe:/a:opera:opera_browser:6.0:tp1 cpe:/a:opera:opera_browser:6.0:tp2 cpe:/a:opera:opera_browser:6.0:tp3 cpe:/a:opera:opera_browser:6.1 cpe:/a:opera:opera_browser:6.1:beta1 cpe:/a:opera:opera_browser:6.02 cpe:/a:opera:opera_browser:6.03 cpe:/a:opera:opera_browser:6.04 cpe:/a:opera:opera_browser:6.05 cpe:/a:opera:opera_browser:6.06 cpe:/a:opera:opera_browser:6.11 cpe:/a:opera:opera_browser:6.12 cpe:/a:opera:opera_browser:7.0 cpe:/a:opera:opera_browser:7.0:beta1 cpe:/a:opera:opera_browser:7.0:beta1_v2 cpe:/a:opera:opera_browser:7.0:beta2 cpe:/a:opera:opera_browser:7.01 cpe:/a:opera:opera_browser:7.02 cpe:/a:opera:opera_browser:7.03 cpe:/a:opera:opera_browser:7.10 cpe:/a:opera:opera_browser:7.10:beta1 cpe:/a:opera:opera_browser:7.11 cpe:/a:opera:opera_browser:7.11:beta2 cpe:/a:opera:opera_browser:7.20 cpe:/a:opera:opera_browser:7.20:beta7 cpe:/a:opera:opera_browser:7.21 cpe:/a:opera:opera_browser:7.22 cpe:/a:opera:opera_browser:7.23 cpe:/a:opera:opera_browser:7.50 cpe:/a:opera:opera_browser:7.50:beta1 cpe:/a:opera:opera_browser:7.51 cpe:/a:opera:opera_browser:7.52 cpe:/a:opera:opera_browser:7.53 cpe:/a:opera:opera_browser:7.54 cpe:/a:opera:opera_browser:7.54:update1 cpe:/a:opera:opera_browser:7.54:update2 cpe:/a:opera:opera_browser:7.60 cpe:/a:opera:opera_browser:8.0 cpe:/a:opera:opera_browser:8.0:beta1 cpe:/a:opera:opera_browser:8.0:beta2 cpe:/a:opera:opera_browser:8.0:beta3 cpe:/a:opera:opera_browser:8.01 cpe:/a:opera:opera_browser:8.02 cpe:/a:opera:opera_browser:8.50 cpe:/a:opera:opera_browser:8.51 cpe:/a:opera:opera_browser:8.52 cpe:/a:opera:opera_browser:8.53 cpe:/a:opera:opera_browser:8.54 cpe:/a:opera:opera_browser:9.0 cpe:/a:opera:opera_browser:9.0:beta1 cpe:/a:opera:opera_browser:9.0:beta2 cpe:/a:opera:opera_browser:9.01 cpe:/a:opera:opera_browser:9.02

CVE-2007-0127

2007-01-08T21:28:00.000-05:00

2011-03-07T00:00:00.000-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2007-01-09T17:35:00.000-05:00

IDEFENSE 20070105 Opera Software Opera Web Browser createSVGTransformFromMatrix Object Typecasting Vulnerability SUSE SUSE-SA:2007:009 SECTRACK 1017473 GENTOO GLSA-200701-08 CONFIRM http://www.opera.com/support/search/supsearch.dml?index=851 VUPEN ADV-2007-0060 The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be referenced during the virtual function call.

cpe:/a:digiappz:digirez:3.4

CVE-2007-0128

2007-01-09T06:28:00.000-05:00

2017-10-18T21:29:56.300-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0053 EXPLOIT-DB 3081 SQL injection vulnerability in info_book.asp in Digirez 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the book_id parameter.

cpe:/a:locazo:locazolist_classifieds:2.01a_beta5

CVE-2007-0129

2007-01-09T06:28:00.000-05:00

2017-10-18T21:29:56.363-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0052 XF locazolist-main-sql-injection(31242) EXPLOIT-DB 3073 SQL injection vulnerability in main.asp in LocazoList 2.01a beta5 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatID parameter.

cpe:/a:igeneric:ig_calendar:1.0

CVE-2007-0130

2007-01-09T06:28:00.000-05:00

2018-10-16T12:31:19.963-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070105 IG Calendar SQL Injection BID 21873 VUPEN ADV-2007-0055 XF igcalendar-user-sql-injection(31300) EXPLOIT-DB 3082 SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

cpe:/a:jamwiki:jamwiki:0.4.3

CVE-2007-0131

2007-01-09T06:28:00.000-05:00

2017-07-28T21:29:59.673-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

CONFIRM http://sourceforge.net/project/shownotes.php?group_id=171441&release_id=475663 BID 21879 XF jamwiki-permission-security-bypass(31296) JAMWiki before 0.5.0 does not properly check permissions during moves of "read-only or admin-only topics," which allows remote attackers to make unauthorized changes to the wiki.

cpe:/a:igeneric:ig_shop:1.4

CVE-2007-0132

2007-01-09T06:28:00.000-05:00

2018-10-16T12:31:20.477-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt BUGTRAQ 20070105 IG Shop remote code execution BID 21874 VUPEN ADV-2007-0056 XF igshop-compareproduct-sql-injection(31299) EXPLOIT-DB 3083 SQL injection vulnerability in compare_product.php in iGeneric iG Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.

cpe:/a:igeneric:ig_shop:1.4

CVE-2007-0133

2007-01-09T06:28:00.000-05:00

2011-03-07T21:48:51.220-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0056 Multiple SQL injection vulnerabilities in display_review.php in iGeneric iG Shop 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) user_login_cookie parameter.

cpe:/a:igeneric:ig_shop:1.0 cpe:/a:igeneric:ig_shop:1.4

CVE-2007-0134

2007-01-09T06:28:00.000-05:00

2018-10-16T12:31:21.057-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt VIM 20070618 Dup: iG Shop 1.4 (page.php) Remote Code Execution Exploit BUGTRAQ 20070105 IG Shop remote code execution BUGTRAQ 20070619 iG Shop 1.4 eval Inclusion Vulnerability BID 21875 VUPEN ADV-2007-0056 XF igshop-cartpage-code-execution(31301) EXPLOIT-DB 3083 Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1.4.

cpe:/a:aratix:aratix:0.2.2_beta_11

CVE-2007-0135

2007-01-09T06:28:00.000-05:00

2017-10-18T21:29:56.597-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://securityreason.com/exploitalert/1698 VIM 20070108 Source verify of Aratix RFI VUPEN ADV-2007-0054 XF aratix-init-file-include(31282) EXPLOIT-DB 3079 PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix 0.2.2 beta 11 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the current_path parameter.

cpe:/a:drupal:drupal:- cpe:/a:drupal:drupal:4.0.0 cpe:/a:drupal:drupal:4.1.0 cpe:/a:drupal:drupal:4.2.0 cpe:/a:drupal:drupal:4.3.0 cpe:/a:drupal:drupal:4.3.1 cpe:/a:drupal:drupal:4.3.2 cpe:/a:drupal:drupal:4.4.0 cpe:/a:drupal:drupal:4.4.1 cpe:/a:drupal:drupal:4.4.2 cpe:/a:drupal:drupal:4.4.3 cpe:/a:drupal:drupal:4.5.0 cpe:/a:drupal:drupal:4.5.1 cpe:/a:drupal:drupal:4.5.2 cpe:/a:drupal:drupal:4.5.3 cpe:/a:drupal:drupal:4.5.4 cpe:/a:drupal:drupal:4.5.5 cpe:/a:drupal:drupal:4.5.6 cpe:/a:drupal:drupal:4.5.7 cpe:/a:drupal:drupal:4.5.8 cpe:/a:drupal:drupal:4.6.0 cpe:/a:drupal:drupal:4.6.1 cpe:/a:drupal:drupal:4.6.2 cpe:/a:drupal:drupal:4.6.3 cpe:/a:drupal:drupal:4.6.4 cpe:/a:drupal:drupal:4.6.5 cpe:/a:drupal:drupal:4.6.6 cpe:/a:drupal:drupal:4.6.7 cpe:/a:drupal:drupal:4.6.8 cpe:/a:drupal:drupal:4.6.9 cpe:/a:drupal:drupal:4.6.10 cpe:/a:drupal:drupal:4.7.0 cpe:/a:drupal:drupal:4.7.0:beta3 cpe:/a:drupal:drupal:4.7.0:beta4 cpe:/a:drupal:drupal:4.7.0:beta5 cpe:/a:drupal:drupal:4.7.0:beta6 cpe:/a:drupal:drupal:4.7.0:rc1 cpe:/a:drupal:drupal:4.7.0:rc2 cpe:/a:drupal:drupal:4.7.0:rc3 cpe:/a:drupal:drupal:4.7.0:rc4 cpe:/a:drupal:drupal:4.7.1 cpe:/a:drupal:drupal:4.7.2 cpe:/a:drupal:drupal:4.7.3 cpe:/a:drupal:drupal:4.7.4

CVE-2007-0136

2007-01-09T06:28:00.000-05:00

2018-10-17T14:39:23.577-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2018-10-17T13:41:49.437-04:00

ALLOWS_OTHER_ACCESS

CONFIRM http://drupal.org/files/sa-2007-001/advisory.txt CONFIRM http://drupal.org/node/104233 FULLDISC 20070105 [DRUPAL-SA-2007-001] Drupal 4.6.11 / 4.7.5 fixes BUGTRAQ 20070105 [DRUPAL-SA-2007-001] Drupal 4.6.11 / 4.7.5 fixes XSS issue VUPEN ADV-2007-0050 XF drupal-core-unspecified-xss(31311) Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in the (1) filter and (2) system modules. NOTE: some of these details are obtained from third party information.

cpe:/a:serendipitynz:serene_bach:1.18r cpe:/a:serendipitynz:serene_bach:2.05r cpe:/a:serendipitynz:serene_bach:2.08d cpe:/a:serendipitynz:serene_bach_sb:1.13d

CVE-2007-0137

2007-01-09T06:28:00.000-05:00

2017-07-28T21:29:59.983-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

JVN JVN#65500885 SECTRACK 1017470 CONFIRM http://serenebach.net/log/sb119R.html CONFIRM http://serenebach.net/log/sb209R.html BID 21884 VUPEN ADV-2007-0065 XF serene-bach-unspecified-xss(31302) Cross-site scripting (XSS) vulnerability in SimpleBoxes/SerendipityNZ Serene Bach 2.05R and earlier, and 2.08D and earlier in the 2.08 series; and (2) sb 1.13D and earlier, and 1.18R and earlier in the 1.18 series; allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

cpe:/a:fersch:formbankserver:1.9

CVE-2007-0138

2007-01-09T06:28:00.000-05:00

2017-07-28T21:30:00.047-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov XF formbankserver-formbank-dos(31216) formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with (1) AbfrageForm or (2) EingabeForm, allows remote attackers to cause a denial of service (daemon crash) via multiple requests containing many /../ sequences in the Name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:hp:openvms:7.3::openvms_vax cpe:/a:hp:openvms:7.3_2::openvms_vax

CVE-2007-0139

2007-01-09T06:28:00.000-05:00

2011-03-07T21:48:51.847-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

CONFIRM ftp://ftp.itrc.hp.com/openvms_patches/alpha/V7.3-2/AXP_DNVOSIMUP01-V0703-2.txt CONFIRM ftp://ftp.itrc.hp.com/openvms_patches/vax/V7.3/VAX_DNVOSIMUP01-V0703.txt VUPEN ADV-2007-0063 Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in DECnet/OSI 7.3-2 for OpenVMS ALPHA, and the DECnet-Plus 7.3 feature in DECnet/OSI 7.3 for OpenVMS VAX, allows attackers to obtain "unintended privileged access to data and system resources" via unspecified vectors, related to (1) [SYSEXE]CTF$UI.EXE, (2) [SYSMSG]CTF$MESSAGES.EXE, (3) [SYSHLP]CTF$HELP.HLB, and (4) [SYSMGR]CTF$STARTUP.COM.

cpe:/a:kolayindir_download:kolayindir_download

CVE-2007-0140

2007-01-09T13:28:00.000-05:00

2018-10-16T12:31:22.587-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2122 BUGTRAQ 20070105 Kolayindir Download (Yenionline) (tr) SqL Injection Vuln. BID 21889 VUPEN ADV-2007-0079 XF kolayindirdownload-down-sql-injection(31320) SQL injection vulnerability in down.asp in Kolayindir Download (Yenionline) allows remote attackers to execute arbitrary SQL commands via the id parameter.

cpe:/a:yet_another_link_directory:yet_another_link_directory:1.0

CVE-2007-0141

2007-01-09T13:28:00.000-05:00

2018-10-16T12:31:23.087-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2121 BUGTRAQ 20070106 Yet Another Link Directory v1.0 BID 21904 VUPEN ADV-2007-0082 XF yald-yald-xss(31322) Cross-site scripting (XSS) vulnerability in yald.php in Yet Another Link Directory 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.

cpe:/a:shopstorenow:e-commerce_shopping_cart

CVE-2007-0142

2007-01-09T13:28:00.000-05:00

2018-10-16T12:31:23.587-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2120 BUGTRAQ 20070106 shopstorenow (orange.asp) sql injection BID 21905 VUPEN ADV-2007-0080 XF shopstorenow-orange-sql-injection(31313) SQL injection vulnerability in orange.asp in ShopStoreNow E-commerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the CatID parameter.

cpe:/a:nune:news_script:2.0_pre2

CVE-2007-0143

2007-01-09T13:28:00.000-05:00

2018-10-16T12:31:24.087-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070107 NUNE News Script (custom_admin_path) Remote File Include Vulnerablity VUPEN ADV-2007-0078 XF nune-index-archives-file-include(31312) EXPLOIT-DB 3090 Multiple PHP remote file inclusion vulnerabilities in NUNE News Script 2.0pre2 allow remote attackers to execute arbitrary PHP code via a URL in the custom_admin_path parameter to (1) index.php or (2) archives.php.

cpe:/a:digitizing_quote_and_ordering_system:digitizing_quote_and_ordering_system:1.0

CVE-2007-0144

2007-01-09T13:28:00.000-05:00

2017-10-18T21:29:56.707-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

XF qos-search-xss(31321) EXPLOIT-DB 3089 Cross-site scripting (XSS) vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the ordernum parameter.

cpe:/a:bingo_news:bingo_news:3.01

CVE-2007-0145

2007-01-09T13:28:00.000-05:00

2017-07-28T21:30:00.390-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SECTRACK 1017477 XF bingo-bnsmrep1-file-include(31328) PHP remote file inclusion vulnerability in bn_smrep1.php in BinGoPHP News (BP News) 3.01 allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter, a different vector than CVE-2006-4648 and CVE-2006-4649.

cpe:/a:fix_and_chips_computer_services:fix_and_chips_cms:1.0

CVE-2007-0146

2007-01-09T13:28:00.000-05:00

2018-10-16T12:31:24.603-04:00

6.0

NETWORK

MEDIUM

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2119 BUGTRAQ 20070106 Fix & Chips CMS v1.0 VUPEN ADV-2007-0081 XF fixandchips-multiple-scripts-xss(31319) Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) delete-announce.php; the (2) Announcement form field in (b) staff.php; the (3) Client Name, (4) Business Name, (5) Street, (6) Address 2, (7) Town/City, (8) Postcode, (9) Phone Number, (10) Email Address and (11) Website Address form fields in (c) new_customer.php; and unspecified fields in (d) search.php and (e) client-results.php.

cpe:/a:cuyahoga:cuyahoga:1.0.0

CVE-2007-0147

2007-01-09T13:28:00.000-05:00

2008-11-15T01:38:59.813-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://cuyahoga.svn.sourceforge.net/viewvc/cuyahoga?view=rev&revision=551 CONFIRM http://www.cuyahoga-project.org/10/section.aspx/61 BID 21927 Cuyahoga before 1.0.1 installs the FCKEditor component with an incorrect deny statement in a Web.config file, which allows remote attackers to upload files when these privileges were intended only for the Administrator and Editor roles.

cpe:/a:omnigroup:omniweb:5.5.1

CVE-2007-0148

2007-01-09T13:28:00.000-05:00

2018-10-16T12:31:25.260-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

CONFIRM http://blog.omnigroup.com/2007/01/07/omniweb-552-now-available-and-more-secure/ MISC http://projects.info-pull.com/moab/MOAB-07-01-2007.html MISC http://www.digitalmunition.com/DMA%5B2007-0107a%5D.txt CONFIRM http://www.omnigroup.com/applications/omniweb/releasenotes/ BUGTRAQ 20070111 DMA[2007-0107a] OmniWeb Javascript Alert Format String Vulnerabiity and DMA[2007-0109a] Apple Finder Disk Image Volume Label Overflow / DoS BID 21911 VUPEN ADV-2007-0075 XF omniweb-alert-format-string(31324) EXPLOIT-DB 3098 Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the Javascript alert function.

cpe:/a:ememberspro:ememberspro:1.0

CVE-2007-0149

2007-01-09T13:28:00.000-05:00

2018-10-16T12:31:25.993-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2118 BUGTRAQ 20070107 EMembersPro 1.0 Remote Password Disclosure Vulnerability XF ememberspro-users-info-disclosure(31329) EMembersPro 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for users.mdb.

cpe:/a:dayfox_designs:dayfox_blog:4

CVE-2007-0150

2007-01-09T13:28:00.000-05:00

2018-10-16T12:31:26.307-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2117 BUGTRAQ 20070107 Dayfox Blog Remote File Include Vuln. VUPEN ADV-2007-0099 XF dayfoxblog-index-file-include(31336) Multiple PHP remote file inclusion vulnerabilities in index.php in Dayfox Blog allow remote attackers to execute arbitrary PHP code via a URL in the (1) page, (2) subject, and (3) q parameters.

cpe:/a:mitisoft:mitisoft

CVE-2007-0151

2007-01-09T13:28:00.000-05:00

2018-10-16T12:31:26.697-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070107 MitiSoft Remote Password Disclosure Vulnerability XF mitisoft-mitisoft-info-disclosure(31341) MitiSoft stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for access_MS/MitiSoft.mdb.

cpe:/a:ohhasp:ohhasp

CVE-2007-0152

2007-01-09T13:28:00.000-05:00

2018-10-16T12:31:26.930-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://64.38.62.221/ariasecucom/forum/showthread.php?t=89 BUGTRAQ 20070106 ohhASP Remote Password Disclosure XF ohhasp-ohhasp-info-disclosure(31342) OhhASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/OhhASP.mdb.

cpe:/a:adam_jarret:ajlogin:3.5

CVE-2007-0153

2007-01-09T13:28:00.000-05:00

2018-10-16T12:31:27.227-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2127 BUGTRAQ 20070107 AJLogin v3.5 Remote Password Disclosure Vulnerability XF ajlogin-ajlogin-info-disclosure(31331) AJLogin 3.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for ajlogin.mdb.

cpe:/a:webulas:webulas

CVE-2007-0154

2007-01-09T13:28:00.000-05:00

2018-10-16T12:31:27.510-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2126 BUGTRAQ 20070107 Webulas Remote Password Disclosure Vulnerability XF webulas-db-info-disclosure(31338) Webulas stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/db.mdb.

cpe:/a:harikaonline:harikaonline:2.0

CVE-2007-0155

2007-01-09T13:28:00.000-05:00

2018-10-16T12:31:27.807-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2125 BUGTRAQ 20070107 HarikaOnline v2.0 Remote Password Disclosure Vulnerability XF harikaonline-harikaonline-info-disclosure(31339) HarikaOnline 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for harikaonline.mdb.

cpe:/a:m-core:m-core

CVE-2007-0156

2007-01-09T13:28:00.000-05:00

2018-10-16T12:31:28.103-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2124 BUGTRAQ 20070107 M-Core Remote Password Disclosure Vulnerability XF mcore-uyelik-info-disclosure(31340) M-Core stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to db/uyelik.mdb.

cpe:/a:neon:neon:0.26.0 cpe:/a:neon:neon:0.26.1 cpe:/a:neon:neon:0.26.2

CVE-2007-0157

2007-01-09T16:28:00.000-05:00

2011-03-07T21:48:53.487-05:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi/neon26_0.26.2-3_to_mdx1.diff?bug=404723;msg=5;att=2 CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=404723 MLIST [cadaver] 20070123 release 0.22.5 MLIST [neon] 20070107 invalid chars cause sigserv in neon MANDRIVA MDKSA-2007:013 SUSE SUSE-SR:2007:002 BID 22035 VUPEN ADV-2007-0172 VUPEN ADV-2007-0362 CONFIRM http://www.webdav.org/cadaver/ Array index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service (crash) via a URI with non-ASCII characters, which triggers a buffer under-read due to a type conversion error that generates a negative index.

cpe:/a:geoip:geoip:1.4.0

CVE-2007-0159

2007-01-09T19:28:00.000-05:00

2017-07-28T21:30:01.000-04:00

6.4

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov MISC http://arctic.org/~dean/patches/GeoIP-1.4.0-update-vulnerability.patch MANDRIVA MDKSA-2007:004 BID 21959 UBUNTU USN-412-1 VUPEN ADV-2007-0117 VUPEN ADV-2007-0118 XF geoip-geoipupdate-directory-traversal(31383) Directory traversal vulnerability in the GeoIP_update_database_general function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious update servers (possibly only update.maxmind.com) to overwrite arbitrary files via a .. (dot dot) in the database filename, which is returned by a request to app/update_getfilename.

cpe:/a:centericq:centericq:4.9.11 cpe:/a:centericq:centericq:4.9.12 cpe:/a:centericq:centericq:4.12 cpe:/a:centericq:centericq:4.13 cpe:/a:centericq:centericq:4.14 cpe:/a:centericq:centericq:4.20 cpe:/a:centericq:centericq:4.21

CVE-2007-0160

2007-01-09T19:28:00.000-05:00

2018-10-16T12:31:28.383-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2129 SECTRACK 1017545 GENTOO GLSA-200701-20 BUGTRAQ 20070107 TK53 Advisory #1: CenterICQ remote DoS buffer overflow in LiveJournal handling BID 21932 VUPEN ADV-2007-0306 XF centericq-username-bo(31330) Stack-based buffer overflow in the LiveJournal support (hooks/ljhook.cc) in CenterICQ 4.9.11 through 4.21.0, when using unofficial LiveJournal servers, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by adding the victim as a friend and using long (1) username and (2) real name strings.

cpe:/a:hp:pml_driver_hpz12 cpe:/h:hp:color_laserjet_4650 cpe:/h:hp:officejet_4100 cpe:/h:hp:officejet_5100 cpe:/h:hp:officejet_5500 cpe:/h:hp:officejet_6100 cpe:/h:hp:officejet_7100 cpe:/h:hp:officejet_d cpe:/h:hp:officejet_g cpe:/h:hp:officejet_k cpe:/h:hp:psc_1100 cpe:/h:hp:psc_1200 cpe:/h:hp:psc_1210_all-in-one cpe:/h:hp:psc_1300 cpe:/h:hp:psc_2100 cpe:/h:hp:psc_2200 cpe:/h:hp:psc_2400_photosmart_all-in-one cpe:/h:hp:psc_2500_photosmart_all-in-one cpe:/h:hp:psc_2510_photosmart cpe:/h:hp:psc_700 cpe:/h:hp:psc_900

CVE-2007-0161

2007-01-09T19:28:00.000-05:00

2018-10-16T12:31:28.963-04:00

4.1

LOCAL

MEDIUM

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

SREASON 2128 MISC http://secway.org/advisory/AD20070108.txt BUGTRAQ 20070108 HP Multiple Products PML Driver Local Privilege Escalation BID 21935 VUPEN ADV-2007-0094 XF pml-driver-config-privilege-escalation(31361) The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument, a related issue to CVE-2006-0023.

cpe:/a:unsanity:application_enhancer:2.0.2

CVE-2007-0162

2007-01-09T19:28:00.000-05:00

2017-07-28T21:30:01.187-04:00

6.8

LOCAL

LOW

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

MISC http://landonf.bikemonkey.org/code/macosx/MOAB_Day_8.20070109002959.18582.timor.html MISC http://projects.info-pull.com/moab/MOAB-08-01-2007.html BID 21951 XF ape-appenhancer-privilege-escalation(31349) Unsanity Application Enhancer (APE) 2.0.2 installs with insecure permissions for the (1) ApplicationEnhancer binary and the (2) /Library/Frameworks/ApplicationEnhancer.framework directory, which allows local users to gain privileges by modifying or replacing the binary or library files.

cpe:/a:securekit:securekit_steganography:1.7.1 cpe:/a:securekit:securekit_steganography:1.8

CVE-2007-0163

2007-01-09T19:28:00.000-05:00

2018-10-16T12:31:29.540-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

NONE

http://nvd.nist.gov MISC http://homepage.mac.com/adonismac/Advisory/steg/steganography.html BUGTRAQ 20070106 Cracking Steganography Application in less than ONE minute BUGTRAQ 20070107 A Major design Bug in Steganography 1.7.x, 1.8 (latest) (Updated Version) XF steganography-password-security-bypass(31378) SecureKit Steganography 1.7.1 and 1.8 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing the last 20 bytes of the JPEG image with alternate password information.

cpe:/a:camouflage:camouflage:1.2.1

CVE-2007-0164

2007-01-09T19:28:00.000-05:00

2018-10-16T12:31:29.993-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

NONE

http://nvd.nist.gov MISC http://homepage.mac.com/adonismac/Advisory/steg/camouflage.html BUGTRAQ 20070107 A Major design Bug in Camouflage 1.2.1 (latest) BID 21939 XF camouflage-password-security-bypass(31375) Camouflage 1.2.1 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing certain bytes of the JPEG image with alternate password information.

cpe:/o:sun:solaris:9.0::sparc cpe:/o:sun:sunos:5.8

CVE-2007-0165

2007-01-09T19:28:00.000-05:00

2018-10-30T12:25:37.090-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov SECTRACK 1017492 SUNALERT 102713 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-036.htm BID 21964 VUPEN ADV-2007-0110 XF solaris-rpcbind-dos(31366) Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind.

cpe:/o:freebsd:freebsd:5.3 cpe:/o:freebsd:freebsd:6.2

CVE-2007-0166

2007-01-11T15:28:00.000-05:00

2008-11-15T01:39:05.280-05:00

6.6

LOCAL

MEDIUM

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

FREEBSD FreeBSD-SA-07:01 SECTRACK 1017505 BID 22011 The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathnames when writing to /var/log/console.log during a jail start-up, or when file systems are mounted or unmounted, which allows local root users to overwrite arbitrary files, or mount/unmount files, outside of the jail via a symlink attack.

cpe:/a:ppc_search_engine:ppc_search_engine:1.61 cpe:/a:wgs-ppc:wgs-ppc

CVE-2007-0167

2007-01-09T20:28:00.000-05:00

2018-10-16T12:31:30.417-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2134 VIM 20070109 "ppc engine" is WGS-PPC BUGTRAQ 20070109 ppc engine Multiple file inclusion BID 21961 XF demoppc-inc-file-include(31355) EXPLOIT-DB 3104 Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search Engine), as distributed with other aliases, allow remote attackers to execute arbitrary PHP code via a URL in the INC parameter in (1) config_admin.php, (2) config_main.php, (3) config_member.php, and (4) mysql_config.php in config/; (5) admin.php and (6) index.php in admini/; (7) paypalipn/ipnprocess.php; (8) index.php and (9) registration.php in members/; and (10) ppcbannerclick.php and (11) ppcclick.php in main/.

cpe:/a:ca:brightstor_arcserve_backup:9.01 cpe:/a:ca:brightstor_arcserve_backup:11.5 cpe:/a:ca:brightstor_enterprise_backup:10.5 cpe:/a:ca:business_protection_suite:2.0

CVE-2007-0168

2007-01-11T17:28:00.000-05:00

2018-10-16T12:31:31.603-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://livesploit.com/advisories/LS-20061002.pdf SECTRACK 1017506 CONFIRM http://supportconnectw.ca.com/public/storage/infodocs/babimpsec-notice.asp CERT-VN VU#662400 MISC http://www.lssec.com/advisories/LS-20061002.pdf BUGTRAQ 20070111 ZDI-07-002: CA BrightStor ARCserve Backup Tape Engine Code Execution Vulnerability BUGTRAQ 20070111 LS-20061002 - Computer Associates BrightStor ARCserve Backup Remote Code Execution Vulnerability BUGTRAQ 20070111 [CAID 34955, 34956, 34957, 34958, 34959, 34817]: CA BrightStor ARCserve Backup Multiple Overflow Vulnerabilities BID 22010 VUPEN ADV-2007-0154 MISC http://www.zerodayinitiative.com/advisories/ZDI-07-002.html XF brightstor-tapeengine-code-execution(31442) The Tape Engine service in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allows remote attackers to execute arbitrary code via certain data in opnum 0xBF in an RPC request, which is directly executed.

cpe:/a:ca:brightstor_arcserve_backup:9.01 cpe:/a:ca:brightstor_arcserve_backup:11.5 cpe:/a:ca:brightstor_enterprise_backup:10.5 cpe:/a:ca:business_protection_suite:2.0

CVE-2007-0169

2007-01-11T17:28:00.000-05:00

2018-10-16T12:31:32.573-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

IDEFENSE 20070111 Computer Associates BrightStor ARCserve Backup RPC Engine PFC Request Buffer Overflow Vulnerability SECTRACK 1017506 CONFIRM http://supportconnectw.ca.com/public/storage/infodocs/babimpsec-notice.asp CERT-VN VU#151032 CERT-VN VU#180336 BUGTRAQ 20070111 ZDI-07-004: CA BrightStor ARCserve Backup Tape Engine Buffer Overflow Vulnerability BUGTRAQ 20070111 ZDI-07-003: CA BrightStor ARCserve Backup Message Engine Buffer Overflow Vulnerability BUGTRAQ 20070111 [CAID 34955, 34956, 34957, 34958, 34959, 34817]: CA BrightStor ARCserve Backup Multiple Overflow Vulnerabilities BID 22005 BID 22006 VUPEN ADV-2007-0154 MISC http://www.zerodayinitiative.com/advisories/ZDI-07-003.html MISC http://www.zerodayinitiative.com/advisories/ZDI-07-004.html XF brightstor-tapeengine-rpc-bo(31433) XF brightstor-messageengine-rpc-bo(31443) Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allow remote attackers to execute arbitrary code via RPC requests with crafted data for opnums (1) 0x2F and (2) 0x75 in the (a) Message Engine RPC service, or opnum (3) 0xCF in the Tape Engine service.

cpe:/a:allmyphp:allmyvisitors:0.4.0

CVE-2007-0170

2007-01-10T19:28:00.000-05:00

2017-10-18T21:29:56.877-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 21917 XF allmyvisitors-index-file-include(31316) EXPLOIT-DB 3097 PHP remote file inclusion vulnerability in index.php in AllMyVisitors 0.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the AMV_serverpath parameter.

cpe:/a:voice_of_web:allmylinks:0.4 cpe:/a:voice_of_web:allmylinks:0.4.1 cpe:/a:voice_of_web:allmylinks:0.4.3 cpe:/a:voice_of_web:allmylinks:0.4.4 cpe:/a:voice_of_web:allmylinks:0.4.9 cpe:/a:voice_of_web:allmylinks:0.5

CVE-2007-0171

2007-01-10T19:28:00.000-05:00

2017-10-18T21:29:56.940-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 21916 XF allmylinks-index-file-include(31314) EXPLOIT-DB 3096 PHP remote file inclusion vulnerability in index.php in AllMyLinks 0.5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AML_opensite parameter.

cpe:/a:voice_of_web:allmyguests:0.3

CVE-2007-0172

2007-01-10T19:28:00.000-05:00

2017-10-18T21:29:56.987-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 21918 XF allmyguests-multiple-file-include(31310) EXPLOIT-DB 3093 Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the AMG_serverpath parameter to (1) comments.php and (2) signin.php; and possibly via a URL in unspecified parameters to (3) include/submit.inc.php, (4) admin/index.php, (5) include/cm_submit.inc.php, and (6) index.php.

cpe:/a:l2j:statistik_script:0.09

CVE-2007-0173

2007-01-10T19:28:00.000-05:00

2017-10-18T21:29:57.050-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 21914 VUPEN ADV-2007-0097 XF l2j-statistik-index-file-include(31309) EXPLOIT-DB 3091 Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.

cpe:/a:sina:sina:uc2006

CVE-2007-0174

2007-01-10T19:28:00.000-05:00

2018-10-16T12:31:33.853-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

FULLDISC 20070109 Sina UC ActiveX Multiple Remote Stack Overflow MISC http://secway.org/advisory/ad20070109EN.txt BUGTRAQ 20070109 Sina UC ActiveX Multiple Remote Stack Overflow BID 21958 VUPEN ADV-2007-0093 XF sinauc-sendchatroomopt-bo(31348) XF sinauc-senddownloadfile-bo(31350) Multiple stack-based multiple buffer overflows in the BRWOSSRE2UC.dll ActiveX Control in Sina UC2006 and earlier allow remote attackers to execute arbitrary code via a long string in the (1) astrVerion parameter to the SendChatRoomOpt function or (2) the astrDownDir parameter to the SendDownLoadFile function.

cpe:/a:b2evolution:b2evolution:1.8.2 cpe:/a:b2evolution:b2evolution:1.8.5 cpe:/a:b2evolution:b2evolution:1.8.6

CVE-2007-0175

2007-01-10T19:28:00.000-05:00

2017-07-28T21:30:01.923-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=410568 DEBIAN DSA-1568 BID 21953 XF b2evolution-login-xss(31368) Cross-site scripting (XSS) vulnerability in htsrv/login.php in b2evolution 1.8.6 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes in the redirect_to parameter.

cpe:/a:gforge:gforge:4.5.11

CVE-2007-0176

2007-01-10T19:28:00.000-05:00

2018-10-16T12:31:34.527-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov SREASON 2133 SECTRACK 1017482 DEBIAN DSA-1475 MISC http://www.eazel.es/advisory006-gforge-cross-site-scripting-vulnerability.html BUGTRAQ 20070108 GForge Cross Site Scripting vulnerability BID 21946 XF gforge-words-xss(31346) Cross-site scripting (XSS) vulnerability in search/advanced_search.php in GForge 4.5.11 allows remote attackers to inject arbitrary web script or HTML via the words parameter.

cpe:/a:mediawiki:mediawiki:1.6.0 cpe:/a:mediawiki:mediawiki:1.6.1 cpe:/a:mediawiki:mediawiki:1.6.2 cpe:/a:mediawiki:mediawiki:1.6.3 cpe:/a:mediawiki:mediawiki:1.6.4 cpe:/a:mediawiki:mediawiki:1.6.5 cpe:/a:mediawiki:mediawiki:1.6.5_r14348 cpe:/a:mediawiki:mediawiki:1.6.6 cpe:/a:mediawiki:mediawiki:1.7.0 cpe:/a:mediawiki:mediawiki:1.7.1 cpe:/a:mediawiki:mediawiki:1.8.0 cpe:/a:mediawiki:mediawiki:1.8.1 cpe:/a:mediawiki:mediawiki:1.8.2 cpe:/a:mediawiki:mediawiki:1.9.0:rc2

CVE-2007-0177

2007-01-10T19:28:00.000-05:00

2017-07-28T21:30:02.047-04:00

5.1

NETWORK

HIGH

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

CONFIRM http://sourceforge.net/forum/forum.php?forum_id=652721 CONFIRM http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_9/phase3/RELEASE-NOTES CONFIRM http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_7_2/phase3/RELEASE-NOTES CONFIRM http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_8_3/phase3/RELEASE-NOTES CONFIRM http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0RC2/phase3/RELEASE-NOTES SUSE SUSE-SR:2007:006 BID 21956 VUPEN ADV-2007-0096 XF mediawiki-ajax-unspecified-xss(31359) Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

cpe:/a:php_web_scripts:easy_banner_pro:2.8

CVE-2007-0178

2007-01-10T19:28:00.000-05:00

2018-10-16T12:31:35.167-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2132 BUGTRAQ 20070108 Easy Banner Pro Version 2.8 <= Remote File Inclusion BID 21967 XF easybannerpro-info-file-include(31374) PHP remote file inclusion vulnerability in info.php in Easy Banner Pro 2.8 allows remote attackers to execute arbitrary PHP code via a URL in the s[phppath] parameter.

cpe:/a:phpkit:phpkit:1.6.1:rc2

CVE-2007-0179

2007-01-10T19:28:00.000-05:00

2018-10-16T12:31:35.510-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2131 BUGTRAQ 20070109 Re: PHPKit 1.6.1 RC2 (faq/faq.php) Remote SQL Injection Exploit BID 21962 SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the subid parameter.

cpe:/a:ef_software:ef_commander:5.75

CVE-2007-0180

2007-01-10T19:28:00.000-05:00

2017-07-28T21:30:02.157-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

MISC http://vuln.sg/efcommander575-en.html BID 21969 XF efcommander-iso-pathname-bo(31365) Stack-based buffer overflow in EF Commander 5.75 allows user-assisted attackers to execute arbitrary code via a crafted ISO file containing a file within several nested directories, which produces a large filename that triggers the overflow.

cpe:/a:scriptaty:magic_photo_storage_website

CVE-2007-0181

2007-01-10T21:28:00.000-05:00

2018-10-16T12:31:35.743-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070108 magic photo storage website Remote File Inclusion BID 21965 VUPEN ADV-2007-0136 XF magicphotostorage-config-file-include(31347) EXPLOIT-DB 3100 PHP remote file inclusion vulnerability in include/common_function.php in magic photo storage website allows remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter.

cpe:/a:scriptaty:magic_photo_storage_website

CVE-2007-0182

2007-01-12T00:04:00.000-05:00

2018-10-16T12:31:36.227-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2136 BUGTRAQ 20070108 magic photo storage website Multiple Remote File Inclusion BID 21965 Multiple PHP remote file inclusion vulnerabilities in magic photo storage website allow remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter to (1) admin_password.php, (2) add_welcome_text.php, (3) admin_email.php, (4) add_templates.php, (5) admin_paypal_email.php, (6) approve_member.php, (7) delete_member.php, (8) index.php, (9) list_members.php, (10) membership_pricing.php, or (11) send_email.php in admin/; (12) config.php or (13) db_config.php in include/; or (14) add_category.php, (15) add_news.php, (16) change_catalog_template.php, (17) couple_milestone.php, (18) couple_profile.php, (19) delete_category.php, (20) index.php, (21) login.php, (22) logout.php, (23) register.php, (24) upload_photo.php, (25) user_catelog_password.php, (26) user_email.php, (27) user_extend.php, or (28) user_membership_password.php in user/. NOTE: the include/common_function.php vector is already covered by another candidate from the same date.

cpe:/a:sun:iplanet_web_server:4.1 cpe:/a:sun:iplanet_web_server:4.1:sp1 cpe:/a:sun:iplanet_web_server:4.1:sp1:enterprise cpe:/a:sun:iplanet_web_server:4.1:sp10 cpe:/a:sun:iplanet_web_server:4.1:sp10:enterprise cpe:/a:sun:iplanet_web_server:4.1:sp2 cpe:/a:sun:iplanet_web_server:4.1:sp2:enterprise cpe:/a:sun:iplanet_web_server:4.1:sp3 cpe:/a:sun:iplanet_web_server:4.1:sp3:enterprise cpe:/a:sun:iplanet_web_server:4.1:sp4 cpe:/a:sun:iplanet_web_server:4.1:sp4:enterprise cpe:/a:sun:iplanet_web_server:4.1:sp5 cpe:/a:sun:iplanet_web_server:4.1:sp5:enterprise cpe:/a:sun:iplanet_web_server:4.1:sp6 cpe:/a:sun:iplanet_web_server:4.1:sp6:enterprise cpe:/a:sun:iplanet_web_server:4.1:sp7 cpe:/a:sun:iplanet_web_server:4.1:sp7:enterprise cpe:/a:sun:iplanet_web_server:4.1:sp8 cpe:/a:sun:iplanet_web_server:4.1:sp8:enterprise cpe:/a:sun:iplanet_web_server:4.1:sp9 cpe:/a:sun:iplanet_web_server:4.1:sp9:enterprise

CVE-2007-0183

2007-01-12T00:04:00.000-05:00

2008-11-15T01:39:12.127-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 21977 Cross-site scripting (XSS) vulnerability in /search in iPlanet Web Server 4.x allows remote attackers to inject arbitrary web script or HTML via the NS-max-records parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:getahead:direct_web_remoting:0.7 cpe:/a:getahead:direct_web_remoting:0.8 cpe:/a:getahead:direct_web_remoting:0.9 cpe:/a:getahead:direct_web_remoting:1.0 cpe:/a:getahead:direct_web_remoting:1.1.0 cpe:/a:getahead:direct_web_remoting:1.1.1 cpe:/a:getahead:direct_web_remoting:1.1.2 cpe:/a:getahead:direct_web_remoting:1.1.3

CVE-2007-0184

2007-01-12T00:04:00.000-05:00

2017-07-28T21:30:02.280-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

CONFIRM http://getahead.ltd.uk/dwr/changelog SUSE SUSE-SR:2009:004 BID 21955 VUPEN ADV-2007-0095 XF dwr-include-exclude-security-bypass(31377) Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks.

CVE-2007-0185

2007-01-12T00:04:00.000-05:00

2017-07-28T21:30:02.327-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://getahead.ltd.uk/dwr/changelog SUSE SUSE-SR:2009:004 BID 21955 VUPEN ADV-2007-0095 XF dwr-servlet-engine-dos(31382) Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to cause a denial of service (memory exhaustion and servlet outage) via unknown vectors related to a large number of calls in a batch.

cpe:/h:f5:firepass_4100

CVE-2007-0186

2007-01-12T00:04:00.000-05:00

2008-09-05T17:17:14.010-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-12T14:53:00.000-05:00

ALLOWS_OTHER_ACCESS

FULLDISC 20070106 NNL-Labs & MNIN - F5 FirePass Security Advisory MISC http://www.mnin.org/advisories/2007_firepass.pdf BID 21957 CONFIRM https://tech.f5.com/home/solutions/sol6919.html CONFIRM https://tech.f5.com/home/solutions/sol6920.html Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN allow remote attackers to inject arbitrary web script or HTML via (1) the xcho parameter to my.logon.php3; the (2) topblue, (3) midblue, (4) wtopblue, and certain other Custom color parameters in a per action to vdesk/admincon/index.php; the (5) h321, (6) h311, (7) h312, and certain other Front Door custom text color parameters in a per action to vdesk/admincon/index.php; the (8) ua parameter in a bro action to vdesk/admincon/index.php; the (9) app_param and (10) app_name parameters to webyfiers.php; (11) double eval functions; (12) JavaScript contained in an <FP_DO_NOT_TOUCH> element; and (13) the vhost parameter to my.activation.php. NOTE: it is possible that this candidate overlaps CVE-2006-3550.

cpe:/h:f5:firepass:5.4 cpe:/h:f5:firepass:5.4.1 cpe:/h:f5:firepass:5.4.2 cpe:/h:f5:firepass:5.4.3 cpe:/h:f5:firepass:5.4.4 cpe:/h:f5:firepass:5.4.5 cpe:/h:f5:firepass:5.4.6 cpe:/h:f5:firepass:5.4.7 cpe:/h:f5:firepass:5.4.8 cpe:/h:f5:firepass:5.4.9 cpe:/h:f5:firepass:5.5 cpe:/h:f5:firepass:5.5.1 cpe:/h:f5:firepass:5.5.2 cpe:/h:f5:firepass:6.0

CVE-2007-0187

2007-01-12T00:04:00.000-05:00

2008-11-15T01:39:13.937-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

FULLDISC 20070105 NNL-Labs & MNIN - F5 FirePass Security Advisory FULLDISC 20070106 NNL-Labs & MNIN - F5 FirePass Security Advisory MISC http://www.mnin.org/advisories/2007_firepass.pdf BID 21957 CONFIRM https://tech.f5.com/home/solutions/sol6916.html CONFIRM https://tech.f5.com/home/solutions/sol6924.html F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via (1) a trailing null byte, (2) multiple leading slashes, (3) Unicode encoding, (4) URL-encoded directory traversal or same-directory characters, or (5) upper case letters in the domain name.

CVE-2007-0188

2007-01-12T00:04:00.000-05:00

2008-09-05T17:17:14.387-04:00

6.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

2007-01-12T15:25:00.000-05:00

ALLOWS_OTHER_ACCESS

FULLDISC 20070106 NNL-Labs & MNIN - F5 FirePass Security Advisory MISC http://www.mnin.org/advisories/2007_firepass.pdf BID 21957 CONFIRM https://tech.f5.com/home/solutions/sol6922.html F5 FirePass 5.4 through 5.5.1 does not properly enforce host access restrictions when a client uses a single integer (dword) representation of an IP address ("dotless IP address"), which allows remote authenticated users to connect to the FirePass administrator console and certain other network resources.

cpe:/a:geobb:georgian_bulletin_board

CVE-2007-0189

2007-01-12T00:04:00.000-05:00

2018-10-16T12:31:38.620-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2141 VIM 20070110 Dispute of GeoBB RFI BUGTRAQ 20070107 GeoBB Georgian Bulletin Board Remote File Include Vuln. XF geobb-index-file-include(31335) ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in GeoBB Georgian Bulletin Board allows remote attackers to execute arbitrary PHP code via a URL in the action parameter. NOTE: CVE disputes this issue, since GeoBB 1.0 sets $action to a whitelisted value.

cpe:/a:edit-x:ecommerce

CVE-2007-0190

2007-01-12T00:04:00.000-05:00

2018-10-16T12:31:38.977-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2139 BUGTRAQ 20070109 edit-x ecommerce (include_dir) Remote File include BID 21974 VUPEN ADV-2007-0158 XF editx-editaddress-file-include(31384) PHP remote file inclusion vulnerability in edit_address.php in edit-x ecommerce allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter.

cpe:/a:mkportal:mkportal

CVE-2007-0191

2007-01-12T00:04:00.000-05:00

2018-10-16T12:31:39.370-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2138 BUGTRAQ 20070105 MkPortal Admin XSS XF mkportal-admin-xss(31304) Cross-site scripting (XSS) vulnerability in admin.php in MKPortal allows remote attackers to inject arbitrary web script or HTML via two certain fields in a contents_new operation in the ad_contents section.

cpe:/a:mkportal:mkportal

CVE-2007-0192

2007-01-12T00:04:00.000-05:00

2018-10-16T12:31:39.683-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2137 BUGTRAQ 20070104 MkPortal "All Guests are Admin" Exploit Cross-site request forgery (CSRF) vulnerability in the save_main operation in the ad_perms section in admin.php in MKPortal allows remote attackers to modify privilege settings, as demonstrated using a getURL of admin.php within a .swf file contained in an IFRAME element, aka the "All Guests are Admin" attack.

cpe:/a:fon:la_fonera

CVE-2007-0193

2007-01-12T00:04:00.000-05:00

2018-10-16T12:31:39.900-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070106 FON Router allows anonymous web access BUGTRAQ 20070107 Re: FON Router allows anonymous web access FON La Fonera routers do not properly limit DNS service access by unauthenticated clients, which allows remote attackers to tunnel traffic via DNS requests for hosts that should not be accessible before authentication.

cpe:/a:mkportal:mkportal:1.1_rc1

CVE-2007-0194

2007-01-12T00:04:00.000-05:00

2018-10-16T12:31:40.137-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

NONE

http://nvd.nist.gov BUGTRAQ 20070108 MKPortal Full Path Disclosure XF mkportal-admin-path-disclosure(31333) admin.php in MKPortal M1.1 RC1 allows remote attackers to obtain sensitive information via a direct request with an MK_PATH=1 query string, which reveals the path in an error message.

CVE-2007-0195

2007-01-12T00:04:00.000-05:00

2008-09-05T17:17:15.480-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2007-01-12T15:52:00.000-05:00

FULLDISC 20070106 NNL-Labs & MNIN - F5 FirePass Security Advisory MISC http://www.mnin.org/advisories/2007_firepass.pdf BID 21957 CONFIRM https://tech.f5.com/home/solutions/sol6923.html my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to confirm the validity of an LDAP account.

cpe:/a:motionborg:motionborg_web_real_estate:2.1

CVE-2007-0196

2007-01-11T06:28:00.000-05:00

2017-10-18T21:29:57.207-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 21963 VUPEN ADV-2007-0143 XF motionborg-admincheckuser-sql-injection(31360) EXPLOIT-DB 3105 SQL injection vulnerability in admin_check_user.asp in Motionborg Web Real Estate 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (txtUserName parameter) and possibly other parameters. NOTE: some details were obtained from third party information.

cpe:/o:apple:mac_os_x:10.4.6 cpe:/o:apple:mac_os_x:10.4.8

CVE-2007-0197

2007-01-11T06:28:00.000-05:00

2018-10-16T12:31:40.417-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=305102 APPLE APPLE-SA-2007-02-15 MISC http://projects.info-pull.com/moab/MOAB-09-01-2007.html MISC http://www.digitalmunition.com/DMA%5B2007-0109a%5D.txt CERT-VN VU#240880 BUGTRAQ 20070111 DMA[2007-0107a] OmniWeb Javascript Alert Format String Vulnerabiity and DMA[2007-0109a] Apple Finder Disk Image Volume Label Overflow / DoS BID 21980 SECTRACK 1017662 CERT TA07-047A VUPEN ADV-2007-0140 XF macos-finder-dos(31410) Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long volume name in a DMG disk image, which results in memory corruption.

cpe:/a:cisco:ip_contact_center_enterprise:5.0 cpe:/a:cisco:ip_contact_center_enterprise:7.1 cpe:/a:cisco:ip_contact_center_hosted:5.0 cpe:/a:cisco:ip_contact_center_hosted:7.1 cpe:/a:cisco:unified_contact_center_enterprise:5.0 cpe:/a:cisco:unified_contact_center_enterprise:7.1 cpe:/a:cisco:unified_contact_center_hosted:5.0 cpe:/a:cisco:unified_contact_center_hosted:7.1

CVE-2007-0198

2007-01-11T06:28:00.000-05:00

2011-03-07T21:48:59.893-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov SECTRACK 1017499 CISCO 20070110 Cisco Unified Contact Center and IP Contact Center JTapi Gateway Vulnerability BID 21988 VUPEN ADV-2007-0138 The JTapi Gateway process in Cisco Unified Contact Center Enterprise, Unified Contact Center Hosted, IP Contact Center Enterprise, and Cisco IP Contact Center Hosted 5.0 through 7.1 allows remote attackers to cause a denial of service (repeated process restart) via a certain TCP session on the JTapi server port.

cpe:/o:cisco:ios:11.0 cpe:/o:cisco:ios:12.4

CVE-2007-0199

2007-01-11T06:28:00.000-05:00

2017-10-10T21:31:34.610-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov SECTRACK 1017498 CISCO 20070110 DLSw Vulnerability BID 21990 VUPEN ADV-2007-0139 The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message... during the capabilities exchange."

cpe:/a:geoffrey_golliher:axiom_photo_news_gallery:0.8.6

CVE-2007-0200

2007-01-11T06:28:00.000-05:00

2017-10-18T21:29:57.253-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VIM 20070110 source verify - Axiom RFI BID 21972 VUPEN ADV-2007-0107 XF axiom-template-file-include(31372) EXPLOIT-DB 3108 PHP remote file inclusion vulnerability in template.php in Geoffrey Golliher Axiom Photo/News Gallery (axiompng) 0.8.6 allows remote attackers to execute arbitrary PHP code via a URL in the baseAxiomPath parameter.

cpe:/a:tis:internet_firewall_toolkit:2.1

CVE-2007-0201

2007-01-11T06:28:00.000-05:00

2017-07-28T21:30:02.767-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SECTRACK 1017481 MISC http://www.ranum.com/security/computer_security/editorials/codetools/ BID 21960 XF tisfwtk-ftpgw-bo(31363) Buffer overflow in the cmd_usr function in ftp-gw in TIS Internet Firewall Toolkit (FWTK) allows remote attackers to execute arbitrary code via a long destination hostname (dest).

cpe:/a:alexphpteam:alex_guestbook:3.12 cpe:/a:alexphpteam:alex_guestbook:3.13 cpe:/a:alexphpteam:alex_guestbook:4.0.1 cpe:/a:alexphpteam:alex_guestbook:4.0.2

CVE-2007-0202

2007-01-11T06:28:00.000-05:00

2018-10-16T12:31:41.277-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://acid-root.new.fr/poc/20070107.txt SREASON 2135 BUGTRAQ 20070107 @lex Guestbook <= 4.0.2 Remote Command Execution Exploit BID 21926 VUPEN ADV-2007-0137 XF @lexguestbook-index-sql-injection(31393) EXPLOIT-DB 3103 SQL injection vulnerability in index.php in @lex Guestbook 4.0.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the lang parameter.

cpe:/a:phpmyadmin:phpmyadmin:2.9.1.1

CVE-2007-0203

2007-01-11T06:28:00.000-05:00

2011-03-07T21:49:00.393-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov MANDRIVA MDKSA-2007:199 CONFIRM http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0 BID 21987 VUPEN ADV-2007-0125 Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors.

cpe:/a:phpmyadmin:phpmyadmin:2.9.1.1

CVE-2007-0204

2007-01-11T06:28:00.000-05:00

2017-07-28T21:30:02.877-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MANDRIVA MDKSA-2007:199 MISC http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0 BID 21987 VUPEN ADV-2007-0125 XF phpmyadmin-unspecified-xss(31387) Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information.

cpe:/a:alexphpteam:alex_guestbook:3.12 cpe:/a:alexphpteam:alex_guestbook:3.13 cpe:/a:alexphpteam:alex_guestbook:4.0.1 cpe:/a:alexphpteam:alex_guestbook:4.0.2

CVE-2007-0205

2007-01-11T17:28:00.000-05:00

2018-10-16T12:31:41.933-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://acid-root.new.fr/poc/20070107.txt SREASON 2135 BUGTRAQ 20070107 @lex Guestbook <= 4.0.2 Remote Command Execution Exploit BID 21926 XF @lexguestbook-livreinclude-file-include(31397) EXPLOIT-DB 3103 Directory traversal vulnerability in admin/skins.php for @lex Guestbook 4.0.2 and earlier allows remote attackers to create files in arbitrary directories via ".." sequences in the (1) aj_skin and (2) skin_edit parameters. NOTE: this can be leveraged for file inclusion by creating a skin file in the lang directory, then referencing that file via the lang parameter to index.php, which passes a sanity check in livre_include.php.

cpe:/a:hp:openview_network_node_manager:6.2 cpe:/a:hp:openview_network_node_manager:6.2::hp_ux_10.x cpe:/a:hp:openview_network_node_manager:6.2::hp_ux_11.x cpe:/a:hp:openview_network_node_manager:6.2::nt_4.x_windows_2000 cpe:/a:hp:openview_network_node_manager:6.2::solaris cpe:/a:hp:openview_network_node_manager:6.4 cpe:/a:hp:openview_network_node_manager:6.4::hp_ux_11.x cpe:/a:hp:openview_network_node_manager:6.4::nt_4.x_windows_2000 cpe:/a:hp:openview_network_node_manager:6.4::solaris cpe:/a:hp:openview_network_node_manager:6.41 cpe:/a:hp:openview_network_node_manager:6.41::solaris cpe:/a:hp:openview_network_node_manager:7.0.1 cpe:/a:hp:openview_network_node_manager:7.0.1::hp_ux_11.x cpe:/a:hp:openview_network_node_manager:7.0.1::linux cpe:/a:hp:openview_network_node_manager:7.0.1::solaris cpe:/a:hp:openview_network_node_manager:7.0.1::windows_2000_xp cpe:/a:hp:openview_network_node_manager:7.50 cpe:/a:hp:openview_network_node_manager:7.50::hp_ux_11.x cpe:/a:hp:openview_network_node_manager:7.50::linux cpe:/a:hp:openview_network_node_manager:7.50::solaris cpe:/a:hp:openview_network_node_manager:7.50::windows_2000_xp

CVE-2007-0206

2007-01-11T20:28:00.000-05:00

2018-10-16T12:31:42.557-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2140 SECTRACK 1017503 HP SSRT061174 BID 22009 VUPEN ADV-2007-0153 Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allows remote attackers to read arbitrary files via unknown vectors.

CVE-2007-0207

2017-05-11T10:29:05.527-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none.

cpe:/a:microsoft:office:2000:sp3 cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:office:2004::mac cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:word:2000 cpe:/a:microsoft:word:2002 cpe:/a:microsoft:word:2003 cpe:/a:microsoft:word_viewer:2003 cpe:/a:microsoft:works:2004 cpe:/a:microsoft:works:2005 cpe:/a:microsoft:works:2006

CVE-2007-0208

2007-02-13T16:28:00.000-05:00

2018-10-12T17:42:28.767-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

BID 22477 SECTRACK 1017639 CERT TA07-044A VUPEN ADV-2007-0583 MS MS07-014 Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code.

cpe:/a:microsoft:office:2000:sp3 cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:office:2004::mac cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:works:2004 cpe:/a:microsoft:works:2005 cpe:/a:microsoft:works:2006

CVE-2007-0209

2007-02-13T16:28:00.000-05:00

2018-10-12T17:42:29.390-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

BID 22482 SECTRACK 1017639 CERT TA07-044A VUPEN ADV-2007-0583 MS MS07-014 Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption.

cpe:/o:microsoft:windows_xp::sp2:tablet_pc

CVE-2007-0210

2007-02-13T15:28:00.000-05:00

2018-10-12T17:42:30.047-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

BID 22499 SECTRACK 1017634 CERT TA07-044A VUPEN ADV-2007-0576 MS MS07-007 The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 allows local users to gain privileges via unspecified vectors involving an "unchecked buffer," probably a buffer overflow.

cpe:/o:microsoft:windows_2003_server:sp1 cpe:/o:microsoft:windows_xp::gold:professional cpe:/o:microsoft:windows_xp::sp2:tablet_pc

CVE-2007-0211

2007-02-13T15:28:00.000-05:00

2018-10-12T17:42:30.750-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CERT-VN VU#240796 BID 22481 SECTRACK 1017633 CERT TA07-044A VUPEN ADV-2007-0575 MS MS07-006 The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."

CVE-2007-0212

2017-05-11T10:29:05.557-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none.

cpe:/a:microsoft:exchange_server:2000:sp3 cpe:/a:microsoft:exchange_server:2003:sp1 cpe:/a:microsoft:exchange_server:2003:sp2 cpe:/a:microsoft:exchange_server:2007

CVE-2007-0213

2007-05-08T19:19:00.000-04:00

2018-10-16T12:31:42.993-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

MISC http://packetstormsecurity.com/files/153533/Microsoft-Exchange-2003-base64-MIME-Remote-Code-Execution.html CERT-VN VU#343145 HP HPSBST02214 BID 23809 SECTRACK 1018015 CERT TA07-128A VUPEN ADV-2007-1711 MS MS07-026 XF exchange-mime-base64-code-execution(33889) Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.

cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_2003_server cpe:/o:microsoft:windows_2003_server:64-bit cpe:/o:microsoft:windows_2003_server:itanium cpe:/o:microsoft:windows_2003_server:sp1 cpe:/o:microsoft:windows_2003_server:sp1::itanium cpe:/o:microsoft:windows_xp:::64-bit cpe:/o:microsoft:windows_xp::sp2

CVE-2007-0214

2007-02-13T15:28:00.000-05:00

2018-10-12T17:42:32.593-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CERT-VN VU#563756 BID 22478 SECTRACK 1017635 CERT TA07-044A VUPEN ADV-2007-0577 MS MS07-008 The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.

cpe:/a:microsoft:excel:2000 cpe:/a:microsoft:excel:2002 cpe:/a:microsoft:excel:2003 cpe:/a:microsoft:excel:2007 cpe:/a:microsoft:excel_viewer:2003 cpe:/a:microsoft:office:2000:sp3 cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:office:2004::mac cpe:/a:microsoft:office:2007 cpe:/a:microsoft:office:xp:sp3

CVE-2007-0215

2007-05-08T18:19:00.000-04:00

2018-10-16T12:31:43.870-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

BUGTRAQ 20070508 ZDI-07-026: Microsoft Excel BIFF File Format Named Graph Record Parsing Stack Overflow Vulnerability HP HPSBST02214 BID 23760 SECTRACK 1018012 CERT TA07-128A VUPEN ADV-2007-1708 MISC http://www.zerodayinitiative.com/advisories/ZDI-07-026.html MS MS07-023 XF excel-biff-file-bo(33913) Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption.

cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:office:2003:sp3 cpe:/a:microsoft:works:8.0 cpe:/a:microsoft:works:2005

CVE-2007-0216

2008-02-12T18:00:00.000-05:00

2018-10-12T17:42:34.610-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

IDEFENSE 20080208 Microsoft Office Works Converter Heap Overflow Vulnerability HP HPSBST02314 BID 27657 SECTRACK 1019386 CERT TA08-043C VUPEN ADV-2008-0513 MS MS08-011 wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."

cpe:/a:microsoft:ie:5.01:sp4 cpe:/a:microsoft:ie:6.0 cpe:/a:microsoft:ie:6.0:sp1

CVE-2007-0217

2007-02-13T17:28:00.000-05:00

2018-10-16T12:31:44.900-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

IDEFENSE 20070213 Microsoft 'wininet.dll' FTP Reply Null Termination Heap Corruption Vulnerability CERT-VN VU#613564 BUGTRAQ 20070309 MS07-016 FTP Response DOS PoC BID 22489 SECTRACK 1017642 CERT TA07-044A VUPEN ADV-2007-0584 MS MS07-016 The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.

cpe:/a:microsoft:ie:5.01:sp4 cpe:/a:microsoft:ie:6 cpe:/a:microsoft:ie:6:sp1 cpe:/a:microsoft:ie:7.0

CVE-2007-0218

2007-06-12T15:30:00.000-04:00

2018-10-16T12:31:45.917-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

IDEFENSE 20070612 Microsoft License Manager and urlmon.dll COM Object Interaction Invalid Memory Access Vulnerability SECTRACK 1018235 HP SSRT071438 BID 24372 CERT TA07-163A VUPEN ADV-2007-2153 MS MS07-033 XF webbrowser-object-code-execution(32106) Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function.

cpe:/a:microsoft:ie:5.01:sp4 cpe:/a:microsoft:ie:6.0 cpe:/a:microsoft:ie:6.0:sp1 cpe:/a:microsoft:ie:7.0

CVE-2007-0219

2007-02-13T18:28:00.000-05:00

2018-10-12T17:42:38.203-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CERT-VN VU#771788 BID 22504 SECTRACK 1017643 CERT TA07-044A VUPEN ADV-2007-0584 MS MS07-016 XF ie-com-activex-code-execution(32427) Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697.

cpe:/a:microsoft:exchange_server:2000:sp3 cpe:/a:microsoft:exchange_server:2003:sp1 cpe:/a:microsoft:exchange_server:2003:sp2

CVE-2007-0220

2007-05-08T19:19:00.000-04:00

2018-10-16T12:31:47.137-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

CERT-VN VU#124113 HP HPSBST02214 BID 23806 SECTRACK 1018015 CERT TA07-128A VUPEN ADV-2007-1711 MS MS07-026 XF exchange-utf-xss(33887) Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label".

cpe:/a:microsoft:exchange_server:2000:sp3

CVE-2007-0221

2007-05-08T19:19:00.000-04:00

2018-10-16T12:31:47.947-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov IDEFENSE 20070508 Microsoft Exchange Server 2000 IMAP Literal Processing DoS Vulnerability HP HPSBST02214 BID 23810 SECTRACK 1018015 CERT TA07-128A VUPEN ADV-2007-1711 MS MS07-026 XF exchange-imap-command-dos(33890) Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability."

cpe:/a:oracle:application_server:10.1.3

CVE-2007-0222

2007-01-16T20:28:00.000-05:00

2018-10-16T12:31:48.823-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SECTRACK 1017522 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html BUGTRAQ 20070115 SYMSA-2007-001: Oracle Application Server 10g - Directory Traversal BUGTRAQ 20070131 Oracle 10g R2 Enterprise Manager Directory Traversal BID 22027 BID 22083 Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably "\.." sequences in the beanId parameter. NOTE: this is likely a duplicate of another CVE that Oracle addressed in CPU Jan 2007, but due to lack of details by Oracle, it is unclear which BugID this issue is associated with, so the other CVE cannot be determined. Possibilities include EM02 (CVE-2007-0292) or EM05 (CVE-2007-0293).

cpe:/a:nicola_asuni:all_in_one_control_panel:1.3.000 cpe:/a:nicola_asuni:all_in_one_control_panel:1.3.001 cpe:/a:nicola_asuni:all_in_one_control_panel:1.3.002 cpe:/a:nicola_asuni:all_in_one_control_panel:1.3.003 cpe:/a:nicola_asuni:all_in_one_control_panel:1.3.004 cpe:/a:nicola_asuni:all_in_one_control_panel:1.3.005 cpe:/a:nicola_asuni:all_in_one_control_panel:1.3.006 cpe:/a:nicola_asuni:all_in_one_control_panel:1.3.007 cpe:/a:nicola_asuni:all_in_one_control_panel:1.3.008

CVE-2007-0223

2007-01-12T21:28:00.000-05:00

2017-07-28T21:30:03.407-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

CONFIRM http://sourceforge.net/project/shownotes.php?release_id=477845 BID 22019 XF aiocp-cpfunctionsdownloads-sql-injection(31591) SQL injection vulnerability in shared/code/cp_functions_downloads.php in Nicola Asuni All In One Control Panel (AIOCP) before 1.3.009 allows remote attackers to execute arbitrary SQL commands via the download_category parameter.

cpe:/a:virtual_programming:vp-asp:6.09

CVE-2007-0224

2007-01-12T21:28:00.000-05:00

2017-10-18T21:29:57.613-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

XF vpasp-shopgift-sql-injection(31447) EXPLOIT-DB 3115 SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginLastname parameter.

cpe:/a:virtual_programming:vp-asp:6.09

CVE-2007-0225

2007-01-12T21:28:00.000-05:00

2017-10-18T21:29:57.707-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

XF vpasp-shopcustadmin-xss(31449) EXPLOIT-DB 3115 Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

cpe:/a:uniforum:uniforum:4

CVE-2007-0226

2007-01-12T21:28:00.000-05:00

2018-10-16T12:31:49.290-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070125 uniForum <= v4 (wbsearch.aspx) Remote SQL Injection Vulnerability BID 21966 XF uniforum-wbsearch-sql-injection(31362) EXPLOIT-DB 3106 SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier allows remote attackers to execute arbitrary SQL commands via the "by User" field (aka the TXbyuser parameter).

cpe:/a:slocate:slocate:3.1

CVE-2007-0227

2007-01-12T21:28:00.000-05:00

2018-10-16T12:31:49.777-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov BUGTRAQ 20070110 slocate leaks filenames of protected directories BUGTRAQ 20070110 Re: slocate leaks filenames of protected directories BUGTRAQ 20070111 Re: slocate leaks filenames of protected directories BUGTRAQ 20070112 Re: slocate leaks filenames of protected directories BUGTRAQ 20070329 FLEA-2007-0005-1: slocate BID 21989 UBUNTU USN-425-1 slocate 3.1 does not properly manage database entries that specify names of files in protected directories, which allows local users to obtain the names of private files. NOTE: another researcher reports that the issue is not present in slocate 2.7.

cpe:/a:eiqnetworks:enterprise_security_analyzer:2.0 cpe:/a:eiqnetworks:enterprise_security_analyzer:2.1 cpe:/a:eiqnetworks:enterprise_security_analyzer:2.5

CVE-2007-0228

2007-01-12T21:28:00.000-05:00

2017-07-28T21:30:03.657-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov FULLDISC 20070110 EIQ Networks Network Security Analyzer DoS Vulnerability BID 21994 VUPEN ADV-2007-0147 XF eiq-datacollector-dos(31428) The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause a denial of service (service crash) via a (1) &CONNECTSERVER& (2) &ADDENTRY& (3) &FIN& (4) &START& (5) &LOGPATH& (6) &FWADELTA& (7) &FWALOG& (8) &SETSYNCHRONOUS& (9) &SETPRGFILE&, or (10) &SETREPLYPORT& string to TCP port 10618, which triggers a NULL pointer dereference.

cpe:/o:apple:mac_os_x:10.4.8 cpe:/o:apple:mac_os_x_server:10.4.8 cpe:/o:freebsd:freebsd:6.1

CVE-2007-0229

2007-01-12T21:28:00.000-05:00

2017-07-28T21:30:03.717-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

MISC http://applefun.blogspot.com/2007/01/moab-10-01-2007-apple-dmg-ufs.html CONFIRM http://docs.info.apple.com/article.html?artnum=305214 APPLE APPLE-SA-2007-03-13 MLIST [freebsd-security] 20070114 MOAB advisories MISC http://projects.info-pull.com/moab/MOAB-10-01-2007.html BID 21993 SECTRACK 1017751 CERT TA07-072A VUPEN ADV-2007-0141 VUPEN ADV-2007-0930 XF macos-ffsmountfs-bo(31409) Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem.

cpe:/a:cs-cart:cs-cart:1.3.3

CVE-2007-0230

2007-01-12T21:28:00.000-05:00

2018-10-16T12:31:52.900-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VIM 20070110 [bogus] [ahmed_labib_hilmy at yahoo.com: CS-Cart 1.3.3 (install.php) Remote File Include Vulnerability] (fwd) BUGTRAQ 20070109 CS-Cart 1.3.3 (install.php) Remote File Include Vulnerability XF cscart-install-file-include(31408) ** DISPUTED ** PHP remote file inclusion vulnerability in install.php in CS-Cart 1.3.3 allows remote attackers to execute arbitrary PHP code via a URL in the install_dir parameter. NOTE: CVE and third parties dispute this vulnerability because install_dir is defined before use.

cpe:/a:six_apart:movable_type:3.33

CVE-2007-0231

2007-01-12T21:28:00.000-05:00

2011-03-07T21:49:02.797-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://golem.ph.utexas.edu/~distler/blog/archives/001102.html VUPEN ADV-2007-0142 MISC http://www.zackvision.com/weblog/2007/01/movabletype-security-bug.html Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, when nofollow is disabled and unmoderated comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Comments field.

cpe:/a:jshop_e-commerce:jshop_server:1.3

CVE-2007-0232

2007-01-12T21:28:00.000-05:00

2018-10-16T12:31:53.197-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2146 BUGTRAQ 20070110 Jshop Server 1.3 BID 21995 XF jshop-fieldvalidation-file-include(31425) EXPLOIT-DB 3113 PHP remote file inclusion vulnerability in routines/fieldValidation.php in Jshop Server 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the jssShopFileSystem parameter.

cpe:/a:wordpress:wordpress:0.6.2:beta_2 cpe:/a:wordpress:wordpress:0.6.2.1:beta_2 cpe:/a:wordpress:wordpress:0.7 cpe:/a:wordpress:wordpress:0.71 cpe:/a:wordpress:wordpress:1.2 cpe:/a:wordpress:wordpress:1.2.1 cpe:/a:wordpress:wordpress:1.2.2 cpe:/a:wordpress:wordpress:1.5 cpe:/a:wordpress:wordpress:1.5.1 cpe:/a:wordpress:wordpress:1.5.1.2 cpe:/a:wordpress:wordpress:1.5.1.3 cpe:/a:wordpress:wordpress:1.5.2 cpe:/a:wordpress:wordpress:2.0 cpe:/a:wordpress:wordpress:2.0.1 cpe:/a:wordpress:wordpress:2.0.2 cpe:/a:wordpress:wordpress:2.0.3 cpe:/a:wordpress:wordpress:2.0.4 cpe:/a:wordpress:wordpress:2.0.5 cpe:/a:wordpress:wordpress:2.0.6

CVE-2007-0233

2007-01-12T21:28:00.000-05:00

2017-10-18T21:29:57.877-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 21983 XF wordpress-tbid-sql-injection(31385) EXPLOIT-DB 3109 wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the tb_id parameter. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in WordPress.

CVE-2007-0234

2007-01-16T19:28:00.000-05:00

2008-09-10T20:48:43.493-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-0243. Reason: This candidate is a duplicate of CVE-2007-0243. Notes: All CVE users should reference CVE-2007-0243 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

cpe:/a:libgtop:libgtop:2.14.5

CVE-2007-0235

2007-01-16T13:28:00.000-05:00

2017-10-10T21:31:35.767-04:00

3.7

LOCAL

HIGH

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://bugzilla.gnome.org/show_bug.cgi?id=396477 CONFIRM http://ftp.gnome.org/pub/gnome/sources/libgtop/2.14/libgtop-2.14.6.news GENTOO GLSA-200701-17 DEBIAN DSA-1255 MANDRIVA MDKSA-2007:023 REDHAT RHSA-2007:0765 BID 22054 SECTRACK 1018526 UBUNTU USN-407-1 VUPEN ADV-2007-0185 VUPEN ADV-2007-0187 XF libgtop2-glibtopbo(31522) CONFIRM https://issues.rpath.com/browse/RPL-972 MISC https://launchpad.net/bugs/79206 Stack-based buffer overflow in the glibtop_get_proc_map_s function in libgtop before 2.14.6 (libgtop2) allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a process with a long filename that is mapped in its address space, which triggers the overflow in gnome-system-monitor.

cpe:/o:apple:mac_os_x:10.4.8

CVE-2007-0236

2007-01-16T13:28:00.000-05:00

2017-10-10T21:31:35.830-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=305214 APPLE APPLE-SA-2007-03-13 MISC http://projects.info-pull.com/moab/MOAB-14-01-2007.html SECTRACK 1017513 BID 22041 SECTRACK 1017751 CERT TA07-072A VUPEN ADV-2007-0191 VUPEN ADV-2007-0930 EXPLOIT-DB 3130 Double free vulnerability in the _ATPsndrsp function in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (kernel panic) and possibly execute arbitrary code via a crafted AppleTalk request that triggers a heap-based buffer overflow.

cpe:/a:lookup:lookup

CVE-2007-0237

2007-03-19T15:19:00.000-04:00

2017-07-28T21:30:04.030-04:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=197306 GENTOO GLSA-200712-07 DEBIAN DSA-1269 BID 23026 SECTRACK 1017792 XF lookup-ndebbinary-symlink(33052) The ndeb-binary feature in Lookup (lookup-el) allows local users to overwrite arbitrary files via a symlink attack on temporary files.

cpe:/a:openoffice:openoffice

CVE-2007-0238

2007-03-21T15:19:00.000-04:00

2018-10-16T12:31:53.667-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SUSE SUSE-SA:2007:023 SUNALERT 102794 DEBIAN DSA-1270 GENTOO GLSA-200704-12 MANDRIVA MDKSA-2007:073 MISC http://www.ngssoftware.com/advisories/high-risk-vulnerabilities-in-the-openoffice-suite/ CONFIRM http://www.openoffice.org/security/CVE-2007-0238 REDHAT RHSA-2007:0033 REDHAT RHSA-2007:0069 BUGTRAQ 20070404 High Risk Vulnerability in OpenOffice BID 23067 SECTRACK 1017799 UBUNTU USN-444-1 VUPEN ADV-2007-1032 VUPEN ADV-2007-1117 XF openoffice-starcalc-bo(33112) CONFIRM https://issues.foresightlinux.org/browse/FL-211 CONFIRM https://issues.rpath.com/browse/RPL-1118 Stack-based buffer overflow in filter\starcalc\scflt.cxx in the StarCalc parser in OpenOffice.org (OOo) Office Suite before 2.2, and 1.x before 1.1.5 Patch, allows user-assisted remote attackers to execute arbitrary code via a document with a long Note.

cpe:/a:openoffice:openoffice

CVE-2007-0239

2007-03-21T15:19:00.000-04:00

2017-10-10T21:31:36.017-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SUSE SUSE-SA:2007:023 SUNALERT 102807 DEBIAN DSA-1270 GENTOO GLSA-200704-12 MANDRIVA MDKSA-2007:073 REDHAT RHSA-2007:0033 REDHAT RHSA-2007:0069 BID 22812 SECTRACK 1017799 UBUNTU USN-444-1 VUPEN ADV-2007-1032 VUPEN ADV-2007-1117 XF openoffice-shell-command-execution(33113) CONFIRM https://issues.foresightlinux.org/browse/FL-211 CONFIRM https://issues.rpath.com/browse/RPL-1118 OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document.

cpe:/a:zope:zope:2.10.2

CVE-2007-0240

2007-03-22T14:19:00.000-04:00

2017-07-28T21:30:04.250-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov SUSE SUSE-SR:2007:011 DEBIAN DSA-1275 BID 23084 VUPEN ADV-2007-1041 CONFIRM http://www.zope.org/Products/Zope/Hotfix-2007-03-20/announcement/view XF zope-unspecifiedget-xss(33187) Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request.

cpe:/a:qt:qt:3.3.8 cpe:/a:qt:qt:4.2.3

CVE-2007-0242

2007-04-03T12:19:00.000-04:00

2017-10-10T21:31:36.110-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov SGI 20070901-01-P FEDORA FEDORA-2007-703 REDHAT RHSA-2011:1324 SLACKWARE SSA:2007-093-03 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm CONFIRM http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html CONFIRM http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html DEBIAN DSA-1292 MANDRIVA MDKSA-2007:074 MANDRIVA MDKSA-2007:075 MANDRIVA MDKSA-2007:076 CONFIRM http://www.nabble.com/Bug-417390:-CVE-2007-0242,--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html SUSE SUSE-SR:2007:006 REDHAT RHSA-2007:0883 REDHAT RHSA-2007:0909 BID 23269 CONFIRM http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350 UBUNTU USN-452-1 VUPEN ADV-2007-1212 XF qt-utf8-xss(33397) CONFIRM https://issues.rpath.com/browse/RPL-1202 The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.

cpe:/a:sun:jdk:1.5.0:update3 cpe:/a:sun:jdk:1.5.0:update4 cpe:/a:sun:jdk:1.5.0:update5 cpe:/a:sun:jdk:1.5.0:update7 cpe:/a:sun:jdk:1.5.0:update8 cpe:/a:sun:jdk:1.5.0:update9 cpe:/a:sun:jre:1.3.1:update16 cpe:/a:sun:jre:1.3.1:update18 cpe:/a:sun:jre:1.4.2_1 cpe:/a:sun:jre:1.4.2_2 cpe:/a:sun:jre:1.4.2_3 cpe:/a:sun:jre:1.4.2_4 cpe:/a:sun:jre:1.4.2_5 cpe:/a:sun:jre:1.4.2_6 cpe:/a:sun:jre:1.4.2_7 cpe:/a:sun:jre:1.4.2_8 cpe:/a:sun:jre:1.4.2_9 cpe:/a:sun:jre:1.4.2_10 cpe:/a:sun:jre:1.4.2_11 cpe:/a:sun:jre:1.4.2_12 cpe:/a:sun:jre:1.5.0:update3 cpe:/a:sun:jre:1.5.0:update4 cpe:/a:sun:jre:1.5.0:update5 cpe:/a:sun:jre:1.5.0:update6 cpe:/a:sun:jre:1.5.0:update7 cpe:/a:sun:jre:1.5.0:update8 cpe:/a:sun:jre:1.5.0:update9 cpe:/a:sun:sdk:1.3.1_01 cpe:/a:sun:sdk:1.3.1_01a cpe:/a:sun:sdk:1.3.1_16 cpe:/a:sun:sdk:1.3.1_18 cpe:/a:sun:sdk:1.4.2 cpe:/a:sun:sdk:1.4.2_03 cpe:/a:sun:sdk:1.4.2_08 cpe:/a:sun:sdk:1.4.2_09 cpe:/a:sun:sdk:1.4.2_10 cpe:/a:sun:sdk:1.4.2_12

CVE-2007-0243

2007-01-17T17:28:00.000-05:00

2018-10-30T12:26:21.780-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BEA BEA07-172.00 MISC http://docs.info.apple.com/article.html?artnum=307177 HP HPSBUX02196 APPLE APPLE-SA-2007-12-14 GENTOO GLSA-200702-08 SREASON 2158 SECTRACK 1017520 SUNALERT 102760 CONFIRM http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html CONFIRM http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html GENTOO GLSA-200702-07 CERT-VN VU#388289 SUSE SUSE-SA:2007:045 REDHAT RHSA-2007:0166 REDHAT RHSA-2007:0167 REDHAT RHSA-2007:0956 REDHAT RHSA-2008:0261 BUGTRAQ 20070117 ZDI-07-005: Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability BUGTRAQ 20070121 Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability Prove Of Concept Exploit BID 22085 CERT TA07-022A VUPEN ADV-2007-0211 VUPEN ADV-2007-0936 VUPEN ADV-2007-1814 VUPEN ADV-2007-4224 MISC http://www.zerodayinitiative.com/advisories/ZDI-07-005.html XF jre-gif-bo(31537) Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.

cpe:/a:poptop:pptp_server:1.3.3

CVE-2007-0244

2007-05-11T00:19:00.000-04:00

2011-03-07T21:49:04.313-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov GENTOO GLSA-200705-18 CONFIRM http://sourceforge.net/project/shownotes.php?release_id=501476&group_id=44827 DEBIAN DSA-1288 SUSE SUSE-SR:2007:010 SUSE SUSE-SR:2007:019 BID 23886 SECTRACK 1018064 TRUSTIX 2007-0017 UBUNTU USN-459-1 UBUNTU USN-459-2 VUPEN ADV-2007-1743 pptpgre.c in PoPToP Point to Point Tunneling Server (pptpd) before 1.3.4 allows remote attackers to cause a denial of service (PPTP connection tear-down) via (1) GRE packets with out-of-order sequence numbers or (2) certain GRE packets that are processed using a wrong pointer and improperly dequeued.

cpe:/a:openoffice:openoffice:2.2.1

CVE-2007-0245

2007-06-12T17:30:00.000-04:00

2018-10-16T12:32:00.277-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SGI 20070602-01-P SUNALERT 102917 CONFIRM http://sw.openoffice.org/source/browse/sw/sw/source/filter/rtf/swparrtf.cxx?rev=1.67 DEBIAN DSA-1307 GENTOO GLSA-200707-02 MANDRIVA MDKSA-2007:144 SUSE SUSE-SA:2007:037 REDHAT RHSA-2007:0406 BUGTRAQ 20070613 High risk vulnerability in OpenOffice RTF parser BID 24450 SECTRACK 1018239 UBUNTU USN-482-1 VUPEN ADV-2007-2166 VUPEN ADV-2007-2229 XF openoffice-rtf-bo(34843) CONFIRM https://issues.rpath.com/browse/RPL-1570 Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier allows remote attackers to execute arbitrary code via a RTF file with a crafted prtdata tag with a length parameter inconsistency, which causes vtable entries to be overwritten.

cpe:/a:gforge:gforge:4.5.16

CVE-2007-0246

2007-05-29T17:30:00.000-04:00

2017-07-28T21:30:04.563-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

CONFIRM http://gforge.org/scm/viewvc.php/branches/Branch_4_5/gforge/plugins/scmcvs/www/cvsweb.php?root=gforge&r1=5849&r2=6038&pathrev=6038 DEBIAN DSA-1297 BID 24141 VUPEN ADV-2007-1942 XF gforge-cvsweb-command-execution(34510) plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATH_INFO.

cpe:/a:squid:squid:2.6.stable1 cpe:/a:squid:squid:2.6.stable2 cpe:/a:squid:squid:2.6.stable3 cpe:/a:squid:squid:2.6.stable4 cpe:/a:squid:squid:2.6.stable5 cpe:/a:squid:squid:2.6.stable6

CVE-2007-0247

2007-01-16T13:28:00.000-05:00

2017-07-28T21:30:04.640-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov GENTOO GLSA-200701-22 MANDRIVA MDKSA-2007:026 SUSE SUSE-SA:2007:012 BID 22079 CONFIRM http://www.squid-cache.org/bugs/show_bug.cgi?id=1857 CONFIRM http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12 UBUNTU USN-414-1 VUPEN ADV-2007-0199 XF squid-multiple-dos(31523) squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions.

cpe:/a:squid:squid:2.6.stable6

CVE-2007-0248

2007-01-16T13:28:00.000-05:00

2017-07-28T21:30:04.703-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov GENTOO GLSA-200701-22 MANDRIVA MDKSA-2007:026 SUSE SUSE-SA:2007:012 BID 22203 CONFIRM http://www.squid-cache.org/bugs/show_bug.cgi?id=1848 CONFIRM http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12 UBUNTU USN-414-1 VUPEN ADV-2007-0199 XF squid-externalacl-dos(31525) The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop.

cpe:/a:nwom:nwom_topsites:3.0

CVE-2007-0249

2007-01-16T18:28:00.000-05:00

2018-10-16T12:32:03.103-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov SREASON 2149 BUGTRAQ 20070111 Nwom topsites v3.0 BID 22012 Cross-site scripting (XSS) vulnerability in index.php in Nwom topsites 3.0 allows remote attackers to inject arbitrary web script or HTML via the o parameter.

cpe:/a:nwom:nwom_topsites:3.0

CVE-2007-0250

2007-01-16T18:28:00.000-05:00

2018-10-16T12:32:03.277-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2149 BUGTRAQ 20070111 Nwom topsites v3.0 BID 22012 index.php in Nwom topsites 3.0 allows remote attackers to obtain potentially sensitive information via a ' (quote) character in the o parameter, which forces a SQL error.

cpe:/a:snort:snort:2.6.1.2

CVE-2007-0251

2007-01-16T18:28:00.000-05:00

2018-10-16T12:32:03.433-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov MISC http://labs.calyptix.com/advisories/CX-2007-01.txt SREASON 2165 SECTRACK 1017507 BUGTRAQ 20070111 Calyptix Security Advisory CX-2007-001 - Snort 2.6.1.2 Integer Underflow Vulnerability BID 22004 CONFIRM http://www.snort.org/got_source/source.html VUPEN ADV-2007-0152 Integer underflow in the DecodeGRE function in src/decode.c in Snort 2.6.1.2 allows remote attackers to trigger dereferencing of certain memory locations via crafted GRE packets, which may cause corruption of log files or writing of sensitive information into log files.

cpe:/a:easy-content_filemanager:easy-content_filemanager

CVE-2007-0252

2007-01-16T18:28:00.000-05:00

2018-10-16T12:32:03.837-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070111 easy-content filemanager Unspecified vulnerability in easy-content filemanager allows remote attackers to upload or modify arbitrary files via unspecified vectors.

cpe:/a:grsecurity:grsecurity_kernel_patch

CVE-2007-0253

2007-01-16T18:28:00.000-05:00

2008-09-05T17:17:24.447-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2007-01-17T10:25:00.000-05:00

ALLOWS_ADMIN_ACCESS

MISC http://forums.grsecurity.net/viewtopic.php?t=1646 MISC http://grsecurity.net/news.php#digitalfud MISC http://www.digitalarmaments.com/news_news.shtml ** DISPUTED ** Unspecified vulnerability in the grsecurity patch has unspecified impact and remote attack vectors, a different vulnerability than the expand_stack vulnerability from the Digital Armaments 20070110 pre-advisory. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven.

cpe:/a:xine:xine-ui

CVE-2007-0254

2007-01-16T18:28:00.000-05:00

2018-10-16T12:32:03.963-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

GENTOO GLSA-200701-18 MANDRIVA MDKSA-2007:027 MANDRIVA MDKSA-2007:154 BUGTRAQ 20070111 Xine-ui format string Vulnerabilties. BID 22002 XF xineui-errorscreatewindow-format-string(31505) Format string vulnerability in the errors_create_window function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors.

cpe:/a:xine:xine:0.99.4

CVE-2007-0255

2007-01-16T18:28:00.000-05:00

2018-10-16T12:32:04.557-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

MANDRIVA MDKSA-2007:027 MANDRIVA MDKSA-2007:154 BUGTRAQ 20070110 VLC Format String Vulnerability also in XINE BID 22252 XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017.

cpe:/a:videolan:vlc_media_player:0.8.6a

CVE-2007-0256

2007-01-16T18:28:00.000-05:00

2017-10-10T21:31:36.347-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov MISC http://downloads.securityfocus.com/vulnerabilities/exploits/22003.py CONFIRM http://wiki.videolan.org/Changelog/0.8.6b BID 22003 XF vlcmediaplayer-wmv-dos(31515) VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file.

cpe:/a:grsecurity:grsecurity_kernel_patch:1.9.4 cpe:/a:grsecurity:grsecurity_kernel_patch:2.0.1 cpe:/a:grsecurity:grsecurity_kernel_patch:2.0.2 cpe:/a:grsecurity:grsecurity_kernel_patch:2.1.0 cpe:/a:grsecurity:grsecurity_kernel_patch:2.1.1 cpe:/a:grsecurity:grsecurity_kernel_patch:2.1.2 cpe:/a:grsecurity:grsecurity_kernel_patch:2.1.3 cpe:/a:grsecurity:grsecurity_kernel_patch:2.1.4 cpe:/a:grsecurity:grsecurity_kernel_patch:2.1.5 cpe:/a:grsecurity:grsecurity_kernel_patch:2.1.6 cpe:/a:grsecurity:grsecurity_kernel_patch:2.1.7 cpe:/a:grsecurity:grsecurity_kernel_patch:2.1.8

CVE-2007-0257

2007-01-16T18:28:00.000-05:00

2018-10-16T12:32:04.823-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

MISC http://forums.grsecurity.net/viewtopic.php?t=1646 MISC http://grsecurity.net/news.php#digitalfud SECTRACK 1017509 MISC http://www.digitalarmaments.com/news_news.shtml MISC http://www.digitalarmaments.com/pre2007-00018659.html BUGTRAQ 20070111 Digital Armaments Security Pre-Advisory 11.01.2007: Grsecurity Kernel PaX - Local root vulnerability BUGTRAQ 20070112 Lies? [Was: Re: Digital Armaments Security Pre-Advisory11.01.2007: Grsecurity Kernel PaX - Local root vulnerability] BUGTRAQ 20070120 Digital Armaments Security Advisory 20.01.2007: Grsecurity Kernel PaX Vulnerability BUGTRAQ 20070309 Re: Digital Armaments Security Advisory 20.01.2007: Grsecurity Kernel PaX Vulnerability BID 22014 VUPEN ADV-2007-0155 ** DISPUTED ** Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven. As of 20070120, the original researcher has released demonstration code.

cpe:/a:fastilo:fastilo:2.0 cpe:/a:opensolution:quick.car:2.0

CVE-2007-0258

2007-01-16T18:28:00.000-05:00

2017-07-28T21:30:04.890-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://14house.blogspot.com/2007/01/fastilo-open-source-shopping-cart-vuln.html BID 21971 BID 22007 VUPEN ADV-2007-0156 VUPEN ADV-2007-0157 XF quickcart-p-xss(31475) Cross-site scripting (XSS) vulnerability in index.php in (1) Fastilo 2.0 and (2) Open Solution Quick.Cart 2.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: some of these details are obtained from third party information.

cpe:/a:ezboxx:ezboxx_portal_system:beta_0.7.6

CVE-2007-0259

2007-01-16T18:28:00.000-05:00

2018-10-16T12:32:05.573-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

NONE

http://nvd.nist.gov MISC http://www.bugsec.com/articles.php?Security=20 BUGTRAQ 20070111 Ezboxx multiple vulnerabilities. VUPEN ADV-2007-0208 Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to obtain sensitive information via an invalid cat parameter to boxx/knowledgebase.asp, which reveals the path in an error message.

cpe:/a:naig:naig:0.5.2

CVE-2007-0260

2007-01-16T18:28:00.000-05:00

2018-10-16T12:32:05.790-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2145 VIM 20070112 Fwd: Naig <= 0.5.2 (this_path) Remote File Include Vulnerability BUGTRAQ 20070112 Naig <= 0.5.2 (this_path) Remote File Include Vulnerability BUGTRAQ 20070113 Re: Naig <= 0.5.2 (this_path) Remote File Include Vulnerability ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Naig 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the this_path parameter. NOTE: a reliable third party disputes this vulnerability because this_path is defined before use.

cpe:/a:snews:snews:1.5.29 cpe:/a:snews:snews:1.5.30

CVE-2007-0261

2007-01-16T18:28:00.000-05:00

2017-10-18T21:29:57.940-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

BID 22025 XF snews-image-file-upload(31535) EXPLOIT-DB 3116 snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter.

cpe:/a:wordpress:wordpress:2.0.6 cpe:/a:wordpress:wordpress:2.1:alpha_3

CVE-2007-0262

2007-01-16T18:28:00.000-05:00

2018-10-16T12:32:06.027-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

NONE

http://nvd.nist.gov BUGTRAQ 20070112 Wordpress disclosure of Table Prefix Weakness WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify that the m parameter value has the string data type, which allows remote attackers to obtain sensitive information via an invalid m[] parameter, as demonstrated by obtaining the path, and obtaining certain SQL information such as the table prefix.

cpe:/a:total_commander:total_commander:6.5.5

CVE-2007-0263

2007-01-16T18:28:00.000-05:00

2008-11-15T01:39:35.517-05:00

7.1

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov MISC http://www.ghisler.com/whatsnew.htm BID 22033 Unspecified vulnerability in Total Commander before 6.5.6 allows user-assisted remote attackers to delete arbitrary files and corrupt a filesystem via a crafted RAR file. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:winzip:winzip:9.0

CVE-2007-0264

2007-01-16T18:28:00.000-05:00

2008-11-15T01:39:35.627-05:00

6.6

LOCAL

MEDIUM

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

BID 22020 Buffer overflow in Winzip32.exe in WinZip 9.0 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long command line argument. NOTE: this issue may cross privilege boundaries if an application automatically invokes Winzip32.exe for untrusted input filenames, as in the case of a file upload application. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:ezboxx:portal_system_beta:0.7.6

CVE-2007-0265

2007-01-16T18:28:00.000-05:00

2018-10-16T12:32:06.137-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://www.bugsec.com/articles.php?Security=20 BUGTRAQ 20070111 Ezboxx multiple vulnerabilities. VUPEN ADV-2007-0208 Multiple cross-site scripting (XSS) vulnerabilities in Ezboxx Portal System Beta 0.7.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the pic parameter to custom/piczoom.asp, (2) the nocatname parameter to boxx/user-upload.asp, or (3) the iid parameter to indexes/newscomments.asp.

cpe:/a:ezboxx:ezboxx_portal_system:beta_0.7.6

CVE-2007-0266

2007-01-16T18:28:00.000-05:00

2018-10-16T12:32:06.573-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://www.bugsec.com/articles.php?Security=20 BUGTRAQ 20070111 Ezboxx multiple vulnerabilities. VUPEN ADV-2007-0208 SQL injection vulnerability in boxx/ShowAppendix.asp in Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the iid parameter.

cpe:/o:apple:mac_os_x:10.4.8 cpe:/o:freebsd:freebsd:6.1

CVE-2007-0267

2007-01-16T19:28:00.000-05:00

2011-06-10T00:00:00.000-04:00

6.6

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2007-01-17T11:27:00.000-05:00

CONFIRM http://docs.info.apple.com/article.html?artnum=305214 APPLE APPLE-SA-2007-03-13 MLIST [freebsd-security] 20070114 MOAB advisories MISC http://projects.info-pull.com/moab/MOAB-12-01-2007.html BID 22036 SECTRACK 1017751 CERT TA07-072A VUPEN ADV-2007-0171 VUPEN ADV-2007-0930 The ufs_lookup function in the Mac OS X 10.4.8 and FreeBSD 6.1 kernels allows local users to cause a denial of service (kernel panic) and possibly corrupt other filesystems by mounting a crafted UNIX File System (UFS) DMG image that contains a corrupted directory entry (struct direct), related to the ufs_dirbad function. NOTE: a third party states that the FreeBSD issue does not cross privilege boundaries.

cpe:/a:oracle:database_server:9.0.1.5 cpe:/a:oracle:database_server:9.2.0.7 cpe:/a:oracle:database_server:10.1.0.5

CVE-2007-0268

2007-01-16T21:28:00.000-05:00

2018-10-16T12:32:06.853-04:00

6.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov SECTRACK 1017522 CERT-VN VU#221788 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html MISC http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html BUGTRAQ 20070124 Oracle Buffer Overflow in DBMS_REPCAT_UNTRUSTED.UNREGISTER_SNAPSHOT BUGTRAQ 20070129 Re: Re: Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL BID 22083 CERT TA07-017A XF oracle-cpu-jan2007(31541) Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15). NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package.

cpe:/a:oracle:database_server:9.2.0.8 cpe:/a:oracle:database_server:10.1.0.5 cpe:/a:oracle:database_server:10.2.0.3

CVE-2007-0269

2007-01-16T21:28:00.000-05:00

2017-07-28T21:30:05.047-04:00

5.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

NONE

http://nvd.nist.gov SECTRACK 1017522 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html BID 22083 CERT TA07-017A XF oracle-cpu-jan2007(31541) Unspecified vulnerability in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to the Change Data Capture and sys.dbms_cdc_subscribe privileges, aka DB02.

cpe:/a:oracle:database_server:9.2.0.7 cpe:/a:oracle:database_server:10.1.0.4

CVE-2007-0270

2007-01-16T21:28:00.000-05:00

2018-10-16T12:32:07.620-04:00

6.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SECTRACK 1017522 MISC http://www.appsecinc.com/resources/alerts/oracle/2007-04.shtml CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html BUGTRAQ 20070124 Oracle Buffer Overflow in DBMS_DRS.GET_PROPERTY BUGTRAQ 20070718 Oracle Database Buffer overflow vulnerabilities in procedure DBMS_DRS.GET_PROPERTY (DB03) BID 22083 CERT TA07-017A XF oracle-cpu-jan2007(31541) Buffer overflow in SYS.DBMS_DRS in Oracle Database 9.2.0.7 and 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via the GET_PROPERTY function in SYS.DBMS_DRS, aka DB03.

cpe:/a:oracle:database_server:9.0.1.5 cpe:/a:oracle:database_server:9.2.0.7

CVE-2007-0271

2007-01-16T21:28:00.000-05:00

2018-10-16T12:32:08.370-04:00

6.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SECTRACK 1017522 MISC http://www.appsecinc.com/resources/alerts/oracle/2007-01.shtml CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html BUGTRAQ 20070124 Oracle Buffer Overflow in DBMS_LOGMNR.ADD_LOGFILE BUGTRAQ 20070129 Re: Re: Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL BID 22083 CERT TA07-017A XF oracle-cpu-jan2007(31541) Unspecified vulnerability in Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors related to the Log Miner component and sys.dbms_log_mnr privileges, aka DB04. NOTE: Oracle has not disputed a reliable researcher claim that this is a buffer overflow in the ADD_LOGFILE procedure for the SYS.DBMS_LOGMNR package that allows code execution.

cpe:/a:oracle:database_server:8.1.7.4 cpe:/a:oracle:database_server:9.0.1.5 cpe:/a:oracle:database_server:9.2.0.7 cpe:/a:oracle:database_server:10.1.0.4

CVE-2007-0272

2007-01-16T21:28:00.000-05:00

2018-10-16T12:32:09.057-04:00

8.5

NETWORK

LOW

SINGLE_INSTANCE

NONE

COMPLETE

http://nvd.nist.gov SECTRACK 1017522 MISC http://www.appsecinc.com/resources/alerts/oracle/2007-05.shtml CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html BUGTRAQ 20070124 Oracle Multiple Buffer Overflows and DoS attacks in public procedures of MDSYS.MD BUGTRAQ 20070718 Oracle Database Buffer overflows and Denial of service vulnerabilities in public procedures of MDSYS.MD (DB12) BID 22083 CERT TA07-017A XF oracle-cpu-jan2007(31541) Multiple buffer overflows in MDSYS.MD in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via unspecified vectors involving certain public procedures, aka DB05.

cpe:/a:oracle:database_server:9.0.1.5 cpe:/a:oracle:database_server:9.2.0.8 cpe:/a:oracle:database_server:10.1.0.5 cpe:/a:oracle:database_server:10.2.0.3

CVE-2007-0273

2007-01-16T21:28:00.000-05:00

2017-07-28T21:30:05.297-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov SECTRACK 1017522 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html MISC http://www.red-database-security.com/advisory/oracle_xmldb_css2.html BID 22083 CERT TA07-017A XF oracle-cpu-jan2007(31541) Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to XMLDB, aka DB06. NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that DB06 is for multiple cross-site scripting (XSS) vulnerabilities.

cpe:/a:oracle:database_server:9.2.0.7 cpe:/a:oracle:database_server:10.1.0.5

CVE-2007-0274

2007-01-16T21:28:00.000-05:00

2018-10-16T12:32:09.730-04:00

6.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov SECTRACK 1017522 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html BUGTRAQ 20070124 Oracle Buffer Overflow in DBMS_LOGREP_UTIL.GET_OBJECT_NAME BUGTRAQ 20070124 Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL BUGTRAQ 20070125 Re: Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL BUGTRAQ 20070125 Re: Oracle Buffer Overflow in DBMS_LOGREP_UTIL.GET_OBJECT_NAME BUGTRAQ 20070129 Re: Re: Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL BID 22083 CERT TA07-017A XF oracle-cpu-jan2007(31541) Multiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and 10.1.0.5 have unknown impact and attack vectors related to (1) Export and sys.dbms_logrep_util (DB08), and (2) Oracle Streams and sys.dbms_capture_adm_internal privileges (DB09). NOTE: Oracle has not disputed reliable researcher claims that DB08 is for a buffer overflow in the GET_OBJECT_NAME procedure in the DBMS_LOGREP_UTIL package, and DB09 is for buffer overflows in the CREATE_CAPTURE, ALTER_CAPTURE, and ABORT_TABLE_INSTANTIATION procedures in SYS.DBMS_CAPTURE_ADM_INTERNAL.

cpe:/a:oracle:application_server:9.0.4.3 cpe:/a:oracle:application_server:10.1.2.0.2 cpe:/a:oracle:application_server:10.1.2.2 cpe:/a:oracle:collaboration_suite:10.1.2 cpe:/a:oracle:database_server:9.2.0.8 cpe:/a:oracle:database_server:10.1.0.5 cpe:/a:oracle:database_server:10.2.0.3 cpe:/a:oracle:e-business_suite:11.5.10.2

CVE-2007-0275

2007-01-16T21:28:00.000-05:00

2018-10-16T12:32:10.620-04:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov SECTRACK 1017522 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html BUGTRAQ 20070117 [ISecAuditors Security Advisories] Oracle Reports Web Cartridge (RWCGI60) vulnerable to XSS BID 22083 CERT TA07-017A XF oracle-cpu-jan2007(31541) Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; allows remote authenticated users to inject arbitrary HTML or web script via the genuser parameter to rwcgi60, aka OWF01.

cpe:/a:oracle:database_server:8.1.7.4 cpe:/a:oracle:database_server:9.0.1.5

CVE-2007-0276

2007-01-16T21:28:00.000-05:00

2017-07-28T21:30:05.500-04:00

6.8

LOCAL

LOW

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov SECTRACK 1017522 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html BID 22083 CERT TA07-017A XF oracle-cpu-jan2007(31541) Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4 and 9.0.1.5 have unknown impact and attack vectors related to (1) Advanced Security Option and oklist or okdstry (DB10), (2) Oracle Net Services (DB13), and (3) Recovery Manager and oklist (DB16).

cpe:/a:oracle:database_server:10.1.0.4

CVE-2007-0277

2007-01-16T21:28:00.000-05:00

2017-07-28T21:30:05.547-04:00

6.8

LOCAL

LOW

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov SECTRACK 1017522 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html BID 22083 CERT TA07-017A XF oracle-cpu-jan2007(31541) Unspecified vulnerability in Oracle Database client-only 10.1.0.4 has unknown impact and attack vectors related to the Export component and expdp or impdp, aka DB11.

cpe:/a:oracle:database_server:8.1.7.4 cpe:/a:oracle:database_server:9.0.1.5 cpe:/a:oracle:database_server:9.2.0.7 cpe:/a:oracle:database_server:10.1.0.5

CVE-2007-0278

2007-01-16T21:28:00.000-05:00

2017-07-28T21:30:05.610-04:00

6.8

LOCAL

LOW

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov SECTRACK 1017522 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html BID 22083 CERT TA07-017A XF oracle-cpu-jan2007(31541) Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) NLS Runtime and lmsgen (DB12), and (2) Oracle Text and ctxkbtc (DB14).

cpe:/a:oracle:e-business_suite:11.5.10.2 cpe:/a:oracle:http_server:9.2.0.8

CVE-2007-0279

2007-01-16T21:28:00.000-05:00

2017-07-28T21:30:05.673-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov SECTRACK 1017522 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html BID 22083 CERT TA07-017A XF oracle-cpu-jan2007(31541) Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka (1) OHS01, (2) OHS02, (3) OHS05, (4) OHS06, and (5) OHS07.

cpe:/a:oracle:application_server:9.0.4.3 cpe:/a:oracle:application_server:10.1.2.0.2 cpe:/a:oracle:application_server:10.1.2.2 cpe:/a:oracle:collaboration_suite:9.0.4.2 cpe:/a:oracle:collaboration_suite:10.1.2 cpe:/a:oracle:http_server:9.0.1.5

CVE-2007-0280

2007-01-16T21:28:00.000-05:00

2017-07-28T21:30:05.720-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov SECTRACK 1017522 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html MISC http://www.red-database-security.com/advisory/oracle_buffer_overflow_ons.html BID 22083 CERT TA07-017A XF oracle-cpu-jan2007(31541) Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN01. NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that OPMN01 is for a buffer overflow in Oracle Notification Service (ONS).

cpe:/a:oracle:application_server:9.0.4.3 cpe:/a:oracle:application_server:10.1.2.0.2 cpe:/a:oracle:application_server:10.1.2.2 cpe:/a:oracle:collaboration_suite:9.0.4.2 cpe:/a:oracle:collaboration_suite:10.1.2 cpe:/a:oracle:http_server:9.0.1.5

CVE-2007-0281

2007-01-16T21:28:00.000-05:00

2017-07-28T21:30:05.780-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SECTRACK 1017522 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html BID 22083 CERT TA07-017A XF oracle-cpu-jan2007(31541) Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2, 10.1.2.1, and 10.1.3.0; and Collaboration Suite 9.0.4.2 and 10.1.2; have unknown impact and attack vectors related to the Oracle HTTP Server, aka (1) OHS03 and (2) OHS04.

cpe:/a:oracle:application_server:9.0.4.3 cpe:/a:oracle:application_server:10.1.2.0.0 cpe:/a:oracle:collaboration_suite:9.0.4.2 cpe:/a:oracle:http_server:9.0.1.5

CVE-2007-0282

2007-01-16T21:28:00.000-05:00

2017-07-28T21:30:05.843-04:00

3.2

LOCAL

LOW

SINGLE_INSTANCE

PARTIAL

NONE

http://nvd.nist.gov SECTRACK 1017522 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html BID 22083 CERT TA07-017A XF oracle-cpu-jan2007(31541) Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.2 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN02.

cpe:/a:oracle:application_server:9.0.4.3 cpe:/a:oracle:collaboration_suite:9.0.4.2

CVE-2007-0283

2007-01-16T21:28:00.000-05:00

2017-07-28T21:30:05.890-04:00

4.0

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov SECTRACK 1017522 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html BID 22083 CERT TA07-017A XF oracle-cpu-jan2007(31541) Unspecified vulnerability in Oracle Application Server 9.0.4.3 and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to Oracle Containers for J2EE, aka OC4J02.

cpe:/a:oracle:application_server:9.0.4.3 cpe:/a:oracle:application_server:10.1.2.0.0 cpe:/a:oracle:collaboration_suite:9.0.4.2

CVE-2007-0284

2007-01-16T21:28:00.000-05:00

2017-07-28T21:30:05.953-04:00

6.4

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SECTRACK 1017522 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html BID 22083 CERT TA07-017A XF oracle-cpu-jan2007(31541) Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.3 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2, have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J03 and (2) OC4J04.

cpe:/a:oracle:application_server:9.0.4.3 cpe:/a:oracle:application_server:10.1.2.0.2 cpe:/a:oracle:application_server:10.1.2.2 cpe:/a:oracle:collaboration_suite:9.0.4.2 cpe:/a:oracle:collaboration_suite:10.1.2 cpe:/a:oracle:e-business_suite:11.5.1

CVE-2007-0285

2007-01-16T21:28:00.000-05:00

2017-07-28T21:30:06.017-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SECTRACK 1017522 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html BID 22083 CERT TA07-017A XF oracle-cpu-jan2007(31541) Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 9.0.4.2 and 10.1.2; and E-Business Suite and Applications 11.5.10CU2 has unknown impact and attack vectors related to Oracle Reports Developer, aka REP01.

cpe:/a:oracle:application_server:10.1.2.0.2 cpe:/a:oracle:application_server:10.1.3.0 cpe:/a:oracle:collaboration_suite:10.1.2

CVE-2007-0286

2007-01-16T21:28:00.000-05:00

2017-07-28T21:30:06.077-04:00

2.6

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov SECTRACK 1017522 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html BID 22083 CERT TA07-017A XF oracle-cpu-jan2007(31541) Unspecified vulnerability in Oracle Application Server 10.1.2.0.2 and 10.1.3.0, and Collaboration Suite 10.1.2, has unknown impact and attack vectors related to Containers for J2EE, aka OC4J07.

cpe:/a:oracle:application_server:9.0.4.3 cpe:/a:oracle:application_server:10.1.2.0.0 cpe:/a:oracle:application_server:10.1.2.0.2 cpe:/a:oracle:collaboration_suite:9.0.4.2 cpe:/a:oracle:collaboration_suite:10.1.2

CVE-2007-0287

2007-01-16T21:28:00.000-05:00

2017-07-28T21:30:06.140-04:00

1.7

LOCAL

LOW

SINGLE_INSTANCE

PARTIAL

NONE

http://nvd.nist.gov SECTRACK 1017522 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html BID 22083 CERT TA07-017A XF oracle-cpu-jan2007(31541) Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.0, and 10.1.2.0.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to Containers for J2EE, aka OC4J08.

cpe:/a:oracle:application_server:10.1.4.0

CVE-2007-0288

2007-01-16T21:28:00.000-05:00

2017-07-28T21:30:06.187-04:00

1.7

LOCAL

LOW

SINGLE_INSTANCE

PARTIAL

NONE

http://nvd.nist.gov SECTRACK 1017522 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html BID 22083 CERT TA07-017A XF oracle-cpu-jan2007(31541) Unspecified vulnerability in Oracle Application Server 10.1.4.0 has unknown impact and attack vectors related to Oracle Internet Directory, aka OID01.

cpe:/a:oracle:application_server:9.0.4.2

CVE-2007-0289

2007-01-16T21:28:00.000-05:00

2017-07-28T21:30:06.250-04:00

6.4

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SECTRACK 1017522 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html BID 22083 CERT TA07-017A XF oracle-cpu-jan2007(31541) Multiple unspecified vulnerabilities in Oracle Collaboration Suite 9.0.4.2 have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J01, (2) OC4J05, and (3) OC4J06.

cpe:/a:oracle:e-business_suite:11.5.10.2

CVE-2007-0290

2007-01-16T21:28:00.000-05:00

2017-07-28T21:30:06.297-04:00

5.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

NONE

http://nvd.nist.gov SECTRACK 1017522 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html BID 22083 CERT TA07-017A XF oracle-cpu-jan2007(31541) Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors related to (1) Application Object Library (APPS01), (2) Human Resources (APPS03), (3) Payables (APPS04), (4) Trading Community Architecture (APPS05), and (5) Web Applications Desktop Integrator (APPS06).

cpe:/a:oracle:e-business_suite:6.2.3

CVE-2007-0291

2007-01-16T21:28:00.000-05:00

2017-07-28T21:30:06.360-04:00

4.0

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

NONE

http://nvd.nist.gov SECTRACK 1017522 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html BID 22083 CERT TA07-017A XF oracle-cpu-jan2007(31541) Unspecified vulnerability in Oracle E-Business Suite and Applications 6.2.3 has unknown impact and attack vectors related to Oracle Exchange, aka APPS02.

cpe:/a:oracle:enterprise_manager:10.1.0.5

CVE-2007-0292

2007-01-16T21:28:00.000-05:00

2017-07-28T21:30:06.423-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov SECTRACK 1017522 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html BID 22083 CERT TA07-017A XF oracle-cpu-jan2007(31541) Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 have unknown impact and attack vectors related to Oracle Agent, aka (1) EM01 and (2) EM02. NOTE: EM05 might be related to CVE-2007-0222.

cpe:/a:oracle:enterprise_manager:10.1.0.5 cpe:/a:oracle:enterprise_manager:10.2.0.1

CVE-2007-0293

2007-01-16T21:28:00.000-05:00

2017-07-28T21:30:06.483-04:00

6.4

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SECTRACK 1017522 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html BID 22083 CERT TA07-017A XF oracle-cpu-jan2007(31541) Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 and 10.2.0.1 have unknown impact and attack vectors related to (1) Oracle Agent (EM03) and (2) EM04 and (3) EM05 in Enterprise Manager Console. NOTE: EM05 might be related to CVE-2007-0222.

cpe:/a:oracle:enterprise_manager:10.2.0.1

CVE-2007-0294

2007-01-16T21:28:00.000-05:00

2017-07-28T21:30:06.530-04:00

1.7

LOCAL

LOW

SINGLE_INSTANCE

PARTIAL

NONE

http://nvd.nist.gov SECTRACK 1017522 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html BID 22083 CERT TA07-017A XF oracle-cpu-jan2007(31541) Unspecified vulnerability in Oracle Enterprise Manager 10.2.0.1 has unknown impact and attack vectors related to Database Cloning & Data Guard Management, aka EM06.

cpe:/a:oracle:enterpriseone:8.22.13 cpe:/a:oracle:enterpriseone:8.47.11 cpe:/a:oracle:peoplesoft_enterprise:8.22.13 cpe:/a:oracle:peoplesoft_enterprise:8.47.11

CVE-2007-0295

2007-01-16T21:28:00.000-05:00

2017-07-28T21:30:06.577-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov SECTRACK 1017522 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html BID 22083 CERT TA07-017A XF oracle-cpu-jan2007(31541) Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13 and 8.47.11 has unknown impact and attack vectors in PeopleTools, aka PSE01.

cpe:/a:oracle:enterpriseone:8.22.13 cpe:/a:oracle:enterpriseone:8.47.11 cpe:/a:oracle:enterpriseone:8.48.06 cpe:/a:oracle:peoplesoft_enterprise:8.22.13 cpe:/a:oracle:peoplesoft_enterprise:8.47.11 cpe:/a:oracle:peoplesoft_enterprise:8.48.06

CVE-2007-0296

2007-01-16T21:28:00.000-05:00

2017-07-28T21:30:06.640-04:00

2.1

LOCAL

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SECTRACK 1017522 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html BID 22083 CERT TA07-017A XF oracle-cpu-jan2007(31541) Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13, 8.47.11, and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE02.

cpe:/a:oracle:enterpriseone:8.47.11 cpe:/a:oracle:enterpriseone:8.48.06 cpe:/a:oracle:peoplesoft_enterprise:8.47.11 cpe:/a:oracle:peoplesoft_enterprise:8.48.06

CVE-2007-0297

2007-01-16T21:28:00.000-05:00

2017-07-28T21:30:06.703-04:00

4.0

NETWORK

LOW

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov SECTRACK 1017522 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html BID 22083 CERT TA07-017A XF oracle-cpu-jan2007(31541) Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.47.11 and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE03.

cpe:/a:dexxaboy:lunarpoll:1.0

CVE-2007-0298

2007-01-17T06:28:00.000-05:00

2018-10-16T12:32:11.103-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VIM 20070112 Source Verify of LunarPoll PollDir RFI SREASON 2152 SECTRACK 1017510 BUGTRAQ 20070112 LunarPoll (PollDir) Remote File Include Vulnerabilities BID 22024 VUPEN ADV-2007-0177 XF lunarpoll-show-file-include(31472) EXPLOIT-DB 3117 PHP remote file inclusion vulnerability in show.php in LunarPoll, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PollDir parameter.

cpe:/o:apple:mac_os_x:10.4.8

CVE-2007-0299

2007-01-17T06:28:00.000-05:00

2011-03-07T21:49:12.737-05:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://docs.info.apple.com/article.html?artnum=305214 APPLE APPLE-SA-2007-03-13 MISC http://projects.info-pull.com/moab/MOAB-11-01-2007.html CERT-VN VU#515792 SECTRACK 1017751 CERT TA07-072A VUPEN ADV-2007-0930 Integer overflow in the byte_swap_sbin function in bsd/ufs/ufs/ufs_byte_order.c in Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service (kernel panic) by mounting a crafted Unix File System (UFS) DMG image, which triggers an invalid pointer dereference.

cpe:/a:tlm_cms:tlm_cms:1.1

CVE-2007-0300

2007-01-17T19:28:00.000-05:00

2017-10-18T21:29:58.067-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VIM 20070112 [Bogus - partly] V TLM CMS <= 1.1 (i-accueil.php chemin) Remote File Include Vulnerability (fwd) BID 22021 VUPEN ADV-2007-0176 EXPLOIT-DB 3118 PHP remote file inclusion vulnerability in i-accueil.php in TLM CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter.

cpe:/a:fdweb:espace_membre:2.01

CVE-2007-0301

2007-01-17T19:28:00.000-05:00

2017-10-18T21:29:58.127-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22040 VUPEN ADV-2007-0178 EXPLOIT-DB 3123 PHP remote file inclusion vulnerability in _admin/admin_menu.php in FdWeB Espace Membre 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.

cpe:/a:instantasp:instantasp:4.1.0

CVE-2007-0302

2007-01-17T19:28:00.000-05:00

2018-10-16T12:32:11.870-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2164 BUGTRAQ 20070115 InstantForum.NET Multiple Cross-Site Scripting Vulnerability BID 22052 VUPEN ADV-2007-0227 XF instantforum-multiple-scripts-xss(31521) Multiple cross-site scripting (XSS) vulnerabilities in InstantASP 4.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to (a) Logon.aspx, and the (2) Username and (3) Update parameters to (b) Members1.aspx.

cpe:/a:pancake.org:zina:1.0_rc1

CVE-2007-0303

2007-01-17T19:28:00.000-05:00

2011-03-07T21:49:13.127-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://www.pancake.org/zina-changelog-12 BID 22049 VUPEN ADV-2007-0181 Multiple unspecified vulnerabilities in Zina 1.0rc1 and earlier have unknown impact and attack vectors related to "Potential security bugs."

cpe:/a:mint:haber_sistemi:2.7

CVE-2007-0304

2007-01-17T19:28:00.000-05:00

2017-10-18T21:29:58.190-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0175 EXPLOIT-DB 3120 SQL injection vulnerability in duyuru.asp in MiNT Haber Sistemi 2.7 allows remote attackers to execute arbitrary SQL commands via the id parameter.

cpe:/a:okulsistem_okul_web:otomasyon_sistemi:4.0.1

CVE-2007-0305

2007-01-17T19:28:00.000-05:00

2018-10-16T12:32:12.387-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2151 BUGTRAQ 20070115 Okul Web Otomasyon Sistemi (etkinlikbak.asp) SQL Injection Vulnerability BID 22060 VUPEN ADV-2007-0206 EXPLOIT-DB 3135 SQL injection vulnerability in etkinlikbak.asp in Okul Web Otomasyon Sistemi 4.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

cpe:/a:digiappz:digiaffiliate:1.4

CVE-2007-0306

2007-01-17T19:28:00.000-05:00

2017-10-18T21:29:58.317-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22039 VUPEN ADV-2007-0179 EXPLOIT-DB 3122 SQL injection vulnerability in visu_user.asp in Digiappz DigiAffiliate 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

cpe:/a:poplar_gedcom_viewer:poplar_gedcom_viewer:1.2.2 cpe:/a:poplar_gedcom_viewer:poplar_gedcom_viewer:2.0

CVE-2007-0307

2007-01-17T19:28:00.000-05:00

2017-10-18T21:29:58.377-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22038 VUPEN ADV-2007-0174 EXPLOIT-DB 3121 PHP remote file inclusion vulnerability in include/common.php in Poplar Gedcom Viewer 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[rootPath] parameter.

cpe:/a:plain_black:webgui:6.3.0 cpe:/a:plain_black:webgui:6.4.0 cpe:/a:plain_black:webgui:6.5.0 cpe:/a:plain_black:webgui:6.5.1 cpe:/a:plain_black:webgui:6.5.2 cpe:/a:plain_black:webgui:6.5.3 cpe:/a:plain_black:webgui:6.5.4 cpe:/a:plain_black:webgui:6.5.5 cpe:/a:plain_black:webgui:6.5.6 cpe:/a:plain_black:webgui:6.6.0 cpe:/a:plain_black:webgui:6.6.1 cpe:/a:plain_black:webgui:6.6.2 cpe:/a:plain_black:webgui:6.6.3 cpe:/a:plain_black:webgui:6.6.4 cpe:/a:plain_black:webgui:6.6.5 cpe:/a:plain_black:webgui:6.7.0 cpe:/a:plain_black:webgui:6.7.1 cpe:/a:plain_black:webgui:6.7.2 cpe:/a:plain_black:webgui:6.7.3 cpe:/a:plain_black:webgui:6.7.4 cpe:/a:plain_black:webgui:6.7.5 cpe:/a:plain_black:webgui:6.7.6 cpe:/a:plain_black:webgui:6.8.1 cpe:/a:plain_black:webgui:6.8.2 cpe:/a:plain_black:webgui:6.8.3 cpe:/a:plain_black:webgui:6.8.4 cpe:/a:plain_black:webgui:6.8.5 cpe:/a:plain_black:webgui:6.8.6 cpe:/a:plain_black:webgui:7.2.3

CVE-2007-0308

2007-01-17T19:28:00.000-05:00

2008-11-15T01:39:49.140-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

CONFIRM http://www.plainblack.com/getwebgui/advisories/webgui-7_3_4-beta-released#BUeIjcWiQasypsJxD-YwgQ BID 22051 Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.3.4 (beta) allows remote attackers to inject arbitrary web script or HTML via Wiki Page titles.

cpe:/a:francisco_burzi:php-nuke:7.9

CVE-2007-0309

2007-01-17T19:28:00.000-05:00

2018-10-16T12:32:12.870-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2153 SECTRACK 1017511 MISC http://www.neosecurityteam.net/advisories/PHP-Nuke--7.9-Old-Articles-Block-cat-SQL-Injection-vulnerability-31.html BUGTRAQ 20070113 PHP-Nuke <= 7.9 Old-Articles Block "cat" SQL Injection vulnerability BID 22037 XF phpnuke-blockoldarticles-sql-injection(31482) SQL injection vulnerability in blocks/block-Old_Articles.php in Francisco Burzi PHP-Nuke 7.9 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter.

cpe:/a:bmc:remedy_action_request_system:5.01.02_patch_1267

CVE-2007-0310

2007-01-17T19:28:00.000-05:00

2018-10-16T12:32:13.433-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2162 SECTRACK 1017515 MISC http://www.alighieri.org/advisories/advisory-remedy50102.txt BUGTRAQ 20070115 Remedy Action Request System 5.01.02 - User Enumeration BUGTRAQ 20070116 Re: Remedy Action Request System 5.01.02 - User Enumeration BID 22066 VUPEN ADV-2007-0204 XF rars-login-information-disclosure(31527) BMC Remedy Action Request System 5.01.02 Patch 1267 generates different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to determine valid account names.

cpe:/a:texas_imperial_software:wftpd:3.25 cpe:/a:texas_imperial_software:wftpd_pro_server:3.25

CVE-2007-0311

2007-01-17T19:28:00.000-05:00

2017-10-18T21:29:58.440-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov BID 22046 XF wftpd-admn-dos(31517) EXPLOIT-DB 3126 Texas Imperial Software WFTPD and WFTPD Pro Server 3.25 and earlier allow remote attackers to cause a denial of service (application crash) via a long SITE ADMIN command.

cpe:/a:wcsimple_poll:wcsimple_poll

CVE-2007-0312

2007-01-17T19:28:00.000-05:00

2018-10-16T12:32:14.120-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

NONE

http://nvd.nist.gov SREASON 2157 BUGTRAQ 20070114 wcSimple Poll (password.txt) Remote Password Disclosure Vulnerablity wcSimple Poll stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password hashes via a direct request for password.txt.

cpe:/a:gonicus:gonicus_system_administration:2.5.7

CVE-2007-0313

2007-01-17T19:28:00.000-05:00

2017-07-28T21:30:07.047-04:00

9.0

NETWORK

LOW

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

MLIST [gosa] 20070115 GOsa 2.5.8 released (security fixes!) VUPEN ADV-2007-0207 XF gosa-unspecified-data-manipulation(31516) Unspecified vulnerability in GONICUS System Administration (GOsa) before 2.5.8 allows remote authenticated users to modify certain settings, including the admin password, via crafted POST requests.

cpe:/a:article_system:article_system:1.0

CVE-2007-0314

2007-01-17T19:28:00.000-05:00

2017-10-18T21:29:58.503-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22017 XF article-system-includedir-file-include(31446) EXPLOIT-DB 3114 Multiple PHP remote file inclusion vulnerabilities in Article System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_DIR parameter to (1) forms.php, (2) issue_edit.php, (3) client.php, and (4) classes.php.

cpe:/a:filezilla:filezilla:0.9.20 cpe:/a:filezilla:filezilla:0.9.21 cpe:/a:filezilla:filezilla:0.9.22 cpe:/a:filezilla:filezilla:2.2.15 cpe:/a:filezilla:filezilla:2.2.22 cpe:/a:filezilla:filezilla:2.2.23 cpe:/a:filezilla:filezilla:2.2.24 cpe:/a:filezilla:filezilla:2.2.25 cpe:/a:filezilla:filezilla:2.2.26 cpe:/a:filezilla:filezilla:2.2.26a cpe:/a:filezilla:filezilla:2.2.27 cpe:/a:filezilla:filezilla:2.2.28 cpe:/a:filezilla:filezilla:2.2.29 cpe:/a:filezilla:filezilla:2.2.30

CVE-2007-0315

2007-01-17T19:28:00.000-05:00

2017-07-28T21:30:07.173-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://sourceforge.net/project/shownotes.php?release_id=475423&group_id=21558 BID 22057 VUPEN ADV-2007-0183 XF filezilla-options-queuectrl-bo(31500) Multiple buffer overflows in FileZilla before 2.2.30a allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors related to (1) Options.cpp when storing settings in the registry, and (2) the transfer queue (QueueCtrl.cpp). NOTE: some of these details are obtained from third party information.

cpe:/a:all_in_one_control_panel:all_in_one_control_panel:1.3.010

CVE-2007-0316

2007-01-17T19:28:00.000-05:00

2017-07-28T21:30:07.233-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2166 BUGTRAQ 20070112 AIOCP SQL Injection Vulnerability BUGTRAQ 20070112 AIOCP Login Bypass Vulnerability BID 22032 VUPEN ADV-2007-0190 XF aiocp-cpdownloads-sql-injection(31485) Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.010 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) xuser_name parameter to shared/code/cp_authorization.php, and the (2) did parameter to public/code/cp_downloads.php, different vectors than CVE-2007-0223.

cpe:/a:filezilla:filezilla:3.0.0_beta1 cpe:/a:filezilla:filezilla:3.0.0_beta2 cpe:/a:filezilla:filezilla:3.0.0_beta4

CVE-2007-0317

2007-01-17T19:28:00.000-05:00

2017-07-28T21:30:07.280-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

CONFIRM http://sourceforge.net/project/shownotes.php?release_id=477793&group_id=21558 BID 22063 VUPEN ADV-2007-0182 XF filezilla-logmessage-format-string(31497) Format string vulnerability in the LogMessage function in FileZilla before 3.0.0-beta5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted arguments. NOTE: some of these details are obtained from third party information.

cpe:/o:apple:mac_os_x:10.4.8

CVE-2007-0318

2007-01-17T19:28:00.000-05:00

2011-03-07T21:49:15.097-05:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://docs.info.apple.com/article.html?artnum=305214 APPLE APPLE-SA-2007-03-13 MISC http://projects.info-pull.com/moab/MOAB-13-01-2007.html SECTRACK 1017759 CERT TA07-072A VUPEN ADV-2007-0171 VUPEN ADV-2007-0930 The do_hfs_truncate function in Mac OS X 10.4.8 allows context-dependent attackers to cause a denial of service (kernel panic) via a crafted HFS+ filesystem in a DMG image, which causes an access of an invalid vnode structure during file removal.

cpe:/a:motive_incorporated:self_service_manager:5.1 cpe:/a:motive_incorporated:service_activation_manager:5.1

CVE-2007-0319

2007-08-15T15:17:00.000-04:00

2018-10-12T17:42:41.937-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov SECTRACK 1018571 CERT-VN VU#747233 CONFIRM http://www.motive.com/securitybulletin_08122007.asp BID 25312 VUPEN ADV-2007-2881 MS MS07-045 XF activeutils-emaildata-bo(36034) Multiple stack-based buffer overflows in the Motive ActiveEmailTest.EmailData (ActiveUtils EmailData) ActiveX control in ActiveUtils.dll in Motive Service Activation Manager 5.1 and Self Service Manager 5.1 and earlier allow remote attackers to execute arbitrary code via unspecified vectors.

cpe:/a:macrovision:installfromtheweb

CVE-2007-0320

2007-02-22T22:28:00.000-05:00

2017-07-28T21:30:07.407-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CERT-VN VU#181041 MISC http://www.kb.cert.org/vuls/id/MAPG-6UQUDP BID 22672 VUPEN ADV-2007-0705 XF macrovision-installfromtheweb-activex-bo(32645) Multiple buffer overflows in (a) an ActiveX control (iftw.dll) and (b) Netscape plug-in (npiftw32.dll) for Macrovision (formerly InstallShield) InstallFromTheWeb allow remote attackers to execute arbitrary code via crafted HTML documents.

cpe:/a:macrovision:flexnet_connect

CVE-2007-0321

2007-02-22T22:28:00.000-05:00

2017-07-28T21:30:07.453-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://support.installshield.com/kb/view.asp?articleid=Q113020 CERT-VN VU#847993 CONFIRM http://www.kb.cert.org/vuls/id/MAPG-6UERNR VUPEN ADV-2007-0706 XF macrovision-updateservice-activex-bo(32678) Buffer overflow in the Update Service Agent ActiveX Control in isusweb.dll for Macrovision FLEXnet Connect (formerly InstallShield Update Service) allows remote attackers to execute arbitrary code via the Download method.

cpe:/a:intuit:quickbooks:::online

CVE-2007-0322

2007-09-05T15:17:00.000-04:00

2017-07-28T21:30:07.500-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CERT-VN VU#907481 BID 25544 XF quickbooks-activex-bo(36462) Multiple stack-based buffer overflows in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to execute arbitrary code via unspecified vectors.

cpe:/a:rim:teamon_import_object_activex_control

CVE-2007-0323

2007-05-08T19:19:00.000-04:00

2018-10-16T12:32:14.307-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

CONFIRM http://www.blackberry.com/btsc/articles/74/KB13142_f.SAL_Public.html CERT-VN VU#869641 HP HPSBST02214 BID 23331 CERT TA07-128A VUPEN ADV-2007-1716 MS MS07-027 XF rim-toimport-activex-bo(34182) Buffer overflow in the SetLanguage function in Research In Motion (RIM) TeamOn Import Object ActiveX control (TOImport.dll) allows remote attackers to execute arbitrary code via unspecified vectors.

cpe:/a:lizardtech:djvu_browser_plug-in:6.0 cpe:/a:lizardtech:djvu_browser_plug-in:6.0.1 cpe:/a:lizardtech:djvu_browser_plug-in:6.1

CVE-2007-0324

2007-02-15T18:28:00.000-05:00

2018-10-16T12:32:14.917-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

SREASON 2259 CERT-VN VU#522393 MISC http://www.lizardtech.com/products/doc/djvupluginrelease.php BUGTRAQ 20070215 Lizardtech DjVu Browser Plug-in - Multiple Vulnerabilities BID 22569 VUPEN ADV-2007-0618 XF djvu-browser-multiple-bo(32510) Multiple buffer overflows in the LizardTech DjVu Browser Plug-in before 6.1.1 allow remote attackers to execute arbitrary code via unspecified vectors.

cpe:/a:trend_micro:client-server-messaging_security:3.0 cpe:/a:trend_micro:officescan_corporate_edition:7.0 cpe:/a:trend_micro:officescan_corporate_edition:7.3

CVE-2007-0325

2007-02-20T12:28:00.000-05:00

2011-03-07T21:49:16.097-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034288 CERT-VN VU#784369 BID 22585 SECTRACK 1017664 CONFIRM http://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1344_readme.txt VUPEN ADV-2007-0638 Multiple buffer overflows in the Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX control in OfficeScanSetupINI.dll, as used in OfficeScan 7.0 before Build 1344, OfficeScan 7.3 before Build 1241, and Client / Server / Messaging Security 3.0 before Build 1197, allow remote attackers to execute arbitrary code via a crafted HTML document.

cpe:/a:photochannel:pni_digital_media_upload_plugin_activex_control:2.0.0.9

CVE-2007-0326

2007-09-18T16:17:00.000-04:00

2017-07-28T21:30:07.673-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CERT-VN VU#854769 BID 25685 SECTRACK 1018701 VUPEN ADV-2007-3181 XF photochannel-photo-upload-bo(36643) Multiple stack-based buffer overflows in the PhotoChannel Networks PNI Digital Media Photo Upload Plugin ActiveX control before 2.0.0.10, as used by multiple retailers, allow remote attackers to execute arbitrary code via unspecified vectors.

cpe:/a:macrovision:flexnet_connect:6.0 cpe:/a:macrovision:update_service:3.0 cpe:/a:macrovision:update_service:4.0 cpe:/a:macrovision:update_service:5.0

CVE-2007-0328

2007-05-31T20:30:00.000-04:00

2017-07-28T21:30:07.733-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://support.installshield.com/kb/view.asp?articleid=Q113020 CONFIRM http://www.blackberry.com/btsc/articles/749/KB16469_f.SAL_Public.html CERT-VN VU#524681 VUPEN ADV-2007-2017 VUPEN ADV-2008-3278 XF macrovision-dwupdate-command-execution(34660) The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via (1) the Execute method, and obtain the exit status using (2) the GetExitCode method.

cpe:/a:joonas_viljanen:jv2_folder_gallery

CVE-2007-0329

2007-01-17T21:28:00.000-05:00

2017-10-18T21:29:58.567-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov VUPEN ADV-2007-0180 EXPLOIT-DB 3125 download.php in Joonas Viljanen JV2 Folder Gallery allows remote attackers to read sensitive files via a relative pathname in the file parameter, as demonstrated by config/gallerysetup.php. NOTE: this issue might be resultant from a directory traversal vulnerability.

cpe:/a:ipswitch:ws_ftp_pro:2007

CVE-2007-0330

2007-01-17T21:28:00.000-05:00

2018-10-16T12:32:15.620-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

SREASON 2160 BUGTRAQ 20070112 Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability BUGTRAQ 20070114 Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability BUGTRAQ 20070116 Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability BID 22062 Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch WS_FTP 2007 Professional allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long ftp:// URL in an HTML document, and possibly other vectors.

cpe:/a:xentraz:liens_dynamiques:2.1

CVE-2007-0331

2007-01-17T21:28:00.000-05:00

2018-10-16T12:32:16.183-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070114 liens_dynamiques xss and admin authentification BID 22070 XF liensdynamiques-liens-xss(31528) Cross-site scripting (XSS) vulnerability in liens.php3 in liens_dynamiques 2.1 allows remote attackers to inject arbitrary web script or HTML by using the ajouter=1 query string and the add menu.

cpe:/a:xentraz:liens_dynamiques:2.1

CVE-2007-0332

2007-01-17T21:28:00.000-05:00

2018-10-16T12:32:16.463-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070114 liens_dynamiques xss and admin authentification BID 22068 (1) admin/adminlien.php3 and (2) admin/modif.php3 in liens_dynamiques 2.1 do not require authentication, which allows remote attackers to perform unauthorized administrative actions using a direct request.

cpe:/a:agnitum:outpost_firewall:4.0::pro

CVE-2007-0333

2007-01-17T21:28:00.000-05:00

2018-10-16T12:32:16.697-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SREASON 2163 MISC http://www.matousec.com/info/advisories/Outpost-Bypassing-Self-Protection-using-file-links.php BUGTRAQ 20070115 Outpost Bypassing Self-Protection using file links Vulnerability BID 22069 XF outpostfirewall-zwset-privilege-escalation(31529) Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access restrictions and insert Trojan horse drivers into the product's installation directory by creating links using FileLinkInformation requests with the ZwSetInformationFile function, as demonstrated by modifying SandBox.sys.

cpe:/h:ingate:firewall_and_siparator:4.5.0

CVE-2007-0334

2007-01-17T21:28:00.000-05:00

2017-07-28T21:30:07.907-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

CONFIRM http://www.ingate.com/relnote-451.php BID 22080 VUPEN ADV-2007-0209 XF ingate-sip-security-bypass(31546) Unspecified vulnerability in the SIP module in InGate Firewall and SIParator before 4.5.1 allows remote attackers to conduct replay attacks on the authentication mechanism via unknown vectors.

cpe:/a:jax_scripts:jax_petition_book:1.0.3.06

CVE-2007-0335

2007-01-17T21:28:00.000-05:00

2018-10-16T12:32:17.120-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2161 BUGTRAQ 20070114 Jax Petition Book (languagepack) Remote File Include Vulnerabilities BUGTRAQ 20070115 Re: Jax Petition Book (languagepack) Remote File Include Vulnerabilities BUGTRAQ 20070116 Re: Jax Petition Book (languagepack) Remote File Include Vulnerabilities BID 22072 VUPEN ADV-2007-0220 XF petitionbook-language-file-include(31543) Multiple directory traversal vulnerabilities in Jax Petition Book 1.0.3.06 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the languagepack parameter to (1) jax_petitionbook.php or (2) smileys.php.

cpe:/a:rixstep:undercover

CVE-2007-0336

2007-01-17T21:28:00.000-05:00

2008-09-05T17:17:37.150-04:00

4.4

LOCAL

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-19T10:06:00.000-05:00

ALLOWS_OTHER_ACCESS

FULLDISC 20070115 Rixstep aren't as leet as they thought they were BID 22071 Undercover.app/Contents/Resources/uc in Rixstep Undercover allows local users to overwrite arbitrary files, probably related to a race condition.

cpe:/a:kgb:kgb:1.9

CVE-2007-0337

2007-01-17T21:28:00.000-05:00

2017-10-18T21:29:58.627-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22065 VUPEN ADV-2007-0228 XF kgb-sesskglogadmin-file-include(31508) EXPLOIT-DB 3134 Directory traversal vulnerability in sesskglogadmin.php in KGB 1.9 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skinnn parameter, as demonstrated by invoking kg.php with a postek parameter containing PHP code, which is injected into a file in the kg directory, and then included by sesskglogadmin.php.

cpe:/a:bolintech:dreamftp_server

CVE-2007-0338

2007-01-17T21:28:00.000-05:00

2017-10-18T21:29:58.690-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

EXPLOIT-DB 3128 Heap-based buffer overflow in Dream FTP Server allows remote attackers to execute arbitrary code via a USER command with a large number of format string specifiers, which triggers the overflow during processing of the Server Log.

cpe:/a:scriptme:sme_filemailer:1.21

CVE-2007-0339

2007-01-17T21:28:00.000-05:00

2018-10-16T12:32:17.917-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2154 VIM 20070117 Source VERIFY of SMe FileMailer 1.21 SQL injection BUGTRAQ 20070116 [x0n3-h4ck] SmE FileMailer 1.21 Remote Sql Injextion Exploit SQL injection vulnerability in index.php (aka the login form) in Scriptme SMe FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the Password field (ps parameter). NOTE: some of these details are obtained from third party information.

cpe:/a:thwboard:thwboard:3.0_beta_2.84::php5

CVE-2007-0340

2007-01-17T21:28:00.000-05:00

2017-10-18T21:29:58.737-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

EXPLOIT-DB 3124 SQL injection vulnerability in inc/header.inc.php in ThWboard 3.0b2.84-php5 and earlier allows remote attackers to execute arbitrary SQL commands via the board[styleid] parameter to index.php.

cpe:/a:phpmyadmin:phpmyadmin:2.8.1

CVE-2007-0341

2007-01-17T21:28:00.000-05:00

2018-10-16T12:32:18.277-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070112 xss in phpmyadmin <= 2.8.1 BUGTRAQ 20070112 Re: xss in phpmyadmin <= 2.8.1 MISC http://www.virtuax.be/advisories/Advisory1-12012007.txt Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992.

cpe:/a:apple:safari:2.0.4_419.3 cpe:/a:apple:webkit:build_18794 cpe:/a:omnigroup:omniweb:5.5.3 cpe:/o:apple:mac_os_x:10.4.8

CVE-2007-0342

2007-01-17T21:28:00.000-05:00

2008-09-05T00:00:00.000-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-19T10:32:00.000-05:00

MISC http://security-protocols.com/sp-x41-advisory.php BID 22059 WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019.

cpe:/o:openbsd:openbsd:4.0

CVE-2007-0343

2007-01-17T21:28:00.000-05:00

2008-09-05T17:17:38.197-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-19T10:36:00.000-05:00

SECTRACK 1017518 OPENBSD [4.0] 008: RELIABILITY FIX: January 16, 2007 OPENBSD [3.9] 018: RELIABILITY FIX: January 16, 2007 BID 22087 OpenBSD before 20070116 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via certain IPv6 ICMP (aka ICMP6) echo request packets.

cpe:/a:colloquy:colloquy:2.1

CVE-2007-0344

2007-01-17T21:28:00.000-05:00

2017-10-18T21:29:58.787-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://projects.info-pull.com/moab/MOAB-16-01-2007.html BID 22086 VUPEN ADV-2007-0238 EXPLOIT-DB 3139 Multiple format string vulnerabilities in (1) _invitedToRoom: and (2) _invitedToDirectChat: in Colloquy 2.1 and earlier allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the channel name of an INVITE request, related to the implementation of AlertSheet and AlertPanel in Apple AppKit.

cpe:/o:apple:mac_os_x:10.4.8

CVE-2007-0345

2007-01-17T21:28:00.000-05:00

2017-10-18T21:29:58.847-04:00

6.8

LOCAL

LOW

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

MISC http://projects.info-pull.com/moab/MOAB-15-01-2007.html XF macosx-applications-privilege-escalation(31530) EXPLOIT-DB 3136 The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain Access.app/Contents/Resources/kcproxy, and (3) ODBC Administrator.app/Contents/Resources/iodbcadmintool programs in /Applications/Utilities/ in Mac OS X 10.4.8 have weak permissions (writable by admin group), which allows local admin users to gain root privileges by modifying a program and then performing permissions repair via diskutil.

cpe:/a:sme:filemailer:1.21

CVE-2007-0346

2007-01-17T21:28:00.000-05:00

2017-07-28T21:30:08.110-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VIM 20070117 Source VERIFY of SMe FileMailer 1.21 SQL injection VUPEN ADV-2007-0221 XF smefilemailer-login-sql-injection(31533) SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the us parameter.

cpe:/a:cvstrac:cvstrac:1.1 cpe:/a:cvstrac:cvstrac:1.1.1 cpe:/a:cvstrac:cvstrac:1.1.2 cpe:/a:cvstrac:cvstrac:1.1.3 cpe:/a:cvstrac:cvstrac:1.1.4 cpe:/a:cvstrac:cvstrac:2.0

CVE-2007-0347

2007-01-29T15:28:00.000-05:00

2018-10-16T12:32:18.603-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov FULLDISC 20070129 CVSTrac 2.0.0 Denial of Service (DoS) vulnerability SREASON 2192 CONFIRM http://www.cvstrac.org/cvstrac/chngview?cn=850 MISC http://www.cvstrac.org/cvstrac/tktview?tn=683 OPENPKG OpenPKG-SA-2007.008 BUGTRAQ 20070129 CVSTrac 2.0.0 Denial of Service (DoS) vulnerability BID 22296 VUPEN ADV-2007-0398 The is_eow function in format.c in CVSTrac before 2.0.1 does not properly check for the "'" (quote) character, which allows remote authenticated users to execute limited SQL injection attacks and cause a denial of service (database error) via a ' character in certain messages, tickets, or Wiki entries.

cpe:/a:interactual_technologies:interactual_player:2.60.12.0717 cpe:/a:intervideo:windvd:7.0.27.172 cpe:/a:roxio:cineplayer:3.2

CVE-2007-0348

2007-03-21T15:19:00.000-04:00

2018-10-16T12:32:19.353-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CERT-VN VU#922969 BUGTRAQ 20070321 Secunia Research: InterActual Player / CinePlayer IASystemInfo.dllActiveX Control Buffer Overflow BID 23071 VUPEN ADV-2007-1042 VUPEN ADV-2007-1043 XF interactual-iasysteminfo-bo(33186) Stack-based buffer overflow in the IASystemInfo.dll ActiveX control in (1) InterActual Player 2.60.12.0717, (2) Roxio CinePlayer 3.2, (3) WinDVD 7.0.27.172, and possibly other products, allows remote attackers to execute arbitrary code via a long ApplicationType property.

cpe:/a:nicecoder:indexu:5.0

CVE-2007-0349

2007-01-18T19:28:00.000-05:00

2018-10-16T12:32:20.183-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov BUGTRAQ 20070116 vulnerability script indexu all versions XF indexu-upgrade-file-include(31539) Directory traversal vulnerability in upgrade.php in nicecoder.com INDEXU 5.x allows remote attackers to include arbitrary local files via a .. (dot dot) in the gateway parameter.

cpe:/a:sme:filemailer:1.21

CVE-2007-0350

2007-01-18T20:28:00.000-05:00

2017-07-28T21:30:08.453-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070116 [x0n3-h4ck] SmE FileMailer 1.21 Remote Sql Injextion Exploit VIM 20070117 Source VERIFY of SMe FileMailer 1.21 SQL injection VUPEN ADV-2007-0221 XF smefilemailer-login-sql-injection(31533) Multiple SQL injection vulnerabilities in (a) index.php and (b) dl.php in SmE FileMailer 1.21 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ps, (2) us, (3) f, or (4) code parameter. NOTE: the us vector in index.php is already covered by CVE-2007-0346.

cpe:/a:zonelabs:zonealarm

CVE-2007-0351

2007-01-18T20:28:00.000-05:00

2018-10-16T12:32:20.463-04:00

6.2

LOCAL

HIGH

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

BUGTRAQ 20070117 Windows logoff bug possible security vulnerability and exploit. BUGTRAQ 20070117 Re: Windows logoff bug possible security vulnerability and exploit. BUGTRAQ 20070118 Re: Windows logoff bug possible security vulnerability and exploit. BUGTRAQ 20070123 Re: Windows logoff bug possible security vulnerability and exploit. BUGTRAQ 20070211 Windows logoff bug solution possibly. Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user.

cpe:/a:microsoft:html_help_workshop:4.02.0002

CVE-2007-0352

2007-01-18T20:28:00.000-05:00

2018-10-16T12:32:21.010-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SREASON 2156 SECTRACK 1017530 MISC http://www.anspi.pl/~porkythepig/visualization/cnt-expl1.cpp BUGTRAQ 20070117 Microsoft Help Workshop .CNT contents files buffer overflow vulnerability BID 22100 XF ms-help-workshop-cnt-bo(31555) EXPLOIT-DB 3149 Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a crafted .cnt file composed of lines that begin with an integer followed by a space and a long string.

cpe:/a:mywebland:mybloggie:2.1.5

CVE-2007-0353

2007-01-18T20:28:00.000-05:00

2018-10-16T12:32:21.620-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

FULLDISC 20070117 [x0n3-h4ck] myBloggie 2.1.5 XSS exploit MISC http://mywebland.com/forums/showtopic.php?t=1224 SREASON 2155 SECTRACK 1017531 BUGTRAQ 20070117 [x0n3-h4ck] myBloggie 2.1.5 XSS exploit BID 22097 XF mybloggie-indexlogin-xss(31554) Cross-site scripting (XSS) vulnerability in (1) index.php and (2) login.php in myBloggie 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO string.

cpe:/a:mgb:opensource_guestbook:0.5.4.5

CVE-2007-0354

2007-01-18T20:28:00.000-05:00

2017-10-18T21:29:58.957-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VIM 20070118 vendor ACK for MGB Guestbook issue BID 22094 CONFIRM http://www.tv-kritik.net/mgb/index.php VUPEN ADV-2007-0232 XF mgb-email-sql-injection(31551) EXPLOIT-DB 3141 SQL injection vulnerability in email.php in MGB OpenSource Guestbook 0.5.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

cpe:/a:apple:minimal_slp_service_agent:10.4.11 cpe:/o:apple:mac_os_x:10.4.8

CVE-2007-0355

2007-01-18T20:28:00.000-05:00

2017-10-18T21:29:59.020-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=307430 APPLE APPLE-SA-2008-02-11 MISC http://projects.info-pull.com/moab/MOAB-17-01-2007.html SECTRACK 1017533 SECTRACK 1019359 BID 22101 CERT TA08-043B VUPEN ADV-2007-0239 XF macos-slpd-bo(31562) EXPLOIT-DB 3151 Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in Mac OS X 10.4.11 and earlier, including 10.4.8, allows local users, and possibly remote attackers, to gain privileges and possibly execute arbitrary code via a registration request with an invalid attr-list field.

cpe:/a:common_controls_replacement_project:foldertreeview_activex_control cpe:/a:microsoft:ie:7.0::vista

CVE-2007-0356

2007-01-18T20:28:00.000-05:00

2017-10-18T21:29:59.080-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov BID 22092 XF ie-ccrp-dos(31549) EXPLOIT-DB 3142 The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6.ocx) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP.RootFolder property value.

cpe:/h:fritzdsl:fritzdsl:02.02.29

CVE-2007-0357

2007-01-18T20:28:00.000-05:00

2017-07-28T21:30:09.483-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov FULLDISC 20070117 Flaw in AVM UPNP service for windows SREASON 2159 BID 22093 VUPEN ADV-2007-0236 XF fritz-avm-directory-traversal(31556) Directory traversal vulnerability in the AVM IGD CTRL Service in Fritz!DSL 02.02.29 allows remote attackers to read arbitrary files via ..%5C (URL-encoded dot dot backslash) sequences in a URI requested from the AR7 webserver.

cpe:/h:hp:jetdirect_firmware:x.20.nn cpe:/h:hp:jetdirect_firmware:x.21.nn cpe:/h:hp:jetdirect_firmware:x.22.nn cpe:/h:hp:jetdirect_firmware:x.23.nn cpe:/h:hp:jetdirect_firmware:x.24.nn

CVE-2007-0358

2007-01-18T20:28:00.000-05:00

2017-07-28T21:30:09.627-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov HP HPSBPI02185 SECTRACK 1017532 BID 22105 VUPEN ADV-2007-0233 XF hp-jetdirect-unspecified-dos(31589) Unspecified vulnerability in the FTP server implementation in HP Jetdirect firmware x.20.nn through x.24.nn allows remote attackers to cause a denial of service via unknown vectors.

cpe:/a:uberghey:cms:0.3.1

CVE-2007-0359

2007-01-18T20:28:00.000-05:00

2017-10-18T21:29:59.127-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VIM 20070118 source verify: Uberghey CMS 0.3.1 RFI BID 22098 VUPEN ADV-2007-0230 XF uberghey-frontpage-file-include(31553) EXPLOIT-DB 3147 PHP remote file inclusion vulnerability in frontpage.php in Uberghey CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter.

cpe:/a:oreon_project:oreon:1.2.3_rc4

CVE-2007-0360

2007-01-18T20:28:00.000-05:00

2018-10-16T12:32:22.230-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070211 Oreon1.2.x Series Exploit Coded BID 22107 VUPEN ADV-2007-0229 XF oreon-index-file-include(31568) EXPLOIT-DB 3150 PHP remote file inclusion vulnerability in lang/index.php in Oreon 1.2.3 RC4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.

cpe:/a:comscripts:phpmyphorum:1.5a

CVE-2007-0361

2007-01-18T20:28:00.000-05:00

2017-10-18T21:29:59.253-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22099 VUPEN ADV-2007-0231 XF phpmyphorum-frame-file-include(31552) EXPLOIT-DB 3145 PHP remote file inclusion vulnerability in mep/frame.php in PHPMyphorum 1.5a allows remote attackers to execute arbitrary PHP code via a URL in the chem parameter.

cpe:/a:freshreader:freshreader

CVE-2007-0362

2007-01-18T20:28:00.000-05:00

2017-07-28T21:30:09.860-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

JVN JVN#95249468 CONFIRM http://manual.freshreader.com/archives/2007/01/20070118_javasc.html BID 22106 VUPEN ADV-2007-0241 XF freshreader-rssfeed-xss(31566) Cross-site scripting (XSS) vulnerability in the RSS feed component in FreshReader before 1.0.07010600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to tag attributes.

cpe:/a:openads:openads:2.0.8_pr1 cpe:/a:openads:openads:2.0.8_pr1::postgresql cpe:/a:openads:openads:2.0.9_pr1 cpe:/a:openads:openads:2.0.9_pr1::postgresql

CVE-2007-0363

2007-01-18T20:28:00.000-05:00

2017-07-28T21:30:09.923-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

CONFIRM http://sourceforge.net/project/shownotes.php?group_id=11386&release_id=479424 CONFIRM http://sourceforge.net/project/shownotes.php?group_id=36679&release_id=479426 BID 22124 VUPEN ADV-2007-0240 XF openads-unspecified-xss(31570) Cross-site scripting (XSS) vulnerability in admin-search.php in (1) Openads for PostgreSQL (aka phpPgAds) before 2.0.10 and (2) Openads (aka phpAdsNew) before 2.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

cpe:/a:nicecoder:indexu:5.0 cpe:/a:nicecoder:indexu:5.0.1 cpe:/a:nicecoder:indexu:5.3

CVE-2007-0364

2007-01-19T14:28:00.000-05:00

2018-10-16T12:32:22.697-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BUGTRAQ 20070116 vulnerability script indexu all versions BID 22084 VUPEN ADV-2007-0222 XF indexu-multiple-scripts-xss(31538) Multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com INDEXU 5.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to (a) suggest_category.php; the (2) u parameter to (b) user_detail.php; the (3) friend_name, (4) friend_email, (5) error_msg, (6) my_name, (7) my_email, and (8) id parameters to (c) tell_friend.php; the (9) error_msg, (10) email, (11) name, and (12) subject parameters to (d) sendmail.php; the (13) email, (14) error_msg, and (15) username parameters to (e) send_pwd.php; the (16) keyword parameter to (f) search.php; the (17) error_msg, (18) username, (19) password, (20) password2, and (21) email parameters to (g) register.php; the (22) url, (23) contact_name, and (24) email parameters to (h) power_search.php; the (25) path and (26) total parameters to (i) new.php; the (27) query parameter to (j) modify.php; the (28) error_msg parameter to (k) login.php; the (29) error_msg and (30) email parameters to (l) mailing_list.php; the (31) gateway parameter to (m) upgrade.php; and another unspecified vector.

CVE-2007-0365

2007-01-19T14:28:00.000-05:00

2017-07-28T21:30:10.063-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

CONFIRM http://sourceforge.net/project/shownotes.php?release_id=478370 VUPEN ADV-2007-0189 XF aiocp-unspecified-xss(31486) Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.009 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this is probably a different vulnerability than CVE-2006-5830.

cpe:/a:maxum_development_corporation:rumpus_ftp_server:5.1

CVE-2007-0366

2007-01-19T16:28:00.000-05:00

2017-07-28T21:30:10.110-04:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://projects.info-pull.com/moab/MOAB-18-01-2007.html XF rumpus-path-privilege-escalation(31597) Untrusted search path vulnerability in Rumpus 5.1 and earlier allows local users to gain privileges via a modified PATH that points to a malicious ipfw program.

cpe:/a:maxum_development_corporation:rumpus_ftp_server:5.1

CVE-2007-0367

2007-01-19T16:28:00.000-05:00

2008-11-15T01:40:06.577-05:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://projects.info-pull.com/moab/MOAB-18-01-2007.html Rumpus 5.1 and earlier has weak permissions for certain files and directories under /usr/local/Rumpus, including the configuration file, which allows local users to have an unknown impact by creating, modifying, or deleting files.

cpe:/a:michiel_broek:mbse-bbs:0.33.17 cpe:/a:michiel_broek:mbse-bbs:0.33.18 cpe:/a:michiel_broek:mbse-bbs:0.33.19 cpe:/a:michiel_broek:mbse-bbs:0.33.20 cpe:/a:michiel_broek:mbse-bbs:0.35.7 cpe:/a:michiel_broek:mbse-bbs:0.36 cpe:/a:michiel_broek:mbse-bbs:0.38 cpe:/a:michiel_broek:mbse-bbs:0.60 cpe:/a:michiel_broek:mbse-bbs:0.70

CVE-2007-0368

2007-01-19T18:28:00.000-05:00

2017-10-18T21:29:59.317-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

FULLDISC 20070118 mbsebbs 0.70.0 & below local root exploit MISC http://www.mbse.eu/mbse/mbsebbs/index.html BID 22112 XF mbsebbs-mbuseradd-bo(31639) EXPLOIT-DB 3154 Stack-based buffer overflow in mbse-bbs 0.70 and earlier allows local users to execute arbitrary code via a long string in the MBSE_ROOT environment variable.

cpe:/a:phpbp:phpbp:rc3_2.204

CVE-2007-0369

2007-01-19T18:28:00.000-05:00

2017-10-18T21:29:59.363-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

XF phpbp-comment-sql-injection(31622) EXPLOIT-DB 3153 SQL injection vulnerability in phpBP RC3 (2.204) and earlier allows remote attackers to execute arbitrary SQL commands via the comment forum.

cpe:/a:phpbp:phpbp:rc3_2.204

CVE-2007-0370

2007-01-19T18:28:00.000-05:00

2017-10-18T21:29:59.427-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

XF phpbp-banner-file-upload(31619) EXPLOIT-DB 3153 Unrestricted file upload vulnerability in index.php in phpBP RC3 (2.204) and earlier allows remote administrators to inject arbitrary PHP code into an upload/banners/ file via a banners add operation that uploads the PHP code through an image_form parameter specifying a multiple-extension filename such as .jpg.vil.gif.php, which is stored in upload/banners/ under a different name, and executable via a direct request. NOTE: a separate SQL injection issue could be leveraged to make this vulnerability reachable by remote unauthenticated attackers.

cpe:/a:common_controls_replacement_project:browsedialog_server

CVE-2007-0371

2007-01-19T18:28:00.000-05:00

2017-10-18T21:29:59.473-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BID 22110 EXPLOIT-DB 3155 A certain ActiveX control in the Common Controls Replacement Project (CCRP) CCRP BrowseDialog Server (ccrpbds6.dll) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP_BDc.SelectedFolder property value.

cpe:/a:francisco_burzi:php-nuke:7.9

CVE-2007-0372

2007-01-19T18:28:00.000-05:00

2018-10-16T12:32:24.010-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

FULLDISC 20070118 The vulnerabilities festival ! MISC http://www.hackers.ir/advisories/festival.txt BUGTRAQ 20070204 Sql injection bugs in PHP-Nuke BID 22116 Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 allow remote attackers to execute arbitrary SQL commands via (1) the active parameter in admin/modules/modules.php; the (2) ad_class, (3) imageurl, (4) clickurl, (5) ad_code, or (6) position parameter in modules/Advertising/admin/index.php; or unspecified vectors in the (7) advertising, (8) weblinks, or (9) reviews section.

cpe:/a:joomla:joomla:1.5.0_beta

CVE-2007-0373

2007-01-19T18:28:00.000-05:00

2018-10-16T12:32:24.527-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

FULLDISC 20070118 The vulnerabilities festival ! MISC http://www.hackers.ir/advisories/festival.txt BUGTRAQ 20070204 Sql injection bugs in Joomla and Mambo BID 22122 Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow remote attackers to execute arbitrary SQL commands via (1) the searchword parameter in certain files; the where parameter in (2) plugins/search/content.php or (3) plugins/search/weblinks.php; the text parameter in (4) plugins/search/contacts.php, (5) plugins/search/categories.php, or (6) plugins/search/sections.php; or (7) the email parameter in database/table/user.php, which is not properly handled by the check function.

cpe:/a:joomla:joomla:1.0.11 cpe:/a:joomla:joomla:1.5.0_beta cpe:/a:mambo:mambo:4.6.1

CVE-2007-0374

2007-01-19T18:28:00.000-05:00

2018-10-16T12:32:25.277-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

FULLDISC 20070118 The vulnerabilities festival ! MISC http://www.hackers.ir/advisories/festival.txt BUGTRAQ 20070204 Sql injection bugs in Joomla and Mambo BID 19734 SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing.

cpe:/a:joomla:joomla:1.5.0_beta

CVE-2007-0375

2007-01-19T18:28:00.000-05:00

2018-10-16T12:32:25.603-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov FULLDISC 20070118 The vulnerabilities festival ! MISC http://www.hackers.ir/advisories/festival.txt BUGTRAQ 20070204 Sql injection bugs in Joomla and Mambo Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other unspecified PHP scripts, which reveals the path in various error messages, related to a jimport function call at the beginning of each script.

cpe:/a:virtuemart:virtuemart:1.0.7

CVE-2007-0376

2007-01-19T18:28:00.000-05:00

2018-10-16T12:32:26.073-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

FULLDISC 20070118 The vulnerabilities festival ! MISC http://virtuemart.svn.sourceforge.net/viewvc/*checkout*/virtuemart/branches/virtuemart-1_0_0/virtuemart/CHANGELOG.php?revision=607 MISC http://www.hackers.ir/advisories/festival.txt BUGTRAQ 20070204 Sql injection bugs in Virtuemart and Letterman BID 22123 Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

cpe:/a:xoops:xoops:2.0.16

CVE-2007-0377

2007-01-19T18:28:00.000-05:00

2018-10-16T12:32:26.447-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

FULLDISC 20070118 The vulnerabilities festival ! MISC http://www.hackers.ir/advisories/festival.txt BUGTRAQ 20070204 Sql injection bugs in Xoops 2.0.16 + Weblinks module BID 22399 Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in kernel/group.php in core, (2) the lid parameter in class/table_broken.php in the Weblinks module, and other unspecified vectors.

cpe:/a:docman:docman:1.3_rc2

CVE-2007-0378

2007-01-19T18:28:00.000-05:00

2008-11-13T01:31:43.813-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

FULLDISC 20070118 The vulnerabilities festival ! MISC http://www.hackers.ir/advisories/festival.txt Multiple SQL injection vulnerabilities in DocMan 1.3 RC2 allow attackers to execute arbitrary SQL commands via unspecified vectors.

cpe:/a:docman:docman:1.3_rc2

CVE-2007-0379

2007-01-19T18:28:00.000-05:00

2008-11-13T01:31:43.987-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

FULLDISC 20070118 The vulnerabilities festival ! MISC http://www.hackers.ir/advisories/festival.txt Cross-site scripting (XSS) vulnerability in DocMan 1.3 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

cpe:/a:docman:docman:1.3_rc2

CVE-2007-0380

2007-01-19T18:28:00.000-05:00

2008-11-13T01:31:44.143-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov FULLDISC 20070118 The vulnerabilities festival ! MISC http://www.hackers.ir/advisories/festival.txt DocMan 1.3 RC2 allows remote attackers to obtain sensitive information (the full path) via unspecified vectors.

cpe:/a:adaptive_technology_resource_centre:atutor:1.5.3.2

CVE-2007-0381

2007-01-19T18:28:00.000-05:00

2008-11-13T01:31:44.347-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

FULLDISC 20070118 The vulnerabilities festival ! MISC http://www.atutor.ca/atutor/mantis/changelog_page.php MISC http://www.hackers.ir/advisories/festival.txt Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: CVE analysis suggests that the vendor fixed these issues.

cpe:/a:letterman:letterman:1.2.3

CVE-2007-0382

2007-01-19T18:28:00.000-05:00

2018-10-16T12:32:26.777-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

FULLDISC 20070118 The vulnerabilities festival ! MISC http://www.hackers.ir/advisories/festival.txt BUGTRAQ 20070204 Sql injection bugs in Virtuemart and Letterman BID 22117 Multiple SQL injection vulnerabilities in letterman.class.php in the Letterman 1.2.3 (com_letterman) component for Joomla! before 1.0.12 allow remote attackers to execute arbitrary SQL commands via the id parameter, related to the (1) lm_sendMail, (2) saveNewsletter, and (3) cancelNewsletter functions.

cpe:/a:wdaemon:wdaemon:7.2.0 cpe:/a:wdaemon:wdaemon:9.0.4 cpe:/a:wdaemon:wdaemon:9.5.4

CVE-2007-0383

2007-01-19T18:28:00.000-05:00

2008-11-13T01:31:44.720-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov FULLDISC 20070118 The vulnerabilities festival ! MISC http://www.hackers.ir/advisories/festival.txt ** DISPUTED ** WDaemon 9.5.4 allows remote attackers to access the /WorldClient.dll URI on TCP port 3000, which has unknown impact. NOTE: The researcher reports that the vendor response was "this is not a security bug."

cpe:/a:postnuke_software_foundation:postnuke:0.764

CVE-2007-0384

2007-01-19T18:28:00.000-05:00

2008-11-13T01:31:44.860-05:00

5.1

NETWORK

HIGH

NONE

PARTIAL

http://nvd.nist.gov FULLDISC 20070118 The vulnerabilities festival ! CONFIRM http://noc.postnuke.com/plugins/scmsvn/viewcvs.php/trunk/Historic/PostNuke7x/html/modules/?root=postnuke MISC http://www.hackers.ir/advisories/festival.txt BID 22119 Cross-site scripting (XSS) vulnerability in preview in the reviews section in PostNuke 0.764 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

cpe:/a:postnuke_software_foundation:postnuke:0.764

CVE-2007-0385

2007-01-19T18:28:00.000-05:00

2008-11-13T01:31:45.017-05:00

7.8

NETWORK

LOW

NONE

COMPLETE

NONE

http://nvd.nist.gov FULLDISC 20070118 The vulnerabilities festival ! CONFIRM http://noc.postnuke.com/plugins/scmsvn/viewcvs.php/trunk/Historic/PostNuke7x/html/modules/?root=postnuke CONFIRM http://noc.postnuke.com/plugins/scmsvn/viewcvs.php/trunk/Historic/PostNuke7x/html/modules/FAQ/index.php?root=postnuke&r1=20350&r2=20911 MISC http://www.hackers.ir/advisories/festival.txt The faq section in PostNuke 0.764 allows remote attackers to obtain sensitive information (the full path) via "unvalidated output" in FAQ/index.php, possibly involving an undefined id_cat variable.

cpe:/a:postnuke_software_foundation:postnuke:0.764

CVE-2007-0386

2007-01-19T18:28:00.000-05:00

2008-11-13T01:31:45.190-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov FULLDISC 20070118 The vulnerabilities festival ! MISC http://www.hackers.ir/advisories/festival.txt Unspecified vulnerability in the rating section in PostNuke 0.764 has unknown impact and attack vectors, related to "an interesting bug."

cpe:/a:joomla:joomla:2007-01-18

CVE-2007-0387

2007-01-19T18:28:00.000-05:00

2018-10-16T12:32:27.057-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov FULLDISC 20070118 The vulnerabilities festival ! MISC http://www.hackers.ir/advisories/festival.txt BUGTRAQ 20070204 Sql injection bugs in Joomla and Mambo SQL injection vulnerability in models/category.php in the Weblinks component for Joomla! SVN 20070118 (com_weblinks) allows remote attackers to execute arbitrary SQL commands via the catid parameter.

cpe:/a:woltlab:burning_board:1.0.2 cpe:/a:woltlab:burning_board:2.3.6

CVE-2007-0388

2007-01-19T18:28:00.000-05:00

2017-10-18T21:29:59.537-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov XF wbb-search-sql-injection(31550) EXPLOIT-DB 3143 EXPLOIT-DB 3144 SQL injection vulnerability in search.php in Woltlab Burning Board (wBB) 1.0.2 and earlier, and 2.3.6 and earlier in the 2.x series, allows remote attackers to execute arbitrary SQL commands via the boardids[1] and other boardids[] parameters.

cpe:/a:arsdigita:arsdigita_community_education_solution:1.1 cpe:/a:arsdigita:arsdigita_community_system:3.4.10

CVE-2007-0389

2007-01-19T18:28:00.000-05:00

2018-10-16T12:32:27.307-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

NONE

http://nvd.nist.gov BUGTRAQ 20070118 Directory Traversal in ArsDigita Community System BID 22121 VUPEN ADV-2007-0286 XF acs-url-directory-traversal(31613) Directory traversal vulnerability in ArsDigita Community System (ACS) 3.4.10 and earlier, and ArsDigita Community Education Solution (ACES) 1.1, allows remote attackers to read arbitrary files via .%252e/ (double-encoded dot dot slash) sequences in the URI.

cpe:/a:sabros.us:sabros.us:1.7

CVE-2007-0390

2007-01-19T18:28:00.000-05:00

2018-10-16T12:32:27.650-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov FULLDISC 20070118 [x0n3-h4ck] sabros.us 1.7 XSS Exploit SREASON 2170 BUGTRAQ 20070118 [x0n3-h4ck] sabros.us 1.7 XSS Exploit BID 22115 XF sabros-index-xss(31600) Cross-site scripting (XSS) vulnerability in index.php in sabros.us 1.7 allows remote attackers to inject arbitrary web script or HTML via the tag parameter.

cpe:/a:bitdefender:bitdefender_client:professional_plus_8.02

CVE-2007-0391

2007-01-19T18:28:00.000-05:00

2018-10-16T12:32:28.103-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

FULLDISC 20070119 Layered Defense Research Advisory: BitDefender Client 8.02 Format String Vulnerability CONFIRM http://www.bitdefender.com/KB325-en--Format-string-vulnerability.html BUGTRAQ 20070119 Layered Defense Research Advisory: BitDefender Client 8.02 Format String Vulnerability BID 22128 VUPEN ADV-2007-0253 XF bitdefender-scanjob-format-string(31608) Format string vulnerability in the log creation functionality of BitDefender Client Professional Plus 8.02 allows attackers to execute arbitrary code via certain scan job settings.

cpe:/o:ibm:aix:5.3

CVE-2007-0392

2007-01-19T18:28:00.000-05:00

2018-10-16T12:32:28.543-04:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070118 Multiple OS kernel insecure handling of stdio file descriptor BUGTRAQ 20070118 Re: Multiple OS kernel insecure handling of stdio file descriptor IBM AIX 5.3 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.

cpe:/o:sun:solaris:9.0::sparc

CVE-2007-0393

2007-01-19T18:28:00.000-05:00

2018-10-16T12:32:28.747-04:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070118 Multiple OS kernel insecure handling of stdio file descriptor BUGTRAQ 20070118 Re: Multiple OS kernel insecure handling of stdio file descriptor Sun Solaris 9 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.

cpe:/o:hp:hp-ux:11.11

CVE-2007-0394

2007-01-19T18:28:00.000-05:00

2018-10-16T12:32:28.947-04:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov BUGTRAQ 20070118 Multiple OS kernel insecure handling of stdio file descriptor BUGTRAQ 20070118 Re: Multiple OS kernel insecure handling of stdio file descriptor HP HP-UX B11.11 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.

cpe:/a:comvironment:comvironment:4.0

CVE-2007-0395

2007-01-19T18:28:00.000-05:00

2017-10-18T21:29:59.597-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22108 VUPEN ADV-2007-0266 XF comvironment-grabglobals-file-include(31564) EXPLOIT-DB 3152 PHP remote file inclusion vulnerability in libraries/grab_globals.lib.php in ComVironment 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter.

cpe:/o:hp:hp-ux:11.23::ia64_64-bit

CVE-2007-0396

2007-01-19T18:28:00.000-05:00

2017-10-10T21:31:36.440-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov HP SSRT061289 SECTRACK 1017527 BID 22103 VUPEN ADV-2007-0234 XF hp-ipfilter-dos(31565) Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in combination with PHNE_34474, allows remote attackers to cause a denial of service (system crash) via unspecified vectors.

cpe:/a:cisco:adaptive_security_appliance_device_manager:5.2.53 cpe:/h:cisco:security_monitoring_analysis_and_response_system:4.2.3

CVE-2007-0397

2007-01-19T20:28:00.000-05:00

2018-10-30T12:25:04.340-04:00

6.4

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SECTRACK 1017535 SECTRACK 1017536 CISCO 20070118 SSL/TLS Certificate and SSH Public Key Validation Vulnerability BID 22111 VUPEN ADV-2007-0245 XF cisco-csmars-asdm-device-spoofing(31567) The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.

cpe:/a:arnotic:a-forum

CVE-2007-0398

2007-01-22T13:28:00.000-05:00

2018-10-16T12:32:29.150-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VIM 20070122 a-forum xss - who? what? where? BUGTRAQ 20070119 a-forum xss XF aforum-unspecified-xss(31610) Multiple cross-site scripting (XSS) vulnerabilities in forum.php3 in Arnaud Guyonne (aka Arnotic) a-forum allow remote attackers to inject arbitrary web script or HTML via the (1) Sujet or (2) Pseudo field.

cpe:/a:simple_machines:simple_machines_forum:1.1_rc3

CVE-2007-0399

2007-01-22T13:28:00.000-05:00

2018-10-16T12:32:29.433-04:00

6.0

NETWORK

MEDIUM

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://aria-security.com/forum/showthread.php?p=128 SREASON 2169 BUGTRAQ 20070120 SMF "index.php?action=pm" Cross Site-Scripting BUGTRAQ 20070121 Re: SMF "index.php?action=pm" Cross Site-Scripting BUGTRAQ 20070122 Re: Re: Re: SMF "index.php?action=pm" Cross Site-Scripting BUGTRAQ 20070126 Re: Re: Re: Re: SMF "index.php?action=pm" Cross Site-Scripting BUGTRAQ 20070202 Re: SMF "index.php?action=pm" Cross Site-Scripting BID 22143 XF smf-pm-xss(31612) Multiple cross-site scripting (XSS) vulnerabilities in index.php in Simple Machines Forum (SMF) 1.1 RC3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) recipient or (2) BCC field when selecting send in a pm action.

cpe:/a:easebay_resources:login_manager:3.0

CVE-2007-0400

2007-01-22T13:28:00.000-05:00

2018-10-16T12:32:30.277-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2167 BUGTRAQ 20070120 Login Manager Multiple HTML Injections XF loginmanager-memberlist-xss(31614) Cross-site scripting (XSS) vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.

cpe:/a:easebay_resources:login_manager:3.0

CVE-2007-0401

2007-01-22T13:28:00.000-05:00

2018-10-16T12:32:30.527-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2167 BUGTRAQ 20070120 Login Manager Multiple HTML Injections SQL injection vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the init_row parameter.

cpe:/a:easebay_resources:paypal_subscription_manager

CVE-2007-0402

2007-01-22T13:28:00.000-05:00

2018-10-16T12:32:30.683-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2168 BUGTRAQ 20070120 Paypal Subscription Manager Multiple HTML Injections XF psm-editmember-xss(31618) Cross-site scripting (XSS) vulnerability in admin/edit_member.php in Easebay Resources Paypal Subscription Manager allows remote attackers to inject arbitrary web script or HTML via the username parameter.

cpe:/a:easebay_resources:paypal_subscription_manager

CVE-2007-0403

2007-01-22T13:28:00.000-05:00

2018-10-16T12:32:30.980-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2168 BUGTRAQ 20070120 Paypal Subscription Manager Multiple HTML Injections XF psm-memberlist-sql-injection(31616) SQL injection vulnerability in admin/memberlist.php in Easebay Resources Paypal Subscription Manager allows remote attackers to execute arbitrary SQL commands via the keyword parameter.

cpe:/a:django_project:django:0.95

CVE-2007-0404

2007-01-22T19:28:00.000-05:00

2017-07-28T21:30:10.983-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

CONFIRM http://code.djangoproject.com/changeset/3592 BID 22134 XF django-po-code-execution(31627) bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a (1) .po or (2) .mo file.

cpe:/a:django_project:django:0.95

CVE-2007-0405

2007-01-22T19:28:00.000-05:00

2017-07-28T21:30:11.030-04:00

6.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

CONFIRM http://code.djangoproject.com/changeset/3754 BID 22138 XF django-request-session-hijacking(31628) The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user.

cpe:/a:gxine:gxine:0.5.9

CVE-2007-0406

2007-01-22T19:28:00.000-05:00

2017-07-28T21:30:11.077-04:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

CONFIRM http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=476891 VUPEN ADV-2007-0259 CONFIRM http://xinehq.de/index.php/news?show_category_id=1 XF gxine-serversetup-serverclient-bo(31604) Multiple buffer overflows in the (1) main function in (a) client.c, and the (2) server_setup and (3) server_client_connect functions in (b) server.c in gxine 0.5.9 and earlier allow local users to cause a denial of service (daemon crash) or gain privileges via a long HOME environment variable. NOTE: some of these details are obtained from third party information.

CVE-2007-0407

2007-01-22T19:28:00.000-05:00

2017-07-28T21:30:11.157-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

CONFIRM http://www.plainblack.com/bugs/tracker/security-update-cross-site-scripting-vulnerability CONFIRM http://www.plainblack.com/downloads/builds/7.3.5-beta/WebGUI/docs/changelog/7.x.x.txt BID 22114 VUPEN ADV-2007-0242 XF webgui-username-xss(31573) Cross-site scripting (XSS) vulnerability in Operation/User.pm in Plain Black WebGUI before 7.3.5 (beta) allows remote attackers to inject arbitrary web script or HTML via the username parameter during anonymous registration, a different vector than CVE-2007-0308. NOTE: it is possible that a separate "WikiPage titles" issue was also fixed.

cpe:/a:bea:weblogic_server:8.1 cpe:/a:bea:weblogic_server:8.1:sp4

CVE-2007-0408

2007-01-22T19:28:00.000-05:00

2011-03-07T21:49:42.407-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BEA BEA07-135.00 SECTRACK 1017519 BID 22082 VUPEN ADV-2007-0213 BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate client certificates when reusing cached connections, which allows remote attackers to obtain access via an untrusted X.509 certificate.

cpe:/a:bea:weblogic_server:7.0 cpe:/a:bea:weblogic_server:7.0:sp6 cpe:/a:bea:weblogic_server:8.1 cpe:/a:bea:weblogic_server:8.1:sp4 cpe:/a:bea:weblogic_server:9.0

CVE-2007-0409

2007-01-22T19:28:00.000-05:00

2011-03-07T21:49:42.517-05:00

1.5

LOCAL

MEDIUM

SINGLE_INSTANCE

PARTIAL

NONE

http://nvd.nist.gov BEA BEA07-136.00 SECTRACK 1017525 BID 22082 VUPEN ADV-2007-0213 BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users to read the cleartext password.

cpe:/a:bea:weblogic_server:7.0 cpe:/a:bea:weblogic_server:7.0:sp1 cpe:/a:bea:weblogic_server:7.0:sp2 cpe:/a:bea:weblogic_server:7.0:sp3 cpe:/a:bea:weblogic_server:7.0:sp4 cpe:/a:bea:weblogic_server:7.0:sp5 cpe:/a:bea:weblogic_server:7.0:sp6 cpe:/a:bea:weblogic_server:8.1 cpe:/a:bea:weblogic_server:8.1:sp1 cpe:/a:bea:weblogic_server:8.1:sp2 cpe:/a:bea:weblogic_server:8.1:sp3 cpe:/a:bea:weblogic_server:8.1:sp4 cpe:/a:bea:weblogic_server:8.1:sp5 cpe:/a:bea:weblogic_server:9.0 cpe:/a:bea:weblogic_server:9.1

CVE-2007-0410

2007-01-22T19:28:00.000-05:00

2018-10-17T15:03:57.800-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2018-10-17T14:17:41.400-04:00

BEA BEA07-137.00 SECTRACK 1017525 BID 22082 VUPEN ADV-2007-0213 Unspecified vulnerability in the thread management in BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1, when T3 authentication is used, allows remote attackers to cause a denial of service (thread and system hang) via unspecified "sequences of events."

cpe:/a:bea:weblogic_server:8.1 cpe:/a:bea:weblogic_server:8.1:sp5 cpe:/a:bea:weblogic_server:9.0 cpe:/a:bea:weblogic_server:9.1 cpe:/a:bea:weblogic_server:9.2:ga

CVE-2007-0411

2007-01-22T19:28:00.000-05:00

2011-03-07T21:49:42.783-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BEA BEA07-138.00 SECTRACK 1017525 BID 22082 VUPEN ADV-2007-0213 BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when WS-Security is used, does not properly validate certificates, which allows remote attackers to conduct a man-in-the-middle (MITM) attack.

cpe:/a:bea:weblogic_server:6.1 cpe:/a:bea:weblogic_server:6.1:sp1 cpe:/a:bea:weblogic_server:6.1:sp2 cpe:/a:bea:weblogic_server:6.1:sp3 cpe:/a:bea:weblogic_server:6.1:sp4 cpe:/a:bea:weblogic_server:6.1:sp5 cpe:/a:bea:weblogic_server:6.1:sp6 cpe:/a:bea:weblogic_server:6.1:sp7 cpe:/a:bea:weblogic_server:7.0 cpe:/a:bea:weblogic_server:7.0:sp1 cpe:/a:bea:weblogic_server:7.0:sp2 cpe:/a:bea:weblogic_server:7.0:sp3 cpe:/a:bea:weblogic_server:7.0:sp4 cpe:/a:bea:weblogic_server:7.0:sp5 cpe:/a:bea:weblogic_server:7.0:sp6 cpe:/a:bea:weblogic_server:7.0:sp7 cpe:/a:bea:weblogic_server:8.1 cpe:/a:bea:weblogic_server:8.1:sp1 cpe:/a:bea:weblogic_server:8.1:sp2 cpe:/a:bea:weblogic_server:8.1:sp3 cpe:/a:bea:weblogic_server:8.1:sp4 cpe:/a:bea:weblogic_server:8.1:sp5

CVE-2007-0412

2007-01-22T19:28:00.000-05:00

2018-10-17T15:04:05.127-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2018-10-17T14:35:04.343-04:00

BEA BEA07-139.00 SECTRACK 1017525 BID 22082 VUPEN ADV-2007-0213 BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1 through 8.1 SP5 allows remote attackers to read arbitrary files inside the class-path property via .ear or exploded .ear files that use the manifest class-path property to point to utility jar files.

cpe:/a:bea:weblogic_server:8.1 cpe:/a:bea:weblogic_server:8.1:sp5

CVE-2007-0413

2007-01-22T19:28:00.000-05:00

2011-03-07T21:49:43.033-05:00

4.4

LOCAL

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BEA BEA07-140.00 SECTRACK 1017525 BID 22082 VUPEN ADV-2007-0213 BEA WebLogic Server 8.1 through 8.1 SP5 stores cleartext data in a backup of config.xml after offline editing, which allows local users to obtain sensitive information by reading this backup file.

cpe:/a:bea:weblogic_server:6.1 cpe:/a:bea:weblogic_server:6.1:sp7 cpe:/a:bea:weblogic_server:7.0 cpe:/a:bea:weblogic_server:7.0:sp6 cpe:/a:bea:weblogic_server:8.1 cpe:/a:bea:weblogic_server:8.1:sp5 cpe:/a:bea:weblogic_server:9.0

CVE-2007-0414

2007-01-22T19:28:00.000-05:00

2011-03-07T21:49:43.157-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov BEA BEA07-141.00 SECTRACK 1017525 BID 22082 VUPEN ADV-2007-0213 BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, and 9.0 allows remote attackers to cause a denial of service (server hang) via certain requests that cause muxer threads to block when processing error pages.

cpe:/a:bea:weblogic_server:8.1 cpe:/a:bea:weblogic_server:8.1:sp5

CVE-2007-0415

2007-01-22T19:28:00.000-05:00

2011-03-07T21:49:43.267-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov BEA BEA07-142.00 SECTRACK 1017525 BID 22082 VUPEN ADV-2007-0213 BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce access control after a dynamic update and dynamic redeployment of an application that is implemented through exploded jars, which allows attackers to bypass intended access restrictions.

cpe:/a:bea:weblogic_server:9.0 cpe:/a:bea:weblogic_server:9.1

CVE-2007-0416

2007-01-22T19:28:00.000-05:00

2011-03-07T21:49:43.393-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BEA BEA07-143.00 SECTRACK 1017525 BID 22082 VUPEN ADV-2007-0213 The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and 9.1 does not verify credentials when decrypting client messages, which allows remote attackers to bypass application security.

cpe:/a:bea:weblogic_server:7.0 cpe:/a:bea:weblogic_server:7.0:sp7 cpe:/a:bea:weblogic_server:8.1 cpe:/a:bea:weblogic_server:8.1:sp5 cpe:/a:bea:weblogic_server:9.0 cpe:/a:bea:weblogic_server:9.1

CVE-2007-0417

2007-01-22T19:28:00.000-05:00

2011-03-07T21:49:43.517-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

BEA BEA07-144.00 SECTRACK 1017525 BID 22082 VUPEN ADV-2007-0213 BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm, allows attackers to execute certain EJB container persistence operations with an administrative identity.

cpe:/a:bea:weblogic_server:7.0 cpe:/a:bea:weblogic_server:7.0:sp6 cpe:/a:bea:weblogic_server:8.1 cpe:/a:bea:weblogic_server:8.1:sp5 cpe:/a:bea:weblogic_server:9.0 cpe:/a:bea:weblogic_server:9.1

CVE-2007-0418

2007-01-22T19:28:00.000-05:00

2011-03-07T21:49:43.643-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BEA BEA07-145.00 SECTRACK 1017525 BID 22082 VUPEN ADV-2007-0213 BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1 does not enforce a security policy that declares permissions for EJB methods that have array parameters, which allows remote attackers to obtain unauthorized access to these methods.

cpe:/a:bea:weblogic_server

CVE-2007-0419

2007-01-22T19:28:00.000-05:00

2011-03-07T21:49:43.783-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov BEA BEA07-146.00 SECTRACK 1017525 BID 22082 VUPEN ADV-2007-0213 The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).

cpe:/a:bea:weblogic_server:9.0 cpe:/a:bea:weblogic_server:9.1 cpe:/a:bea:weblogic_server:9.2:ga

CVE-2007-0420

2007-01-22T19:28:00.000-05:00

2011-03-07T21:49:43.893-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov BEA BEA07-147.00 SECTRACK 1017525 BID 22082 VUPEN ADV-2007-0213 BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to obtain sensitive information via malformed HTTP requests, which reveal data from previous requests.

CVE-2007-0421

2007-01-22T19:28:00.000-05:00

2018-10-17T15:04:09.407-04:00

6.4

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2018-10-17T14:39:08.217-04:00

BEA BEA07-148.00 SECTRACK 1017525 BID 22082 VUPEN ADV-2007-0213 BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 allows remote attackers to cause a denial of service (disk consumption) via requests containing malformed headers, which cause a large amount of data to be written to the server log.

cpe:/a:bea:weblogic_server:9.0 cpe:/a:bea:weblogic_server:9.1 cpe:/a:bea:weblogic_server:9.2:ga

CVE-2007-0422

2007-01-22T19:28:00.000-05:00

2011-03-07T21:49:44.127-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov BEA BEA07-150.00 SECTRACK 1017525 BID 22082 VUPEN ADV-2007-0213 BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, allows remote attackers to cause a denial of service (server inaccessibility) via manipulated socket connections.

cpe:/a:oracle:weblogic_portal:9.2

CVE-2007-0423

2007-01-22T19:28:00.000-05:00

2018-10-30T12:25:28.980-04:00

4.4

LOCAL

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BEA BEA07-151.00 SECTRACK 1017521 BID 22082 VUPEN ADV-2007-0213 BEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role entitlements to be "inadvertently affected," which has an unknown impact.

cpe:/a:bea:weblogic_server

CVE-2007-0424

2007-01-22T19:28:00.000-05:00

2011-03-07T21:49:44.393-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov BEA BEA07-152.00 SECTRACK 1017525 BID 22082 VUPEN ADV-2007-0213 Unspecified vulnerability in the BEA WebLogic Server proxy plug-in for Netscape Enterprise Server before September 2006 for Netscape Enterprise Server allow remote attackers to cause a denial of service via certain requests that trigger errors that lead to a server being marked as unavailable, hosting web server failure, or CPU consumption.

cpe:/a:bea:jrockit:1.4.2:r24.5 cpe:/a:bea:weblogic_server:8.1 cpe:/a:bea:weblogic_server:8.1:sp5

CVE-2007-0425

2007-01-22T19:28:00.000-05:00

2011-03-07T21:49:44.517-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov BEA BEA07-155.00 SECTRACK 1017525 VUPEN ADV-2007-0213 Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 through 8.1 SP5, and JRockit 1.4.2 R4.5 and earlier, allows attackers to gain privileges via unspecified vectors, related to an "overflow condition," probably a buffer overflow.

cpe:/a:oracle:weblogic_portal:9.2

CVE-2007-0426

2007-01-22T19:28:00.000-05:00

2018-10-30T12:25:28.980-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BEA BEA07-156.00 SECTRACK 1017521 BID 22082 VUPEN ADV-2007-0213 BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might allow attackers to bypass intended restrictions.

cpe:/a:microsoft:html_help_workshop:4.03.0002

CVE-2007-0427

2007-01-22T19:28:00.000-05:00

2018-10-16T12:32:31.340-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SREASON 2177 MISC http://www.anspi.pl/~porkythepig/visualization/hpj-x01.cpp BUGTRAQ 20070119 Help project files (.HPJ) buffer overflow vulnerability in Microsoft Help Workshop BID 22135 Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a help project (.HPJ) file with a long HLP field in the OPTIONS section.

cpe:/a:wzdftpd:wzdftpd:8.0

CVE-2007-0428

2007-01-22T21:28:00.000-05:00

2018-10-16T12:32:31.697-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov FULLDISC 20070119 WzdFTPD < 8.1 Denial of service SREASON 2171 SECTRACK 1017537 MISC http://www.s21sec.com/avisos/s21sec-033-en.txt BUGTRAQ 20070119 WzdFTPD < 8.1 Denial of service VUPEN ADV-2007-0277 XF wzdftpd-ftp-dos(31599) Unspecified vulnerability in the chtbl_lookup function in hash.c for WzdFTPD 8.0 and earlier allows remote attackers to cause a denial of service via a crafted FTP command, probably due to a NULL pointer dereference.

cpe:/a:divx:divx_player:6.4.1

CVE-2007-0429

2007-01-22T21:28:00.000-05:00

2017-10-18T21:29:59.660-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov BID 22133 XF divx-divxbrowserplugin-dos(31601) EXPLOIT-DB 3157 DivXBrowserPlugin (aka DivX Web Player) npdivx32.dll, as distributed with DivX Player 6.4.1, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the GoWindowed method for a certain instance of the ActiveX object.

cpe:/o:apple:mac_os_x:10.4.8

CVE-2007-0430

2007-01-22T21:28:00.000-05:00

2018-10-16T12:32:32.293-04:00

4.9

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov MISC http://risesecurity.org/advisory.php?id=RISE-2007001.txt SREASON 2178 SECTRACK 1017538 BUGTRAQ 20070119 [RISE-2007001] Apple Mac OS X 10.4.x kernel shared_region_map_file_np() memory corruption vulnerability VUPEN ADV-2007-0275 XF macos-sharedregionmapfilenp-dos(31645) The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and earlier kernel allows local users to cause a denial of service (memory corruption) via a large mappingCount value.

cpe:/a:avm:fritzbox:7050

CVE-2007-0431

2007-01-22T21:28:00.000-05:00

2018-10-16T12:32:32.793-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM ftp://ftp.avm.de/fritz.box/fritzbox.fon_wlan_7050/firmware/info.txt FULLDISC 20070119 DoS against AVM Fritz!Box 7050 (and others) MISC http://mazzoo.de/blog/2007/01/18#FritzBox_DoS BUGTRAQ 20070119 DoS against AVM Fritz!Box 7050 (and others) BUGTRAQ 20070123 Re: DoS against AVM Fritz!Box 7050 (and others) BID 22130 VUPEN ADV-2007-0272 XF fritzbox-udp-packet-dos(31633) AVM Fritz!Box 7050, and possibly other product models, allows remote attackers to cause a denial of service (VoIP application crash) via a zero-length UDP packet to the SIP port (port 5060).

cpe:/a:bea:aqualogic_service_bus:2.0 cpe:/a:bea:aqualogic_service_bus:2.1 cpe:/a:bea:aqualogic_service_bus:2.5

CVE-2007-0432

2007-01-22T21:28:00.000-05:00

2008-11-13T01:31:53.487-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BEA BEA07-157.00 SECTRACK 1017523 BID 22082 BEA AquaLogic Service Bus 2.0, 2.1, and 2.5 does not properly reject malformed request messages to a proxy service, which might allow remote attackers to bypass authorization policies and route requests to back-end services or conduct other unauthorized activities.

cpe:/a:bea:aqualogic_service_bus:2.0 cpe:/a:bea:aqualogic_service_bus:2.0:sp1 cpe:/a:bea:aqualogic_service_bus:2.0:sp2 cpe:/a:bea:aqualogic_service_bus:2.1 cpe:/a:bea:aqualogic_service_bus:2.1:sp1 cpe:/a:bea:aqualogic_service_bus:2.2

CVE-2007-0433

2007-01-22T21:28:00.000-05:00

2008-11-13T01:31:53.673-05:00

6.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BEA BEA07-154.00 SECTRACK 1017524 BID 22082 Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2, when using Active Directory LDAP for authentication, allows remote authenticated users to access the server even after the account has been disabled.

cpe:/a:bea:aqualogic_enterprise_security:2.0 cpe:/a:bea:aqualogic_enterprise_security:2.0:sp1 cpe:/a:bea:aqualogic_enterprise_security:2.0:sp2 cpe:/a:bea:aqualogic_enterprise_security:2.1 cpe:/a:bea:aqualogic_enterprise_security:2.1:sp1 cpe:/a:bea:aqualogic_enterprise_security:2.2

CVE-2007-0434

2007-01-22T21:28:00.000-05:00

2008-11-13T01:31:53.860-05:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BEA BEA07-153.00 BID 22082 BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2 does not properly set the severity level of audit events when the system load is high, which might make it easier for attackers to avoid detection.

cpe:/h:t-com:speedport_500v:- cpe:/o:t-com:speedport_500v_firmware:1.31

CVE-2007-0435

2007-01-22T21:28:00.000-05:00

2018-10-16T12:32:35.247-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070119 Virginity Security Advisory 2007-001 : T-Com Speedport 500V Login bypass BUGTRAQ 20070121 Re: Virginity Security Advisory 2007-001 : T-Com Speedport 500V Login bypass BUGTRAQ 20070122 Re: Virginity Security Advisory 2007-001 : T-Com Speedport 500V Login bypass BUGTRAQ 20070216 Re: Virginity Security Advisory 2007-001 : T-Com Speedport 500V Login bypass BID 22160 XF tcom-login-authentication-bypass(31621) T-Com Speedport 500V routers with firmware 1.31 allow remote attackers to bypass authentication and reconfigure the device via a LOGINKEY=TECOM cookie value.

cpe:/a:barron_mccann:install:bms1472 cpe:/a:barron_mccann:x-kryptor_driver:bms1446hrr cpe:/a:barron_mccann:x-kryptor_secure_client cpe:/a:barron_mccann:xgntr:bms1351

CVE-2007-0436

2007-02-03T19:28:00.000-05:00

2011-05-18T00:00:00.000-04:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-02-05T23:08:00.000-05:00

ALLOWS_USER_ACCESS

MISC http://jvn.jp/niscc/NISCC-462660/index.html CONFIRM http://www.barronmccann.com/ISec/s2pressrelease.asp?PRID=141&S2ID=14 CONFIRM http://www.bemacpromotions.com/files/xkpatch462660.zip MISC http://www.cpni.gov.uk/Products/advisories/default.aspx?id=al-20070129-0107.xml MISC http://www.cpni.gov.uk/Products/vulnerabilitydisclosures/default.aspx?id=va-20070129-0107.xml BID 22424 VUPEN ADV-2007-0496 Barron McCann X-Kryptor Driver BMS1446HRR (Xgntr BMS1351 Install BMS1472) in X-Kryptor Secure Client does not drop privileges when launching an Explorer window in response to a help command, which allows local users to gain LocalSystem privileges via interactive use of Explorer.

cpe:/a:intersystems:cache_database

CVE-2007-0437

2007-08-20T14:17:00.000-04:00

2008-09-05T17:17:52.757-04:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov

2007-08-20T14:22:00.000-04:00

MISC http://www.cpni.gov.uk/Products/alerts/2928.aspx MISC http://www.mwrinfosecurity.com/advisories/mwri_cache-sample-files-xss-advisory_2007-04-04.pdf MISC http://www.mwrinfosecurity.com/news/1658.html Multiple cross-site scripting (XSS) vulnerabilities in the sample Cache' Server Page (CSP) scripts in InterSystems Cache' allow remote attackers to inject arbitrary web script or HTML via (1) the TO parameter to loop.csp, (2) the VALUE parameter to cookie.csp, and (3) the PAGE parameter to showsource.csp in csp/samples/; and allow remote authenticated users to inject arbitrary web script or HTML via (4) the ERROR parameter to csp/samples/xmlclasseserror.csp, and unspecified vectors in (5) object.csp and (6) lotteryhistory.csp in csp/samples/.

cpe:/a:hp:openview_network_node_manager:6.20 cpe:/a:hp:openview_network_node_manager:6.41 cpe:/a:hp:openview_network_node_manager:7.0.1 cpe:/a:hp:openview_network_node_manager:7.50

CVE-2007-0441

2007-01-23T11:28:00.000-05:00

2018-10-16T12:32:35.933-04:00

5.1

NETWORK

HIGH

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SECTRACK 1017504 HP SSRT05103 VUPEN ADV-2007-0153 Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allows remote attackers to execute arbitrary commands via unknown vectors.

cpe:/o:ibm:os_400:r530 cpe:/o:ibm:os_400:r535

CVE-2007-0442

2007-01-23T11:28:00.000-05:00

2008-11-15T01:40:25.500-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov AIXAPAR MA33861 AIXAPAR MA33860 Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown impact and remote attack vectors, related to an "Integrity Problem" involving LIC-TCPIP and TCP reset. NOTE: it is possible that this issue is related to CVE-2004-0230, but this is not certain.

cpe:/a:gracenote:cddbcontrol_activex_control

CVE-2007-0443

2007-04-24T12:19:00.000-04:00

2018-10-16T12:32:36.197-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://www.gracenote.com/corporate/FAQs.html/faqset=update/page=0 BUGTRAQ 20070420 ZDI-07-021: GraceNote CDDBControl ActiveX Buffer Overflow Vulnerability BID 23567 SECTRACK 1017937 VUPEN ADV-2007-1475 MISC http://www.zerodayinitiative.com/advisories/ZDI-07-021.html XF cddbcontrol-activex-bo(33773) Multiple buffer overflows in the CDDBControl ActiveX control in Gracenote CDDB before 20070418 allow remote attackers to execute arbitrary code via long values for certain Proxy configuration parameters.

cpe:/a:citrix:metaframe:1.0::xp cpe:/a:citrix:metaframe_presentation_server:3.0 cpe:/a:citrix:metaframe_presentation_server:4.0

CVE-2007-0444

2007-01-24T17:28:00.000-05:00

2018-10-16T12:32:36.747-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SECTRACK 1017553 CONFIRM http://support.citrix.com/article/CTX111686 BUGTRAQ 20070124 ZDI-07-006: Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability BID 22217 MISC http://www.securityfocus.com/data/vulnerabilities/exploits/testlpc.c VUPEN ADV-2007-0328 MISC http://www.zerodayinitiative.com/advisories/ZDI-07-006.html Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions.

cpe:/a:kaspersky_lab:kaspersky_anti-virus:6.0::file_servers cpe:/a:kaspersky_lab:kaspersky_anti-virus:6.0::windows_workstation cpe:/a:kaspersky_lab:kaspersky_anti-virus:6.0::workstations cpe:/a:kaspersky_lab:kaspersky_internet_security:6.0:maintenance_pack_2

CVE-2007-0445

2007-04-05T20:19:00.000-04:00

2018-10-16T12:32:37.340-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://www.kaspersky.com/technews?id=203038693 CONFIRM http://www.kaspersky.com/technews?id=203038694 BUGTRAQ 20070405 ZDI-07-013: Kaspersky AntiVirus Engine ARJ Archive Parsing Heap Overflow Vulnerability BID 23346 SECTRACK 1017882 SECTRACK 1017883 VUPEN ADV-2007-1268 MISC http://www.zerodayinitiative.com/advisories/ZDI-07-013.html XF kaspersky-arj-bo(33489) Heap-based buffer overflow in the arj.ppl module in the OnDemand Scanner in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to execute arbitrary code via crafted ARJ archives.

cpe:/a:hp:mercury_loadrunner_agent:8.0 cpe:/a:hp:mercury_loadrunner_agent:8.1 cpe:/a:hp:mercury_monitor_over_firewall:8.1 cpe:/a:hp:mercury_performance_center_agent:8.0 cpe:/a:hp:mercury_performance_center_agent:8.1

CVE-2007-0446

2007-02-08T18:28:00.000-05:00

2018-10-16T12:32:38.010-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

HP HPSBGN02187 SECTRACK 1017611 SECTRACK 1017612 SECTRACK 1017613 CIAC R-123 CERT-VN VU#303012 BUGTRAQ 20070208 ZDI-07-007: HP Mercury LoadRunner Agent Stack Overflow Vulnerability BID 22487 VUPEN ADV-2007-0535 MISC http://www.zerodayinitiative.com/advisories/ZDI-07-007.html XF mercury-multiple-agent-bo(32390) Stack-based buffer overflow in magentproc.exe for Hewlett-Packard Mercury LoadRunner Agent 8.0 and 8.1, Performance Center Agent 8.0 and 8.1, and Monitor over Firewall 8.1 allows remote attackers to execute arbitrary code via a packet with a long server_ip_name field to TCP port 54345, which triggers the overflow in mchan.dll.

cpe:/a:symantec:antivirus_scan_engine:4.0 cpe:/a:symantec:antivirus_scan_engine:4.0::clearswift cpe:/a:symantec:antivirus_scan_engine:4.1 cpe:/a:symantec:antivirus_scan_engine:4.1.8 cpe:/a:symantec:antivirus_scan_engine:4.3 cpe:/a:symantec:antivirus_scan_engine:4.3::caching cpe:/a:symantec:antivirus_scan_engine:4.3::clearswift cpe:/a:symantec:antivirus_scan_engine:4.3::microsoft_sharepoint cpe:/a:symantec:antivirus_scan_engine:4.3::network_attached_storage cpe:/a:symantec:antivirus_scan_engine:4.3.3 cpe:/a:symantec:antivirus_scan_engine:4.3.7.27 cpe:/a:symantec:antivirus_scan_engine:4.3.8.29 cpe:/a:symantec:antivirus_scan_engine:4.3.12 cpe:/a:symantec:antivirus_scan_engine:4.3.12::caching cpe:/a:symantec:antivirus_scan_engine:4.3.12::clearswift cpe:/a:symantec:antivirus_scan_engine:4.3.12::messaging cpe:/a:symantec:antivirus_scan_engine:4.3.12::microsoft_sharepoint cpe:/a:symantec:antivirus_scan_engine:4.3.12::network_attached_storage cpe:/a:symantec:antivirus_scan_engine:5.0 cpe:/a:symantec:antivirus_scan_engine:5.0.1 cpe:/a:symantec:brightmail_antispam:4.0 cpe:/a:symantec:brightmail_antispam:5.5 cpe:/a:symantec:brightmail_antispam:6.0 cpe:/a:symantec:brightmail_antispam:6.0.1 cpe:/a:symantec:brightmail_antispam:6.0.2 cpe:/a:symantec:brightmail_antispam:6.0.3 cpe:/a:symantec:brightmail_antispam:6.0.4 cpe:/a:symantec:client_security:2.0 cpe:/a:symantec:client_security:2.0::scf_7.1 cpe:/a:symantec:client_security:2.0:build_9.0.0.338:stm cpe:/a:symantec:client_security:2.0.1_build_9.0.1.1000:mr1 cpe:/a:symantec:client_security:2.0.2_build_9.0.2.1000:mr2 cpe:/a:symantec:client_security:2.0.3_build_9.0.3.1000:mr3 cpe:/a:symantec:client_security:2.0.4 cpe:/a:symantec:client_security:2.0.4:mr4_build1000 cpe:/a:symantec:client_security:2.0.5_build_1100_mp1:mr5 cpe:/a:symantec:client_security:2.0.6:mr6 cpe:/a:symantec:client_security:3.0 cpe:/a:symantec:client_security:3.0.0.359 cpe:/a:symantec:client_security:3.0.1.1000 cpe:/a:symantec:client_security:3.0.1.1001 cpe:/a:symantec:client_security:3.0.1.1007 cpe:/a:symantec:client_security:3.0.1.1008 cpe:/a:symantec:client_security:3.0.2.2000 cpe:/a:symantec:client_security:3.0.2.2001 cpe:/a:symantec:client_security:3.0.2.2002 cpe:/a:symantec:client_security:3.0.2.2010 cpe:/a:symantec:client_security:3.0.2.2011 cpe:/a:symantec:client_security:3.0.2.2020 cpe:/a:symantec:client_security:3.0.2.2021 cpe:/a:symantec:client_security:3.1 cpe:/a:symantec:client_security:3.1.394 cpe:/a:symantec:client_security:3.1.396 cpe:/a:symantec:client_security:3.1.400 cpe:/a:symantec:client_security:3.1.401 cpe:/a:symantec:mail_security:4.0::domino cpe:/a:symantec:mail_security:4.0::microsoft_exchange cpe:/a:symantec:mail_security:4.0:build456:microsoft_exchange cpe:/a:symantec:mail_security:4.0:build463:microsoft_exchange cpe:/a:symantec:mail_security:4.0:build465:microsoft_exchange cpe:/a:symantec:mail_security:4.0:build736:microsoft_exchange cpe:/a:symantec:mail_security:4.0:build741:microsoft_exchange cpe:/a:symantec:mail_security:4.0:build743:microsoft_exchange cpe:/a:symantec:mail_security:4.0.1::domino cpe:/a:symantec:mail_security:4.1:build458:microsoft_exchange cpe:/a:symantec:mail_security:4.1:build459:microsoft_exchange cpe:/a:symantec:mail_security:4.1:build461:microsoft_exchange cpe:/a:symantec:mail_security:4.5::microsoft_exchange cpe:/a:symantec:mail_security:4.5.4.743::microsoft_exchange cpe:/a:symantec:mail_security:4.5_build_719::exchange cpe:/a:symantec:mail_security:4.5_build_736::exchange cpe:/a:symantec:mail_security:4.5_build_741::exchange cpe:/a:symantec:mail_security:4.6.1.107::microsoft_exchange cpe:/a:symantec:mail_security:4.6.3::microsoft_exchange cpe:/a:symantec:mail_security:4.6_build_97::exchange cpe:/a:symantec:mail_security:5.0::microsoft_exchange cpe:/a:symantec:mail_security:5.0::smtp cpe:/a:symantec:mail_security:5.0.0.204::microsoft_exchange cpe:/a:symantec:mail_security:5.0.1::smtp cpe:/a:symantec:mail_security:5.1.0::domino cpe:/a:symantec:mail_security:6.0.0::microsoft_exchange cpe:/a:symantec:norton_antivirus:::corporate_edition_for_linux cpe:/a:symantec:norton_antivirus:9.0::corporate_edition cpe:/a:symantec:norton_antivirus:9.0::macintosh cpe:/a:symantec:norton_antivirus:9.0.0::macintosh cpe:/a:symantec:norton_antivirus:9.0.0.338::corporate_edition cpe:/a:symantec:norton_antivirus:9.0.1::macintosh cpe:/a:symantec:norton_antivirus:9.0.1.1.1000::corporate_edition cpe:/a:symantec:norton_antivirus:9.0.2::macintosh cpe:/a:symantec:norton_antivirus:9.0.2.1000::corporate_edition cpe:/a:symantec:norton_antivirus:9.0.3::macintosh cpe:/a:symantec:norton_antivirus:9.0.3.1000::corporate_edition cpe:/a:symantec:norton_antivirus:9.0.4::corporate_edition cpe:/a:symantec:norton_antivirus:9.0.4:mr4_build_1000:corporate_edition cpe:/a:symantec:norton_antivirus:9.0.5::corporate_edition cpe:/a:symantec:norton_antivirus:9.0.5.1100::corporate_edition cpe:/a:symantec:norton_antivirus:9.0.6.1000::corporate_edition cpe:/a:symantec:norton_antivirus:10.0::corporate_edition cpe:/a:symantec:norton_antivirus:10.0::macintosh cpe:/a:symantec:norton_antivirus:10.0.0::macintosh cpe:/a:symantec:norton_antivirus:10.0.0.359::corporate_edition cpe:/a:symantec:norton_antivirus:10.0.1::macintosh cpe:/a:symantec:norton_antivirus:10.0.1.1000::corporate_edition cpe:/a:symantec:norton_antivirus:10.0.1.1007::corporate_edition cpe:/a:symantec:norton_antivirus:10.0.1.1008::corporate_edition cpe:/a:symantec:norton_antivirus:10.0.2.2000::corporate_edition cpe:/a:symantec:norton_antivirus:10.0.2.2001::corporate_edition cpe:/a:symantec:norton_antivirus:10.0.2.2002::corporate_edition cpe:/a:symantec:norton_antivirus:10.0.2.2010::corporate_edition cpe:/a:symantec:norton_antivirus:10.0.2.2011::corporate_edition cpe:/a:symantec:norton_antivirus:10.0.2.2020::corporate_edition cpe:/a:symantec:norton_antivirus:10.0.2.2021::corporate_edition cpe:/a:symantec:norton_antivirus:10.1::corporate_edition cpe:/a:symantec:norton_antivirus:10.1.4::corporate_edition cpe:/a:symantec:norton_antivirus:10.1.4:mr4_mp1_build4010:corporate_edition cpe:/a:symantec:norton_antivirus:10.1.4.4010::corporate_edition cpe:/a:symantec:norton_antivirus:10.1.394::corporate_edition cpe:/a:symantec:norton_antivirus:10.1.396::corporate_edition cpe:/a:symantec:norton_antivirus:10.1.400::corporate_edition cpe:/a:symantec:norton_antivirus:10.1.401::corporate_edition cpe:/a:symantec:norton_antivirus:10.9.1::macintosh cpe:/a:symantec:norton_antivirus:2004 cpe:/a:symantec:norton_antivirus:2004::professional cpe:/a:symantec:norton_antivirus:2005 cpe:/a:symantec:norton_antivirus:2005::professional cpe:/a:symantec:norton_antivirus:2005:11.0 cpe:/a:symantec:norton_antivirus:2005:11.0.9 cpe:/a:symantec:norton_antivirus:2006 cpe:/a:symantec:norton_internet_security:3.0::macintosh cpe:/a:symantec:norton_internet_security:2004 cpe:/a:symantec:norton_internet_security:2004::professional cpe:/a:symantec:norton_internet_security:2005 cpe:/a:symantec:norton_internet_security:2005::professional cpe:/a:symantec:norton_internet_security:2005:11.0 cpe:/a:symantec:norton_internet_security:2005:11.0.9 cpe:/a:symantec:norton_internet_security:2005:11.5.6.14 cpe:/a:symantec:norton_internet_security:2006 cpe:/a:symantec:norton_internet_security:2006::professional cpe:/a:symantec:norton_personal_firewall:2006 cpe:/a:symantec:norton_personal_firewall:2006_9.1.0.33 cpe:/a:symantec:norton_personal_firewall:2006_9.1.1.7 cpe:/a:symantec:norton_system_works:3.0::macintosh cpe:/a:symantec:norton_system_works:2004 cpe:/a:symantec:norton_system_works:2005 cpe:/a:symantec:norton_system_works:2005::premier cpe:/a:symantec:norton_system_works:2005:11.0 cpe:/a:symantec:norton_system_works:2005:11.0.9 cpe:/a:symantec:norton_system_works:2006 cpe:/a:symantec:symantec_antivirus_filtering_%2bfor_domino:3.0.12 cpe:/a:symantec:web_security:2.5 cpe:/a:symantec:web_security:3.0 cpe:/a:symantec:web_security:3.0.1 cpe:/a:symantec:web_security:3.0.1.70 cpe:/a:symantec:web_security:3.0.1.76 cpe:/a:symantec:web_security:3.0.1_build_3.01.70 cpe:/a:symantec:web_security:3.0.1_build_3.01.72 cpe:/a:symantec:web_security:3.0.1_build_3.01.74 cpe:/a:symantec:web_security:3.01.59 cpe:/a:symantec:web_security:3.01.60 cpe:/a:symantec:web_security:3.01.61 cpe:/a:symantec:web_security:3.01.62 cpe:/a:symantec:web_security:3.01.63 cpe:/a:symantec:web_security:3.01.67 cpe:/a:symantec:web_security:3.01.68 cpe:/a:symantec:web_security:5.0::microsoft_isa_2004 cpe:/h:symantec:gateway_security_5000_series:3.0.1 cpe:/h:symantec:gateway_security_5400:2.0.1 cpe:/h:symantec:mail_security_8820_appliance

CVE-2007-0447

2007-10-05T17:17:00.000-04:00

2012-10-30T22:28:08.450-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html BID 24282 VUPEN ADV-2007-2508 MISC http://www.zerodayinitiative.com/advisories/ZDI-07-040.html Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives.

cpe:/a:php:php:5.2.0

CVE-2007-0448

2007-05-24T14:30:00.000-04:00

2008-09-10T20:49:19.397-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2007-05-29T10:25:00.000-04:00

SREASONRES 20070125 PHP 5.2.0 safe_mode bypass (by Writing Mode) SREASON 2175 BID 22261 The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI.

cpe:/a:ca:brightstor_arcserve_backup_laptops_desktops:11.0 cpe:/a:ca:brightstor_arcserve_backup_laptops_desktops:11.1 cpe:/a:ca:brightstor_arcserve_backup_laptops_desktops:11.1:sp1 cpe:/a:ca:brightstor_mobile_backup:r4.0 cpe:/a:ca:business_protection_suite:2.0 cpe:/a:ca:desktop_management_suite:11.0 cpe:/a:ca:desktop_management_suite:11.1 cpe:/a:ca:desktop_protection_suite:2.0

CVE-2007-0449

2007-01-23T16:28:00.000-05:00

2018-10-16T12:32:38.857-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SECTRACK 1017548 CONFIRM http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/babldimpsec-notice.asp CERT-VN VU#357308 CERT-VN VU#611276 BUGTRAQ 20070124 [CAID 34993]: CA BrightStor ARCserve Backup for Laptops and Desktops Multiple Overflow Vulnerabilities BUGTRAQ 20070131 Remote Unauthenticated Code Execution CA BrightStor ARCserve Backup BUGTRAQ 20070131 Remote Unauthenticated Code Execution II CA BrightStor ARCserve Backup for Laptops & Desktops BID 22199 BID 22340 BID 22342 VUPEN ADV-2007-0314 CONFIRM http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=97696 CONFIRM http://www3.ca.com/securityadvisor/vulninfo/Vuln.aspx?ID=34993 XF ca-multiple-unspecified-bo(31704) Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.1 SP1, Mobile Backup r4.0, Desktop and Business Protection Suite r2, and Desktop Management Suite (DMS) r11.0 and r11.1 allow remote attackers to execute arbitrary code via crafted packets to TCP port (1) 1900 or (2) 2200.

cpe:/a:apache:http_server:- cpe:/a:apache:tomcat:5.0.0 cpe:/a:apache:tomcat:5.0.1 cpe:/a:apache:tomcat:5.0.2 cpe:/a:apache:tomcat:5.0.3 cpe:/a:apache:tomcat:5.0.4 cpe:/a:apache:tomcat:5.0.5 cpe:/a:apache:tomcat:5.0.6 cpe:/a:apache:tomcat:5.0.7 cpe:/a:apache:tomcat:5.0.8 cpe:/a:apache:tomcat:5.0.9 cpe:/a:apache:tomcat:5.0.10 cpe:/a:apache:tomcat:5.0.11 cpe:/a:apache:tomcat:5.0.12 cpe:/a:apache:tomcat:5.0.13 cpe:/a:apache:tomcat:5.0.14 cpe:/a:apache:tomcat:5.0.15 cpe:/a:apache:tomcat:5.0.16 cpe:/a:apache:tomcat:5.0.17 cpe:/a:apache:tomcat:5.0.18 cpe:/a:apache:tomcat:5.0.19 cpe:/a:apache:tomcat:5.0.21 cpe:/a:apache:tomcat:5.0.22 cpe:/a:apache:tomcat:5.0.23 cpe:/a:apache:tomcat:5.0.24 cpe:/a:apache:tomcat:5.0.25 cpe:/a:apache:tomcat:5.0.26 cpe:/a:apache:tomcat:5.0.27 cpe:/a:apache:tomcat:5.0.28 cpe:/a:apache:tomcat:5.0.29 cpe:/a:apache:tomcat:5.0.30 cpe:/a:apache:tomcat:5.5.0 cpe:/a:apache:tomcat:5.5.1 cpe:/a:apache:tomcat:5.5.2 cpe:/a:apache:tomcat:5.5.3 cpe:/a:apache:tomcat:5.5.4 cpe:/a:apache:tomcat:5.5.5 cpe:/a:apache:tomcat:5.5.6 cpe:/a:apache:tomcat:5.5.7 cpe:/a:apache:tomcat:5.5.8 cpe:/a:apache:tomcat:5.5.9 cpe:/a:apache:tomcat:5.5.10 cpe:/a:apache:tomcat:5.5.11 cpe:/a:apache:tomcat:5.5.12 cpe:/a:apache:tomcat:5.5.13 cpe:/a:apache:tomcat:5.5.14 cpe:/a:apache:tomcat:5.5.15 cpe:/a:apache:tomcat:5.5.16 cpe:/a:apache:tomcat:5.5.17 cpe:/a:apache:tomcat:5.5.18 cpe:/a:apache:tomcat:5.5.19 cpe:/a:apache:tomcat:5.5.20 cpe:/a:apache:tomcat:5.5.21 cpe:/a:apache:tomcat:6.0.0 cpe:/a:apache:tomcat:6.0.0:alpha cpe:/a:apache:tomcat:6.0.1 cpe:/a:apache:tomcat:6.0.1:alpha cpe:/a:apache:tomcat:6.0.2 cpe:/a:apache:tomcat:6.0.2:alpha cpe:/a:apache:tomcat:6.0.2:beta cpe:/a:apache:tomcat:6.0.3 cpe:/a:apache:tomcat:6.0.4 cpe:/a:apache:tomcat:6.0.4:alpha cpe:/a:apache:tomcat:6.0.5 cpe:/a:apache:tomcat:6.0.6 cpe:/a:apache:tomcat:6.0.6:alpha cpe:/a:apache:tomcat:6.0.7 cpe:/a:apache:tomcat:6.0.7:alpha cpe:/a:apache:tomcat:6.0.7:beta cpe:/a:apache:tomcat:6.0.8 cpe:/a:apache:tomcat:6.0.8:alpha cpe:/a:apache:tomcat:6.0.9 cpe:/a:apache:tomcat:6.0.9:beta

CVE-2007-0450

2007-03-16T18:19:00.000-04:00

2019-04-15T12:29:03.990-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx CONFIRM http://docs.info.apple.com/article.html?artnum=306172 HP SSRT071447 APPLE APPLE-SA-2007-07-31 MLIST [Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1 GENTOO GLSA-200705-03 SREASON 2446 SUNALERT 239312 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm CONFIRM http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540 CONFIRM http://tomcat.apache.org/security-4.html CONFIRM http://tomcat.apache.org/security-5.html CONFIRM http://tomcat.apache.org/security-6.html CONFIRM http://www.fujitsu.com/global/support/software/security/products-f/interstage-200702e.html MANDRIVA MDKSA-2007:241 SUSE SUSE-SR:2007:015 SUSE SUSE-SR:2007:005 REDHAT RHSA-2007:0327 REDHAT RHSA-2007:0360 REDHAT RHSA-2008:0261 MISC http://www.sec-consult.com/287.html MISC http://www.sec-consult.com/fileadmin/Advisories/20070314-0-apache_tomcat_directory_traversal.txt BUGTRAQ 20070314 SEC Consult SA-20070314-0 :: Apache HTTP Server / Tomcat directory traversal BUGTRAQ 20080108 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1 BUGTRAQ 20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities BUGTRAQ 20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1) BID 22960 BID 25159 VUPEN ADV-2007-0975 VUPEN ADV-2007-2732 VUPEN ADV-2007-3087 VUPEN ADV-2007-3386 VUPEN ADV-2008-0065 VUPEN ADV-2008-1979 VUPEN ADV-2009-0233 XF tomcat-proxy-directory-traversal(32988) MLIST [tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/ MLIST [tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ MLIST [tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/ MLIST [tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ MLIST [tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ MLIST [tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.

cpe:/a:apache:spamassassin:3.0.1 cpe:/a:apache:spamassassin:3.0.2 cpe:/a:apache:spamassassin:3.0.3 cpe:/a:apache:spamassassin:3.0.4 cpe:/a:apache:spamassassin:3.1.0 cpe:/a:apache:spamassassin:3.1.1 cpe:/a:apache:spamassassin:3.1.2 cpe:/a:apache:spamassassin:3.1.7

CVE-2007-0451

2007-02-16T14:28:00.000-05:00

2017-10-10T21:31:36.610-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov REDHAT RHSA-2007:0074 GENTOO GLSA-200703-02 CONFIRM http://spamassassin.apache.org/advisories/cve-2007-0451.txt CONFIRM http://svn.apache.org/repos/asf/spamassassin/branches/3.1/build/announcements/3.1.8.txt MANDRIVA MDKSA-2007:049 SUSE SUSE-SR:2007:006 REDHAT RHSA-2007:0075 BID 22584 SECTRACK 1017666 VUPEN ADV-2007-0628 XF spamassassin-url-dos(32536) CONFIRM https://issues.rpath.com/browse/RPL-1073 Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."

CVE-2007-0452

2007-02-05T21:28:00.000-05:00

2018-10-16T12:32:45.760-04:00

6.8

NETWORK

LOW

SINGLE_INSTANCE

NONE

COMPLETE

http://nvd.nist.gov SGI 20070201-01-P FEDORA FEDORA-2007-219 FEDORA FEDORA-2007-220 HP SSRT071341 SUSE SUSE-SA:2007:016 SREASON 2219 SECTRACK 1017587 SLACKWARE SSA:2007-038-01 SUNALERT 200588 CONFIRM http://us1.samba.org/samba/security/CVE-2007-0452.html DEBIAN DSA-1257 GENTOO GLSA-200702-01 MANDRIVA MDKSA-2007:034 REDHAT RHSA-2007:0060 REDHAT RHSA-2007:0061 BUGTRAQ 20070205 [SAMBA-SECURITY] CVE-2007-0452: Potential DoS against smbd in Samba 3.0.6 - 3.0.23d BUGTRAQ 20070207 rPSA-2007-0026-1 samba samba-swat BID 22395 TRUSTIX 2007-0007 UBUNTU USN-419-1 VUPEN ADV-2007-0483 VUPEN ADV-2007-1278 XF samba-smbd-filerename-dos(32301) CONFIRM https://issues.rpath.com/browse/RPL-1005 smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service (memory and CPU exhaustion) by renaming a file in a way that prevents a request from being removed from the deferred open queue, which triggers an infinite loop.

cpe:/a:samba:samba:3.0.21 cpe:/a:samba:samba:3.0.21a cpe:/a:samba:samba:3.0.21b cpe:/a:samba:samba:3.0.21c cpe:/a:samba:samba:3.0.22 cpe:/a:samba:samba:3.0.23 cpe:/a:samba:samba:3.0.23a cpe:/a:samba:samba:3.0.23b cpe:/a:samba:samba:3.0.23c cpe:/a:samba:samba:3.0.23d

CVE-2007-0453

2007-02-05T21:28:00.000-05:00

2018-10-16T12:32:49.450-04:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SECTRACK 1017589 SLACKWARE SSA:2007-038-01 CONFIRM http://us1.samba.org/samba/security/CVE-2007-0453.html OPENPKG OpenPKG-SA-2007.012 BUGTRAQ 20070205 [SAMBA-SECURITY] CVE-2007-0453: Buffer overrun in nss_winbind.so.1 on Solaris BUGTRAQ 20070207 rPSA-2007-0026-1 samba samba-swat BID 22410 TRUSTIX 2007-0007 VUPEN ADV-2007-0483 XF samba-winbind-bo(32231) CONFIRM https://issues.rpath.com/browse/RPL-1005 Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 through 3.0.23d, as used in the winbindd daemon on Solaris, allows attackers to execute arbitrary code via the (1) gethostbyname and (2) getipnodebyname functions.

cpe:/a:samba:samba:3.0.6 cpe:/a:samba:samba:3.0.7 cpe:/a:samba:samba:3.0.8 cpe:/a:samba:samba:3.0.9 cpe:/a:samba:samba:3.0.10 cpe:/a:samba:samba:3.0.11 cpe:/a:samba:samba:3.0.12 cpe:/a:samba:samba:3.0.13 cpe:/a:samba:samba:3.0.14 cpe:/a:samba:samba:3.0.14a cpe:/a:samba:samba:3.0.20 cpe:/a:samba:samba:3.0.20a cpe:/a:samba:samba:3.0.20b cpe:/a:samba:samba:3.0.21 cpe:/a:samba:samba:3.0.21a cpe:/a:samba:samba:3.0.21b cpe:/a:samba:samba:3.0.21c cpe:/a:samba:samba:3.0.22 cpe:/a:samba:samba:3.0.23d cpe:/o:debian:debian_linux:3.0 cpe:/o:debian:debian_linux:3.0::alpha cpe:/o:debian:debian_linux:3.0::arm cpe:/o:debian:debian_linux:3.0::hppa cpe:/o:debian:debian_linux:3.0::ia-32 cpe:/o:debian:debian_linux:3.0::ia-64 cpe:/o:debian:debian_linux:3.0::m68k cpe:/o:debian:debian_linux:3.0::mips cpe:/o:debian:debian_linux:3.0::mipsel cpe:/o:debian:debian_linux:3.0::ppc cpe:/o:debian:debian_linux:3.0::s-390 cpe:/o:debian:debian_linux:3.0::sparc cpe:/o:debian:debian_linux:3.1 cpe:/o:debian:debian_linux:3.1::alpha cpe:/o:debian:debian_linux:3.1::amd64 cpe:/o:debian:debian_linux:3.1::arm cpe:/o:debian:debian_linux:3.1::hppa cpe:/o:debian:debian_linux:3.1::ia-32 cpe:/o:debian:debian_linux:3.1::ia-64 cpe:/o:debian:debian_linux:3.1::m68k cpe:/o:debian:debian_linux:3.1::mips cpe:/o:debian:debian_linux:3.1::mipsel cpe:/o:debian:debian_linux:3.1::ppc cpe:/o:debian:debian_linux:3.1::s-390 cpe:/o:debian:debian_linux:3.1::sparc cpe:/o:mandrakesoft:mandrake_linux:2006 cpe:/o:mandrakesoft:mandrake_linux:2006::x86_64 cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0 cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64 cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0 cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64 cpe:/o:mandrakesoft:mandrake_linuxsoft_2007 cpe:/o:mandrakesoft:mandrake_linuxsoft_2007:::x86_64

CVE-2007-0454

2007-02-05T21:28:00.000-05:00

2018-10-16T12:32:50.667-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SECTRACK 1017588 SLACKWARE SSA:2007-038-01 CONFIRM http://us1.samba.org/samba/security/CVE-2007-0454.html DEBIAN DSA-1257 GENTOO GLSA-200702-01 CERT-VN VU#649732 MANDRIVA MDKSA-2007:034 OPENPKG OpenPKG-SA-2007.012 BUGTRAQ 20070205 [SAMBA-SECURITY] CVE-2007-0454: Format string bug in afsacl.so VFS plugin BUGTRAQ 20070207 rPSA-2007-0026-1 samba samba-swat BID 22403 TRUSTIX 2007-0007 UBUNTU USN-419-1 VUPEN ADV-2007-0483 XF samba-afsacl-format-string(32304) CONFIRM https://issues.rpath.com/browse/RPL-1005 Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.

cpe:/a:gd_graphics_library:gdlib:2.0.1 cpe:/a:gd_graphics_library:gdlib:2.0.15 cpe:/a:gd_graphics_library:gdlib:2.0.20 cpe:/a:gd_graphics_library:gdlib:2.0.21 cpe:/a:gd_graphics_library:gdlib:2.0.22 cpe:/a:gd_graphics_library:gdlib:2.0.23 cpe:/a:gd_graphics_library:gdlib:2.0.26 cpe:/a:gd_graphics_library:gdlib:2.0.27 cpe:/a:gd_graphics_library:gdlib:2.0.28 cpe:/a:gd_graphics_library:gdlib:2.0.33

CVE-2007-0455

2007-01-30T12:28:00.000-05:00

2018-10-16T12:32:52.870-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224607 FEDORA FEDORA-2007-150 FEDORA FEDORA-2010-19033 FEDORA FEDORA-2010-19022 MLIST [security-announce] 20070208 rPSA-2007-0028-1 gd REDHAT RHSA-2007:0155 MANDRIVA MDKSA-2007:035 MANDRIVA MDKSA-2007:036 MANDRIVA MDKSA-2007:038 MANDRIVA MDKSA-2007:109 REDHAT RHSA-2007:0153 REDHAT RHSA-2007:0162 REDHAT RHSA-2008:0146 BUGTRAQ 20070418 rPSA-2007-0073-1 php php-mysql php-pgsql BID 22289 TRUSTIX 2007-0007 UBUNTU USN-473-1 VUPEN ADV-2007-0400 VUPEN ADV-2011-0022 CONFIRM https://issues.rpath.com/browse/RPL-1030 CONFIRM https://issues.rpath.com/browse/RPL-1268 Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font.

cpe:/a:wireshark:wireshark:0.99.3 cpe:/a:wireshark:wireshark:0.99.4

CVE-2007-0456

2007-02-02T15:28:00.000-05:00

2017-10-10T21:31:36.860-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov SGI 20070301-01-P FEDORA FEDORA-2007-207 SECTRACK 1017581 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-166.htm MANDRIVA MDKSA-2007:033 REDHAT RHSA-2007:0066 BID 22352 VUPEN ADV-2007-0443 CONFIRM http://www.wireshark.org/security/wnpa-sec-2007-01.html XF wireshark-lltdissector-dos(32056) CONFIRM https://issues.rpath.com/browse/RPL-985 Unspecified vulnerability in the LLT dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.

cpe:/a:wireshark:wireshark:0.10.2 cpe:/a:wireshark:wireshark:0.10.3 cpe:/a:wireshark:wireshark:0.10.4 cpe:/a:wireshark:wireshark:0.10.5 cpe:/a:wireshark:wireshark:0.10.6 cpe:/a:wireshark:wireshark:0.10.7 cpe:/a:wireshark:wireshark:0.10.8 cpe:/a:wireshark:wireshark:0.10.9 cpe:/a:wireshark:wireshark:0.10.14 cpe:/a:wireshark:wireshark:0.99.0 cpe:/a:wireshark:wireshark:0.99.2 cpe:/a:wireshark:wireshark:0.99.3 cpe:/a:wireshark:wireshark:0.99.4

CVE-2007-0457

2007-02-02T15:28:00.000-05:00

2017-10-10T21:31:36.940-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov SGI 20070301-01-P FEDORA FEDORA-2007-207 SECTRACK 1017581 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-166.htm MANDRIVA MDKSA-2007:033 REDHAT RHSA-2007:0066 BID 22352 VUPEN ADV-2007-0443 CONFIRM http://www.wireshark.org/security/wnpa-sec-2007-01.html XF wireshark-ieeedissector-dos(32055) CONFIRM https://issues.rpath.com/browse/RPL-985 Unspecified vulnerability in the IEEE 802.11 dissector in Wireshark (formerly Ethereal) 0.10.14 through 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.

cpe:/a:wireshark:wireshark:0.99.3 cpe:/a:wireshark:wireshark:0.99.4

CVE-2007-0458

2007-02-02T15:28:00.000-05:00

2017-10-10T21:31:37.017-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov SGI 20070301-01-P FEDORA FEDORA-2007-207 SECTRACK 1017581 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-166.htm MANDRIVA MDKSA-2007:033 REDHAT RHSA-2007:0066 BID 22352 VUPEN ADV-2007-0443 CONFIRM http://www.wireshark.org/security/wnpa-sec-2007-01.html XF wireshark-httpdissector-dos(32054) CONFIRM https://issues.rpath.com/browse/RPL-985 Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors, a different issue than CVE-2006-5468.

cpe:/a:wireshark:wireshark:0.99.2 cpe:/a:wireshark:wireshark:0.99.3 cpe:/a:wireshark:wireshark:0.99.4

CVE-2007-0459

2007-02-02T15:28:00.000-05:00

2017-10-10T21:31:37.097-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov SGI 20070301-01-P MISC http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1200 FEDORA FEDORA-2007-207 SECTRACK 1017581 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-166.htm MANDRIVA MDKSA-2007:033 REDHAT RHSA-2007:0066 BID 22352 VUPEN ADV-2007-0443 CONFIRM http://www.wireshark.org/security/wnpa-sec-2007-01.html XF wireshark-tcpdissector-dos(32053) CONFIRM https://issues.rpath.com/browse/RPL-985 packet-tcp.c in the TCP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.4 allows remote attackers to cause a denial of service (application crash or hang) via fragmented HTTP packets.

cpe:/o:suse:suse_linux:9.3 cpe:/o:suse:suse_linux:10.1

CVE-2007-0460

2007-01-23T20:28:00.000-05:00

2010-09-15T01:41:23.013-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

GENTOO GLSA-200703-17 MANDRIVA MDKSA-2007:028 SUSE SUSE-SR:2007:001 BID 22139 Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and possibly other distributions, have unknown impact and attack vectors related to "improper string length calculations."

cpe:/a:dazuko:dazuko:2.3.1

CVE-2007-0461

2007-01-23T20:28:00.000-05:00

2008-11-13T01:32:00.143-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov SUSE SUSE-SR:2007:001 Multiple memory leaks in the Dazuko anti-virus helper module before 2.3.2 allow attackers to cause a denial of service (memory consumption) via unknown vectors.

cpe:/a:apple:quicktime:7.1.3 cpe:/o:apple:mac_os_x:10.4.8

CVE-2007-0462

2007-01-25T20:28:00.000-05:00

2017-07-28T21:30:12.437-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

MISC http://projects.info-pull.com/moab/MOAB-23-01-2007.html BID 22207 VUPEN ADV-2007-0337 XF macos-argb-dos(31698) The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption.

cpe:/a:apple:software_update:2.0.5

CVE-2007-0463

2007-01-29T11:28:00.000-05:00

2011-03-07T21:49:51.923-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://docs.info.apple.com/article.html?artnum=305214 APPLE APPLE-SA-2007-03-13 MISC http://projects.info-pull.com/moab/MOAB-24-01-2007.html BID 22222 SECTRACK 1017755 CERT TA07-072A VUPEN ADV-2007-0337 VUPEN ADV-2007-0930 Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X 10.4.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in (1) SWUTMP or (2) SUCATALOG filenames, or using the (3) application/x-apple.sucatalog+xml MIME type.

cpe:/a:cfnetwork:cfnetwork:129.19

CVE-2007-0464

2007-01-30T12:28:00.000-05:00

2017-10-10T21:31:37.173-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://docs.info.apple.com/article.html?artnum=307041 APPLE APPLE-SA-2007-11-14 MISC http://projects.info-pull.com/moab/MOAB-25-01-2007.html BID 22249 BID 26444 CERT TA07-319A VUPEN ADV-2007-3868 XF macos-cfnetwork-dos(31837) EXPLOIT-DB 3200 The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application crash) via a crafted HTTP 301 response, which results in a NULL pointer dereference.

cpe:/a:apple:installer:2.1.5 cpe:/o:apple:mac_os_x:10.4.8

CVE-2007-0465

2007-01-30T20:28:00.000-05:00

2017-07-28T21:30:12.547-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=305391 APPLE APPLE-SA-2007-04-19 MISC http://projects.info-pull.com/moab/MOAB-26-01-2007.html BID 22272 SECTRACK 1017940 CERT TA07-109A VUPEN ADV-2007-1470 XF macos-installer-format-string(31883) Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4.8 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a (1) PKG, (2) DISTZ, or (3) MPKG package filename.

cpe:/a:telestream:flip4mac_windows_media_components_for_quicktime:2.1.0.33

CVE-2007-0466

2007-01-30T20:28:00.000-05:00

2011-03-07T21:49:52.423-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

MISC http://projects.info-pull.com/moab/MOAB-27-01-2007.html BID 22286 VUPEN ADV-2007-0389 Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 allows remote attackers to execute arbitrary code via a crafted ASF_File_Properties_Object size field in a WMV file, which triggers memory corruption.

cpe:/o:apple:mac_os_x:10.4.8

CVE-2007-0467

2007-01-30T21:28:00.000-05:00

2017-07-28T21:30:12.593-04:00

6.2

LOCAL

HIGH

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=305214 APPLE APPLE-SA-2007-03-13 MISC http://projects.info-pull.com/moab/MOAB-28-01-2007.html CERT-VN VU#363112 SECTRACK 1017751 CERT TA07-072A VUPEN ADV-2007-0930 XF macos-crashreporterd-privilege-escalation(31888) crashdump in Apple Mac OS X 10.4.8 allows local users in the admin group to modify arbitrary files or gain privileges via a symlink attack on application logs in /Library/Logs/CrashReporter/.

cpe:/a:microsoft:visual_studio:6.0:sp6

CVE-2007-0468

2007-01-23T20:28:00.000-05:00

2018-10-16T12:32:55.307-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

SREASON 2172 MISC http://www.anspi.pl/~porkythepig/visualization/rc-kupiekrowe.cpp BUGTRAQ 20070122 Microsoft Visual C++ (.RC) resource files buffer overflow vulnerability VUPEN ADV-2007-0296 XF visualstudio-rc-bo(31665) Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ (MSVC) in Microsoft Visual Studio 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a long file path in the "1 TYPELIB MOVEABLE PURE" option in an RC file.

cpe:/a:rubyforge:rubygems:0.8.11 cpe:/a:rubyforge:rubygems:0.9.0

CVE-2007-0469

2007-01-23T20:28:00.000-05:00

2018-10-16T12:32:55.777-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

FULLDISC 20070121 RubyGems 0.9.0 and earlier installation exploit CONFIRM http://rubyforge.org/frs/shownotes.php?release_id=9074 SUSE SUSE-SR:2007:004 BUGTRAQ 20070121 RubyGems 0.9.0 and earlier installation exploit VUPEN ADV-2007-0295 XF rubygems-extractfiles-file-overwrite(31688) The extract_files function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages.

cpe:/o:sun:solaris:9.0::sparc cpe:/o:sun:solaris:10.0::sparc cpe:/o:sun:sunos:5.8

CVE-2007-0470

2007-01-23T20:28:00.000-05:00

2018-10-30T12:25:37.090-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SECTRACK 1017546 SUNALERT 102773 BID 22190 VUPEN ADV-2007-0317 XF solaris-tip-privilege-escalation(31669) Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and 10 allow local users to gain uucp account privileges via unspecified vectors.

cpe:/a:checkpoint:connectra_ngx:r62

CVE-2007-0471

2007-01-23T20:28:00.000-05:00

2018-10-16T12:32:56.277-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

FULLDISC 20070122 Check Point Connectra End Point security bypass SREASON 2179 SECTRACK 1017559 SECTRACK 1017560 MISC http://updates.checkpoint.com/fileserver/ID/7126/FILE/VPN-1_Hotfix1.pdf CONFIRM http://www.checkpoint.com/downloads/latest/hfa/connectra/security_r62.html MISC http://www.checkpoint.com/downloads/latest/hfa/vpn1_security/vpn1_R62_Windows.html BUGTRAQ 20070122 Re: [Full-disclosure] Check Point Connectra End Point security bypass BUGTRAQ 20070122 Check Point Connectra End Point security bypass VUPEN ADV-2007-0276 XF checkpoint-params-security-bypass(31646) sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie authentication token.

cpe:/a:smb4k:smb4k:0.4 cpe:/a:smb4k:smb4k:0.5 cpe:/a:smb4k:smb4k:0.6 cpe:/a:smb4k:smb4k:0.7

CVE-2007-0472

2007-02-03T18:28:00.000-05:00

2011-03-07T21:49:53.187-05:00

3.7

LOCAL

HIGH

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

CONFIRM http://developer.berlios.de/bugs/?func=detailbug&bug_id=9630&group_id=769 CONFIRM http://developer.berlios.de/project/shownotes.php?release_id=11706 CONFIRM http://developer.berlios.de/project/shownotes.php?release_id=11902 CONFIRM http://developer.berlios.de/project/shownotes.php?release_id=9777 SUSE SUSE-SR:2007:002 GENTOO GLSA-200703-09 MANDRIVA MDKSA-2007:042 BID 22299 VUPEN ADV-2007-0393 MLIST [smb4k-announce] 20061221 Smb4K 0.8.0 and security fixes released Multiple race conditions in Smb4K before 0.8.0 allow local users to (1) modify arbitrary files via unspecified manipulations of Smb4K's lock file, which is not properly handled by the remove_lock_file function in core/smb4kfileio.cpp, and (2) add lines to the sudoers file via a symlink attack on temporary files, which isn't properly handled by the writeFile function in core/smb4kfileio.cpp.

cpe:/a:smb4k:smb4k:0.4 cpe:/a:smb4k:smb4k:0.5 cpe:/a:smb4k:smb4k:0.6 cpe:/a:smb4k:smb4k:0.7

CVE-2007-0473

2007-02-03T18:28:00.000-05:00

2011-03-07T21:49:53.313-05:00

1.9

LOCAL

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://developer.berlios.de/bugs/?func=detailbug&bug_id=9630&group_id=769 CONFIRM http://developer.berlios.de/project/shownotes.php?release_id=11706 CONFIRM http://developer.berlios.de/project/shownotes.php?release_id=11902 CONFIRM http://developer.berlios.de/project/shownotes.php?release_id=9777 SUSE SUSE-SR:2007:002 GENTOO GLSA-200703-09 MANDRIVA MDKSA-2007:042 BID 22299 VUPEN ADV-2007-0393 MLIST [smb4k-announce] 20061221 Smb4K 0.8.0 and security fixes released The writeFile function in core/smb4kfileio.cpp in Smb4K before 0.8.0 does not preserve /etc/sudoers permissions across modifications, which allows local users to obtain sensitive information (/etc/sudoers contents) by reading this file.

cpe:/a:smb4k:smb4k:0.4 cpe:/a:smb4k:smb4k:0.5 cpe:/a:smb4k:smb4k:0.6 cpe:/a:smb4k:smb4k:0.7

CVE-2007-0474

2007-02-03T18:28:00.000-05:00

2011-03-07T21:49:53.627-05:00

3.3

LOCAL

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://developer.berlios.de/bugs/?func=detailbug&bug_id=9631&group_id=769 CONFIRM http://developer.berlios.de/project/shownotes.php?release_id=11706 CONFIRM http://developer.berlios.de/project/shownotes.php?release_id=11902 CONFIRM http://developer.berlios.de/project/shownotes.php?release_id=9777 SUSE SUSE-SR:2007:002 GENTOO GLSA-200703-09 MANDRIVA MDKSA-2007:042 BID 22299 VUPEN ADV-2007-0393 MLIST [smb4k-announce] 20061221 Smb4K 0.8.0 and security fixes released Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to kill arbitrary processes, related to a "design issue with smb4k_kill."

cpe:/a:smb4k:smb4k:0.4 cpe:/a:smb4k:smb4k:0.5 cpe:/a:smb4k:smb4k:0.6 cpe:/a:smb4k:smb4k:0.7

CVE-2007-0475

2007-02-03T18:28:00.000-05:00

2011-03-07T21:49:53.767-05:00

4.4

LOCAL

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

CONFIRM http://developer.berlios.de/bugs/?func=detailbug&bug_id=9631&group_id=769 CONFIRM http://developer.berlios.de/project/shownotes.php?release_id=11706 CONFIRM http://developer.berlios.de/project/shownotes.php?release_id=11902 CONFIRM http://developer.berlios.de/project/shownotes.php?release_id=9777 SUSE SUSE-SR:2007:002 GENTOO GLSA-200703-09 MANDRIVA MDKSA-2007:042 BID 22299 VUPEN ADV-2007-0393 MLIST [smb4k-announce] 20061221 Smb4K 0.8.0 and security fixes released Multiple stack-based buffer overflows in utilities/smb4k_*.cpp in Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to gain privileges via unspecified vectors related to the args variable and unspecified other variables, in conjunction with the sudo configuration.

cpe:/o:gentoo:linux:2.1.30:r9 cpe:/o:gentoo:linux:2.2.28:r7 cpe:/o:gentoo:linux:2.3.30:r2

CVE-2007-0476

2007-01-24T19:28:00.000-05:00

2011-03-07T21:49:53.923-05:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

GENTOO GLSA-200701-19 BID 22195 VUPEN ADV-2007-0305 The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild in Gentoo Linux, does not create temporary directories in /tmp securely during emerge, which allows local users to overwrite arbitrary files via a symlink attack.

cpe:/a:openads:openads:2.3.30

CVE-2007-0477

2007-01-24T19:28:00.000-05:00

2018-10-16T12:32:57.293-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov MISC http://forum.openads.org/index.php?showtopic=503412651 JVN JVN#07274813 BUGTRAQ 20070124 [OPENADS-SA-2007-001] phpAdsNew and phpPgAds 2.0.9-pr1 vulnerability fixed BUGTRAQ 20070126 [OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0.3.30 vulnerability fixed BUGTRAQ 20070127 Re: [OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0.3.30 vulnerability fixed VUPEN ADV-2007-0315 CONFIRM https://developer.openads.org/browser/branches/max/trunk/CHANGELOG.txt?format=raw Cross-site scripting (XSS) vulnerability in Openads 2.0.x before 2.0.10, 2.3 before 2.3.31 (aka Max Media Manager before 0.3.31-alpha-pr2), and phpAdsNew/phpPgAds before 2.0.9-pr1 allows remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter in admin-search.php and (2) affiliate-search.php. NOTE: this issue may overlap CVE-2007-0363.

cpe:/a:apple:safari cpe:/a:apple:webcore

CVE-2007-0478

2007-01-24T19:28:00.000-05:00

2018-10-16T12:32:57.870-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://docs.info.apple.com/article.html?artnum=306172 APPLE APPLE-SA-2007-07-31 SECTRACK 1018494 MISC http://www.beanfuzz.com/wordpress/?p=99 BUGTRAQ 20070123 Safari Improperly Parses HTML Documents & BlogSpot XSS vulnerability BID 25159 VUPEN ADV-2007-2732 XF safari-html-comment-xss(31846) WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment.

cpe:/h:cisco:ios_transmission_control_protocol:12 cpe:/h:cisco:ios_transmission_control_protocol:12.0da cpe:/h:cisco:ios_transmission_control_protocol:12.0db cpe:/h:cisco:ios_transmission_control_protocol:12.0dc cpe:/h:cisco:ios_transmission_control_protocol:12.0s cpe:/h:cisco:ios_transmission_control_protocol:12.0sc cpe:/h:cisco:ios_transmission_control_protocol:12.0sl cpe:/h:cisco:ios_transmission_control_protocol:12.0sp cpe:/h:cisco:ios_transmission_control_protocol:12.0st cpe:/h:cisco:ios_transmission_control_protocol:12.0sx cpe:/h:cisco:ios_transmission_control_protocol:12.0sy cpe:/h:cisco:ios_transmission_control_protocol:12.0sz cpe:/h:cisco:ios_transmission_control_protocol:12.0t cpe:/h:cisco:ios_transmission_control_protocol:12.0w cpe:/h:cisco:ios_transmission_control_protocol:12.0wc cpe:/h:cisco:ios_transmission_control_protocol:12.0wt cpe:/h:cisco:ios_transmission_control_protocol:12.0xa cpe:/h:cisco:ios_transmission_control_protocol:12.0xb cpe:/h:cisco:ios_transmission_control_protocol:12.0xc cpe:/h:cisco:ios_transmission_control_protocol:12.0xd cpe:/h:cisco:ios_transmission_control_protocol:12.0xe cpe:/h:cisco:ios_transmission_control_protocol:12.0xf cpe:/h:cisco:ios_transmission_control_protocol:12.0xg cpe:/h:cisco:ios_transmission_control_protocol:12.0xh cpe:/h:cisco:ios_transmission_control_protocol:12.0xi cpe:/h:cisco:ios_transmission_control_protocol:12.0xj cpe:/h:cisco:ios_transmission_control_protocol:12.0xk cpe:/h:cisco:ios_transmission_control_protocol:12.0xl cpe:/h:cisco:ios_transmission_control_protocol:12.0xm cpe:/h:cisco:ios_transmission_control_protocol:12.0xq cpe:/h:cisco:ios_transmission_control_protocol:12.0xr cpe:/h:cisco:ios_transmission_control_protocol:12.0xs cpe:/h:cisco:ios_transmission_control_protocol:12.0xv cpe:/h:cisco:ios_transmission_control_protocol:12.0xw cpe:/h:cisco:ios_transmission_control_protocol:12.1 cpe:/h:cisco:ios_transmission_control_protocol:12.1aa cpe:/h:cisco:ios_transmission_control_protocol:12.1ax cpe:/h:cisco:ios_transmission_control_protocol:12.1ay cpe:/h:cisco:ios_transmission_control_protocol:12.1az cpe:/h:cisco:ios_transmission_control_protocol:12.1cx cpe:/h:cisco:ios_transmission_control_protocol:12.1da cpe:/h:cisco:ios_transmission_control_protocol:12.1db cpe:/h:cisco:ios_transmission_control_protocol:12.1dc cpe:/h:cisco:ios_transmission_control_protocol:12.1e cpe:/h:cisco:ios_transmission_control_protocol:12.1ea cpe:/h:cisco:ios_transmission_control_protocol:12.1eb cpe:/h:cisco:ios_transmission_control_protocol:12.1ec cpe:/h:cisco:ios_transmission_control_protocol:12.1eo cpe:/h:cisco:ios_transmission_control_protocol:12.1eu cpe:/h:cisco:ios_transmission_control_protocol:12.1ev cpe:/h:cisco:ios_transmission_control_protocol:12.1ew cpe:/h:cisco:ios_transmission_control_protocol:12.1ex cpe:/h:cisco:ios_transmission_control_protocol:12.1ey cpe:/h:cisco:ios_transmission_control_protocol:12.1ez cpe:/h:cisco:ios_transmission_control_protocol:12.1t cpe:/h:cisco:ios_transmission_control_protocol:12.1x cpe:/h:cisco:ios_transmission_control_protocol:12.1xa cpe:/h:cisco:ios_transmission_control_protocol:12.1xb cpe:/h:cisco:ios_transmission_control_protocol:12.1xc cpe:/h:cisco:ios_transmission_control_protocol:12.1xd cpe:/h:cisco:ios_transmission_control_protocol:12.1xe cpe:/h:cisco:ios_transmission_control_protocol:12.1xf cpe:/h:cisco:ios_transmission_control_protocol:12.1xg cpe:/h:cisco:ios_transmission_control_protocol:12.1xh cpe:/h:cisco:ios_transmission_control_protocol:12.1xi cpe:/h:cisco:ios_transmission_control_protocol:12.1xj cpe:/h:cisco:ios_transmission_control_protocol:12.1xl cpe:/h:cisco:ios_transmission_control_protocol:12.1xp cpe:/h:cisco:ios_transmission_control_protocol:12.1xq cpe:/h:cisco:ios_transmission_control_protocol:12.1xr cpe:/h:cisco:ios_transmission_control_protocol:12.1xs cpe:/h:cisco:ios_transmission_control_protocol:12.1xt cpe:/h:cisco:ios_transmission_control_protocol:12.1xu cpe:/h:cisco:ios_transmission_control_protocol:12.1xv cpe:/h:cisco:ios_transmission_control_protocol:12.1xw cpe:/h:cisco:ios_transmission_control_protocol:12.1xx cpe:/h:cisco:ios_transmission_control_protocol:12.1xy cpe:/h:cisco:ios_transmission_control_protocol:12.1xz cpe:/h:cisco:ios_transmission_control_protocol:12.1ya cpe:/h:cisco:ios_transmission_control_protocol:12.1yb cpe:/h:cisco:ios_transmission_control_protocol:12.1yc cpe:/h:cisco:ios_transmission_control_protocol:12.1yd cpe:/h:cisco:ios_transmission_control_protocol:12.1ye cpe:/h:cisco:ios_transmission_control_protocol:12.1yf cpe:/h:cisco:ios_transmission_control_protocol:12.1yh cpe:/h:cisco:ios_transmission_control_protocol:12.1yi cpe:/h:cisco:ios_transmission_control_protocol:12.1yj cpe:/h:cisco:ios_transmission_control_protocol:12.2 cpe:/h:cisco:ios_transmission_control_protocol:12.2b cpe:/h:cisco:ios_transmission_control_protocol:12.2bc cpe:/h:cisco:ios_transmission_control_protocol:12.2bw cpe:/h:cisco:ios_transmission_control_protocol:12.2by cpe:/h:cisco:ios_transmission_control_protocol:12.2bz cpe:/h:cisco:ios_transmission_control_protocol:12.2cx cpe:/h:cisco:ios_transmission_control_protocol:12.2cy cpe:/h:cisco:ios_transmission_control_protocol:12.2cz cpe:/h:cisco:ios_transmission_control_protocol:12.2da cpe:/h:cisco:ios_transmission_control_protocol:12.2dd cpe:/h:cisco:ios_transmission_control_protocol:12.2dx cpe:/h:cisco:ios_transmission_control_protocol:12.2eu cpe:/h:cisco:ios_transmission_control_protocol:12.2ew cpe:/h:cisco:ios_transmission_control_protocol:12.2ewa cpe:/h:cisco:ios_transmission_control_protocol:12.2ex cpe:/h:cisco:ios_transmission_control_protocol:12.2ey cpe:/h:cisco:ios_transmission_control_protocol:12.2ez cpe:/h:cisco:ios_transmission_control_protocol:12.2fx cpe:/h:cisco:ios_transmission_control_protocol:12.2fy cpe:/h:cisco:ios_transmission_control_protocol:12.2fz cpe:/h:cisco:ios_transmission_control_protocol:12.2ixa cpe:/h:cisco:ios_transmission_control_protocol:12.2ixb cpe:/h:cisco:ios_transmission_control_protocol:12.2ixc cpe:/h:cisco:ios_transmission_control_protocol:12.2ja cpe:/h:cisco:ios_transmission_control_protocol:12.2jk cpe:/h:cisco:ios_transmission_control_protocol:12.2mb cpe:/h:cisco:ios_transmission_control_protocol:12.2mc cpe:/h:cisco:ios_transmission_control_protocol:12.2s cpe:/h:cisco:ios_transmission_control_protocol:12.2sb cpe:/h:cisco:ios_transmission_control_protocol:12.2sbc cpe:/h:cisco:ios_transmission_control_protocol:12.2se cpe:/h:cisco:ios_transmission_control_protocol:12.2sea cpe:/h:cisco:ios_transmission_control_protocol:12.2seb cpe:/h:cisco:ios_transmission_control_protocol:12.2sec cpe:/h:cisco:ios_transmission_control_protocol:12.2sed cpe:/h:cisco:ios_transmission_control_protocol:12.2see cpe:/h:cisco:ios_transmission_control_protocol:12.2sef cpe:/h:cisco:ios_transmission_control_protocol:12.2seg cpe:/h:cisco:ios_transmission_control_protocol:12.2sg cpe:/h:cisco:ios_transmission_control_protocol:12.2sga cpe:/h:cisco:ios_transmission_control_protocol:12.2so cpe:/h:cisco:ios_transmission_control_protocol:12.2sra cpe:/h:cisco:ios_transmission_control_protocol:12.2srb cpe:/h:cisco:ios_transmission_control_protocol:12.2su cpe:/h:cisco:ios_transmission_control_protocol:12.2sv cpe:/h:cisco:ios_transmission_control_protocol:12.2sw cpe:/h:cisco:ios_transmission_control_protocol:12.2sx cpe:/h:cisco:ios_transmission_control_protocol:12.2sxa cpe:/h:cisco:ios_transmission_control_protocol:12.2sxb cpe:/h:cisco:ios_transmission_control_protocol:12.2sxd cpe:/h:cisco:ios_transmission_control_protocol:12.2sxe cpe:/h:cisco:ios_transmission_control_protocol:12.2sxf cpe:/h:cisco:ios_transmission_control_protocol:12.2sy cpe:/h:cisco:ios_transmission_control_protocol:12.2sz cpe:/h:cisco:ios_transmission_control_protocol:12.2t cpe:/h:cisco:ios_transmission_control_protocol:12.2tpc cpe:/h:cisco:ios_transmission_control_protocol:12.2xa cpe:/h:cisco:ios_transmission_control_protocol:12.2xb cpe:/h:cisco:ios_transmission_control_protocol:12.2xc cpe:/h:cisco:ios_transmission_control_protocol:12.2xd cpe:/h:cisco:ios_transmission_control_protocol:12.2xe cpe:/h:cisco:ios_transmission_control_protocol:12.2xf cpe:/h:cisco:ios_transmission_control_protocol:12.2xg cpe:/h:cisco:ios_transmission_control_protocol:12.2xh cpe:/h:cisco:ios_transmission_control_protocol:12.2xi cpe:/h:cisco:ios_transmission_control_protocol:12.2xj cpe:/h:cisco:ios_transmission_control_protocol:12.2xk cpe:/h:cisco:ios_transmission_control_protocol:12.2xl cpe:/h:cisco:ios_transmission_control_protocol:12.2xm cpe:/h:cisco:ios_transmission_control_protocol:12.2xn cpe:/h:cisco:ios_transmission_control_protocol:12.2xq cpe:/h:cisco:ios_transmission_control_protocol:12.2xr cpe:/h:cisco:ios_transmission_control_protocol:12.2xs cpe:/h:cisco:ios_transmission_control_protocol:12.2xt cpe:/h:cisco:ios_transmission_control_protocol:12.2xu cpe:/h:cisco:ios_transmission_control_protocol:12.2xv cpe:/h:cisco:ios_transmission_control_protocol:12.2xw cpe:/h:cisco:ios_transmission_control_protocol:12.2ya cpe:/h:cisco:ios_transmission_control_protocol:12.2yb cpe:/h:cisco:ios_transmission_control_protocol:12.2yc cpe:/h:cisco:ios_transmission_control_protocol:12.2yd cpe:/h:cisco:ios_transmission_control_protocol:12.2ye cpe:/h:cisco:ios_transmission_control_protocol:12.2yf cpe:/h:cisco:ios_transmission_control_protocol:12.2yg cpe:/h:cisco:ios_transmission_control_protocol:12.2yh cpe:/h:cisco:ios_transmission_control_protocol:12.2yj cpe:/h:cisco:ios_transmission_control_protocol:12.2yk cpe:/h:cisco:ios_transmission_control_protocol:12.2yl cpe:/h:cisco:ios_transmission_control_protocol:12.2ym cpe:/h:cisco:ios_transmission_control_protocol:12.2yn cpe:/h:cisco:ios_transmission_control_protocol:12.2yo cpe:/h:cisco:ios_transmission_control_protocol:12.2yp cpe:/h:cisco:ios_transmission_control_protocol:12.2yq cpe:/h:cisco:ios_transmission_control_protocol:12.2yr cpe:/h:cisco:ios_transmission_control_protocol:12.2ys cpe:/h:cisco:ios_transmission_control_protocol:12.2yt cpe:/h:cisco:ios_transmission_control_protocol:12.2yu cpe:/h:cisco:ios_transmission_control_protocol:12.2yv cpe:/h:cisco:ios_transmission_control_protocol:12.2yw cpe:/h:cisco:ios_transmission_control_protocol:12.2yx cpe:/h:cisco:ios_transmission_control_protocol:12.2yy cpe:/h:cisco:ios_transmission_control_protocol:12.2yz cpe:/h:cisco:ios_transmission_control_protocol:12.2za cpe:/h:cisco:ios_transmission_control_protocol:12.2zb cpe:/h:cisco:ios_transmission_control_protocol:12.2zc cpe:/h:cisco:ios_transmission_control_protocol:12.2zd cpe:/h:cisco:ios_transmission_control_protocol:12.2ze cpe:/h:cisco:ios_transmission_control_protocol:12.2zf cpe:/h:cisco:ios_transmission_control_protocol:12.2zg cpe:/h:cisco:ios_transmission_control_protocol:12.2zh cpe:/h:cisco:ios_transmission_control_protocol:12.2zj cpe:/h:cisco:ios_transmission_control_protocol:12.2zl cpe:/h:cisco:ios_transmission_control_protocol:12.2zn cpe:/h:cisco:ios_transmission_control_protocol:12.2zp cpe:/h:cisco:ios_transmission_control_protocol:12.3 cpe:/h:cisco:ios_transmission_control_protocol:12.3b cpe:/h:cisco:ios_transmission_control_protocol:12.3bc cpe:/h:cisco:ios_transmission_control_protocol:12.3bw cpe:/h:cisco:ios_transmission_control_protocol:12.3ja cpe:/h:cisco:ios_transmission_control_protocol:12.3jea cpe:/h:cisco:ios_transmission_control_protocol:12.3jeb cpe:/h:cisco:ios_transmission_control_protocol:12.3jk cpe:/h:cisco:ios_transmission_control_protocol:12.3jx cpe:/h:cisco:ios_transmission_control_protocol:12.3t cpe:/h:cisco:ios_transmission_control_protocol:12.3tpc cpe:/h:cisco:ios_transmission_control_protocol:12.3xa cpe:/h:cisco:ios_transmission_control_protocol:12.3xb cpe:/h:cisco:ios_transmission_control_protocol:12.3xc cpe:/h:cisco:ios_transmission_control_protocol:12.3xd cpe:/h:cisco:ios_transmission_control_protocol:12.3xe cpe:/h:cisco:ios_transmission_control_protocol:12.3xf cpe:/h:cisco:ios_transmission_control_protocol:12.3xg cpe:/h:cisco:ios_transmission_control_protocol:12.3xh cpe:/h:cisco:ios_transmission_control_protocol:12.3xi cpe:/h:cisco:ios_transmission_control_protocol:12.3xj cpe:/h:cisco:ios_transmission_control_protocol:12.3xk cpe:/h:cisco:ios_transmission_control_protocol:12.3xq cpe:/h:cisco:ios_transmission_control_protocol:12.3xr cpe:/h:cisco:ios_transmission_control_protocol:12.3xs cpe:/h:cisco:ios_transmission_control_protocol:12.3xu cpe:/h:cisco:ios_transmission_control_protocol:12.3xw cpe:/h:cisco:ios_transmission_control_protocol:12.3xx cpe:/h:cisco:ios_transmission_control_protocol:12.3xy cpe:/h:cisco:ios_transmission_control_protocol:12.3ya cpe:/h:cisco:ios_transmission_control_protocol:12.3yd cpe:/h:cisco:ios_transmission_control_protocol:12.3yf cpe:/h:cisco:ios_transmission_control_protocol:12.3yg cpe:/h:cisco:ios_transmission_control_protocol:12.3yh cpe:/h:cisco:ios_transmission_control_protocol:12.3yi cpe:/h:cisco:ios_transmission_control_protocol:12.3yj cpe:/h:cisco:ios_transmission_control_protocol:12.3yk cpe:/h:cisco:ios_transmission_control_protocol:12.3ym cpe:/h:cisco:ios_transmission_control_protocol:12.3yq cpe:/h:cisco:ios_transmission_control_protocol:12.3ys cpe:/h:cisco:ios_transmission_control_protocol:12.3yt cpe:/h:cisco:ios_transmission_control_protocol:12.3yu cpe:/h:cisco:ios_transmission_control_protocol:12.3yx cpe:/h:cisco:ios_transmission_control_protocol:12.3yz cpe:/h:cisco:ios_transmission_control_protocol:12.4 cpe:/h:cisco:ios_transmission_control_protocol:12.4mr cpe:/h:cisco:ios_transmission_control_protocol:12.4sw cpe:/h:cisco:ios_transmission_control_protocol:12.4t cpe:/h:cisco:ios_transmission_control_protocol:12.4xa cpe:/h:cisco:ios_transmission_control_protocol:12.4xb cpe:/h:cisco:ios_transmission_control_protocol:12.4xc

CVE-2007-0479

2007-01-24T19:28:00.000-05:00

2017-10-10T21:31:37.330-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov SECTRACK 1017551 CISCO 20070124 Crafted TCP Packet Can Cause Denial of Service CERT-VN VU#217912 BID 22208 CERT TA07-024A VUPEN ADV-2007-0329 XF cisco-tcp-ipv4-dos(31716) Memory leak in the TCP listener in Cisco IOS 9.x, 10.x, 11.x, and 12.x allows remote attackers to cause a denial of service by sending crafted TCP traffic to an IPv4 address on the IOS device.

CVE-2007-0480

2007-01-24T19:28:00.000-05:00

2017-10-10T21:31:37.427-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SECTRACK 1017555 CISCO 20070124 Crafted IP Option Vulnerability CERT-VN VU#341288 BID 22211 CERT TA07-024A VUPEN ADV-2007-0329 XF cisco-ip-option-code-execution(31725) Cisco IOS 9.x, 10.x, 11.x, and 12.x and IOS XR 2.0.x, 3.0.x, and 3.2.x allows remote attackers to cause a denial of service or execute arbitrary code via a crafted IP option in the IP header in a (1) ICMP, (2) PIMv2, (3) PGM, or (4) URD packet.

CVE-2007-0481

2007-01-24T19:28:00.000-05:00

2017-10-10T21:31:37.517-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov SECTRACK 1017550 CISCO 20070124 IPv6 Routing Header Vulnerability CERT-VN VU#274760 BID 22210 CERT TA07-024A VUPEN ADV-2007-0329 XF cisco-ios-ipv6-type0-dos(31715) Cisco IOS allows remote attackers to cause a denial of service (crash) via a crafted IPv6 Type 0 Routing header.

cpe:/a:sun:ray_server_software:2.0 cpe:/a:sun:ray_server_software:3.0

CVE-2007-0482

2007-01-24T19:28:00.000-05:00

2017-07-28T21:30:13.327-04:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SECTRACK 1017547 SUNALERT 102779 BID 22192 VUPEN ADV-2007-0316 XF sunray-utadmin-information-disclosure(31700) cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 allows local users to obtain the utadmin password by reading a web server's log file, or by conducting a different, unspecified local attack.

cpe:/a:enthusiast:enthusiast:3.1

CVE-2007-0483

2007-01-24T19:28:00.000-05:00

2017-07-28T21:30:13.377-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22180 XF enthusiast-show-xss(31667) Multiple cross-site scripting (XSS) vulnerabilities in Enthusiast 3.1 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) show_owned.php or (2) show_joined.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:enthusiast:enthusiast:3.1

CVE-2007-0484

2007-01-24T19:28:00.000-05:00

2017-07-28T21:30:13.423-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22180 XF enthusiast-show-sql-injection(31666) Multiple SQL injection vulnerabilities in Enthusiast 3.1 allow remote attackers to execute arbitrary SQL commands via the cat parameter to (1) show_owned.php, (2) show_joined.php, and possibly other files. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:webchat.org:webchat:0.77

CVE-2007-0485

2007-01-24T19:28:00.000-05:00

2018-10-16T12:32:58.573-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20030303 WebChat (PHP) BID 7000 SECTRACK 1006193 XF webchat-definesphp-file-include(31624) EXPLOIT-DB 3169 PHP remote file inclusion vulnerability in defines.php in WebChat 0.77 allows remote attackers to execute arbitrary PHP code via a URL in the WEBCHATPATH parameter.

cpe:/a:phpadsnew:phpadsnew:2.0.7

CVE-2007-0486

2007-01-24T19:28:00.000-05:00

2018-10-16T12:32:58.997-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2174 BUGTRAQ 20070120 phpAdsNew 2.0.7 Remote File Include BUGTRAQ 20070122 Re: phpAdsNew 2.0.7 Remote File Include BUGTRAQ 20070124 Re: phpAdsNew 2.0.7 Remote File Include BID 22172 ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Openads (aka phpAdsNew) 2.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) phpAds_geoPlugin parameter to libraries/lib-remotehost.inc, the (2) filename parameter to admin/report-index, or the (3) phpAds_config[my_footer] parameter to admin/lib-gui.inc. NOTE: the vendor has disputed this issue, stating that the relevant variables are used within function definitions.

cpe:/a:zoneo-soft:freeforum:0.9.0

CVE-2007-0487

2007-01-24T19:28:00.000-05:00

2018-10-16T12:32:59.607-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070121 FreeForum 0.9.0 <=- (index.php fpath) Remote File Include Vulnerability BUGTRAQ 20070124 Re: FreeForum 0.9.0 <=- (index.php fpath) Remote File Include Vulnerability XF freeforum-index-file-include(31647) ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in FreeForum 0.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. NOTE: this issue has been disputed by third party researchers, stating that fpath variable is initialized before being used.

cpe:/h:huawei:versatile_routing_platform:1.43_2500e-003_firmware

CVE-2007-0488

2007-01-24T19:28:00.000-05:00

2017-07-28T21:30:13.577-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov FULLDISC 20070118 The Quidway Router local DOS SREASON 2176 XF quidway-arp-dos(31641) The Huawei Versatile Routing Platform 1.43 2500E-003 firmware on the Quidway R1600 Router, and possibly other models, allows remote attackers to cause a denial of service (device crash) via a long show arp command.

cpe:/a:visohotlink:visohotlink:1.01

CVE-2007-0489

2007-01-24T19:28:00.000-05:00

2017-10-18T21:29:59.787-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22171 VUPEN ADV-2007-0285 XF visohotlink-functions-file-include(31654) EXPLOIT-DB 3175 PHP remote file inclusion vulnerability in includes/functions.visohotlink.php in VisoHotlink 1.01 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

cpe:/a:open-realty:open-realty:2.3.4

CVE-2007-0490

2007-01-24T19:28:00.000-05:00

2018-10-16T12:32:59.917-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov BUGTRAQ 20070121 Full Path Disclosure in Open-Realty ( v2.3.4 ) XF openrealty-index-path-disclosure(31657) index.php in Open-Realty 2.3.4 allows remote attackers to obtain sensitive information (the full path) via an invalid listingID parameter in a listingview action.

cpe:/a:sky_gunning:myspeach:3.0.6

CVE-2007-0491

2007-01-24T19:28:00.000-05:00

2011-03-07T21:49:56.000-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0269 PHP remote file inclusion vulnerability in up.php in Sky GUNNING MySpeach 3.0.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the my_ms[root] parameter, a different vector than CVE-2006-4630. NOTE: Some of these details are obtained from third party information.

cpe:/a:webspell:webspell:4.01.02

CVE-2007-0492

2007-01-24T19:28:00.000-05:00

2017-07-28T21:30:13.733-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0270 XF webspell-gallery-sql-injection(31632) Multiple SQL injection vulnerabilities in gallery.php in webSPELL 4.01.02 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) galleryID parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:isc:bind:9.3.0 cpe:/a:isc:bind:9.3.1 cpe:/a:isc:bind:9.3.2 cpe:/a:isc:bind:9.4.0 cpe:/a:isc:bind:9.4.0:rc1 cpe:/a:isc:bind:9.5.0

CVE-2007-0493

2007-01-25T15:28:00.000-05:00

2018-10-30T12:27:01.687-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://docs.info.apple.com/article.html?artnum=305530 FEDORA FEDORA-2007-147 FEDORA FEDORA-2007-164 NETBSD NetBSD-SA2007-003 HP SSRT061273 APPLE APPLE-SA-2007-05-24 FULLDISC 20070125 BIND remote exploit (low severity) [Fwd: Internet Systems Consortium Security Advisory.] SUSE SUSE-SA:2007:014 MLIST [bind-announce] 20070125 Internet Systems Consortium Security Advisory. FREEBSD FreeBSD-SA-07:02 GENTOO GLSA-200702-06 SECTRACK 1017561 SLACKWARE SSA:2007-026-01 CONFIRM http://www.isc.org/index.pl?/sw/bind/bind-security.php CONFIRM http://www.isc.org/index.pl?/sw/bind/view/?release=9.2.8 CONFIRM http://www.isc.org/index.pl?/sw/bind/view/?release=9.3.4 MANDRIVA MDKSA-2007:030 OPENPKG OpenPKG-SA-2007.007 REDHAT RHSA-2007:0057 BUGTRAQ 20070125 BIND remote exploit (low severity) [Fwd: Internet Systems Consortium Security Advisory.] BID 22229 TRUSTIX 2007-0005 UBUNTU USN-418-1 VUPEN ADV-2007-0349 VUPEN ADV-2007-1401 VUPEN ADV-2007-1939 VUPEN ADV-2007-2163 VUPEN ADV-2007-2315 CONFIRM https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488 CONFIRM https://issues.rpath.com/browse/RPL-989 HP SSRT071304 Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch context."

cpe:/a:isc:bind:9.0 cpe:/a:isc:bind:9.0.0:rc1 cpe:/a:isc:bind:9.0.0:rc2 cpe:/a:isc:bind:9.0.0:rc3 cpe:/a:isc:bind:9.0.0:rc4 cpe:/a:isc:bind:9.0.0:rc5 cpe:/a:isc:bind:9.0.0:rc6 cpe:/a:isc:bind:9.0.1 cpe:/a:isc:bind:9.0.1:rc1 cpe:/a:isc:bind:9.0.1:rc2 cpe:/a:isc:bind:9.1 cpe:/a:isc:bind:9.1.0:rc1 cpe:/a:isc:bind:9.1.1 cpe:/a:isc:bind:9.1.1:rc1 cpe:/a:isc:bind:9.1.1:rc2 cpe:/a:isc:bind:9.1.1:rc3 cpe:/a:isc:bind:9.1.1:rc4 cpe:/a:isc:bind:9.1.1:rc5 cpe:/a:isc:bind:9.1.1:rc6 cpe:/a:isc:bind:9.1.1:rc7 cpe:/a:isc:bind:9.1.2 cpe:/a:isc:bind:9.1.2:rc1 cpe:/a:isc:bind:9.1.3 cpe:/a:isc:bind:9.1.3:rc1 cpe:/a:isc:bind:9.1.3:rc2 cpe:/a:isc:bind:9.1.3:rc3 cpe:/a:isc:bind:9.2 cpe:/a:isc:bind:9.2.0 cpe:/a:isc:bind:9.2.0:a1 cpe:/a:isc:bind:9.2.0:a2 cpe:/a:isc:bind:9.2.0:a3 cpe:/a:isc:bind:9.2.0:b1 cpe:/a:isc:bind:9.2.0:b2 cpe:/a:isc:bind:9.2.0:rc1 cpe:/a:isc:bind:9.2.0:rc10 cpe:/a:isc:bind:9.2.0:rc2 cpe:/a:isc:bind:9.2.0:rc3 cpe:/a:isc:bind:9.2.0:rc4 cpe:/a:isc:bind:9.2.0:rc5 cpe:/a:isc:bind:9.2.0:rc6 cpe:/a:isc:bind:9.2.0:rc7 cpe:/a:isc:bind:9.2.0:rc8 cpe:/a:isc:bind:9.2.0:rc9 cpe:/a:isc:bind:9.2.1 cpe:/a:isc:bind:9.2.1:rc1 cpe:/a:isc:bind:9.2.1:rc2 cpe:/a:isc:bind:9.2.2 cpe:/a:isc:bind:9.2.2:p2 cpe:/a:isc:bind:9.2.2:p3 cpe:/a:isc:bind:9.2.2:rc1 cpe:/a:isc:bind:9.2.3 cpe:/a:isc:bind:9.2.3:rc1 cpe:/a:isc:bind:9.2.3:rc2 cpe:/a:isc:bind:9.2.3:rc3 cpe:/a:isc:bind:9.2.3:rc4 cpe:/a:isc:bind:9.2.4 cpe:/a:isc:bind:9.2.4:rc2 cpe:/a:isc:bind:9.2.4:rc3 cpe:/a:isc:bind:9.2.4:rc4 cpe:/a:isc:bind:9.2.4:rc5 cpe:/a:isc:bind:9.2.4:rc6 cpe:/a:isc:bind:9.2.4:rc7 cpe:/a:isc:bind:9.2.4:rc8 cpe:/a:isc:bind:9.2.5 cpe:/a:isc:bind:9.2.5:b2 cpe:/a:isc:bind:9.2.5:rc1 cpe:/a:isc:bind:9.2.6 cpe:/a:isc:bind:9.2.6:rc1 cpe:/a:isc:bind:9.3 cpe:/a:isc:bind:9.3.0 cpe:/a:isc:bind:9.3.0:b2 cpe:/a:isc:bind:9.3.0:b3 cpe:/a:isc:bind:9.3.0:b4 cpe:/a:isc:bind:9.3.0:rc1 cpe:/a:isc:bind:9.3.0:rc2 cpe:/a:isc:bind:9.3.0:rc3 cpe:/a:isc:bind:9.3.0:rc4 cpe:/a:isc:bind:9.3.1 cpe:/a:isc:bind:9.3.1:b2 cpe:/a:isc:bind:9.3.1:rc1 cpe:/a:isc:bind:9.3.2 cpe:/a:isc:bind:9.3.2:rc1 cpe:/a:isc:bind:9.4.0:a1 cpe:/a:isc:bind:9.4.0:a2 cpe:/a:isc:bind:9.4.0:a3 cpe:/a:isc:bind:9.4.0:a4 cpe:/a:isc:bind:9.4.0:a5 cpe:/a:isc:bind:9.4.0:b1 cpe:/a:isc:bind:9.4.0:b2 cpe:/a:isc:bind:9.4.0:b3 cpe:/a:isc:bind:9.4.0:rc1 cpe:/a:isc:bind:9.5.0:a1

CVE-2007-0494

2007-01-25T15:28:00.000-05:00

2017-10-10T21:31:37.750-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov SGI 20070201-01-P CONFIRM http://docs.info.apple.com/article.html?artnum=305530 FEDORA FEDORA-2007-147 FEDORA FEDORA-2007-164 NETBSD NetBSD-SA2007-003 HP SSRT061273 APPLE APPLE-SA-2007-05-24 FULLDISC 20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player SUSE SUSE-SA:2007:014 MLIST [bind-announce] 20070125 Internet Systems Consortium Security Advisory. FREEBSD FreeBSD-SA-07:02 GENTOO GLSA-200702-06 SECTRACK 1017573 SLACKWARE SSA:2007-026-01 SUNALERT 102969 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-125.htm DEBIAN DSA-1254 CONFIRM http://www.isc.org/index.pl?/sw/bind/bind-security.php CONFIRM http://www.isc.org/index.pl?/sw/bind/view/?release=9.2.8 CONFIRM http://www.isc.org/index.pl?/sw/bind/view/?release=9.3.4 MANDRIVA MDKSA-2007:030 OPENPKG OpenPKG-SA-2007.007 REDHAT RHSA-2007:0044 REDHAT RHSA-2007:0057 BID 22231 TRUSTIX 2007-0005 UBUNTU USN-418-1 VUPEN ADV-2007-1401 VUPEN ADV-2007-1939 VUPEN ADV-2007-2002 VUPEN ADV-2007-2163 VUPEN ADV-2007-2245 VUPEN ADV-2007-2315 VUPEN ADV-2007-3229 AIXAPAR IY95618 AIXAPAR IY95619 AIXAPAR IY96144 AIXAPAR IY96324 XF bind-rrsets-dos(31838) CONFIRM https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488 CONFIRM https://issues.rpath.com/browse/RPL-989 HP SSRT071304 ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability.

cpe:/a:phpsherpa:phpsherpa

CVE-2007-0495

2007-01-25T16:28:00.000-05:00

2017-10-18T21:29:59.830-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

VUPEN ADV-2007-0263 EXPLOIT-DB 3161 PHP remote file inclusion vulnerability in include/config.inc.php in PhpSherpa allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter.

cpe:/a:neon_labs:neon_labs_website:3.2

CVE-2007-0496

2007-01-25T16:28:00.000-05:00

2017-10-18T21:29:59.877-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

VUPEN ADV-2007-0268 EXPLOIT-DB 3163 PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the g_strRootDir parameter.

cpe:/a:upload-service:upload-service:1.0

CVE-2007-0497

2007-01-25T16:28:00.000-05:00

2018-10-16T12:33:05.590-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://echo.or.id/adv/adv62-y3dips-2007.txt BUGTRAQ 20070123 [ECHO_ADV_62$2007] Upload Service 1.0 remote file inclusion BID 22189 VUPEN ADV-2007-0265 XF uploadservice-top-file-include(31634) PHP remote file inclusion vulnerability in upload/top.php in Upload-Service 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the maindir parameter.

cpe:/a:sky_gunning:myspeach:2.1_beta

CVE-2007-0498

2007-01-25T16:28:00.000-05:00

2017-10-18T21:29:59.927-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

EXPLOIT-DB 3165 PHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter.

cpe:/a:sangwan_kim:phpindexpage:1.0.1

CVE-2007-0499

2007-01-25T16:28:00.000-05:00

2017-10-18T21:30:00.003-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22161 VUPEN ADV-2007-0267 EXPLOIT-DB 3164 PHP remote file inclusion vulnerability in config.php in Sangwan Kim phpIndexPage 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[inc_path] parameter.

cpe:/a:bradabra:bradabra:2.0.5

CVE-2007-0500

2007-01-25T16:28:00.000-05:00

2017-10-18T21:30:00.067-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0264 EXPLOIT-DB 3162 PHP remote file inclusion vulnerability in include/includes.php in Bradabra 2.0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.

cpe:/a:mafia_scum_tools:mafia_scum_tools:2.0.0

CVE-2007-0501

2007-01-25T16:28:00.000-05:00

2017-10-18T21:30:00.127-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22151 VUPEN ADV-2007-0271 XF mafiascum-index-file-include(31637) EXPLOIT-DB 3171 PHP remote file inclusion vulnerability in index.php in Mafia Scum Tools 2.0.0 in Matthew Wardrop Advanced Random Generators (adv-random-gen) allows remote attackers to execute arbitrary PHP code via a URL in the gen parameter.

cpe:/a:webspell:webspell:4.01.02

CVE-2007-0502

2007-01-25T16:28:00.000-05:00

2017-10-18T21:30:00.177-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov BID 22149 VUPEN ADV-2007-0270 XF webspell-gallery-sql-injection(31632) EXPLOIT-DB 3172 SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows remote attackers to execute arbitrary SQL commands via the picID parameter, a different vector than CVE-2007-0492.

cpe:/o:sun:solaris:9.0::sparc cpe:/o:sun:sunos:5.8

CVE-2007-0503

2007-01-25T16:28:00.000-05:00

2018-10-30T12:25:37.090-04:00

6.9

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SECTRACK 1017541 SUNALERT 102728 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-040.htm BID 22175 VUPEN ADV-2007-0287 XF solaris-kcmscalibrate-privilege-escalation(31668) Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 before 20071122 allows local users to execute arbitrary commands via unknown vectors.

cpe:/a:vote_pro:vote_pro:4.0

CVE-2007-0504

2007-01-25T19:28:00.000-05:00

2017-10-18T21:30:00.237-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

VUPEN ADV-2007-0300 EXPLOIT-DB 3180 Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and possibly other scripts, allows remote attackers to execute arbitrary code via the poll_id parameter, which is supplied to an eval function call, a different vulnerability type than CVE-2005-4632.

cpe:/a:drupal:project:4.6 cpe:/a:drupal:project:4.6_1.1 cpe:/a:drupal:project:4.7 cpe:/a:drupal:project:4.7_1.1 cpe:/a:drupal:project:4.7_2.1 cpe:/a:drupal:project:5.0::dev cpe:/a:drupal:project_issue_tracking_module:4.7 cpe:/a:drupal:project_issue_tracking_module:4.7_1.1 cpe:/a:drupal:project_issue_tracking_module:4.7_2.1 cpe:/a:drupal:project_issue_tracking_module:5.0::dev

CVE-2007-0505

2007-01-25T19:28:00.000-05:00

2017-07-28T21:30:14.127-04:00

8.5

NETWORK

MEDIUM

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://drupal.org/node/112146 BID 22224 VUPEN ADV-2007-0312 XF projecttracking-extension-file-upload(31729) Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 through 5.x before 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue.

CVE-2007-0506

2007-01-25T19:28:00.000-05:00

2017-07-28T21:30:14.203-04:00

6.0

NETWORK

MEDIUM

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

CONFIRM http://drupal.org/node/112146 BID 22224 VUPEN ADV-2007-0312 XF projecttracking-access-info-disclosure(31727) The project_issue_access function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests.

cpe:/a:drupal:acidfree:4.6_1.0 cpe:/a:drupal:acidfree:4.7_1.0

CVE-2007-0507

2007-01-25T19:28:00.000-05:00

2017-07-28T21:30:14.250-04:00

6.0

NETWORK

MEDIUM

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

CONFIRM http://drupal.org/node/112145 BID 22202 VUPEN ADV-2007-0313 XF acidfree-albums-sql-injection(31724) SQL injection vulnerability in the Acidfree module for Drupal before 4.6.x-1.0, and before 4.7.x-1.0 in the 4.7 series, allows remote authenticated users with "create acidfree albums" privileges to execute arbitrary SQL commands via node titles.

cpe:/a:bbclone:bbclone:0.31

CVE-2007-0508

2007-01-25T19:28:00.000-05:00

2017-10-18T21:30:00.300-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0318 EXPLOIT-DB 3183 PHP remote file inclusion vulnerability in lib/selectlang.php in BBClone 0.31 allows remote attackers to execute arbitrary PHP code via a URL in the BBC_LANGUAGE_PATH parameter.

cpe:/a:maklerplus:maklerplus:1.0 cpe:/a:maklerplus:maklerplus:1.01

CVE-2007-0509

2007-01-25T19:28:00.000-05:00

2017-07-28T21:30:14.297-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://sourceforge.net/project/shownotes.php?release_id=479940 BID 22206 VUPEN ADV-2007-0321 XF maklerplus-multiple-unspecified(31734) Multiple unspecified vulnerabilities in MaklerPlus before 1.2 have unknown impact and attack vectors, possibly relating to cross-site scripting (XSS) in the slogan parameter in main.tpl, or information leaks in error messages.

cpe:/a:awffull:awffull:3.7.1

CVE-2007-0510

2007-01-25T19:28:00.000-05:00

2017-07-28T21:30:14.360-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://www.stedee.id.au/awffull#changes MLIST [AWFFULL] 20070123 Regarding the fixes in 3.7.2 VUPEN ADV-2007-0320 XF awffull-multiple-bo(31731) Multiple buffer overflows in (1) graphs.c, (2) output.c, and (3) preserve.c in AWFFull 3.7.1 and earlier have unknown impact and attack vectors. NOTE: some of these details are obtained from third party information. NOTE: There may not be any attack vector that crosses privilege boundaries.

cpe:/a:phpxmldom:phpxmldom:0.3

CVE-2007-0511

2007-01-25T19:28:00.000-05:00

2017-10-18T21:30:00.363-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22201 VUPEN ADV-2007-0309 XF phpxd-path-file-include(31726) EXPLOIT-DB 3184 Multiple PHP remote file inclusion vulnerabilities in phpXMLDOM (phpXD) 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) dom.php, (2) dtd.php, or (3) parser.php in include/.

cpe:/a:hitachi:tpi_link:03_04 cpe:/a:hitachi:tpi_link:03_06_k cpe:/a:hitachi:tpi_link:05_00 cpe:/a:hitachi:tpi_link:05_03_f cpe:/a:hitachi:tpi_server_base:03_01 cpe:/a:hitachi:tpi_server_base:03_01_db cpe:/a:hitachi:tpi_server_base:03_01_e cpe:/a:hitachi:tpi_server_base:03_01_fd cpe:/a:hitachi:tpi_server_base:05_00_h cpe:/a:hitachi:tpi_server_base:05_03

CVE-2007-0512

2007-01-25T19:28:00.000-05:00

2011-03-07T21:49:59.237-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://www.hitachi-support.com/security_e/vuls_e/HS06-021_e/01-e.html BID 22223 VUPEN ADV-2007-0325 Hitachi TP1/LiNK 05-00 through 05-03-/F, 03-04 through 03-06-/K, and 03-00 through 03-03-/H; and TP1/Server Base 05-00 through 05-00-/M, 03-01-E through 03-01-FD, 03-01 through 03-01-DB, and 05-03; allow attackers to cause a denial of service (process crash) via invalid data to an OpenTP1 port.

cpe:/a:hitachi:hirdb_parallel_server:4.0 cpe:/a:hitachi:hirdb_parallel_server:5.0 cpe:/a:hitachi:hirdb_parallel_server:6 cpe:/a:hitachi:hirdb_parallel_server:7 cpe:/a:hitachi:hirdb_single_server:4.0 cpe:/a:hitachi:hirdb_single_server:5.0 cpe:/a:hitachi:hirdb_single_server:6 cpe:/a:hitachi:hirdb_single_server:7 cpe:/a:hitachi:hirdb_single_server_workgroup_edition:5.0 cpe:/a:hitachi:hirdb_workgroup_server:6 cpe:/h:hitachi:hirdb_datareplicator:5.0 cpe:/h:hitachi:hirdb_datareplicator:5.0_64 cpe:/h:hitachi:hirdb_datareplicator:6 cpe:/h:hitachi:hirdb_datareplicator:6_64 cpe:/h:hitachi:hirdb_datareplicator:7 cpe:/h:hitachi:hirdb_datareplicator:7_64

CVE-2007-0513

2007-01-25T19:28:00.000-05:00

2017-07-28T21:30:14.470-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://www.hitachi-support.com/security_e/vuls_e/HS06-023_e/01-e.html BID 22244 VUPEN ADV-2007-0327 XF hitachi-hirdb-request-dos(31735) Hitachi HiRDB Datareplicator 7HiRDB, 7(64), 6, 6(64), 5.0, and 5.0(64); and various products that bundle HiRDB Datareplicator; allows attackers to cause a denial of service (CPU consumption) via certain data.

cpe:/a:hitachi:cosminexus_application_server cpe:/a:hitachi:cosminexus_application_server:6::enterprise cpe:/a:hitachi:cosminexus_application_server_version_5 cpe:/a:hitachi:cosminexus_developer_light_version_6 cpe:/a:hitachi:cosminexus_developer_professional_version_6 cpe:/a:hitachi:cosminexus_developer_standard_version_6 cpe:/a:hitachi:cosminexus_developer_version_5 cpe:/a:hitachi:cosminexus_server_-_enterprise_edition cpe:/a:hitachi:cosminexus_server_-_standard_edition cpe:/a:hitachi:cosminexus_server_-_standard_edition_version_4 cpe:/a:hitachi:cosminexus_server_-_web_edition cpe:/a:hitachi:cosminexus_server_-_web_edition_version_4 cpe:/a:hitachi:hitachi_web_server cpe:/a:hitachi:ucosminexus_application_server_enterprise:::enterprise cpe:/a:hitachi:ucosminexus_application_server_smart_edition cpe:/a:hitachi:ucosminexus_application_server_standard cpe:/a:hitachi:ucosminexus_developer_light cpe:/a:hitachi:ucosminexus_developer_standard cpe:/a:hitachi:ucosminexus_service_architect cpe:/a:hitachi:ucosminexus_service_platform

CVE-2007-0514

2007-01-25T19:28:00.000-05:00

2011-03-07T21:49:59.453-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

CONFIRM http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html VUPEN ADV-2007-0326 Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps.

CVE-2007-0515

2007-01-25T19:28:00.000-05:00

2018-10-12T17:42:43.643-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

MISC http://isc.sans.org/diary.html?storyid=2133 SECTRACK 1017564 CERT-VN VU#412225 CONFIRM http://www.microsoft.com/technet/security/advisory/932114.mspx BID 22225 BID 22328 MISC http://www.symantec.com/enterprise/security_response/weblog/2007/01/multiple_organizations_targett.html MISC http://www.symantec.com/enterprise/security_response/weblog/2007/01/new_microsoft_word_2000_vulner.html MISC http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2007-013010-5422-99&tabid=2 CERT TA07-044A VUPEN ADV-2007-0350 MS MS07-014 XF word-document-code-execution(31834) Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561.

cpe:/a:yana_framework:yana_framework:2.8 cpe:/a:yana_framework:yana_framework:2.8.1 cpe:/a:yana_framework:yana_framework:2.8.2a cpe:/a:yana_framework:yana_framework:2.8.3a cpe:/a:yana_framework:yana_framework:2.8.4a

CVE-2007-0516

2007-01-25T20:28:00.000-05:00

2017-07-28T21:30:14.593-04:00

4.9

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

http://nvd.nist.gov MISC http://all-community.de/pub/pages/changes.php?language=en XF yana-unspecified-security-bypass(31671) Yana Framework before 2.8.5a allows remote authenticated users with permissions to modify a guestbook profile to modify or delete arbitrary guestbook profiles via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:scriptsez:random_php_quote:1.0

CVE-2007-0517

2007-01-25T20:28:00.000-05:00

2018-10-16T12:33:06.090-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2184 BUGTRAQ 20070123 RANDOM PHP QUOTE 1.0 (pwd.txt) Remote Password Disclosur XF randomphpquote-pwd-information-disclosure(31696) Scriptsez Random PHP Quote 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password information via a direct request for pwd.txt.

cpe:/a:scriptsez:smart_php_subscriber

CVE-2007-0518

2007-01-25T20:28:00.000-05:00

2018-10-16T12:33:06.463-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2183 BUGTRAQ 20070123 subscribe (pwd.txt) Remote Password Disclosur XF subscriber-pwd-information-disclosure(31701) Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain encoded passwords via a direct request for pwd.txt.

cpe:/a:xmb_software:u2u_instant_messenger

CVE-2007-0519

2007-01-25T20:28:00.000-05:00

2018-10-16T12:33:06.840-04:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov MISC http://aria-security.com/forum/showthread.php?p=129 SREASON 2182 BUGTRAQ 20070120 XMB "U2U Instant Messenger" Cross-Site Scripting XF u2u-memcp-xss(31661) Cross-site scripting (XSS) vulnerability in memcp.php in XMB U2U Instant Messenger allows remote authenticated users to inject arbitrary web script or HTML via the recipient field.

cpe:/a:unique_ads:unique_ads:1.0

CVE-2007-0520

2007-01-25T20:28:00.000-05:00

2018-10-16T12:33:07.167-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov SREASON 2181 BUGTRAQ 20070121 SQL Injection in Unique Ads ( UDS ) XF uniqueads-banner-sql-injection(31660) SQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x allows remote attackers to execute arbitrary SQL commands via the bid parameter.

cpe:/h:sony_ericsson:k700i cpe:/h:sony_ericsson:w810i

CVE-2007-0521

2007-01-25T20:28:00.000-05:00

2018-10-16T12:33:07.433-04:00

3.3

ADJACENT_NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov SREASON 2180 BUGTRAQ 20070123 Bluetooth DoS by obex push BUGTRAQ 20070123 Re: Bluetooth DoS by obex push [readable] The Sony Ericsson K700i and W810i phones allow remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.

cpe:/h:motorola:motorazr:v3

CVE-2007-0522

2007-01-25T20:28:00.000-05:00

2018-10-16T12:33:07.700-04:00

3.3

ADJACENT_NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov SREASON 2180 BUGTRAQ 20070123 Bluetooth DoS by obex push BUGTRAQ 20070123 Re: Bluetooth DoS by obex push [readable] The Motorola MOTORAZR V3 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.

cpe:/h:nokia:n70

CVE-2007-0523

2007-01-25T20:28:00.000-05:00

2018-10-16T12:33:07.967-04:00

3.3

ADJACENT_NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov SREASON 2180 BUGTRAQ 20070123 Bluetooth DoS by obex push BUGTRAQ 20070123 Re: Bluetooth DoS by obex push [readable] The Nokia N70 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.

cpe:/h:lg_electronics:chocolate_kg800

CVE-2007-0524

2007-01-25T20:28:00.000-05:00

2018-10-16T12:33:08.230-04:00

2.9

ADJACENT_NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov SREASON 2180 BUGTRAQ 20070123 Bluetooth DoS by obex push BUGTRAQ 20070123 Re: Bluetooth DoS by obex push [readable] The LG Chocolate KG800 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.

cpe:/a:grigoriadis:mini_web_server:0.04

CVE-2007-0525

2007-01-25T20:28:00.000-05:00

2011-03-07T21:50:12.610-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

CONFIRM http://sourceforge.net/project/shownotes.php?release_id=479480&group_id=187000 VUPEN ADV-2007-0294 Multiple buffer overflows in Nickolas Grigoriadis Mini Web server (MiniWebsvr) before 0.05 have unknown impact and attack vectors.

cpe:/a:bitweaver:bitweaver:1.3.1

CVE-2007-0526

2007-01-25T20:28:00.000-05:00

2018-10-16T12:33:08.480-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov SREASON 2186 BUGTRAQ 20070122 [x0n3-h4ck] bitweaver 1.3.1 XSS Exploit XF bitweaver-multiple-scripts-xss(31655) Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the URL (PATH_INFO) to (1) articles/edit.php, (2) articles/list.php, (3) blogs/list_blogs.php, or (4) blogs/rankings.php.

cpe:/a:website_baker:website_baker:2.6.5

CVE-2007-0527

2007-01-25T20:28:00.000-05:00

2018-10-16T12:33:08.950-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2185 BUGTRAQ 20070122 SQL Injection by using Cookie Poisoning for Website Baker Version 2.6.5 and before BID 22176 VUPEN ADV-2007-0311 XF websitebaker-login-sql-injection(31692) SQL injection vulnerability in the is_remembered function in class.login.php in Website Baker 2.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the REMEMBER_KEY cookie parameter. NOTE: some of these details are obtained from third party information.

cpe:/h:centrality_communications:pa168_chipset:firmware_1.54

CVE-2007-0528

2007-01-25T20:28:00.000-05:00

2018-10-16T12:33:09.403-04:00

9.0

NETWORK

LOW

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

MISC http://www.procheckup.com/Vulner_PR0614.php BUGTRAQ 20070123 PR06-14: IP Phones based on Centrality Communications/Aredfox PA168 chipset weak session management vulnerability VUPEN ADV-2007-0346 EXPLOIT-DB 3189 The admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to existing superuser sessions and obtain sensitive information (passwords and configuration data).

cpe:/a:php_link_directory:php_link_directory:3.0.6

CVE-2007-0529

2007-01-25T20:28:00.000-05:00

2018-10-16T12:33:09.857-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BUGTRAQ 20070121 PHP Link Directory XSS Vulnerability version <= 3.0.6 MISC http://www.smilehouse.com/advisory/phplinkdirectory_070121.txt XF phpld-admin-xss(31662) Cross-site scripting (XSS) vulnerability in index.html (aka the administration page) in PHP Link Directory (phpLD) 3.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted link, which is triggered when the administrator uses the "Validate Links" functionality.

cpe:/a:advanced_guestbook:advanced_guestbook:2.4.2

CVE-2007-0530

2007-01-25T20:28:00.000-05:00

2018-10-16T12:33:10.153-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070123 Advanced Guestbook <=- 2.4.2 (include_path) Remote File Include Vulnerability BUGTRAQ 20070123 Re: Advanced Guestbook <=- 2.4.2 (include_path) Remote File Include Vulnerability ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Advanced Guestbook 2.4.2 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) index.php, (2) addentry.php, or (3) picture.php, a different set of vectors than CVE-2006-5804. NOTE: this issue has been disputed by third party researchers, stating that the include_path variable is instantiated before use.

cpe:/a:freewebshop:freewebshop:2.2.3 cpe:/a:freewebshop:freewebshop:2.2.4

CVE-2007-0531

2007-01-25T20:28:00.000-05:00

2017-07-28T21:30:15.267-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://14house.blogspot.com/2007/01/freewebshoporg-remote-file-inclusion.html SECTRACK 1017549 MISC http://www.freewebshop.org/?id=36 VUPEN ADV-2007-0319 XF freewebshop-login-file-include(31732) PHP remote file inclusion vulnerability in includes/login.php in FreeWebShop 2.2.3 and 2.2.4 before 20070123 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter.

cpe:/a:tuan_do:uploader:6_beta_1

CVE-2007-0532

2007-01-25T20:28:00.000-05:00

2018-10-16T12:33:10.293-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2187 BUGTRAQ 20070122 Uploader <= (userdata/user_1.txt) Password Disclosure Vulnerability XF uploader-userdata-info-disclosure(31683) Tuan Do Uploader (aka php-uploader) 6 beta 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrator password hash via a direct request for userdata/user_1.txt.

cpe:/a:atozed_software:intraweb_component:8.0 cpe:/a:atozed_software:intraweb_component:9.0

CVE-2007-0533

2007-01-25T20:28:00.000-05:00

2018-10-16T12:33:10.543-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://blogs.atozed.com/Olaf/20070124.en.aspx CONFIRM http://blogs.atozed.com/Olaf/20070124A.en.aspx BUGTRAQ 20070123 AToZed Software Intraweb Component for Borland Delphi and Kylix DoS vulnerability BUGTRAQ 20070124 Re: AToZed Software Intraweb Component for Borland Delphi and Kylix DoS vulnerability BUGTRAQ 20070125 Re: AToZed Software Intraweb Component for Borland Delphi and Kylix DoS vulnerability BID 22185 VUPEN ADV-2007-0355 XF intraweb-component-dos(31685) The AToZed IntraWeb component 8.0 and earlier for Borland Delphi and Kylix, and IntraWeb 9.0 before build (9.0.12), allows remote attackers to cause a denial of service (thread hang or CPU consumption) via a crafted HTTP request, related to the OnBeforeDispatch function in the TIWServerController object.

cpe:/a:drupal:project:4.6.0 cpe:/a:drupal:project:5 cpe:/a:drupal:project_issue_tracking_module:4.7.0 cpe:/a:drupal:project_issue_tracking_module:5

CVE-2007-0534

2007-01-25T20:28:00.000-05:00

2017-07-28T21:30:15.423-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://drupal.org/node/112146 BID 22224 VUPEN ADV-2007-0312 XF projecttracking-unspecified-xss(31728) Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project issue tracking 4.7.0 through 5.x before 20070123 and (2) Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via (a) certain "fields on project nodes" or (b) "certain project-specific settings regarding issue tracking."

cpe:/a:vote_pro:vote_pro:4.0

CVE-2007-0535

2007-01-25T20:28:00.000-05:00

2011-03-07T21:50:14.237-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0300 Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly earlier, allow remote attackers to execute arbitrary code via requests to unspecified PHP scripts with the poll_id parameter, which is supplied to eval function calls, a different set of vectors than CVE-2007-0504. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/o:rpath:rpath_linux:1

CVE-2007-0536

2007-01-26T19:28:00.000-05:00

2017-07-28T21:30:15.483-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://lists.rpath.com/pipermail/security-announce/2007-January/000137.html XF rpath-rmake-privilege-escalation(31942) CONFIRM https://issues.rpath.com/browse/RPL-987 The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges.

cpe:/a:kde:konqueror:3.5.5

CVE-2007-0537

2007-01-29T11:28:00.000-05:00

2018-10-16T12:33:11.247-04:00

2.6

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov SECTRACK 1017591 GENTOO GLSA-200703-10 CONFIRM http://www.kde.org/info/security/advisory-20070206-1.txt MANDRIVA MDKSA-2007:031 MANDRIVA MDKSA-2007:157 SUSE SUSE-SR:2007:006 REDHAT RHSA-2007:0909 BUGTRAQ 20070124 Re: Safari Improperly Parses HTML Documents & BlogSpot XSS vulnerability BID 22428 UBUNTU USN-420-1 VUPEN ADV-2007-0505 CONFIRM https://issues.rpath.com/browse/RPL-1117 The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478.

cpe:/a:telligent_systems:community_server_forums:2.1

CVE-2007-0538

2007-01-29T12:28:00.000-05:00

2018-10-16T12:33:12.700-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov SREASON 2211 BUGTRAQ 20070124 Weaknesses in Pingback Design BUGTRAQ 20070124 DoS against Telligent Community Server Telligent Community Server 2.1 and earlier allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to (1) a large file, which triggers a long download session without a timeout constraint; or (2) a file with a binary content type, which is downloaded even though it cannot contain usable pingback data.

cpe:/a:wordpress:wordpress:2.0

CVE-2007-0539

2007-01-29T12:28:00.000-05:00

2018-10-16T12:33:13.043-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov SREASON 2191 BUGTRAQ 20070124 Weaknesses in Pingback Design BUGTRAQ 20070124 Multiple Remote Vulnerabilities in Wordpress The wp_remote_fopen function in WordPress before 2.1 allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a large file, which triggers a long download session without a timeout constraint.

cpe:/a:wordpress:wordpress:2.0

CVE-2007-0540

2007-01-29T12:28:00.000-05:00

2018-10-16T12:33:13.293-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov SREASON 2191 DEBIAN DSA-1564 BUGTRAQ 20070124 Weaknesses in Pingback Design BUGTRAQ 20070124 Multiple Remote Vulnerabilities in Wordpress WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, which is downloaded even though it cannot contain usable pingback data.

cpe:/a:wordpress:wordpress:2.0

CVE-2007-0541

2007-01-29T12:28:00.000-05:00

2018-10-16T12:33:13.637-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2191 BUGTRAQ 20070124 Weaknesses in Pingback Design BUGTRAQ 20070124 Multiple Remote Vulnerabilities in Wordpress WordPress allows remote attackers to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes for existing and non-existing files, and in certain configurations causes a brief file excerpt to be published as a blog comment.

cpe:/a:212cafe:guestbook:4.00_beta

CVE-2007-0542

2007-01-29T12:28:00.000-05:00

2018-10-16T12:33:13.887-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2190 BUGTRAQ 20070121 XSS in Guestbook ( v.4.00 beta ) XF guestbook-show-xss(31663) Cross-site scripting (XSS) vulnerability in show.php in 212cafe Guestbook 4.00 beta allows remote attackers to inject arbitrary web script or HTML via the user parameter.

cpe:/a:zixforum:zixforum:1.14

CVE-2007-0543

2007-01-29T12:28:00.000-05:00

2018-10-16T12:33:14.120-04:00

9.4

NETWORK

LOW

NONE

COMPLETE

NONE

http://nvd.nist.gov SREASON 2189 BUGTRAQ 20070124 ZixForum <= 1.14 (Zixforum.mdb) Remote Password Disclosure Vulnerability BUGTRAQ 20070124 Re: ZixForum <= 1.14 (Zixforum.mdb) Remote Password Disclosure Vulnerability ZixForum 1.14 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for Zixforum.mdb. NOTE: a followup post suggests that this issue only occurs if the administrator does not properly follow installation directions.

cpe:/a:mybb:mybb:1.2.3

CVE-2007-0544

2007-01-29T12:28:00.000-05:00

2018-10-16T12:33:14.403-04:00

6.0

NETWORK

MEDIUM

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070124 [Aria-Security Team] MyBB Cross-Site Scripting BID 22205 XF mybb-subject-field-xss(31740) Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949.

cpe:/a:maxtricity:tagger:0.1

CVE-2007-0545

2007-01-29T12:28:00.000-05:00

2018-10-16T12:33:14.903-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

NONE

http://nvd.nist.gov SREASON 2214 BUGTRAQ 20070124 Maxtricity Tagger Password Disclosure Vulnerability Maxtricity Tagger 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for tagger.mdb.

cpe:/a:toxiclab:shoutbox:1

CVE-2007-0546

2007-01-29T12:28:00.000-05:00

2018-10-16T12:33:15.107-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

NONE

http://nvd.nist.gov SREASON 2213 BUGTRAQ 20070124 Toxiclab Shoutbox Password Disclosure Vulnerability Toxiclab Shoutbox 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db.mdb.

cpe:/a:cgi-rescue:webform:4.3

CVE-2007-0547

2007-01-29T12:28:00.000-05:00

2011-03-07T21:50:15.500-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov JVN JVN#05123538 VUPEN ADV-2007-0344 Cross-site scripting (XSS) vulnerability in CGI-RESCUE WebFORM 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

cpe:/a:karjasoft:sami_http_server:2.0.1

CVE-2007-0548

2007-01-29T12:28:00.000-05:00

2017-10-18T21:30:00.473-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov XF sami-http-request-dos(31690) EXPLOIT-DB 3182 KarjaSoft Sami HTTP Server 2.0.1 allows remote attackers to cause a denial of service (daemon hang) via a large number of requests for nonexistent objects.

cpe:/a:212cafe:212cafeboard:6.30_beta

CVE-2007-0549

2007-01-29T12:28:00.000-05:00

2018-10-16T12:33:15.307-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2212 BUGTRAQ 20070121 XSS in 212cafeBoard ( Verision 0.08 & 6.30 Beta ) XF 212cafeboard-list3-xss(31650) Cross-site scripting (XSS) vulnerability in list3.php in 212cafeBoard 6.30 Beta allows remote attackers to inject arbitrary web script or HTML via the user parameter.

cpe:/a:212cafe:212cafeboard:0.08_beta

CVE-2007-0550

2007-01-29T12:28:00.000-05:00

2018-10-16T12:33:15.527-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2212 BUGTRAQ 20070121 XSS in 212cafeBoard ( Verision 0.08 & 6.30 Beta ) XF 212cafeboard-search-xss(31651) Cross-site scripting (XSS) vulnerability in search.php in 212cafeBoard 0.08 Beta allows remote attackers to inject arbitrary web script or HTML via keyword parameter.

cpe:/a:cmsmadesimple:cms_made_simple:2.7

CVE-2007-0551

2007-01-29T12:28:00.000-05:00

2018-10-16T12:33:15.763-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2195 BUGTRAQ 20070120 cmsimple 2.7 Remote File Include XF cmsimple-cms-file-include(31658) Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php in CMSimple 2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pth[file][config] and (2) pth[file][image] parameters.

cpe:/a:oh_no_not_another_cms:oh_no_not_another_cms:0.0.8.4

CVE-2007-0552

2007-01-29T12:28:00.000-05:00

2017-07-28T21:30:15.877-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

CONFIRM http://onnac.svn.sourceforge.net/viewvc/onnac/trunk/install/default/error404.html?view=log CONFIRM http://sourceforge.net/forum/forum.php?forum_id=655260 BID 22256 VUPEN ADV-2007-0347 XF onnac-error-xss(31795) Cross-site scripting (XSS) vulnerability in install/default/error404.html in Oh no! Not another CMS (Onnac) 0.0.8.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the error_url parameter.

cpe:/a:phproxy:phproxy:0.1 cpe:/a:phproxy:phproxy:0.2 cpe:/a:phproxy:phproxy:0.3 cpe:/a:phproxy:phproxy:0.4

CVE-2007-0553

2007-01-29T12:28:00.000-05:00

2011-03-07T21:50:16.110-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

CONFIRM http://sourceforge.net/project/shownotes.php?release_id=479999&group_id=110693 BID 22255 VUPEN ADV-2007-0348 Multiple cross-site scripting (XSS) vulnerabilities in index.inc.php in PHProxy before 0.5 beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) data[realm] and (2) _url parameters, different vectors than CVE-2004-2604. NOTE: some of these details are obtained from third party information.

cpe:/a:guo_xu_guos_posting_system:guo_xu_guos_posting_system:1.2

CVE-2007-0554

2007-01-29T12:28:00.000-05:00

2018-10-16T12:33:16.073-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2209 BUGTRAQ 20070125 GPS 1.2 Content Managing System (print.asp) Remote SQL Injection Vulnerability BID 22232 VUPEN ADV-2007-0353 XF gps-print-sql-injection(31759) EXPLOIT-DB 3195 SQL injection vulnerability in print.asp in Guo Xu Guos Posting System (GPS) 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

cpe:/a:postgresql:postgresql:7.3 cpe:/a:postgresql:postgresql:7.4 cpe:/a:postgresql:postgresql:8.0 cpe:/a:postgresql:postgresql:8.1 cpe:/a:postgresql:postgresql:8.2

CVE-2007-0555

2007-02-05T20:28:00.000-05:00

2018-10-16T12:33:16.683-04:00

8.5

NETWORK

LOW

SINGLE_INSTANCE

COMPLETE

NONE

COMPLETE

http://nvd.nist.gov SGI 20070201-01-P FEDORA FEDORA-2007-198 MLIST [security-announce] 20070206 rPSA-2007-0025-1 postgresql postgresql-server GENTOO GLSA-200703-15 SECTRACK 1017597 SUNALERT 102825 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-117.htm DEBIAN DSA-1261 MANDRIVA MDKSA-2007:037 SUSE SUSE-SR:2007:010 CONFIRM http://www.postgresql.org/support/security REDHAT RHSA-2007:0064 REDHAT RHSA-2007:0067 REDHAT RHSA-2007:0068 BUGTRAQ 20070206 rPSA-2007-0025-1 postgresql postgresql-server BUGTRAQ 20070208 rPSA-2007-0025-2 postgresql postgresql-server BID 22387 TRUSTIX 2007-0007 UBUNTU USN-417-2 VUPEN ADV-2007-0478 VUPEN ADV-2007-0774 XF postgresql-sqlfunctions-info-disclosure(32195) CONFIRM https://issues.rpath.com/browse/RPL-1025 CONFIRM https://issues.rpath.com/browse/RPL-830 UBUNTU USN-417-1 PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content.

cpe:/a:postgresql:postgresql:1.0 cpe:/a:postgresql:postgresql:1.01 cpe:/a:postgresql:postgresql:1.02 cpe:/a:postgresql:postgresql:1.09 cpe:/a:postgresql:postgresql:6.0 cpe:/a:postgresql:postgresql:6.1 cpe:/a:postgresql:postgresql:6.1.1 cpe:/a:postgresql:postgresql:6.2 cpe:/a:postgresql:postgresql:6.2.1 cpe:/a:postgresql:postgresql:6.3 cpe:/a:postgresql:postgresql:6.3.1 cpe:/a:postgresql:postgresql:6.3.2 cpe:/a:postgresql:postgresql:6.4 cpe:/a:postgresql:postgresql:6.4.1 cpe:/a:postgresql:postgresql:6.4.2 cpe:/a:postgresql:postgresql:6.5 cpe:/a:postgresql:postgresql:6.5.1 cpe:/a:postgresql:postgresql:6.5.2 cpe:/a:postgresql:postgresql:6.5.3 cpe:/a:postgresql:postgresql:7.0 cpe:/a:postgresql:postgresql:7.0.1 cpe:/a:postgresql:postgresql:7.0.2 cpe:/a:postgresql:postgresql:7.0.3 cpe:/a:postgresql:postgresql:7.1 cpe:/a:postgresql:postgresql:7.1.1 cpe:/a:postgresql:postgresql:7.1.2 cpe:/a:postgresql:postgresql:7.1.3 cpe:/a:postgresql:postgresql:7.2 cpe:/a:postgresql:postgresql:7.2.1 cpe:/a:postgresql:postgresql:7.2.2 cpe:/a:postgresql:postgresql:7.2.3 cpe:/a:postgresql:postgresql:7.2.4 cpe:/a:postgresql:postgresql:7.2.5 cpe:/a:postgresql:postgresql:7.2.6 cpe:/a:postgresql:postgresql:7.2.7 cpe:/a:postgresql:postgresql:7.2.8 cpe:/a:postgresql:postgresql:7.3 cpe:/a:postgresql:postgresql:7.3.1 cpe:/a:postgresql:postgresql:7.3.2 cpe:/a:postgresql:postgresql:7.3.3 cpe:/a:postgresql:postgresql:7.3.4 cpe:/a:postgresql:postgresql:7.3.5 cpe:/a:postgresql:postgresql:7.3.6 cpe:/a:postgresql:postgresql:7.3.7 cpe:/a:postgresql:postgresql:7.3.8 cpe:/a:postgresql:postgresql:7.3.9 cpe:/a:postgresql:postgresql:7.3.10 cpe:/a:postgresql:postgresql:7.3.11 cpe:/a:postgresql:postgresql:7.3.12 cpe:/a:postgresql:postgresql:7.3.13 cpe:/a:postgresql:postgresql:7.3.14 cpe:/a:postgresql:postgresql:7.3.15 cpe:/a:postgresql:postgresql:7.3.16 cpe:/a:postgresql:postgresql:7.3.17 cpe:/a:postgresql:postgresql:7.3.18 cpe:/a:postgresql:postgresql:7.4 cpe:/a:postgresql:postgresql:7.4.1 cpe:/a:postgresql:postgresql:7.4.2 cpe:/a:postgresql:postgresql:7.4.3 cpe:/a:postgresql:postgresql:7.4.4 cpe:/a:postgresql:postgresql:7.4.5 cpe:/a:postgresql:postgresql:7.4.6 cpe:/a:postgresql:postgresql:7.4.7 cpe:/a:postgresql:postgresql:7.4.8 cpe:/a:postgresql:postgresql:7.4.9 cpe:/a:postgresql:postgresql:7.4.10 cpe:/a:postgresql:postgresql:7.4.11 cpe:/a:postgresql:postgresql:7.4.12 cpe:/a:postgresql:postgresql:7.4.13 cpe:/a:postgresql:postgresql:7.4.14 cpe:/a:postgresql:postgresql:7.4.15 cpe:/a:postgresql:postgresql:7.4.16 cpe:/a:postgresql:postgresql:8.0 cpe:/a:postgresql:postgresql:8.0.1 cpe:/a:postgresql:postgresql:8.0.2 cpe:/a:postgresql:postgresql:8.0.3 cpe:/a:postgresql:postgresql:8.0.4 cpe:/a:postgresql:postgresql:8.0.5 cpe:/a:postgresql:postgresql:8.0.6 cpe:/a:postgresql:postgresql:8.0.7 cpe:/a:postgresql:postgresql:8.0.8 cpe:/a:postgresql:postgresql:8.0.9 cpe:/a:postgresql:postgresql:8.0.10 cpe:/a:postgresql:postgresql:8.1 cpe:/a:postgresql:postgresql:8.1.1 cpe:/a:postgresql:postgresql:8.1.2 cpe:/a:postgresql:postgresql:8.1.3 cpe:/a:postgresql:postgresql:8.1.4 cpe:/a:postgresql:postgresql:8.1.5 cpe:/a:postgresql:postgresql:8.1.6 cpe:/a:postgresql:postgresql:8.2 cpe:/a:postgresql:postgresql:8.2.1

CVE-2007-0556

2007-02-05T20:28:00.000-05:00

2018-10-16T12:33:20.590-04:00

6.6

NETWORK

HIGH

SINGLE_INSTANCE

COMPLETE

NONE

COMPLETE

http://nvd.nist.gov FEDORA FEDORA-2007-198 MLIST [security-announce] 20070206 rPSA-2007-0025-1 postgresql postgresql-server GENTOO GLSA-200703-15 SECTRACK 1017597 SUNALERT 102825 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-117.htm MANDRIVA MDKSA-2007:037 SUSE SUSE-SR:2007:010 CONFIRM http://www.postgresql.org/support/security REDHAT RHSA-2007:0067 REDHAT RHSA-2007:0068 BUGTRAQ 20070206 rPSA-2007-0025-1 postgresql postgresql-server BUGTRAQ 20070208 rPSA-2007-0025-2 postgresql postgresql-server BID 22387 TRUSTIX 2007-0007 UBUNTU USN-417-2 VUPEN ADV-2007-0478 VUPEN ADV-2007-0774 XF postgresql-datatype-information-disclosure(32191) CONFIRM https://issues.rpath.com/browse/RPL-1025 CONFIRM https://issues.rpath.com/browse/RPL-830 UBUNTU USN-417-1 The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server.

cpe:/a:rmake:rmake:1.0.3

CVE-2007-0557

2007-01-29T17:28:00.000-05:00

2008-11-15T01:41:02.530-05:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM https://issues.rpath.com/browse/RPL-1002 rMake before 1.0.4 drops root privileges in a way that retains the original supplemental groups, which might allow attackers to gain privileges via a crafted recipe file, a different vulnerability than CVE-2007-0536.

cpe:/a:inter7:vhostadmin:1.0

CVE-2007-0558

2007-01-30T11:28:00.000-05:00

2017-10-18T21:30:00.567-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0339 EXPLOIT-DB 3191 PHP remote file inclusion vulnerability in modules/mail/main.php in Inter7 vHostAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the MODULES_DIR parameter.

cpe:/a:rp_world:rp_world:1.0.2

CVE-2007-0559

2007-01-30T11:28:00.000-05:00

2017-10-18T21:30:00.613-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0342 EXPLOIT-DB 3185 PHP remote file inclusion vulnerability in config.php in RPW 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the sql_language parameter.

cpe:/a:asp_edge:asp_edge:1.2b

CVE-2007-0560

2007-01-30T11:28:00.000-05:00

2018-10-16T12:33:25.090-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070125 ASP EDGE <= V1.2b (user.asp) Remote SQL Injection Vulnerability BID 22212 VUPEN ADV-2007-0341 XF aspedge-user-sql-injection(31723) EXPLOIT-DB 3186 SQL injection vulnerability in user.asp in ASP EDGE 1.2b and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter.

cpe:/a:xero_portal:xero_portal:1.2

CVE-2007-0561

2007-01-30T11:28:00.000-05:00

2018-10-16T12:33:25.683-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070125 Xero Portal v1.2 (phpbb_root_path) Remote File Include Vulnerablity BID 22227 VUPEN ADV-2007-0338 XF xero-multiple-scripts-file-include(31767) EXPLOIT-DB 3192 Multiple PHP remote file inclusion vulnerabilities in Xero Portal 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) admin_linkdb.php, (2) admin_forum_prune.php, (3) admin_extensions.php, (4) admin_board.php, (5) admin_attachments.php, or (6) admin_users.php in admin/.

cpe:/a:microsoft:windows_explorer:6.00.2900.2180

CVE-2007-0562

2007-01-30T11:28:00.000-05:00

2017-10-18T21:30:00.817-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov EXPLOIT-DB 3190 Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .avi file, which triggers the crash when the user right clicks on the file.

cpe:/a:symantec:web_security:3.0.1.72 cpe:/a:symantec:web_security:3.01.59 cpe:/a:symantec:web_security:3.01.60 cpe:/a:symantec:web_security:3.01.61 cpe:/a:symantec:web_security:3.01.62 cpe:/a:symantec:web_security:3.01.63 cpe:/a:symantec:web_security:3.01.67 cpe:/a:symantec:web_security:3.01.68

CVE-2007-0563

2007-01-30T11:28:00.000-05:00

2017-07-28T21:30:16.267-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://securityresponse.symantec.com/avcenter/security/Content/2007.01.24c.html SECTRACK 1017558 BID 22184 VUPEN ADV-2007-0330 XF symantec-html-xss(31750) Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web Security (SWS) before 3.0.1.85 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) error messages and (2) blocked page messages produced by SWS.

CVE-2007-0564

2007-01-30T11:28:00.000-05:00

2011-03-07T21:50:17.703-05:00

4.0

NETWORK

LOW

SINGLE_INSTANCE

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://securityresponse.symantec.com/avcenter/security/Content/2007.01.24c.html SECTRACK 1017558 VUPEN ADV-2007-0330 The license registering interface in Symantec Web Security (SWS) before 3.0.1.85 allows attackers to cause a denial of service (CPU consumption) by submitting a large file.

cpe:/a:cgi-rescue:shopping_basket_professional:7.50

CVE-2007-0565

2007-01-30T11:28:00.000-05:00

2008-11-15T01:41:05.170-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

JVN JVN#82258242 BID 22245 CGI-Rescue Shopping Basket Professional 7.50 and earlier allows remote attackers to inject arbitrary operating system commands via unspecified vectors.

cpe:/a:asp_news:asp_news:3

CVE-2007-0566

2007-01-30T11:28:00.000-05:00

2018-10-16T12:33:26.607-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070125 ASP NEWS <= V3 (news_detail.asp) Remote SQL Injection Vulnerability BID 22214 VUPEN ADV-2007-0340 XF aspnews-newsdetail-sql-injection(31719) EXPLOIT-DB 3187 SQL injection vulnerability in news_detail.asp in ASP NEWS 3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

cpe:/a:interactive-scripts.com:php_membership_manager:1.5

CVE-2007-0567

2007-01-30T12:28:00.000-05:00

2018-10-16T12:33:27.090-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070126 PHP Membership Manager Cross-Site Scripting Vulnerability BID 22263 XF phpmembership-admin-xss(31916) Cross-site scripting (XSS) vulnerability in admin.php in Interactive-Scripts.Com PHP Membership Manager 1.5 allows remote attackers to inject arbitrary web script or HTML via the _p parameter.

cpe:/a:myphpcommander:myphpcommander:2.0

CVE-2007-0568

2007-01-30T12:28:00.000-05:00

2017-10-18T21:30:00.940-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22257 VUPEN ADV-2007-0385 XF myphpcommander-package-file-include(31906) EXPLOIT-DB 3201 PHP remote file inclusion vulnerability in system/lib/package.php in MyPHPCommander 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the gl_root parameter.

cpe:/a:x-dev:xnews:1.3

CVE-2007-0569

2007-01-30T12:28:00.000-05:00

2017-10-18T21:30:01.207-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22284 XF xnews-xnews-sql-injection(31855) EXPLOIT-DB 3216 SQL injection vulnerability in xNews.php in xNews 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a shownews action.

cpe:/a:johannes_gijsbers:ad_fundum_integratable_news_script:0.02b

CVE-2007-0570

2007-01-30T12:28:00.000-05:00

2017-10-18T21:30:01.270-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22259 VUPEN ADV-2007-0384 XF ains-ainsmain-file-include(31850) EXPLOIT-DB 3202 PHP remote file inclusion vulnerability in ains_main.php in Johannes Gijsbers (aka Taradino) Ad Fundum Integratable News Script (AINS) 0.02b allows remote attackers to execute arbitrary PHP code via a URL in the ains_path parameter.

cpe:/a:phpmyreports:phpmyreports:3.0.11

CVE-2007-0571

2007-01-30T12:28:00.000-05:00

2017-10-18T21:30:01.333-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22290 VUPEN ADV-2007-0386 XF phpmyreports-libhead-file-include(31857) EXPLOIT-DB 3212 PHP remote file inclusion vulnerability in include/lib/lib_head.php in phpMyReports 3.0.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfgPathModule parameter.

cpe:/a:drunken_golem:gaming_portal:0.5.1_alpha_2

CVE-2007-0572

2007-01-30T12:28:00.000-05:00

2017-10-18T21:30:01.393-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0390 XF drunkengolem-phpirc-file-include(31873) EXPLOIT-DB 3207 PHP remote file inclusion vulnerability in include/irc/phpIRC.php in Drunken:Golem Gaming Portal 0.5.1 Alpha 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

cpe:/a:nsgalphp:nsgalphp:0.41

CVE-2007-0573

2007-01-30T12:28:00.000-05:00

2017-10-18T21:30:01.457-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MLIST VIM 20070130 Source VERIFY: nsGalPHP RFI BID 22277 VUPEN ADV-2007-0392 XF nsgalphp-config-file-include(31861) EXPLOIT-DB 3205 PHP remote file inclusion vulnerability in includes/config.inc.php in nsGalPHP 0.41 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the racineTBS parameter.

cpe:/a:spoonlabs:vivvo_article_management_cms:3.40

CVE-2007-0574

2007-01-30T12:28:00.000-05:00

2008-11-13T01:32:19.190-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22282 SQL injection vulnerability in rss/show_webfeed.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.40 allows remote attackers to execute arbitrary SQL commands via the wcHeadlines parameter, a different vector than CVE-2006-4715. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:stefan_holmberg:admentor

CVE-2007-0575

2007-01-30T12:28:00.000-05:00

2018-10-16T12:33:27.403-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://forums.avenir-geopolitique.net/viewtopic.php?t=2606 SREASON 2207 BUGTRAQ 20070127 AdMentor (banners) admin SQL injection BUGTRAQ 20070220 AdMentor Script Remote SQL injection Exploit BID 22281 XF admentor-adminlogin-sql-injection(31908) Multiple SQL injection vulnerabilities in the administrative login page (admin/login.asp) in ASPCode.net AdMentor allow remote attackers to execute arbitrary SQL commands via the (1) Userid and (2) Password fields.

cpe:/a:xt-stats:xt-stats:2.3.0 cpe:/a:xt-stats:xt-stats:2.4.0.b3

CVE-2007-0576

2007-01-30T12:28:00.000-05:00

2017-10-18T21:30:01.520-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070127 Xt-Stats v.2.4.0.b3 - Remote File Include Vulnerabilities BID 22276 VUPEN ADV-2007-0387 CONFIRM http://www.xt-scripts.com/ XF xtstats-xtcounter-file-include(31871) EXPLOIT-DB 3209 PHP remote file inclusion vulnerability in xt_counter.php in Xt-Stats 2.3.x up to 2.4.0.b3 allows remote attackers to execute arbitrary PHP code via a URL in the server_base_dir parameter.

cpe:/a:acgvclick:acgvclick:0.2.0

CVE-2007-0577

2007-01-30T12:28:00.000-05:00

2017-10-18T21:30:01.567-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22278 VUPEN ADV-2007-0391 XF acgvclick-function-file-include(31859) EXPLOIT-DB 3206 PHP remote file inclusion vulnerability in function.inc.php in ACGVclick 0.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.

cpe:/a:mpg123:mpg123:0.59m cpe:/a:mpg123:mpg123:0.59n cpe:/a:mpg123:mpg123:0.59o cpe:/a:mpg123:mpg123:0.59p cpe:/a:mpg123:mpg123:0.59q cpe:/a:mpg123:mpg123:0.59r cpe:/a:mpg123:mpg123:0.59s cpe:/a:mpg123:mpg123:0.62 cpe:/a:mpg123:mpg123:0.63 cpe:/a:mpg123:mpg123:pre0.59s cpe:/a:mpg123:mpg123:pre0.59s_r11

CVE-2007-0578

2007-01-30T12:28:00.000-05:00

2011-03-07T21:50:19.533-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://sourceforge.net/project/shownotes.php?group_id=135704&release_id=478747 MANDRIVA MDKSA-2007:032 CONFIRM http://www.mpg123.de/cgi-bin/news.cgi BID 22274 VUPEN ADV-2007-0366 The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early.

cpe:/a:horde:groupware:1.0_rc2 cpe:/a:horde:groupware:1.0_rc3

CVE-2007-0579

2007-01-30T12:28:00.000-05:00

2017-07-28T21:30:16.877-04:00

5.1

NETWORK

HIGH

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MLIST [horde-announce] 20070114 Horde Groupware 1.0 (final) MLIST [horde-announce] 20070114 Horde Groupware Webmail Edition 1.0 (final) BID 22273 VUPEN ADV-2007-0368 XF horde-calendar-file-include(31849) Unspecified vulnerability in the calendar component in Horde Groupware Webmail Edition before 1.0, and Groupware before 1.0, allows remote attackers to include certain files via unspecified vectors. NOTE: some of these details are obtained from third party information.

cpe:/a:javier_suarez_sanz:foro_domus:2.10

CVE-2007-0580

2007-01-30T12:28:00.000-05:00

2017-10-18T21:30:01.627-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22285 VUPEN ADV-2007-0396 XF forodomus-menu-file-include(31853) EXPLOIT-DB 3215 PHP remote file inclusion vulnerability in menu.php in Foro Domus 2.10 allows remote attackers to execute arbitrary PHP code via a URL in the sesion_idioma parameter.

cpe:/a:eclipsebb:eclipsebb:0.5.0_lite

CVE-2007-0581

2007-01-30T12:28:00.000-05:00

2018-10-16T12:33:27.887-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070418 EclipseBB Remote File Inclusion BID 22283 VUPEN ADV-2007-0397 XF eclipsebb-functions-file-include(31852) EXPLOIT-DB 3214 PHP remote file inclusion vulnerability in functions.php in EclipseBB 0.5.0 Lite allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

cpe:/a:chernobile:chernobile:1.0

CVE-2007-0582

2007-01-30T12:28:00.000-05:00

2017-10-18T21:30:01.737-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22280 XF chernobile-default-sql-injection(31939) EXPLOIT-DB 3210 SQL injection vulnerability in default.asp in ChernobiLe 1.0 allows remote attackers to execute arbitrary SQL commands via the User (username) field.

cpe:/a:http_commander:http_commander:6.0

CVE-2007-0583

2007-01-30T12:28:00.000-05:00

2017-07-28T21:30:17.077-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 22298 XF httpcommander-multiple-xss(31877) Multiple cross-site scripting (XSS) vulnerabilities in HTTP Commander 6.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) LogoffMessage parameter to logofflast.aspx or the (2) txtUsername parameter to Default.aspx. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:g-neric:php_generic_library_and_framework

CVE-2007-0584

2007-01-30T12:28:00.000-05:00

2018-10-16T12:33:28.513-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070129 PhP Generic library & framework (include_path) Remote File Include Exploit BID 22287 VUPEN ADV-2007-0394 XF phpgeneric-membremanager-file-include(31895) EXPLOIT-DB 3217 PHP remote file inclusion vulnerability in membres/membreManager.php in PhP Generic Library & Framework for comm (g-neric) allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.

cpe:/a:webfwlog:webfwlog:0.92

CVE-2007-0585

2007-01-30T12:28:00.000-05:00

2018-08-13T17:47:28.650-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://webfwlog.cvs.sourceforge.net/*checkout*/webfwlog/webfwlog/ChangeLog BID 22291 VUPEN ADV-2007-0399 XF webfwlog-debug-file-include(31881) EXPLOIT-DB 3222 include/debug.php in Webfwlog 0.92 and earlier, when register_globals is enabled, allows remote attackers to obtain source code of files via the conffile parameter. NOTE: some of these details are obtained from third party information. It is likely that this issue can be exploited to conduct directory traversal attacks.

cpe:/a:apple:quicktime:7.1.3 cpe:/o:apple:mac_os_x:10.4.8

CVE-2007-0588

2007-01-30T13:28:00.000-05:00

2013-08-15T01:21:18.897-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://docs.info.apple.com/article.html?artnum=305214 APPLE APPLE-SA-2007-03-13 MISC http://security-protocols.com/sp-x43-advisory.php CERT-VN VU#396820 BID 22228 SECTRACK 1017760 CERT TA07-072A VUPEN ADV-2007-0930 The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. NOTE: this issue might overlap CVE-2007-0462.

cpe:/a:forum_livre:forum_livre:1.0

CVE-2007-0589

2007-01-30T13:28:00.000-05:00

2017-10-18T21:30:01.910-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov EXPLOIT-DB 3197 SQL injection vulnerability in Forum Livre 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to info_user.asp.

cpe:/a:forum_livre:forum_livre:1.0

CVE-2007-0590

2007-01-30T13:28:00.000-05:00

2017-10-18T21:30:01.957-04:00

5.8

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov EXPLOIT-DB 3197 Cross-site scripting (XSS) vulnerability in busca2.asp in Forum Livre 1.0 remote attackers to inject arbitrary web script or HTML via the palavra parameter.

cpe:/a:vu_le_an:virtual_path:1.0

CVE-2007-0591

2007-01-30T13:28:00.000-05:00

2017-10-18T21:30:02.020-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22241 VUPEN ADV-2007-0352 EXPLOIT-DB 3198 PHP remote file inclusion vulnerability in configure.php in Vu Le An Virtual Path (VirtualPath) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

cpe:/a:indexcor:ezdatabase:2.1.3

CVE-2007-0592

2007-01-30T13:28:00.000-05:00

2018-10-16T12:33:30.073-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov SREASON 2196 BUGTRAQ 20070125 EzDatabase Multiple Cross-Site Scripting Vulnerability BID 22235 XF ezdatabase-adminpanel-xss(31768) Cross-site scripting (XSS) vulnerability in EzDatabase 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to admin/login.php and the Admin Panel Database.

cpe:/a:siteman:siteman:1.1.11

CVE-2007-0593

2007-01-30T13:28:00.000-05:00

2018-10-16T12:33:30.417-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2205 BUGTRAQ 20070125 [x0n3-h4ck] Siteman 1.1.11 Remote Md5 Hash Disclosure Vulnerability BID 31440 XF siteman-members-information-disclosure(31780) XF siteman-members-info-disclosure(45485) Siteman 1.1.11 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for data/members.txt.

cpe:/a:siteman:siteman:2.0.x2

CVE-2007-0594

2007-01-30T13:28:00.000-05:00

2018-10-16T12:33:30.980-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2206 BUGTRAQ 20070125 [x0n3-h4ck] Siteman 2.0.x2 Remote Md5 Hash Disclosure Vulnerability Siteman 2.0.x2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for db/siteman/users.MYD.

cpe:/a:designmind:high5_review_script

CVE-2007-0595

2007-01-30T13:28:00.000-05:00

2018-10-16T12:33:31.183-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BUGTRAQ 20070125 high5 Review script Security Risk VUPEN ADV-2007-0363 XF high5review-search-xss(31797) Cross-site scripting (XSS) vulnerability in search in High 5 Review Site allows remote attackers to inject arbitrary web script or HTML via the q parameter (aka the search box).

cpe:/a:aztek_forum:aztek_forum:4.0

CVE-2007-0596

2007-01-30T13:28:00.000-05:00

2018-10-16T12:33:31.543-04:00

6.0

NETWORK

MEDIUM

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://acid-root.new.fr/poc/21070125.txt BUGTRAQ 20070125 Aztek Forum 4.1 Multiple Vulnerabilities Exploit BUGTRAQ 20070125 Re: Aztek Forum 4.1 Multiple Vulnerabilities Exploit PHP remote file inclusion vulnerability in index/main.php in Aztek Forum 4.00 allows remote authenticated administrators to execute arbitrary PHP code via a URL in the PF[top_url] parameter.

cpe:/a:aztek_forum:aztek_forum:4.0

CVE-2007-0597

2007-01-30T13:28:00.000-05:00

2018-10-16T12:33:31.840-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov MISC http://acid-root.new.fr/poc/21070125.txt BUGTRAQ 20070125 Aztek Forum 4.1 Multiple Vulnerabilities Exploit BUGTRAQ 20070125 Re: Aztek Forum 4.1 Multiple Vulnerabilities Exploit Aztek Forum 4.00 allows remote attackers to obtain sensitive information via a direct request to forum.php with the fid=XD query string, which reveals the path in an error message.

cpe:/a:aztek_forum:aztek_forum:4.0

CVE-2007-0598

2007-01-30T13:28:00.000-05:00

2018-10-16T12:33:32.137-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

cpe:/a:aztek_forum:aztek_forum:4.0

CVE-2007-0599

2007-01-30T13:28:00.000-05:00

2018-10-16T12:33:32.433-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://acid-root.new.fr/poc/21070125.txt BUGTRAQ 20070125 Aztek Forum 4.1 Multiple Vulnerabilities Exploit BUGTRAQ 20070125 Re: Aztek Forum 4.1 Multiple Vulnerabilities Exploit Variable overwrite vulnerability in common/config.php in Aztek Forum 4.00 allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as copying arbitrary files using index/common_actions.php, via vectors associated with extract operations on the (1) POST, (2) GET, (3) COOKIE, and (4) SERVER superglobal arrays.

cpe:/a:makit:newsposter_script:0 cpe:/a:martyn_kilbryde:newsposter_script:3

CVE-2007-0600

2007-01-30T13:28:00.000-05:00

2018-10-16T12:33:32.747-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2208 BUGTRAQ 20070125 makit news/blog poster <=v3(news_page.asp) Remote SQL Injection Vulnerability BID 22230 VUPEN ADV-2007-0354 XF newsposter-newspage-sql-injection(31747) EXPLOIT-DB 3194 SQL injection vulnerability in news_page.asp in Martyn Kilbryde Newsposter Script (aka makit news/blog poster) 3 and earlier allows remote attackers to execute arbitrary SQL commands via the uid parameter.

cpe:/a:aztek_forum:aztek_forum:4.0

CVE-2007-0601

2007-01-30T13:28:00.000-05:00

2018-10-16T12:33:33.387-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://acid-root.new.fr/poc/21070125.txt BUGTRAQ 20070125 Aztek Forum 4.1 Multiple Vulnerabilities Exploit BUGTRAQ 20070125 Re: Aztek Forum 4.1 Multiple Vulnerabilities Exploit common/safety.php in Aztek Forum 4.00 allows remote attackers to enter certain data containing %22 sequences (URL encoded double quotes) and other potentially dangerous manipulations by sending a cookie, which bypasses the blacklist matching against the GET and PUT superglobal arrays.

cpe:/a:trend_micro:viruswall:3.81

CVE-2007-0602

2007-01-30T13:28:00.000-05:00

2018-10-16T12:33:33.700-04:00

6.9

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034124&id=EN-1034124 SREASON 2204 SECTRACK 1017562 MISC http://www.devtarget.org/tmvwall381v3_exp.c MISC http://www.devtarget.org/trendmicro-advisory-01-2007.txt BUGTRAQ 20070125 Buffer overflow in VSAPI library of Trend Micro VirusWall 3.81 for Linux VUPEN ADV-2007-0367 Buffer overflow in libvsapi.so in the VSAPI library in Trend Micro VirusWall 3.81 for Linux, as used by IScan.BASE/vscan, allows local users to gain privileges via a long command line argument, a different vulnerability than CVE-2005-0533.

cpe:/a:pgp:corporate_desktop:9.5

CVE-2007-0603

2007-01-30T13:28:00.000-05:00

2018-10-16T12:33:34.200-04:00

7.1

NETWORK

HIGH

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

VULNWATCH 20070125 Medium Risk Vulnerability in PGP Desktop SREASON 2203 SECTRACK 1017563 CERT-VN VU#102465 MISC http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-pgp-desktop/ BUGTRAQ 20070125 Medium Risk Vulnerability in PGP Desktop BID 22247 VUPEN ADV-2007-0356 PGP Desktop before 9.5.1 does not validate data objects received over the (1) \pipe\pgpserv named pipe for PGPServ.exe or the (2) \pipe\pgpsdkserv named pipe for PGPsdkServ.exe, which allows remote authenticated users to gain privileges by sending a data object representing an absolute pointer, which causes code execution at the corresponding address.

cpe:/a:six_apart_ltd:movable_type:3.33

CVE-2007-0604

2007-01-30T13:28:00.000-05:00

2008-11-15T01:41:12.420-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://www.sixapart.com/movabletype/beta/distros/MT-3.34-beta-Release-Notes.html Cross-site scripting (XSS) vulnerability in Movable Type (MT) before 3.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the MTCommentPreviewIsStatic tag, which can open the "comment entry screen," a different vulnerability than CVE-2007-0231.

cpe:/a:advanced_guestbook:advanced_guestbook:2.4.2

CVE-2007-0605

2007-05-09T13:19:00.000-04:00

2018-10-16T12:33:34.870-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2663 MISC http://www.netvigilance.com/advisory0012 BUGTRAQ 20070507 Advanced Guestbook version 2.4.2 Multiple XSS Attack Vulnerabilities BID 23873 VUPEN ADV-2007-1726 XF advanced-picture-index-xss(34156) Cross-site scripting (XSS) vulnerability in picture.php in Advanced Guestbook 2.4.2 allows remote attackers to inject arbitrary web script or HTML via the picture parameter.

cpe:/a:w-agora:w-agora:4.2.1

CVE-2007-0606

2007-03-21T15:19:00.000-04:00

2018-10-16T12:33:35.467-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2461 MISC http://www.netvigilance.com/advisory0014 BUGTRAQ 20070319 w-agora version 4.2.1 Multiple Path Disclosure Vulnerabilities XF wagora-deleteforumindex-path-disclosure(33076) w-agora 4.2.1 allows remote attackers to obtain sensitive information by via the (1) bn[] array parameter to index.php, which expects a string, and (2) certain parameters to delete_forum.php, which displays the path name in the resulting error message.

cpe:/a:w-agora:w-agora:4.2.1

CVE-2007-0607

2007-03-20T16:19:00.000-04:00

2018-10-16T12:33:35.917-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov FULLDISC 20070319 w-agora version 4.2.1 Information Disclosure Vulnerability SREASON 2465 MISC http://www.netvigilance.com/advisory0015 BUGTRAQ 20070319 w-agora version 4.2.1 Information Disclosure Vulnerability XF wagora-globals-information-disclosure(33073) W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores globals.inc under the web document root with insufficient access control, which allows remote attackers to obtain application path information via a direct request.

cpe:/a:advanced_guestbook:advanced_guestbook:2.4.2

CVE-2007-0608

2007-05-09T13:19:00.000-04:00

2018-10-16T12:33:36.387-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

NONE

http://nvd.nist.gov SREASON 2661 MISC http://www.netvigilance.com/advisory0011 BUGTRAQ 20070507 Advanced Guestbook version 2.4.2 Multiple Error Information Leak Vulnerabilities VUPEN ADV-2007-1726 XF advanced-multiple-script-info-disclosure(34161) Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive information via an invalid (1) GB_TBL parameter to (a) lang/codes-english.php or (b) image.php, which reveal the database name; (2) an invalid GB_DB parameter to index.php, coupled with a ../index lang cookie, which reveals the installation path; or (3) a direct request to index.php with no parameters or cookies, which reveals the installation path.

cpe:/a:advanced_guestbook:advanced_guestbook:2.4.2

CVE-2007-0609

2007-05-09T13:19:00.000-04:00

2018-10-16T12:33:37.107-04:00

5.1

NETWORK

HIGH

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2662 MISC http://www.netvigilance.com/advisory0012 MISC http://www.netvigilance.com/advisory0013 BUGTRAQ 20070507 Advanced Guestbook version 2.4.2 Multiple XSS Attack Vulnerabilities BUGTRAQ 20070507 Advanced Guestbook version 2.4.2 Directory Traversal Vulnerability BID 23876 VUPEN ADV-2007-1726 XF advanced-index-directory-traversal(34152) Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. (dot dot) in a lang cookie, followed by a filename without its .php extension, as demonstrated via a request to index.php.

cpe:/a:cmsmadesimple:cms_made_simple:2.7

CVE-2007-0610

2007-01-30T20:28:00.000-05:00

2017-07-28T21:30:17.703-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BID 22250 XF cmsimple-sender-xss(31841) Cross-site scripting (XSS) vulnerability in the mailform feature in CMSimple 2.7 fix1 allows remote attackers to inject arbitrary web script or HTML via the sender parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:free_lan_intra_internet_portal:free_lan_intra_internet_portal:1.0_rc1

CVE-2007-0611

2007-01-30T20:28:00.000-05:00

2011-03-07T21:50:23.500-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://sourceforge.net/project/shownotes.php?release_id=480714&group_id=98260 VUPEN ADV-2007-0360 Multiple cross-site scripting (XSS) vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) inc.page.php and (2) inc.text.php.

cpe:/a:microsoft:ie:5.0.1 cpe:/a:microsoft:ie:5.0.1:sp1 cpe:/a:microsoft:ie:5.0.1:sp4 cpe:/a:microsoft:ie:5.0_ta3 cpe:/a:microsoft:ie:5.5 cpe:/a:microsoft:ie:6.0 cpe:/a:microsoft:ie:6.0:sp1 cpe:/a:microsoft:ie:7.0::vista cpe:/a:microsoft:ie:7.0:beta1 cpe:/a:microsoft:ie:7.0:beta2

CVE-2007-0612

2007-01-31T06:28:00.000-05:00

2018-10-16T12:33:37.840-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov FULLDISC 20070128 Internet Explorer 7 ActiveX bgColor property NULL pointer dereference (DoS) FULLDISC 20070129 Internet Explorer 7 ActiveX bgColor property NULL pointer dereference (DoS) SREASON 2199 MISC http://www.determina.com/security.research/vulnerabilities/activex-bgcolor.html BUGTRAQ 20070129 Internet Explorer 7 ActiveX bgColor property NULL pointer dereference (DoS) BID 22288 XF ie-activex-bgcolor-dos(31867) Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll; or the (12) TriEditDocument.TriEditDocument or (13) TriEditDocument.TriEditDocument.1 objects in (b) triedit.dll, which cause a NULL pointer dereference.

cpe:/a:apple:ichat:3.1.6 cpe:/a:apple:instant_message_framework:428 cpe:/a:apple:mdnsresponder

CVE-2007-0613

2007-01-31T06:28:00.000-05:00

2008-09-05T17:18:21.727-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-31T17:24:00.000-05:00

MISC http://projects.info-pull.com/moab/MOAB-29-01-2007.html BID 22304 The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 does not check for duplicate entries when adding newly discovered available contacts, which allows remote attackers to cause a denial of service (disrupted communication) via a flood of duplicate _presence._tcp mDNS queries.

cpe:/a:apple:ichat:3.1.6 cpe:/a:apple:instant_message_framework:428 cpe:/o:apple:mac_os_x:10.4.8

CVE-2007-0614

2007-01-31T06:28:00.000-05:00

2008-09-05T17:18:21.880-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2007-01-31T17:34:00.000-05:00

CONFIRM http://docs.info.apple.com/article.html?artnum=305102 APPLE APPLE-SA-2007-02-15 MISC http://projects.info-pull.com/moab/MOAB-29-01-2007.html BID 22304 SECTRACK 1017661 The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (persistent application crash) via a crafted phsh hash attribute in a TXT key.

cpe:/a:hitachi:hibun_advanced_edition_server:r-1v13-06w001f1 cpe:/a:hitachi:jpi_hibun_advanced_edition_server:r_1543h_11

CVE-2007-0615

2007-01-31T06:28:00.000-05:00

2017-07-28T21:30:17.797-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://www.hitachi-support.com/security_e/vuls_e/HS06-019_e/01-e.html BID 22237 VUPEN ADV-2007-0324 XF hitachi-jp1-hibun-request-dos(31733) Unspecified vulnerability in Hitachi JP1/HIBUN Advanced Edition Management Server and Log Server before 20070124 allows remote attackers to cause a denial of service (application stop) via unexpected data.

cpe:/a:zenphoto:zenphoto:1.0.4 cpe:/a:zenphoto:zenphoto:1.0.5 cpe:/a:zenphoto:zenphoto:1.0.6

CVE-2007-0616

2007-01-31T06:28:00.000-05:00

2017-07-28T21:30:17.843-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

NONE

http://nvd.nist.gov BID 22368 VUPEN ADV-2007-0470 MISC http://www.zenphoto.org/support/topic.php?id=1146&replies=3 CONFIRM http://www.zenphoto.org/support/topic.php?id=1148 XF zenphoto-template-directory-traversal(32102) Directory traversal vulnerability in zen/template-functions.php in zenphoto 1.0.4 up to 1.0.6 allows remote attackers to list arbitrary directories via ".." sequences in the album parameter to index.php.

cpe:/a:earthlink:total_access

CVE-2007-0617

2007-01-31T06:28:00.000-05:00

2017-07-28T21:30:17.937-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov FULLDISC 20070125 Earthlink TotalAccess ActiveX Unsafe Methods Vulnerability SREASON 2210 BID 22238 XF earthlink-spamblocker-security-bypass(31827) The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked "safe for scripting," which allows remote attackers to add arbitrary e-mail addresses and domains to the spam blocker whitelist via the (1) AddSenderToWhitelist and (2) AddDomainToWhitelist functions.

cpe:/o:ibm:aix:5.3.0

CVE-2007-0618

2007-01-31T06:28:00.000-05:00

2017-07-28T21:30:18.017-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov CONFIRM ftp://aix.software.ibm.com/aix/efixes/security/README BID 22262 VUPEN ADV-2007-0382 AIXAPAR IY93084 XF aix-mailservices-rlogin-security-bypass(31875) Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."

cpe:/a:chmlib:chmlib:0.38

CVE-2007-0619

2007-01-31T06:28:00.000-05:00

2011-03-07T21:50:24.687-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

IDEFENSE 20070126 Multiple Vendor libchm Page Block Length Memory Corruption Vulnerability CONFIRM http://morte.jedrea.com/~jedwin/projects/chmlib/ GENTOO GLSA-200702-12 SECTRACK 1017565 SUSE SUSE-SR:2007:003 BID 22258 VUPEN ADV-2007-0361 chmlib before 0.39 allows user-assisted remote attackers to execute arbitrary code via a crafted page block length in a CHM file, which triggers memory corruption.

cpe:/a:vlad_leont:fd_script:1.3 cpe:/a:vlad_leont:fd_script:1.3.1 cpe:/a:vlad_leont:fd_script:1.3.2

CVE-2007-0620

2007-01-31T06:28:00.000-05:00

2018-10-16T12:33:38.467-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2197 BUGTRAQ 20070126 FdScript <= v1.3.2 Remote File Disclosure Vulnerability BID 22265 VUPEN ADV-2007-0383 XF fdscript-download-file-disclosure(31915) download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php.

CVE-2007-0621

2007-01-31T12:28:00.000-05:00

2008-09-10T20:49:43.820-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-6456. Reason: This candidate is a duplicate of CVE-2006-6456. It was assigned for a targeted zero-day attack, but further analysis revealed it was for an older issue. Notes: All CVE users should reference CVE-2006-6456 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

cpe:/a:mybb:mybb:1.2.2

CVE-2007-0622

2007-01-31T13:28:00.000-05:00

2008-11-15T01:41:15.217-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov Cross-site request forgery (CSRF) vulnerability in MyBB (aka MyBulletinBoard) 1.2.2 allows remote attackers to send messages to arbitrary users. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:maxdev:mdpro:1.0.76

CVE-2007-0623

2007-01-31T13:28:00.000-05:00

2018-10-16T12:33:38.950-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2198 BUGTRAQ 20070129 MDPro 1.0.76 - Multiple Remote Vulnerabilities BID 22293 VUPEN ADV-2007-0412 XF mdpro-startrow-sql-injection(31897) SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows remote attackers to execute arbitrary SQL commands via the startrow parameter.

cpe:/a:maxdev:mdpro:1.0.76

CVE-2007-0624

2007-01-31T13:28:00.000-05:00

2018-10-16T12:33:39.450-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2198 BUGTRAQ 20070129 MDPro 1.0.76 - Multiple Remote Vulnerabilities XF mdpro-user-path-disclosure(31898) user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the full path via a ' (quote) character, and possibly other invalid values, in the uname parameter in a userinfo operation.

cpe:/a:nomachine:nx_server:2.1.0_17

CVE-2007-0625

2007-01-31T13:28:00.000-05:00

2017-07-28T21:30:18.237-04:00

4.9

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://www.nomachine.com/news_read.php?idnews=190 CONFIRM http://www.nomachine.com/tr/view.php?id=TR01E01622 BID 22308 VUPEN ADV-2007-0413 XF nxserver-nxconfigure-dos(31941) nxconfigure.sh in NoMachine NX Server before 2.1.0-18 does not validate the invoking user, which allows local users to modify server configuration keys in /usr/NX/etc/server.cfg, resulting in an unspecified denial of service.

cpe:/a:drupal:drupal:4.1.0 cpe:/a:drupal:drupal:4.2.0 cpe:/a:drupal:drupal:4.3.0 cpe:/a:drupal:drupal:4.3.1 cpe:/a:drupal:drupal:4.3.2 cpe:/a:drupal:drupal:4.4.0 cpe:/a:drupal:drupal:4.4.1 cpe:/a:drupal:drupal:4.4.2 cpe:/a:drupal:drupal:4.4.3 cpe:/a:drupal:drupal:4.5.0 cpe:/a:drupal:drupal:4.5.1 cpe:/a:drupal:drupal:4.5.2 cpe:/a:drupal:drupal:4.5.3 cpe:/a:drupal:drupal:4.5.4 cpe:/a:drupal:drupal:4.5.5 cpe:/a:drupal:drupal:4.5.6 cpe:/a:drupal:drupal:4.5.7 cpe:/a:drupal:drupal:4.5.8 cpe:/a:drupal:drupal:4.6.0 cpe:/a:drupal:drupal:4.6.1 cpe:/a:drupal:drupal:4.6.2 cpe:/a:drupal:drupal:4.6.3 cpe:/a:drupal:drupal:4.6.4 cpe:/a:drupal:drupal:4.6.5 cpe:/a:drupal:drupal:4.6.6 cpe:/a:drupal:drupal:4.6.7 cpe:/a:drupal:drupal:4.6.8 cpe:/a:drupal:drupal:4.6.9 cpe:/a:drupal:drupal:4.6.10 cpe:/a:drupal:drupal:4.6.11 cpe:/a:drupal:drupal:4.7.0 cpe:/a:drupal:drupal:4.7.0:beta3 cpe:/a:drupal:drupal:4.7.0:beta4 cpe:/a:drupal:drupal:4.7.0:beta5 cpe:/a:drupal:drupal:4.7.0:beta6 cpe:/a:drupal:drupal:4.7.0:rc1 cpe:/a:drupal:drupal:4.7.0:rc2 cpe:/a:drupal:drupal:4.7.0:rc3 cpe:/a:drupal:drupal:4.7.0:rc4 cpe:/a:drupal:drupal:4.7.1 cpe:/a:drupal:drupal:4.7.2 cpe:/a:drupal:drupal:4.7.3 cpe:/a:drupal:drupal:4.7.4 cpe:/a:drupal:drupal:4.7.5 cpe:/a:drupal:drupal:5.0 cpe:/a:drupal:drupal:5.0:beta1 cpe:/a:drupal:drupal:5.0:beta2 cpe:/a:drupal:drupal:5.0:dev cpe:/a:drupal:drupal:5.0:rc1 cpe:/a:drupal:drupal:5.0:rc2 cpe:/a:vbdrupal:vbdrupal:-

CVE-2007-0626

2007-01-31T13:28:00.000-05:00

2018-10-19T13:45:09.170-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

2018-10-18T08:01:01.623-04:00

ALLOWS_ADMIN_ACCESS

BUGTRAQ 20070129 [DRUPAL-SA-2007-005] Drupal 4.7.6 / 5.1 fixes arbitrary code execution issue CONFIRM http://drupal.org/node/113935 BID 22306 CONFIRM http://www.vbdrupal.org/forum/showthread.php?t=786 VUPEN ADV-2007-0406 VUPEN ADV-2007-0415 XF drupal-commentformaddpreview-code-execution(31940) The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines."

cpe:/a:michael_still:gtalkbot:1.1

CVE-2007-0627

2007-01-31T13:28:00.000-05:00

2017-07-28T21:30:18.360-04:00

4.9

LOCAL

LOW

NONE

COMPLETE

NONE

http://nvd.nist.gov MISC http://freshmeat.net/projects/gtalkbot/?branch_id=67830&release_id=245004 BID 22322 CONFIRM http://www.stillhq.com/gtalkbot/ CONFIRM http://www.stillhq.com/gtalkbot/000003.html VUPEN ADV-2007-0408 XF gtalkbot-ps-information-disclosure(31923) Michael Still gtalkbot before 1.2 places username and password arguments on the command line, which allows local users to obtain sensitive information by listing the process.

cpe:/a:sun:java_system_access_manager:6.1 cpe:/a:sun:java_system_access_manager:6.2 cpe:/a:sun:java_system_access_manager:6.3 cpe:/a:sun:java_system_access_manager:7.0

CVE-2007-0628

2007-01-31T13:28:00.000-05:00

2017-07-28T21:30:18.423-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov SECTRACK 1017570 SUNALERT 102621 BID 22302 VUPEN ADV-2007-0411 XF java-access-server-unspecified-xss(31936) Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the (1) goto or (2) gx-charset parameter. NOTE: some of these details are obtained from third party information.

cpe:/a:plain_black:webgui:7.3.8

CVE-2007-0629

2007-01-31T13:28:00.000-05:00

2017-07-28T21:30:18.487-04:00

6.4

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://sourceforge.net/project/shownotes.php?group_id=51417&release_id=481584 CONFIRM http://www.plainblack.com/getwebgui/advisories/security-defect-discovered-in-7.x-versions BID 22294 XF webgui-wwwpurgelist-security-bypass(31905) The www_purgeList method in Plain Black WebGUI before 7.3.8 does not properly check user permissions, which allows attackers to delete unauthorized assets. NOTE: some of these details are obtained from third party information.

cpe:/a:x-dev:xnews:1.3

CVE-2007-0630

2007-01-31T13:28:00.000-05:00

2011-03-07T21:50:25.813-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0395 Multiple SQL injection vulnerabilities in the generate_csv function in classes/class.news.php in X-dev xNews 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) from, and (3) q parameters, different vectors than CVE-2007-0569. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:eclectic_designs:cascadianfaq:4.1

CVE-2007-0631

2007-01-31T13:28:00.000-05:00

2017-10-18T21:30:02.143-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22314 VUPEN ADV-2007-0424 XF cascadianfaq-index-sql-injection(31968) EXPLOIT-DB 3227 SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.

cpe:/a:asp_edge:asp_edge:1.3a

CVE-2007-0632

2007-01-31T13:28:00.000-05:00

2011-03-07T21:50:26.000-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0341 SQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via a username cookie, a different vector than CVE-2007-0560.

cpe:/a:t-systems_solutions_for_research_gmbh:mynews:4.2.2

CVE-2007-0633

2007-01-31T13:28:00.000-05:00

2017-10-18T21:30:02.190-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22313 VUPEN ADV-2007-0423 XF mynews-themefunc-file-include(31971) EXPLOIT-DB 3228 PHP remote file inclusion vulnerability in include/themes/themefunc.php in MyNews 4.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter.

cpe:/o:sun:solaris:10.0::sparc

CVE-2007-0634

2007-01-31T16:28:00.000-05:00

2017-10-10T21:31:38.267-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov SECTRACK 1017574 SUNALERT 102697 CERT-VN VU#967236 BID 22323 VUPEN ADV-2007-0420 XF solaris-icmp-dos(32010) Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets.

cpe:/a:encapscms:encapscms:0.3.6

CVE-2007-0635

2007-01-31T16:28:00.000-05:00

2018-10-16T12:33:39.747-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2200 BUGTRAQ 20070130 EncapsCMS 0.3.6 (common_foot.php) Remote File Include BID 22319 VUPEN ADV-2007-0430 XF encapsms-config-file-include(31978) Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) config[path] parameter to (a) common_foot.php or (b) blogs.php, or (2) the config[theme] parameter to (c) admin/gallery_head.php.

cpe:/a:inotify:incron:0.3 cpe:/a:inotify:incron:0.3.1 cpe:/a:inotify:incron:0.3.2 cpe:/a:inotify:incron:0.3.3 cpe:/a:inotify:incron:0.3.4

CVE-2007-0636

2007-01-31T16:28:00.000-05:00

2011-03-07T21:50:26.470-05:00

2.1

LOCAL

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://inotify.aiken.cz/?section=incron&page=changelog BID 22305 VUPEN ADV-2007-0405 Unspecified vulnerability in inotify before 0.3.5 has unknown impact and attack vectors, related to "access rights to watched files."

cpe:/a:galeria_zdjec:galeria_zdjec:3.0

CVE-2007-0637

2007-01-31T16:28:00.000-05:00

2017-10-18T21:30:02.427-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22324 VUPEN ADV-2007-0425 XF galeria-zdnumer-file-include(31967) EXPLOIT-DB 3225 Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.

cpe:/a:vlad_alexa_mancini:phpfootball:1.6

CVE-2007-0638

2007-01-31T16:28:00.000-05:00

2017-10-18T21:30:02.690-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 22312 VUPEN ADV-2007-0429 XF phpfootball-show-information-disclosure(31976) EXPLOIT-DB 3226 show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers to obtain sensitive information (database contents) via a % (percent) character in the dbfieldv parameter.

cpe:/a:guppy:guppy:4.5.16

CVE-2007-0639

2007-01-31T16:28:00.000-05:00

2017-10-18T21:30:02.770-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://retrogod.altervista.org/guppy_4516_cmd.html SECTRACK 1017569 VUPEN ADV-2007-0421 XF guppy-error-code-execution(31882) EXPLOIT-DB 3221 Multiple static code injection vulnerabilities in error.php in GuppY 4.5.16 and earlier allow remote attackers to inject arbitrary PHP code into a .inc file in the data/ directory via (1) a REMOTE_ADDR cookie or (2) a cookie specifying an element of the msg array with an error number in the first dimension and 0 in the second dimension, as demonstrated by msg[999][0].

cpe:/a:zabbix:zabbix:1.1.2 cpe:/a:zabbix:zabbix:1.1.3 cpe:/a:zabbix:zabbix:1.1.4

CVE-2007-0640

2007-01-31T16:28:00.000-05:00

2017-07-28T21:30:18.923-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 22321 VUPEN ADV-2007-0416 CONFIRM http://www.zabbix.com/rn1.1.5.php XF zabbix-snmp-bo(32038) Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses."

cpe:/a:shaffer_solutions_corp:dapcnfsd.dll:0.6.4.0

CVE-2007-0641

2007-01-31T16:28:00.000-05:00

2008-11-13T01:32:32.643-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22301 MISC http://www.securityfocus.com/data/vulnerabilities/exploits/testlpc.c Buffer overflow in the EnumPrintersA function in dapcnfsd.dll 0.6.4.0 in Shaffer Solutions (SSC) DiskAccess NFS Client allows remote attackers to execute arbitrary code via a long argument, an issue similar to CVE-2006-5854 and CVE-2007-0444.

cpe:/a:rbl:tforum:2.00

CVE-2007-0642

2007-01-31T16:28:00.000-05:00

2018-10-16T12:33:40.357-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://forums.avenir-geopolitique.net/viewtopic.php?t=2607 SREASON 2201 VIM 20070131 Partial source code verify - "RBL - ASP" scripts SQL injection BUGTRAQ 20070127 RBL - ASP (scripts with db) SQL injection BUGTRAQ 20070129 RBL - ASP (scripts with db) SQL injection BID 22350 XF rbl-userpass-sql-injection(31927) SQL injection vulnerability in tForum 2.00 in the Raymond BERTHOU script collection (aka RBL - ASP) allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) pass to user_confirm.asp.

cpe:/a:bloodshed_software:dev-c%2b%2b:4.9.9.2

CVE-2007-0643

2007-01-31T16:28:00.000-05:00

2017-10-18T21:30:02.833-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BID 22315 EXPLOIT-DB 3229 Stack-based buffer overflow in Bloodshed Dev-C++ 4.9.9.2 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp file.

cpe:/a:apple:safari:2.0.4_419.3

CVE-2007-0644

2007-01-31T19:28:00.000-05:00

2008-09-05T17:18:26.333-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2007-02-01T15:05:00.000-05:00

MISC http://www.digitalmunition.com/MOAB-30-01-2007.html BID 22326 Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit functions.

cpe:/a:apple:iphoto:6.0.5

CVE-2007-0645

2007-01-31T19:28:00.000-05:00

2008-09-05T17:18:26.490-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-02-01T15:10:00.000-05:00

ALLOWS_OTHER_ACCESS

MISC http://projects.info-pull.com/moab/MOAB-30-01-2007.html MISC http://www.digitalmunition.com/MOAB-30-01-2007.html BID 22326 Format string vulnerability in iPhoto 6.0.5 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling certain Apple AppKit functions.

cpe:/a:apple:imovie:6.0.3 cpe:/a:apple:safari cpe:/o:apple:mac_os_x:10.3.9

CVE-2007-0646

2007-01-31T19:28:00.000-05:00

2011-03-07T00:00:00.000-05:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2007-02-01T15:08:00.000-05:00

CONFIRM http://docs.info.apple.com/article.html?artnum=305391 CONFIRM http://docs.info.apple.com/article.html?artnum=307041 APPLE APPLE-SA-2007-04-19 APPLE APPLE-SA-2007-11-14 MISC http://www.digitalmunition.com/MOAB-30-01-2007.html BID 22326 BID 26444 CERT TA07-109A CERT TA07-319A VUPEN ADV-2007-1470 VUPEN ADV-2007-3868 Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSRunCriticalAlertPanel Apple AppKit function.

cpe:/o:apple:mac_os_x:10.3.9

CVE-2007-0647

2007-01-31T19:28:00.000-05:00

2008-09-05T17:18:26.820-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2007-02-01T15:08:00.000-05:00

MISC http://www.digitalmunition.com/MOAB-30-01-2007.html BID 22326 Format string vulnerability in Help Viewer 3.0.0 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSBeginAlertSheet Apple AppKit function.

cpe:/o:cisco:ios:12.3%2814%29t cpe:/o:cisco:ios:12.3%2814%29t2 cpe:/o:cisco:ios:12.3%2814%29t4 cpe:/o:cisco:ios:12.3%2814%29t5 cpe:/o:cisco:ios:12.3yg cpe:/o:cisco:ios:12.3yk cpe:/o:cisco:ios:12.3ym cpe:/o:cisco:ios:12.3yq cpe:/o:cisco:ios:12.3yt cpe:/o:cisco:ios:12.3yu cpe:/o:cisco:ios:12.3yx cpe:/o:cisco:ios:12.4 cpe:/o:cisco:ios:12.4%281%29 cpe:/o:cisco:ios:12.4%281b%29 cpe:/o:cisco:ios:12.4%281c%29 cpe:/o:cisco:ios:12.4%282%29mr cpe:/o:cisco:ios:12.4%282%29mr1 cpe:/o:cisco:ios:12.4%282%29t cpe:/o:cisco:ios:12.4%282%29t1 cpe:/o:cisco:ios:12.4%282%29t2 cpe:/o:cisco:ios:12.4%282%29t3 cpe:/o:cisco:ios:12.4%282%29t4 cpe:/o:cisco:ios:12.4%282%29xa cpe:/o:cisco:ios:12.4%282%29xb cpe:/o:cisco:ios:12.4%282%29xb2 cpe:/o:cisco:ios:12.4%283%29 cpe:/o:cisco:ios:12.4%283%29t2 cpe:/o:cisco:ios:12.4%283a%29 cpe:/o:cisco:ios:12.4%283b%29 cpe:/o:cisco:ios:12.4%283d%29 cpe:/o:cisco:ios:12.4%284%29mr cpe:/o:cisco:ios:12.4%284%29t cpe:/o:cisco:ios:12.4%284%29t2 cpe:/o:cisco:ios:12.4%285%29 cpe:/o:cisco:ios:12.4%285b%29 cpe:/o:cisco:ios:12.4%286%29t cpe:/o:cisco:ios:12.4%286%29t1 cpe:/o:cisco:ios:12.4%287%29 cpe:/o:cisco:ios:12.4%287a%29 cpe:/o:cisco:ios:12.4%288%29 cpe:/o:cisco:ios:12.4%289%29t cpe:/o:cisco:ios:12.4mr cpe:/o:cisco:ios:12.4sw cpe:/o:cisco:ios:12.4t cpe:/o:cisco:ios:12.4xa cpe:/o:cisco:ios:12.4xb cpe:/o:cisco:ios:12.4xc cpe:/o:cisco:ios:12.4xd cpe:/o:cisco:ios:12.4xe cpe:/o:cisco:ios:12.4xg cpe:/o:cisco:ios:12.4xj cpe:/o:cisco:ios:12.4xp cpe:/o:cisco:ios:12.4xt

CVE-2007-0648

2007-01-31T20:28:00.000-05:00

2017-10-10T21:31:38.330-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov SECTRACK 1017575 CONFIRM http://www.cisco.com/warp/public/707/cisco-air-20070131-sip.shtml CISCO 20070131 SIP Packet Reloads IOS Devices Not Configured for SIP CERT-VN VU#438176 BID 22330 VUPEN ADV-2007-0428 XF cisco-sip-packet-dos(31990) Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP.

cpe:/a:openemr:openemr:2.8.2

CVE-2007-0649

2007-01-31T20:28:00.000-05:00

2018-10-16T12:33:41.027-04:00

4.3

NETWORK

HIGH

MULTIPLE_INSTANCES

PARTIAL

http://nvd.nist.gov VIM 20070129 [still bogus] V [mike at carstein.kill-9.pl: Re: Open Conference Systems = 2.8.2 Remote File Inclusion] (fwd) VIM 20070131 VERIFY of RFI and XSS in OpenEMR 2.8.2 (was [still bogus] V [mike at carstein.kill-9.pl: Re: Open Conference Systems = 2.8.2 Remote File Inclusion]) SREASON 2202 BUGTRAQ 20070127 Open Conference Systems = 2.8.2 Remote File Inclusion BUGTRAQ 20070127 Re: Open Conference Systems = 2.8.2 Remote File Inclusion BUGTRAQ 20070129 Fake: Open Conference Systems = 2.8.2 Remote File Inclusion BUGTRAQ 20070129 Re: Fake: Open Conference Systems = 2.8.2 Remote File Inclusion BUGTRAQ 20070128 Re: Open Conference Systems = 2.8.2 Remote File Inclusion BUGTRAQ 20070130 Re: Fake: Open Conference Systems = 2.8.2 Remote File Inclusion BID 22346 BID 22348 Variable overwrite vulnerability in interface/globals.php in OpenEMR 2.8.2 and earlier allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as conduct (a) remote file inclusion attacks via the srcdir parameter in custom/import_xml.php or (b) cross-site scripting (XSS) attacks via the rootdir parameter in interface/login/login_frame.php, via vectors associated with extract operations on the (1) POST and (2) GET superglobal arrays. NOTE: this issue was originally disputed before the extract behavior was identified in post-disclosure analysis. Also, the original report identified "Open Conference Systems," but this was an error.

cpe:/a:makeindex:makeindex:2.14

CVE-2007-0650

2007-02-01T14:28:00.000-05:00

2017-07-28T21:30:19.110-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

GENTOO GLSA-200709-17 GENTOO GLSA-200711-34 GENTOO GLSA-200805-13 MANDRIVA MDKSA-2007:109 BID 23872 VUPEN ADV-2007-1706 CONFIRM https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=225491 XF tetex-makeindex-opensty-bo(32284) CONFIRM https://issues.rpath.com/browse/RPL-1036 Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in teTeX might allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename. NOTE: other overflows exist but might not be exploitable, such as a heap-based overflow in the check_idx function.

cpe:/a:mailenable:mailenable_professional:1.0.004 cpe:/a:mailenable:mailenable_professional:1.0.005 cpe:/a:mailenable:mailenable_professional:1.0.006 cpe:/a:mailenable:mailenable_professional:1.0.007 cpe:/a:mailenable:mailenable_professional:1.0.008 cpe:/a:mailenable:mailenable_professional:1.0.009 cpe:/a:mailenable:mailenable_professional:1.0.010 cpe:/a:mailenable:mailenable_professional:1.0.011 cpe:/a:mailenable:mailenable_professional:1.0.012 cpe:/a:mailenable:mailenable_professional:1.0.013 cpe:/a:mailenable:mailenable_professional:1.0.014 cpe:/a:mailenable:mailenable_professional:1.0.015 cpe:/a:mailenable:mailenable_professional:1.0.016 cpe:/a:mailenable:mailenable_professional:1.0.017 cpe:/a:mailenable:mailenable_professional:1.1 cpe:/a:mailenable:mailenable_professional:1.2 cpe:/a:mailenable:mailenable_professional:1.2a cpe:/a:mailenable:mailenable_professional:1.5 cpe:/a:mailenable:mailenable_professional:1.6 cpe:/a:mailenable:mailenable_professional:1.7 cpe:/a:mailenable:mailenable_professional:1.12 cpe:/a:mailenable:mailenable_professional:1.13 cpe:/a:mailenable:mailenable_professional:1.14 cpe:/a:mailenable:mailenable_professional:1.15 cpe:/a:mailenable:mailenable_professional:1.16 cpe:/a:mailenable:mailenable_professional:1.17 cpe:/a:mailenable:mailenable_professional:1.18 cpe:/a:mailenable:mailenable_professional:1.19 cpe:/a:mailenable:mailenable_professional:1.51 cpe:/a:mailenable:mailenable_professional:1.52 cpe:/a:mailenable:mailenable_professional:1.53 cpe:/a:mailenable:mailenable_professional:1.54 cpe:/a:mailenable:mailenable_professional:1.72 cpe:/a:mailenable:mailenable_professional:1.73 cpe:/a:mailenable:mailenable_professional:1.82 cpe:/a:mailenable:mailenable_professional:1.83 cpe:/a:mailenable:mailenable_professional:1.84 cpe:/a:mailenable:mailenable_professional:1.101 cpe:/a:mailenable:mailenable_professional:1.102 cpe:/a:mailenable:mailenable_professional:1.103 cpe:/a:mailenable:mailenable_professional:1.104 cpe:/a:mailenable:mailenable_professional:1.105 cpe:/a:mailenable:mailenable_professional:1.106 cpe:/a:mailenable:mailenable_professional:1.107 cpe:/a:mailenable:mailenable_professional:1.108 cpe:/a:mailenable:mailenable_professional:1.109 cpe:/a:mailenable:mailenable_professional:1.110 cpe:/a:mailenable:mailenable_professional:1.111 cpe:/a:mailenable:mailenable_professional:1.112 cpe:/a:mailenable:mailenable_professional:1.113 cpe:/a:mailenable:mailenable_professional:1.114 cpe:/a:mailenable:mailenable_professional:1.115 cpe:/a:mailenable:mailenable_professional:1.116 cpe:/a:mailenable:mailenable_professional:2.0 cpe:/a:mailenable:mailenable_professional:2.1 cpe:/a:mailenable:mailenable_professional:2.2 cpe:/a:mailenable:mailenable_professional:2.32 cpe:/a:mailenable:mailenable_professional:2.33 cpe:/a:mailenable:mailenable_professional:2.34 cpe:/a:mailenable:mailenable_professional:2.35 cpe:/a:mailenable:mailenable_professional:2.351

CVE-2007-0651

2007-02-15T18:28:00.000-05:00

2018-10-16T12:33:42.200-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2258 CONFIRM http://www.mailenable.com/Professional20-ReleaseNotes.txt BUGTRAQ 20070214 Secunia Research: MailEnable Web Mail Client MultipleVulnerabilities BID 22554 VUPEN ADV-2007-0595 XF mailenable-email-messages-xss(32476) XF mailenable-id-xss(32480) Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and (c) Forms/VCF/list.asp in mewebmail/base/default/lang/EN/.

CVE-2007-0652

2007-02-15T18:28:00.000-05:00

2018-10-16T12:33:43.327-04:00

5.1

NETWORK

HIGH

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

SREASON 2258 BUGTRAQ 20070214 Secunia Research: MailEnable Web Mail Client MultipleVulnerabilities BID 22554 VUPEN ADV-2007-0595 Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag.

cpe:/a:x_multimedia_system:x_multimedia_system:1.2.10

CVE-2007-0653

2007-03-21T18:19:00.000-04:00

2018-10-16T12:33:43.887-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

DEBIAN DSA-1277 MANDRIVA MDKSA-2007:071 SUSE SUSE-SR:2007:006 BUGTRAQ 20070321 Secunia Research: XMMS Integer Overflow and UnderflowVulnerabilities BID 23078 UBUNTU USN-445-1 VUPEN ADV-2007-1057 XF xmms-skinbitmap-code-execution(33205) Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which triggers memory corruption.

cpe:/a:x_multimedia_system:x_multimedia_system:1.2.10

CVE-2007-0654

2007-03-21T18:19:00.000-04:00

2018-10-16T12:33:44.827-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

DEBIAN DSA-1277 MANDRIVA MDKSA-2007:071 SUSE SUSE-SR:2007:006 BUGTRAQ 20070321 Secunia Research: XMMS Integer Overflow and UnderflowVulnerabilities BID 23078 UBUNTU USN-445-1 VUPEN ADV-2007-1057 XF xmms-skinbitmap-bo(33203) Integer underflow in X MultiMedia System (xmms) 1.2.10 allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which results in a stack-based buffer overflow.

cpe:/a:microworld_technologies:escan:8.0671.1

CVE-2007-0655

2007-05-02T14:19:00.000-04:00

2017-07-28T21:30:19.360-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

BID 23759 SECTRACK 1018007 VUPEN ADV-2007-1609 XF escan-mwagent-security-bypass(34009) The MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan 8.0.671.1, and possibly other versions, allows remote or local attackers to gain privileges and execute arbitrary commands by connecting directly to TCP port 2222.

cpe:/a:phpbb2-modificat:phpbb2-modificat:0.1.0 cpe:/a:phpbb2-modificat:phpbb2-modificat:0.2.0

CVE-2007-0656

2007-02-01T17:28:00.000-05:00

2017-10-18T21:30:02.877-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22320 VUPEN ADV-2007-0422 XF phpbb2modificat-functions-file-include(31985) EXPLOIT-DB 3231 PHP remote file inclusion vulnerability in includes/functions.php in phpBB2-MODificat 0.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

cpe:/a:alientrap:nexuiz:2.2.2

CVE-2007-0657

2007-02-01T17:28:00.000-05:00

2017-07-28T21:30:19.453-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

CONFIRM http://www.alientrap.org/devwiki/index.php?n=Nexuiz.Patch BID 22332 VUPEN ADV-2007-0427 XF nexuiz-gamedir-information-disclosure(32040) Unspecified vulnerability in Nexuiz 2.2.2 allows remote attackers to read and overwrite arbitrary files via the gamedir command.

cpe:/a:drupal:drupal:4.7 cpe:/a:drupal:drupal:4.7.1 cpe:/a:drupal:drupal:4.7.2 cpe:/a:drupal:drupal:4.7.3 cpe:/a:drupal:drupal:4.7.4 cpe:/a:drupal:drupal:4.7.5 cpe:/a:drupal:drupal:4.7.6 cpe:/a:drupal:drupal:4.7_rev1.15 cpe:/a:drupal:drupal:5.0 cpe:/a:drupal:drupal:5.1 cpe:/a:drupal:textimage:4.7 cpe:/a:drupal:textimage:5.0

CVE-2007-0658

2007-02-01T17:28:00.000-05:00

2017-07-28T21:30:19.517-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://cvs.drupal.org/viewcvs/drupal/contributions/modules/captcha/captcha.module?r1=1.25.2.1&r2=1.25.2.2 CONFIRM http://cvs.drupal.org/viewcvs/drupal/contributions/modules/textimage/captcha.inc?r1=1.1&r2=1.1.2.1 CONFIRM http://drupal.org/node/114364 CONFIRM http://drupal.org/node/114519 BID 22329 VUPEN ADV-2007-0431 XF textimage-captcha-security-bypass(31984) XF captcha-response-security-bypass(31994) The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal and the (2) Captcha 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal allow remote attackers to bypass the CAPTCHA test via an empty captcha element in $_SESSION.

cpe:/a:modxcms:filedownload:1.7 cpe:/a:modxcms:filedownload:2.0

CVE-2007-0659

2007-02-01T17:28:00.000-05:00

2011-03-07T21:50:29.220-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

CONFIRM http://modxcms.com/forums/index.php/topic,10470.0.html CONFIRM http://www.muddydogpaws.com/Home.html BID 22327 VUPEN ADV-2007-0426 download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials.

cpe:/a:dotnetnuke:dotnetnuke_iframe:03.01.01 cpe:/a:dotnetnuke:dotnetnuke_iframe:03.02.00

CVE-2007-0660

2007-02-01T17:28:00.000-05:00

2017-07-28T21:30:19.577-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

CONFIRM http://www.dotnetnuke.com/Default.aspx?tabid=825&EntryID=1278 BID 22334 VUPEN ADV-2007-0433 XF dotnetnuke-iframe-unspecified-xss(32037) Cross-site scripting (XSS) vulnerability in the IFrame module before 03.02.01 for DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "Pass through values."

cpe:/h:intel:enterprise_southbridge_2_bmc cpe:/h:intel:enterprise_southbridge_bmc:::oem cpe:/h:intel:server_board_s5000pal cpe:/h:intel:server_board_s5000psl cpe:/h:intel:server_board_s5000vcl cpe:/h:intel:server_board_s5000vsa cpe:/h:intel:server_board_s5000xal cpe:/h:intel:server_board_s5000xvn cpe:/h:intel:server_board_sc5400ra

CVE-2007-0661

2007-02-01T17:28:00.000-05:00

2011-03-07T21:50:29.547-05:00

5.4

ADJACENT_NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://lz1.intel.com/psirt/advisory.aspx?intelid=INTEL-SA-00012&languageid=en-fr BID 22341 VUPEN ADV-2007-0432 Intel Enterprise Southbridge 2 Baseboard Management Controller (BMC), Intel Server Boards 5000XAL, S5000PAL, S5000PSL, S5000XVN, S5000VCL, S5000VSA, SC5400RA, and OEM Firmware for Intel Enterprise Southbridge Baseboard Management Controller before 20070119, when Intelligent Platform Management Interface (IPMI) is enabled, allow remote attackers to connect and issue arbitrary IPMI commands, possibly triggering a denial of service.

cpe:/a:hailboards:hailboards:1.2.0

CVE-2007-0662

2007-02-01T17:28:00.000-05:00

2017-10-18T21:30:02.927-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22333 VUPEN ADV-2007-0450 XF hailboards-usercpviewprofile-file-include(31997) EXPLOIT-DB 3236 PHP remote file inclusion vulnerability in includes/usercp_viewprofile.php in Hailboards 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

cpe:/a:eclectic_designs:cascadianfaq:4.0 cpe:/a:eclectic_designs:cascadianfaq:4.1

CVE-2007-0663

2007-02-01T17:28:00.000-05:00

2011-03-07T21:50:29.783-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0424 SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the qid parameter, a different vector than CVE-2007-0631. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:acme_labs:thttpd:2.24

CVE-2007-0664

2007-02-02T16:28:00.000-05:00

2008-11-15T01:41:25.063-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov MISC http://bugs.gentoo.org/show_bug.cgi?id=142047 GENTOO GLSA-200701-28 BID 22349 thttpd before 2.25b-r6 in Gentoo Linux is started from the system root directory (/) by the Gentoo baselayout 1.12.6 package, which allows remote attackers to read arbitrary files.

cpe:/a:ipswitch:ws_ftp_pro:2007

CVE-2007-0665

2007-02-02T16:28:00.000-05:00

2018-10-16T12:33:45.683-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

BUGTRAQ 20070126 WS_FTP 2007 Professional SCP handling format string vulnerability BID 22275 XF wsftp-scphandler-format-string(31865) Format string vulnerability in the SCP module in Ipswitch WS_FTP 2007 Professional might allow remote attackers to execute arbitrary commands via format string specifiers in the filename, related to the SHELL WS_FTP script command.

cpe:/a:ipswitch:ws_ftp_server:5.04

CVE-2007-0666

2007-02-02T16:28:00.000-05:00

2018-10-16T12:33:45.980-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

BUGTRAQ 20070201 Ipswitch WS_FTP Server 5.04 multiple arbitrary code execution vulnerabilities BUGTRAQ 20070202 Re: Ipswitch WS_FTP Server 5.04 multiple arbitrary code execution vulnerabilities BUGTRAQ 20070202 Re[2]: Ipswitch WS_FTP Server 5.04 multiple arbitrary code execution vulnerabilities BUGTRAQ 20070202 Re: Re: Ipswitch WS_FTP Server 5.04 multiple arbitrary code execution vulnerabilities XF wsftp-iftpaddu-privilege-escalation(32176) Ipswitch WS_FTP Server 5.04 allows FTP site administrators to execute arbitrary code on the system via a long input string to the (1) iFTPAddU or (2) iFTPAddH file, or to a (3) edition module.

cpe:/a:ledgersmb:ledgersmb:1.1.1 cpe:/a:sql-ledger:sql-ledger:2.4.7 cpe:/a:sql-ledger:sql-ledger:2.6.17 cpe:/a:sql-ledger:sql-ledger:2.6.18 cpe:/a:sql-ledger:sql-ledger:2.6.19 cpe:/a:sql-ledger:sql-ledger:2.6.21 cpe:/a:sql-ledger:sql-ledger:2.6.25

CVE-2007-0667

2007-02-02T16:28:00.000-05:00

2018-10-16T12:33:46.623-04:00

6.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2217 BUGTRAQ 20070127 Arbitrary Code Execution in SQL-Ledger and LedgerSMB through redirects BUGTRAQ 20070206 Unofficial SQL-Ledger patch for CVE-2007-0667 BID 22295 VUPEN ADV-2007-0407 The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2) SQL-Ledger allows remote authenticated users to execute arbitrary code via redirects, related to callbacks, a different issue than CVE-2006-5872.

cpe:/o:sun:solaris:10.0::sparc

CVE-2007-0668

2007-02-02T16:28:00.000-05:00

2017-10-10T21:31:38.407-04:00

6.2

LOCAL

LOW

SINGLE_INSTANCE

NONE

COMPLETE

http://nvd.nist.gov SECTRACK 1017582 SUNALERT 102699 BID 22364 VUPEN ADV-2007-0462 XF solaris-loopbackfs-dos(32140) The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local users in a non-global zone to move and rename files in a read-only filesystem, which could lead to a denial of service.

cpe:/a:twiki:twiki:4.0.0 cpe:/a:twiki:twiki:4.0.1 cpe:/a:twiki:twiki:4.0.2 cpe:/a:twiki:twiki:4.0.3 cpe:/a:twiki:twiki:4.0.4 cpe:/a:twiki:twiki:4.0.5 cpe:/a:twiki:twiki:4.1.0

CVE-2007-0669

2007-02-08T17:28:00.000-05:00

2017-07-28T21:30:19.860-04:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VULNWATCH 20070208 TWiki Security Alert: Arbitrary code execution in session files (CVE-2007-0669) CONFIRM http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2007-0669 CERT-VN VU#584436 OPENPKG OpenPKG-SA-2007.009 BID 22378 VUPEN ADV-2007-0544 XF twiki-cgisession-code-execution(32389) Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows local users to execute arbitrary Perl code via unknown vectors related to CGI session files.

cpe:/o:ibm:aix:5.2 cpe:/o:ibm:aix:5.3

CVE-2007-0670

2007-02-02T19:28:00.000-05:00

2017-07-28T21:30:19.923-04:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

CONFIRM ftp://aix.software.ibm.com/aix/efixes/security/README SECTRACK 1017583 SECTRACK 1017607 BID 22370 BID 22456 VUPEN ADV-2007-0471 AIXAPAR IY94301 AIXAPAR IY94368 XF aix-rdist-bo(32184) Buffer overflow in bos.rte.libc in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via the "r-commands", possibly including (1) rdist, (2) rsh, (3) rcp, (4) rsync, and (5) rlogin.

cpe:/a:microsoft:access:2000 cpe:/a:microsoft:access:2002 cpe:/a:microsoft:access:2003 cpe:/a:microsoft:excel:2000 cpe:/a:microsoft:excel:2002 cpe:/a:microsoft:excel:2003 cpe:/a:microsoft:excel:2004::mac cpe:/a:microsoft:excel_viewer:2003 cpe:/a:microsoft:frontpage:2000 cpe:/a:microsoft:frontpage:2002 cpe:/a:microsoft:frontpage:2003 cpe:/a:microsoft:infopath:2003 cpe:/a:microsoft:office:2000:sp3 cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:office:2004::mac cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:onenote:2003 cpe:/a:microsoft:outlook:2000 cpe:/a:microsoft:outlook:2002 cpe:/a:microsoft:outlook:2003 cpe:/a:microsoft:powerpoint:2000 cpe:/a:microsoft:powerpoint:2002 cpe:/a:microsoft:powerpoint:2003 cpe:/a:microsoft:powerpoint:2004::mac cpe:/a:microsoft:project:2000:sr1 cpe:/a:microsoft:project:2002:sp1 cpe:/a:microsoft:project:2003 cpe:/a:microsoft:publisher:2000 cpe:/a:microsoft:publisher:2002 cpe:/a:microsoft:publisher:2003 cpe:/a:microsoft:visio:2002:sp2 cpe:/a:microsoft:visio:2003 cpe:/a:microsoft:word:2000 cpe:/a:microsoft:word:2002 cpe:/a:microsoft:word:2003 cpe:/a:microsoft:word_viewer:2003

CVE-2007-0671

2007-02-02T20:28:00.000-05:00

2018-10-12T17:42:45.297-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SECTRACK 1017584 MISC http://vil.nai.com/vil/content/v_141393.htm MISC http://www.avertlabs.com/research/blog/?p=191 CERT-VN VU#613740 CONFIRM http://www.microsoft.com/technet/security/advisory/932553.mspx BID 22383 CERT TA07-044A VUPEN ADV-2007-0463 MS MS07-015 XF office-unspecified-code-execution(32178) Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.

cpe:/a:ca:brightstor_arcserve_backup_laptops_desktops:11.0 cpe:/a:ca:brightstor_arcserve_backup_laptops_desktops:11.1 cpe:/a:ca:brightstor_arcserve_backup_laptops_desktops:11.1:sp1 cpe:/a:ca:business_protection_suite:2.0 cpe:/a:ca:business_protection_suite:2.0::microsoft_sbs_premium cpe:/a:ca:business_protection_suite:2.0::microsoft_sbs_standard cpe:/a:ca:desktop_management_suite:11.0 cpe:/a:ca:desktop_management_suite:11.1 cpe:/a:ca:desktop_protection_suite:2.0

CVE-2007-0672

2007-02-02T20:28:00.000-05:00

2018-10-16T12:33:46.980-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/babldimpsec-notice.asp BUGTRAQ 20070131 Remote Unauthenticated Resource Exhaustion CA Mobile BackupService BID 22339 LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers to cause a denial of service (disk consumption and daemon hang) via a value of 0xFFFFFF7F at a certain point in an authentication negotiation packet, which writes a large amount of data to a .USX file in CA_BABLDdata\Server\data\transfer\.

cpe:/a:ca:brightstor_arcserve_backup_laptops_desktops:11.0 cpe:/a:ca:brightstor_arcserve_backup_laptops_desktops:11.1 cpe:/a:ca:brightstor_arcserve_backup_laptops_desktops:11.1:sp1 cpe:/a:ca:business_protection_suite:2.0 cpe:/a:ca:business_protection_suite:2.0::microsoft_sbs_premium cpe:/a:ca:business_protection_suite:2.0::microsoft_sbs_standard cpe:/a:ca:desktop_management_suite:11.0 cpe:/a:ca:desktop_management_suite:11.1 cpe:/a:ca:desktop_protection_suite:2.0

CVE-2007-0673

2007-02-02T20:28:00.000-05:00

2018-10-16T12:33:47.200-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov SREASON 2218 CONFIRM http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/babldimpsec-notice.asp BUGTRAQ 20070131 Remote DOS BrightStor ARCserve Backup for Laptops & Desktops BID 22337 LGSERVER.EXE in BrightStor ARCserve Backup for Laptops & Desktops r11.1 allows remote attackers to cause a denial of service (daemon crash) via a value of 0xFFFFFFFF at a certain point in an authentication negotiation packet, which results in an out-of-bounds read.

cpe:/o:microsoft:windows_mobile cpe:/o:microsoft:windows_mobile:5.0 cpe:/o:microsoft:windows_mobile:2003 cpe:/o:microsoft:windows_mobile:2003_se

CVE-2007-0674

2007-02-02T20:28:00.000-05:00

2017-07-28T21:30:20.047-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov MISC http://blog.trendmicro.com/trend-micro-finds-more-windows-mobile-flaws/ BID 22343 VUPEN ADV-2007-0434 XF picturesvideos-jpeg-dos(32002) Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows user-assisted remote attackers to cause a denial of service (device hang) via a malformed JPEG file.

cpe:/o:microsoft:windows_vista:::32_bit

CVE-2007-0675

2007-02-02T20:28:00.000-05:00

2018-10-12T17:42:46.720-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

MISC http://blogs.technet.com/msrc/archive/2007/01/31/issue-regarding-windows-vista-speech-recognition.aspx MLIST [dailydave] 20070130 Vista speach recognition MLIST [dailydave] 20070130 Vista speach recognition MLIST [dailydave] 20070130 Vista speach recognition MLIST [dailydave] 20070131 Vista speach recognition HP HPSBST02344 BID 22359 SECTRACK 1020232 CERT TA08-162B VUPEN ADV-2008-1779 MS MS08-032 A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer.

cpe:/a:exo:exophpdesk:1.2 cpe:/a:exo:exophpdesk:1.2.1

CVE-2007-0676

2007-02-02T20:28:00.000-05:00

2017-10-18T21:30:02.987-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22338 VUPEN ADV-2007-0452 XF exophpdesk-faq-sql-injection(31998) EXPLOIT-DB 3234 SQL injection vulnerability in faq.php in ExoPHPDesk 1.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

cpe:/a:cronosys:cadre_php_framework:22020724

CVE-2007-0677

2007-02-02T20:28:00.000-05:00

2018-10-16T12:33:47.513-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://echo.or.id/adv/adv63-y3dips-2007.txt SREASON 2215 BUGTRAQ 20070131 [ECHO_ADV_63$2007] Cadre remote file inclusion BID 22336 VUPEN ADV-2007-0449 XF cadre-classquickconfigbrowser-file-include(32005) EXPLOIT-DB 3237 PHP remote file inclusion vulnerability in fw/class.Quick_Config_Browser.php in Cadre PHP Framework 20020724 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][framework_path] parameter.

cpe:/a:fullaspsite:asp_hosting_site

CVE-2007-0678

2007-02-02T20:28:00.000-05:00

2017-10-18T21:30:03.113-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22347 VUPEN ADV-2007-0453 XF fullaspsite-windows-sql-injection(32020) EXPLOIT-DB 3233 SQL injection vulnerability in windows.asp in Fullaspsite Asp Hosting Sitesi allows remote attackers to execute arbitrary SQL commands via the kategori_id parameter.

cpe:/a:nicolas_grandjean:phpmyring:4.1.0b cpe:/a:nicolas_grandjean:phpmyring:4.1.1b cpe:/a:nicolas_grandjean:phpmyring:4.1.2b cpe:/a:nicolas_grandjean:phpmyring:4.1.3b

CVE-2007-0679

2007-02-02T20:28:00.000-05:00

2017-10-18T21:30:03.177-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22345 VUPEN ADV-2007-0448 XF phpmyring-leslangues-file-include(32033) EXPLOIT-DB 3238 PHP remote file inclusion vulnerability in lang/leslangues.php in Nicolas Grandjean PHPMyRing 4.1.3b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fichier parameter.

cpe:/a:phpbb_tweaked:phpbb_tweaked:1 cpe:/a:phpbb_tweaked:phpbb_tweaked:3

CVE-2007-0680

2007-02-02T20:28:00.000-05:00

2017-10-18T21:30:03.223-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22344 VUPEN ADV-2007-0451 MISC http://www.xoron.info/bugs/phpbbtweaked.txt XF phpbbtweaked-functions-file-include(32024) EXPLOIT-DB 3235 PHP remote file inclusion vulnerability in includes/functions.php in Phpbb Tweaked 3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

cpe:/a:extcalendar:extcalendar:2

CVE-2007-0681

2007-02-02T20:28:00.000-05:00

2017-10-18T21:30:03.300-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

XF extcalendar-profile-security-bypass(32035) EXPLOIT-DB 3239 profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to register.php.

cpe:/a:jv2:folder_gallery:3.0.2

CVE-2007-0682

2007-02-02T20:28:00.000-05:00

2017-10-18T21:30:03.363-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22354 VUPEN ADV-2007-0447 XF jv2gallery-template-file-include(32043) EXPLOIT-DB 3240 PHP remote file inclusion vulnerability in theme/include_mode/template.php in JV2 Folder Gallery 3.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the galleryfilesdir parameter.

cpe:/a:omegaboard_project:omegaboard:1.0:beta1 cpe:/a:omegaboard_project:omegaboard:1.0:beta2 cpe:/a:omegaboard_project:omegaboard:1.0:beta3 cpe:/a:omegaboard_project:omegaboard:1.0:beta4

CVE-2007-0683

2007-02-02T20:28:00.000-05:00

2018-11-29T10:45:54.473-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2018-11-19T11:09:14.727-05:00

ALLOWS_OTHER_ACCESS

FULLDISC 20070201 Omegaboard v1.0b4 (phpbb_root_path) Remote File Include Exploit BUGTRAQ 20070201 Omegaboard v1.0b4 (phpbb_root_path) Remote File Include Exploit BID 22355 XF omegaboard-functions-file-include(32057) EXPLOIT-DB 3242 PHP remote file inclusion vulnerability in includes/functions.php in Omegaboard 1.0beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

cpe:/a:cerulean_portal_system:cerulean_portal_system:0.7b

CVE-2007-0684

2007-02-02T20:28:00.000-05:00

2018-10-16T12:33:48.700-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070201 Cerulean Portal System (phpbb_root_path) Remote File Include Exploit BID 22356 VUPEN ADV-2007-0444 MISC http://www.xoron.info/bugs/ceruleanportalsystem-html.txt MISC http://www.xoron.info/bugs/ceruleanportalsystem-perl.txt XF cerulean-portal-file-include(32058) EXPLOIT-DB 3243 PHP remote file inclusion vulnerability in portal.php in Cerulean Portal System 0.7b allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

cpe:/o:microsoft:windows_mobile cpe:/o:microsoft:windows_mobile:5.0 cpe:/o:microsoft:windows_mobile:2003 cpe:/o:microsoft:windows_mobile:2003_se

CVE-2007-0685

2007-02-02T20:28:00.000-05:00

2017-07-28T21:30:20.593-04:00

2.6

NETWORK

HIGH

NONE

PARTIAL

http://nvd.nist.gov MISC http://blog.trendmicro.com/trend-micro-finds-more-windows-mobile-flaws/ BID 22343 VUPEN ADV-2007-0434 XF ie-mobile-unspecified-dos(32001) Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows attackers to cause a denial of service (application crash and device instability) via unspecified vectors, possibly related to a buffer overflow.

cpe:/a:intel:2200bg_proset_wireless:9.0.3.9

CVE-2007-0686

2007-02-02T20:28:00.000-05:00

2017-10-18T21:30:03.567-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov EXPLOIT-DB 3224 The Intel 2200BG 802.11 Wireless Mini-PCI driver 9.0.3.9 (w29n51.sys) allows remote attackers to cause a denial of service (system crash) via crafted disassociation packets, which triggers memory corruption of "internal kernel structures," a different vulnerability than CVE-2006-6651. NOTE: this issue might overlap CVE-2006-3992.

cpe:/a:michelle:l2j_dropcalc:4

CVE-2007-0687

2007-02-02T20:28:00.000-05:00

2017-10-18T21:30:03.627-04:00

6.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22335 XF l2j-isearch-sql-injection(32003) EXPLOIT-DB 3232 SQL injection vulnerability in i-search.php in Michelle's L2J Dropcalc 4 and earlier allows remote authenticated users to execute arbitrary SQL commands via the itemid parameter.

cpe:/a:hunkaray_duyuru:scripti

CVE-2007-0688

2007-02-02T20:28:00.000-05:00

2018-10-16T12:33:49.183-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070607 Hünkaray Duyuru Script Remote SQL İnjection BID 24367 VUPEN ADV-2007-0446 XF hds-oku-sql-injection(32042) EXPLOIT-DB 3241 SQL injection vulnerability in oku.asp in Hunkaray Duyuru Scripti allows remote attackers to execute arbitrary SQL commands via the id parameter.

cpe:/a:mybb:mybb:1.2.4

CVE-2007-0689

2007-05-14T17:19:00.000-04:00

2018-10-16T12:33:49.700-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov FULLDISC 20070513 MyBB version 1.2.4 Multiple Path Disclosure Vulnerabilities MISC http://www.netvigilance.com/advisory0017 BUGTRAQ 20070513 MyBB version 1.2.4 Multiple Path Disclosure Vulnerabilities XF mybb-eventmembercaptcha-info-disclosure(34336) MyBB 1.2.4 allows remote attackers to obtain sensitive information via the (1) action[] parameter to member.php, (2) imagehash[] parameter to captcha.php, and (3) a direct request to inc/datahandlers/event.php, which reveal the installation path in the resulting error message.

cpe:/a:myevent:myevent:1.6

CVE-2007-0690

2007-05-30T16:30:00.000-04:00

2018-10-16T12:33:50.153-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2744 BUGTRAQ 20070528 myEvent version 1.6 Multiple Path Disclosure Vulnerabilities XF myevent-myevent-login-path-disclosure(34542) myEvent 1.6 allows remote attackers to obtain sensitive information via (1) a Log In action without a password to login.php, or an invalid (2) view[] or (3) monthno[] parameter to myevent.php, which reveals the path in various error messages.

CVE-2007-0691

2007-05-08T06:19:00.000-04:00

2008-09-10T20:49:51.633-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-2066. Reason: This candidate is a duplicate of CVE-2007-2066. Notes: All CVE users should reference CVE-2007-2066 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

cpe:/a:dgnews:dgnews:2.1

CVE-2007-0692

2007-05-30T16:30:00.000-04:00

2018-10-16T12:33:50.577-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2741 BUGTRAQ 20070528 DGNews version 2.1 Path Disclosure Vulnerability XF dgnews-news-path-disclosure(34540) DGNews 2.1 allows remote attackers to obtain sensitive information via a fullnews request to news.php with an invalid newsid parameter, and other unspecified vectors, which reveal the path in various error messages.

cpe:/a:dian_gemilang:dgnews:1.5.1 cpe:/a:dian_gemilang:dgnews:2.1

CVE-2007-0693

2007-05-30T16:30:00.000-04:00

2018-10-16T12:33:50.933-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2740 BUGTRAQ 20070528 DGNews version 2.1 SQL Injection Vulnerability BID 24201 VUPEN ADV-2007-1981 XF dgnews-news-sql-injection(34539) SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newslist action. NOTE: this issue can produce resultant cross-site scripting (XSS).

cpe:/a:dian_gemilang:dgnews:2.1

CVE-2007-0694

2007-05-30T16:30:00.000-04:00

2018-10-16T12:33:51.450-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2739 BUGTRAQ 20070528 DGNews version 2.1 XSS Attack Vulnerability BID 24200 VUPEN ADV-2007-1981 XF dgnews-footer-xss(34537) Cross-site scripting (XSS) vulnerability in footer.php in DGNews 2.1 allows remote attackers to inject arbitrary web script or HTML via the copyright parameter.

cpe:/a:free_lan_intra_internet_portal:free_lan_intra_internet_portal:0.9.0.730 cpe:/a:free_lan_intra_internet_portal:free_lan_intra_internet_portal:0.9.0.1029 cpe:/a:free_lan_intra_internet_portal:free_lan_intra_internet_portal:1.0_rc1 cpe:/a:free_lan_intra_internet_portal:free_lan_intra_internet_portal:1.0_rc2

CVE-2007-0695

2007-02-03T17:28:00.000-05:00

2017-07-28T21:30:21.077-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

CONFIRM http://sourceforge.net/project/shownotes.php?release_id=481131&group_id=98260 VIM 20070203 FLIP SQL injection clarification VUPEN ADV-2007-0454 XF flip-multiple-sql-injection(31902) Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some sources mention the escape_sqlData, implode_sql, and implode_sqlIn functions, but these are protection schemes, not the vulnerable functions.

CVE-2007-0696

2007-02-03T17:28:00.000-05:00

2017-07-28T21:30:21.127-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

CONFIRM http://sourceforge.net/project/shownotes.php?release_id=481131&group_id=98260 VUPEN ADV-2007-0454 XF flip-triggererrortext-xss(31900) Cross-site scripting (XSS) vulnerability in error messages in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, different vectors than CVE-2007-0611.

cpe:/a:mentiss_acgv:acgvannu:1.3

CVE-2007-0697

2007-02-03T17:28:00.000-05:00

2017-10-18T21:30:03.753-04:00

6.4

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov BID 22279 VUPEN ADV-2007-0388 XF acgv-modif-security-bypass(31893) EXPLOIT-DB 3208 index2.php in ACGVannu 1.3 and earlier allows remote attackers to change the password or profile of a user via a modified id parameter, related to templates/modif.html. NOTE: some of these details are obtained from third party information.

cpe:/a:mentiss_acgv:acgvannu:1.3

CVE-2007-0698

2007-02-03T17:28:00.000-05:00

2017-07-28T21:30:21.237-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0388 XF acgv-modif-sql-injection(32257) Multiple SQL injection vulnerabilities in ACGVannu 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the id_mod parameter to templates/modif.html, and other unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:portail_web_php:portail_web_php:0.99 cpe:/a:portail_web_php:portail_web_php:2.5.1

CVE-2007-0699

2007-02-03T19:28:00.000-05:00

2018-10-16T12:33:51.967-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2223 CONFIRM http://sourceforge.net/project/shownotes.php?release_id=480538&group_id=178400 VIM 20070201 Fwd: php web portail [remote file include & local file include] BUGTRAQ 20070201 php web portail [remote file include & local file include] BID 22361 VUPEN ADV-2007-0457 XF portailwebphp-includes-file-include(32121) PHP remote file inclusion vulnerability in includes/includes.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) before 2.5.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter.

cpe:/a:portail_web_php:portail_web_php:2.5.1.1

CVE-2007-0700

2007-02-03T19:28:00.000-05:00

2018-10-16T12:33:52.497-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov VIM 20070201 Fwd: php web portail [remote file include & local file include] VIM 20070202 Local File Inclusion inconclusive in PwP (was Fwd: php web portail [remote file include & local fileinclude]) VIM 20070202 Local File Inclusion inconclusive in PwP (was Fwd: php web portail [remote file include & local fileinclude]) BUGTRAQ 20070201 php web portail [remote file include & local file include] BID 22361 BID 27962 XF portailwebphp-index-file-include(32115) EXPLOIT-DB 5182 Directory traversal vulnerability in index.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this issue was later reported for 2.5.1.1.

cpe:/a:epistemon:epistemon:1.0

CVE-2007-0701

2007-02-03T19:28:00.000-05:00

2017-10-18T21:30:03.817-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VIM 20070201 true: Epistemon 1.0 <= Remote File Include Vulnerability BID 22360 VUPEN ADV-2007-0459 EXPLOIT-DB 3247 PHP remote file inclusion vulnerability in inc/common.inc.php in Epistemon 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter.

cpe:/a:phpeventman:phpeventman:1.0.2

CVE-2007-0702

2007-02-03T19:28:00.000-05:00

2017-10-18T21:30:03.877-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VIM 20070201 true: phpEventMan RFI Vuln. BID 22358 VUPEN ADV-2007-0460 EXPLOIT-DB 3246 Multiple PHP remote file inclusion vulnerabilities in phpEventMan 1.0.2 allow remote attackers to execute arbitrary PHP code via a URL in the level parameter to (1) Shared/controller/text.ctrl.php or (2) UserMan/controller/common.function.php.

cpe:/a:webbuilder:webbuilder:2.0

CVE-2007-0703

2007-02-03T19:28:00.000-05:00

2017-10-18T21:30:03.940-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VIM 20070201 true: WebBuilder <= 2.0 Remote File Include Vulnerability VUPEN ADV-2007-0458 EXPLOIT-DB 3249 PHP remote file inclusion vulnerability in library/StageLoader.php in WebBuilder 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[core][module_path] parameter.

cpe:/a:somery:somery:0.4.6

CVE-2007-0704

2007-02-03T19:28:00.000-05:00

2017-10-18T21:30:04.083-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VIM 20070201 True: Somery 0.4.6 (skindir install.php) Remote file include EXPLOIT-DB 2329 PHP remote file inclusion vulnerability in install.php in Somery 0.4.6 allows remote attackers to execute arbitrary PHP code via a URL in the skindir parameter, a different vector than CVE-2006-4669. NOTE: the documentation says to remove install.php after installation.

cpe:/a:fenrir:portable_sleipnir:2.45 cpe:/a:fenrir:sleipnir:2.49

CVE-2007-0705

2007-02-03T19:28:00.000-05:00

2011-03-07T21:50:34.923-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

JVN JVN#93700808 MISC http://www.fenrir.co.jp/press/20070126_2.html MISC http://www.ipa.go.jp/security/vuln/documents/2006/JVN_93700808.html VUPEN ADV-2007-0364 Cross-zone scripting vulnerability in Sleipnir 2.49 and earlier, and Portable Sleipnir 2.45 and earlier, allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data. NOTE: some of these details are obtained from third party information.

cpe:/a:fenrir:darksky_rss_bar:1.28_release3::internet_explorer cpe:/a:fenrir:darksky_rss_bar:1.28_release3::sleipnir cpe:/a:fenrir:darksky_rss_bar:1.28_release3::undonut

CVE-2007-0706

2007-02-03T19:28:00.000-05:00

2011-03-07T21:50:35.033-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

JVN JVN#93700808 MISC http://www.fenrir.co.jp/press/20070126_2.html VUPEN ADV-2007-0365 Cross-zone scripting vulnerability in Darksky RSS bar for Internet Explorer before 1.29, RSS bar for Sleipnir before 1.29, and RSS bar for unDonut before 1.29 allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data. NOTE: some of these details are obtained from third party information.

cpe:/a:gom_player:gom_player:2.0.12.3375

CVE-2007-0707

2007-02-03T19:28:00.000-05:00

2017-07-28T21:30:21.407-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

MISC http://www.gomplayer.com/forum/viewtopic.html?t=221 XF gomplayer-asx-bo(32164) Stack-based buffer overflow in GOM Player 2.0.12.3375 allows user-assisted remote attackers to execute arbitrary code via a .ASX file with a long URI in the "ref href" tag. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:comodo:comodo_firewall_pro:2.4.16.174

CVE-2007-0708

2007-02-03T19:28:00.000-05:00

2018-10-16T12:33:53.137-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov SECTRACK 1017580 MISC http://www.matousec.com/info/advisories/Comodo-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php BUGTRAQ 20070201 Comodo Multiple insufficient argument validation of hooked SSDT function Vulnerability BID 22357 XF comodofirewallpro-cmdmon-dos(32059) cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) before 2.4.16.174 does not validate arguments that originate in user mode for the (1) NtConnectPort and (2) NtCreatePort hooked SSDT functions, which allows local users to cause a denial of service (system crash) and possibly gain privileges via invalid arguments.

cpe:/a:comodo:comodo_firewall_pro:2.4.16.174

CVE-2007-0709

2007-02-03T19:28:00.000-05:00

2018-10-16T12:33:53.527-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov SECTRACK 1017580 MISC http://www.matousec.com/info/advisories/Comodo-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php BUGTRAQ 20070201 Comodo Multiple insufficient argument validation of hooked SSDT function Vulnerability BID 22357 XF comodofirewallpro-cmdmon-dos(32059) cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.16.174 and earlier does not validate arguments that originate in user mode for the (1) NtCreateSection, (2) NtOpenProcess, (3) NtOpenSection, (4) NtOpenThread, and (5) NtSetValueKey hooked SSDT functions, which allows local users to cause a denial of service (system crash) and possibly gain privileges via invalid arguments.

cpe:/a:apple:ichat

CVE-2007-0710

2007-02-16T14:28:00.000-05:00

2008-09-05T17:18:36.677-04:00

2.1

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-02-20T11:37:00.000-05:00

CONFIRM http://docs.info.apple.com/article.html?artnum=305102 APPLE APPLE-SA-2007-02-15 CERT-VN VU#836024 BID 22304 SECTRACK 1017661 The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows remote attackers to cause a denial of service (persistent application crash) via unspecified vectors, possibly related to CVE-2007-0614.

cpe:/a:apple:quicktime:3.0 cpe:/a:apple:quicktime:4.1.2:-:windows cpe:/a:apple:quicktime:5.0.1:-:windows cpe:/a:apple:quicktime:5.0.2:-:windows cpe:/a:apple:quicktime:6.0:-:windows cpe:/a:apple:quicktime:6.0.0:-:windows cpe:/a:apple:quicktime:6.0.1:-:windows cpe:/a:apple:quicktime:6.0.2:-:windows cpe:/a:apple:quicktime:6.1.0:-:windows cpe:/a:apple:quicktime:6.1.1:-:windows cpe:/a:apple:quicktime:6.2.0:-:windows cpe:/a:apple:quicktime:6.3.0:-:windows cpe:/a:apple:quicktime:6.4.0:-:windows cpe:/a:apple:quicktime:6.5.0:-:windows cpe:/a:apple:quicktime:6.5.1:-:windows cpe:/a:apple:quicktime:6.5.2:-:windows cpe:/a:apple:quicktime:7.0:-:windows cpe:/a:apple:quicktime:7.0.0:-:windows cpe:/a:apple:quicktime:7.0.1:-:windows cpe:/a:apple:quicktime:7.0.2:-:windows cpe:/a:apple:quicktime:7.0.3:-:windows cpe:/a:apple:quicktime:7.0.4:-:windows cpe:/a:apple:quicktime:7.1.0:-:windows cpe:/a:apple:quicktime:7.1.1:-:windows cpe:/a:apple:quicktime:7.1.2:-:windows cpe:/a:apple:quicktime:7.1.3:-:windows cpe:/a:apple:quicktime:7.1.4:-:windows

CVE-2007-0711

2007-03-05T17:19:00.000-05:00

2018-10-30T12:25:17.370-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://docs.info.apple.com/article.html?artnum=305149 APPLE APPLE-SA-2007-03-05 CERT-VN VU#568689 BID 22827 SECTRACK 1017725 CERT TA07-065A VUPEN ADV-2007-0825 XF quicktime-3gpvideo-overflow(32814) Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP video file.

cpe:/a:apple:quicktime:3.0 cpe:/a:apple:quicktime:4.1.2:-:mac cpe:/a:apple:quicktime:4.1.2:-:windows cpe:/a:apple:quicktime:5.0.1:-:mac cpe:/a:apple:quicktime:5.0.1:-:windows cpe:/a:apple:quicktime:5.0.2:-:mac cpe:/a:apple:quicktime:5.0.2:-:windows cpe:/a:apple:quicktime:6.0:-:windows cpe:/a:apple:quicktime:6.0.0:-:mac cpe:/a:apple:quicktime:6.0.0:-:windows cpe:/a:apple:quicktime:6.0.1:-:mac cpe:/a:apple:quicktime:6.0.1:-:windows cpe:/a:apple:quicktime:6.0.2:-:mac cpe:/a:apple:quicktime:6.0.2:-:windows cpe:/a:apple:quicktime:6.1.0:-:mac cpe:/a:apple:quicktime:6.1.0:-:windows cpe:/a:apple:quicktime:6.1.1:-:mac cpe:/a:apple:quicktime:6.1.1:-:windows cpe:/a:apple:quicktime:6.2.0:-:mac cpe:/a:apple:quicktime:6.2.0:-:windows cpe:/a:apple:quicktime:6.3.0:-:mac cpe:/a:apple:quicktime:6.3.0:-:windows cpe:/a:apple:quicktime:6.4.0:-:mac cpe:/a:apple:quicktime:6.4.0:-:windows cpe:/a:apple:quicktime:6.5.0:-:mac cpe:/a:apple:quicktime:6.5.0:-:windows cpe:/a:apple:quicktime:6.5.1:-:mac cpe:/a:apple:quicktime:6.5.1:-:windows cpe:/a:apple:quicktime:6.5.2:-:mac cpe:/a:apple:quicktime:6.5.2:-:windows cpe:/a:apple:quicktime:7.0:-:windows cpe:/a:apple:quicktime:7.0.0:-:mac cpe:/a:apple:quicktime:7.0.0:-:windows cpe:/a:apple:quicktime:7.0.1:-:mac cpe:/a:apple:quicktime:7.0.1:-:windows cpe:/a:apple:quicktime:7.0.2:-:mac cpe:/a:apple:quicktime:7.0.2:-:windows cpe:/a:apple:quicktime:7.0.3:-:mac cpe:/a:apple:quicktime:7.0.3:-:windows cpe:/a:apple:quicktime:7.0.4:-:mac cpe:/a:apple:quicktime:7.0.4:-:windows cpe:/a:apple:quicktime:7.1.0:-:mac cpe:/a:apple:quicktime:7.1.0:-:windows cpe:/a:apple:quicktime:7.1.1:-:mac cpe:/a:apple:quicktime:7.1.1:-:windows cpe:/a:apple:quicktime:7.1.2:-:mac cpe:/a:apple:quicktime:7.1.2:-:windows cpe:/a:apple:quicktime:7.1.3:-:mac cpe:/a:apple:quicktime:7.1.3:-:windows cpe:/a:apple:quicktime:7.1.4:-:mac cpe:/a:apple:quicktime:7.1.4:-:windows

CVE-2007-0712

2007-03-05T17:19:00.000-05:00

2018-10-30T12:25:17.370-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://docs.info.apple.com/article.html?artnum=305149 APPLE APPLE-SA-2007-03-05 CERT-VN VU#822481 BID 22827 SECTRACK 1017725 CERT TA07-065A VUPEN ADV-2007-0825 XF quicktime-midi-files-bo(32816) Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MIDI file.

cpe:/a:apple:quicktime:7.0 cpe:/a:apple:quicktime:7.0.1 cpe:/a:apple:quicktime:7.0.2 cpe:/a:apple:quicktime:7.0.3 cpe:/a:apple:quicktime:7.0.4 cpe:/a:apple:quicktime:7.1 cpe:/a:apple:quicktime:7.1.1 cpe:/a:apple:quicktime:7.1.2 cpe:/a:apple:quicktime:7.1.3 cpe:/a:apple:quicktime:7.1.4

CVE-2007-0713

2007-03-05T17:19:00.000-05:00

2018-10-16T12:33:53.887-04:00

5.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://docs.info.apple.com/article.html?artnum=305149 APPLE APPLE-SA-2007-03-05 CERT-VN VU#880561 MISC http://www.piotrbania.com/all/adv/quicktime-heap-adv-7.1.txt BUGTRAQ 20070306 Apple QuickTime Player Remote Heap Overflow BID 22827 BID 22843 SECTRACK 1017725 CERT TA07-065A VUPEN ADV-2007-0825 XF quicktime-quicktime-bo(32817) Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file.

CVE-2007-0714

2007-03-05T17:19:00.000-05:00

2018-10-30T12:25:17.370-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov FULLDISC 20070306 Apple QuickTime udta ATOM Integer Overflow CONFIRM http://docs.info.apple.com/article.html?artnum=305149 APPLE APPLE-SA-2007-03-05 MISC http://secway.org/advisory/AD20070306.txt CERT-VN VU#861817 BUGTRAQ 20070306 Apple QuickTime udta ATOM Integer Overflow BUGTRAQ 20070307 ZDI-07-010: Apple Quicktime UDTA Parsing Heap Overflow Vulnerability BID 22827 BID 22844 SECTRACK 1017725 CERT TA07-065A VUPEN ADV-2007-0825 MISC http://www.zerodayinitiative.com/advisories/ZDI-07-010.html XF quicktime-udta-atoms-overflow(32819) Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) with an Atom size field with a large value.

CVE-2007-0715

2007-03-05T17:19:00.000-05:00

2017-07-28T21:30:21.843-04:00

5.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://docs.info.apple.com/article.html?artnum=305149 APPLE APPLE-SA-2007-03-05 CERT-VN VU#448745 BID 22827 SECTRACK 1017725 CERT TA07-065A VUPEN ADV-2007-0825 XF quicktime-pict-file-bo(32821) Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT file.

CVE-2007-0716

2007-03-05T17:19:00.000-05:00

2017-07-28T21:30:21.907-04:00

5.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://docs.info.apple.com/article.html?artnum=305149 APPLE APPLE-SA-2007-03-05 CERT-VN VU#642433 BID 22827 SECTRACK 1017725 CERT TA07-065A VUPEN ADV-2007-0825 XF quicktime-qtif-bo(32822) Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.

CVE-2007-0717

2007-03-05T17:19:00.000-05:00

2017-07-28T21:30:21.970-04:00

5.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://docs.info.apple.com/article.html?artnum=305149 APPLE APPLE-SA-2007-03-05 CERT-VN VU#410993 BID 22827 SECTRACK 1017725 CERT TA07-065A VUPEN ADV-2007-0825 XF quicktime-qtif-overflow(32823) Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.

CVE-2007-0718

2007-03-05T17:19:00.000-05:00

2018-10-16T12:33:56.577-04:00

5.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://docs.info.apple.com/article.html?artnum=305149 IDEFENSE 20070305 Apple QuickTime Color Table ID Heap Corruption Vulnerability APPLE APPLE-SA-2007-03-05 CERT-VN VU#313225 BUGTRAQ 20070306 [Reversemode Advisory] Apple Quicktime Color ID remote heap corruption BID 22827 BID 22839 SECTRACK 1017725 CERT TA07-065A VUPEN ADV-2007-0825 XF quicktime-qtif-file-bo(32826) Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists.

cpe:/o:apple:mac_os_x:10.3.9 cpe:/o:apple:mac_os_x:10.4 cpe:/o:apple:mac_os_x:10.4.1 cpe:/o:apple:mac_os_x:10.4.2 cpe:/o:apple:mac_os_x:10.4.3 cpe:/o:apple:mac_os_x:10.4.4 cpe:/o:apple:mac_os_x:10.4.5 cpe:/o:apple:mac_os_x:10.4.6 cpe:/o:apple:mac_os_x:10.4.7 cpe:/o:apple:mac_os_x:10.4.8 cpe:/o:apple:mac_os_x_server:10.3.9 cpe:/o:apple:mac_os_x_server:10.4 cpe:/o:apple:mac_os_x_server:10.4.1 cpe:/o:apple:mac_os_x_server:10.4.2 cpe:/o:apple:mac_os_x_server:10.4.3 cpe:/o:apple:mac_os_x_server:10.4.4 cpe:/o:apple:mac_os_x_server:10.4.5 cpe:/o:apple:mac_os_x_server:10.4.6 cpe:/o:apple:mac_os_x_server:10.4.7 cpe:/o:apple:mac_os_x_server:10.4.8

CVE-2007-0719

2007-03-13T17:19:00.000-04:00

2011-03-07T21:50:36.453-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=305214 APPLE APPLE-SA-2007-03-13 CERT-VN VU#449440 BID 22948 SECTRACK 1017751 CERT TA07-072A VUPEN ADV-2007-0930 Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via an image with a crafted ColorSync profile.

cpe:/a:cups:cups

CVE-2007-0720

2007-03-13T17:19:00.000-04:00

2018-10-16T12:33:57.747-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://docs.info.apple.com/article.html?artnum=305214 FEDORA FEDORA-2007-1219 APPLE APPLE-SA-2007-03-13 GENTOO GLSA-200703-28 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-194.htm MANDRIVA MDKSA-2007:086 SUSE SUSE-SR:2007:014 SUSE SUSE-SR:2007:009 REDHAT RHSA-2007:0123 BUGTRAQ 20070325 FLEA-2007-0003-1: cups BID 22948 BID 23127 SECTRACK 1017750 CERT TA07-072A VUPEN ADV-2007-0930 VUPEN ADV-2007-0949 MISC https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=232243 CONFIRM https://issues.rpath.com/browse/RPL-1173 The CUPS service on multiple platforms allows remote attackers to cause a denial of service (service hang) via a "partially-negotiated" SSL connection, which prevents other requests from being accepted.

CVE-2007-0721

2007-03-13T18:19:00.000-04:00

2011-03-07T21:50:36.750-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=305214 APPLE APPLE-SA-2007-03-13 BID 22948 SECTRACK 1017751 CERT TA07-072A VUPEN ADV-2007-0930 Unspecified vulnerability in diskimages-helper in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted compressed disk image that triggers memory corruption.

CVE-2007-0722

2007-03-13T18:19:00.000-04:00

2011-03-07T21:50:36.847-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=305214 APPLE APPLE-SA-2007-03-13 CERT-VN VU#124280 BID 22948 SECTRACK 1017751 CERT TA07-072A VUPEN ADV-2007-0930 Integer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted AppleSingleEncoding disk image.

CVE-2007-0723

2007-03-13T18:19:00.000-04:00

2011-03-07T21:50:36.970-05:00

8.5

NETWORK

MEDIUM

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=305214 APPLE APPLE-SA-2007-03-13 CERT-VN VU#557064 BID 22948 SECTRACK 1017751 CERT TA07-072A VUPEN ADV-2007-0930 Unspecified vulnerability in the authentication feature for DirectoryService (DS Plug-Ins) for Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote authenticated LDAP users to modify the root password and gain privileges via unknown vectors.

cpe:/o:apple:mac_os_x:10.3.9 cpe:/o:apple:mac_os_x:10.4 cpe:/o:apple:mac_os_x:10.4.1 cpe:/o:apple:mac_os_x:10.4.2 cpe:/o:apple:mac_os_x:10.4.3 cpe:/o:apple:mac_os_x:10.4.4 cpe:/o:apple:mac_os_x:10.4.5 cpe:/o:apple:mac_os_x:10.4.6 cpe:/o:apple:mac_os_x:10.4.7 cpe:/o:apple:mac_os_x:10.4.8 cpe:/o:apple:mac_os_x_server:10.4 cpe:/o:apple:mac_os_x_server:10.4.1 cpe:/o:apple:mac_os_x_server:10.4.2 cpe:/o:apple:mac_os_x_server:10.4.3 cpe:/o:apple:mac_os_x_server:10.4.4 cpe:/o:apple:mac_os_x_server:10.4.5 cpe:/o:apple:mac_os_x_server:10.4.6 cpe:/o:apple:mac_os_x_server:10.4.7 cpe:/o:apple:mac_os_x_server:10.4.8

CVE-2007-0724

2007-03-13T18:19:00.000-04:00

2017-07-28T21:30:22.093-04:00

6.9

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=305214 CONFIRM http://docs.info.apple.com/article.html?artnum=305391 APPLE APPLE-SA-2007-04-19 APPLE APPLE-SA-2007-03-13 BID 22948 SECTRACK 1017751 SECTRACK 1017942 CERT TA07-072A CERT TA07-109A VUPEN ADV-2007-0930 VUPEN ADV-2007-1470 XF macos-hid-privilege-escalation(32973) The IOKit HID interface in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently limit access to certain controls, which allows local users to gain privileges by using HID device events to read keystrokes from the console.

cpe:/o:apple:mac_os_x:10.3.9 cpe:/o:apple:mac_os_x:10.4 cpe:/o:apple:mac_os_x:10.4.1 cpe:/o:apple:mac_os_x:10.4.2 cpe:/o:apple:mac_os_x:10.4.3 cpe:/o:apple:mac_os_x:10.4.4 cpe:/o:apple:mac_os_x:10.4.5 cpe:/o:apple:mac_os_x:10.4.6 cpe:/o:apple:mac_os_x:10.4.7 cpe:/o:apple:mac_os_x:10.4.8 cpe:/o:apple:mac_os_x:10.4.9 cpe:/o:apple:mac_os_x_server:10.3.9 cpe:/o:apple:mac_os_x_server:10.4 cpe:/o:apple:mac_os_x_server:10.4.1 cpe:/o:apple:mac_os_x_server:10.4.2 cpe:/o:apple:mac_os_x_server:10.4.3 cpe:/o:apple:mac_os_x_server:10.4.4 cpe:/o:apple:mac_os_x_server:10.4.5 cpe:/o:apple:mac_os_x_server:10.4.6 cpe:/o:apple:mac_os_x_server:10.4.7 cpe:/o:apple:mac_os_x_server:10.4.8 cpe:/o:apple:mac_os_x_server:10.4.9

CVE-2007-0725

2007-04-24T12:19:00.000-04:00

2011-03-07T21:50:37.203-05:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=305391 APPLE APPLE-SA-2007-04-19 BID 23569 CERT TA07-109A VUPEN ADV-2007-1470 Buffer overflow in the AirPortDriver module for AirPort in Apple Mac OS X 10.3.9 through 10.4.9, when running on hardware with the original AirPort wireless card, allows local users to execute arbitrary code by "sending malformed control commands."

CVE-2007-0726

2007-03-13T18:19:00.000-04:00

2017-07-28T21:30:22.157-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://docs.info.apple.com/article.html?artnum=305214 APPLE APPLE-SA-2007-03-13 BID 22948 SECTRACK 1017756 CERT TA07-072A VUPEN ADV-2007-0930 XF macos-openssh-dos(32975) The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service by connecting to the server before SSH has finished creating keys, which causes the keys to be regenerated and can break trust relationships that were based on the original keys.

CVE-2007-0727

2017-05-11T10:29:05.573-04:00

2017-05-11T10:29:05.590-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none.

CVE-2007-0728

2007-03-13T18:19:00.000-04:00

2017-07-28T21:30:22.237-04:00

4.4

LOCAL

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=305214 APPLE APPLE-SA-2007-03-13 BID 22948 SECTRACK 1017751 CERT TA07-072A VUPEN ADV-2007-0930 XF macos-usbprinter-file-overwrite(32976) Unspecified vulnerability in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 creates files insecurely while initializing a USB printer, which allows local users to create or overwrite arbitrary files.

cpe:/o:apple:mac_os_x:10.0 cpe:/o:apple:mac_os_x:10.0.1 cpe:/o:apple:mac_os_x:10.0.2 cpe:/o:apple:mac_os_x:10.0.3 cpe:/o:apple:mac_os_x:10.0.4 cpe:/o:apple:mac_os_x:10.1 cpe:/o:apple:mac_os_x:10.1.1 cpe:/o:apple:mac_os_x:10.1.2 cpe:/o:apple:mac_os_x:10.1.3 cpe:/o:apple:mac_os_x:10.1.4 cpe:/o:apple:mac_os_x:10.1.5 cpe:/o:apple:mac_os_x:10.2 cpe:/o:apple:mac_os_x:10.2.1 cpe:/o:apple:mac_os_x:10.2.2 cpe:/o:apple:mac_os_x:10.2.3 cpe:/o:apple:mac_os_x:10.2.4 cpe:/o:apple:mac_os_x:10.2.5 cpe:/o:apple:mac_os_x:10.2.6 cpe:/o:apple:mac_os_x:10.2.7 cpe:/o:apple:mac_os_x:10.2.8 cpe:/o:apple:mac_os_x:10.3 cpe:/o:apple:mac_os_x:10.3.1 cpe:/o:apple:mac_os_x:10.3.2 cpe:/o:apple:mac_os_x:10.3.3 cpe:/o:apple:mac_os_x:10.3.4 cpe:/o:apple:mac_os_x:10.3.5 cpe:/o:apple:mac_os_x:10.3.6 cpe:/o:apple:mac_os_x:10.3.7 cpe:/o:apple:mac_os_x:10.3.8 cpe:/o:apple:mac_os_x:10.3.9 cpe:/o:apple:mac_os_x:10.4 cpe:/o:apple:mac_os_x:10.4.1 cpe:/o:apple:mac_os_x:10.4.2 cpe:/o:apple:mac_os_x:10.4.3 cpe:/o:apple:mac_os_x:10.4.4 cpe:/o:apple:mac_os_x:10.4.5 cpe:/o:apple:mac_os_x:10.4.6 cpe:/o:apple:mac_os_x:10.4.7 cpe:/o:apple:mac_os_x:10.4.8 cpe:/o:apple:mac_os_x:10.4.9 cpe:/o:apple:mac_os_x_preview.app:3.0.8 cpe:/o:apple:mac_os_x_server:10.0 cpe:/o:apple:mac_os_x_server:10.1 cpe:/o:apple:mac_os_x_server:10.1.1 cpe:/o:apple:mac_os_x_server:10.1.2 cpe:/o:apple:mac_os_x_server:10.1.3 cpe:/o:apple:mac_os_x_server:10.1.4 cpe:/o:apple:mac_os_x_server:10.1.5 cpe:/o:apple:mac_os_x_server:10.2 cpe:/o:apple:mac_os_x_server:10.2.1 cpe:/o:apple:mac_os_x_server:10.2.2 cpe:/o:apple:mac_os_x_server:10.2.3 cpe:/o:apple:mac_os_x_server:10.2.4 cpe:/o:apple:mac_os_x_server:10.2.5 cpe:/o:apple:mac_os_x_server:10.2.6 cpe:/o:apple:mac_os_x_server:10.2.7 cpe:/o:apple:mac_os_x_server:10.2.8 cpe:/o:apple:mac_os_x_server:10.3.9 cpe:/o:apple:mac_os_x_server:10.4 cpe:/o:apple:mac_os_x_server:10.4.1 cpe:/o:apple:mac_os_x_server:10.4.2 cpe:/o:apple:mac_os_x_server:10.4.3 cpe:/o:apple:mac_os_x_server:10.4.4 cpe:/o:apple:mac_os_x_server:10.4.5 cpe:/o:apple:mac_os_x_server:10.4.6 cpe:/o:apple:mac_os_x_server:10.4.7 cpe:/o:apple:mac_os_x_server:10.4.8 cpe:/o:apple:mac_os_x_server:10.4.9

CVE-2007-0729

2007-04-24T12:19:00.000-04:00

2011-03-07T21:50:37.533-05:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=305391 APPLE APPLE-SA-2007-04-19 CERT-VN VU#312424 BID 23569 SECTRACK 1017944 CERT TA07-109A VUPEN ADV-2007-1470 Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment before executing commands, which allows local users to gain privileges by setting unspecified environment variables.

cpe:/a:apple:server_manager

CVE-2007-0730

2007-03-13T18:19:00.000-04:00

2017-07-28T21:30:22.297-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=305214 APPLE APPLE-SA-2007-03-13 BID 22948 SECTRACK 1017751 CERT TA07-072A VUPEN ADV-2007-0930 XF macos-servermanager-authentication-bypass(32978) Server Manager (servermgrd) in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently validate authentication credentials, which allows remote attackers to bypass authentication and modify system configuration.

cpe:/o:apple:mac_os_x:10.3.9 cpe:/o:apple:mac_os_x:10.4.1 cpe:/o:apple:mac_os_x:10.4.2 cpe:/o:apple:mac_os_x:10.4.3 cpe:/o:apple:mac_os_x:10.4.4 cpe:/o:apple:mac_os_x:10.4.5 cpe:/o:apple:mac_os_x:10.4.6 cpe:/o:apple:mac_os_x:10.4.7 cpe:/o:apple:mac_os_x:10.4.8 cpe:/o:apple:mac_os_x_server:10.4 cpe:/o:apple:mac_os_x_server:10.4.1 cpe:/o:apple:mac_os_x_server:10.4.2 cpe:/o:apple:mac_os_x_server:10.4.3 cpe:/o:apple:mac_os_x_server:10.4.4 cpe:/o:apple:mac_os_x_server:10.4.5 cpe:/o:apple:mac_os_x_server:10.4.6 cpe:/o:apple:mac_os_x_server:10.4.7 cpe:/o:apple:mac_os_x_server:10.4.8

CVE-2007-0731

2007-03-13T18:19:00.000-04:00

2017-07-28T21:30:22.343-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=305214 APPLE APPLE-SA-2007-03-13 BID 22948 SECTRACK 1017754 CERT TA07-072A VUPEN ADV-2007-0930 XF macos-smbfileserver-bo(32979) Stack-based buffer overflow in the Apple-specific Samba module (SMB File Server) in Apple Mac OS X 10.4 through 10.4.8 allows context-dependent attackers to execute arbitrary code via a long ACL.

cpe:/o:apple:mac_os_x:10.4 cpe:/o:apple:mac_os_x:10.4.1 cpe:/o:apple:mac_os_x:10.4.2 cpe:/o:apple:mac_os_x:10.4.3 cpe:/o:apple:mac_os_x:10.4.4 cpe:/o:apple:mac_os_x:10.4.5 cpe:/o:apple:mac_os_x:10.4.6 cpe:/o:apple:mac_os_x:10.4.7 cpe:/o:apple:mac_os_x:10.4.8 cpe:/o:apple:mac_os_x:10.4.9 cpe:/o:apple:mac_os_x_server:10.4 cpe:/o:apple:mac_os_x_server:10.4.1 cpe:/o:apple:mac_os_x_server:10.4.2 cpe:/o:apple:mac_os_x_server:10.4.3 cpe:/o:apple:mac_os_x_server:10.4.4 cpe:/o:apple:mac_os_x_server:10.4.5 cpe:/o:apple:mac_os_x_server:10.4.6 cpe:/o:apple:mac_os_x_server:10.4.7 cpe:/o:apple:mac_os_x_server:10.4.8 cpe:/o:apple:mac_os_x_server:10.4.9

CVE-2007-0732

2007-04-24T12:19:00.000-04:00

2011-03-07T21:50:37.877-05:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=305391 APPLE APPLE-SA-2007-04-19 BID 23569 SECTRACK 1017942 CERT TA07-109A VUPEN ADV-2007-1470 Unspecified vulnerability in the CoreServices daemon in CarbonCore in Apple Mac OS X 10.4 through 10.4.9 allows local users to gain privileges via unspecified vectors involving "obtaining a send right to [the] Mach task port."

cpe:/a:apple:imageio

CVE-2007-0733

2007-03-13T18:19:00.000-04:00

2017-07-28T21:30:22.407-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=305214 APPLE APPLE-SA-2007-03-13 CERT-VN VU#873868 BID 22948 SECTRACK 1017758 CERT TA07-072A VUPEN ADV-2007-0930 XF macos-imageio-code-execution(32974) Unspecified vulnerability in ImageIO in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RAW image that triggers memory corruption.

CVE-2007-0734

2007-04-10T18:19:00.000-04:00

2017-07-28T21:30:22.470-04:00

5.4

ADJACENT_NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://docs.info.apple.com/article.html?artnum=305366 CONFIRM http://docs.info.apple.com/article.html?artnum=305391 APPLE APPLE-SA-2007-04-09 APPLE APPLE-SA-2007-04-19 BID 23396 BID 23569 SECTRACK 1017889 SECTRACK 1017942 CERT TA07-109A VUPEN ADV-2007-1308 VUPEN ADV-2007-1470 XF airportextreme-airportdisk-info-disclosure(33527) fsck, as used by the AirPort Disk feature of the AirPort Extreme Base Station with 802.11n before Firmware Update 7.1, and by Apple Mac OS X 10.3.9 through 10.4.9, does not properly enforce password protection of a USB hard drive, which allows context-dependent attackers to list arbitrary directories or execute arbitrary code, resulting from memory corruption.

cpe:/o:apple:mac_os_x:10.3.9 cpe:/o:apple:mac_os_x:10.4 cpe:/o:apple:mac_os_x:10.4.1 cpe:/o:apple:mac_os_x:10.4.2 cpe:/o:apple:mac_os_x:10.4.3 cpe:/o:apple:mac_os_x:10.4.4 cpe:/o:apple:mac_os_x:10.4.5 cpe:/o:apple:mac_os_x:10.4.6 cpe:/o:apple:mac_os_x:10.4.7 cpe:/o:apple:mac_os_x:10.4.8 cpe:/o:apple:mac_os_x:10.4.9 cpe:/o:apple:mac_os_x_server:10.3.9 cpe:/o:apple:mac_os_x_server:10.4 cpe:/o:apple:mac_os_x_server:10.4.1 cpe:/o:apple:mac_os_x_server:10.4.2 cpe:/o:apple:mac_os_x_server:10.4.3 cpe:/o:apple:mac_os_x_server:10.4.4 cpe:/o:apple:mac_os_x_server:10.4.5 cpe:/o:apple:mac_os_x_server:10.4.6 cpe:/o:apple:mac_os_x_server:10.4.7 cpe:/o:apple:mac_os_x_server:10.4.8 cpe:/o:apple:mac_os_x_server:10.4.9

CVE-2007-0735

2007-04-24T13:19:00.000-04:00

2011-03-07T21:50:38.220-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=305391 APPLE APPLE-SA-2007-04-19 BID 23569 SECTRACK 1017942 CERT TA07-109A VUPEN ADV-2007-1470 Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving crafted web pages that trigger certain error conditions that are not properly reported in certain circumstances, resulting in accessing deallocated memory.

cpe:/o:apple:mac_os_x:10.3.9 cpe:/o:apple:mac_os_x:10.4 cpe:/o:apple:mac_os_x:10.4.1 cpe:/o:apple:mac_os_x:10.4.2 cpe:/o:apple:mac_os_x:10.4.3 cpe:/o:apple:mac_os_x:10.4.4 cpe:/o:apple:mac_os_x:10.4.5 cpe:/o:apple:mac_os_x:10.4.6 cpe:/o:apple:mac_os_x:10.4.7 cpe:/o:apple:mac_os_x:10.4.8 cpe:/o:apple:mac_os_x:10.4.9 cpe:/o:apple:mac_os_x_server:10.3.9 cpe:/o:apple:mac_os_x_server:10.4 cpe:/o:apple:mac_os_x_server:10.4.1 cpe:/o:apple:mac_os_x_server:10.4.2 cpe:/o:apple:mac_os_x_server:10.4.3 cpe:/o:apple:mac_os_x_server:10.4.4 cpe:/o:apple:mac_os_x_server:10.4.5 cpe:/o:apple:mac_os_x_server:10.4.6 cpe:/o:apple:mac_os_x_server:10.4.7 cpe:/o:apple:mac_os_x_server:10.4.8 cpe:/o:apple:mac_os_x_server:10.4.9

CVE-2007-0736

2007-04-24T13:19:00.000-04:00

2017-07-28T21:30:22.530-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=305391 APPLE APPLE-SA-2007-04-19 BID 23569 SECTRACK 1017942 CERT TA07-109A VUPEN ADV-2007-1470 XF macos-rpc-code-execution(33782) Integer overflow in the RPC library in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via crafted requests to portmap.

CVE-2007-0737

2007-04-24T13:19:00.000-04:00

2011-03-07T21:50:38.423-05:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=305391 APPLE APPLE-SA-2007-04-19 BID 23569 SECTRACK 1017939 CERT TA07-109A VUPEN ADV-2007-1470 The Login Window in Apple Mac OS X 10.3.9 through 10.4.9 does not properly check certain environment variables, which allows local users to gain privileges via unspecified vectors.

CVE-2007-0738

2007-04-24T13:19:00.000-04:00

2011-03-07T21:50:38.547-05:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=305391 APPLE APPLE-SA-2007-04-19 BID 23569 SECTRACK 1017939 CERT TA07-109A VUPEN ADV-2007-1470 The Login Window in Apple Mac OS X 10.4 through 10.4.9 does not display the screen saver authentication dialog in certain circumstances when waking from sleep, even though the "require a password to wake the computer from sleep" option is enabled, which allows local users to bypass authentication controls.

CVE-2007-0739

2007-04-24T13:19:00.000-04:00

2011-03-07T21:50:38.657-05:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=305391 APPLE APPLE-SA-2007-04-19 BID 23569 SECTRACK 1017939 CERT TA07-109A VUPEN ADV-2007-1470 The Login Window in Apple Mac OS X 10.4 through 10.4.9 displays the software update window beneath the loginwindow authentication dialog in certain circumstances related to running scheduled tasks, which allows local users to bypass authentication controls.

cpe:/o:apple:mac_os_x:10.3.9 cpe:/o:apple:mac_os_x:10.4.9

CVE-2007-0740

2007-05-24T18:30:00.000-04:00

2017-07-28T21:30:22.593-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=305530 APPLE APPLE-SA-2007-05-24 BID 24144 SECTRACK 1018121 VUPEN ADV-2007-1939 XF macos-diskimage-code-execution(34498) Alias Manager in Apple Mac OS X 10.3.9 and 10.4.9 does not display files with the same name in mounted disk images that have the same name, which might allow user-assisted attackers to trick a user into executing malicious files.

CVE-2007-0741

2007-04-24T13:19:00.000-04:00

2011-03-07T21:50:38.860-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=305391 APPLE APPLE-SA-2007-04-19 BID 23569 SECTRACK 1017942 CERT TA07-109A VUPEN ADV-2007-1470 Buffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9 through 10.4.9, when Internet Sharing is enabled, allows remote attackers to execute arbitrary code via malformed RTSP packets.

cpe:/o:apple:mac_os_x:10.3.9

CVE-2007-0742

2007-04-24T13:19:00.000-04:00

2011-03-07T21:50:38.970-05:00

7.8

NETWORK

LOW

NONE

COMPLETE

NONE

http://nvd.nist.gov CONFIRM http://docs.info.apple.com/article.html?artnum=305391 APPLE APPLE-SA-2007-04-19 BID 23569 SECTRACK 1017942 CERT TA07-109A VUPEN ADV-2007-1470 The WebFoundation framework in Apple Mac OS X 10.3.9 and earlier allows subdomain cookies to be accessed by the parent domain, which allows remote attackers to obtain sensitive information.

CVE-2007-0743

2007-04-24T13:19:00.000-04:00

2011-03-07T21:50:39.097-05:00

4.9

LOCAL

LOW

NONE

COMPLETE

NONE

http://nvd.nist.gov CONFIRM http://docs.info.apple.com/article.html?artnum=305391 APPLE APPLE-SA-2007-04-19 BID 23569 SECTRACK 1017942 CERT TA07-109A VUPEN ADV-2007-1470 URLMount in Apple Mac OS X 10.3.9 through 10.4.9 passes the username and password credentials for mounting filesystems on SMB servers as command line arguments to the mount_sub command, which may allow local users to obtain sensitive information by listing the process.

cpe:/o:apple:mac_os_x:10.3.9 cpe:/o:apple:mac_os_x:10.4 cpe:/o:apple:mac_os_x:10.4.1 cpe:/o:apple:mac_os_x:10.4.2 cpe:/o:apple:mac_os_x:10.4.3 cpe:/o:apple:mac_os_x:10.4.4 cpe:/o:apple:mac_os_x:10.4.5 cpe:/o:apple:mac_os_x:10.4.6 cpe:/o:apple:mac_os_x:10.4.7 cpe:/o:apple:mac_os_x:10.4.8 cpe:/o:apple:mac_os_x:10.4.9 cpe:/o:apple:mac_os_x_server:10.3.9 cpe:/o:apple:mac_os_x_server:10.4 cpe:/o:apple:mac_os_x_server:10.4.1 cpe:/o:apple:mac_os_x_server:10.4.2 cpe:/o:apple:mac_os_x_server:10.4.3 cpe:/o:apple:mac_os_x_server:10.4.4 cpe:/o:apple:mac_os_x_server:10.4.5 cpe:/o:apple:mac_os_x_server:10.4.6 cpe:/o:apple:mac_os_x_server:10.4.7 cpe:/o:apple:mac_os_x_server:10.4.8 cpe:/o:apple:mac_os_x_server:10.4.9

CVE-2007-0744

2007-04-24T13:19:00.000-04:00

2011-03-07T21:50:39.187-05:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=305391 APPLE APPLE-SA-2007-04-19 BID 23569 CERT TA07-109A VUPEN ADV-2007-1470 SMB in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when executing commands, which allows local users to gain privileges by setting unspecified environment variables.

cpe:/o:apple:mac_os_x_server:10.4.9

CVE-2007-0745

2007-05-02T17:19:00.000-04:00

2017-07-28T21:30:22.640-04:00

7.1

ADJACENT_NETWORK

LOW

SINGLE_INSTANCE

COMPLETE

NONE

http://nvd.nist.gov APPLE APPLE-SA-2007-05-01 SECTRACK 1017990 XF macos-ftpserver-unauthorized-access(34001) The Apple Security Update 2007-004 uses an incorrect configuration file for FTPServer in Apple Mac OS X Server 10.4.9, which might allow remote authenticated users to access additional directories.

cpe:/o:apple:mac_os_x:10.3.9 cpe:/o:apple:mac_os_x:10.4 cpe:/o:apple:mac_os_x:10.4.1 cpe:/o:apple:mac_os_x:10.4.2 cpe:/o:apple:mac_os_x:10.4.3 cpe:/o:apple:mac_os_x:10.4.4 cpe:/o:apple:mac_os_x:10.4.5 cpe:/o:apple:mac_os_x:10.4.6 cpe:/o:apple:mac_os_x:10.4.7 cpe:/o:apple:mac_os_x:10.4.8 cpe:/o:apple:mac_os_x:10.4.9 cpe:/o:apple:mac_os_x_server:10.3.9 cpe:/o:apple:mac_os_x_server:10.4 cpe:/o:apple:mac_os_x_server:10.4.1 cpe:/o:apple:mac_os_x_server:10.4.2 cpe:/o:apple:mac_os_x_server:10.4.3 cpe:/o:apple:mac_os_x_server:10.4.4 cpe:/o:apple:mac_os_x_server:10.4.5 cpe:/o:apple:mac_os_x_server:10.4.6 cpe:/o:apple:mac_os_x_server:10.4.7 cpe:/o:apple:mac_os_x_server:10.4.8 cpe:/o:apple:mac_os_x_server:10.4.9

CVE-2007-0746

2007-04-24T13:19:00.000-04:00

2011-03-07T21:50:39.377-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=305391 APPLE APPLE-SA-2007-04-19 CERT-VN VU#969969 BID 23569 SECTRACK 1017942 CERT TA07-109A VUPEN ADV-2007-1470 Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via a "crafted SIP packet when initializing an audio/video conference".

cpe:/o:apple:mac_os_x:10.3.9 cpe:/o:apple:mac_os_x:10.4 cpe:/o:apple:mac_os_x:10.4.1 cpe:/o:apple:mac_os_x:10.4.2 cpe:/o:apple:mac_os_x:10.4.3 cpe:/o:apple:mac_os_x:10.4.4 cpe:/o:apple:mac_os_x:10.4.5 cpe:/o:apple:mac_os_x:10.4.6 cpe:/o:apple:mac_os_x:10.4.7 cpe:/o:apple:mac_os_x:10.4.8 cpe:/o:apple:mac_os_x:10.4.9 cpe:/o:apple:mac_os_x_server:10.3.9 cpe:/o:apple:mac_os_x_server:10.4 cpe:/o:apple:mac_os_x_server:10.4.1 cpe:/o:apple:mac_os_x_server:10.4.2 cpe:/o:apple:mac_os_x_server:10.4.3 cpe:/o:apple:mac_os_x_server:10.4.4 cpe:/o:apple:mac_os_x_server:10.4.5 cpe:/o:apple:mac_os_x_server:10.4.6 cpe:/o:apple:mac_os_x_server:10.4.7 cpe:/o:apple:mac_os_x_server:10.4.8 cpe:/o:apple:mac_os_x_server:10.4.9

CVE-2007-0747

2007-04-24T13:19:00.000-04:00

2013-07-03T11:33:14.137-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=305391 APPLE APPLE-SA-2007-04-19 CERT-VN VU#474969 BID 23569 SECTRACK 1017942 CERT TA07-109A VUPEN ADV-2007-1470 load_webdav in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when mounting a WebDAV filesystem, which allows local users to gain privileges by setting unspecified environment variables.

cpe:/a:apple:darwin_streaming_server:4.1.2 cpe:/a:apple:darwin_streaming_server:4.1.3 cpe:/a:apple:darwin_streaming_server:5.0.1 cpe:/a:apple:darwin_streaming_server:5.5.4

CVE-2007-0748

2007-05-13T18:19:00.000-04:00

2017-07-28T21:30:22.737-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=305495 IDEFENSE 20070510 Apple Darwin Streaming Proxy Multiple Vulnerabilities APPLE APPLE-SA-2007-05-10 BID 23918 SECTRACK 1018047 VUPEN ADV-2007-1770 XF darwin-trackid-bo(34225) Heap-based buffer overflow in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allows remote attackers to execute arbitrary code via multiple trackID values in a SETUP RTSP request.

cpe:/a:apple:darwin_streaming_server:4.1.2 cpe:/a:apple:darwin_streaming_server:4.1.3 cpe:/a:apple:darwin_streaming_server:5.0.1 cpe:/a:apple:darwin_streaming_server:5.5.4

CVE-2007-0749

2007-05-13T18:19:00.000-04:00

2017-07-28T21:30:22.797-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=305495 IDEFENSE 20070510 Apple Darwin Streaming Proxy Multiple Vulnerabilities APPLE APPLE-SA-2007-05-10 BID 23918 SECTRACK 1018047 VUPEN ADV-2007-1770 XF darwin-iscommand-bo(34222) Multiple stack-based buffer overflows in the is_command function in proxy.c in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allow remote attackers to execute arbitrary code via a long (1) cmd or (2) server value in an RTSP request.

CVE-2007-0750

2007-05-24T18:30:00.000-04:00

2017-07-28T21:30:22.860-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=305530 APPLE APPLE-SA-2007-05-24 BID 24144 SECTRACK 1018114 VUPEN ADV-2007-1939 XF macos-pdf-bo(34499) Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to 10.4.9 allows remote user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted PDF file.

cpe:/o:apple:mac_os_x:10.3 cpe:/o:apple:mac_os_x:10.3.1 cpe:/o:apple:mac_os_x:10.3.2 cpe:/o:apple:mac_os_x:10.3.3 cpe:/o:apple:mac_os_x:10.3.4 cpe:/o:apple:mac_os_x:10.3.5 cpe:/o:apple:mac_os_x:10.3.6 cpe:/o:apple:mac_os_x:10.3.7 cpe:/o:apple:mac_os_x:10.3.8 cpe:/o:apple:mac_os_x:10.3.9 cpe:/o:apple:mac_os_x:10.4 cpe:/o:apple:mac_os_x:10.4.1 cpe:/o:apple:mac_os_x:10.4.2 cpe:/o:apple:mac_os_x:10.4.3 cpe:/o:apple:mac_os_x:10.4.4 cpe:/o:apple:mac_os_x:10.4.5 cpe:/o:apple:mac_os_x:10.4.6 cpe:/o:apple:mac_os_x:10.4.7 cpe:/o:apple:mac_os_x:10.4.8 cpe:/o:apple:mac_os_x:10.4.9 cpe:/o:apple:mac_os_x_server:10.3 cpe:/o:apple:mac_os_x_server:10.3.1 cpe:/o:apple:mac_os_x_server:10.3.2 cpe:/o:apple:mac_os_x_server:10.3.3 cpe:/o:apple:mac_os_x_server:10.3.4 cpe:/o:apple:mac_os_x_server:10.3.5 cpe:/o:apple:mac_os_x_server:10.3.6 cpe:/o:apple:mac_os_x_server:10.3.7 cpe:/o:apple:mac_os_x_server:10.3.8 cpe:/o:apple:mac_os_x_server:10.3.9 cpe:/o:apple:mac_os_x_server:10.4 cpe:/o:apple:mac_os_x_server:10.4.1 cpe:/o:apple:mac_os_x_server:10.4.2 cpe:/o:apple:mac_os_x_server:10.4.3 cpe:/o:apple:mac_os_x_server:10.4.4 cpe:/o:apple:mac_os_x_server:10.4.5 cpe:/o:apple:mac_os_x_server:10.4.6 cpe:/o:apple:mac_os_x_server:10.4.7 cpe:/o:apple:mac_os_x_server:10.4.8 cpe:/o:apple:mac_os_x_server:10.4.9

CVE-2007-0751

2007-05-24T18:30:00.000-04:00

2017-07-28T21:30:22.923-04:00

2.1

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://docs.info.apple.com/article.html?artnum=305530 APPLE APPLE-SA-2007-05-24 BID 24144 SECTRACK 1018117 VUPEN ADV-2007-1939 XF macos-tmpfilesystem-dos(34500) A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9 might delete filesystems that have been mounted in /tmp, which might allow local users to cause a denial of service, related to the find command.

cpe:/o:apple:mac_os_x:10.4.8 cpe:/o:apple:mac_os_x_server:10.4.8

CVE-2007-0752

2007-05-24T18:30:00.000-04:00

2017-07-28T21:30:23.203-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=305530 IDEFENSE 20070524 Apple Computer Mac OS X pppd Plugin Loading Privilege Escalation Vulnerability APPLE APPLE-SA-2007-05-24 BID 24144 SECTRACK 1018124 VUPEN ADV-2007-1939 XF macos-pppd-privilege-escalation(34503) The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check.

CVE-2007-0753

2007-05-24T18:30:00.000-04:00

2018-10-16T12:34:04.090-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=305530 APPLE APPLE-SA-2007-05-24 BUGTRAQ 20070529 Mac OS X vpnd local format string BUGTRAQ 20070529 Re: Mac OS X vpnd local format string BID 24144 BID 24208 SECTRACK 1018125 VUPEN ADV-2007-1939 XF macos-vpnd-format-string(34505) Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter.

cpe:/a:apple:quicktime:7.1.2

CVE-2007-0754

2007-05-14T17:19:00.000-04:00

2018-10-16T12:34:04.777-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://docs.info.apple.com/article.html?artnum=304357 MISC http://dvlabs.tippingpoint.com/advisory/TPTI-07-07 SREASON 2703 BUGTRAQ 20070511 TPTI-07-07: Apple QuickTime STSD Parsing Heap Overflow Vulnerability BID 23923 XF quicktime-stsd-bo(34244) Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted Sample Table Sample Descriptor (STSD) atom size in a QuickTime movie.

cpe:/a:chicken_of_the_vnc:chicken_of_the_vnc:2.0

CVE-2007-0756

2007-02-05T21:28:00.000-05:00

2018-10-16T12:34:05.230-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov SREASON 2220 BUGTRAQ 20070202 Chicken of the VNC 2.0 remote DoS BUGTRAQ 20070426 Re: Chicken of the VNC 2.0 remote DoS BID 22372 XF cotv-serverinit-dos(32166) EXPLOIT-DB 3257 Chicken of the VNC (cotv) 2.0 allows remote attackers to cause a denial of service (application crash) via a large computer-name size value in a ServerInit packet, which triggers a failed malloc and a resulting NULL dereference.

cpe:/a:miguel_nunes:call_of_duty_2_dreamstats_system:4.2

CVE-2007-0757

2007-02-05T21:28:00.000-05:00

2017-10-18T21:30:04.207-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VIM 20070202 true: DreamStats V 4.2=(index.php)=>Remote File Include BID 22371 VUPEN ADV-2007-0479 XF cod2dreamstats-index-file-include(32160) EXPLOIT-DB 3251 PHP remote file inclusion vulnerability in index.php in Miguel Nunes Call of Duty 2 (CoD2) DreamStats System 4.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter.

cpe:/a:phpprobid:phpprobid:5.24

CVE-2007-0758

2007-02-05T21:28:00.000-05:00

2017-07-28T21:30:23.530-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22374 XF phpprobid-lang-file-include(32273) PHP remote file inclusion vulnerability in lang.php in PHPProbid 5.24 allows remote attackers to execute arbitrary PHP code via a URL in the SRC attribute of an HTML element in the lang parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:umberto_caldera:easymoblog:0.5.1

CVE-2007-0759

2007-02-05T21:28:00.000-05:00

2008-11-15T01:41:45.827-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov FULLDISC 20070201 Remote Sql Injection in EasyMoblog 0.5.1 # 2 FULLDISC 20070201 Remote Sql Injection in EasyMoblog 0.5.1 BID 22369 MISC http://www.zion-security.com/text/Sql_Vulnerability_EasymoBlog%232.txt MISC http://www.zion-security.com/text/Sql_Vulnerability_EasymoBlog.txt Multiple SQL injection vulnerabilities in EasyMoblog 0.5.1 allow remote attackers to execute arbitrary SQL commands via the (1) i or (2) post_id parameter to add_comment.php, which triggers an injection in libraries.inc.php; or (3) the i parameter to list_comments.php, which triggers an injection in libraries.inc.php.

cpe:/a:eqdkp:eqdkp:1.3.1

CVE-2007-0760

2007-02-05T21:28:00.000-05:00

2017-10-18T21:30:04.300-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 20805 XF eqdkp-backup-information-disclosure(32152) EXPLOIT-DB 3252 EQdkp 1.3.1 and earlier authenticates administrative requests by verifying that the HTTP Referer header specifies an admin/ URL, which allows remote attackers to read or modify account names and passwords via a spoofed Referer.

cpe:/a:phpbb:ezboard_converter:0.2

CVE-2007-0761

2007-02-05T21:28:00.000-05:00

2017-10-18T21:30:04.410-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VIM 20070202 true: phpBB ezBoard converter 0.2 (ezconvert_dir) Remote File Include Exploit VUPEN ADV-2007-0473 MISC http://www.xoron.info/bugs/ezconvert.txt XF ezboard-config-file-include(32157) EXPLOIT-DB 3258 PHP remote file inclusion vulnerability in config.php in phpBB ezBoard converter (ezconvert) 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the ezconvert_dir parameter.

cpe:/a:phpbb%2b%2b:phpbb%2b%2b:build_100

CVE-2007-0762

2007-02-05T21:28:00.000-05:00

2017-10-18T21:30:04.473-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VIM 20070202 phpBB++ Build 100 (phpbb_root_path) Remote File Include Exploit BID 22376 VUPEN ADV-2007-0472 XF phpbbplusplus-functions-file-include(32159) EXPLOIT-DB 3259 PHP remote file inclusion vulnerability in includes/functions.php in phpBB++ Build 100 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

cpe:/a:f3site:f3site:2.1

CVE-2007-0763

2007-02-05T21:28:00.000-05:00

2017-10-18T21:30:04.537-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BID 22379 XF f3site-autor-xss(32188) EXPLOIT-DB 3255 Cross-site scripting (XSS) vulnerability in the news comment functionality in F3Site 2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the Autor field.

cpe:/a:f3site:f3site:2.1

CVE-2007-0764

2007-02-05T21:28:00.000-05:00

2017-10-18T21:30:04.613-04:00

6.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov XF f3site-adm-file-upload(32189) EXPLOIT-DB 3255 Unrestricted file upload vulnerability in F3Site 2.1 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP scripts via GIF86 header in a file in the uplf parameter, which can be later accessed via a relative pathname in the dir parameter in adm.php.

cpe:/a:db_masters_multimedia:curium_cms:1.03

CVE-2007-0765

2007-02-05T21:28:00.000-05:00

2017-10-18T21:30:04.737-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov BID 22373 VUPEN ADV-2007-0474 XF curium-news-sql-injection(32148) EXPLOIT-DB 3256 SQL injection vulnerability in news.php in dB Masters Curium CMS 1.03 and earlier allows remote attackers to execute arbitrary SQL commands via the c_id parameter.

cpe:/a:remotesoft:.net_explorer:2.0.1

CVE-2007-0766

2007-02-05T21:28:00.000-05:00

2017-10-18T21:30:04.787-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 22377 XF netexplorer-char-bo(32182) EXPLOIT-DB 3254 Stack-based buffer overflow in Remotesoft .NET Explorer 2.0.1 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp file.

cpe:/a:phorum:phorum:5.1.17

CVE-2007-0767

2007-02-05T21:28:00.000-05:00

2017-07-28T21:30:23.970-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://www.phorum.org/phorum5/read.php?12,119757 VUPEN ADV-2007-0410 XF phorum-core-xss(44201) Cross-site scripting (XSS) vulnerability in the core in Phorum before 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

cpe:/a:yahoo:messenger:8.1.0.209

CVE-2007-0768

2007-02-05T21:28:00.000-05:00

2018-10-16T12:34:05.777-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BUGTRAQ 20070126 Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger BUGTRAQ 20070127 RE: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger BUGTRAQ 20070127 Re: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger BID 22269 Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields. NOTE: some of these details are obtained from third party information.

cpe:/a:phorum:phorum:5.1.18

CVE-2007-0769

2007-02-05T21:28:00.000-05:00

2018-10-16T12:34:06.263-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov MISC http://www.phorum.org/phorum5/read.php?12,119757 BUGTRAQ 20070129 Phorum HTML Injection Vulnerability BUGTRAQ 20070129 Re: Phorum HTML Injection Vulnerability BID 22297 VUPEN ADV-2007-0410 ** DISPUTED ** Cross-site scripting (XSS) vulnerability in register.php in Phorum 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the vendor disputes this vulnerability, stating that "The characters are escaped properly."

cpe:/a:graphicsmagick:graphicsmagick cpe:/a:imagemagick:imagemagick:6.3.3.4

CVE-2007-0770

2007-02-12T15:28:00.000-05:00

2018-10-16T12:34:06.623-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov DEBIAN DSA-1260 MANDRIVA MDKSA-2007:041 SUSE SUSE-SR:2007:003 BUGTRAQ 20070208 rPSA-2007-0029-1 ImageMagick UBUNTU USN-422-1 CONFIRM https://issues.rpath.com/browse/RPL-1034 Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOTE: this issue is due to an incomplete patch for CVE-2006-5456.

cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:2.6.18:rc1 cpe:/o:linux:linux_kernel:2.6.18:rc2 cpe:/o:linux:linux_kernel:2.6.18:rc3 cpe:/o:linux:linux_kernel:2.6.18:rc4 cpe:/o:linux:linux_kernel:2.6.18:rc5 cpe:/o:linux:linux_kernel:2.6.18:rc6 cpe:/o:linux:linux_kernel:2.6.18:rc7 cpe:/o:linux:linux_kernel:2.6.18.1 cpe:/o:linux:linux_kernel:2.6.18.2 cpe:/o:linux:linux_kernel:2.6.18.3 cpe:/o:linux:linux_kernel:2.6.18.4 cpe:/o:redhat:enterprise_linux:5.0::desktop cpe:/o:redhat:enterprise_linux:5.0::desktop_workstation cpe:/o:redhat:enterprise_linux:5.0::server

CVE-2007-0771

2007-05-02T18:19:00.000-04:00

2017-10-10T21:31:38.750-04:00

4.9

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov SECTRACK 1017979 REDHAT RHSA-2007:0169 BID 23720 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=227952 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=228816 XF kernel-utracesupport-dos(34128) The utrace support in Linux kernel 2.6.18, and other versions, allows local users to cause a denial of service (system hang) related to "MT exec + utrace_attach spin failure mode," as demonstrated by ptrace-thrash.c.

cpe:/o:linux:linux_kernel:2.6.13 cpe:/o:linux:linux_kernel:2.6.13.1 cpe:/o:linux:linux_kernel:2.6.13.2 cpe:/o:linux:linux_kernel:2.6.13.3 cpe:/o:linux:linux_kernel:2.6.13.4 cpe:/o:linux:linux_kernel:2.6.13.5 cpe:/o:linux:linux_kernel:2.6.14 cpe:/o:linux:linux_kernel:2.6.14.1 cpe:/o:linux:linux_kernel:2.6.14.2 cpe:/o:linux:linux_kernel:2.6.14.3 cpe:/o:linux:linux_kernel:2.6.14.4 cpe:/o:linux:linux_kernel:2.6.14.5 cpe:/o:linux:linux_kernel:2.6.14.6 cpe:/o:linux:linux_kernel:2.6.14.7 cpe:/o:linux:linux_kernel:2.6.15 cpe:/o:linux:linux_kernel:2.6.15.1 cpe:/o:linux:linux_kernel:2.6.15.2 cpe:/o:linux:linux_kernel:2.6.15.3 cpe:/o:linux:linux_kernel:2.6.15.4 cpe:/o:linux:linux_kernel:2.6.15.5 cpe:/o:linux:linux_kernel:2.6.15.6 cpe:/o:linux:linux_kernel:2.6.15.7 cpe:/o:linux:linux_kernel:2.6.16 cpe:/o:linux:linux_kernel:2.6.16.1 cpe:/o:linux:linux_kernel:2.6.16.2 cpe:/o:linux:linux_kernel:2.6.16.3 cpe:/o:linux:linux_kernel:2.6.16.4 cpe:/o:linux:linux_kernel:2.6.16.5 cpe:/o:linux:linux_kernel:2.6.16.6 cpe:/o:linux:linux_kernel:2.6.16.7 cpe:/o:linux:linux_kernel:2.6.16.8 cpe:/o:linux:linux_kernel:2.6.16.9 cpe:/o:linux:linux_kernel:2.6.16.10 cpe:/o:linux:linux_kernel:2.6.16.11 cpe:/o:linux:linux_kernel:2.6.16.12 cpe:/o:linux:linux_kernel:2.6.16.13 cpe:/o:linux:linux_kernel:2.6.16.14 cpe:/o:linux:linux_kernel:2.6.16.15 cpe:/o:linux:linux_kernel:2.6.16.16 cpe:/o:linux:linux_kernel:2.6.16.17 cpe:/o:linux:linux_kernel:2.6.16.18 cpe:/o:linux:linux_kernel:2.6.16.19 cpe:/o:linux:linux_kernel:2.6.16.20 cpe:/o:linux:linux_kernel:2.6.16.21 cpe:/o:linux:linux_kernel:2.6.16.22 cpe:/o:linux:linux_kernel:2.6.16.23 cpe:/o:linux:linux_kernel:2.6.16.24 cpe:/o:linux:linux_kernel:2.6.16.25 cpe:/o:linux:linux_kernel:2.6.16.26 cpe:/o:linux:linux_kernel:2.6.16.27 cpe:/o:linux:linux_kernel:2.6.16.28 cpe:/o:linux:linux_kernel:2.6.16.29 cpe:/o:linux:linux_kernel:2.6.16.30 cpe:/o:linux:linux_kernel:2.6.16.31 cpe:/o:linux:linux_kernel:2.6.16.32 cpe:/o:linux:linux_kernel:2.6.16.33 cpe:/o:linux:linux_kernel:2.6.16.34 cpe:/o:linux:linux_kernel:2.6.16.35 cpe:/o:linux:linux_kernel:2.6.16.36 cpe:/o:linux:linux_kernel:2.6.16.37 cpe:/o:linux:linux_kernel:2.6.16.38 cpe:/o:linux:linux_kernel:2.6.16.39 cpe:/o:linux:linux_kernel:2.6.16.40 cpe:/o:linux:linux_kernel:2.6.16.41 cpe:/o:linux:linux_kernel:2.6.16.42 cpe:/o:linux:linux_kernel:2.6.16.43 cpe:/o:linux:linux_kernel:2.6.16.44 cpe:/o:linux:linux_kernel:2.6.16.45 cpe:/o:linux:linux_kernel:2.6.16.46 cpe:/o:linux:linux_kernel:2.6.16.47 cpe:/o:linux:linux_kernel:2.6.16.48 cpe:/o:linux:linux_kernel:2.6.16.49 cpe:/o:linux:linux_kernel:2.6.16.50 cpe:/o:linux:linux_kernel:2.6.16.51 cpe:/o:linux:linux_kernel:2.6.16.52 cpe:/o:linux:linux_kernel:2.6.16.53 cpe:/o:linux:linux_kernel:2.6.16.54 cpe:/o:linux:linux_kernel:2.6.16.55 cpe:/o:linux:linux_kernel:2.6.16.56 cpe:/o:linux:linux_kernel:2.6.16.57 cpe:/o:linux:linux_kernel:2.6.16.59 cpe:/o:linux:linux_kernel:2.6.16.60 cpe:/o:linux:linux_kernel:2.6.16.61 cpe:/o:linux:linux_kernel:2.6.16.62 cpe:/o:linux:linux_kernel:2.6.17 cpe:/o:linux:linux_kernel:2.6.17.1 cpe:/o:linux:linux_kernel:2.6.17.2 cpe:/o:linux:linux_kernel:2.6.17.3 cpe:/o:linux:linux_kernel:2.6.17.4 cpe:/o:linux:linux_kernel:2.6.17.5 cpe:/o:linux:linux_kernel:2.6.17.6 cpe:/o:linux:linux_kernel:2.6.17.7 cpe:/o:linux:linux_kernel:2.6.17.8 cpe:/o:linux:linux_kernel:2.6.17.9 cpe:/o:linux:linux_kernel:2.6.17.10 cpe:/o:linux:linux_kernel:2.6.17.11 cpe:/o:linux:linux_kernel:2.6.17.12 cpe:/o:linux:linux_kernel:2.6.17.13 cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:2.6.18:rc1 cpe:/o:linux:linux_kernel:2.6.18:rc2 cpe:/o:linux:linux_kernel:2.6.18:rc3 cpe:/o:linux:linux_kernel:2.6.18:rc4 cpe:/o:linux:linux_kernel:2.6.18:rc5 cpe:/o:linux:linux_kernel:2.6.18:rc6 cpe:/o:linux:linux_kernel:2.6.18:rc7 cpe:/o:linux:linux_kernel:2.6.18.1 cpe:/o:linux:linux_kernel:2.6.18.2 cpe:/o:linux:linux_kernel:2.6.18.4 cpe:/o:linux:linux_kernel:2.6.18.5 cpe:/o:linux:linux_kernel:2.6.18.6 cpe:/o:linux:linux_kernel:2.6.18.7 cpe:/o:linux:linux_kernel:2.6.18.8 cpe:/o:linux:linux_kernel:2.6.19 cpe:/o:linux:linux_kernel:2.6.19.1 cpe:/o:linux:linux_kernel:2.6.19.2 cpe:/o:linux:linux_kernel:2.6.19.3 cpe:/o:linux:linux_kernel:2.6.19.4 cpe:/o:linux:linux_kernel:2.6.19.5 cpe:/o:linux:linux_kernel:2.6.19.6 cpe:/o:linux:linux_kernel:2.6.19.7 cpe:/o:linux:linux_kernel:2.6.20

CVE-2007-0772

2007-02-20T12:28:00.000-05:00

2017-07-28T21:30:24.110-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.1 MANDRIVA MDKSA-2007:060 MANDRIVA MDKSA-2007:078 SUSE SUSE-SA:2007:018 SUSE SUSE-SA:2007:021 BUGTRAQ 20070615 rPSA-2007-0124-1 kernel xen BID 22625 UBUNTU USN-451-1 VUPEN ADV-2007-0660 XF kernel-nfsaclsvc-dos(32578) CONFIRM https://issues.rpath.com/browse/RPL-1063 The Linux kernel 2.6.13 and other versions before 2.6.20.1 allows remote attackers to cause a denial of service (oops) via a crafted NFSACL 2 ACCESS request that triggers a free of an incorrect pointer.

cpe:/o:redhat:enterprise_linux:4.4::as cpe:/o:redhat:enterprise_linux:4.4::es cpe:/o:redhat:enterprise_linux:4.4::ws cpe:/o:redhat:enterprise_linux_desktop:4.4

CVE-2007-0773

2007-06-26T14:30:00.000-04:00

2017-10-10T21:31:38.813-04:00

4.6

LOCAL

LOW

SINGLE_INSTANCE

NONE

COMPLETE

http://nvd.nist.gov MISC http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243252 REDHAT RHSA-2007:0488 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm SUSE SUSE-SA:2007:053 The Linux kernel before 2.6.9-42.0.8 in Red Hat 4.4 allows local users to cause a denial of service (kernel OOPS from null dereference) via fput in a 32-bit ioctl on 64-bit x86 systems, an incomplete fix of CVE-2005-3044.1.

cpe:/a:apache:tomcat_jk_web_server_connector:1.2.19 cpe:/a:apache:tomcat_jk_web_server_connector:1.2.20

CVE-2007-0774

2007-03-04T17:19:00.000-05:00

2019-04-15T12:29:08.287-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

HP SSRT071447 SECTRACK 1017719 CONFIRM http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html CONFIRM http://tomcat.apache.org/security-jk.html CISCO 20080130 Cisco Wireless Control System Tomcat mod_jk.so Vulnerability GENTOO GLSA-200703-16 REDHAT RHSA-2007:0096 BUGTRAQ 20070302 ZDI-07-008: Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability BID 22791 VUPEN ADV-2007-0809 VUPEN ADV-2007-3386 VUPEN ADV-2008-0331 MISC http://www.zerodayinitiative.com/advisories/ZDI-07-008.html XF tomcat-mapuritoworker-bo(32794) MLIST [tomcat-dev] 20190413 svn commit: r1857494 [18/20] - in /tomcat/site/trunk: ./ docs/ xdocs/ MLIST [tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/ MLIST [tomcat-dev] 20190325 svn commit: r1856174 [25/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ MLIST [tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.

cpe:/a:mozilla:firefox:1.0 cpe:/a:mozilla:firefox:1.0.1 cpe:/a:mozilla:firefox:1.0.2 cpe:/a:mozilla:firefox:1.0.3 cpe:/a:mozilla:firefox:1.0.4 cpe:/a:mozilla:firefox:1.0.5 cpe:/a:mozilla:firefox:1.0.6 cpe:/a:mozilla:firefox:1.0.6::linux cpe:/a:mozilla:firefox:1.0.7 cpe:/a:mozilla:firefox:1.0.8 cpe:/a:mozilla:firefox:1.5 cpe:/a:mozilla:firefox:1.5:beta1 cpe:/a:mozilla:firefox:1.5:beta2 cpe:/a:mozilla:firefox:1.5.0.1 cpe:/a:mozilla:firefox:1.5.0.2 cpe:/a:mozilla:firefox:1.5.0.3 cpe:/a:mozilla:firefox:1.5.0.4 cpe:/a:mozilla:firefox:1.5.0.5 cpe:/a:mozilla:firefox:1.5.0.6 cpe:/a:mozilla:firefox:1.5.0.7 cpe:/a:mozilla:firefox:1.5.0.8 cpe:/a:mozilla:firefox:1.5.0.9 cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:firefox:2.0:beta_1 cpe:/a:mozilla:firefox:2.0:rc2 cpe:/a:mozilla:firefox:2.0:rc3 cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:seamonkey:1.0::alpha cpe:/a:mozilla:seamonkey:1.0:beta cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:thunderbird:1.0.3 cpe:/a:mozilla:thunderbird:1.0.4 cpe:/a:mozilla:thunderbird:1.0.5 cpe:/a:mozilla:thunderbird:1.0.6 cpe:/a:mozilla:thunderbird:1.0.7 cpe:/a:mozilla:thunderbird:1.0.8 cpe:/a:mozilla:thunderbird:1.5

CVE-2007-0775

2007-02-26T14:28:00.000-05:00

2018-10-16T12:34:08.637-04:00

3.7

LOCAL

HIGH

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

SGI 20070202-01-P SGI 20070301-01-P FEDORA FEDORA-2007-281 FEDORA FEDORA-2007-293 FEDORA FEDORA-2007-308 FEDORA FEDORA-2007-309 HP HPSBUX02153 SUSE SUSE-SA:2007:019 REDHAT RHSA-2007:0077 GENTOO GLSA-200703-04 GENTOO GLSA-200703-18 SLACKWARE SSA:2007-066-05 SLACKWARE SSA:2007-066-04 SLACKWARE SSA:2007-066-03 DEBIAN DSA-1336 GENTOO GLSA-200703-08 CERT-VN VU#761756 MANDRIVA MDKSA-2007:050 MANDRIVA MDKSA-2007:052 CONFIRM http://www.mozilla.org/security/announce/2007/mfsa2007-01.html SUSE SUSE-SA:2007:022 REDHAT RHSA-2007:0078 REDHAT RHSA-2007:0079 REDHAT RHSA-2007:0097 REDHAT RHSA-2007:0108 BUGTRAQ 20070226 rPSA-2007-0040-1 firefox BUGTRAQ 20070303 rPSA-2007-0040-3 firefox thunderbird BID 22694 SECTRACK 1017698 UBUNTU USN-428-1 UBUNTU USN-431-1 VUPEN ADV-2007-0718 VUPEN ADV-2007-0719 VUPEN ADV-2008-0083 XF mozilla-multiple-layout-code-execution(32704) CONFIRM https://issues.rpath.com/browse/RPL-1081 CONFIRM https://issues.rpath.com/browse/RPL-1103 Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service (crash) and potentially execute arbitrary code via certain vectors.

cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:thunderbird:1.5.0.9

CVE-2007-0776

2007-02-26T14:28:00.000-05:00

2018-10-16T12:34:15.387-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov FEDORA FEDORA-2007-281 FEDORA FEDORA-2007-293 FEDORA FEDORA-2007-308 FEDORA FEDORA-2007-309 HP HPSBUX02153 SUSE SUSE-SA:2007:019 GENTOO GLSA-200703-04 GENTOO GLSA-200703-18 SLACKWARE SSA:2007-066-05 SLACKWARE SSA:2007-066-04 SLACKWARE SSA:2007-066-03 GENTOO GLSA-200703-08 CERT-VN VU#551436 MANDRIVA MDKSA-2007:052 CONFIRM http://www.mozilla.org/security/announce/2007/mfsa2007-01.html SUSE SUSE-SA:2007:022 BUGTRAQ 20070226 rPSA-2007-0040-1 firefox BUGTRAQ 20070303 rPSA-2007-0040-3 firefox thunderbird BID 22694 SECTRACK 1017698 UBUNTU USN-428-1 UBUNTU USN-431-1 VUPEN ADV-2007-0718 VUPEN ADV-2007-0719 VUPEN ADV-2008-0083 MISC https://bugzilla.mozilla.org/show_bug.cgi?id=360645 XF firefox-strokewidth-bo(32698) CONFIRM https://issues.rpath.com/browse/RPL-1081 Heap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file.

CVE-2007-0777

2007-02-26T14:28:00.000-05:00

2019-10-09T18:52:10.710-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SGI 20070202-01-P SGI 20070301-01-P FEDORA FEDORA-2007-281 FEDORA FEDORA-2007-293 FEDORA FEDORA-2007-308 FEDORA FEDORA-2007-309 HP HPSBUX02153 SUSE SUSE-SA:2007:019 REDHAT RHSA-2007:0077 GENTOO GLSA-200703-04 GENTOO GLSA-200703-18 SLACKWARE SSA:2007-066-05 SLACKWARE SSA:2007-066-04 SLACKWARE SSA:2007-066-03 GENTOO GLSA-200703-08 CERT-VN VU#269484 MANDRIVA MDKSA-2007:050 MANDRIVA MDKSA-2007:052 CONFIRM http://www.mozilla.org/security/announce/2007/mfsa2007-01.html SUSE SUSE-SA:2007:022 REDHAT RHSA-2007:0078 REDHAT RHSA-2007:0079 REDHAT RHSA-2007:0097 REDHAT RHSA-2007:0108 BUGTRAQ 20070226 rPSA-2007-0040-1 firefox BUGTRAQ 20070303 rPSA-2007-0040-3 firefox thunderbird BID 22694 SECTRACK 1017698 UBUNTU USN-428-1 UBUNTU USN-431-1 VUPEN ADV-2007-0718 VUPEN ADV-2007-0719 VUPEN ADV-2008-0083 XF mozilla-multiple-javascript-code-execution(32699) CONFIRM https://issues.rpath.com/browse/RPL-1081 CONFIRM https://issues.rpath.com/browse/RPL-1103 The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption.

CVE-2007-0778

2007-02-26T15:28:00.000-05:00

2019-10-09T18:52:10.927-04:00

5.4

NETWORK

HIGH

NONE

COMPLETE

NONE

http://nvd.nist.gov SGI 20070202-01-P SGI 20070301-01-P FEDORA FEDORA-2007-281 FEDORA FEDORA-2007-293 HP HPSBUX02153 SUSE SUSE-SA:2007:019 REDHAT RHSA-2007:0077 GENTOO GLSA-200703-04 SECTRACK 1017699 SLACKWARE SSA:2007-066-05 SLACKWARE SSA:2007-066-03 DEBIAN DSA-1336 GENTOO GLSA-200703-08 MANDRIVA MDKSA-2007:050 CONFIRM http://www.mozilla.org/security/announce/2007/mfsa2007-03.html SUSE SUSE-SA:2007:022 REDHAT RHSA-2007:0078 REDHAT RHSA-2007:0079 REDHAT RHSA-2007:0097 REDHAT RHSA-2007:0108 BUGTRAQ 20070226 rPSA-2007-0040-1 firefox BUGTRAQ 20070303 rPSA-2007-0040-3 firefox thunderbird BID 22694 UBUNTU USN-428-1 VUPEN ADV-2007-0718 VUPEN ADV-2008-0083 MISC https://bugzilla.mozilla.org/show_bug.cgi?id=347852 XF mozilla-diskcache-information-disclosure(32671) CONFIRM https://issues.rpath.com/browse/RPL-1081 CONFIRM https://issues.rpath.com/browse/RPL-1103 The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain sensitive information or enable further attack vectors when the target page is reloaded from the cache.

cpe:/a:mozilla:firefox:0.8 cpe:/a:mozilla:firefox:0.9.1 cpe:/a:mozilla:firefox:0.9.2 cpe:/a:mozilla:firefox:0.9.3 cpe:/a:mozilla:firefox:0.9_rc cpe:/a:mozilla:firefox:0.10 cpe:/a:mozilla:firefox:0.10.1 cpe:/a:mozilla:firefox:1.0 cpe:/a:mozilla:firefox:1.0.1 cpe:/a:mozilla:firefox:1.0.2 cpe:/a:mozilla:firefox:1.0.3 cpe:/a:mozilla:firefox:1.0.4 cpe:/a:mozilla:firefox:1.0.5 cpe:/a:mozilla:firefox:1.0.6 cpe:/a:mozilla:firefox:1.0.7 cpe:/a:mozilla:firefox:1.0.8 cpe:/a:mozilla:firefox:1.5 cpe:/a:mozilla:firefox:1.5:beta1 cpe:/a:mozilla:firefox:1.5:beta2 cpe:/a:mozilla:firefox:1.5.0.1 cpe:/a:mozilla:firefox:1.5.0.2 cpe:/a:mozilla:firefox:1.5.0.3 cpe:/a:mozilla:firefox:1.5.0.4 cpe:/a:mozilla:firefox:1.5.0.5 cpe:/a:mozilla:firefox:1.5.0.6 cpe:/a:mozilla:firefox:1.5.0.7 cpe:/a:mozilla:firefox:1.5.0.8 cpe:/a:mozilla:firefox:1.5.0.9 cpe:/a:mozilla:firefox:1.5.6 cpe:/a:mozilla:firefox:1.5.8 cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:firefox:2.0:beta_1 cpe:/a:mozilla:firefox:2.0:rc2 cpe:/a:mozilla:firefox:2.0:rc3 cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:seamonkey:1.0::alpha cpe:/a:mozilla:seamonkey:1.0::dev cpe:/a:mozilla:seamonkey:1.0:beta cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:seamonkey:1.0.99

CVE-2007-0779

2007-02-26T15:28:00.000-05:00

2018-10-16T12:34:30.840-04:00

6.4

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SGI 20070202-01-P SGI 20070301-01-P FEDORA FEDORA-2007-281 FEDORA FEDORA-2007-293 HP HPSBUX02153 SUSE SUSE-SA:2007:019 REDHAT RHSA-2007:0077 GENTOO GLSA-200703-04 SLACKWARE SSA:2007-066-05 SLACKWARE SSA:2007-066-03 GENTOO GLSA-200703-08 MANDRIVA MDKSA-2007:050 CONFIRM http://www.mozilla.org/security/announce/2007/mfsa2007-04.html SUSE SUSE-SA:2007:022 REDHAT RHSA-2007:0078 REDHAT RHSA-2007:0079 REDHAT RHSA-2007:0097 REDHAT RHSA-2007:0108 BUGTRAQ 20070226 rPSA-2007-0040-1 firefox BUGTRAQ 20070303 rPSA-2007-0040-3 firefox thunderbird BID 22694 SECTRACK 1017700 UBUNTU USN-428-1 VUPEN ADV-2007-0718 VUPEN ADV-2008-0083 MISC https://bugzilla.mozilla.org/show_bug.cgi?id=361298 CONFIRM https://issues.rpath.com/browse/RPL-1081 CONFIRM https://issues.rpath.com/browse/RPL-1103 GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 allows remote attackers to spoof certain user interface elements, such as the host name or security indicators, via the CSS3 hotspot property with a large, transparent, custom cursor.

CVE-2007-0780

2007-02-26T15:28:00.000-05:00

2019-10-09T18:52:11.163-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SGI 20070202-01-P SGI 20070301-01-P FEDORA FEDORA-2007-281 FEDORA FEDORA-2007-293 HP HPSBUX02153 SUSE SUSE-SA:2007:019 REDHAT RHSA-2007:0077 GENTOO GLSA-200703-04 SLACKWARE SSA:2007-066-05 SLACKWARE SSA:2007-066-03 GENTOO GLSA-200703-08 MANDRIVA MDKSA-2007:050 CONFIRM http://www.mozilla.org/security/announce/2007/mfsa2007-05.html SUSE SUSE-SA:2007:022 REDHAT RHSA-2007:0078 REDHAT RHSA-2007:0079 REDHAT RHSA-2007:0097 REDHAT RHSA-2007:0108 BUGTRAQ 20070226 rPSA-2007-0040-1 firefox BUGTRAQ 20070303 rPSA-2007-0040-3 firefox thunderbird BID 22694 SECTRACK 1017702 UBUNTU USN-428-1 VUPEN ADV-2007-0718 MISC https://bugzilla.mozilla.org/show_bug.cgi?id=354973 XF mozilla-dataurl-xss(32667) CONFIRM https://issues.rpath.com/browse/RPL-1081 CONFIRM https://issues.rpath.com/browse/RPL-1103 browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.

cpe:/a:rbl:tpassword

CVE-2007-0784

2007-02-06T12:28:00.000-05:00

2018-10-16T12:34:40.637-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://forums.avenir-geopolitique.net/viewtopic.php?t=2607 SREASON 2225 VIM 20070131 Partial source code verify - "RBL - ASP" scripts SQL injection BUGTRAQ 20070127 RBL - ASP (scripts with db) SQL injection BUGTRAQ 20070129 RBL - ASP (scripts with db) SQL injection SQL injection vulnerability in login.asp for tPassword in the Raymond BERTHOU script collection (aka RBL - ASP) allows remote attackers to execute arbitrary SQL commands via the (1) User and (2) Password parameters.

cpe:/a:flipsource:flip:2.01-final_1.0

CVE-2007-0785

2007-02-06T14:28:00.000-05:00

2017-10-18T21:30:04.847-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22385 VUPEN ADV-2007-0476 XF flip-previewtheme-file-include(32174) EXPLOIT-DB 3266 PHP remote file inclusion vulnerability in previewtheme.php in Flipsource Flip 2.01-final 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter.

cpe:/a:noname_media:photo_galerie_standard:1.1 cpe:/a:noname_media:photo_galerie_standard:1.1.1

CVE-2007-0786

2007-02-06T14:28:00.000-05:00

2017-10-18T21:30:04.910-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov BID 22384 VUPEN ADV-2007-0475 XF photogalerie-view-sql-injection(32171) EXPLOIT-DB 3261 SQL injection vulnerability in view.php in Noname Media Photo Galerie Standard 1.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

cpe:/a:simple_invoices:simple_invoices:2007-02-02

CVE-2007-0787

2007-02-06T14:28:00.000-05:00

2017-07-28T21:30:24.860-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22389 CONFIRM http://www.simpleinvoices.org/index.php?news=25 VUPEN ADV-2007-0481 XF simpleinvoices-controller-file-include(32207) PHP remote file inclusion vulnerability in controller.php in Simple Invoices before 20070202 allows remote attackers to execute arbitrary PHP code via a URL in the (1) module or (2) view parameter. NOTE: some of these details are obtained from third party information.

cpe:/a:mediawiki:mediawiki:1.9.0:rc2 cpe:/a:mediawiki:mediawiki:1.9.1

CVE-2007-0788

2007-02-06T14:28:00.000-05:00

2017-07-28T21:30:24.907-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov MLIST [MediaWiki-announce] 20070204 MediaWiki 1.9.2 released CONFIRM http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_2/phase3/RELEASE-NOTES BID 22397 VUPEN ADV-2007-0490 XF mediawiki-sortabletable-xss(32217) Cross-site scripting (XSS) vulnerability in MediaWiki 1.9.x before 1.9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "sortable tables JavaScript."

cpe:/a:mambo:mambo:4.5.4

CVE-2007-0789

2007-02-06T14:28:00.000-05:00

2011-08-05T00:00:00.000-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-02-06T17:36:00.000-05:00

VUPEN ADV-2007-0480 SQL injection vulnerability in Mambo before 4.5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors in cancel edit functions, possibly related to the id parameter.

cpe:/a:smartftp:smartftp:2.0.1002

CVE-2007-0790

2007-02-06T14:28:00.000-05:00

2017-10-10T21:31:39.610-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov BID 22390 XF smartftp-banner-bo(32214) EXPLOIT-DB 3277 Heap-based buffer overflow in SmartFTP 2.0.1002 allows remote FTP servers to execute arbitrary code via a large banner.

cpe:/a:mozilla:bugzilla:2.20.1 cpe:/a:mozilla:bugzilla:2.20.2 cpe:/a:mozilla:bugzilla:2.20.3 cpe:/a:mozilla:bugzilla:2.21 cpe:/a:mozilla:bugzilla:2.21.1 cpe:/a:mozilla:bugzilla:2.21.2 cpe:/a:mozilla:bugzilla:2.22 cpe:/a:mozilla:bugzilla:2.22:rc1 cpe:/a:mozilla:bugzilla:2.22.1 cpe:/a:mozilla:bugzilla:2.23.2 cpe:/a:mozilla:bugzilla:2.23.3

CVE-2007-0791

2007-02-06T14:28:00.000-05:00

2018-10-16T12:34:40.997-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2222 SECTRACK 1017585 CONFIRM http://www.bugzilla.org/security/2.20.3/ BUGTRAQ 20070203 Security Advisory for Bugzilla 2.20.3, 2.22.1, and 2.23.3 BID 22380 VUPEN ADV-2007-0477 XF bugzilla-atom-feed-xss(32248) Cross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla 2.20.3, 2.22.1, and 2.23.3, and earlier versions down to 2.20.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

cpe:/a:mozilla:bugzilla:2.23.3

CVE-2007-0792

2007-02-06T14:28:00.000-05:00

2018-10-16T12:34:41.637-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2222 SECTRACK 1017585 CONFIRM http://www.bugzilla.org/security/2.20.3/ BUGTRAQ 20070203 Security Advisory for Bugzilla 2.20.3, 2.22.1, and 2.23.3 BID 22380 VUPEN ADV-2007-0477 XF bugzilla-htaccess-information-disclosure(32252) The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.

cpe:/a:globalmegacorp:dvddb:0.6

CVE-2007-0793

2007-02-06T14:28:00.000-05:00

2018-10-16T12:34:42.200-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov SREASON 2221 BUGTRAQ 20070204 dvddb-0.6 media remote file include vuln. PHP remote file inclusion vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the config parameter.

cpe:/a:globalmegacorp:dvddb:0.6

CVE-2007-0794

2007-02-06T14:28:00.000-05:00

2018-10-16T12:34:42.420-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070204 dvddb-0.6 media sql-inj. vuln. BUGTRAQ 20070205 Re: dvddb-0.6 media sql-inj. vuln. BUGTRAQ 20071002 Re: dvddb-0.6 media sql-inj. vuln. ** DISPUTED ** SQL injection vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: this issue has been disputed by a reliable third party, who states that inc/common.php only contains function definitions.

cpe:/a:wap:wap_portal_server:1.x

CVE-2007-0795

2007-02-06T14:28:00.000-05:00

2018-10-16T12:34:42.763-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov SREASON 2216 BUGTRAQ 20070203 Wap Portal Serve 1.* <= Remote File Inclusion XF wapportal-index-file-include(32196) Multiple PHP remote file inclusion vulnerabilities in Wap Portal Server 1.x allow remote attackers to execute arbitrary PHP code via a URL in the language parameter to (1) index.php and (2) admin/index.php.

cpe:/a:bluecoat:winproxy:6.0:r1c cpe:/a:bluecoat:winproxy:6.1:r1a

CVE-2007-0796

2007-02-06T14:28:00.000-05:00

2017-07-28T21:30:25.173-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov IDEFENSE 20070202 Blue Coat Systems WinProxy CONNECT Method Heap Overflow Vulnerability SECTRACK 1017586 BID 22393 VUPEN ADV-2007-0482 XF winproxy-connect-bo(32204) Blue Coat Systems WinProxy 6.1a and 6.0 r1c, and possibly earlier, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP CONNECT request, which triggers heap corruption.

cpe:/a:bluevirus-design:sma-db:0.3.9

CVE-2007-0797

2007-02-06T14:28:00.000-05:00

2017-10-18T21:30:04.957-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22391 VUPEN ADV-2007-0494 XF smadb-settings-file-include(32190) EXPLOIT-DB 3268 PHP remote file inclusion vulnerability in theme/settings.php in bluevirus-design SMA-DB 0.3.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pfad_z parameter.

cpe:/a:uapplication:ublog_reload:1.0.5

CVE-2007-0798

2007-02-06T14:28:00.000-05:00

2018-10-16T12:34:43.233-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov MISC http://www.hackerscenter.com/archive/view.asp?id=27270 BUGTRAQ 20070203 Ublog Reload Admin Panel Multiple HTML Injections BID 22382 XF ublog-login-xss(32185) Multiple cross-site scripting (XSS) vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login.asp; and allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters to (2) badword.asp, (3) polls.asp, and (4) users.asp.

cpe:/a:uapplication:ublog:reload_1.0.5

CVE-2007-0799

2007-02-06T14:28:00.000-05:00

2018-10-16T12:34:43.793-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://www.hackerscenter.com/archive/view.asp?id=27270 BUGTRAQ 20070203 Ublog Reload Admin Panel Multiple HTML Injections BID 22382 XF ublog-badword-sql-injection(32187) SQL injection vulnerability in badword.asp in Ublog Reload 1.0.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

cpe:/a:mozilla:firefox:1.5.0.9

CVE-2007-0800

2007-02-07T06:28:00.000-05:00

2018-10-16T12:34:44.217-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov SGI 20070202-01-P SGI 20070301-01-P FEDORA FEDORA-2007-281 FEDORA FEDORA-2007-293 HP HPSBUX02153 FULLDISC 20070205 Firefox + popup blocker + XMLHttpRequest + srand() = oops FULLDISC 20070205 Re: Firefox + popup blocker + XMLHttpRequest + srand() = oops SUSE SUSE-SA:2007:019 REDHAT RHSA-2007:0077 GENTOO GLSA-200703-04 SLACKWARE SSA:2007-066-05 GENTOO GLSA-200703-08 MANDRIVA MDKSA-2007:050 CONFIRM http://www.mozilla.org/security/announce/2007/mfsa2007-05.html SUSE SUSE-SA:2007:022 REDHAT RHSA-2007:0078 REDHAT RHSA-2007:0079 REDHAT RHSA-2007:0097 REDHAT RHSA-2007:0108 BUGTRAQ 20070205 Firefox + popup blocker + XMLHttpRequest + srand() = oops BUGTRAQ 20070205 Re: [Full-disclosure] Firefox + popup blocker + XMLHttpRequest + srand() = oops BUGTRAQ 20070226 rPSA-2007-0040-1 firefox BUGTRAQ 20070303 rPSA-2007-0040-3 firefox thunderbird BID 22396 BID 22694 SECTRACK 1017702 UBUNTU USN-428-1 VUPEN ADV-2007-0718 VUPEN ADV-2008-0083 XF firefox-popup-security-bypass(32194) CONFIRM https://issues.rpath.com/browse/RPL-1081 CONFIRM https://issues.rpath.com/browse/RPL-1103 Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup.

cpe:/a:mozilla:firefox:1.5.0.9

CVE-2007-0801

2007-02-07T06:28:00.000-05:00

2018-10-16T12:34:49.170-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov GENTOO GLSA-200703-04 GENTOO GLSA-200703-08 BUGTRAQ 20070205 Firefox + popup blocker + XMLHttpRequest + srand() = oops BUGTRAQ 20070205 Re: [Full-disclosure] Firefox + popup blocker + XMLHttpRequest + srand() = oops BID 22396 The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 creates temporary files with predictable filenames based on creation time, which allows remote attackers to execute arbitrary web script or HTML via a crafted XMLHttpRequest.

cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:opera_software:opera:9.10

CVE-2007-0802

2007-02-07T06:28:00.000-05:00

2018-10-16T12:34:49.810-04:00

6.4

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov FULLDISC 20070418 Firefox 2.0.0.3 Phishing Protection Bypass Vulnerability MISC http://kaneda.bohater.net/security/20070111-firefox_2.0.0.1_bypass_phishing_protection.php BUGTRAQ 20070206 Firefox 2.0.0.1 and Opera 9.10 Anty Fraud/Phishing Protection bypass. MISC https://bugzilla.mozilla.org/show_bug.cgi?id=367538 Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter.

cpe:/a:stlport:stlport:5.0.0 cpe:/a:stlport:stlport:5.0.1 cpe:/a:stlport:stlport:5.0.2

CVE-2007-0803

2007-02-07T06:28:00.000-05:00

2017-07-28T21:30:25.500-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov GENTOO GLSA-200703-07 CONFIRM http://sourceforge.net/project/shownotes.php?release_id=483468 BID 22423 VUPEN ADV-2007-0498 XF stlport-printed-floats-bo(32242) XF stlport-rope-constructors-bo(32244) Multiple buffer overflows in STLport before 5.0.3 allow remote attackers to execute arbitrary code via unspecified vectors relating to (1) "print floats" and (2) a missing null termination in the "rope constructor."

cpe:/a:ggcms:ggcms:1.1.0_rc1

CVE-2007-0804

2007-02-07T06:28:00.000-05:00

2017-10-18T21:30:05.020-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22412 VUPEN ADV-2007-0492 XF ggcms-subpages-code-execution(32211) EXPLOIT-DB 3271 Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 RC1 and earlier allows remote attackers to inject arbitrary PHP code into arbitrary files via ".." sequences in the subpageName parameter, as demonstrated by injecting PHP code into a template file.

cpe:/o:hp:tru64:5.1

CVE-2007-0805

2007-02-07T06:28:00.000-05:00

2018-10-16T12:34:50.107-04:00

2.1

LOCAL

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov HP HPSBTU02179 FULLDISC 20070206 PS Information Leak on HP True64 Alpha OSF1 v5.1 1885 MISC http://rawlab.mindcreations.com/codes/exp/nix/osf1tru64ps.ksh SECTRACK 1017592 BUGTRAQ 20070206 Re: [Full-disclosure] PS Information Leak on HP Tru64 Alpha OSF1v5.1 1885 BUGTRAQ 20070206 PS Information Leak on HP True64 Alpha OSF1 v5.1 1885 BUGTRAQ 20070207 Re: PS Information Leak on HP True64 Alpha OSF1 v5.1 1885 SECTRACK 1018005 VUPEN ADV-2007-1654 XF tru64-ps-information-disclosure(32276) The ps (/usr/ucb/ps) command on HP Tru64 UNIX 5.1 1885 allows local users to obtain sensitive information, including environment variables of arbitrary processes, via the "auxewww" argument, a similar issue to CVE-1999-1587.

cpe:/a:les_news:les_news:2.2

CVE-2007-0806

2007-02-07T06:28:00.000-05:00

2018-10-16T12:34:50.920-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov MISC http://forums.avenir-geopolitique.net/viewtopic.php?t=2622 SREASON 2226 BUGTRAQ 20070204 Les News v2.2 [Admin news without password] Les News 2.2 allows remote attackers to bypass authentication and gain administrative access via a direct request for adminews/index_fr.php3, and possibly the adminews index documents for other localizations.

cpe:/a:darrens_5-dollar_script_archive:flashchat:4.7.8

CVE-2007-0807

2007-02-07T06:28:00.000-05:00

2018-10-16T12:34:51.107-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov SREASON 2228 BUGTRAQ 20070205 flashChat 4.7.8 Cross Site Scripting Vulnerability BID 22411 VUPEN ADV-2007-0495 XF flashchat-info-xss(32208) Cross-site scripting (XSS) vulnerability in info.php in flashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via a channel title (aka room name) that is not properly handled by the "who's online" feature.

cpe:/a:mina_ajans:mina_ajans_script

CVE-2007-0808

2007-02-07T06:28:00.000-05:00

2018-10-16T12:34:51.420-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070205 Mina Ajans Script Remote File Inclusion Vuln. XF mina-multiple-file-include(32243) PHP remote file inclusion vulnerability in Mina Ajans Script allows remote attackers to execute arbitrary PHP code via a URL in the syf parameter to an unspecified PHP script.

cpe:/a:ptirhiikmods:mod-ch:2.1.2

CVE-2007-0809

2007-02-07T06:28:00.000-05:00

2017-10-18T21:30:05.083-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VIM 20070207 true: Categories hierarchy class_template.php RFI BID 22400 VUPEN ADV-2007-0493 XF ch-classtemplate-file-include(32193) EXPLOIT-DB 3270 PHP remote file inclusion vulnerability in includes/class_template.php in Categories hierarchy (aka CH or mod-CH) 2.1.2 in ptirhiikmods allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

cpe:/a:geeklog:geeklog:2

CVE-2007-0810

2007-02-07T06:28:00.000-05:00

2017-10-18T21:30:05.127-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22386 XF geeklog-baseview-file-include(32205) EXPLOIT-DB 3267 PHP remote file inclusion vulnerability in MVCnPHP/BaseView.php in GeekLog 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_libraries] parameter. NOTE: this might be a vulnerability in MVCnPHP rather than a vulnerability in GeekLog.

cpe:/a:microsoft:ie:6::windows_2000 cpe:/a:microsoft:ie:6.0:sp2:windows_xp

CVE-2007-0811

2007-02-07T06:28:00.000-05:00

2017-10-18T21:30:05.190-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov MISC http://www.powerhacker.net/exploit/IE_NULL_CRASH.html BID 22408 EXPLOIT-DB 3272 Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById.

cpe:/a:woltlab:burning_board_lite:1.0.0 cpe:/a:woltlab:burning_board_lite:1.0.1e cpe:/a:woltlab:burning_board_lite:1.0.2 cpe:/a:woltlab:burning_board_lite:1.0.2_pl3e

CVE-2007-0812

2007-02-07T06:28:00.000-05:00

2017-10-18T21:30:05.253-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22415 VUPEN ADV-2007-0491 XF wbblite-pms-sql-injection(32172) EXPLOIT-DB 3262 SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) Lite 1.0.2pl3e and earlier allows remote authenticated users to execute arbitrary SQL commands via the pmid[0] parameter.

cpe:/a:home_production:mysearchengine

CVE-2007-0813

2007-02-07T06:28:00.000-05:00

2018-10-16T12:34:51.607-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov MISC http://forums.avenir-geopolitique.net/viewtopic.php?t=2621 BUGTRAQ 20070204 MysearchEngine XSS BID 22402 XF mysearchengine-search-xss(32201) Cross-site scripting (XSS) vulnerability in Home production MySearchEngine allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

cpe:/a:adrenalin_labs:adrenalins_asp_chat

CVE-2007-0814

2007-02-07T06:28:00.000-05:00

2018-10-16T12:34:51.873-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov MISC http://forums.avenir-geopolitique.net/viewtopic.php?t=2620 SREASON 2233 BUGTRAQ 20070203 Adrenalin's ASP Chat XSS BID 22392 XF adrenalin-unspecified-script-xss(32203) Multiple cross-site scripting (XSS) vulnerabilities in Adrenalin's ASP Chat allow remote attackers to inject arbitrary web script or HTML (1) via the psuedo (pseudo) field or (2) during chat.

cpe:/a:uapplication:uphotogallery:1.1

CVE-2007-0815

2007-02-07T06:28:00.000-05:00

2018-10-16T12:34:52.170-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2227 BUGTRAQ 20070204 Uphotogallery Multiple Cross-Site Scripting Vulnerability BID 22404 XF uphotogallery-imagesarchive-xss(32229) Cross-site scripting (XSS) vulnerability in images_archive.asp in Uapplication Uphotogallery 1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the s parameter. NOTE: the thumbnails.asp vector is already covered by CVE-2006-3023.

cpe:/a:ca:brightstor_arcserve_backup:11 cpe:/a:ca:brightstor_arcserve_backup:11.1 cpe:/a:ca:brightstor_arcserve_backup:11.5 cpe:/a:ca:brightstor_arcserve_backup:11.5:sp1 cpe:/a:ca:brightstor_arcserve_backup:11.5:sp2

CVE-2007-0816

2007-02-07T06:28:00.000-05:00

2017-10-18T21:30:05.317-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://supportconnectw.ca.com/public/storage/infodocs/babtapeng-securitynotice.asp BID 22365 VUPEN ADV-2007-0461 CONFIRM http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=101317 CONFIRM http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=35058 XF brightstor-catirpc-dos(32137) EXPLOIT-DB 3248 The RPC Server service (catirpc.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 SP2 and earlier allows remote attackers to cause a denial of service (service crash) via a crafted TADDR2UADDR that triggers a null pointer dereference in catirpc.dll, possibly related to null credentials or verifier fields.

cpe:/a:adobe:coldfusion:6.1 cpe:/a:adobe:coldfusion:7.0.1 cpe:/a:adobe:coldfusion:7.0.2

CVE-2007-0817

2007-02-07T06:28:00.000-05:00

2018-10-16T12:34:52.467-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://www.adobe.com/support/security/bulletins/apsb07-04.html BUGTRAQ 20070205 Cold Fusion Web Server XSS 0 day BID 22401 SECTRACK 1017645 VUPEN ADV-2007-0593 Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page.

CVE-2007-0818

2007-02-07T06:28:00.000-05:00

2008-09-10T20:50:05.103-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-0396. Reason: This candidate is a duplicate of CVE-2007-0396. Notes: All CVE users should reference CVE-2007-0396 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

cpe:/a:hp:network_node_manager:7.5

CVE-2007-0819

2007-02-08T13:28:00.000-05:00

2017-07-28T21:30:26.140-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

FULLDISC 20070208 SecurityVulns.com: HP Network Node Manager remote console weak files permissions HP HPSBMA02448 SECTRACK 1017609 MISC http://securityvulns.com/news/HP/NNM/RC/WP.html BID 22475 VUPEN ADV-2007-0533 XF openview-nnm-directory-privilege-escalation(32362) HP Network Node Manager (NNM) Remote Console 7.50, 7.51, and 7.53 assigns Everyone Full Control permission for the %PROGRAMFILES%\HP OpenView directory tree, which allows local users to gain privileges via a Trojan horse executable file or ActiveX component, or a modified bin\ovtrcsvc.exe for the HP Open View Shared Trace Service.

cpe:/a:cedric:claire_portailphp:2

CVE-2007-0820

2007-02-07T15:28:00.000-05:00

2017-07-28T21:30:26.203-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov BID 22381 BID 28867 XF portailphp-index-file-include(42123) Multiple PHP remote file inclusion vulnerabilities in Cedric CLAIRE PortailPhp 2 allow remote attackers to execute arbitrary PHP code via a URL in the chemin parameter to (1) mod_news/index.php, (2) mod_news/goodies.php, or (3) mod_search/index.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:cedric:claire_portailphp:2

CVE-2007-0821

2007-02-07T15:28:00.000-05:00

2008-11-15T01:42:03.030-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 22381 Multiple directory traversal vulnerabilities in Cedric CLAIRE PortailPhp 2 allow remote attackers to read arbitrary files via a .. (dot dot) in the chemin parameter to (1) mod_news/index.php or (2) mod_news/goodies.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/o:linux:linux_kernel:2.6.15

CVE-2007-0822

2007-02-07T15:28:00.000-05:00

2010-09-15T01:43:51.543-04:00

1.9

LOCAL

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov FULLDISC 20070201 umount crash and xterm (kind of) information leak! MISC http://gotfault.wordpress.com/2007/01/18/umount-bug/ MANDRIVA MDKSA-2007:053 BID 22850 SECTRACK 1017729 umount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensitive information, including core file contents.

cpe:/o:slackware:slackware_linux:10.2

CVE-2007-0823

2007-02-07T15:28:00.000-05:00

2008-11-15T01:42:03.453-05:00

1.9

LOCAL

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov FULLDISC 20070201 umount crash and xterm (kind of) information leak! MISC http://gotfault.wordpress.com/2007/02/01/a-funny-case/ xterm on Slackware Linux 10.2 stores information that had been displayed for a different user account using the same xterm process, which might allow local users to bypass file permissions and read other users' files, or obtain other sensitive information, by reading the xterm process memory. NOTE: it could be argued that this is an expected consequence of multiple users sharing the same interactive process, in which case this is not a vulnerability.

cpe:/a:lightro:lightro_cms:1_beta

CVE-2007-0824

2007-02-07T17:28:00.000-05:00

2017-10-18T21:30:05.363-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov BID 22430 VUPEN ADV-2007-0511 XF lightro-inhalt-file-include(32270) EXPLOIT-DB 3275 PHP remote file inclusion vulnerability in inhalt.php in LightRO CMS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dateien[news] parameter.

cpe:/a:flashfxp:flashfxp:3.4.0_build_1145

CVE-2007-0825

2007-02-07T17:28:00.000-05:00

2017-10-18T21:30:05.427-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 22433 XF flashfxp-pwdcommand-dos(32416) EXPLOIT-DB 3276 FlashFXP 3.4.0 build 1145 allows remote servers to cause a denial of service (CPU consumption) via a response to a PWD command that contains a long string with deeply nested directory structure, possibly due to a buffer overflow.

cpe:/a:kisisel_site_2007:kisisel_site_forum.asp

CVE-2007-0826

2007-02-07T17:28:00.000-05:00

2017-10-18T21:30:05.473-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov BID 22435 VUPEN ADV-2007-0510 XF kisisel-forum-sql-injection(32422) EXPLOIT-DB 3278 SQL injection vulnerability in forum.asp in Kisisel Site 2007 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.

cpe:/a:alibaba:alipay_activex_control:2.4.2.471

CVE-2007-0827

2007-02-07T17:28:00.000-05:00

2017-10-18T21:30:05.537-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

FULLDISC 20070207 Alibaba Alipay Remote Code Execute Vulnerability-0DAY BID 22446 VUPEN ADV-2007-0520 XF alipay-activex-code-execution(32367) EXPLOIT-DB 3279 The Alibaba Alipay PTA Module ActiveX control (PTA.DLL) allows remote attackers to execute arbitrary code via a JavaScript function that invokes the Remove method with an invalid index argument, which is used as an offset for a function call.

cpe:/a:mysqlnewsengine:mysqlnewsengine

CVE-2007-0828

2007-02-07T17:28:00.000-05:00

2018-10-16T12:34:52.763-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov SREASON 2229 BUGTRAQ 20070206 MySQLNewsEngine (affichearticles.php3) Remote File Inc. Vuln. BID 22431 VUPEN ADV-2007-0513 XF mysqlnewsengine-affichearticle-file-include(32266) PHP remote file inclusion vulnerability in affichearticles.php3 in MySQLNewsEngine allows remote attackers to execute arbitrary PHP code via a URL in the newsenginedir parameter.

cpe:/a:alwil:avast_antivirus:4.6.460::server cpe:/a:alwil:avast_antivirus:4.6.489::server cpe:/a:alwil:avast_antivirus:4.6.566::server cpe:/a:alwil:avast_antivirus:4.7.660::server cpe:/a:alwil:avast_antivirus:4.7.676::server

CVE-2007-0829

2007-02-07T17:28:00.000-05:00

2017-07-28T21:30:26.517-04:00

4.4

LOCAL

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

CONFIRM http://www.avast.com/eng/avast-4-server-revision-history.html BID 22425 VUPEN ADV-2007-0499 XF avast-password-security-bypass(32269) avast! Server Edition before 4.7.726 does not demand a password in a certain intended context, even when a password has been set, which allows local users to bypass authentication requirements.

cpe:/a:jelsoft:vbulletin:3.6.4

CVE-2007-0830

2007-02-07T17:28:00.000-05:00

2018-10-16T12:34:53.060-04:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov BUGTRAQ 20070206 VBulletin AdminCP Index.PHP Multiple Cross-Site Scripting Vulnerability BUGTRAQ 20070207 Re: VBulletin AdminCP Index.PHP Multiple Cross-Site Scripting Vulnerability XF vbulletin-admincp-index-xss(32268) ** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in the Admin Control Panel (AdminCP) in Jelsoft vBulletin 3.6.4 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors related to the (1) User Group Manager, (2) User Rank Manager, (3) User Title Manager, (4) BB Code Manager, (5) Attachment Manager, (6) Calendar Manager, and (7) Forums & Moderators functions. NOTE: the vendor disputes this issue, stating that modifying HTML is an intended privilege of an administrator. NOTE: it is possible that this issue overlaps CVE-2006-6040.

cpe:/a:atsphp:atsphp:5.0.1

CVE-2007-0831

2007-02-07T17:28:00.000-05:00

2018-10-16T12:34:53.343-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070130 Atsphp 5.0.1 [Top Sites] [index.php] - Remote File Include BUGTRAQ 20070130 Re: BOGUS: Atsphp 5.0.1 [Top Sites] [index.php] - Remote File Include ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Atsphp 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the CONF[path] parameter to (1) index.php, (2) sources/usercp.php, or (3) sources/admin.php. NOTE: Another researcher has disputed this vulnerability, noting that CONF[path] is defined before use in index.php, that CONF[path] inclusion cannot occur through a direct request to other affected files, and that usercp.php is a typo of user_cp.php.

cpe:/a:vmware:workstation:5.5.3_build_34685

CVE-2007-0832

2007-02-07T17:28:00.000-05:00

2018-10-16T12:34:53.467-04:00

1.2

LOCAL

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov BUGTRAQ 20070203 Vmare workstation guest isolation weaknesses (clipboard transfer) BID 22413 VMware Workstation 5.5.3 34685 does not immediately change the availability of a shared clipboard when the "Enable copy and paste to and from this virtual machine" checkbox is changed, which allows local users to obtain sensitive information or conduct certain attacks that are facilitated by weaker isolation between the host and guest operating systems.

cpe:/a:vmware:workstation:5.5.3_build_34685

CVE-2007-0833

2007-02-07T17:28:00.000-05:00

2018-10-16T12:34:53.607-04:00

1.2

LOCAL

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov BUGTRAQ 20070203 Vmare workstation guest isolation weaknesses (clipboard transfer) BID 22413 VMware Workstation 5.5.3 34685, when the "Enable copy and paste to and from this virtual machine" option is enabled, preserves clipboard data on the guest operating system after it was deleted on the host operating system, which might allow local users to read clipboard contents by moving the focus back to the host operating system.

cpe:/a:darrens_5-dollar_script_archive:flashchat:4.7.8

CVE-2007-0834

2007-02-07T18:28:00.000-05:00

2017-07-28T21:30:26.627-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

XF flashchat-username-xss(32417) Cross-site scripting (XSS) vulnerability in FlashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via the user name field when the user joins a chat room, a different vulnerability than CVE-2007-0807. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:coppermine:coppermine_photo_gallery:1.4.10

CVE-2007-0835

2007-02-07T19:28:00.000-05:00

2017-07-28T21:30:26.673-04:00

6.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

BID 22406 XF coppermine-admin-command-execution(32236) admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters (";" semicolon) in the "Command line options for ImageMagick" form field, when used as an option to ImageMagick's convert command. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:coppermine:coppermine_photo_gallery:1.4.10

CVE-2007-0836

2007-02-07T19:28:00.000-05:00

2017-07-28T21:30:26.720-04:00

4.0

NETWORK

LOW

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 22409 XF coppermine-admin-file-include(32233) admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) "Path to custom header include" and (2) "Path to custom footer include" form fields. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:agermenu:agermenu:0.03

CVE-2007-0837

2007-02-07T19:28:00.000-05:00

2017-10-18T21:30:05.583-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VIM 20070207 true: agermenu VIM 20070207 false: Agermenu 0.03 BID 22442 VUPEN ADV-2007-0512 XF agermenu-topinc-file-include(32283) EXPLOIT-DB 3280 PHP remote file inclusion vulnerability in examples/inc/top.inc.php in AgerMenu 0.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter.

cpe:/a:freeproxy:freeproxy:3.92

CVE-2007-0838

2007-02-07T19:28:00.000-05:00

2017-07-28T21:30:26.813-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov BUGTRAQ 20070206 Medium level security hole in FreeProxy FULLDISC 20070206 Medium level security hole in FreeProxy CONFIRM http://www.handcraftedsoftware.org/index.php?page=3&mode=article&k=60 BID 22445 VUPEN ADV-2007-0514 XF freeproxy-hostname-portnumber-dos(32303) FreeProxy before 3.92 Build 1626 allows malicious users to cause a denial of service (infinite loop) via a HOST: header with a hostname and port number that refers to the server itself.

cpe:/a:valarsoft:webmatic:2.6

CVE-2007-0839

2007-02-07T19:28:00.000-05:00

2017-10-18T21:30:05.627-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VIM 20070207 true: WebMatic 2.6 RFI BID 22444 VUPEN ADV-2007-0534 XF webmatic-indexalbum-file-include(32318) EXPLOIT-DB 3281 Multiple PHP remote file inclusion vulnerabilities in index/index_album.php in Valarsoft WebMatic 2.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) P_LIB and (2) P_INDEX parameters.

cpe:/a:hlstats:hlstats:1.34

CVE-2007-0840

2007-02-07T21:28:00.000-05:00

2008-11-15T01:42:06.907-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

CONFIRM http://sourceforge.net/project/shownotes.php?release_id=484226 BID 22422 Cross-site scripting (XSS) vulnerability in HLstats before 1.35 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the search class. NOTE: it is possible that this issue overlaps CVE-2006-4543.3 or CVE-2006-4454.

cpe:/a:vbdrupal:vbdrupal:4.7.5.0

CVE-2007-0841

2007-02-07T21:28:00.000-05:00

2011-03-07T21:50:49.487-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://www.vbdrupal.org/forum/showthread.php?t=786 VUPEN ADV-2007-0415 Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have unknown impact and remote attack vectors. NOTE: the vector related to Drupal is covered by CVE-2007-0626. These vulnerabilities might be associated with other CVE identifiers.

cpe:/a:microsoft:visual_c%2b%2b:8.0 cpe:/a:microsoft:visual_studio:2005

CVE-2007-0842

2007-02-13T06:28:00.000-05:00

2018-10-16T12:34:53.747-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov MISC http://msdn2.microsoft.com/en-us/library/a442x3ye(VS.80).aspx SREASON 2237 BUGTRAQ 20070212 SecurityVulns.com: Microsoft Visual C++ 8.0 standard library time functions invalid assertion DoS (Problem 3000). XF visualstudio-time-dos(32454) The 64-bit versions of Microsoft Visual C++ 8.0 standard library (MSVCR80.DLL) time functions, including (1) localtime, (2) localtime_s, (3) gmtime, (4) gmtime_s, (5) ctime, (6) ctime_s, (7) wctime, (8) wctime_s, and (9) fstat, trigger an assertion error instead of a NULL pointer or EINVAL when processing a time argument later than Jan 1, 3000, which might allow context-dependent attackers to cause a denial of service (application exit) via large time values. NOTE: it could be argued that this is a design limitation of the functions, and the vulnerability lies with any application that does not validate arguments to these functions. However, this behavior is inconsistent with documentation, which does not list assertions as a possible result of an error condition.

cpe:/o:microsoft:windows_2000 cpe:/o:microsoft:windows_2003_server cpe:/o:microsoft:windows_vista::beta1 cpe:/o:microsoft:windows_xp:::home cpe:/o:microsoft:windows_xp::gold cpe:/o:microsoft:windows_xp::sp1:64-bit_2003 cpe:/o:microsoft:windows_xp::sp1:embedded cpe:/o:microsoft:windows_xp::sp1:home cpe:/o:microsoft:windows_xp::sp1:media_center cpe:/o:microsoft:windows_xp::sp1:professional cpe:/o:microsoft:windows_xp::sp1:tablet_pc cpe:/o:microsoft:windows_xp::sp2:home cpe:/o:microsoft:windows_xp::sp2:media_center cpe:/o:microsoft:windows_xp::sp2:professional cpe:/o:microsoft:windows_xp::sp2:tablet_pc

CVE-2007-0843

2007-02-22T21:28:00.000-05:00

2018-10-16T12:34:54.093-04:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

FULLDISC 20070222 Microsoft Windows 2000/XP/2003/Vista ReadDirectoryChangesW informaton leak SREASON 2282 MISC http://securityvulns.com/advisories/readdirectorychanges.asp BUGTRAQ 20070222 Re[2]: [Full-disclosure] Microsoft Windows 2000/XP/2003/Vista ReadDirectoryChangesW informaton leak BUGTRAQ 20070222 Microsoft Windows 2000/XP/2003/Vista ReadDirectoryChangesW informaton leak BID 22664 VUPEN ADV-2007-0701 XF win-readdirectory-information-disclosure(32644) The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.

cpe:/a:pam_ssh:pam_ssh:1.91

CVE-2007-0844

2007-02-08T12:28:00.000-05:00

2011-03-07T21:50:49.923-05:00

6.4

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://sourceforge.net/project/shownotes.php?release_id=484376 BID 22461 VUPEN ADV-2007-0524 The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when the allow_blank_passphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase.

cpe:/a:advanced_poll:advanced_poll:2.0.2 cpe:/a:advanced_poll:advanced_poll:2.0.3 cpe:/a:advanced_poll:advanced_poll:2.0.4 cpe:/a:advanced_poll:advanced_poll:2.0.5::dev

CVE-2007-0845

2007-02-08T13:28:00.000-05:00

2017-10-18T21:30:05.677-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22451 XF advancedpoll-uid-authentication-bypass(32337) EXPLOIT-DB 3282 admin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote attackers to bypass authentication and gain administrator privileges by obtaining a valid session identifier and setting the uid parameter to 1.

cpe:/a:open_tibia_server_cms:open_tibia_server_cms:2.0 cpe:/a:open_tibia_server_cms:open_tibia_server_cms:2.1.3 cpe:/a:open_tibia_server_cms:open_tibia_server_cms:2.1.4 cpe:/a:open_tibia_server_cms:open_tibia_server_cms:2.1.5

CVE-2007-0846

2007-02-08T13:28:00.000-05:00

2017-10-18T21:30:05.723-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22450 XF otscms-forum-xss(32324) EXPLOIT-DB 3283 Cross-site scripting (XSS) vulnerability in forum.php in Open Tibia Server CMS (OTSCMS) 2.1.5 and earlier allows remote attackers to inject arbitrary HTML or web script via the name parameter.

CVE-2007-0847

2007-02-08T13:28:00.000-05:00

2017-10-18T21:30:05.787-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22450 XF otscms-priv-sql-injection(32322) EXPLOIT-DB 3283 SQL injection vulnerability in mod/PM/reply.php in Open Tibia Server CMS (OTSCMS) 2.1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to priv.php.

cpe:/a:maian_recipe:maian_recipe:1.0

CVE-2007-0848

2007-02-08T13:28:00.000-05:00

2017-10-18T21:30:05.833-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VIM 20070207 true: Agermenu 0.03 VUPEN ADV-2007-0537 XF maianrecipe-classmail-file-include(32346) EXPLOIT-DB 3284 PHP remote file inclusion vulnerability in classes/class_mail.inc.php in Maian Recipe 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter.

cpe:/a:syscp_team:syscp:1.2.15

CVE-2007-0849

2007-02-08T13:28:00.000-05:00

2018-10-16T12:34:54.717-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

BUGTRAQ 20070207 Ability to inject and execute any code as root in SysCP BID 22453 CONFIRM http://www.syscp.org/wiki/Security/SyscpOrgAbilityToInjectAndExecuteAnyCodeAsRootInSysCP scripts/cronscript.php in SysCP 1.2.15 and earlier does not properly quote pathnames in user home directories, which allows local users to gain privileges by placing shell metacharacters in a directory name, and then using the control panel to protect this directory, a different vulnerability than CVE-2005-2568.

cpe:/a:syscp_team:syscp:1.2.10 cpe:/a:syscp_team:syscp:1.2.15

CVE-2007-0850

2007-02-08T13:28:00.000-05:00

2018-10-16T12:34:54.937-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070207 Ability to inject and execute any code as root in SysCP BID 22454 CONFIRM http://www.syscp.org/wiki/Security/SyscpOrgAbilityToInjectAndExecuteAnyCodeAsRootInSysCP XF syscp-cronscript-code-execution(32330) scripts/cronscript.php in SysCP 1.2.15 and earlier includes and executes arbitrary PHP scripts that are referenced by the panel_cronscript table in the SysCP database, which allows attackers with database write privileges to execute arbitrary code by constructing a PHP file and adding its filename to this table.

cpe:/a:trend_micro:client-server-messaging_suite_smb:gold::windows cpe:/a:trend_micro:client-server_suite_smb:gold::windows cpe:/a:trend_micro:control_manager:2.5.0 cpe:/a:trend_micro:control_manager:3.5 cpe:/a:trend_micro:control_manager:gold::as_400 cpe:/a:trend_micro:control_manager:gold::s_390 cpe:/a:trend_micro:control_manager:gold::solaris cpe:/a:trend_micro:control_manager:gold::windows cpe:/a:trend_micro:control_manager:gold::windows_nt cpe:/a:trend_micro:control_manager:netware cpe:/a:trend_micro:interscan_emanager:3.5::hp cpe:/a:trend_micro:interscan_emanager:3.5.2::windows cpe:/a:trend_micro:interscan_emanager:3.6::linux cpe:/a:trend_micro:interscan_emanager:3.6::sun cpe:/a:trend_micro:interscan_emanager:3.51 cpe:/a:trend_micro:interscan_emanager:3.51_j cpe:/a:trend_micro:interscan_messaging_security_suite:::linux_5.1.1 cpe:/a:trend_micro:interscan_messaging_security_suite:3.81 cpe:/a:trend_micro:interscan_messaging_security_suite:5.5 cpe:/a:trend_micro:interscan_messaging_security_suite:5.5_build_1183 cpe:/a:trend_micro:interscan_messaging_security_suite:gold::linux cpe:/a:trend_micro:interscan_messaging_security_suite:gold::solaris cpe:/a:trend_micro:interscan_messaging_security_suite:gold::windows cpe:/a:trend_micro:interscan_viruswall:3.0.1::linux cpe:/a:trend_micro:interscan_viruswall:3.0.1::unix cpe:/a:trend_micro:interscan_viruswall:3.1.0::linux cpe:/a:trend_micro:interscan_viruswall:3.2.3 cpe:/a:trend_micro:interscan_viruswall:3.3 cpe:/a:trend_micro:interscan_viruswall:3.6 cpe:/a:trend_micro:interscan_viruswall:3.6::hp_ux cpe:/a:trend_micro:interscan_viruswall:3.6::solaris cpe:/a:trend_micro:interscan_viruswall:3.6::windows_nt cpe:/a:trend_micro:interscan_viruswall:3.6.0_build1166 cpe:/a:trend_micro:interscan_viruswall:3.6.0_build_1182 cpe:/a:trend_micro:interscan_viruswall:3.6.5::linux cpe:/a:trend_micro:interscan_viruswall:3.7.0 cpe:/a:trend_micro:interscan_viruswall:3.7.0_build1190 cpe:/a:trend_micro:interscan_viruswall:3.8.0_build1130 cpe:/a:trend_micro:interscan_viruswall:3.32 cpe:/a:trend_micro:interscan_viruswall:3.81::linux cpe:/a:trend_micro:interscan_viruswall:5.1::windows_nt cpe:/a:trend_micro:interscan_viruswall:gold::aix cpe:/a:trend_micro:interscan_viruswall:gold::linux_for_smb cpe:/a:trend_micro:interscan_viruswall:gold::smb cpe:/a:trend_micro:interscan_viruswall:gold::windows cpe:/a:trend_micro:interscan_viruswall:gold::windows_nt_for_smb cpe:/a:trend_micro:interscan_viruswall_for_windows_nt:3.4 cpe:/a:trend_micro:interscan_viruswall_for_windows_nt:3.5 cpe:/a:trend_micro:interscan_viruswall_for_windows_nt:3.6 cpe:/a:trend_micro:interscan_viruswall_for_windows_nt:3.51 cpe:/a:trend_micro:interscan_viruswall_for_windows_nt:3.52 cpe:/a:trend_micro:interscan_viruswall_for_windows_nt:3.52_build1466 cpe:/a:trend_micro:interscan_viruswall_for_windows_nt:5.1.0 cpe:/a:trend_micro:interscan_viruswall_scan_engine:7.510.0-1002 cpe:/a:trend_micro:interscan_web_security_suite:::linux cpe:/a:trend_micro:interscan_web_security_suite:::linux_1.0.0_ja cpe:/a:trend_micro:interscan_web_security_suite:gold::linux cpe:/a:trend_micro:interscan_web_security_suite:gold::solaris cpe:/a:trend_micro:interscan_web_security_suite:gold::windows cpe:/a:trend_micro:interscan_webmanager:1.2 cpe:/a:trend_micro:interscan_webmanager:2.0 cpe:/a:trend_micro:interscan_webmanager:2.1 cpe:/a:trend_micro:interscan_webprotect:gold::isa cpe:/a:trend_micro:officescan:3.0::corporate cpe:/a:trend_micro:officescan:4.5.0::microsof_sbs cpe:/a:trend_micro:officescan:7.3 cpe:/a:trend_micro:officescan:corporate_3.0::windows_nt_server cpe:/a:trend_micro:officescan:corporate_3.1.1::windows_nt_server cpe:/a:trend_micro:officescan:corporate_3.5 cpe:/a:trend_micro:officescan:corporate_3.5::windows_nt_server cpe:/a:trend_micro:officescan:corporate_3.11 cpe:/a:trend_micro:officescan:corporate_3.11::windows_nt_server cpe:/a:trend_micro:officescan:corporate_3.13 cpe:/a:trend_micro:officescan:corporate_3.13::windows_nt_server cpe:/a:trend_micro:officescan:corporate_3.54 cpe:/a:trend_micro:officescan:corporate_5.02 cpe:/a:trend_micro:officescan:corporate_5.5 cpe:/a:trend_micro:officescan:corporate_5.58 cpe:/a:trend_micro:officescan:corporate_6.5 cpe:/a:trend_micro:officescan:corporate_7.0 cpe:/a:trend_micro:officescan:corporate_7.3 cpe:/a:trend_micro:pc-cillin:6.0 cpe:/a:trend_micro:pc-cillin:2000 cpe:/a:trend_micro:pc-cillin:2002 cpe:/a:trend_micro:pc-cillin:2003 cpe:/a:trend_micro:pc-cillin:2005 cpe:/a:trend_micro:pc-cillin:2006 cpe:/a:trend_micro:pc-cillin_internet_security:14_14.00.1485 cpe:/a:trend_micro:pc-cillin_internet_security:2005_12.0.0_0_build_1244 cpe:/a:trend_micro:pc-cillin_internet_security:2006_14.10.0.1023 cpe:/a:trend_micro:pc-cillin_internet_security:2007 cpe:/a:trend_micro:pc_cillin_-_internet_security_2006 cpe:/a:trend_micro:portalprotect:1.0 cpe:/a:trend_micro:portalprotect:1.2::sharepoint cpe:/a:trend_micro:scanmail:1.0.0 cpe:/a:trend_micro:scanmail:2.6::domino cpe:/a:trend_micro:scanmail:2.51::domino cpe:/a:trend_micro:scanmail:3.8::microsoft_exchange cpe:/a:trend_micro:scanmail:3.81::microsoft_exchange cpe:/a:trend_micro:scanmail:6.1::microsoft_exchange cpe:/a:trend_micro:scanmail:gold::lotus_domino_on_aix cpe:/a:trend_micro:scanmail:gold::lotus_domino_on_as_400 cpe:/a:trend_micro:scanmail:gold::lotus_domino_on_s_390 cpe:/a:trend_micro:scanmail:gold::lotus_domino_on_solaris cpe:/a:trend_micro:scanmail:gold::lotus_domino_on_windows cpe:/a:trend_micro:scanmail_emanager cpe:/a:trend_micro:scanning_engine:7.1.0 cpe:/a:trend_micro:serverprotect:5.3.1 cpe:/a:trend_micro:serverprotect:5.5.8 cpe:/a:trend_micro:serverprotect:5.58 cpe:/a:trend_micro:serverprotect:5.58::windows cpe:/a:trend_micro:serverprotect:linux cpe:/a:trend_micro:serverprotect:linux_1.2.0 cpe:/a:trend_micro:serverprotect:novell_netware cpe:/a:trend_micro:serverprotect:windows cpe:/a:trend_micro:viruswall:3.0.1 cpe:/a:trend_micro:web_security_suite:1.2.0 cpe:/a:trend_micro:webprotect:3.1.0

CVE-2007-0851

2007-02-08T13:28:00.000-05:00

2017-07-28T21:30:27.360-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034289 JVN JVN#77366274 IDEFENSE 20070208 Trend Micro AntiVirus UPX Parsing Kernel Buffer Overflow Vulnerability SECTRACK 1017601 SECTRACK 1017602 SECTRACK 1017603 MISC http://www.jpcert.or.jp/at/2007/at070004.txt CERT-VN VU#276432 BID 22449 VUPEN ADV-2007-0522 VUPEN ADV-2007-0569 XF antivirus-upx-bo(32352) Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable.

cpe:/a:techexcel_inc.:devtrack:6.0.3

CVE-2007-0852

2007-02-08T13:28:00.000-05:00

2008-11-15T01:42:11.313-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22460 Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote attackers to inject arbitrary web script or HTML via the "Keyword search" form field and unspecified other form fields that populate a public saved query. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:techexcel_inc.:devtrack:6.0.3

CVE-2007-0853

2007-02-08T13:28:00.000-05:00

2017-07-28T21:30:27.407-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22460 XF devtrack-username-sql-injection(32348) SQL injection vulnerability in DevTrack 6.0.3 allows remote attackers to execute arbitrary SQL commands via the Username form field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:cpanel:webhost_manager

CVE-2007-0854

2007-02-08T13:28:00.000-05:00

2018-10-16T12:34:55.280-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

CONFIRM http://changelog.cpanel.net/index.cgi BUGTRAQ 20070207 remote file include in whm (all version) BUGTRAQ 20070208 Re: remote file include in whm (all version) BID 22455 VUPEN ADV-2007-0545 XF cpanel-webhost-objcache-xss(32400) Remote file inclusion vulnerability in scripts2/objcache in cPanel WebHost Manager (WHM) allows remote attackers to execute arbitrary code via a URL in the obj parameter. NOTE: a third party claims that this issue is not file inclusion because the contents are not parsed, but the attack can be used to overwrite files in /var/cpanel/objcache or provide unexpected web page contents.

cpe:/a:rarlab:unrar:3.60 cpe:/a:rarlab:unrar:3.61

CVE-2007-0855

2007-02-08T13:28:00.000-05:00

2017-07-28T21:30:27.533-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

IDEFENSE 20070207 RARLabs Unrar Password Prompt Buffer Overflow Vulnerability GENTOO GLSA-200702-04 SECTRACK 1017593 SUSE SUSE-SR:2007:005 BID 22447 VUPEN ADV-2007-0523 XF unrar-password-archive-bo(32357) Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR and possibly other products, allows user-assisted remote attackers to execute arbitrary code via a crafted, password-protected archive.

cpe:/a:trend_micro:client-server-messaging_security:3.5::smb cpe:/a:trend_micro:damage_cleanup_services:3.2 cpe:/a:trend_micro:pc-cillin_internet_security:2007 cpe:/a:trend_micro:tmcomm.sys:1.5.1052 cpe:/a:trend_micro:trend_micro_antirootkit_common_module cpe:/a:trend_micro:trend_micro_antispyware:3.0_sp2::enterprise cpe:/a:trend_micro:trend_micro_antispyware:3.2_sp1::smb cpe:/a:trend_micro:trend_micro_antispyware:3.5::consumer cpe:/a:trend_micro:trend_micro_antivirus:2007 cpe:/a:trend_micro:vsapini.sys:3.320.1003

CVE-2007-0856

2007-02-08T13:28:00.000-05:00

2017-07-28T21:30:27.593-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034432&id=EN-1034432 IDEFENSE 20070207 Trend Micro TmComm Local Privilege Escalation Vulnerability SECTRACK 1017604 SECTRACK 1017605 SECTRACK 1017606 CERT-VN VU#282240 CERT-VN VU#666800 BID 22448 VUPEN ADV-2007-0521 XF trendmicro-tmcomm-privilege-escalation(32353) TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common Module (RCM), with the VsapiNI.sys 3.320.0.1003 scan engine, as used in Trend Micro PC-cillin Internet Security 2007, Antivirus 2007, Anti-Spyware for SMB 3.2 SP1, Anti-Spyware for Consumer 3.5, Anti-Spyware for Enterprise 3.0 SP2, Client / Server / Messaging Security for SMB 3.5, Damage Cleanup Services 3.2, and possibly other products, assigns Everyone write permission for the \\.\TmComm DOS device interface, which allows local users to access privileged IOCTLs and execute arbitrary code or overwrite arbitrary memory in the kernel context.

cpe:/a:moinmoin:moinmoin:1.5.0 cpe:/a:moinmoin:moinmoin:1.5.1 cpe:/a:moinmoin:moinmoin:1.5.2 cpe:/a:moinmoin:moinmoin:1.5.3 cpe:/a:moinmoin:moinmoin:1.5.3_rc1 cpe:/a:moinmoin:moinmoin:1.5.3_rc2 cpe:/a:moinmoin:moinmoin:1.5.4 cpe:/a:moinmoin:moinmoin:1.5.5 cpe:/a:moinmoin:moinmoin:1.5.5_rc1 cpe:/a:moinmoin:moinmoin:1.5.5a cpe:/a:moinmoin:moinmoin:1.5.6

CVE-2007-0857

2007-02-08T13:28:00.000-05:00

2017-07-28T21:30:27.657-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://moinmoin.wikiwikiweb.de/MoinMoinRelease1.5/CHANGES BID 22506 UBUNTU USN-421-1 VUPEN ADV-2007-0553 XF moinmoin-pageinfo-pagename-xss(32377) Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin before 1.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the page info, or the page name in a (2) AttachFile, (3) RenamePage, or (4) LocalSiteMap action.

cpe:/h:palm:treo:650 cpe:/h:palm:treo:680 cpe:/h:palm:treo:700p

CVE-2007-0859

2007-02-15T19:28:00.000-05:00

2018-10-16T12:34:55.797-04:00

2.1

LOCAL

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov MISC http://discussion.treocentral.com/showthread.php?p=1199445&posted=1#post1199445 SREASON 2260 BUGTRAQ 20070213 SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass BUGTRAQ 20070216 Re: SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass BUGTRAQ 20070222 SYMSA-2007-002-1: Palm OS Treo Find Feature System Password Bypass BUGTRAQ 20070222 Re: SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass BUGTRAQ 20070222 Re: Re: SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass BUGTRAQ 20070222 RE: SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass BID 22468 MISC http://www.symantec.com/enterprise/research/SYMSA-2007-002.txt XF palmos-findfeature-security-bypass(32502) The Find feature in Palm OS Treo smart phones operates despite the system password lock, which allows attackers with physical access to obtain sensitive information (memory contents) by doing (1) text searches or (2) paste operations after pressing certain keyboard shortcut keys.

cpe:/a:laboratory_for_optical_and_computational_instrumentation:local_calendar_system:1.1

CVE-2007-0860

2007-02-08T20:28:00.000-05:00

2018-10-16T12:34:56.607-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070127 local Calendar System v1.1 (lcStdLib.inc) Remote File Include BUGTRAQ 20070128 Re: local Calendar System v1.1 (lcStdLib.inc) Remote File Include ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in local Calendar System 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) TEMPLATE_DIR parameter to (a) showinvoices.php, (b) showmonth.php, (c) showevents.php, (d) retrieveinvoice.php, (e) modifyitem.php, and (f) lookup_userid.php; or the LIBDIR parameter to (g) editevent.php, (h) resetpassword.php, (i) signup.php, showmonth.php, (j) showday.php, showevents.php, and lookup_userid.php. NOTE: this issue has been disputed by a third party, who states that the associated variables are set in config.php before use.

cpe:/a:phpcoin:phpcoin:rc1

CVE-2007-0861

2007-02-08T20:28:00.000-05:00

2018-10-16T12:34:56.763-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2230 BUGTRAQ 20070125 Re: phpCOIN <= RC-1 (modules/mail/index.php) Remote File Include Vulnerability BUGTRAQ 20070125 phpCOIN <= RC-1 (modules/mail/index.php) Remote File Include Vulnerability ** DISPUTED ** PHP remote file inclusion vulnerability in modules/mail/index.php in phpCOIN RC-1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _CCFG['_PKG_PATH_MDLS'] parameter. NOTE: this issue has been disputed by a reliable third party, who states that a fatal error occurs before the relevant code is reached.

cpe:/a:gnopaste:gnopaste:0.5.2 cpe:/a:gnopaste:gnopaste:0.5.3

CVE-2007-0862

2007-02-08T20:28:00.000-05:00

2018-10-16T12:34:56.997-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070129 gnopaste <= 0.5.3 (index.php) Remote File Include Vulnerability BUGTRAQ 20070129 Re: gnopaste <= 0.5.3 (index.php) Remote File Include Vulnerability ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in gnopaste 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code via the GNP_REAL_PATH parameter. NOTE: CVE and a third party dispute this issue, since GNP_REAL_PATH is a constant, not a variable.

cpe:/a:trevorchan:trevorchan:0.7

CVE-2007-0863

2007-02-08T20:28:00.000-05:00

2008-11-15T01:42:13.937-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SECTRACK 1017512 VIM 20070115 [Bogus] [ilkerkandemir at mynet.com: Trevorchan <= v0.7 Remote File Include Vulnerability] (fwd) ** DISPUTED ** PHP remote file inclusion vulnerability in Trevorchan 0.7 and earlier allows remote attackers to execute arbitrary code via the tc_config[rootdir] parameter to (1) upgrade.php, (2) paint_save.php, (3) menu.php, (4) manage.php, and (5) banned.php. NOTE: his issue has been disputed by reliable third parties, who state that the variable is set before use in config.php.

cpe:/a:lushiwarplaner:lushiwarplaner:1.0

CVE-2007-0864

2007-02-08T20:28:00.000-05:00

2017-10-18T21:30:05.893-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov BID 22470 VUPEN ADV-2007-0538 XF lushiwarplaner-register-sql-injection(32365) EXPLOIT-DB 3288 SQL injection vulnerability in register.php in LushiWarPlaner 1.0 allows remote attackers to inject arbitrary SQL commands via the id parameter.

cpe:/a:lushinews:lushinews:1.00 cpe:/a:lushinews:lushinews:1.01

CVE-2007-0865

2007-02-08T20:28:00.000-05:00

2017-10-18T21:30:05.940-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22469 VUPEN ADV-2007-0539 XF lushinews-comments-sql-injection(32360) EXPLOIT-DB 3287 SQL injection vulnerability in comments.php in LushiNews 1.01 and earlier allows remote authenticated users to inject arbitrary SQL commands via the id parameter.

cpe:/a:hp:openview_storage_data_protector:5.50

CVE-2007-0866

2007-02-08T20:28:00.000-05:00

2018-10-16T12:34:57.153-04:00

6.8

LOCAL

LOW

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SECTRACK 1017614 HP HPSBMA02190 BID 22488 VUPEN ADV-2007-0542 XF openview-dataprotector-privilege-escalation(32386) Unspecified vulnerability in HP OpenView Storage Data Protector on HP-UX B.11.00, B.11.11, or B.11.23 allows local users to execute arbitrary code via unknown vectors.

cpe:/a:site-assistant:site-assistant:0990

CVE-2007-0867

2007-02-09T14:28:00.000-05:00

2017-10-18T21:30:05.987-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov BID 22467 VUPEN ADV-2007-0541 XF siteassistant-menu-file-include(32364) EXPLOIT-DB 3285 PHP remote file inclusion vulnerability in classes/menu.php in Site-Assistant 0990 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the paths[version] parameter.

cpe:/a:yahoo:messenger:4.0 cpe:/a:yahoo:messenger:5.0 cpe:/a:yahoo:messenger:5.0.1046 cpe:/a:yahoo:messenger:5.0.1065 cpe:/a:yahoo:messenger:5.0.1232 cpe:/a:yahoo:messenger:5.5 cpe:/a:yahoo:messenger:5.5.1249 cpe:/a:yahoo:messenger:5.6 cpe:/a:yahoo:messenger:5.6.0.1347 cpe:/a:yahoo:messenger:5.6.0.1351 cpe:/a:yahoo:messenger:5.6.0.1355 cpe:/a:yahoo:messenger:5.6.0.1356 cpe:/a:yahoo:messenger:5.6.0.1358 cpe:/a:yahoo:messenger:6.0 cpe:/a:yahoo:messenger:6.0.0.1643 cpe:/a:yahoo:messenger:6.0.0.1750 cpe:/a:yahoo:messenger:6.0.0.1921 cpe:/a:yahoo:messenger:7.0.438 cpe:/a:yahoo:messenger:7.5.0.814 cpe:/a:yahoo:messenger:8.0 cpe:/a:yahoo:messenger:8.0.0.863 cpe:/a:yahoo:messenger:8.0_2005.1.1.4 cpe:/a:yahoo:messenger:8.1.0.209 cpe:/a:yahoo:messenger:8.1.0.239

CVE-2007-0868

2007-02-09T14:28:00.000-05:00

2008-11-15T01:42:15.453-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov BID 22407 Unspecified vulnerability in the Chat Room functionality in Yahoo! Messenger 8.1.0.239 and earlier allows remote attackers to cause a denial of service via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:jelsoft:vbulletin:3.6.4

CVE-2007-0869

2007-02-09T14:28:00.000-05:00

2008-11-15T01:42:15.577-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 22466 Cross-site scripting (XSS) vulnerability in the Attachment Manager (admincp/attachment.php) in Jelsoft vBulletin 3.6.4 allows remote attackers to inject arbitrary web script or HTML via the Extension field. NOTE: this might be a duplicate of CVE-2007-0830.5. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:microsoft:word:2000

CVE-2007-0870

2007-02-11T16:28:00.000-05:00

2018-10-16T12:34:57.513-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

FULLDISC 20070215 Word flaw CVE-2007-0870 confirmed as code execution type issue MISC http://www.avertlabs.com/research/blog/?p=199 MISC http://www.avertlabs.com/research/blog/?p=206 CERT-VN VU#332404 MISC http://www.microsoft.com/technet/security/advisory/933052.mspx HP HPSBST02214 BID 22567 SECTRACK 1017653 CERT TA07-128A VUPEN ADV-2007-0607 VUPEN ADV-2007-1709 MS MS07-024 XF word-document-string-code-execution(32503) Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027.

cpe:/a:extremepow:extreme_file_hosting

CVE-2007-0871

2007-02-12T14:28:00.000-05:00

2018-10-16T12:34:58.450-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2231 BUGTRAQ 20070209 eXtreme File Hosting remote file upload vulnerability BID 22498 XF extremefilehosting-compressed-file-upload(32435) Unrestricted file upload vulnerability in eXtremePow eXtreme File Hosting allows remote attackers to upload arbitrary PHP code via a filename with a double extension such as (1) .rar.php or (2) .zip.php.

cpe:/a:plain_old_webserver:plain_old_webserver:0.0.7 cpe:/a:plain_old_webserver:plain_old_webserver:0.0.8

CVE-2007-0872

2007-02-12T14:28:00.000-05:00

2017-07-28T21:30:28.437-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov FULLDISC 20070209 Re: [WEB SECURITY] Plain Old Webserver - The coolest firefox extension FULLDISC 20070209 Re: [WEB SECURITY] Plain Old Webserver - The coolest firefox extension BID 22502 VUPEN ADV-2007-0558 CONFIRM https://addons.mozilla.org/firefox/3002/ XF pow-httprequest-directory-traversal(32467) Directory traversal vulnerability in the Plain Old Webserver (POW) add-on before 0.0.9 for Mozilla Firefox allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.

cpe:/a:nabocorp:nabopoll:1.1 cpe:/a:nabocorp:nabopoll:1.2

CVE-2007-0873

2007-02-12T14:28:00.000-05:00

2018-10-16T12:34:59.047-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VIM 20070215 [milw0rm] exploit 3305 MISC http://forums.avenir-geopolitique.net/viewtopic.php?t=2643 SREASON 2232 BUGTRAQ 20070210 nabopoll 1.1.2 sensitive file (admin without password) BID 22509 XF nabopoll-adminscripts-unauthorized-access(32472) EXPLOIT-DB 3305 nabopoll 1.1.2 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) config_edit.php, (2) template_edit.php, or (3) survey_edit.php in admin/.

cpe:/a:allons_voter:allons_voter:1.0

CVE-2007-0874

2007-02-12T14:28:00.000-05:00

2018-10-16T12:34:59.530-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://forums.avenir-geopolitique.net/viewtopic.php?t=2641 SREASON 2234 BUGTRAQ 20070209 Allons_voter Version 1.0 xss and admin votes BID 22508 XF allonsvoter-admin-authentication-bypass(32431) Allons_voter 1.0 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) admin_ajouter.php or (2) admin_supprimer.php. NOTE: this could be leveraged to conduct cross-site scripting (XSS) attacks.

cpe:/a:mcrefer:mcrefer:1.0

CVE-2007-0875

2007-02-12T14:28:00.000-05:00

2018-10-16T12:34:59.873-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov MISC http://forums.avenir-geopolitique.net/viewtopic.php?t=2642 SREASON 2235 BUGTRAQ 20070209 mcRefer SQL injection BUGTRAQ 20070211 Re: mcRefer SQL injection BID 22507 ** DISPUTED ** SQL injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this issue has been disputed by a third party, stating that the file does not use a SQL database.

cpe:/a:qdig:qdig:1.2.9.3 cpe:/a:qdig:qdig:2006-06-24_dev

CVE-2007-0876

2007-02-12T14:28:00.000-05:00

2018-10-16T12:35:00.200-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://sourceforge.net/project/shownotes.php?group_id=69837&release_id=485558 BUGTRAQ 20070210 [XSS] Qdig - Quick Digital Image Gallery Version 1.2.9.3 and -devel BUGTRAQ 20070211 Re: [XSS] Qdig - Quick Digital Image Gallery Version 1.2.9.3 and -devel BID 22510 VUPEN ADV-2007-0555 XF qdig-qwd-xss(32421) Cross-site scripting (XSS) vulnerability in Quick Digital Image Gallery (Qdig) 1.2.9.3 and devel-20060624 allows remote attackers to inject arbitrary web script or HTML via the Qwd parameter to the top-level URI.

cpe:/h:march_networks:3108_dvr cpe:/h:march_networks:3204_dvr cpe:/h:march_networks:4210_dvr cpe:/h:march_networks:4310_dvr cpe:/h:march_networks:4410_dvr

CVE-2007-0877

2007-02-12T14:28:00.000-05:00

2008-11-15T01:42:17.907-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov BID 22497 Unspecified vulnerability in March Networks DVR 3000 and 4000 Digital Video Recorders allows attackers to cause an unspecified denial of service. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/o:microsoft:windows_mobile:5.0

CVE-2007-0878

2007-02-12T15:28:00.000-05:00

2018-10-30T12:25:10.717-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov FULLDISC 20070209 Denial Of Service in Internet Explorer for MS Windows Mobile 5.0 BUGTRAQ 20070209 Denial Of Service in Internet Explorer for MS Windows Mobile 5.0 BUGTRAQ 20070209 Re: Denial Of Service in Internet Explorer for MS Windows Mobile 5.0 BUGTRAQ 20070209 RE: Denial Of Service in Internet Explorer for MS Windows Mobile 5.0 BID 22500 XF ie-mobile-wml-dos(32394) Unspecified vulnerability in Microsoft Internet Explorer on Windows Mobile 5.0 allows remote attackers to cause a denial of service (loss of browser and other device functionality) via a malformed WML page, related to an "overflow state." NOTE: it is possible that this issue is related to CVE-2007-0685.

cpe:/a:smidgeonsoft:pebrowse:professional_8.2.1.0

CVE-2007-0879

2007-02-12T15:28:00.000-05:00

2017-07-28T21:30:28.687-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

BID 22501 VUPEN ADV-2007-0665 XF smidgeonsoft-files-bo(32524) Buffer overflow in SmidgeonSoft PEBrowse Professional 8.2.1.0 allows user-assisted remote attackers to execute arbitrary code via certain executable files in PE format. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:capital_request_forms:capital_request_forms

CVE-2007-0880

2007-02-12T15:28:00.000-05:00

2018-10-16T12:35:02.153-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

NONE

http://nvd.nist.gov BUGTRAQ 20070209 Capital Request Forms Db Username and Password Vulnerabilities Capital Request Forms stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for inc/common_db.inc.

cpe:/a:openi-cms_group:openi-cms:1.0

CVE-2007-0881

2007-02-12T15:28:00.000-05:00

2017-10-18T21:30:06.050-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://echo.or.id/adv/adv64-y3dips-2007.txt BID 22511 VUPEN ADV-2007-0556 XF internalrange-oidir-file-include(32423) EXPLOIT-DB 3292 PHP remote file inclusion vulnerability in the Seitenschutz plugin for OPENi-CMS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the (1) config[oi_dir] and possibly (2) config[openi_dir] parameters to open-admin/plugins/site_protection/index.php. NOTE: vector 2 might be the same as CVE-2006-4750.

cpe:/o:sun:solaris:10.0::sparc cpe:/o:sun:solaris:10.0::x86 cpe:/o:sun:sunos:5.10 cpe:/o:sun:sunos:5.11

CVE-2007-0882

2007-02-12T15:28:00.000-05:00

2018-10-30T12:25:11.920-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

MISC http://erratasec.blogspot.com/2007/02/trivial-remote-solaris-0day-disable.html MISC http://isc.sans.org/diary.html?storyid=2220 FULLDISC 20070211 "0day was the case that they gave me" SUNALERT 102802 CERT-VN VU#881872 BUGTRAQ 20070212 Re: [Full-disclosure] Solaris telnet vulnberability - how many on your network? BUGTRAQ 20070212 Solaris telnet vulnberability - how many on your network? BUGTRAQ 20070212 Re: [BLACKLIST] [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork? BUGTRAQ 20070213 Re: [BLACKLIST] [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork? BUGTRAQ 20070214 Solaris telnet vuln solutions digest and network risks BUGTRAQ 20070214 RE: [Full-disclosure] Solaris telnet vulnberability - how many onyour network? BID 22512 SECTRACK 1017625 CERT TA07-059A VUPEN ADV-2007-0560 XF solaris-telnet-authentication-bypass(32434) Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.

cpe:/h:second_rule_llc:ip3_netaccess:4.1.9.5

CVE-2007-0883

2007-02-12T15:28:00.000-05:00

2018-10-16T12:35:03.763-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov FULLDISC 20070211 Arbitrary file disclosure vulnerability in IP3 NetAccess < 4.1.9.6 MISC http://www.devtarget.org/ip3-advisory-02-2007.txt BUGTRAQ 20070211 Arbitrary file disclosure vulnerability in IP3 NetAccess < 4.1.9.6 BID 22513 SECTRACK 1017623 VUPEN ADV-2007-0615 XF ip3netaccess-getfile-directory-traversal(32432) EXPLOIT-DB 3294 Directory traversal vulnerability in portalgroups/portalgroups/getfile.cgi in IP3 NetAccess before firmware 4.1.9.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.

cpe:/a:roaring_penguin:mimedefang:2.59 cpe:/a:roaring_penguin:mimedefang:2.60

CVE-2007-0884

2007-02-12T15:28:00.000-05:00

2017-07-28T21:30:28.923-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MLIST [mimedefang] 20070209 SECURITY: MIMEDefang 2.61 is Released CONFIRM http://www.mimedefang.org/node.php?id=62 BID 22514 VUPEN ADV-2007-0572 XF mimedefang-unspecified-bo(32466) Buffer overflow in Roaring Penguin MIMEDefang 2.59 and 2.60 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors.

cpe:/a:rainbow_portal:rainbow.zen cpe:/a:rainbow_portal:rainbow_with_the_zen

CVE-2007-0885

2007-02-12T15:28:00.000-05:00

2018-10-16T12:35:04.357-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BUGTRAQ 20070209 XSS in Rainbow with Rainbow.Zen BID 22503 XF rainbow-browseproject-xss(32418) Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter.

cpe:/a:gecad_technologies:axigen_mail_server:1.2.6 cpe:/a:gecad_technologies:axigen_mail_server:2.0.0b1

CVE-2007-0886

2007-02-12T18:28:00.000-05:00

2017-10-18T21:30:06.160-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov FULLDISC 20070208 Axigen <2.0.0b1 DoS BID 22473 XF axigen-memcpy-dos(32342) EXPLOIT-DB 3289 Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via certain base64-encoded data on the pop3 port (110/tcp), which triggers an integer overflow.

cpe:/a:gecad_technologies:axigen_mail_server:1.2.6 cpe:/a:gecad_technologies:axigen_mail_server:2.0.0b1

CVE-2007-0887

2007-02-12T18:28:00.000-05:00

2017-10-18T21:30:06.207-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov FULLDISC 20070208 Axigen <2.0.0b1 DoS BID 22473 XF axigen-nullpointer-dos(32345) EXPLOIT-DB 3290 axigen 1.2.6 through 2.0.0b1 does not properly parse login credentials, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a base64-encoded "*\x00" sequence on the imap port (143/tcp).

cpe:/a:kiwi_enterprises:kiwi_cattools

CVE-2007-0888

2007-02-12T18:28:00.000-05:00

2018-10-16T12:35:04.560-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SREASON 2236 CONFIRM http://www.kiwisyslog.com/kb/idx/5/178/article/ BUGTRAQ 20070208 TFTP directory traversal in Kiwi CatTools BUGTRAQ 20070213 Re: TFTP directory traversal in Kiwi CatTools BID 22490 VUPEN ADV-2007-0536 XF kiwicattools-tftp-directory-traversal(32398) Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET or (2) PUT command.

cpe:/a:kiwi_enterprises:kiwi_cattools

CVE-2007-0889

2007-02-12T18:28:00.000-05:00

2018-10-16T12:35:05.013-04:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2236 BUGTRAQ 20070208 TFTP directory traversal in Kiwi CatTools Kiwi CatTools before 3.2.0 beta uses weak encryption ("reversible encoding") for passwords, account names, and IP addresses in kiwidb-cattools.kdb, which might allow local users to gain sensitive information by decrypting the file. NOTE: this issue could be leveraged with a directory traversal vulnerability for a remote attack vector.

cpe:/a:cpanel:webhost_manager:5.0 cpe:/a:cpanel:webhost_manager:5.3 cpe:/a:cpanel:webhost_manager:6.0 cpe:/a:cpanel:webhost_manager:6.2 cpe:/a:cpanel:webhost_manager:6.4 cpe:/a:cpanel:webhost_manager:6.4.1 cpe:/a:cpanel:webhost_manager:6.4.2 cpe:/a:cpanel:webhost_manager:6.4.2_stable_48 cpe:/a:cpanel:webhost_manager:7.0 cpe:/a:cpanel:webhost_manager:8.0 cpe:/a:cpanel:webhost_manager:9.0 cpe:/a:cpanel:webhost_manager:9.1 cpe:/a:cpanel:webhost_manager:9.1.0_r85 cpe:/a:cpanel:webhost_manager:9.4.1_r64 cpe:/a:cpanel:webhost_manager:9.9.1_r3 cpe:/a:cpanel:webhost_manager:10.2.0_r82 cpe:/a:cpanel:webhost_manager:10.6.0_r137 cpe:/a:cpanel:webhost_manager:10.8.1_113 cpe:/a:cpanel:webhost_manager:10.8.1_build84 cpe:/a:cpanel:webhost_manager:10.8.2_118 cpe:/a:cpanel:webhost_manager:10.9 cpe:/a:cpanel:webhost_manager:11 cpe:/a:cpanel:webhost_manager:11.0 cpe:/a:cpanel:webhost_manager:11_beta

CVE-2007-0890

2007-02-12T18:28:00.000-05:00

2018-10-16T12:35:05.187-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov MISC http://changelog.cpanel.net/index.cgi BUGTRAQ 20070208 local bug :[xxs] in whm BID 22474 VUPEN ADV-2007-0568 Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPanel WebHost Manager (WHM) 11.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the password parameter.

cpe:/a:matthieu_aubry:phpmyvisites:0.1_beta cpe:/a:matthieu_aubry:phpmyvisites:1.0 cpe:/a:matthieu_aubry:phpmyvisites:1.1 cpe:/a:matthieu_aubry:phpmyvisites:1.2 cpe:/a:matthieu_aubry:phpmyvisites:1.2.1 cpe:/a:matthieu_aubry:phpmyvisites:1.2.2 cpe:/a:matthieu_aubry:phpmyvisites:1.2_beta cpe:/a:matthieu_aubry:phpmyvisites:1.3 cpe:/a:matthieu_aubry:phpmyvisites:2.1

CVE-2007-0891

2007-02-12T18:28:00.000-05:00

2018-10-16T12:35:05.467-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov FULLDISC 20070211 Multiple vulnerabilities in phpMyVisites BUGTRAQ 20070211 Multiple vulnerabilities in phpMyVisites BID 22516 XF phpmyvisites-phpmyvisites-xss(32430) Cross-site scripting (XSS) vulnerability in the GetCurrentCompletePath function in phpmyvisites.php in phpMyVisites before 2.2 allows remote attackers to inject arbitrary web script or HTML via the query string.

CVE-2007-0892

2007-02-12T18:28:00.000-05:00

2018-10-16T12:35:05.890-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov FULLDISC 20070211 Multiple vulnerabilities in phpMyVisites BUGTRAQ 20070211 Multiple vulnerabilities in phpMyVisites XF phpmyvisites-pagename-response-splitting(32428) CRLF injection vulnerability in phpMyVisites before 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the url parameter, when the pagename parameter begins with "FILE:".

CVE-2007-0893

2007-02-12T18:28:00.000-05:00

2018-10-16T12:35:06.200-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov FULLDISC 20070211 Multiple vulnerabilities in phpMyVisites BUGTRAQ 20070211 Multiple vulnerabilities in phpMyVisites BID 22516 XF phpmyvisites-pmvckview-file-include(32433) Directory traversal vulnerability in phpMyVisites before 2.2 allows remote attackers to include arbitrary files via leading ".." sequences on the pmv_ck_view COOKIE parameter, which bypasses the protection scheme.

cpe:/a:mediawiki:mediawiki:1.1.0 cpe:/a:mediawiki:mediawiki:1.2.0 cpe:/a:mediawiki:mediawiki:1.2.1 cpe:/a:mediawiki:mediawiki:1.2.2 cpe:/a:mediawiki:mediawiki:1.2.3 cpe:/a:mediawiki:mediawiki:1.2.4 cpe:/a:mediawiki:mediawiki:1.2.5 cpe:/a:mediawiki:mediawiki:1.2.6 cpe:/a:mediawiki:mediawiki:1.3 cpe:/a:mediawiki:mediawiki:1.3.0 cpe:/a:mediawiki:mediawiki:1.3.1 cpe:/a:mediawiki:mediawiki:1.3.2 cpe:/a:mediawiki:mediawiki:1.3.3 cpe:/a:mediawiki:mediawiki:1.3.4 cpe:/a:mediawiki:mediawiki:1.3.5 cpe:/a:mediawiki:mediawiki:1.3.6 cpe:/a:mediawiki:mediawiki:1.3.7 cpe:/a:mediawiki:mediawiki:1.3.8 cpe:/a:mediawiki:mediawiki:1.3.9 cpe:/a:mediawiki:mediawiki:1.3.10 cpe:/a:mediawiki:mediawiki:1.3.11 cpe:/a:mediawiki:mediawiki:1.3.12 cpe:/a:mediawiki:mediawiki:1.3.13 cpe:/a:mediawiki:mediawiki:1.3.14 cpe:/a:mediawiki:mediawiki:1.3.15 cpe:/a:mediawiki:mediawiki:1.4.1 cpe:/a:mediawiki:mediawiki:1.4.2 cpe:/a:mediawiki:mediawiki:1.4.3 cpe:/a:mediawiki:mediawiki:1.4.4 cpe:/a:mediawiki:mediawiki:1.4.5 cpe:/a:mediawiki:mediawiki:1.4.6 cpe:/a:mediawiki:mediawiki:1.4.7 cpe:/a:mediawiki:mediawiki:1.4.8 cpe:/a:mediawiki:mediawiki:1.4.9 cpe:/a:mediawiki:mediawiki:1.4.10 cpe:/a:mediawiki:mediawiki:1.4.11 cpe:/a:mediawiki:mediawiki:1.4.12 cpe:/a:mediawiki:mediawiki:1.4.13 cpe:/a:mediawiki:mediawiki:1.4.14 cpe:/a:mediawiki:mediawiki:1.4_beta1 cpe:/a:mediawiki:mediawiki:1.4_beta2 cpe:/a:mediawiki:mediawiki:1.4_beta3 cpe:/a:mediawiki:mediawiki:1.4_beta4 cpe:/a:mediawiki:mediawiki:1.4_beta5 cpe:/a:mediawiki:mediawiki:1.4_beta6 cpe:/a:mediawiki:mediawiki:1.5.0 cpe:/a:mediawiki:mediawiki:1.5.1 cpe:/a:mediawiki:mediawiki:1.5.2 cpe:/a:mediawiki:mediawiki:1.5.3 cpe:/a:mediawiki:mediawiki:1.5.4 cpe:/a:mediawiki:mediawiki:1.5.5 cpe:/a:mediawiki:mediawiki:1.5.6 cpe:/a:mediawiki:mediawiki:1.5.7 cpe:/a:mediawiki:mediawiki:1.5_alpha1 cpe:/a:mediawiki:mediawiki:1.5_alpha2 cpe:/a:mediawiki:mediawiki:1.5_beta1 cpe:/a:mediawiki:mediawiki:1.5_beta2 cpe:/a:mediawiki:mediawiki:1.5_beta3 cpe:/a:mediawiki:mediawiki:1.5_beta4 cpe:/a:mediawiki:mediawiki:1.5_rc2 cpe:/a:mediawiki:mediawiki:1.5_rc3 cpe:/a:mediawiki:mediawiki:1.5_rc4 cpe:/a:mediawiki:mediawiki:1.6.0 cpe:/a:mediawiki:mediawiki:1.6.1 cpe:/a:mediawiki:mediawiki:1.6.2 cpe:/a:mediawiki:mediawiki:1.6.3 cpe:/a:mediawiki:mediawiki:1.6.4 cpe:/a:mediawiki:mediawiki:1.6.5 cpe:/a:mediawiki:mediawiki:1.6.5_r14348 cpe:/a:mediawiki:mediawiki:1.6.6 cpe:/a:mediawiki:mediawiki:1.7.0 cpe:/a:mediawiki:mediawiki:1.7.1 cpe:/a:mediawiki:mediawiki:1.8.0 cpe:/a:mediawiki:mediawiki:1.8.1 cpe:/a:mediawiki:mediawiki:1.8.2 cpe:/a:mediawiki:mediawiki:1.9.0:rc2 cpe:/a:mediawiki:mediawiki:1.9.1

CVE-2007-0894

2007-02-12T18:28:00.000-05:00

2018-10-16T12:35:06.623-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://bugzilla.wikimedia.org/show_bug.cgi?id=8819 CONFIRM http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=19681 BUGTRAQ 20070211 MediaWiki Full Path Disclosure Vulnerability MISC http://zone14.free.fr/advisories/7/ XF mediawiki-multiple-scripts-path-disclosure(32440) MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the installation path in the resulting error message.

cpe:/o:sun:solaris:9.0::sparc cpe:/o:sun:solaris:10.0::sparc cpe:/o:sun:sunos:5.8

CVE-2007-0895

2007-02-12T20:28:00.000-05:00

2018-10-30T12:25:37.090-04:00

2.6

LOCAL

HIGH

NONE

PARTIAL

http://nvd.nist.gov SUNALERT 102782 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-102.htm VUPEN ADV-2007-0543 XF solaris-rm-dos(32399) Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which causes rm to chdir to a ".." directory that is higher than expected, possibly up to the root file system, a related issue to CVE-2002-0435.

cpe:/a:mozilla:firefox cpe:/a:sage:sage cpe:/a:sage:sage:1.0_beta_3 cpe:/a:sage:sage:1.3.6 cpe:/a:sage:sage:1.3.9

CVE-2007-0896

2007-02-13T06:28:00.000-05:00

2017-07-28T21:30:29.487-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov JVN JVN#84430861 CONFIRM http://mozdev.org/bugs/show_bug.cgi?id=16320 CONFIRM http://sage.mozdev.org/blog/archives/2007/1/sage_1_3_10_released.html BID 22493 SECTRACK 1017624 XF sage-rssfeed-xss(32395) Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "<SCRIPT/=''SRC='" sequence in an RSS feed, a different vulnerability than CVE-2006-4712.

cpe:/a:clam_anti-virus:clamav:0.15 cpe:/a:clam_anti-virus:clamav:0.20 cpe:/a:clam_anti-virus:clamav:0.21 cpe:/a:clam_anti-virus:clamav:0.22 cpe:/a:clam_anti-virus:clamav:0.23 cpe:/a:clam_anti-virus:clamav:0.24 cpe:/a:clam_anti-virus:clamav:0.51 cpe:/a:clam_anti-virus:clamav:0.52 cpe:/a:clam_anti-virus:clamav:0.53 cpe:/a:clam_anti-virus:clamav:0.54 cpe:/a:clam_anti-virus:clamav:0.60 cpe:/a:clam_anti-virus:clamav:0.60p cpe:/a:clam_anti-virus:clamav:0.65 cpe:/a:clam_anti-virus:clamav:0.67 cpe:/a:clam_anti-virus:clamav:0.68 cpe:/a:clam_anti-virus:clamav:0.68.1 cpe:/a:clam_anti-virus:clamav:0.70 cpe:/a:clam_anti-virus:clamav:0.71 cpe:/a:clam_anti-virus:clamav:0.72 cpe:/a:clam_anti-virus:clamav:0.73 cpe:/a:clam_anti-virus:clamav:0.74 cpe:/a:clam_anti-virus:clamav:0.75 cpe:/a:clam_anti-virus:clamav:0.75.1 cpe:/a:clam_anti-virus:clamav:0.80 cpe:/a:clam_anti-virus:clamav:0.80_rc1 cpe:/a:clam_anti-virus:clamav:0.80_rc2 cpe:/a:clam_anti-virus:clamav:0.80_rc3 cpe:/a:clam_anti-virus:clamav:0.80_rc4 cpe:/a:clam_anti-virus:clamav:0.81 cpe:/a:clam_anti-virus:clamav:0.81_rc1 cpe:/a:clam_anti-virus:clamav:0.82 cpe:/a:clam_anti-virus:clamav:0.83 cpe:/a:clam_anti-virus:clamav:0.84 cpe:/a:clam_anti-virus:clamav:0.84_rc1 cpe:/a:clam_anti-virus:clamav:0.84_rc2 cpe:/a:clam_anti-virus:clamav:0.85 cpe:/a:clam_anti-virus:clamav:0.85.1 cpe:/a:clam_anti-virus:clamav:0.86 cpe:/a:clam_anti-virus:clamav:0.86.1 cpe:/a:clam_anti-virus:clamav:0.86.2 cpe:/a:clam_anti-virus:clamav:0.86_rc1 cpe:/a:clam_anti-virus:clamav:0.87 cpe:/a:clam_anti-virus:clamav:0.87.1 cpe:/a:clam_anti-virus:clamav:0.88 cpe:/a:clam_anti-virus:clamav:0.88.1 cpe:/a:clam_anti-virus:clamav:0.88.3 cpe:/a:clam_anti-virus:clamav:0.88.4 cpe:/a:clam_anti-virus:clamav:0.88.6

CVE-2007-0897

2007-02-16T14:28:00.000-05:00

2017-07-28T21:30:29.563-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://docs.info.apple.com/article.html?artnum=307562 IDEFENSE 20070215 Multiple Vendor ClamAV CAB File Denial of Service Vulnerability APPLE APPLE-SA-2008-03-18 SUSE SUSE-SA:2007:017 GENTOO GLSA-200703-03 DEBIAN DSA-1263 MANDRIVA MDKSA-2007:043 BID 22580 SECTRACK 1017659 VUPEN ADV-2007-0623 VUPEN ADV-2008-0924 XF clamav-cabfile-dos(32531) Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor.

CVE-2007-0898

2007-02-16T14:28:00.000-05:00

2017-07-28T21:30:29.627-04:00

6.4

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://docs.info.apple.com/article.html?artnum=307562 IDEFENSE 20070215 Multiple Vendor ClamAV MIME Parsing Directory Traversal Vulnerability APPLE APPLE-SA-2008-03-18 SUSE SUSE-SA:2007:017 GENTOO GLSA-200703-03 DEBIAN DSA-1263 MANDRIVA MDKSA-2007:043 BID 22581 SECTRACK 1017660 VUPEN ADV-2007-0623 VUPEN ADV-2008-0924 XF clamav-mimeheader-directory-traversal(32535) Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message.

cpe:/a:tagit:tagboard:2.1.b_build_2

CVE-2007-0900

2007-02-13T15:28:00.000-05:00

2017-07-28T21:30:29.687-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://advisories.echo.or.id/adv/adv65-K-159-2007.txt BID 22518 VUPEN ADV-2007-0557 XF tagit-multiplescripts-file-include(32436) Multiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard 2.1.B Build 2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) configpath parameter to (a) tagviewer.php, (b) tag_process.php, and (c) CONFIG/errmsg.inc.php; and (d) addTagmin.php, (e) ban_watch.php, (f) delTagmin.php, (g) delTag.php, (h) editTagmin.php, (i) editTag.php, (j) manageTagmins.php, and (k) verify.php in tagmin/; the (2) adminpath parameter to (l) tagviewer.php, (m) tag_process.php, and (n) tagmin/index.php; and the (3) admin parameter to (o) readconf.php, (p) updateconf.php, (q) updatefilter.php, and (r) wordfilter.php in tagmin/; different vectors than CVE-2006-5249.

cpe:/a:moinmoin:moinmoin:1.5.7

CVE-2007-0901

2007-02-13T15:28:00.000-05:00

2008-11-15T01:42:23.860-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 22515 UBUNTU USN-423-1 Multiple cross-site scripting (XSS) vulnerabilities in Info pages in MoinMoin 1.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) hitcounts and (2) general parameters, different vectors than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:moinmoin:moinmoin:1.5.7

CVE-2007-0902

2007-02-13T15:28:00.000-05:00

2008-11-15T01:42:24.250-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 22515 UBUNTU USN-423-1 Unspecified vulnerability in the "Show debugging information" feature in MoinMoin 1.5.7 allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:process-one:ejabberd:0.9 cpe:/a:process-one:ejabberd:0.9.1 cpe:/a:process-one:ejabberd:0.9.8 cpe:/a:process-one:ejabberd:1.0.0 cpe:/a:process-one:ejabberd:1.1.0 cpe:/a:process-one:ejabberd:1.1.1 cpe:/a:process-one:ejabberd:1.1.2

CVE-2007-0903

2007-02-13T15:28:00.000-05:00

2017-07-28T21:30:29.750-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_113/ BID 22525 VUPEN ADV-2007-0570 XF ejabberd-modrosterodbc-unspecified(32437) Unspecified vulnerability in the mod_roster_odbc module in ejabberd before 1.1.3 has unknown impact and attack vectors.

cpe:/a:lightro:lightro_cms:1.0

CVE-2007-0904

2007-02-13T15:28:00.000-05:00

2017-10-18T21:30:06.270-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0540 XF lightro-index-sql-injection(32347) EXPLOIT-DB 3286 SQL injection vulnerability in projects.php in LightRO CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter to index.php.

cpe:/a:php:php:3.0 cpe:/a:php:php:3.0.1 cpe:/a:php:php:3.0.2 cpe:/a:php:php:3.0.3 cpe:/a:php:php:3.0.4 cpe:/a:php:php:3.0.5 cpe:/a:php:php:3.0.6 cpe:/a:php:php:3.0.7 cpe:/a:php:php:3.0.8 cpe:/a:php:php:3.0.9 cpe:/a:php:php:3.0.10 cpe:/a:php:php:3.0.11 cpe:/a:php:php:3.0.12 cpe:/a:php:php:3.0.13 cpe:/a:php:php:3.0.14 cpe:/a:php:php:3.0.15 cpe:/a:php:php:3.0.16 cpe:/a:php:php:3.0.17 cpe:/a:php:php:3.0.18 cpe:/a:php:php:4.0 cpe:/a:php:php:4.0.1 cpe:/a:php:php:4.0.1:patch1 cpe:/a:php:php:4.0.1:patch2 cpe:/a:php:php:4.0.2 cpe:/a:php:php:4.0.3 cpe:/a:php:php:4.0.3:patch1 cpe:/a:php:php:4.0.4 cpe:/a:php:php:4.0.5 cpe:/a:php:php:4.0.6 cpe:/a:php:php:4.0.7 cpe:/a:php:php:4.0.7:rc1 cpe:/a:php:php:4.0.7:rc2 cpe:/a:php:php:4.0.7:rc3 cpe:/a:php:php:4.1.0 cpe:/a:php:php:4.1.1 cpe:/a:php:php:4.1.2 cpe:/a:php:php:4.2::dev cpe:/a:php:php:4.2.0 cpe:/a:php:php:4.2.1 cpe:/a:php:php:4.2.2 cpe:/a:php:php:4.2.3 cpe:/a:php:php:4.3.0 cpe:/a:php:php:4.3.1 cpe:/a:php:php:4.3.2 cpe:/a:php:php:4.3.3 cpe:/a:php:php:4.3.4 cpe:/a:php:php:4.3.5 cpe:/a:php:php:4.3.6 cpe:/a:php:php:4.3.7 cpe:/a:php:php:4.3.8 cpe:/a:php:php:4.3.9 cpe:/a:php:php:4.3.10 cpe:/a:php:php:4.3.11 cpe:/a:php:php:4.4.0 cpe:/a:php:php:4.4.1 cpe:/a:php:php:4.4.2 cpe:/a:php:php:4.4.3 cpe:/a:php:php:4.4.4 cpe:/a:php:php:5.0:rc1 cpe:/a:php:php:5.0:rc2 cpe:/a:php:php:5.0:rc3 cpe:/a:php:php:5.0.0 cpe:/a:php:php:5.0.1 cpe:/a:php:php:5.0.2 cpe:/a:php:php:5.0.3 cpe:/a:php:php:5.0.4 cpe:/a:php:php:5.0.5 cpe:/a:php:php:5.1.0 cpe:/a:php:php:5.1.1 cpe:/a:php:php:5.1.2 cpe:/a:php:php:5.1.3 cpe:/a:php:php:5.1.4 cpe:/a:php:php:5.1.5 cpe:/a:php:php:5.1.6 cpe:/a:php:php:5.2.0 cpe:/o:trustix:secure_linux:2.2 cpe:/o:trustix:secure_linux:3.0

CVE-2007-0905

2007-02-13T18:28:00.000-05:00

2018-10-30T12:25:35.747-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov OPENPKG OpenPKG-SA-2007.010 CONFIRM http://www.php.net/ChangeLog-5.php#5.2.1 CONFIRM http://www.php.net/releases/5_2_1.php BID 22496 TRUSTIX 2007-0009 VUPEN ADV-2007-0546 PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383.

CVE-2007-0906

2007-02-13T18:28:00.000-05:00

2018-10-30T12:25:35.747-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SGI 20070201-01-P SUSE SUSE-SA:2007:044 SUSE SUSE-SA:2007:020 REDHAT RHSA-2007:0089 GENTOO GLSA-200703-21 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm MANDRIVA MDKSA-2007:048 OPENPKG OpenPKG-SA-2007.010 CONFIRM http://www.php.net/ChangeLog-5.php#5.2.1 CONFIRM http://www.php.net/releases/5_2_1.php REDHAT RHSA-2007:0076 REDHAT RHSA-2007:0081 REDHAT RHSA-2007:0082 REDHAT RHSA-2007:0088 BUGTRAQ 20070227 rPSA-2007-0043-1 php php-mysql php-pgsql BUGTRAQ 20070418 rPSA-2007-0073-1 php php-mysql php-pgsql BID 22496 SECTRACK 1017671 TRUSTIX 2007-0009 UBUNTU USN-424-1 UBUNTU USN-424-2 DEBIAN DSA-1264 VUPEN ADV-2007-0546 CONFIRM https://issues.rpath.com/browse/RPL-1088 CONFIRM https://issues.rpath.com/browse/RPL-1268 Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. NOTE: vector 6 might actually be an integer overflow (CVE-2007-1885). NOTE: as of 20070411, vector (3) might involve the imap_mail_compose function (CVE-2007-1825).

CVE-2007-0907

2007-02-13T18:28:00.000-05:00

2018-10-30T12:25:35.747-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov SGI 20070201-01-P SUSE SUSE-SA:2007:020 REDHAT RHSA-2007:0089 GENTOO GLSA-200703-21 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm MANDRIVA MDKSA-2007:048 OPENPKG OpenPKG-SA-2007.010 CONFIRM http://www.php.net/ChangeLog-5.php#5.2.1 CONFIRM http://www.php.net/releases/5_2_1.php REDHAT RHSA-2007:0076 REDHAT RHSA-2007:0081 REDHAT RHSA-2007:0082 REDHAT RHSA-2007:0088 BUGTRAQ 20070227 rPSA-2007-0043-1 php php-mysql php-pgsql BID 22496 SECTRACK 1017671 TRUSTIX 2007-0009 UBUNTU USN-424-1 UBUNTU USN-424-2 DEBIAN DSA-1264 VUPEN ADV-2007-0546 CONFIRM https://issues.rpath.com/browse/RPL-1088 Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function.

cpe:/a:php:php:4.0 cpe:/a:php:php:4.0:beta1 cpe:/a:php:php:4.0:beta2 cpe:/a:php:php:4.0:beta3 cpe:/a:php:php:4.0:beta4 cpe:/a:php:php:4.0:beta_4_patch1 cpe:/a:php:php:4.0:rc1 cpe:/a:php:php:4.0:rc2 cpe:/a:php:php:4.0.0 cpe:/a:php:php:4.0.1 cpe:/a:php:php:4.0.1:- cpe:/a:php:php:4.0.1:rc cpe:/a:php:php:4.0.1:rc2 cpe:/a:php:php:4.0.2 cpe:/a:php:php:4.0.2:rc1 cpe:/a:php:php:4.0.3 cpe:/a:php:php:4.0.3:rc1 cpe:/a:php:php:4.0.3:rc2 cpe:/a:php:php:4.0.4 cpe:/a:php:php:4.0.4:- cpe:/a:php:php:4.0.4:rc1 cpe:/a:php:php:4.0.4:rc2 cpe:/a:php:php:4.0.4:rc3 cpe:/a:php:php:4.0.4:rc4 cpe:/a:php:php:4.0.4:rc5 cpe:/a:php:php:4.0.4:rc6 cpe:/a:php:php:4.0.5 cpe:/a:php:php:4.0.5:- cpe:/a:php:php:4.0.5:rc1 cpe:/a:php:php:4.0.5:rc2 cpe:/a:php:php:4.0.5:rc3 cpe:/a:php:php:4.0.5:rc4 cpe:/a:php:php:4.0.5:rc5 cpe:/a:php:php:4.0.5:rc6 cpe:/a:php:php:4.0.5:rc7 cpe:/a:php:php:4.0.5:rc8 cpe:/a:php:php:4.0.6 cpe:/a:php:php:4.0.6:- cpe:/a:php:php:4.0.6:rc1 cpe:/a:php:php:4.0.6:rc2 cpe:/a:php:php:4.0.6:rc3 cpe:/a:php:php:4.0.6:rc4 cpe:/a:php:php:4.0.7 cpe:/a:php:php:4.0.7:- cpe:/a:php:php:4.0.7:rc1 cpe:/a:php:php:4.0.7:rc2 cpe:/a:php:php:4.0.7:rc3 cpe:/a:php:php:4.1.0 cpe:/a:php:php:4.1.0:- cpe:/a:php:php:4.1.0:rc1 cpe:/a:php:php:4.1.0:rc2 cpe:/a:php:php:4.1.0:rc3 cpe:/a:php:php:4.1.0:rc4 cpe:/a:php:php:4.1.0:rc5 cpe:/a:php:php:4.1.1 cpe:/a:php:php:4.1.2 cpe:/a:php:php:4.1.3 cpe:/a:php:php:4.2 cpe:/a:php:php:4.2.0 cpe:/a:php:php:4.2.0:- cpe:/a:php:php:4.2.0:rc1 cpe:/a:php:php:4.2.0:rc2 cpe:/a:php:php:4.2.0:rc3 cpe:/a:php:php:4.2.0:rc4 cpe:/a:php:php:4.2.1 cpe:/a:php:php:4.2.1:- cpe:/a:php:php:4.2.1:rc1 cpe:/a:php:php:4.2.1:rc2 cpe:/a:php:php:4.2.2 cpe:/a:php:php:4.2.3 cpe:/a:php:php:4.2.3:- cpe:/a:php:php:4.2.3:rc1 cpe:/a:php:php:4.2.3:rc2 cpe:/a:php:php:4.2.4 cpe:/a:php:php:4.3 cpe:/a:php:php:4.3.0 cpe:/a:php:php:4.3.0:- cpe:/a:php:php:4.3.0:alpha1 cpe:/a:php:php:4.3.0:alpha2 cpe:/a:php:php:4.3.0:alpha3 cpe:/a:php:php:4.3.0:dev cpe:/a:php:php:4.3.0:pre1 cpe:/a:php:php:4.3.0:pre2 cpe:/a:php:php:4.3.0:rc1 cpe:/a:php:php:4.3.0:rc2 cpe:/a:php:php:4.3.0:rc3 cpe:/a:php:php:4.3.0:rc4 cpe:/a:php:php:4.3.1 cpe:/a:php:php:4.3.2 cpe:/a:php:php:4.3.2:- cpe:/a:php:php:4.3.2:rc1 cpe:/a:php:php:4.3.2:rc2 cpe:/a:php:php:4.3.2:rc3 cpe:/a:php:php:4.3.2:rc4 cpe:/a:php:php:4.3.3 cpe:/a:php:php:4.3.3:- cpe:/a:php:php:4.3.3:rc1 cpe:/a:php:php:4.3.3:rc2 cpe:/a:php:php:4.3.3:rc3 cpe:/a:php:php:4.3.3:rc4 cpe:/a:php:php:4.3.4 cpe:/a:php:php:4.3.4:- cpe:/a:php:php:4.3.4:rc1 cpe:/a:php:php:4.3.4:rc2 cpe:/a:php:php:4.3.4:rc3 cpe:/a:php:php:4.3.5 cpe:/a:php:php:4.3.5:- cpe:/a:php:php:4.3.5:rc1 cpe:/a:php:php:4.3.5:rc2 cpe:/a:php:php:4.3.5:rc3 cpe:/a:php:php:4.3.5:rc4 cpe:/a:php:php:4.3.6 cpe:/a:php:php:4.3.6:- cpe:/a:php:php:4.3.6:rc1 cpe:/a:php:php:4.3.6:rc2 cpe:/a:php:php:4.3.6:rc3 cpe:/a:php:php:4.3.7 cpe:/a:php:php:4.3.7:- cpe:/a:php:php:4.3.7:rc1 cpe:/a:php:php:4.3.8 cpe:/a:php:php:4.3.9 cpe:/a:php:php:4.3.9:rc1 cpe:/a:php:php:4.3.9:rc2 cpe:/a:php:php:4.3.9:rc3 cpe:/a:php:php:4.3.10 cpe:/a:php:php:4.3.10:- cpe:/a:php:php:4.3.10:rc1 cpe:/a:php:php:4.3.10:rc2 cpe:/a:php:php:4.3.11 cpe:/a:php:php:4.3.11:- cpe:/a:php:php:4.3.11:rc1 cpe:/a:php:php:4.3.11:rc2 cpe:/a:php:php:4.4.0 cpe:/a:php:php:4.4.0:- cpe:/a:php:php:4.4.0:rc1 cpe:/a:php:php:4.4.0:rc2 cpe:/a:php:php:4.4.1 cpe:/a:php:php:4.4.1:- cpe:/a:php:php:4.4.1:rc1 cpe:/a:php:php:4.4.2 cpe:/a:php:php:4.4.2:- cpe:/a:php:php:4.4.2:rc1 cpe:/a:php:php:4.4.2:rc2 cpe:/a:php:php:4.4.3 cpe:/a:php:php:4.4.3:- cpe:/a:php:php:4.4.3:rc1 cpe:/a:php:php:4.4.3:rc2 cpe:/a:php:php:4.4.4 cpe:/a:php:php:4.4.4:- cpe:/a:php:php:4.4.4:rc1 cpe:/a:php:php:5.0.0 cpe:/a:php:php:5.0.0:- cpe:/a:php:php:5.0.0:beta1 cpe:/a:php:php:5.0.0:beta2 cpe:/a:php:php:5.0.0:beta3 cpe:/a:php:php:5.0.0:beta4 cpe:/a:php:php:5.0.0:rc1 cpe:/a:php:php:5.0.0:rc2 cpe:/a:php:php:5.0.0:rc3 cpe:/a:php:php:5.0.1 cpe:/a:php:php:5.0.1:- cpe:/a:php:php:5.0.1:beta1 cpe:/a:php:php:5.0.1:rc1 cpe:/a:php:php:5.0.1:rc2 cpe:/a:php:php:5.0.2 cpe:/a:php:php:5.0.2:- cpe:/a:php:php:5.0.2:rc1 cpe:/a:php:php:5.0.3 cpe:/a:php:php:5.0.3:- cpe:/a:php:php:5.0.3:rc1 cpe:/a:php:php:5.0.3:rc2 cpe:/a:php:php:5.0.4 cpe:/a:php:php:5.0.4:- cpe:/a:php:php:5.0.4:rc1 cpe:/a:php:php:5.0.4:rc2 cpe:/a:php:php:5.0.5 cpe:/a:php:php:5.0.5:- cpe:/a:php:php:5.0.5:rc1 cpe:/a:php:php:5.0.5:rc2 cpe:/a:php:php:5.1 cpe:/a:php:php:5.1.0 cpe:/a:php:php:5.1.0:- cpe:/a:php:php:5.1.0:beta1 cpe:/a:php:php:5.1.0:beta2 cpe:/a:php:php:5.1.0:beta3 cpe:/a:php:php:5.1.0:rc1 cpe:/a:php:php:5.1.0:rc2 cpe:/a:php:php:5.1.0:rc2-pre cpe:/a:php:php:5.1.0:rc3 cpe:/a:php:php:5.1.0:rc4 cpe:/a:php:php:5.1.0:rc5 cpe:/a:php:php:5.1.0:rc6 cpe:/a:php:php:5.1.1 cpe:/a:php:php:5.1.2 cpe:/a:php:php:5.1.2:- cpe:/a:php:php:5.1.2:rc1 cpe:/a:php:php:5.1.2:rc2 cpe:/a:php:php:5.1.3 cpe:/a:php:php:5.1.3:rc1 cpe:/a:php:php:5.1.3:rc2 cpe:/a:php:php:5.1.3:rc3 cpe:/a:php:php:5.1.4 cpe:/a:php:php:5.1.5 cpe:/a:php:php:5.1.5:- cpe:/a:php:php:5.1.5:rc1 cpe:/a:php:php:5.1.6 cpe:/a:php:php:5.2.0 cpe:/a:php:php:5.2.0:rc1 cpe:/a:php:php:5.2.0:rc2 cpe:/a:php:php:5.2.0:rc3 cpe:/a:php:php:5.2.0:rc4 cpe:/a:php:php:5.2.0:rc5 cpe:/a:php:php:5.2.0:rc6 cpe:/o:canonical:ubuntu_linux:5.10 cpe:/o:canonical:ubuntu_linux:6.06::~~lts~~~ cpe:/o:canonical:ubuntu_linux:6.10

CVE-2007-0908

2007-02-13T18:28:00.000-05:00

2018-10-30T12:26:21.043-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2018-10-18T09:12:29.887-04:00

SGI 20070201-01-P SUSE SUSE-SA:2007:020 REDHAT RHSA-2007:0089 GENTOO GLSA-200703-21 SREASON 2321 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm MANDRIVA MDKSA-2007:048 OPENPKG OpenPKG-SA-2007.010 CONFIRM http://www.php.net/ChangeLog-5.php#5.2.1 CONFIRM http://www.php.net/releases/5_2_1.php MISC http://www.php-security.org/MOPB/MOPB-11-2007.html REDHAT RHSA-2007:0076 REDHAT RHSA-2007:0081 REDHAT RHSA-2007:0082 REDHAT RHSA-2007:0088 BUGTRAQ 20070227 rPSA-2007-0043-1 php php-mysql php-pgsql BID 22496 BID 22806 SECTRACK 1017671 TRUSTIX 2007-0009 UBUNTU USN-424-1 UBUNTU USN-424-2 DEBIAN DSA-1264 VUPEN ADV-2007-0546 XF php-wddx-information-disclosure(32493) CONFIRM https://issues.rpath.com/browse/RPL-1088 The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable.

CVE-2007-0909

2007-02-13T18:28:00.000-05:00

2018-10-30T12:25:35.747-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SGI 20070201-01-P SUSE SUSE-SA:2007:020 REDHAT RHSA-2007:0089 GENTOO GLSA-200703-21 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm MANDRIVA MDKSA-2007:048 OPENPKG OpenPKG-SA-2007.010 CONFIRM http://www.php.net/ChangeLog-5.php#5.2.1 CONFIRM http://www.php.net/releases/5_2_1.php REDHAT RHSA-2007:0076 REDHAT RHSA-2007:0081 REDHAT RHSA-2007:0082 REDHAT RHSA-2007:0088 BUGTRAQ 20070227 rPSA-2007-0043-1 php php-mysql php-pgsql BID 22496 SECTRACK 1017671 TRUSTIX 2007-0009 UBUNTU USN-424-1 UBUNTU USN-424-2 DEBIAN DSA-1264 VUPEN ADV-2007-0546 CONFIRM https://issues.rpath.com/browse/RPL-1088 Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function.

CVE-2007-0910

2007-02-13T18:28:00.000-05:00

2018-10-30T12:25:35.747-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SGI 20070201-01-P SUSE SUSE-SA:2007:020 REDHAT RHSA-2007:0089 GENTOO GLSA-200703-21 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm MANDRIVA MDKSA-2007:048 OPENPKG OpenPKG-SA-2007.010 CONFIRM http://www.php.net/ChangeLog-5.php#5.2.1 CONFIRM http://www.php.net/releases/5_2_1.php REDHAT RHSA-2007:0076 REDHAT RHSA-2007:0081 REDHAT RHSA-2007:0082 REDHAT RHSA-2007:0088 BUGTRAQ 20070227 rPSA-2007-0043-1 php php-mysql php-pgsql BUGTRAQ 20070418 rPSA-2007-0073-1 php php-mysql php-pgsql BID 22496 SECTRACK 1017671 TRUSTIX 2007-0009 UBUNTU USN-424-1 UBUNTU USN-424-2 DEBIAN DSA-1264 VUPEN ADV-2007-0546 CONFIRM https://issues.rpath.com/browse/RPL-1088 CONFIRM https://issues.rpath.com/browse/RPL-1268 Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors.

cpe:/a:php:php:5.2.1

CVE-2007-0911

2007-02-13T18:28:00.000-05:00

2018-10-16T12:35:29.280-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov MISC http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.36&r2=1.445.2.14.2.37 SUSE SUSE-SA:2007:020 MLIST [php-dev] 20070209 PHP 5.2.1 crashing Apache/IIS... MLIST [php-dev] 20070210 Re: PHP 5.2.1 crashing Apache/IIS... GENTOO GLSA-200703-21 BUGTRAQ 20070209 PHP 5.2.1 crash bug BID 22505 Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash).

cpe:/a:jportal:jportal_web_server:2.3.1

CVE-2007-0912

2007-02-13T18:28:00.000-05:00

2018-10-16T12:35:29.717-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SREASON 2239 BUGTRAQ 20070211 Jportal 2.3.1 CSRF vulnerability XF jportal-admin-csrf(32458) Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php in Jportal 2.3.1, and possibly earlier, allows remote attackers to perform privileged actions as administrators by tricking the admin into accessing a URL with modified arguments to admin/admin.adm.php.

cpe:/a:microsoft:powerpoint

CVE-2007-0913

2007-02-13T20:28:00.000-05:00

2008-11-15T01:42:28.610-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

MISC http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2007-021312-5133-99&tabid=2 Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues.

cpe:/o:sun:solaris:10.0::sparc

CVE-2007-0914

2007-02-13T21:28:00.000-05:00

2017-10-10T21:31:40.707-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov SUNALERT 102796 BID 22550 SECTRACK 1017649 VUPEN ADV-2007-0588 XF solaris-tcp-race-condition-dos(32484) Race condition in the TCP subsystem for Solaris 10 allows remote attackers to cause a denial of service (system panic) via unknown vectors.

cpe:/o:hp:hp-ux:11.11

CVE-2007-0915

2007-02-13T21:28:00.000-05:00

2017-07-28T21:30:30.093-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

IDEFENSE 20070213 Hewlett-Packard HP-UX SLSd Arbitrary File Creation Vulnerability BID 22551 SECTRACK 1017630 VUPEN ADV-2007-0590 HP HPSBUX02191 XF hpux-slsd-privilege-escalation(32471) Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers to overwrite arbitrary files and gain privileges via a crafted RPC request.

cpe:/o:hp:hp-ux:11.11 cpe:/o:hp:hp-ux:11.23

CVE-2007-0916

2007-02-13T21:28:00.000-05:00

2017-10-10T21:31:40.767-04:00

4.9

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 22546 SECTRACK 1017629 VUPEN ADV-2007-0596 HP HPSBUX02192 XF hpux-arpa-dos(32468) Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.

cpe:/o:cisco:ios:12.3t cpe:/o:cisco:ios:12.3xq cpe:/o:cisco:ios:12.3xr cpe:/o:cisco:ios:12.3xs cpe:/o:cisco:ios:12.3xw cpe:/o:cisco:ios:12.3xx cpe:/o:cisco:ios:12.3xy cpe:/o:cisco:ios:12.3ya cpe:/o:cisco:ios:12.3yd cpe:/o:cisco:ios:12.3yg cpe:/o:cisco:ios:12.3yh cpe:/o:cisco:ios:12.3yi cpe:/o:cisco:ios:12.3yj cpe:/o:cisco:ios:12.3yk cpe:/o:cisco:ios:12.3ym cpe:/o:cisco:ios:12.3yq cpe:/o:cisco:ios:12.3ys cpe:/o:cisco:ios:12.3yt cpe:/o:cisco:ios:12.3yx cpe:/o:cisco:ios:12.3yz cpe:/o:cisco:ios:12.4 cpe:/o:cisco:ios:12.4mr cpe:/o:cisco:ios:12.4t cpe:/o:cisco:ios:12.4xa cpe:/o:cisco:ios:12.4xb

CVE-2007-0917

2007-02-13T21:28:00.000-05:00

2017-10-10T21:31:40.830-04:00

6.4

NETWORK

LOW

NONE

PARTIAL

NONE

cpe:/h:cisco:ios:12.3xq cpe:/h:cisco:ios:12.3xr cpe:/h:cisco:ios:12.3xs cpe:/h:cisco:ios:12.3xw cpe:/h:cisco:ios:12.3xx cpe:/h:cisco:ios:12.3xy cpe:/h:cisco:ios:12.3ya cpe:/h:cisco:ios:12.3yd cpe:/h:cisco:ios:12.3yg cpe:/h:cisco:ios:12.3yh cpe:/h:cisco:ios:12.3yj cpe:/h:cisco:ios:12.3yk cpe:/h:cisco:ios:12.3ym cpe:/h:cisco:ios:12.3yq cpe:/h:cisco:ios:12.3ys cpe:/h:cisco:ios:12.3yt cpe:/h:cisco:ios:12.3yx cpe:/h:cisco:ios:12.3yz cpe:/h:cisco:ios:12.4 cpe:/h:cisco:ios:12.4mr cpe:/h:cisco:ios:12.4t cpe:/h:cisco:ios:12.4xa cpe:/h:cisco:ios:12.4xb cpe:/o:cisco:ios:12.3t cpe:/o:cisco:ios:12.3yi

CVE-2007-0918

2007-02-13T21:28:00.000-05:00

2018-10-30T12:25:57.183-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CISCO 20070213 Multiple IOS IPS Vulnerabilities MISC http://www.cisco.com/en/US/products/products_security_response09186a00807e0a5e.html BID 22549 SECTRACK 1017631 VUPEN ADV-2007-0597 XF cisco-ios-ips-dos(32474) The ATOMIC.TCP signature engine in the Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service (IPS crash and traffic loss) via unspecified manipulations that are not properly handled by the regular expression feature, as demonstrated using the 3123.0 (Netbus Pro Traffic) signature.

cpe:/a:nickolas_grigoriadis:mini_web_server:0.0.6

CVE-2007-0919

2007-02-14T06:28:00.000-05:00

2018-10-16T12:35:29.907-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

NONE

http://nvd.nist.gov VIM 20060213 Verified: dot in Miniwebsvr 0.0.6 SREASON 2248 BUGTRAQ 20070211 Miniwebsvr 0.0.6 - Directory traversal BID 22523 XF miniwebsvr-unspecified-directory-traversal(32451) Directory traversal vulnerability in Nickolas Grigoriadis Mini Web server (MiniWebsvr) 0.0.6 allows remote attackers to list the directory immediately above the web root via a ..%00 sequence in the URI.

cpe:/a:philboard:philboard:1.14

CVE-2007-0920

2007-02-14T06:28:00.000-05:00

2017-10-18T21:30:06.333-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22532 VUPEN ADV-2007-0600 XF philboard-philboardforum-sql-injection(32442) EXPLOIT-DB 3295 SQL injection vulnerability in philboard_forum.asp in Philboard 1.14 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter.

cpe:/a:radical_technologies:portal_search

CVE-2007-0921

2007-02-14T06:28:00.000-05:00

2018-10-16T12:35:30.157-04:00

9.4

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov SREASON 2247 BUGTRAQ 20070212 Radical Technologies - Portal Search- multiple XSS issue BID 22533 XF portalsearch-frame-url-spoofing(32460) Portal Search allows remote attackers to redirect a URL to an arbitrary web site by placing the URL in the query string to the top-level URI.

cpe:/a:radical_technologies:portal_search

CVE-2007-0922

2007-02-14T06:28:00.000-05:00

2018-10-16T12:35:30.373-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2247 BUGTRAQ 20070212 Radical Technologies - Portal Search- multiple XSS issue BID 22533 Cross-site scripting (XSS) vulnerability in buscador/buscador.htm in Portal Search allows remote attackers to inject arbitrary web script or HTML via the query string.

cpe:/a:radical_technologies:portal_search

CVE-2007-0923

2007-02-14T06:28:00.000-05:00

2018-10-16T12:35:30.530-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

NONE

http://nvd.nist.gov SREASON 2247 BUGTRAQ 20070212 Radical Technologies - Portal Search- multiple XSS issue BID 22533 XF portalsearch-buscador-info-disclosure(32452) buscador/buscador.htm in Portal Search allows remote attackers to obtain sensitive information (business logic) via a query string composed of a search for certain characters.

cpe:/a:till_gerken:phppolls:1.0.3

CVE-2007-0924

2007-02-14T06:28:00.000-05:00

2018-10-16T12:35:30.750-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2242 BUGTRAQ 20070211 phpPolls 1.0.3 (acces to sensitive file) BID 22522 Till Gerken phpPolls 1.0.3 allows remote attackers to bypass authentication and perform certain administrative actions via a direct request to phpPollAdmin.php3. NOTE: this issue might subsume CVE-2006-3764.

cpe:/a:communityserver.org:community_server

CVE-2007-0925

2007-02-14T06:28:00.000-05:00

2018-10-16T12:35:30.907-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2241 BUGTRAQ 20070209 XSS in communityserver ! BID 22529 XF communityserver-searchresults-xss(32444) Cross-site scripting (XSS) vulnerability in search/SearchResults.aspx in Community Server allows remote attackers to inject arbitrary web script or HTML via the q parameter.

cpe:/a:kvguestbook:kvguestbook:1.0_beta

CVE-2007-0926

2007-02-14T06:28:00.000-05:00

2018-10-16T12:35:31.123-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2246 BUGTRAQ 20070211 KvGuestbook Remote Add Admin Exploit The dologin function in guestbook.php in KvGuestbook 1.0 Beta allows remote attackers to gain administrative privileges, probably via modified $mysql['pass'] and $gbpass variables.

cpe:/a:utorrent:utorrent:1.6

CVE-2007-0927

2007-02-14T06:28:00.000-05:00

2018-10-16T12:35:31.250-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070216 utorrent issue? BID 22530 SECTRACK 1017648 VUPEN ADV-2007-0571 XF utorrent-torrent-bo(32455) EXPLOIT-DB 3296 Heap-based buffer overflow in uTorrent 1.6 allows remote attackers to execute arbitrary code via a torrent file with a crafted announce header.

cpe:/a:virtual_calendar:virtual_calendar

CVE-2007-0928

2007-02-14T06:28:00.000-05:00

2018-10-16T12:35:31.857-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2240 BUGTRAQ 20070210 Virtual Calendar <= (pwd.txt) Remote Password Disclosur Vulnerability XF virtualcalendar-pwd-information-disclosure(32446) Virtual Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an encoded password via a direct request for pwd.txt.

cpe:/a:guillaume_fontaine:php_rrd_browser:0.2.0

CVE-2007-0929

2007-02-14T06:28:00.000-05:00

2018-10-16T12:35:32.107-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov VIM 20070213 true: [Full-disclosure] Arbitrary file disclosure vulnerability in php rrd browser < 0.2.1 (prb) SREASON 2245 CONFIRM http://sourceforge.net/project/shownotes.php?group_id=176562&release_id=485414 BUGTRAQ 20070211 Arbitrary file disclosure vulnerability in php rrd browser < 0.2.1 (prb) XF prb-p-directory-traversal(32425) Directory traversal vulnerability in php rrd browser before 0.2.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter.

cpe:/a:apache_stats:apache_stats:0.0.1_beta cpe:/a:apache_stats:apache_stats:0.0.2_beta

CVE-2007-0930

2007-02-14T06:28:00.000-05:00

2011-03-07T21:50:58.970-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://sourceforge.net/forum/forum.php?forum_id=660919 BID 22388 VUPEN ADV-2007-0559 Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.

cpe:/h:alcatel-lucent:omniaccess_wireless:43xx cpe:/h:alcatel-lucent:omniaccess_wireless:6000 cpe:/h:aruba:mobility_controller:200 cpe:/h:aruba:mobility_controller:800 cpe:/h:aruba:mobility_controller:2400 cpe:/h:aruba:mobility_controller:6000

CVE-2007-0931

2007-02-14T06:28:00.000-05:00

2018-10-16T12:35:32.390-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

FULLDISC 20070213 Aruba Mobility Controller Management Buffer Overflow SREASON 2244 CERT-VN VU#319913 BUGTRAQ 20070213 Aruba Mobility Controller Management Buffer Overflow BID 22538 XF aruba-management-interface-bo(32459) Heap-based buffer overflow in the management interfaces in (1) Aruba Mobility Controllers 200, 800, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via long credential strings.

CVE-2007-0932

2007-02-14T06:28:00.000-05:00

2018-10-16T12:35:32.857-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

FULLDISC 20070213 Aruba Networks - Unauthorized Administrative and WLAN Access through Guest Account SREASON 2243 CERT-VN VU#613833 BUGTRAQ 20070213 Aruba Networks - Unauthorized Administrative and WLAN Access through Guest Account BID 22538 XF aruba-guestaccount-privilege-escalation(32461) The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 do not properly implement authentication and privilege assignment for the guest account, which allows remote attackers to access administrative interfaces or the WLAN.

cpe:/o:microsoft:windows_xp

CVE-2007-0933

2007-06-05T17:30:00.000-04:00

2017-07-28T21:30:30.860-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov MISC http://www.blackhat.com/presentations/bh-europe-07/Butti/Presentation/bh-eu-07-Butti.pdf BID 24438 XF dlink-tim-information-bo(34831) Buffer overflow in the wireless driver 6.0.0.18 for D-Link DWL-G650+ (Rev. A1) on Windows XP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a beacon frame with a long TIM Information Element.

cpe:/a:microsoft:visio:2002

CVE-2007-0934

2007-06-12T15:30:00.000-04:00

2018-10-16T12:35:33.407-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

HP SSRT071438 BID 24349 SECTRACK 1018227 CERT TA07-163A VUPEN ADV-2007-2150 MS MS07-030 XF visio-version-code-execution(34607) Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption.

CVE-2007-0935

2017-05-11T10:29:05.603-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none.

cpe:/a:microsoft:office:2003 cpe:/a:microsoft:visio:2002:sp2

CVE-2007-0936

2007-06-12T15:30:00.000-04:00

2018-10-16T12:35:34.140-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

HP SSRT071438 BID 24384 SECTRACK 1018227 CERT TA07-163A VUPEN ADV-2007-2150 MS MS07-030 Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability."

CVE-2007-0937

2017-05-11T10:29:05.637-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none.

cpe:/a:microsoft:content_management_server:2001:sp1 cpe:/a:microsoft:content_management_server:2002:sp2

CVE-2007-0938

2007-04-10T17:19:00.000-04:00

2018-10-16T12:35:34.797-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CERT-VN VU#434137 HP HPSBST02208 BID 22861 SECTRACK 1017894 VUPEN ADV-2007-1322 MS MS07-018 XF mcms-http-get-code-execution(32736) Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability."

cpe:/a:microsoft:content_management_server:2001:sp1 cpe:/a:microsoft:content_management_server:2002:sp2

CVE-2007-0939

2007-04-10T17:19:00.000-04:00

2018-10-16T12:35:35.607-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov HP HPSBST02208 BID 22860 SECTRACK 1017894 VUPEN ADV-2007-1322 MS MS07-018 Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability."

cpe:/a:microsoft:biztalk_server:2004:sp1 cpe:/a:microsoft:biztalk_server:2004:sp2 cpe:/a:microsoft:capicom

CVE-2007-0940

2007-05-08T19:19:00.000-04:00

2018-10-16T12:35:36.250-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CERT-VN VU#866305 HP HPSBST02214 BID 23782 SECTRACK 1018016 SECTRACK 1018017 CERT TA07-128A VUPEN ADV-2007-1713 MS MS07-028 XF ms-capicom-code-execution(32739) Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."

CVE-2007-0941

2017-05-11T10:29:05.667-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none.

cpe:/a:microsoft:ie:5.0.1:sp4 cpe:/a:microsoft:ie:6.0 cpe:/a:microsoft:ie:6.0:sp1 cpe:/a:microsoft:ie:7.0

CVE-2007-0942

2007-05-08T19:19:00.000-04:00

2018-10-16T12:35:37.280-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

HP HPSBST02214 SECTRACK 1018019 CERT TA07-128A VUPEN ADV-2007-1712 MS MS07-027 XF ie-chtskdic-com-code-execution(33252) Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll.

cpe:/a:microsoft:ie:5.01 cpe:/a:microsoft:ie:6.0:sp1

CVE-2007-0943

2007-08-14T17:17:00.000-04:00

2018-10-12T17:42:55.313-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

SECTRACK 1018562 MISC http://www.nsfocus.com/english/homepage/research/0701.htm BID 25288 CERT TA07-226A VUPEN ADV-2007-2869 MS MS07-045 Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets (CSS) strings that trigger memory corruption during parsing, related to use of out-of-bounds pointers.

cpe:/a:microsoft:ie:5.01:sp4 cpe:/a:microsoft:ie:6.0:sp1

CVE-2007-0944

2007-05-08T19:19:00.000-04:00

2018-10-16T12:35:38.297-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

BUGTRAQ 20070508 ZDI-07-027: Microsoft Internet Explorer Table Column Deletion Memory Corruption Vulnerability HP HPSBST02214 BID 23771 SECTRACK 1018019 CERT TA07-128A VUPEN ADV-2007-1712 MISC http://www.zerodayinitiative.com/advisories/ZDI-07-027.html MS MS07-027 XF ie-object-array-code-execution(33253) Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the "Uninitialized Memory Corruption Vulnerability."

cpe:/a:microsoft:ie:6:sp1 cpe:/a:microsoft:ie:6.0 cpe:/a:microsoft:ie:7.0

CVE-2007-0945

2007-05-08T19:19:00.000-04:00

2018-10-16T12:35:39.797-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

HP HPSBST02214 BID 23769 SECTRACK 1018019 CERT TA07-128A VUPEN ADV-2007-1712 MS MS07-027 Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and 7 on Windows Vista allows remote attackers to execute arbitrary code via certain property methods that may trigger memory corruption, aka "Property Memory Corruption Vulnerability."

cpe:/a:microsoft:ie:7.0

CVE-2007-0946

2007-05-08T19:19:00.000-04:00

2018-10-16T12:35:40.623-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

HP HPSBST02214 BID 23770 SECTRACK 1018019 CERT TA07-128A VUPEN ADV-2007-1712 MS MS07-027 XF ie-html-memory-code-execution(33255) Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947.

cpe:/a:microsoft:ie:6 cpe:/a:microsoft:ie:7.0

CVE-2007-0947

2007-05-08T19:19:00.000-04:00

2018-10-16T12:35:41.390-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

HP HPSBST02214 BID 23772 SECTRACK 1018019 CERT TA07-128A VUPEN ADV-2007-1712 MS MS07-027 XF ie-html-memory-code-execution-variant(33256) Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946.

cpe:/a:microsoft:virtual_pc:6.1::mac cpe:/a:microsoft:virtual_pc:7::mac cpe:/a:microsoft:virtual_pc:2004 cpe:/a:microsoft:virtual_server:2005 cpe:/a:microsoft:virtual_server:2005:r2

CVE-2007-0948

2007-08-14T18:17:00.000-04:00

2018-10-12T17:43:01.893-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

BID 25298 SECTRACK 1018567 CERT TA07-226A VUPEN ADV-2007-2873 MS MS07-049 Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components."

cpe:/a:itinysoft_studio:total_video_player:1.03

CVE-2007-0949

2007-02-14T21:28:00.000-05:00

2017-10-10T21:31:41.797-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

BID 22553 XF totalvideoplayer-m3u-bo(32479) EXPLOIT-DB 5032 EXPLOIT-DB 5077 Stack-based buffer overflow in iTinySoft Studio Total Video Player 1.03, and possibly earlier, allows remote attackers to execute arbitrary code via a M3U playlist file that contains a long file name. NOTE: it was later reported that 1.20 and 1.30 are also affected.

cpe:/a:fullaspsite:asp_hosting_site

CVE-2007-0950

2007-02-14T21:28:00.000-05:00

2018-10-16T12:35:42.297-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov SREASON 2250 BUGTRAQ 20070213 Fullaspsite Shop (tr) Xss & SqL İnj. VulnZ. BID 22545 XF fullaspsite-listmain-xss(32469) Cross-site scripting (XSS) vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

cpe:/a:fullaspsite:asp_hosting_site

CVE-2007-0951

2007-02-14T21:28:00.000-05:00

2018-10-16T12:35:42.560-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2250 BUGTRAQ 20070213 Fullaspsite Shop (tr) Xss & SqL İnj. VulnZ. BID 22545 XF fullaspsite-listmain-sql-injection(32470) SQL injection vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to execute arbitrary SQL commands via the cat parameter.

cpe:/a:scriptsez.net:virtual_calendar

CVE-2007-0952

2007-02-14T21:28:00.000-05:00

2017-07-28T21:30:31.547-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22536 XF virtualcalendar-unspecified-xss(32448) Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net Virtual Calendar allow remote attackers to inject arbitrary web script or HTML via the (1) t and (2) yr parameters, and the (3) sho parameter when the m parameter is outside the intended range.

cpe:/a:atmail:atmail_webmail:4.3::windows cpe:/a:atmail:atmail_webmail:4.6 cpe:/a:atmail:atmail_webmail:4.11::freebsd cpe:/a:atmail:atmail_webmail:4.11::hp-ux cpe:/a:atmail:atmail_webmail:4.11::linux cpe:/a:atmail:atmail_webmail:4.11::mac_os_x cpe:/a:atmail:atmail_webmail:4.11::solaris cpe:/a:atmail:atmail_webmail:4.51 cpe:/a:atmail:atmail_webmail:4.61

CVE-2007-0953

2007-02-14T21:28:00.000-05:00

2017-07-28T21:30:31.593-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://kb.atmail.com/?p=410 MISC http://lostmon.blogspot.com/2007/02/mail-searchpl-keywords-variable-cross.html BID 22552 VUPEN ADV-2007-0603 XF @mail-search-xss(32483) Cross-site scripting (XSS) vulnerability in search.pl in @Mail 4.61 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.

cpe:/a:mohachat:moha_chat:0.1b7

CVE-2007-0954

2007-02-14T21:28:00.000-05:00

2011-03-07T21:51:01.783-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://mohachat.sourceforge.net/download/release_notes/#0.1b8 VUPEN ADV-2007-0599 MOHA Chat 0.1b7 and earlier does not require authentication for use of the plug in API, which has unknown impact and attack vectors.

cpe:/a:mailenable:mailenable:2.35::~~professional~~~

CVE-2007-0955

2007-02-14T21:28:00.000-05:00

2019-10-02T16:13:21.207-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2019-10-01T12:33:51.887-04:00

FULLDISC 20070214 MailEnable DoS POC FULLDISC 20070214 MailEnable DoS POC-2 FULLDISC 20071214 MailEnable DoS POC SREASON 2249 VUPEN ADV-2007-0614 XF mailenable-ntlm-dos(32482) The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable Professional 2.35 and earlier allows remote attackers to cause a denial of service (application crash) via certain base64-encoded data following an AUTHENTICATE NTLM command to the imap port (143/tcp), which results in an out-of-bounds read.

cpe:/a:mit:kerberos:5-1.6 cpe:/o:debian:debian_linux:3.1 cpe:/o:debian:debian_linux:4.0 cpe:/o:rpath:linux:1

CVE-2007-0956

2007-04-05T21:19:00.000-04:00

2018-10-16T12:35:42.843-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SGI 20070401-01-P SUSE SUSE-SA:2007:025 GENTOO GLSA-200704-02 SUNALERT 102867 CONFIRM http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-001-telnetd.txt DEBIAN DSA-1276 CERT-VN VU#220816 MANDRIVA MDKSA-2007:077 REDHAT RHSA-2007:0095 BUGTRAQ 20070403 MITKRB5-SA-2007-001: telnetd allows login as arbitrary user [CVE-2007-0956] BUGTRAQ 20070404 rPSA-2007-0063-1 krb5 krb5-server krb5-services krb5-test krb5-workstation BUGTRAQ 20070405 FLEA-2007-0008-1: krb5 BID 23281 SECTRACK 1017848 UBUNTU USN-449-1 CERT TA07-093B VUPEN ADV-2007-1218 VUPEN ADV-2007-1249 XF kerberos-telnet-security-bypass(33414) The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.

cpe:/a:mit:kerberos:5-1.6

CVE-2007-0957

2007-04-05T21:19:00.000-04:00

2018-10-16T12:35:45.140-04:00

9.0

NETWORK

LOW

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SGI 20070401-01-P CONFIRM http://docs.info.apple.com/article.html?artnum=305391 APPLE APPLE-SA-2007-04-19 SUSE SUSE-SA:2007:025 GENTOO GLSA-200704-02 SUNALERT 102930 CONFIRM http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-002-syslog.txt DEBIAN DSA-1276 CERT-VN VU#704024 MANDRIVA MDKSA-2007:077 REDHAT RHSA-2007:0095 BUGTRAQ 20070403 MITKRB5-SA-2007-002: KDC, kadmind stack overflow in krb5_klog_syslog [CVE-2007-0957] BUGTRAQ 20070404 rPSA-2007-0063-1 krb5 krb5-server krb5-services krb5-test krb5-workstation BUGTRAQ 20070405 FLEA-2007-0008-1: krb5 BID 23285 SECTRACK 1017849 UBUNTU USN-449-1 CERT TA07-093B CERT TA07-109A VUPEN ADV-2007-1218 VUPEN ADV-2007-1250 VUPEN ADV-2007-1470 VUPEN ADV-2007-1983 XF kerberos-krb5klogsyslog-bo(33411) Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.

cpe:/o:linux:linux_kernel:2.6.0 cpe:/o:linux:linux_kernel:2.6.1 cpe:/o:linux:linux_kernel:2.6.2 cpe:/o:linux:linux_kernel:2.6.3 cpe:/o:linux:linux_kernel:2.6.4 cpe:/o:linux:linux_kernel:2.6.5 cpe:/o:linux:linux_kernel:2.6.6 cpe:/o:linux:linux_kernel:2.6.7 cpe:/o:linux:linux_kernel:2.6.8 cpe:/o:linux:linux_kernel:2.6.8.1 cpe:/o:linux:linux_kernel:2.6.9:2.6.20 cpe:/o:linux:linux_kernel:2.6.10 cpe:/o:linux:linux_kernel:2.6.11 cpe:/o:linux:linux_kernel:2.6.11.1 cpe:/o:linux:linux_kernel:2.6.11.2 cpe:/o:linux:linux_kernel:2.6.11.3 cpe:/o:linux:linux_kernel:2.6.11.4 cpe:/o:linux:linux_kernel:2.6.11.5 cpe:/o:linux:linux_kernel:2.6.11.6 cpe:/o:linux:linux_kernel:2.6.11.7 cpe:/o:linux:linux_kernel:2.6.11.8 cpe:/o:linux:linux_kernel:2.6.11.9 cpe:/o:linux:linux_kernel:2.6.11.10 cpe:/o:linux:linux_kernel:2.6.11.11 cpe:/o:linux:linux_kernel:2.6.11.12 cpe:/o:linux:linux_kernel:2.6.12 cpe:/o:linux:linux_kernel:2.6.12.1 cpe:/o:linux:linux_kernel:2.6.12.2 cpe:/o:linux:linux_kernel:2.6.12.3 cpe:/o:linux:linux_kernel:2.6.12.4 cpe:/o:linux:linux_kernel:2.6.12.5 cpe:/o:linux:linux_kernel:2.6.12.6 cpe:/o:linux:linux_kernel:2.6.13 cpe:/o:linux:linux_kernel:2.6.13.1 cpe:/o:linux:linux_kernel:2.6.13.2 cpe:/o:linux:linux_kernel:2.6.13.3 cpe:/o:linux:linux_kernel:2.6.13.4 cpe:/o:linux:linux_kernel:2.6.13.5 cpe:/o:linux:linux_kernel:2.6.14 cpe:/o:linux:linux_kernel:2.6.14.1 cpe:/o:linux:linux_kernel:2.6.14.2 cpe:/o:linux:linux_kernel:2.6.14.3 cpe:/o:linux:linux_kernel:2.6.14.4 cpe:/o:linux:linux_kernel:2.6.14.5 cpe:/o:linux:linux_kernel:2.6.14.6 cpe:/o:linux:linux_kernel:2.6.14.7 cpe:/o:linux:linux_kernel:2.6.15 cpe:/o:linux:linux_kernel:2.6.15.1 cpe:/o:linux:linux_kernel:2.6.15.2 cpe:/o:linux:linux_kernel:2.6.15.3 cpe:/o:linux:linux_kernel:2.6.15.4 cpe:/o:linux:linux_kernel:2.6.15.5 cpe:/o:linux:linux_kernel:2.6.15.6 cpe:/o:linux:linux_kernel:2.6.15.7 cpe:/o:linux:linux_kernel:2.6.16 cpe:/o:linux:linux_kernel:2.6.16.1 cpe:/o:linux:linux_kernel:2.6.16.2 cpe:/o:linux:linux_kernel:2.6.16.3 cpe:/o:linux:linux_kernel:2.6.16.4 cpe:/o:linux:linux_kernel:2.6.16.5 cpe:/o:linux:linux_kernel:2.6.16.6 cpe:/o:linux:linux_kernel:2.6.16.7 cpe:/o:linux:linux_kernel:2.6.16.8 cpe:/o:linux:linux_kernel:2.6.16.9 cpe:/o:linux:linux_kernel:2.6.16.10 cpe:/o:linux:linux_kernel:2.6.16.11 cpe:/o:linux:linux_kernel:2.6.16.12 cpe:/o:linux:linux_kernel:2.6.16.13 cpe:/o:linux:linux_kernel:2.6.16.14 cpe:/o:linux:linux_kernel:2.6.16.15 cpe:/o:linux:linux_kernel:2.6.16.16 cpe:/o:linux:linux_kernel:2.6.16.17 cpe:/o:linux:linux_kernel:2.6.16.18 cpe:/o:linux:linux_kernel:2.6.16.19 cpe:/o:linux:linux_kernel:2.6.16.20 cpe:/o:linux:linux_kernel:2.6.16.21 cpe:/o:linux:linux_kernel:2.6.16.22 cpe:/o:linux:linux_kernel:2.6.16.23 cpe:/o:linux:linux_kernel:2.6.16.24 cpe:/o:linux:linux_kernel:2.6.16.25 cpe:/o:linux:linux_kernel:2.6.16.26 cpe:/o:linux:linux_kernel:2.6.16.27 cpe:/o:linux:linux_kernel:2.6.16.28 cpe:/o:linux:linux_kernel:2.6.16.29 cpe:/o:linux:linux_kernel:2.6.16.30 cpe:/o:linux:linux_kernel:2.6.16.31 cpe:/o:linux:linux_kernel:2.6.16.32 cpe:/o:linux:linux_kernel:2.6.16.33 cpe:/o:linux:linux_kernel:2.6.16.34 cpe:/o:linux:linux_kernel:2.6.16.35 cpe:/o:linux:linux_kernel:2.6.16.36 cpe:/o:linux:linux_kernel:2.6.16.37 cpe:/o:linux:linux_kernel:2.6.16.38 cpe:/o:linux:linux_kernel:2.6.16.39 cpe:/o:linux:linux_kernel:2.6.16.40 cpe:/o:linux:linux_kernel:2.6.16.41 cpe:/o:linux:linux_kernel:2.6.17 cpe:/o:linux:linux_kernel:2.6.17.1 cpe:/o:linux:linux_kernel:2.6.17.2 cpe:/o:linux:linux_kernel:2.6.17.3 cpe:/o:linux:linux_kernel:2.6.17.4 cpe:/o:linux:linux_kernel:2.6.17.5 cpe:/o:linux:linux_kernel:2.6.17.6 cpe:/o:linux:linux_kernel:2.6.17.7 cpe:/o:linux:linux_kernel:2.6.17.8 cpe:/o:linux:linux_kernel:2.6.17.9 cpe:/o:linux:linux_kernel:2.6.17.10 cpe:/o:linux:linux_kernel:2.6.17.11 cpe:/o:linux:linux_kernel:2.6.17.12 cpe:/o:linux:linux_kernel:2.6.17.13 cpe:/o:linux:linux_kernel:2.6.17.14 cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:2.6.18.1 cpe:/o:linux:linux_kernel:2.6.18.2 cpe:/o:linux:linux_kernel:2.6.18.3 cpe:/o:linux:linux_kernel:2.6.18.4 cpe:/o:linux:linux_kernel:2.6.18.5 cpe:/o:linux:linux_kernel:2.6.18.6 cpe:/o:linux:linux_kernel:2.6.19 cpe:/o:linux:linux_kernel:2.6.19.2 cpe:/o:linux:linux_kernel:2.6.19.3 cpe:/o:linux:linux_kernel:2.6.20

CVE-2007-0958

2007-02-15T13:28:00.000-05:00

2018-10-30T12:25:10.013-04:00

2.1

LOCAL

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov REDHAT RHSA-2007:0488 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm DEBIAN DSA-1286 DEBIAN DSA-1304 MISC http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt CONFIRM http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20 MANDRIVA MDKSA-2007:060 MANDRIVA MDKSA-2007:078 REDHAT RHSA-2007:0099 BID 22903 UBUNTU USN-451-1 Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable binaries by using the interpreter (PT_INTERP) functionality and triggering a core dump, a variant of CVE-2004-1073.

cpe:/h:cisco:asa_5500:7.2%282%29 cpe:/o:cisco:pix_firewall_software:7.2%282%29

CVE-2007-0959

2007-02-15T19:28:00.000-05:00

2018-10-30T12:25:27.717-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CISCO 20070214 Multiple Vulnerabilities in Cisco PIX and ASA Appliances BID 22561 BID 22562 SECTRACK 1017651 SECTRACK 1017652 VUPEN ADV-2007-0608 XF cisco-pix-asa-tcp-dos(32488) Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when configured to inspect certain TCP-based protocols, allows remote attackers to cause a denial of service (device reboot) via malformed TCP packets.

cpe:/h:cisco:asa_5500:7.2%282%29 cpe:/o:cisco:pix_firewall_software:7.2%282%29

CVE-2007-0960

2007-02-15T19:28:00.000-05:00

2018-10-30T12:25:27.717-04:00

9.0

NETWORK

LOW

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CISCO 20070214 Multiple Vulnerabilities in Cisco PIX and ASA Appliances BID 22561 BID 22562 SECTRACK 1017651 SECTRACK 1017652 VUPEN ADV-2007-0608 XF cisco-pix-asa-local-privilege-escalation(32489) Unspecified vulnerability in Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when configured to use the LOCAL authentication method, allows remote authenticated users to gain privileges via unspecified vectors.

cpe:/h:cisco:asa_5500:6.3 cpe:/h:cisco:asa_5500:7.0 cpe:/h:cisco:asa_5500:7.1 cpe:/h:cisco:asa_5500:7.2 cpe:/o:cisco:pix_firewall_software:6.3 cpe:/o:cisco:pix_firewall_software:7.0 cpe:/o:cisco:pix_firewall_software:7.1 cpe:/o:cisco:pix_firewall_software:7.2

CVE-2007-0961

2007-02-15T19:28:00.000-05:00

2018-10-30T12:25:19.370-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov SECTRACK 1017651 CISCO 20070214 Multiple Vulnerabilities in Firewall Services Module CISCO 20070214 Multiple Vulnerabilities in Cisco PIX and ASA Appliances CERT-VN VU#430969 BID 22561 BID 22562 SECTRACK 1017652 VUPEN ADV-2007-0608 XF cisco-pix-asa-sip-dos(32487) XF cisco-fwsm-sip-dos(32501) Cisco PIX 500 and ASA 5500 Series Security Appliances 6.x before 6.3(5.115), 7.0 before 7.0(5.2), and 7.1 before 7.1(2.5), and the FWSM 3.x before 3.1(3.24), when the "inspect sip" option is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed SIP packets.

cpe:/h:cisco:asa_5500:7.0 cpe:/h:cisco:asa_5500:7.1 cpe:/h:cisco:firewall_services_module:2.3 cpe:/h:cisco:firewall_services_module:3.1 cpe:/o:cisco:pix_firewall_software:7.0 cpe:/o:cisco:pix_firewall_software:7.1

CVE-2007-0962

2007-02-15T19:28:00.000-05:00

2018-10-30T12:25:19.340-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov SECTRACK 1017651 CISCO 20070214 Multiple Vulnerabilities in Firewall Services Module CISCO 20070214 Multiple Vulnerabilities in Cisco PIX and ASA Appliances BID 22561 BID 22562 SECTRACK 1017652 VUPEN ADV-2007-0608 XF cisco-pix-asa-http-dos(32486) Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before 7.0(4.14) and 7.1 before 7.1(2.1), and the FWSM 2.x before 2.3(4.12) and 3.x before 3.1(3.24), when "inspect http" is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed HTTP traffic.

cpe:/h:cisco:firewall_services_module:3.1

CVE-2007-0963

2007-02-15T19:28:00.000-05:00

2011-03-07T21:51:02.893-05:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CISCO 20070214 Multiple Vulnerabilities in Firewall Services Module BID 22561 VUPEN ADV-2007-0609 Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.3), when set to log at the "debug" level, allows remote attackers to cause a denial of service (device reboot) by sending packets that are not of a particular protocol such as TCP or UDP, which triggers the reboot during generation of Syslog message 710006.

cpe:/h:cisco:firewall_services_module:3.1

CVE-2007-0964

2007-02-15T19:28:00.000-05:00

2011-03-07T21:51:03.017-05:00

5.4

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov CISCO 20070214 Multiple Vulnerabilities in Firewall Services Module BID 22561 VUPEN ADV-2007-0609 Cisco FWSM 3.x before 3.1(3.18), when authentication is configured to use "aaa authentication match" or "aaa authentication include", allows remote attackers to cause a denial of service (device reboot) via a malformed HTTPS request.

cpe:/h:cisco:firewall_services_module:3.1

CVE-2007-0965

2007-02-15T19:28:00.000-05:00

2011-03-07T21:51:03.127-05:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CISCO 20070214 Multiple Vulnerabilities in Firewall Services Module BID 22561 VUPEN ADV-2007-0609 Cisco FWSM 3.x before 3.1(3.2), when authentication is configured to use "aaa authentication match" or "aaa authentication include", allows remote attackers to cause a denial of service (device reboot) via a long HTTP request.

cpe:/h:cisco:firewall_services_module:3.1

CVE-2007-0966

2007-02-15T19:28:00.000-05:00

2017-07-28T21:30:32.187-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CISCO 20070214 Multiple Vulnerabilities in Firewall Services Module BID 22561 VUPEN ADV-2007-0609 XF cisco-fwsm-http-dos(32497) XF cisco-fwsm-https-server-dos(32513) Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.11), when the HTTPS server is enabled, allows remote attackers to cause a denial of service (device reboot) via certain HTTPS traffic.

cpe:/h:cisco:firewall_services_module:3.1

CVE-2007-0967

2007-02-15T19:28:00.000-05:00

2017-07-28T21:30:32.237-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CISCO 20070214 Multiple Vulnerabilities in Firewall Services Module BID 22561 VUPEN ADV-2007-0609 XF cisco-fwsm-snmp-dos(32515) Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.1) allows remote attackers to cause a denial of service (device reboot) via malformed SNMP requests.

cpe:/h:cisco:firewall_services_module:2.3 cpe:/h:cisco:firewall_services_module:3.1

CVE-2007-0968

2007-02-15T19:28:00.000-05:00

2017-07-28T21:30:32.297-04:00

9.0

NETWORK

LOW

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CISCO 20070214 Multiple Vulnerabilities in Firewall Services Module BID 22561 SECTRACK 1017650 VUPEN ADV-2007-0609 XF cisco-fwsm-acl-security-bypass(32521) Unspecified vulnerability in Cisco Firewall Services Module (FWSM) before 2.3(4.7) and 3.x before 3.1(3.1) causes the access control entries (ACE) in an ACL to be improperly evaluated, which allows remote authenticated users to bypass intended certain ACL protections.

cpe:/a:webtester:webtester:5.0_2006-09-27

CVE-2007-0969

2007-02-15T20:28:00.000-05:00

2018-10-16T12:35:47.907-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov SREASON 2261 BUGTRAQ 20070214 WebTester 5.0.2 sql injection and XSS vulnerabilities BID 22559 VUPEN ADV-2007-0633 XF webtester-post-xss(32492) Multiple cross-site scripting (XSS) vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to POST parameters to multiple files.

cpe:/a:webtester:webtester:5.0_2006-09-27

CVE-2007-0970

2007-02-15T20:28:00.000-05:00

2018-10-16T12:35:48.233-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov SREASON 2261 BUGTRAQ 20070214 WebTester 5.0.2 sql injection and XSS vulnerabilities BID 22559 VUPEN ADV-2007-0633 XF webtester-directions-sql-injection(32490) Multiple SQL injection vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to execute arbitrary SQL commands via the testID parameter to directions.php, and unspecified parameters to other files that accept GET or POST input.

cpe:/a:jupiter_cms:jupiter_cms:1.1.5

CVE-2007-0971

2007-02-15T20:28:00.000-05:00

2018-10-16T12:35:48.640-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov MISC http://mgsdl.free.fr/advisories/12070214.txt MISC http://www.acid-root.new.fr/advisories/12070214.txt BUGTRAQ 20070214 Jupiter CMS 1.1.5 Multiple Vulnerabilities BUGTRAQ 20070214 Re: Jupiter CMS 1.1.5 Multiple Vulnerabilities BID 22560 EXPLOIT-DB 3310 Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and certain other HTTP headers, which set the ip variable that is used in SQL queries performed by index.php and certain other PHP scripts. NOTE: the attack vector might involve _SERVER.

cpe:/a:jupiter_cms:jupiter_cms:1.1.5

CVE-2007-0972

2007-02-15T20:28:00.000-05:00

2018-10-16T12:35:49.170-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov MISC http://mgsdl.free.fr/advisories/12070214.txt MISC http://www.acid-root.new.fr/advisories/12070214.txt BUGTRAQ 20070214 Jupiter CMS 1.1.5 Multiple Vulnerabilities BUGTRAQ 20070214 Re: Jupiter CMS 1.1.5 Multiple Vulnerabilities BID 22560 XF jupitercm-emoticons-file-upload(32517) EXPLOIT-DB 3311 Unrestricted file upload vulnerability in modules/emoticons.php in Jupiter CMS 1.1.5 allows remote attackers to upload arbitrary files by modifying the HTTP request to send an image content type, and to omit is_guest and is_user parameters. NOTE: this issue might be related to CVE-2006-4875.

cpe:/a:jupiter_cms:jupiter_cms:1.1.5

CVE-2007-0973

2007-02-15T20:28:00.000-05:00

2018-10-16T12:35:49.657-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov MISC http://mgsdl.free.fr/advisories/12070214.txt MISC http://www.acid-root.new.fr/advisories/12070214.txt BUGTRAQ 20070214 Jupiter CMS 1.1.5 Multiple Vulnerabilities BUGTRAQ 20070214 Re: Jupiter CMS 1.1.5 Multiple Vulnerabilities BID 22560 XF jupitercm-loggedguests-xss(32518) Multiple cross-site scripting (XSS) vulnerabilities in index.php in Jupiter CMS 1.1.5 allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header and certain other HTTP headers, which are displayed without proper sanitization when an administrator performs a Logged Guest action.

cpe:/a:ian_bezanson:dropbox:0.0.3_beta

CVE-2007-0974

2007-02-15T20:28:00.000-05:00

2011-03-07T21:51:04.173-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://sourceforge.net/forum/forum.php?forum_id=660819 VUPEN ADV-2007-0598 Multiple unspecified vulnerabilities in Ian Bezanson DropBox before 0.0.4 beta have unknown impact and attack vectors, possibly related to a variable extraction vulnerability.

cpe:/a:apache_stats:apache_stats:0.0.1_beta cpe:/a:apache_stats:apache_stats:0.0.2_beta

CVE-2007-0975

2007-02-15T20:28:00.000-05:00

2011-03-07T21:51:04.267-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://sourceforge.net/forum/forum.php?forum_id=660919 CONFIRM http://superb-east.dl.sourceforge.net/sourceforge/apachestats/apacheStats_0.0.3Beta.tar.bz2 VUPEN ADV-2007-0598 Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.

cpe:/a:activex_soft:actsoft_dvd_tools:3.8.5

CVE-2007-0976

2007-02-15T20:28:00.000-05:00

2017-10-10T21:31:42.127-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

BID 22558 MISC http://www.shinnai.altervista.org/moaxb/20070504/actsoft.txt MISC http://www.shinnai.altervista.org/viewtopic.php?id=41&t_id=30 XF dvdtools-dvdtools-bo(32529) EXPLOIT-DB 3307 EXPLOIT-DB 3610 Buffer overflow in the ActSoft DVD-Tools ActiveX control (dvdtools.ocx) allows remote attackers to execute arbitrary code via a long DVD_TOOLS.OpenDVD property value.

cpe:/a:ibm:lotus_domino:5.0 cpe:/a:ibm:lotus_domino:6.0

CVE-2007-0977

2007-02-15T20:28:00.000-05:00

2017-10-10T21:31:42.190-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

NONE

http://nvd.nist.gov EXPLOIT-DB 3302 IBM Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores HTTPPassword hashes from names.nsf in a manner accessible through Readviewentries and OpenDocument requests to the defaultview view, a different vector than CVE-2005-2428.

cpe:/o:ibm:aix:5.3

CVE-2007-0978

2007-02-15T20:28:00.000-05:00

2017-07-28T21:30:32.627-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SECTRACK 1017656 VUPEN ADV-2007-0617 AIXAPAR IY94901 XF aix-swcons-bo(32508) Buffer overflow in swcons in IBM AIX 5.3 allows local users to gain privileges via long input data.

cpe:/a:lifetype:lifetype:1.1.5 cpe:/a:lifetype:lifetype:1.2_beta_1

CVE-2007-0979

2007-02-15T20:28:00.000-05:00

2011-03-07T21:51:04.610-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://www.lifetype.net/blog/lifetype-development-journal/releases BID 22572 VUPEN ADV-2007-0616 Unspecified vulnerability in LifeType before 1.1.6, and 1.2 before 1.2-beta2, allows remote attackers to obtain sensitive information (file contents) via a "crafted URL."

cpe:/a:hp:serviceguard_for_linux:a.11.14.06 cpe:/a:hp:serviceguard_for_linux:a.11.15.07 cpe:/a:hp:serviceguard_for_linux:a.11.16.10

CVE-2007-0980

2007-02-15T20:28:00.000-05:00

2011-03-07T21:51:04.720-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

HP SSRT071297 BID 22574 SECTRACK 1017655 VUPEN ADV-2007-0619 Unspecified vulnerability in HP Serviceguard for Linux; packaged for SuSE SLES8 and United Linux 1.0 before SG A.11.15.07, SuSE SLES9 and SLES10 before SG A.11.16.10, and Red Hat Enterprise Linux (RHEL) before SG A.11.16.10; allows remote attackers to obtain unauthorized access via unspecified vectors.

cpe:/a:mozilla:firefox:0.8 cpe:/a:mozilla:firefox:0.9 cpe:/a:mozilla:firefox:0.9:rc cpe:/a:mozilla:firefox:0.9.1 cpe:/a:mozilla:firefox:0.9.2 cpe:/a:mozilla:firefox:0.9.3 cpe:/a:mozilla:firefox:0.10 cpe:/a:mozilla:firefox:0.10.1 cpe:/a:mozilla:firefox:1.0 cpe:/a:mozilla:firefox:1.0.1 cpe:/a:mozilla:firefox:1.0.2 cpe:/a:mozilla:firefox:1.0.3 cpe:/a:mozilla:firefox:1.0.4 cpe:/a:mozilla:firefox:1.0.5 cpe:/a:mozilla:firefox:1.0.6 cpe:/a:mozilla:firefox:1.0.6::linux cpe:/a:mozilla:firefox:1.0.7 cpe:/a:mozilla:firefox:1.0.8 cpe:/a:mozilla:firefox:1.5 cpe:/a:mozilla:firefox:1.5:beta1 cpe:/a:mozilla:firefox:1.5:beta2 cpe:/a:mozilla:firefox:1.5.0.1 cpe:/a:mozilla:firefox:1.5.0.2 cpe:/a:mozilla:firefox:1.5.0.3 cpe:/a:mozilla:firefox:1.5.0.4 cpe:/a:mozilla:firefox:1.5.0.5 cpe:/a:mozilla:firefox:1.5.0.6 cpe:/a:mozilla:firefox:1.5.0.7 cpe:/a:mozilla:firefox:1.5.0.8 cpe:/a:mozilla:firefox:1.5.0.9 cpe:/a:mozilla:firefox:1.5.1 cpe:/a:mozilla:firefox:1.5.2 cpe:/a:mozilla:firefox:1.5.3 cpe:/a:mozilla:firefox:1.5.4 cpe:/a:mozilla:firefox:1.5.5 cpe:/a:mozilla:firefox:1.5.6 cpe:/a:mozilla:firefox:1.5.7 cpe:/a:mozilla:firefox:1.5.8 cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:firefox:2.0:beta_1 cpe:/a:mozilla:firefox:2.0:rc3 cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:firefox:preview_release cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:seamonkey:1.0.7

CVE-2007-0981

2007-02-15T20:28:00.000-05:00

2018-10-16T12:35:50.047-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov SGI 20070202-01-P SGI 20070301-01-P FEDORA FEDORA-2007-281 FEDORA FEDORA-2007-293 HP HPSBUX02153 MISC http://lcamtuf.dione.cc/ffhostname.html SUSE SUSE-SA:2007:019 REDHAT RHSA-2007:0077 GENTOO GLSA-200703-04 SREASON 2262 SECTRACK 1017654 SLACKWARE SSA:2007-066-05 SLACKWARE SSA:2007-066-03 DEBIAN DSA-1336 GENTOO GLSA-200703-08 CERT-VN VU#885753 MANDRIVA MDKSA-2007:050 CONFIRM http://www.mozilla.org/security/announce/2007/mfsa2007-07.html SUSE SUSE-SA:2007:022 REDHAT RHSA-2007:0078 REDHAT RHSA-2007:0079 REDHAT RHSA-2007:0097 REDHAT RHSA-2007:0108 BUGTRAQ 20070214 Firefox: serious cookie stealing / same-domain bypass vulnerability BUGTRAQ 20070215 Re: [Full-disclosure] Firefox: serious cookie stealing / same-domain bypass vulnerability BUGTRAQ 20070226 rPSA-2007-0040-1 firefox BUGTRAQ 20070303 rPSA-2007-0040-3 firefox thunderbird BID 22566 UBUNTU USN-428-1 VUPEN ADV-2007-0624 VUPEN ADV-2007-0718 VUPEN ADV-2008-0083 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=370445 XF firefox-locationhostname-security-bypass(32533) CONFIRM https://issues.rpath.com/browse/RPL-1081 CONFIRM https://issues.rpath.com/browse/RPL-1103 Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.

cpe:/a:taskfreak:taskfreak:0.5.5

CVE-2007-0982

2007-02-16T06:28:00.000-05:00

2013-07-12T01:19:12.193-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 22537 MISC http://www.taskfreak.com/versions.html Cross-site scripting (XSS) vulnerability in error.php in TaskFreak! 0.5.5 allows remote attackers to inject arbitrary web script or HTML via the tznMessage parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:ansatheus:at_contenator:1.0

CVE-2007-0983

2007-02-16T06:28:00.000-05:00

2017-10-18T21:30:06.583-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VIM 20070213 true: AT Contenator <= v1.0 (Root_To_Script) Remote File Include Exploit VUPEN ADV-2007-0606 XF atcontenator-nav-file-include(32453) EXPLOIT-DB 3297 PHP remote file inclusion vulnerability in _admin/nav.php in AT Contenator 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the Root_To_Script parameter.

cpe:/a:aspcode.net:pollmentor:2.0

CVE-2007-0984

2007-02-16T06:28:00.000-05:00

2017-10-10T21:31:42.360-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22542 VUPEN ADV-2007-0601 XF pollmentor-pollmentorres-sql-injection(32456) EXPLOIT-DB 3301 SQL injection vulnerability in admin_poll.asp in PollMentor 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to pollmentorres.asp.

cpe:/a:phpcc:phpcc:beta_4.2

CVE-2007-0985

2007-02-16T06:28:00.000-05:00

2017-10-10T21:31:42.423-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22540 VUPEN ADV-2007-0602 EXPLOIT-DB 3299 SQL injection vulnerability in nickpage.php in phpCC 4.2 beta and earlier allows remote attackers to execute arbitrary SQL commands via the npid parameter in a sign_gb action.

cpe:/a:jupiter_cms:jupiter_cms:1.1.5

CVE-2007-0986

2007-02-16T06:28:00.000-05:00

2018-10-16T12:35:56.780-04:00

5.1

NETWORK

HIGH

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://mgsdl.free.fr/advisories/12070214.txt MISC http://www.acid-root.new.fr/advisories/12070214.txt BUGTRAQ 20070214 Jupiter CMS 1.1.5 Multiple Vulnerabilities BUGTRAQ 20070214 Re: Jupiter CMS 1.1.5 Multiple Vulnerabilities BID 22560 XF jupitercm-index-n-file-include(32519) EXPLOIT-DB 3309 PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5, when PHP 5.0.0 or later is used, allows remote attackers to execute arbitrary PHP code via an ftp URL in the n parameter.

cpe:/a:jupiter_cms:jupiter_cms:1.1.5

CVE-2007-0987

2007-02-16T06:28:00.000-05:00

2018-10-16T12:35:57.313-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://mgsdl.free.fr/advisories/12070214.txt MISC http://www.acid-root.new.fr/advisories/12070214.txt BUGTRAQ 20070214 Jupiter CMS 1.1.5 Multiple Vulnerabilities BUGTRAQ 20070214 Re: Jupiter CMS 1.1.5 Multiple Vulnerabilities BID 22560 EXPLOIT-DB 3309 Directory traversal vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot), or an absolute pathname, in the n parameter.

CVE-2007-0988

2007-02-20T12:28:00.000-05:00

2019-10-09T18:52:17.180-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov SGI 20070201-01-P MISC http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228858 HP SSRT071423 HP HPSBTU02232 REDHAT RHSA-2007:0089 GENTOO GLSA-200703-21 SREASON 2315 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm MANDRIVA MDKSA-2007:048 SUSE SUSE-SA:2007:032 OPENPKG OpenPKG-SA-2007.010 MISC http://www.php.net/releases/5_2_1.php MISC http://www.php-security.org/MOPB/MOPB-05-2007.html REDHAT RHSA-2007:0076 REDHAT RHSA-2007:0081 REDHAT RHSA-2007:0082 REDHAT RHSA-2007:0088 BUGTRAQ 20070227 rPSA-2007-0043-1 php php-mysql php-pgsql SECTRACK 1017671 TRUSTIX 2007-0009 UBUNTU USN-424-1 UBUNTU USN-424-2 DEBIAN DSA-1264 VUPEN ADV-2007-1991 VUPEN ADV-2007-2374 XF php-zendhashinit-dos(32709) CONFIRM https://issues.rpath.com/browse/RPL-1088 The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument.

CVE-2007-0989

2017-05-11T10:29:05.683-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none.

CVE-2007-0990

2017-05-11T10:29:05.713-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none.

CVE-2007-0991

2017-05-11T10:29:05.730-04:00

2017-05-11T10:29:05.747-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none.

CVE-2007-0992

2017-05-11T10:29:05.760-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none.

CVE-2007-0993

2007-06-05T17:30:00.000-04:00

2008-09-10T20:50:22.070-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-0933. Reason: This candidate is a duplicate of CVE-2007-0933 due to a typo. Notes: All CVE users should reference CVE-2007-0933 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

CVE-2007-0994

2007-03-05T19:19:00.000-05:00

2019-10-09T18:52:17.553-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

SGI 20070202-01-P SGI 20070301-01-P CONFIRM http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230733 HP SSRT061181 SUSE SUSE-SA:2007:019 SECTRACK 1017726 SLACKWARE SSA:2007-066-05 SLACKWARE SSA:2007-066-03 DEBIAN DSA-1336 CONFIRM http://www.mozilla.org/security/announce/2007/mfsa2007-09.html SUSE SUSE-SA:2007:022 REDHAT RHSA-2007:0097 BID 22826 VUPEN ADV-2007-0823 CONFIRM https://issues.rpath.com/browse/RPL-1103 A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges.

cpe:/a:mozilla:firefox:1.5.0.10 cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:seamonkey:1.0.7

CVE-2007-0995

2007-02-26T14:28:00.000-05:00

2018-10-16T12:36:02.547-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov SGI 20070202-01-P SGI 20070301-01-P FEDORA FEDORA-2007-281 FEDORA FEDORA-2007-293 HP HPSBUX02153 MISC http://ha.ckers.org/xss.html#XSS_Non_alpha_non_digit2 SUSE SUSE-SA:2007:019 REDHAT RHSA-2007:0077 GENTOO GLSA-200703-04 SLACKWARE SSA:2007-066-05 SLACKWARE SSA:2007-066-03 DEBIAN DSA-1336 GENTOO GLSA-200703-08 MANDRIVA MDKSA-2007:050 CONFIRM http://www.mozilla.org/security/announce/2007/mfsa2007-02.html SUSE SUSE-SA:2007:022 REDHAT RHSA-2007:0078 REDHAT RHSA-2007:0079 REDHAT RHSA-2007:0097 REDHAT RHSA-2007:0108 BUGTRAQ 20070226 rPSA-2007-0040-1 firefox BUGTRAQ 20070303 rPSA-2007-0040-3 firefox thunderbird BID 22694 SECTRACK 1017702 UBUNTU USN-428-1 VUPEN ADV-2007-0718 VUPEN ADV-2008-0083 CONFIRM https://issues.rpath.com/browse/RPL-1081 CONFIRM https://issues.rpath.com/browse/RPL-1103 Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions.

CVE-2007-0996

2007-02-26T21:28:00.000-05:00

2018-10-16T12:36:07.157-04:00

5.8

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov SGI 20070202-01-P SGI 20070301-01-P FEDORA FEDORA-2007-281 FEDORA FEDORA-2007-293 HP HPSBUX02153 SUSE SUSE-SA:2007:019 REDHAT RHSA-2007:0077 SLACKWARE SSA:2007-066-05 SLACKWARE SSA:2007-066-03 DEBIAN DSA-1336 MISC http://www.hardened-php.net/advisory_032007.142.html MANDRIVA MDKSA-2007:050 CONFIRM http://www.mozilla.org/security/announce/2007/mfsa2007-02.html SUSE SUSE-SA:2007:022 REDHAT RHSA-2007:0078 REDHAT RHSA-2007:0079 REDHAT RHSA-2007:0097 REDHAT RHSA-2007:0108 BUGTRAQ 20070223 Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability BUGTRAQ 20070226 rPSA-2007-0040-1 firefox BID 22694 SECTRACK 1017702 UBUNTU USN-428-1 VUPEN ADV-2007-0718 CONFIRM https://issues.rpath.com/browse/RPL-1103 The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.

cpe:/o:linux:linux_kernel:2.6.17 cpe:/o:linux:linux_kernel:2.6.17:rc1 cpe:/o:linux:linux_kernel:2.6.17:rc2 cpe:/o:linux:linux_kernel:2.6.17:rc3 cpe:/o:linux:linux_kernel:2.6.17:rc4 cpe:/o:linux:linux_kernel:2.6.17:rc5 cpe:/o:linux:linux_kernel:2.6.17:rc6 cpe:/o:linux:linux_kernel:2.6.17.1 cpe:/o:linux:linux_kernel:2.6.17.2 cpe:/o:linux:linux_kernel:2.6.17.3 cpe:/o:linux:linux_kernel:2.6.17.4 cpe:/o:linux:linux_kernel:2.6.17.5 cpe:/o:linux:linux_kernel:2.6.17.6

CVE-2007-0997

2007-09-18T15:17:00.000-04:00

2008-09-05T17:19:22.830-04:00

6.9

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2007-09-19T15:45:00.000-04:00

ALLOWS_ADMIN_ACCESS

CONFIRM http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.18 MLIST [linux-kernel] 20060717 [patch 25/45] splice: fix problems with sys_tee() Race condition in the tee (sys_tee) system call in the Linux kernel 2.6.17 through 2.6.17.6 might allow local users to cause a denial of service (system crash), obtain sensitive information (kernel memory contents), or gain privileges via unspecified vectors related to a potentially dropped ipipe lock during a race between two pipe readers.

cpe:/a:xen:qemu

CVE-2007-0998

2007-03-20T06:19:00.000-04:00

2017-10-10T21:31:42.860-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov SUSE openSUSE-SU-2012:1572 SUSE openSUSE-SU-2012:1573 SUSE SUSE-SU-2014:0446 REDHAT RHSA-2007:0114 BID 22967 SECTRACK 1017764 VUPEN ADV-2007-1019 VUPEN ADV-2007-1020 VUPEN ADV-2007-1021 XF fedora-xen-qemuvnc-information-disclosure(33085) The VNC server implementation in QEMU, as used by Xen and possibly other environments, allows local users of a guest operating system to read arbitrary files on the host operating system via unspecified vectors related to QEMU monitor mode, as demonstrated by mapping files to a CDROM device. NOTE: some of these details are obtained from third party information.

cpe:/a:gnome:ekiga:2.0.3

CVE-2007-0999

2007-03-10T14:19:00.000-05:00

2017-10-10T21:31:42.923-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

MANDRIVA MDKSA-2007:058 REDHAT RHSA-2007:0087 UBUNTU USN-434-1 Format string vulnerability in Ekiga 2.0.3, and probably other versions, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2007-1006.

cpe:/o:linux:linux_kernel:2.6.20.1

CVE-2007-1000

2007-03-12T19:19:00.000-04:00

2017-10-10T21:31:42.987-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://bugzilla.kernel.org/show_bug.cgi?id=8134 FEDORA FEDORA-2007-335 FEDORA FEDORA-2007-336 SUSE SUSE-SA:2007:029 CERT-VN VU#920689 CONFIRM http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.2 MANDRIVA MDKSA-2007:078 REDHAT RHSA-2007:0169 BUGTRAQ 20070615 rPSA-2007-0124-1 kernel xen BID 22904 UBUNTU USN-486-1 UBUNTU USN-489-1 VUPEN ADV-2007-0907 MISC http://www.wslabi.com/wabisabilabi/initPublishedBid.do? CONFIRM https://issues.rpath.com/browse/RPL-1153 The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the Linux kernel before 2.6.20.2 allows local users to read arbitrary kernel memory via certain getsockopt calls that trigger a NULL dereference.

CVE-2007-1001

2007-04-05T20:19:00.000-04:00

2018-10-30T12:25:35.747-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?r1=1.2.4.1&r2=1.2.4.1.8.1 CONFIRM http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?revision=1.2.4.1.8.1&view=markup CONFIRM http://docs.info.apple.com/article.html?artnum=306172 MISC http://ifsec.blogspot.com/2007/04/php-521-wbmp-file-handling-integer.html APPLE APPLE-SA-2007-07-31 REDHAT RHSA-2007:0155 GENTOO GLSA-200705-19 CONFIRM http://us2.php.net/releases/4_4_7.php CONFIRM http://us2.php.net/releases/5_2_2.php MANDRIVA MDKSA-2007:087 MANDRIVA MDKSA-2007:088 MANDRIVA MDKSA-2007:089 MANDRIVA MDKSA-2007:090 SUSE SUSE-SA:2007:032 REDHAT RHSA-2007:0153 REDHAT RHSA-2007:0162 BUGTRAQ 20070407 PHP <= 5.2.1 wbmp file handling integer overflow BUGTRAQ 20070418 rPSA-2007-0073-1 php php-mysql php-pgsql BID 23357 BID 25159 SLACKWARE SSA:2007-127 VUPEN ADV-2007-1269 VUPEN ADV-2007-2732 XF php-gd-overflow(33453) CONFIRM https://issues.rpath.com/browse/RPL-1268 Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP) images with large width or height values.

cpe:/a:evolution:shared_memo:2.8.2.1

CVE-2007-1002

2007-03-21T18:19:00.000-04:00

2018-10-16T12:36:15.093-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

GENTOO GLSA-200706-02 DEBIAN DSA-1325 MANDRIVA MDKSA-2007:070 SUSE SUSE-SR:2007:015 BUGTRAQ 20070321 Secunia Research: Evolution Shared Memo Categories Format StringVulnerability BUGTRAQ 20070405 FLEA-2007-0010-1: evolution BID 23073 SECTRACK 1017808 UBUNTU USN-442-1 VUPEN ADV-2007-1058 XF evolution-writehtml-format-string(33106) REDHAT RHSA-2007:0158 Format string vulnerability in the write_html function in calendar/gui/e-cal-component-memo-preview.c in Evolution Shared Memo 2.8.2.1, and possibly earlier versions, allows user-assisted remote attackers to execute arbitrary code via format specifiers in the categories of a crafted shared memo.

cpe:/a:x.org:x11:7.1_1.1.0

CVE-2007-1003

2007-04-05T21:19:00.000-04:00

2018-10-16T12:36:16.687-04:00

9.0

NETWORK

LOW

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://issues.foresightlinux.org/browse/FL-223 IDEFENSE 20070403 Multiple Vendor X Server XC-MISC Extension Memory Corruption Vulnerability MLIST [xorg-announce] 20070403 various integer overflow vulnerabilites in xserver, libX11 and libXfont SUSE SUSE-SR:2008:008 REDHAT RHSA-2007:0125 GENTOO GLSA-200705-10 SUNALERT 102886 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm DEBIAN DSA-1294 MANDRIVA MDKSA-2007:079 MANDRIVA MDKSA-2007:080 SUSE SUSE-SA:2007:027 OPENBSD [3.9] 021: SECURITY FIX: April 4, 2007 OPENBSD [4.0] 011: SECURITY FIX: April 4, 2007 REDHAT RHSA-2007:0126 REDHAT RHSA-2007:0127 BUGTRAQ 20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs BUGTRAQ 20070405 FLEA-2007-0009-1: xorg-x11 freetype BID 23284 BID 23300 SECTRACK 1017857 UBUNTU USN-448-1 VUPEN ADV-2007-1217 VUPEN ADV-2007-1548 XF xorg-xcmisc-overflow(33424) CONFIRM https://issues.rpath.com/browse/RPL-1213 Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption.

cpe:/a:mozilla:firefox:2.0:rc3

CVE-2007-1004

2007-02-19T21:28:00.000-05:00

2018-10-16T12:36:21.640-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2264 BUGTRAQ 20070216 Firefox: about:blank is phisher's best friend BUGTRAQ 20070217 Re: Firefox: about:blank is phisher's best friend BUGTRAQ 20070219 RE: Firefox: about:blank is phisher's best friend BID 22601 XF firefox-aboutblank-security-bypass(32580) Mozilla Firefox might allow remote attackers to conduct spoofing and phishing attacks by writing to an about:blank tab and overlaying the location bar.

cpe:/a:ca:etrust_intrusion_detection:2.0:sp1 cpe:/a:ca:etrust_intrusion_detection:3.0 cpe:/a:ca:etrust_intrusion_detection:3.0:sp1

CVE-2007-1005

2007-03-02T16:18:00.000-05:00

2018-10-16T12:36:22.377-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov IDEFENSE 20070227 Computer Associates eTrust Intrusion Detection Denial of Service Vulnerability CONFIRM http://supportconnectw.ca.com/public/ca_common_docs/eid_secnotice.asp BUGTRAQ 20070228 [CAID 35112]: CA eTrust Intrusion Detection Denial of Service Vulnerability BID 22743 SECTRACK 1017706 VUPEN ADV-2007-0776 Heap-based buffer overflow in SW3eng.exe in the eID Engine service in CA (formerly Computer Associates) eTrust Intrusion Detection 3.0.5.57 and earlier allows remote attackers to cause a denial of service (application crash) via a long key length value to the remote administration port (9191/tcp).

cpe:/a:ekiga:ekiga:2.0.4

CVE-2007-1006

2007-02-19T20:28:00.000-05:00

2017-10-10T21:31:43.347-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

FEDORA FEDORA-2007-262 FEDORA FEDORA-2007-263 MISC http://labs.musecurity.com/advisories/MU-200702-01.txt MLIST [Ekiga-list] 20070213 Ekiga 2.0.5 available GENTOO GLSA-200703-25 DEBIAN DSA-1262 CONFIRM http://www.ekiga.org/index.php?rub=10&archive=1 MANDRIVA MDKSA-2007:044 SUSE SUSE-SR:2007:009 REDHAT RHSA-2007:0087 BID 22613 SECTRACK 1017673 UBUNTU USN-426-1 VUPEN ADV-2007-0655 Multiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause a denial of service and possibly execute arbitrary code via a crafted Q.931 SETUP packet.

cpe:/a:ekiga:ekiga:1.0.2 cpe:/o:redhat:enterprise_linux:3.0::advanced_servers cpe:/o:redhat:enterprise_linux:3.0::enterprise_server cpe:/o:redhat:enterprise_linux:3.0::workstation cpe:/o:redhat:enterprise_linux:4.0::advanced_server cpe:/o:redhat:enterprise_linux:4.0::enterprise_server cpe:/o:redhat:enterprise_linux:4.0::workstation cpe:/o:redhat:enterprise_linux_desktop:3.0 cpe:/o:redhat:enterprise_linux_desktop:4.0

CVE-2007-1007

2007-02-20T12:28:00.000-05:00

2017-10-10T21:31:43.423-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SGI 20070201-01-P CONFIRM http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=229266 DEBIAN DSA-1262 MANDRIVA MDKSA-2007:045 SUSE SUSE-SR:2007:009 REDHAT RHSA-2007:0086 UBUNTU USN-426-1 Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function.

cpe:/a:apple:itunes:7.0.2

CVE-2007-1008

2007-02-19T20:28:00.000-05:00

2018-10-16T12:36:22.890-04:00

2.6

NETWORK

HIGH

NONE

PARTIAL

http://nvd.nist.gov SREASON 2278 BUGTRAQ 20070219 iTunes remote memory corruption vulnerability BID 22615 Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation.

cpe:/a:macrovision:installanywhere:8::enterprise cpe:/a:macrovision:installanywhere:8::standard

CVE-2007-1009

2007-04-19T06:19:00.000-04:00

2018-10-16T12:36:23.377-04:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2596 BUGTRAQ 20070416 SYMSA-2007-003 Macrovision InstallAnywhere Password and Serial Number Bypass BID 22643 MISC http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-003.txt VUPEN ADV-2007-1433 Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallScript.iap_xml configuration file without integrity protection to verify authorization for installing an application, which allows local users to perform unauthorized installations by removing the (1) password or (2) serial number verification sections from this file.

cpe:/a:zebrafeeds:zebrafeeds:1.0

CVE-2007-1010

2007-02-21T06:28:00.000-05:00

2017-10-10T21:31:43.533-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://cazalet.org/category/zebrafeeds CONFIRM http://cazalet.org/zebrafeeds/forums/viewtopic.php?pid=358 BID 22576 VUPEN ADV-2007-0622 XF zebrafeeds-zfpath-file-include(32507) EXPLOIT-DB 3314 Multiple PHP remote file inclusion vulnerabilities in ZebraFeeds 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the zf_path parameter to (1) aggregator.php and (2) controller.php in newsfeeds/includes/.

cpe:/a:vs-gastebuch:vs-gastebuch:1.5.3

CVE-2007-1011

2007-02-21T06:28:00.000-05:00

2017-10-18T21:30:06.787-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22605 VUPEN ADV-2007-0646 XF vsgastebuch-functions-file-include(32555) EXPLOIT-DB 3328 PHP remote file inclusion vulnerability in functions_inc.php in VS-Gastebuch 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gb_pfad parameter.

cpe:/a:deskpro:deskpro:1.1.0

CVE-2007-1012

2007-02-21T06:28:00.000-05:00

2018-10-16T12:36:23.657-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2267 BUGTRAQ 20070214 XSS in [deskpro.com v1.1.0 ] XF deskprocom-faq-xss(32525) Cross-site scripting (XSS) vulnerability in faq.php in DeskPRO 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the article parameter.

cpe:/a:virtualsystem:htaccess_passwort_generator:1.1

CVE-2007-1013

2007-02-21T06:28:00.000-05:00

2017-10-10T21:31:43.597-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

BID 22598 VUPEN ADV-2007-0643 XF htaccess-generate-file-include(32559) EXPLOIT-DB 3324 PHP remote file inclusion vulnerability in generate.php in VirtualSystem Htaccess Passwort Generator 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the ht_pfad parameter.

cpe:/a:vicftps:vicftps:3.9

CVE-2007-1014

2007-02-21T06:28:00.000-05:00

2017-10-10T21:31:43.657-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://vicftps.50webs.com/ BID 22608 VUPEN ADV-2007-0648 XF vicftps-cwd-bo(32557) EXPLOIT-DB 3331 Stack-based buffer overflow in VicFTPS before 5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long CWD command.

cpe:/a:aktueldownload:aktueldownload_haber_script

CVE-2007-1015

2007-02-21T06:28:00.000-05:00

2017-10-10T21:31:43.707-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

VUPEN ADV-2007-0620 XF aktueldownload-haberdetay-sql-injection(32527) EXPLOIT-DB 3318 SQL injection vulnerability in HaberDetay.asp in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via the id parameter.

cpe:/a:aktueldownload:aktueldownload_haber_script

CVE-2007-1016

2007-02-21T06:28:00.000-05:00

2011-03-07T21:51:08.687-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0620 SQL injection vulnerability in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via certain vectors related to the HaberDetay.asp and rss.asp components, and the id and kid parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the combination of the HaberDetay.asp component and the id parameter is already covered by another February 2007 CVE candidate.

cpe:/a:virtualsystem:vs-news-system:1.2.1

CVE-2007-1017

2007-02-21T06:28:00.000-05:00

2017-10-10T21:31:43.753-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

BID 22592 VUPEN ADV-2007-0649 XF vsnewssystem-shownewsinc-file-include(32544) EXPLOIT-DB 3322 PHP remote file inclusion vulnerability in show_news_inc.php in VirtualSystem VS-News-System 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the newsordner parameter.

cpe:/a:virtualsystem:vs-news-system:1.2.1

CVE-2007-1018

2007-02-21T06:28:00.000-05:00

2008-11-15T01:42:52.203-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

PHP remote file inclusion vulnerability in tpl/header.php in VirtualSystem VS-News-System 1.2.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the newsordner parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:webspell:webspell:4.01.02

CVE-2007-1019

2007-02-21T06:28:00.000-05:00

2017-10-10T21:31:43.813-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22541 VUPEN ADV-2007-0650 XF webspell-showonly-sql-injection(32554) EXPLOIT-DB 3325 SQL injection vulnerability in news.php in webSPELL 4.01.02, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the showonly parameter to index.php, a different vector than CVE-2006-5388.

cpe:/a:cedstat:cedstat:1.31

CVE-2007-1020

2007-02-21T06:28:00.000-05:00

2018-10-16T12:36:23.967-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://forums.avenir-geopolitique.net/viewtopic.php?t=2672 SREASON 2265 BUGTRAQ 20070215 CedStat v1.31 XSS BID 22588 BID 22653 VUPEN ADV-2007-0680 XF cedstat-index-xss(32537) Cross-site scripting (XSS) vulnerability in index.php in CedStat 1.31 allows remote attackers to inject arbitrary web script or HTML via the hier parameter.

cpe:/a:xfairguy:codeavalanche_news:1.x

CVE-2007-1021

2007-02-21T06:28:00.000-05:00

2017-10-10T21:31:43.970-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

BID 22582 VUPEN ADV-2007-0621 XF codeavalanche-inclistnews-sql-injection(32528) EXPLOIT-DB 3317 SQL injection vulnerability in inc_listnews.asp in CodeAvalanche News 1.x allows remote attackers to execute arbitrary SQL commands via the CAT_ID parameter.

cpe:/a:turuncu_portal:turuncu_portal:1.0

CVE-2007-1022

2007-02-21T06:28:00.000-05:00

2017-07-28T21:30:34.250-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22591 XF turuncu-hgoster-sql-injection(32571) SQL injection vulnerability in h_goster.asp in Turuncu Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:snitz_communications:snitz_forums_2000:3.1:sr4

CVE-2007-1023

2007-02-21T06:28:00.000-05:00

2017-10-10T21:31:44.063-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22593 XF snitzforums-popprofile-sql-injection(32543) EXPLOIT-DB 3321 SQL injection vulnerability in pop_profile.asp in Snitz Forums 2000 3.1 SR4 allows remote attackers to execute arbitrary SQL commands via the id parameter.

cpe:/a:marcello_vitagliano:meganoides_news:1.1.1

CVE-2007-1024

2007-02-21T06:28:00.000-05:00

2018-10-16T12:36:24.467-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

VIM 20070220 [True] Meganoide's news v1.1.1 < = RFi Vulnerabilities SREASON 2266 BUGTRAQ 20070216 Meganoide's news v1.1.1 < = RFi Vulnerabilities BID 22589 XF meganoidesnews-include-file-include(32546) PHP remote file inclusion vulnerability in include.php in Meganoide's news 1.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter.

cpe:/a:virtualsystem:vs-link-partner:2.1

CVE-2007-1025

2007-02-21T06:28:00.000-05:00

2017-10-10T21:31:44.283-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22594 VUPEN ADV-2007-0651 XF vslinkpartner-functions-file-include(32547) EXPLOIT-DB 3323 PHP remote file inclusion vulnerability in inc/functions_inc.php in VS-Link-Partner 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gb_pfad, or possibly script_pfad, parameter.

cpe:/a:scriptdungeon:xlatunes:0.1

CVE-2007-1026

2007-02-21T06:28:00.000-05:00

2018-10-16T12:36:24.860-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070219 XLAtunes 0.1 (album) Remote SQL Injection Vulnerability BUGTRAQ 20070220 Re: XLAtunes 0.1 (album) Remote SQL Injection Vulnerability BUGTRAQ 20070221 XLAtunes 0.1 (album) Remote SQL Injection Vulnerability BID 22602 VUPEN ADV-2007-0644 XF xlatunes-album-sql-injection(32556) EXPLOIT-DB 3327 SQL injection vulnerability in view.php in XLAtunes 0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in view mode. NOTE: some of these details are obtained from third party information.

cpe:/a:ibm:db2:9.0::linux cpe:/a:ibm:db2:9.0::unix

CVE-2007-1027

2007-02-21T06:28:00.000-05:00

2011-03-07T21:51:10.110-05:00

4.4

LOCAL

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BID 22614 SECTRACK 1017665 SECTRACK 1017695 VUPEN ADV-2007-0652 AIXAPAR IY94817 Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file.

cpe:/a:barry_jaspan:image_pager:4.7 cpe:/a:barry_jaspan:image_pager:5.0

CVE-2007-1028

2007-02-21T06:28:00.000-05:00

2017-07-28T21:30:34.500-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

CONFIRM http://drupal.org/node/119293 BID 22586 VUPEN ADV-2007-0636 XF imagepager-img-xss(32539) Cross-site scripting (XSS) vulnerability in the Barry Jaspan Image Pager 4.7.x-1.x-dev and 5.x-1.x-dev before 2007-02-08 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to HTML entities and the IMG element.

cpe:/a:quicksoft:easymail_objects:6.4

CVE-2007-1029

2007-02-21T06:28:00.000-05:00

2018-10-16T12:36:25.423-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

MISC http://security-assessment.com/files/advisories/easymail_advisory.pdf SREASON 2277 BUGTRAQ 20070215 EasyMail Objects v6.5 Connect Method Stack Overflow BID 22583 VUPEN ADV-2007-0634 XF easymailobjects-connect-bo(32540) Stack-based buffer overflow in the Connect method in the IMAP4 component in Quiksoft EasyMail Objects before 6.5 allows remote attackers to execute arbitrary code via a long host name.

cpe:/a:niels_provos:libevent:1.2 cpe:/a:niels_provos:libevent:1.2a

CVE-2007-1030

2007-02-21T06:28:00.000-05:00

2018-10-16T12:36:26.327-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://monkey.org/~provos/libevent/ SREASON 2268 BUGTRAQ 20070219 Remote DoS in libevent DNS parsing <= 1.2a BID 22606 VUPEN ADV-2007-0647 Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a denial of service (infinite loop) via a DNS response containing a label pointer that references its own offset.

cpe:/a:spoonlabs:vivvo_article_management_cms:3.4

CVE-2007-1031

2007-02-21T06:28:00.000-05:00

2017-10-10T21:31:44.423-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BID 22600 XF vivvo-dbconn-file-include(32553) EXPLOIT-DB 3326 Directory traversal vulnerability in include/db_conn.php in SpoonLabs Vivvo Article Management CMS 3.4 allows remote attackers to include and execute arbitrary local files via the root parameter.

cpe:/a:phpmyfaq:phpmyfaq:0.60 cpe:/a:phpmyfaq:phpmyfaq:0.65 cpe:/a:phpmyfaq:phpmyfaq:0.70 cpe:/a:phpmyfaq:phpmyfaq:0.80 cpe:/a:phpmyfaq:phpmyfaq:0.80a cpe:/a:phpmyfaq:phpmyfaq:0.85 cpe:/a:phpmyfaq:phpmyfaq:0.86 cpe:/a:phpmyfaq:phpmyfaq:0.87 cpe:/a:phpmyfaq:phpmyfaq:0.90 cpe:/a:phpmyfaq:phpmyfaq:0.95 cpe:/a:phpmyfaq:phpmyfaq:0.666 cpe:/a:phpmyfaq:phpmyfaq:1.0 cpe:/a:phpmyfaq:phpmyfaq:1.0.1 cpe:/a:phpmyfaq:phpmyfaq:1.0.1a cpe:/a:phpmyfaq:phpmyfaq:1.1.0 cpe:/a:phpmyfaq:phpmyfaq:1.1.1 cpe:/a:phpmyfaq:phpmyfaq:1.1.2 cpe:/a:phpmyfaq:phpmyfaq:1.1.3 cpe:/a:phpmyfaq:phpmyfaq:1.1.4 cpe:/a:phpmyfaq:phpmyfaq:1.1.4a cpe:/a:phpmyfaq:phpmyfaq:1.1.5 cpe:/a:phpmyfaq:phpmyfaq:1.2.0 cpe:/a:phpmyfaq:phpmyfaq:1.2.1 cpe:/a:phpmyfaq:phpmyfaq:1.2.2 cpe:/a:phpmyfaq:phpmyfaq:1.2.3 cpe:/a:phpmyfaq:phpmyfaq:1.2.4 cpe:/a:phpmyfaq:phpmyfaq:1.2.5 cpe:/a:phpmyfaq:phpmyfaq:1.2.5a cpe:/a:phpmyfaq:phpmyfaq:1.2.5b cpe:/a:phpmyfaq:phpmyfaq:1.3.0 cpe:/a:phpmyfaq:phpmyfaq:1.3.1 cpe:/a:phpmyfaq:phpmyfaq:1.3.2 cpe:/a:phpmyfaq:phpmyfaq:1.3.3 cpe:/a:phpmyfaq:phpmyfaq:1.3.4 cpe:/a:phpmyfaq:phpmyfaq:1.3.5 cpe:/a:phpmyfaq:phpmyfaq:1.3.6 cpe:/a:phpmyfaq:phpmyfaq:1.3.7 cpe:/a:phpmyfaq:phpmyfaq:1.3.8 cpe:/a:phpmyfaq:phpmyfaq:1.3.9 cpe:/a:phpmyfaq:phpmyfaq:1.3.9pl1 cpe:/a:phpmyfaq:phpmyfaq:1.3.10 cpe:/a:phpmyfaq:phpmyfaq:1.3.11 cpe:/a:phpmyfaq:phpmyfaq:1.3.12 cpe:/a:phpmyfaq:phpmyfaq:1.3.13 cpe:/a:phpmyfaq:phpmyfaq:1.3.14 cpe:/a:phpmyfaq:phpmyfaq:1.4.0 cpe:/a:phpmyfaq:phpmyfaq:1.4.0a cpe:/a:phpmyfaq:phpmyfaq:1.4.1 cpe:/a:phpmyfaq:phpmyfaq:1.4.2 cpe:/a:phpmyfaq:phpmyfaq:1.4.3 cpe:/a:phpmyfaq:phpmyfaq:1.4.4 cpe:/a:phpmyfaq:phpmyfaq:1.4.5 cpe:/a:phpmyfaq:phpmyfaq:1.4.6 cpe:/a:phpmyfaq:phpmyfaq:1.4.7 cpe:/a:phpmyfaq:phpmyfaq:1.4.8 cpe:/a:phpmyfaq:phpmyfaq:1.4.9 cpe:/a:phpmyfaq:phpmyfaq:1.4.10 cpe:/a:phpmyfaq:phpmyfaq:1.4.11 cpe:/a:phpmyfaq:phpmyfaq:1.5.0 cpe:/a:phpmyfaq:phpmyfaq:1.5.1 cpe:/a:phpmyfaq:phpmyfaq:1.5.2 cpe:/a:phpmyfaq:phpmyfaq:1.5.3 cpe:/a:phpmyfaq:phpmyfaq:1.5.4 cpe:/a:phpmyfaq:phpmyfaq:1.5.5 cpe:/a:phpmyfaq:phpmyfaq:1.5.6 cpe:/a:phpmyfaq:phpmyfaq:1.5.7 cpe:/a:phpmyfaq:phpmyfaq:1.5.8 cpe:/a:phpmyfaq:phpmyfaq:1.5.9 cpe:/a:phpmyfaq:phpmyfaq:1.6.0 cpe:/a:phpmyfaq:phpmyfaq:1.6.1 cpe:/a:phpmyfaq:phpmyfaq:1.6.2 cpe:/a:phpmyfaq:phpmyfaq:1.6.3 cpe:/a:phpmyfaq:phpmyfaq:1.6.4 cpe:/a:phpmyfaq:phpmyfaq:1.6.5 cpe:/a:phpmyfaq:phpmyfaq:1.6.6 cpe:/a:phpmyfaq:phpmyfaq:1.6.7 cpe:/a:phpmyfaq:phpmyfaq:1.6.8 cpe:/a:phpmyfaq:phpmyfaq:1.6.9

CVE-2007-1032

2007-02-21T06:28:00.000-05:00

2017-07-28T21:30:34.657-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

CONFIRM http://www.phpmyfaq.de/advisory_2007-02-18.php XF phpmyfaq-php-file-upload(32573) Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when register_globals is enabled, allows remote attackers to "gain the privilege for uploading files on the server."

cpe:/a:drupal:secure_site_module:4.7 cpe:/a:drupal:secure_site_module:5.0

CVE-2007-1033

2007-02-21T06:28:00.000-05:00

2017-07-28T21:30:34.720-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://drupal.org/node/119619 VUPEN ADV-2007-0637 XF securesite-url-security-bypass(32538) Unspecified vulnerability in the Secure site 4.7.x-1.x-dev and 5.x-1.x-dev module for Drupal allows remote attackers to bypass access restrictions via a crafted URL.

cpe:/a:php-nuke:emporium_module:2.3.0

CVE-2007-1034

2007-02-21T06:28:00.000-05:00

2018-10-19T14:05:28.377-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2018-10-18T09:29:16.883-04:00

ALLOWS_OTHER_ACCESS

BID 22612 VUPEN ADV-2007-0661 XF emporium-modules-sql-injection(23699) EXPLOIT-DB 3334 SQL injection vulnerability in the category file in modules.php in the Emporium 2.3.0 and earlier module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the category_id parameter.

cpe:/a:drupal:audio_module cpe:/a:drupal:getid3:1.7.1 cpe:/a:drupal:mediafield_module

CVE-2007-1035

2007-02-21T06:28:00.000-05:00

2017-07-28T21:30:34.813-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://blamcast.net/articles/highly-critical-security-flaws-in-drupal-audio-module CONFIRM http://drupal.org/node/119385 BID 22587 VUPEN ADV-2007-0635 XF drupal-getid3-code-execution(32542) Unspecified vulnerability in certain demonstration scripts in getID3 1.7.1, as used in the Mediafield and Audio modules for Drupal, allows remote attackers to read and delete arbitrary files, list arbitrary directories, and write to empty files or .mp3 files via unknown vectors.

cpe:/a:jboss:jboss_application_server

CVE-2007-1036

2007-02-21T06:28:00.000-05:00

2018-10-16T12:36:27.030-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss MISC http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole CERT-VN VU#632656 BUGTRAQ 20070220 Jboss vulnerability BUGTRAQ 20070220 Re: Jboss vulnerability BUGTRAQ 20070220 Re: Jboss vulnerability SECTRACK 1017677 XF jboss-admin-unauth-access(32596) The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.

cpe:/a:rsbr-software:news_file_grabber:4.1.0.1

CVE-2007-1037

2007-02-21T12:28:00.000-05:00

2017-07-28T21:30:34.923-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

BID 22617 VUPEN ADV-2007-0662 XF newsfilegrabber-nzb-bo(32577) Stack-based buffer overflow in News File Grabber 4.1.0.1 and earlier allows remote attackers to execute arbitrary code via a .nzb file with a long subject field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:shemes.com:grabit:1.5.3

CVE-2007-1038

2007-02-21T12:28:00.000-05:00

2017-07-28T21:30:34.970-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov BID 22619 VUPEN ADV-2007-0664 XF grabit-nzb-dos(32579) Shemes.com Grabit 1.5.3, and possibly earlier, allows remote attackers to cause a denial of service (application crash) via a .nzb file with a subject field containing ';' (semicolon) characters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:peanutkb:peanut_knowledge_base:0.0.1 cpe:/a:peanutkb:peanut_knowledge_base:0.0.2 cpe:/a:peanutkb:peanut_knowledge_base:0.0.3

CVE-2007-1039

2007-02-21T12:28:00.000-05:00

2017-07-28T21:30:35.063-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://sourceforge.net/project/shownotes.php?group_id=157653&release_id=483888 BID 22628 VUPEN ADV-2007-0666 XF peanutkb-multiple-unspecified(32574) Unspecified vulnerability in Peanut Knowledge Base (PeanutKB) 0.0.3 and earlier has unknown impact and attack vectors.

cpe:/a:xpression_news:xpression_news:1.0.1

CVE-2007-1040

2007-02-21T12:28:00.000-05:00

2017-10-10T21:31:44.533-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov BID 22609 VUPEN ADV-2007-0645 XF xnews-archives-news-directory-traversal(32560) EXPLOIT-DB 3332 Directory traversal vulnerability in archives.php in Xpression News (X-News) 1.0.1 allows remote attackers to include arbitrary files or obtain sensitive information via a .. (dot dot) in the xnews-template parameter.

cpe:/a:sandh:news_rover:12.1:rev1

CVE-2007-1041

2007-02-21T12:28:00.000-05:00

2017-10-10T21:31:44.597-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

BID 22618 VUPEN ADV-2007-0663 XF newsrover-nzb-bo(32576) EXPLOIT-DB 3342 Multiple stack-based buffer overflows in S&H Computer Systems News Rover 12.1 Rev 1 allow remote attackers to execute arbitrary code via a .nzb file with a long (1) group or (2) subject string.

cpe:/a:xpression_news:xpression_news:1.0.1

CVE-2007-1042

2007-02-21T12:28:00.000-05:00

2017-07-28T21:30:35.220-04:00

5.8

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov XF xnews-archives-news-directory-traversal(32560) Directory traversal vulnerability in news.php in Xpression News (X-News) 1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to include arbitrary files or obtain sensitive information via a .. (dot dot) in the xnews-template parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:ezboo:webstats:3.0.3

CVE-2007-1043

2007-02-21T12:28:00.000-05:00

2018-10-16T12:36:27.717-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://forums.avenir-geopolitique.net/viewtopic.php?t=2674 SREASON 2275 BUGTRAQ 20070215 Ezboo webstats acces to sensitive files BID 22590 XF ezboo-update-unauthorized-access(32563) Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.

cpe:/a:pearson_education:powerschool:4.3.6

CVE-2007-1044

2007-02-21T12:28:00.000-05:00

2018-10-16T12:36:28.140-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2276 BUGTRAQ 20070219 Powerschool 404 Admin Exposure BUGTRAQ 20071204 Re: Powerschool 404 Admin Exposure BID 22611 XF powerschool-js-information-disclosure(32569) Pearson Education PowerSchool 4.3.6 allows remote attackers to list the contents of the admin folder via a URI composed of the admin/ directory name and an arbitrary filename ending in ".js." NOTE: it was later reported that this issue had been addressed by 5.1.2.

cpe:/a:malbum:malbum:0.3

CVE-2007-1045

2007-02-21T12:28:00.000-05:00

2018-10-16T12:36:28.547-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

MISC http://forums.avenir-geopolitique.net/viewtopic.php?t=2677 SREASON 2272 BUGTRAQ 20070217 mAlbum v0.3 admin by default user/pass XF malbum-default-admin-account(32562) mAlbum 0.3 has default accounts (1) "login"/"pass" for its administrative account and (2) "dqsfg"/"sdfg", which allows remote attackers to gain privileges.

cpe:/a:dem_trac:dem_trac

CVE-2007-1046

2007-02-21T12:28:00.000-05:00

2018-10-16T12:36:28.813-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov MISC http://forums.avenir-geopolitique.net/viewtopic.php?t=2673 SREASON 2271 BUGTRAQ 20070215 Dem_trac acces to log file wihtout authentification XF demtrac-ancsit-information-disclosure(32566) Dem_trac allows remote attackers to read log file contents via a direct request for /anc_sit.txt.

cpe:/a:distributed_checksum_clearinghouse:dcc:1.3 cpe:/a:distributed_checksum_clearinghouse:dcc:1.3.1 cpe:/a:distributed_checksum_clearinghouse:dcc:1.3.2 cpe:/a:distributed_checksum_clearinghouse:dcc:1.3.3 cpe:/a:distributed_checksum_clearinghouse:dcc:1.3.4 cpe:/a:distributed_checksum_clearinghouse:dcc:1.3.5 cpe:/a:distributed_checksum_clearinghouse:dcc:1.3.6 cpe:/a:distributed_checksum_clearinghouse:dcc:1.3.7 cpe:/a:distributed_checksum_clearinghouse:dcc:1.3.8 cpe:/a:distributed_checksum_clearinghouse:dcc:1.3.9 cpe:/a:distributed_checksum_clearinghouse:dcc:1.3.10 cpe:/a:distributed_checksum_clearinghouse:dcc:1.3.11 cpe:/a:distributed_checksum_clearinghouse:dcc:1.3.12 cpe:/a:distributed_checksum_clearinghouse:dcc:1.3.13 cpe:/a:distributed_checksum_clearinghouse:dcc:1.3.14 cpe:/a:distributed_checksum_clearinghouse:dcc:1.3.15 cpe:/a:distributed_checksum_clearinghouse:dcc:1.3.16

CVE-2007-1047

2007-02-21T12:28:00.000-05:00

2011-03-07T21:51:12.313-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://www.rhyolite.com/anti-spam/dcc/CHANGES BID 22622 VUPEN ADV-2007-0654 Unspecified vulnerability in Distributed Checksum Clearinghouse (DCC) before 1.3.51 allows remote attackers to delete or add hosts in /var/dcc/maps.

cpe:/a:phpbb_wordsearch:phpbb_wordsearch

CVE-2007-1048

2007-02-21T12:28:00.000-05:00

2018-10-16T12:36:29.173-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2280 BUGTRAQ 20070216 phpbb_wordsearch < = RFi Vulnerabilities XF phpbbwordsearch-rebuildsearch-file-include(32551) PHP remote file inclusion vulnerability in admin_rebuild_search.php in phpbb_wordsearch allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

CVE-2007-1049

2007-02-21T12:28:00.000-05:00

2011-03-07T21:51:12.547-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov MISC http://downloads.securityfocus.com/vulnerabilities/exploits/22534.html CONFIRM http://trac.wordpress.org/changeset/4876 CONFIRM http://trac.wordpress.org/changeset/4877 CONFIRM http://trac.wordpress.org/ticket/3781 GENTOO GLSA-200703-23 BID 22534 VUPEN ADV-2007-0741 Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable.

cpe:/a:abledesign:mycalendar

CVE-2007-1050

2007-02-21T18:28:00.000-05:00

2018-10-16T12:36:29.470-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov MISC http://forums.avenir-geopolitique.net/viewtopic.php?t=2686 SREASON 2270 BUGTRAQ 20070219 MyCalendar multiple XSS BID 22635 VUPEN ADV-2007-0679 XF mycalendar-index-xss(32581) Multiple cross-site scripting (XSS) vulnerabilities in index.php in AbleDesign MyCalendar allow remote attackers to inject arbitrary web script or HTML via (1) the go parameter, (2) the keyword parameter in the search menu (go=search), or (3) the username or (4) the password in a go=Login action.

cpe:/a:comodo:comodo_firewall_pro:2.4.17.183

CVE-2007-1051

2007-02-21T18:28:00.000-05:00

2018-10-16T12:36:30.093-04:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

FULLDISC 20070215 Comodo DLL injection via weak hash function exploitation Vulnerability SREASON 2279 MISC http://www.matousec.com/info/advisories/Comodo-DLL-injection-via-weak-hash-function-exploitation.php BUGTRAQ 20070215 Comodo DLL injection via weak hash function exploitation Vulnerability XF comodofirewallpro-crc32-security-bypass(32530) Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.17.183 and earlier uses a weak cryptographic hashing function (CRC32) to identify trusted modules, which allows local users to bypass security protections by substituting modified modules that have the same CRC32 value.

cpe:/a:pblang:pblang:4.60

CVE-2007-1052

2007-02-21T18:28:00.000-05:00

2018-10-16T12:36:30.423-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

VIM 20070216 PBLang 4.60 <= (index.php) Remote File Include Vulnerability SREASON 2269 BUGTRAQ 20070216 PBLang 4.60 <= (index.php) Remote File Include Vulnerability ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in PBLang (PBL) 4.60 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the dbpath parameter, a different vector than CVE-2006-5062. NOTE: this issue has been disputed by a reliable third party for 4.65, stating that the dbpath variable is initialized in an included file that is created upon installation.

cpe:/a:warped_systems:phpxmms:1.0

CVE-2007-1053

2007-02-21T18:28:00.000-05:00

2018-10-16T12:36:30.593-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

VIM 20070220 false: phpXmms 1.0 (tcmdp) Remote File Include Vulnerabilities SREASON 2273 BUGTRAQ 20070220 phpXmms 1.0 (tcmdp) Remote File Include Vulnerabilities ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in phpXmms 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the tcmdp parameter to (1) phpxmmsb.php or (2) phpxmmst.php. NOTE: this issue has been disputed by a reliable third party, stating that the tcmdp variable is initialized by config.php.

cpe:/a:mediawiki:mediawiki:1.8.2

CVE-2007-1054

2007-02-21T18:28:00.000-05:00

2018-10-16T12:36:30.780-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VIM 20070221 [unsure] MediaWiki Cross-site Scripting SREASON 2274 CONFIRM http://sourceforge.net/project/shownotes.php?release_id=487921&group_id=34373 CONFIRM http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_3/phase3/RELEASE-NOTES MISC http://www.bugsec.com/articles.php?Security=24 BUGTRAQ 20070220 MediaWiki Cross-site Scripting VUPEN ADV-2007-0678 XF mediawiki-index-xss(32586) Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer.

cpe:/a:mediawiki:mediawiki:1.8.2 cpe:/a:mediawiki:mediawiki:1.9.0:rc1

CVE-2007-1055

2007-02-21T18:28:00.000-05:00

2018-10-19T14:08:48.990-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2018-10-18T09:48:01.087-04:00

ALLOWS_OTHER_ACCESS

SREASON 2274 CONFIRM http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0/phase3/RELEASE-NOTES MISC http://www.bugsec.com/articles.php?Security=24 BUGTRAQ 20070220 MediaWiki Cross-site Scripting XF mediawiki-index-xss(32586) Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.9.x before 1.9.0rc2, and 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the rs parameter. NOTE: this issue might be a duplicate of CVE-2007-0177.

cpe:/a:vmware:workstation:5.5.3_build_34685

CVE-2007-1056

2007-02-21T18:28:00.000-05:00

2018-10-16T12:36:31.577-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SREASON 2281 BUGTRAQ 20070219 VMware Workstation multiple denial of service and isolation manipulation vulnerabilities BUGTRAQ 20070303 Re: VMware Workstation multiple denial of service and isolation manipulation vulnerabilities VMware Workstation 5.5.3 build 34685 does not provide per-user restrictions on certain privileged actions, which allows local users to perform restricted operations such as changing system time, accessing hardware components, and stopping the "VMware tools service" service. NOTE: exploitation is simplified via (1) weak file permissions (Users = Read & Execute) for %PROGRAMFILES%\VMware; and weak registry key permissions (access by Users) for (2) vmmouse, (3) vmscsi, (4) VMTools, (5) vmx_svga, and (6) vmxnet in HKLM\SYSTEM\CurrentControlSet\Services\; which allows local users to perform various privileged actions outside of the guest OS by executing certain files under %PROGRAMFILES%\VMware\VMware Tools, as demonstrated by (a) VMControlPanel.cpl and (b) vmwareservice.exe.

cpe:/a:nortel:net_direct_client:6.0.4::linux

CVE-2007-1057

2007-02-21T18:28:00.000-05:00

2017-10-10T21:31:44.657-04:00

6.9

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

MISC http://spoofed.org/blog/archive/2007/02/nortel_vpn_unix_client_local_root_compromise.html BID 22632 SECTRACK 1017678 VUPEN ADV-2007-0671 CONFIRM http://www116.nortelnetworks.com/pub/repository/CLARIFY/DOCUMENT/2007/08/021886-01.pdf CONFIRM http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=540071 XF netdirect-permissions-privilege-escalation(32597) EXPLOIT-DB 3356 The Net Direct client for Linux before 6.0.5 in Nortel Application Switch 2424, VPN 3050 and 3070, and SSL VPN Module 1000 extracts and executes files with insecure permissions, which allows local users to exploit a race condition to replace a world-writable file in /tmp/NetClient and cause another user to execute arbitrary code when attempting to execute this client, as demonstrated by replacing /tmp/NetClient/client.

cpe:/a:online_web_building:online_web_building:2.0

CVE-2007-1058

2007-02-21T18:28:00.000-05:00

2017-10-18T21:30:06.833-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0674 XF userpages2-page-sql-injection(32583) EXPLOIT-DB 3339 SQL injection vulnerability in user_pages/page.asp in Online Web Building 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter.

cpe:/a:ultimate_fun_book:ultimate_fun_book:1.02

CVE-2007-1059

2007-02-21T19:28:00.000-05:00

2017-10-18T21:30:06.893-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22633 VUPEN ADV-2007-0675 XF ultimatefunbook-function-file-include(32584) EXPLOIT-DB 3336 PHP remote file inclusion vulnerability in function.php in Ultimate Fun Book 1.02 allows remote attackers to execute arbitrary PHP code via a URL in the gbpfad parameter. NOTE: some sources mention "Ultimate Fun Board," but this appears to be an error.

cpe:/a:interspire:sendstudio:2004.14

CVE-2007-1060

2007-02-21T19:28:00.000-05:00

2018-10-16T12:36:31.827-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://advisories.echo.or.id/adv/adv66-K-159-2007.txt BUGTRAQ 20070221 [ECHO_ADV_66$2007] SendStudio <= 2004.14 Remote File Inclusion Vulnerability BUGTRAQ 20070223 Re: [ECHO_ADV_66$2007] SendStudio <= 2004.14 Remote File Inclusion Vulnerability BID 22642 VUPEN ADV-2007-0672 XF sendstudio-rootdir-file-include(32602) EXPLOIT-DB 3348 Multiple PHP remote file inclusion vulnerabilities in Interspire SendStudio 2004.14 and earlier, when register_globals and allow_fopenurl are enabled, allow remote attackers to execute arbitrary PHP code via a URL in the ROOTDIR parameter to (1) createemails.inc.php and (2) send_emails.inc.php in /admin/includes/.

cpe:/a:francisco_burzi:php-nuke:8.0_final

CVE-2007-1061

2007-02-21T19:28:00.000-05:00

2018-10-16T12:36:32.423-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

FULLDISC 20070220 Blind sql injection attack in INSERT syntax on PHP-nuke <=8.0 Final BUGTRAQ 20070224 Blind sql injection attack in INSERT syntax on PHP-nuke <=8.0 Final BID 22638 VUPEN ADV-2007-0673 XF phpnuke-index-sql-injection(32607) EXPLOIT-DB 3346 SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" block is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header (HTTP_REFERER variable).

cpe:/o:cisco:unified_ip_conference_station_7935_firmware:3.2%2815%29 cpe:/o:cisco:unified_ip_conference_station_firmware_7936:3.3%2812%29

CVE-2007-1062

2007-02-21T20:28:00.000-05:00

2019-05-23T12:13:16.810-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2019-05-22T10:59:07.773-04:00

ALLOWS_ADMIN_ACCESS

SECTRACK 1017680 CISCO 20070221 Identifying and Mitigating Exploitation of Cisco Unified IP Conference Station and IP Phone Vulnerabilities CISCO 20070221 Cisco Unified IP Conference Station and IP Phone Vulnerabilities BID 22647 VUPEN ADV-2007-0688 XF cisco-unified-ip-conference-url-auth-bypass(32623) The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and Station 7936 3.3(12) and earlier does not properly handle administrator HTTP sessions, which allows remote attackers to bypass authentication controls via a direct URL request to the administrative HTTP interface for a limited time

cpe:/o:cisco:unified_ip_phone_firmware_7906g:8.0%284%29:sr1 cpe:/o:cisco:unified_ip_phone_firmware_7911g:8.0%284%29:sr1 cpe:/o:cisco:unified_ip_phone_firmware_7941g:8.0%284%29:sr1 cpe:/o:cisco:unified_ip_phone_firmware_7961g:8.0%284%29:sr1 cpe:/o:cisco:unified_ip_phone_firmware_7970g:8.0%284%29:sr1 cpe:/o:cisco:unified_ip_phone_firmware_7971g:8.0%284%29:sr1

CVE-2007-1063

2007-02-21T20:28:00.000-05:00

2019-05-23T12:15:42.703-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2019-05-22T11:08:01.240-04:00

ALLOWS_ADMIN_ACCESS

CISCO 20070221 Identifying and Mitigating Exploitation of Cisco Unified IP Conference Station and IP Phone Vulnerabilities CISCO 20070221 Cisco Unified IP Conference Station and IP Phone Vulnerabilities BID 22647 SECTRACK 1017681 VUPEN ADV-2007-0689 XF cisco-unified-ip-phone-default-user-account(32627) The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device.

cpe:/a:cisco:secure_services_client:4.0 cpe:/a:cisco:secure_services_client:4.0.5 cpe:/a:cisco:secure_services_client:4.0.51 cpe:/a:cisco:security_agent:5.0 cpe:/a:cisco:security_agent:5.1 cpe:/a:cisco:trust_agent:1.0 cpe:/a:cisco:trust_agent:2.0 cpe:/a:cisco:trust_agent:2.0.1 cpe:/a:cisco:trust_agent:2.1 cpe:/a:meetinghouse:aegis_secureconnect_client:windows_platform

CVE-2007-1064

2007-02-21T20:28:00.000-05:00

2017-07-28T21:30:36.297-04:00

6.8

LOCAL

LOW

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CISCO 20070221 Multiple Vulnerabilities in 802.1X Supplicant BID 22648 SECTRACK 1017683 SECTRACK 1017684 VUPEN ADV-2007-0690 XF cisco-cssc-help-privilege-escalation(32621) Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not drop privileges when the help facility in the supplicant GUI is invoked, which allows local users to gain privileges, aka CSCsf14120.

CVE-2007-1065

2007-02-21T20:28:00.000-05:00

2017-07-28T21:30:36.360-04:00

6.8

LOCAL

LOW

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CISCO 20070221 Multiple Vulnerabilities in 802.1X Supplicant BID 22648 SECTRACK 1017683 SECTRACK 1017684 VUPEN ADV-2007-0690 XF cisco-cssc-privilege-escalation(32622) Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client allows local users to gain SYSTEM privileges via unspecified vectors in the supplicant, aka CSCsf15836.

CVE-2007-1066

2007-02-21T20:28:00.000-05:00

2017-07-28T21:30:36.423-04:00

6.8

LOCAL

LOW

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CISCO 20070221 Multiple Vulnerabilities in 802.1X Supplicant BID 22648 SECTRACK 1017683 SECTRACK 1017684 VUPEN ADV-2007-0690 XF cisco-cssc-dacl-privilege-escalation(32625) Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting "a thread under ConnectionClient.exe," aka CSCsg20558.

cpe:/a:cisco:secure_services_client:4.x cpe:/a:cisco:security_agent:5.0 cpe:/a:cisco:security_agent:5.1 cpe:/a:cisco:trust_agent:1 cpe:/a:meetinghouse:aegis_secureconnect_client:windows_platform

CVE-2007-1067

2007-02-21T20:28:00.000-05:00

2017-07-28T21:30:36.487-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CISCO 20070221 Multiple Vulnerabilities in 802.1X Supplicant BID 22648 SECTRACK 1017683 SECTRACK 1017684 VUPEN ADV-2007-0690 XF cisco-cssc-parsing-privilege-escalation(32624) Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not properly parse commands, which allows local users to gain privileges via unspecified vectors, aka CSCsh30624.

CVE-2007-1068

2007-02-21T20:28:00.000-05:00

2017-07-28T21:30:36.547-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CISCO 20070221 Multiple Vulnerabilities in 802.1X Supplicant BID 22648 SECTRACK 1017683 SECTRACK 1017684 VUPEN ADV-2007-0690 XF cisco-cssc-password-information-disclosure(32626) The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423.

cpe:/a:vmware:workstation:5.5.3

CVE-2007-1069

2007-05-02T15:19:00.000-04:00

2018-10-16T12:36:32.827-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov MISC http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=49 BUGTRAQ 20070507 [Reversemode Advisory] VMware Products - GPF Denial of Service BUGTRAQ 20070507 VMSA-2007-0004 Multiple Denial-of-Service issues fixed BUGTRAQ 20070518 VMSA-2007-0004.1 Updated: Multiple Denial-of-Service issues fixed and directory traversal vulnerability BID 23732 SECTRACK 1018011 CONFIRM http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html#554 VUPEN ADV-2007-1592 XF vmware-gpf-dos(33994) The memory management in VMware Workstation before 5.5.4 allows attackers to cause a denial of service (Windows virtual machine crash) by triggering certain general protection faults (GPF).

cpe:/a:trend_micro:serverprotect:5.58::emc cpe:/a:trend_micro:serverprotect:5.61::network_appliance_filer cpe:/a:trend_micro:serverprotect:5.62::network_appliance_filer

CVE-2007-1070

2007-02-21T06:28:00.000-05:00

2018-10-16T12:36:33.453-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034290 CERT-VN VU#349393 CERT-VN VU#466609 CERT-VN VU#630025 CERT-VN VU#730433 BUGTRAQ 20070220 TSRT-07-01: Trend Micro ServerProtect StCommon.dll Stack Overflow Vulnerabilities BUGTRAQ 20070220 TSRT-07-02: Trend Micro ServerProtect eng50.dll Stack Overflow Vulnerabilities BID 22639 SECTRACK 1017676 MISC http://www.tippingpoint.com/security/advisories/TSRT-07-01.html MISC http://www.tippingpoint.com/security/advisories/TSRT-07-02.html CONFIRM http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch1_readme.txt VUPEN ADV-2007-0670 XF serverprotect-eng50-bo(32594) XF serverprotect-stcommon-bo(32601) Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll.

cpe:/o:apple:mac_os_x:10.4.8 cpe:/o:apple:mac_os_x_server:10.4.8

CVE-2007-1071

2007-02-22T17:28:00.000-05:00

2011-03-07T21:51:14.987-05:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://docs.info.apple.com/article.html?artnum=305214 APPLE APPLE-SA-2007-03-13 MISC http://security-protocols.com/sp-x39-advisory.php CERT-VN VU#559444 BID 22630 SECTRACK 1017758 CERT TA07-072A VUPEN ADV-2007-0930 Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image that triggers the overflow during decompression. NOTE: this is a different issue than CVE-2006-3502 and CVE-2006-3503.

CVE-2007-1072

2007-02-22T17:28:00.000-05:00

2019-05-23T12:16:04.877-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2019-05-22T11:10:42.273-04:00

ALLOWS_ADMIN_ACCESS

CISCO 20070221 Identifying and Mitigating Exploitation of Cisco Unified IP Conference Station and IP Phone Vulnerabilities CISCO 20070221 Cisco Unified IP Conference Station and IP Phone Vulnerabilities BID 22647 The command line interface (CLI) in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier allows local users to obtain privileges or cause a denial of service via unspecified vectors. NOTE: this issue can be leveraged remotely via CVE-2007-1063.

cpe:/a:mcrefer:mcrefer

CVE-2007-1073

2007-02-22T17:28:00.000-05:00

2018-10-16T12:36:34.517-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SREASON 2283 BUGTRAQ 20070211 Re: mcRefer SQL injection Static code injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary PHP code via the bgcolor parameter, which is inserted into mcrconf.inc.php.

cpe:/a:dji:newsbin_pro:4.x cpe:/a:dji:newsbin_pro:5.33

CVE-2007-1074

2007-02-22T17:28:00.000-05:00

2017-10-10T21:31:44.847-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

BID 22652 VUPEN ADV-2007-0694 XF newsbinpro-nbi-bo(32598) XF newsbinpro-nzb-bo(32608) EXPLOIT-DB 3349 Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x allow user-assisted remote attackers to execute arbitrary code via a long (1) DataPath or (2) DownloadPath attributed in a (a) NBI file, or (3) a long group field in a (b) NZB file.

cpe:/a:turbosoft:turboftp:5.3.0:build_572

CVE-2007-1075

2007-02-22T17:28:00.000-05:00

2017-10-10T21:31:44.923-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 22634 EXPLOIT-DB 3341 TurboFTP 5.30 Build 572 allows remote servers to cause a denial of service (CPU consumption) via a response with a large number of newline characters.

cpe:/a:phptraffica:phptraffica:1.4.1

CVE-2007-1076

2007-02-22T18:28:00.000-05:00

2017-07-28T21:30:36.797-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VIM 20070222 [true] phpTrafficA-1.4.1 Local File Inclusion CONFIRM http://soft.zoneo.net/phpTrafficA/news.php MISC http://www.bugtraq.ir/articles/file-inclusion/phpTrafficA-1.4.1-Local-File-Inclusion/1 BID 22655 VUPEN ADV-2007-0709 XF phptraffica-plotstat-banref-file-include(32628) Multiple directory traversal vulnerabilities in phpTrafficA 1.4.1, and possibly earlier, allow remote attackers to include arbitrary local files via a .. (dot dot) in the (1) file parameter to plotStat.php and the (2) lang parameter to banref.php.

cpe:/a:design4online:userpages2:2.0

CVE-2007-1077

2007-02-22T18:28:00.000-05:00

2008-11-15T01:43:05.453-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22636 SQL injection vulnerability in page.asp in Design4Online UserPages2 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:flashgamescript:flashgamescript:1.5.4

CVE-2007-1078

2007-02-22T18:28:00.000-05:00

2018-10-16T12:36:34.657-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070221 FlashGameScript v1.5.4 Remote File Inclusion Vulnerability BID 22646 VUPEN ADV-2007-0707 XF flashgamescript-index-file-include(32635) EXPLOIT-DB 3360 PHP remote file inclusion vulnerability in index.php in FlashGameScript 1.5.4 allows remote attackers to execute arbitrary PHP code via a URL in the func parameter.

cpe:/a:rhinosoft:ftp_voyager:14.0.0.3

CVE-2007-1079

2007-02-22T18:28:00.000-05:00

2017-10-10T21:31:45.033-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 22637 XF ftpvoyager-cwd-dos(32593) EXPLOIT-DB 3343 Stack-based buffer overflow in Rhino Software, Inc. FTP Voyager 14.0.0.3 and earlier allows remote servers to cause a denial of service (crash) via a long response to a CWD command, which triggers the overflow when the user aborts the command.

cpe:/a:turbosoft:turboftp:5.3.0:build_572

CVE-2007-1080

2007-02-22T18:28:00.000-05:00

2017-10-10T21:31:45.097-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 22634 XF turboftp-list-dos(32604) XF turboftp-cwd-dos(32605) EXPLOIT-DB 3341 Multiple heap-based buffer overflows in TurboFTP 5.30 Build 572 allow remote servers to cause a denial of service via (1) long filename in a response to a LIST command, and (2) a long response to a CWD command.

cpe:/a:typo3:typo3:4.0.4 cpe:/a:typo3:typo3:4.1:beta cpe:/a:typo3:typo3:4.1:rc1

CVE-2007-1081

2007-02-22T18:28:00.000-05:00

2017-07-28T21:30:37.000-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

CONFIRM http://typo3.org/teams/security/security-bulletins/typo3-20070221-1 BID 22668 VUPEN ADV-2007-0697 XF typo3-t3libformmail-header-injection(32630) The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. NOTE: some details were obtained from third party information.

cpe:/a:ftpx:ftp_explorer:1.0.1 cpe:/a:ftpx:ftp_explorer:1.0.1.47

CVE-2007-1082

2007-02-22T18:28:00.000-05:00

2017-10-10T21:31:45.173-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov VIM 20070324 Vendor ACK for FTPx DoS (CVE-2007-1082) BID 22640 XF ftpexplorer-pwd-dos(32606) EXPLOIT-DB 3347 FTP Explorer 1.0.1 Build 047, and other versions before 1.0.1.52, allows remote servers to cause a denial of service (CPU consumption) via a long response to a PWD command.

cpe:/a:verisign:mpki:4.6.1 cpe:/a:verisign:mpki:5.0 cpe:/a:verisign:mpki:6.0 cpe:/a:verisign:mpki:6.1.3 cpe:/a:verisign:mpki:7.0

CVE-2007-1083

2007-02-22T21:28:00.000-05:00

2017-07-28T21:30:37.127-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

VIM 20070222 Verisign ConfigChk ActiveX Overflow(s) VIM 20070223 Verisign ConfigChk ActiveX Overflow(s) MISC http://jvn.jp/cert/JVNVU%23308087/index.html IDEFENSE 20070222 VeriSign ConfigChk ActiveX Control Buffer Overflow Vulnerability MISC http://www.jpcert.or.jp/at/2007/at070006.txt CERT-VN VU#308087 BID 22671 BID 22676 SECTRACK 1017692 SECTRACK 1017693 SECTRACK 1017694 VUPEN ADV-2007-0702 CONFIRM https://download.verisign.co.jp/support/announce/20070216.html XF verisign-configchk-bo(32639) Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method.

cpe:/a:mozilla:firefox:0.8 cpe:/a:mozilla:firefox:0.9 cpe:/a:mozilla:firefox:0.9.1 cpe:/a:mozilla:firefox:0.9.2 cpe:/a:mozilla:firefox:0.9.3 cpe:/a:mozilla:firefox:0.10 cpe:/a:mozilla:firefox:0.10.1 cpe:/a:mozilla:firefox:1.0 cpe:/a:mozilla:firefox:1.0.1 cpe:/a:mozilla:firefox:1.0.2 cpe:/a:mozilla:firefox:1.0.3 cpe:/a:mozilla:firefox:1.0.4 cpe:/a:mozilla:firefox:1.0.5 cpe:/a:mozilla:firefox:1.0.6 cpe:/a:mozilla:firefox:1.0.7 cpe:/a:mozilla:firefox:1.0.8 cpe:/a:mozilla:firefox:1.5 cpe:/a:mozilla:firefox:1.5.0.1 cpe:/a:mozilla:firefox:1.5.0.2 cpe:/a:mozilla:firefox:1.5.0.3 cpe:/a:mozilla:firefox:1.5.0.4 cpe:/a:mozilla:firefox:1.5.0.5 cpe:/a:mozilla:firefox:1.5.0.6 cpe:/a:mozilla:firefox:1.5.0.7 cpe:/a:mozilla:firefox:1.5.0.8 cpe:/a:mozilla:firefox:1.5.0.9 cpe:/a:mozilla:firefox:1.5.6 cpe:/a:mozilla:firefox:1.5.8 cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:firefox:2.0.0.1

CVE-2007-1084

2007-02-22T21:28:00.000-05:00

2018-10-16T12:36:35.047-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

FULLDISC 20070221 Firefox bookmark cross-domain surfing vulnerability MISC http://lcamtuf.coredump.cx/ffbook MISC http://lcamtuf.coredump.cx/ffbook/ SREASON 2304 MISC http://www.heise-security.co.uk/news/85728 BUGTRAQ 20070221 Firefox bookmark cross-domain surfing vulnerability BUGTRAQ 20070221 Re: [Full-disclosure] Firefox bookmark cross-domain surfing vulnerability BUGTRAQ 20070221 Re: [Full-disclosure] Firefox bookmark cross-domain surfing vulnerability BUGTRAQ 20070223 Re: [Full-disclosure] Firefox bookmark cross-domain surfingvulnerability BID 22666 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=371179 Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page.

cpe:/a:google:desktop

CVE-2007-1085

2007-02-22T22:28:00.000-05:00

2018-10-16T12:36:35.767-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SREASON 2301 CERT-VN VU#615857 BUGTRAQ 20070221 Overtaking Google Desktop BUGTRAQ 20070222 RE: Overtaking Google Desktop BID 22650 SECTRACK 1017686 MISC http://www.watchfire.com/resources/Overtaking-Google-Desktop.pdf Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulnerability in google.com to extract the signature for the internal web server, then calling the "under" parameter in Advanced Search with the proper signature.

cpe:/a:ibm:db2_universal_database:8.0::linux cpe:/a:ibm:db2_universal_database:8.1::aix cpe:/a:ibm:db2_universal_database:8.1.4 cpe:/a:ibm:db2_universal_database:8.1.5 cpe:/a:ibm:db2_universal_database:8.1.6 cpe:/a:ibm:db2_universal_database:8.1.6c cpe:/a:ibm:db2_universal_database:8.1.7 cpe:/a:ibm:db2_universal_database:8.1.7b cpe:/a:ibm:db2_universal_database:8.1.8 cpe:/a:ibm:db2_universal_database:8.1.8a cpe:/a:ibm:db2_universal_database:8.1.9 cpe:/a:ibm:db2_universal_database:8.1.9a cpe:/a:ibm:db2_universal_database:8.10 cpe:/a:ibm:db2_universal_database:8.12 cpe:/a:ibm:db2_universal_database:9.1::hp_ux

CVE-2007-1086

2007-02-23T17:28:00.000-05:00

2018-10-30T12:25:10.013-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

IDEFENSE 20070222 IBM DB2 Universal Database Multiple Privilege Escalation Vulnerabilities VIM 20070818 Recent DB2 Vulnerabilities BID 22677 AIXAPAR IY94833 XF db2-setuid-privilege-escalation(32650) Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allow local users to create or modify arbitrary files via unspecified environment variables related to "unsafe file access."

cpe:/a:ibm:db2:8.0 cpe:/a:ibm:db2:8.0:fp13 cpe:/a:ibm:db2:8.0:fp14 cpe:/a:ibm:db2:8.0:fp8 cpe:/a:ibm:db2:8.0:fp9 cpe:/a:ibm:db2:8.1 cpe:/a:ibm:db2:8.1:fp13 cpe:/a:ibm:db2:8.1:fp14 cpe:/a:ibm:db2:8.1.4 cpe:/a:ibm:db2:8.1.5 cpe:/a:ibm:db2:8.1.6 cpe:/a:ibm:db2:8.1.6c cpe:/a:ibm:db2:8.1.7 cpe:/a:ibm:db2:8.1.7b cpe:/a:ibm:db2:8.1.8 cpe:/a:ibm:db2:8.1.8a cpe:/a:ibm:db2:8.1.9 cpe:/a:ibm:db2:8.1.9a cpe:/a:ibm:db2:9.1 cpe:/a:ibm:db2:9.1:fp1

CVE-2007-1087

2007-02-23T17:28:00.000-05:00

2019-05-23T13:02:07.083-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2019-05-23T10:48:54.850-04:00

ALLOWS_ADMIN_ACCESS

IDEFENSE 20070222 IBM DB2 Universal Database Multiple Privilege Escalation Vulnerabilities VIM 20070818 Recent DB2 Vulnerabilities BID 22677 AIXAPAR IY94833 XF db2-bss-bo(32651) IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow.

CVE-2007-1088

2007-02-23T17:28:00.000-05:00

2019-05-23T13:06:48.103-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2019-05-23T10:48:05.413-04:00

ALLOWS_ADMIN_ACCESS

IDEFENSE 20070222 IBM DB2 Universal Database Multiple Privilege Escalation Vulnerabilities VIM 20070818 Recent DB2 Vulnerabilities BID 22677 AIXAPAR IY94833 XF db2-variable-bo(32652) Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables.

cpe:/a:ibm:db2_universal_database:9.1::aix cpe:/a:ibm:db2_universal_database:9.1:ga

CVE-2007-1089

2007-02-23T17:28:00.000-05:00

2018-10-30T12:25:10.013-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

VIM 20070818 Recent DB2 Vulnerabilities VUPEN ADV-2007-0721 AIXAPAR JR25941 IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1 allows local users with table SELECT privileges to perform unauthorized UPDATE and DELETE SQL commands via unknown vectors.

cpe:/a:microsoft:windows_explorer

CVE-2007-1090

2007-02-26T06:28:00.000-05:00

2018-10-16T12:36:36.140-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov MISC http://securityvulns.com/news/Microsoft/Windows/Explorer/DoS.html MISC http://securityvulns.com/Qdocument170.html BUGTRAQ 20070225 Few unreported vulnerabilities by SehaTo BID 22715 Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder.

cpe:/a:microsoft:ie:6.0 cpe:/a:microsoft:ie:6.0:sp1 cpe:/a:microsoft:ie:6.0:sp2 cpe:/a:microsoft:ie:7.0::vista

CVE-2007-1091

2007-02-26T06:28:00.000-05:00

2018-10-16T12:36:36.390-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://lcamtuf.coredump.cx/ietrap FULLDISC 20070223 MSIE7 browser entrapment vulnerability (probably Firefox, too) SREASON 2291 SECTRACK 1018788 BUGTRAQ 20070223 MSIE7 browser entrapment vulnerability (probably Firefox, too) BUGTRAQ 20070223 Secunia Research: Internet Explorer 7 "onunload" Event SpoofingVulnerability HP HPSBST02280 BID 22680 CERT TA07-282A VUPEN ADV-2007-0713 MS MS07-057 XF ie-mozilla-onunload-dos(32647) XF ie-mozilla-onunload-url-spoofing(32649) Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers.

cpe:/a:mozilla:firefox:1.5.0.9 cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:seamonkey:1.0.7

CVE-2007-1092

2007-02-26T12:28:00.000-05:00

2018-10-16T12:36:37.437-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SGI 20070202-01-P SGI 20070301-01-P FULLDISC 20070222 Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr) HP HPSBUX02153 SUSE SUSE-SA:2007:019 SREASON 2302 SLACKWARE SSA:2007-066-05 CERT-VN VU#393921 MANDRIVA MDKSA-2007:050 CONFIRM http://www.mozilla.org/security/announce/2007/mfsa2007-08.html SUSE SUSE-SA:2007:022 REDHAT RHSA-2007:0078 BUGTRAQ 20070223 Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr) BID 22679 SECTRACK 1017701 UBUNTU USN-428-1 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=371321 XF ie-mozilla-onunload-dos(32647) XF mozilla-onunload-code-execution(32648) CONFIRM https://issues.rpath.com/browse/RPL-1103 Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects.

cpe:/a:hitachi:cm2-network_node_manager:05_00::enterprise cpe:/a:hitachi:cm2-network_node_manager:05_00::unlimited cpe:/a:hitachi:cm2-network_node_manager:05_00_c::enterprise cpe:/a:hitachi:cm2-network_node_manager_250:05_00 cpe:/a:hitachi:cm2-network_node_manager_250:05_00_a cpe:/a:hitachi:cm2-network_node_manager_250:05_00_c cpe:/a:hitachi:jp1-cm2-network_node_manager:05_20::enterprise cpe:/a:hitachi:jp1-cm2-network_node_manager:05_20_e::enterprise cpe:/a:hitachi:jp1-cm2-network_node_manager:05_20_f::enterprise cpe:/a:hitachi:jp1-cm2-network_node_manager:06_00::enterprise cpe:/a:hitachi:jp1-cm2-network_node_manager:06_50_a::enterprise cpe:/a:hitachi:jp1-cm2-network_node_manager:06_51::enterprise cpe:/a:hitachi:jp1-cm2-network_node_manager:06_71_c::enterprise cpe:/a:hitachi:jp1-cm2-network_node_manager:06_71_d::enterprise cpe:/a:hitachi:jp1-cm2-network_node_manager:07_00 cpe:/a:hitachi:jp1-cm2-network_node_manager:07_10_04 cpe:/a:hitachi:jp1-cm2-network_node_manager_250:05_20 cpe:/a:hitachi:jp1-cm2-network_node_manager_250:05_20_e cpe:/a:hitachi:jp1-cm2-network_node_manager_250:05_20_f cpe:/a:hitachi:jp1-cm2-network_node_manager_250:06_00 cpe:/a:hitachi:jp1-cm2-network_node_manager_250:06_50_a cpe:/a:hitachi:jp1-cm2-network_node_manager_250:06_51 cpe:/a:hitachi:jp1-cm2-network_node_manager_250:06_71_c cpe:/a:hitachi:jp1-cm2-network_node_manager_250:06_71_d cpe:/a:hitachi:jp1-cm2-network_node_manager_starter:08_00::enterprise cpe:/a:hitachi:jp1-cm2-network_node_manager_starter:08_00_01::enterprise cpe:/a:hitachi:jp1-cm2-network_node_manager_starter_250:08_00 cpe:/a:hitachi:jp1-cm2-network_node_manager_starter_250:08_00_01

CVE-2007-1093

2007-02-26T12:28:00.000-05:00

2017-07-28T21:30:37.640-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://www.hitachi-support.com/security_e/vuls_e/HS07-002_e/index-e.html VUPEN ADV-2007-0739 XF nnm-unspecified-code-execution(32682) XF nnm-unspecified-dos(32683) Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager (NNM) before 07-10-05, and before 08-00-02 in the 08-x series, allow remote attackers to execute arbitrary code, cause a denial of service, or trigger invalid Web utility behavior.

cpe:/a:microsoft:ie:6.0 cpe:/a:microsoft:ie:6.0:sp1 cpe:/a:microsoft:ie:6.0:sp2 cpe:/a:microsoft:ie:7.0::vista

CVE-2007-1094

2007-02-26T12:28:00.000-05:00

2018-10-16T12:36:39.250-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov SREASON 2302 BUGTRAQ 20070223 Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr) BID 22678 XF ie-mozilla-onunload-dos(32647) Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (NULL dereference and application crash) via JavaScript onUnload handlers that modify the structure of a document.

cpe:/a:mozilla:firefox:0.1 cpe:/a:mozilla:firefox:0.2 cpe:/a:mozilla:firefox:0.3 cpe:/a:mozilla:firefox:0.4 cpe:/a:mozilla:firefox:0.5 cpe:/a:mozilla:firefox:0.6 cpe:/a:mozilla:firefox:0.6.1 cpe:/a:mozilla:firefox:0.7 cpe:/a:mozilla:firefox:0.7.1 cpe:/a:mozilla:firefox:0.8 cpe:/a:mozilla:firefox:0.9 cpe:/a:mozilla:firefox:0.9:rc cpe:/a:mozilla:firefox:0.9.1 cpe:/a:mozilla:firefox:0.9.2 cpe:/a:mozilla:firefox:0.9.3 cpe:/a:mozilla:firefox:0.10 cpe:/a:mozilla:firefox:0.10.1 cpe:/a:mozilla:firefox:1.0 cpe:/a:mozilla:firefox:1.0:preview_release cpe:/a:mozilla:firefox:1.0.1 cpe:/a:mozilla:firefox:1.0.2 cpe:/a:mozilla:firefox:1.0.3 cpe:/a:mozilla:firefox:1.0.4 cpe:/a:mozilla:firefox:1.0.5 cpe:/a:mozilla:firefox:1.0.6 cpe:/a:mozilla:firefox:1.0.7 cpe:/a:mozilla:firefox:1.0.8 cpe:/a:mozilla:firefox:1.4.1 cpe:/a:mozilla:firefox:1.5 cpe:/a:mozilla:firefox:1.5:beta1 cpe:/a:mozilla:firefox:1.5:beta2 cpe:/a:mozilla:firefox:1.5.0.1 cpe:/a:mozilla:firefox:1.5.0.2 cpe:/a:mozilla:firefox:1.5.0.3 cpe:/a:mozilla:firefox:1.5.0.4 cpe:/a:mozilla:firefox:1.5.0.5 cpe:/a:mozilla:firefox:1.5.0.6 cpe:/a:mozilla:firefox:1.5.0.7 cpe:/a:mozilla:firefox:1.5.0.8 cpe:/a:mozilla:firefox:1.5.0.9 cpe:/a:mozilla:firefox:1.5.0.10 cpe:/a:mozilla:firefox:1.5.0.11 cpe:/a:mozilla:firefox:1.5.0.12 cpe:/a:mozilla:firefox:1.5.1 cpe:/a:mozilla:firefox:1.5.2 cpe:/a:mozilla:firefox:1.5.3 cpe:/a:mozilla:firefox:1.5.4 cpe:/a:mozilla:firefox:1.5.5 cpe:/a:mozilla:firefox:1.5.6 cpe:/a:mozilla:firefox:1.5.7 cpe:/a:mozilla:firefox:1.5.8 cpe:/a:mozilla:firefox:1.8 cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:firefox:2.0.0.2 cpe:/a:mozilla:firefox:2.0.0.3 cpe:/a:mozilla:firefox:2.0.0.4 cpe:/a:mozilla:firefox:2.0.0.5 cpe:/a:mozilla:firefox:2.0.0.6 cpe:/a:mozilla:firefox:2.0.0.7 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:seamonkey:1.1.4

CVE-2007-1095

2007-02-26T12:28:00.000-05:00

2018-10-16T12:36:39.577-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

HP HPSBUX02153 MISC http://lcamtuf.coredump.cx/ietrap/ff/ FULLDISC 20070223 MSIE7 browser entrapment vulnerability (probably Firefox, too) SREASON 2310 SECTRACK 1018837 SUNALERT 201516 CONFIRM http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html DEBIAN DSA-1392 DEBIAN DSA-1396 DEBIAN DSA-1401 GENTOO GLSA-200711-14 MANDRIVA MDKSA-2007:202 CONFIRM http://www.mozilla.org/security/announce/2007/mfsa2007-30.html SUSE SUSE-SA:2007:057 REDHAT RHSA-2007:0979 REDHAT RHSA-2007:0980 REDHAT RHSA-2007:0981 BUGTRAQ 20070223 Firefox: onUnload tailgating (MSIE7 entrapment bug variant) BUGTRAQ 20070223 MSIE7 browser entrapment vulnerability (probably Firefox, too) BUGTRAQ 20071026 rPSA-2007-0225-1 firefox BUGTRAQ 20071029 FLEA-2007-0062-1 firefox BUGTRAQ 20071029 rPSA-2007-0225-2 firefox thunderbird BID 22688 UBUNTU USN-536-1 VUPEN ADV-2007-3544 VUPEN ADV-2007-3587 VUPEN ADV-2008-0083 MISC https://bugzilla.mozilla.org/show_bug.cgi?id=371360 XF ie-mozilla-onunload-dos(32647) XF ie-mozilla-onunload-url-spoofing(32649) CONFIRM https://issues.rpath.com/browse/RPL-1858 UBUNTU USN-535-1 FEDORA FEDORA-2007-3431 FEDORA FEDORA-2007-2601 FEDORA FEDORA-2007-2664 Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.

cpe:/a:virtuemart:virtuemart:1.0.8

CVE-2007-1096

2007-02-26T12:28:00.000-05:00

2018-08-13T17:47:28.837-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

CONFIRM http://virtuemart.svn.sourceforge.net/viewvc/*checkout*/virtuemart/trunk/virtuemart/CHANGELOG.php?revision=692 VUPEN ADV-2007-0817 Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart before 20070116 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue might overlap CVE-2007-0376.

cpe:/a:wiclear:wiclear:0.11

CVE-2007-1097

2007-02-26T12:28:00.000-05:00

2017-07-28T21:30:37.890-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://wiclear.free.fr/?Download VUPEN ADV-2007-0792 XF wiclear-onattachfiles-file-upload(32757) Unrestricted file upload vulnerability in the onAttachFiles function in the upload tool (inc/lib/attachment.lib.php) in Wiclear before 0.11.1 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to filename validation. NOTE: some details were obtained from third party information.

cpe:/a:scrymud:scrymud:2.1.10

CVE-2007-1098

2007-02-26T12:28:00.000-05:00

2008-11-15T01:43:14.703-05:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://scrymud.net/downloads/Changelog-2.1.10-2.1.11.txt MLIST [ScryMUD] 20070223 ScryMUD 2.1.11 (stable) has been released. Multiple unspecified vulnerabilities in ScryMUD before 2.1.11 have unknown impact and attack vectors, possibly related to denial of service caused by a search that begins with a .* sequence.

cpe:/a:dropbear_ssh_project:dropbear_ssh:0.28 cpe:/a:dropbear_ssh_project:dropbear_ssh:0.29 cpe:/a:dropbear_ssh_project:dropbear_ssh:0.30 cpe:/a:dropbear_ssh_project:dropbear_ssh:0.31 cpe:/a:dropbear_ssh_project:dropbear_ssh:0.32 cpe:/a:dropbear_ssh_project:dropbear_ssh:0.33 cpe:/a:dropbear_ssh_project:dropbear_ssh:0.34 cpe:/a:dropbear_ssh_project:dropbear_ssh:0.35 cpe:/a:dropbear_ssh_project:dropbear_ssh:0.36 cpe:/a:dropbear_ssh_project:dropbear_ssh:0.37 cpe:/a:dropbear_ssh_project:dropbear_ssh:0.38 cpe:/a:dropbear_ssh_project:dropbear_ssh:0.39 cpe:/a:dropbear_ssh_project:dropbear_ssh:0.40 cpe:/a:dropbear_ssh_project:dropbear_ssh:0.41 cpe:/a:dropbear_ssh_project:dropbear_ssh:0.42 cpe:/a:dropbear_ssh_project:dropbear_ssh:0.43 cpe:/a:dropbear_ssh_project:dropbear_ssh:0.44 cpe:/a:dropbear_ssh_project:dropbear_ssh:0.44:test1 cpe:/a:dropbear_ssh_project:dropbear_ssh:0.44:test2 cpe:/a:dropbear_ssh_project:dropbear_ssh:0.44:test3 cpe:/a:dropbear_ssh_project:dropbear_ssh:0.44:test4 cpe:/a:dropbear_ssh_project:dropbear_ssh:0.45 cpe:/a:dropbear_ssh_project:dropbear_ssh:0.46 cpe:/a:dropbear_ssh_project:dropbear_ssh:0.47 cpe:/a:dropbear_ssh_project:dropbear_ssh:0.48 cpe:/a:dropbear_ssh_project:dropbear_ssh:0.48.1

CVE-2007-1099

2007-02-26T12:28:00.000-05:00

2018-10-30T12:28:03.390-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2018-09-20T08:10:20.660-04:00

CONFIRM http://matt.ucc.asn.au/dropbear/CHANGES BID 22761 VUPEN ADV-2007-0785 XF dropbear-hostkey-weak-security(32762) dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which might allow remote attackers to conduct man-in-the-middle attacks.

cpe:/a:pickle:pickle

CVE-2007-1100

2007-02-26T12:28:00.000-05:00

2018-10-16T12:36:46.343-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

NONE

http://nvd.nist.gov SREASON 2293 CONFIRM http://user.ceng.metu.edu.tr/~ahmet/Wiki/Software/pickle/pickle BUGTRAQ 20070223 pickle download local file BID 22703 VUPEN ADV-2007-0748 XF pickle-download-directory-traversal(32712) Directory traversal vulnerability in download.php in Ahmet Sacan Pickle before 20070301 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

cpe:/a:photostand:photostand:1.2.0

CVE-2007-1101

2007-02-26T12:28:00.000-05:00

2018-10-16T12:36:46.767-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2296 BUGTRAQ 20070224 Photostand_1.2.0 Multiple Cross Site Scripting BID 22706 BID 22707 VUPEN ADV-2007-0752 XF photostand-index-xss(32701) Multiple cross-site scripting (XSS) vulnerabilities in Photostand 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) message ("comment") or (2) name field, or the (3) q parameter in a search action in index.php.

cpe:/a:photostand:photostand:1.2.0

CVE-2007-1102

2007-02-26T12:28:00.000-05:00

2018-10-16T12:36:47.140-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2296 BUGTRAQ 20070224 Photostand_1.2.0 Multiple Cross Site Scripting VUPEN ADV-2007-0752 XF photostand-index-path-disclosure(32702) Photostand 1.2.0 allows remote attackers to obtain sensitive information via a ' (quote) character in (1) a PHPSESSID cookie or (2) the id parameter in an article action in index.php, which reveal the path in various error messages.

cpe:/a:tor:tor:0.1.1.26

CVE-2007-1103

2007-02-26T12:28:00.000-05:00

2008-11-15T01:43:18.127-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov MLIST [or-talk] 20070225 "Low-Resource Routing Attacks Against Anonymous Systems" MLIST [or-talk] 20070225 Re: "Low-Resource Routing Attacks Against Anonymous Systems" MLIST [or-talk] 20070225 Re: ISP controlling entry/exti ("Low-Resource Routing Attacks Against Anonymous Systems") MISC http://www.cs.colorado.edu/department/publications/reports/docs/CU-CS-1025-07.pdf Tor does not verify a node's uptime and bandwidth advertisements, which allows remote attackers who operate a low resource node to make false claims of greater resources, which places the node into use for many circuits and compromises the anonymity of traffic sources and destinations.

cpe:/a:php_mip:php_mip:0.1

CVE-2007-1104

2007-02-26T12:28:00.000-05:00

2017-10-10T21:31:45.517-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 22714 VUPEN ADV-2007-0732 XF phpmodule-top-file-include(32672) EXPLOIT-DB 3374 PHP remote file inclusion vulnerability in top.php in PHP Module Implementation (PHP-MIP) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the laypath parameter.

cpe:/a:extreme_phpbb:extreme_phpbb:3.0.1

CVE-2007-1105

2007-02-26T12:28:00.000-05:00

2017-10-10T21:31:45.580-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 22708 VUPEN ADV-2007-0733 XF extremephpbb-functions-file-include(32685) EXPLOIT-DB 3370 PHP remote file inclusion vulnerability in functions.php in Extreme phpBB (aka phpBB Extreme) 3.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

cpe:/a:nomoketos_rules:nomoketos_rules:0.0.1

CVE-2007-1106

2007-02-26T12:28:00.000-05:00

2017-10-10T21:31:45.657-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BID 22713 VUPEN ADV-2007-0735 XF nomoketo-functions-file-include(32686) EXPLOIT-DB 3373 PHP remote file inclusion vulnerability in includes/functions_nomoketos_rules.php in the NoMoKeTos Rules 0.0.1 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

cpe:/a:coppermine:coppermine_photo_gallery:1.3 cpe:/a:coppermine:coppermine_photo_gallery:1.3.2 cpe:/a:coppermine:coppermine_photo_gallery:1.3.3 cpe:/a:coppermine:coppermine_photo_gallery:1.3.4

CVE-2007-1107

2007-02-26T12:28:00.000-05:00

2018-10-16T12:36:47.407-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov SREASON 2297 BUGTRAQ 20070224 Coppermine Photo Gallery 1.3.x Blind SQL Injection Exploit BID 22709 BID 27372 XF coppermine-thumbnails-sql-injection(32688) XF copperminephoto-thumbnails-sql-injection(39806) EXPLOIT-DB 3371 EXPLOIT-DB 4950 EXPLOIT-DB 4961 SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using similar cookies.

cpe:/a:cs-gallery:cs-gallery:2.0

CVE-2007-1108

2007-02-26T12:28:00.000-05:00

2017-10-10T21:31:45.800-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22712 VUPEN ADV-2007-0734 XF csgallery-index-file-include(32674) EXPLOIT-DB 3372 PHP remote file inclusion vulnerability in index.php in Christian Schneider CS-Gallery 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the album parameter during a securealbum todo action.

cpe:/a:phpwebgallery:phpwebgallery:1.6.1

CVE-2007-1109

2007-02-26T12:28:00.000-05:00

2018-10-16T12:36:48.220-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2298 BUGTRAQ 20070224 Phpwebgallery-1.4.1, Multiple Cross Site Scripting BID 22711 XF phpwebgallery-register-search-xss(32687) Multiple cross-site scripting (XSS) vulnerabilities in Phpwebgallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) login or (2) mail_address field in Register.php, or the (3) search_author, (4) mode, (5) start_year, (6) end_year, or (7) date_type field in Search.php, a different vulnerability than CVE-2006-1674. NOTE: 1.6.2 and other versions might also be affected.

cpe:/a:activecalendar:activecalendar:1.2.0

CVE-2007-1110

2007-02-26T12:28:00.000-05:00

2018-10-16T12:36:48.703-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2299 BUGTRAQ 20070224 ActiveCalendar 1.2.0, Multiple vulnerabilities BUGTRAQ 20070224 Re: ActiveCalendar 1.2.0, Multiple vulnerabilities BID 22704 VUPEN ADV-2007-0759 XF activecalendar-showcode-file-include(32691) Directory traversal vulnerability in data/showcode.php in ActiveCalendar 1.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter.

cpe:/a:activecalendar:activecalendar:1.2.0

CVE-2007-1111

2007-02-26T12:28:00.000-05:00

2018-10-16T12:36:49.203-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2299 BUGTRAQ 20070224 ActiveCalendar 1.2.0, Multiple vulnerabilities BUGTRAQ 20070224 Re: ActiveCalendar 1.2.0, Multiple vulnerabilities BID 22705 VUPEN ADV-2007-0759 XF activecalendar-multiple-scripts-xss(32690) Multiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the css parameter to (1) flatevents.php, (2) js.php, (3) mysqlevents.php, (4) m_2.php, (5) m_3.php, (6) m_4.php, (7) xmlevents.php, (8) y_2.php, or (9) y_3.php in data/.

cpe:/a:kaspersky_lab:kaspersky_anti-virus:6.0::windows_workstation cpe:/a:kaspersky_lab:kaspersky_internet_security:6.0:maintenance_pack_2

CVE-2007-1112

2007-04-05T20:19:00.000-04:00

2018-10-16T12:36:50.327-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://www.kaspersky.com/technews?id=203038694 BUGTRAQ 20070405 ZDI-07-014: Kaspersky Anti-Virus ActiveX Control Unsafe Method Exposure Vulnerablity BID 23345 SECTRACK 1017884 SECTRACK 1017885 VUPEN ADV-2007-1268 MISC http://www.zerodayinitiative.com/advisories/ZDI-07-014.html XF kaspersky-startuploading-info-disclosure(33464) Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods.

cpe:/a:microsoft:ie:7.0::vista

CVE-2007-1114

2007-02-26T18:28:00.000-05:00

2018-10-16T12:36:50.827-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov MISC http://www.hardened-php.net/advisory_032007.142.html BUGTRAQ 20070223 Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability BID 22701 VUPEN ADV-2007-0744 The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.

cpe:/a:opera:opera_browser:9.0 cpe:/a:opera:opera_browser:9.0:beta1 cpe:/a:opera:opera_browser:9.0:beta2 cpe:/a:opera:opera_browser:9.01 cpe:/a:opera:opera_browser:9.02 cpe:/a:opera:opera_browser:9.10 cpe:/a:opera:opera_browser:9.12 cpe:/a:opera:opera_browser:9.20 cpe:/a:opera:opera_browser:9.20:beta1

CVE-2007-1115

2007-02-26T18:28:00.000-05:00

2018-10-16T12:36:51.093-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov MISC http://www.hardened-php.net/advisory_032007.142.html SUSE SUSE-SA:2007:028 CONFIRM http://www.opera.com/support/search/view/855/ BUGTRAQ 20070223 Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability BID 22701 SECTRACK 1017909 VUPEN ADV-2007-0745 The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.

cpe:/a:mozilla:firefox:1.8

CVE-2007-1116

2007-02-26T18:28:00.000-05:00

2018-10-16T12:36:51.530-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2309 MISC http://www.gnucitizen.org/projects/hscan-redux/ BUGTRAQ 20070223 Firefox Cache Hack - Firefox History Hack redux BUGTRAQ 20070223 Re: [Full-disclosure] Firefox Cache Hack - Firefox History Hack redux CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=371375 The CheckLoadURI function in Mozilla Firefox 1.8 lists the about: URI as a ChromeProtocol and can be loaded via JavaScript, which allows remote attackers to obtain sensitive information by querying the browser's session history.

cpe:/a:microsoft:publisher:2007

CVE-2007-1117

2007-02-26T21:28:00.000-05:00

2008-11-15T01:43:22.467-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

MISC http://news.com.com/2100-1002_3-6161835.html MISC http://research.eeye.com/html/advisories/upcoming/20070216.html BID 22702 Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.

cpe:/a:efiction:efiction:3.1.1

CVE-2007-1118

2007-02-26T21:28:00.000-05:00

2017-10-10T21:31:45.860-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22682 VUPEN ADV-2007-0708 XF efiction-pathtosmf-file-include(32662) EXPLOIT-DB 3361 Multiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path_to_smf parameter to (1) bridges/SMF/logout.php or (2) get_session_vars.php.

cpe:/a:novell:zenworks:7:sp1

CVE-2007-1119

2007-02-26T21:28:00.000-05:00

2011-03-07T21:51:20.143-05:00

6.4

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 22686 VUPEN ADV-2007-0712 CONFIRM https://secure-support.novell.com/KanisaPlatform/Publishing/408/3563780_f.SAL_Public.html CONFIRM https://secure-support.novell.com/KanisaPlatform/Publishing/650/3484245_f.SAL_Public.html Unspecified vulnerability in Novell ZENworks 7 Desktop Management Support Pack 1 before Hot patch 3 (ZDM7SP1HP3) allows remote attackers to upload images to certain folders that were not configured in the "Only allow uploads to the following directories" setting via unspecified vectors.

cpe:/a:steema_software:teechart_pro:7.0.1.3

CVE-2007-1120

2007-02-26T21:28:00.000-05:00

2017-07-28T21:30:38.890-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

BID 22689 XF teechart-activex-file-upload(32694) The (1) Import.LoadFromURL and (2) Export.asText.SaveToFile functions in TeeChart Pro ActiveX control (TeeChart7.ocx) allow remote attackers to download a crafted .tee file to an arbitrary location. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:zephyrsoft_toolbox:address_book_continued:1.00 cpe:/a:zephyrsoft_toolbox:address_book_continued:1.01

CVE-2007-1121

2007-02-26T21:28:00.000-05:00

2017-07-28T21:30:38.937-04:00

6.4

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://sourceforge.net/project/shownotes.php?release_id=488406 BID 22685 VUPEN ADV-2007-0715 XF zephyrsoft-id-sql-injection(32665) Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php. NOTE: some of these details are obtained from third party information.

cpe:/a:zephyrsoft_toolbox:address_book_continued:1.00 cpe:/a:zephyrsoft_toolbox:address_book_continued:1.01

CVE-2007-1122

2007-02-26T21:28:00.000-05:00

2011-03-07T21:51:20.423-05:00

6.4

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://sourceforge.net/project/downloading.php?group_id=153333&use_mirror=osdn&filename=abc-1.02.zip BID 22685 VUPEN ADV-2007-0715 Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 and 1.01 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php, a variant of a SQL injection issue that was fixed in 1.01. NOTE: some of these details are obtained from third party information.

cpe:/a:zpanel:zpanel:2.0

CVE-2007-1123

2007-02-26T21:28:00.000-05:00

2017-07-28T21:30:39.000-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22683 VUPEN ADV-2007-0710 XF zpanel-template-file-include(32659) XF zpanel-zpanel-file-include(32680) Multiple PHP remote file inclusion vulnerabilities in ZPanel 2.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the body parameter to templates/ZPanelV2/template.php or (2) the page parameter to zpanel.php. NOTE: the zpanel.php vector may overlap CVE-2005-0793.2. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:xeroxer:simple_one-file_gallery:0.6

CVE-2007-1124

2007-02-26T21:28:00.000-05:00

2018-10-16T12:36:51.813-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2292 BUGTRAQ 20070223 Simple one-file gallery BID 22700 XF sofg-gallery-file-include(32654) Directory traversal vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.

cpe:/a:xeroxer:simple_one-file_gallery:0.6

CVE-2007-1125

2007-02-26T21:28:00.000-05:00

2018-10-16T12:36:52.077-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2292 BUGTRAQ 20070223 Simple one-file gallery BID 22700 VUPEN ADV-2007-0740 XF sofg-gallery-xss(32655) Cross-site scripting (XSS) vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to inject arbitrary web script or HTML via the f parameter.

cpe:/a:xt-commerce:xt-commerce_community_made_shopping:2.0:rc_1.2

CVE-2007-1126

2007-02-26T21:28:00.000-05:00

2018-10-16T12:36:52.390-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2294 BUGTRAQ 20070223 xtcommerce local file include BID 22698 VUPEN ADV-2007-0746 XF xtcommerce-index-file-include(32656) Directory traversal vulnerability in index.php in xtcommerce allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.

cpe:/a:watersweb_shops:shop_kit_plus:initial

CVE-2007-1127

2007-02-26T21:28:00.000-05:00

2018-10-16T12:36:52.703-04:00

6.4

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2295 BUGTRAQ 20070223 shopkitplus local file include BID 22697 VUPEN ADV-2007-0747 XF shopkitplus-stylecss-file-include(32660) Directory traversal vulnerability in enc/stylecss.php in shopkitplus allows remote attackers to read arbitrary files via a .. (dot dot) in the changetheme parameter.

cpe:/a:watersweb_shops:shop_kit_plus:initial

CVE-2007-1128

2007-02-26T21:28:00.000-05:00

2018-10-16T12:36:53.047-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2295 BUGTRAQ 20070223 shopkitplus local file include XF shopkitplus-events-stylecss-info-disclosure(32661) shopkitplus allows remote attackers to obtain sensitive information via a request to (1) events.php with a curmonth[]=01 query string or (2) enc/stylecss.php with a changetheme[]= query string, which reveals the path in various error messages.

cpe:/a:mtcms:mtcms:3.2

CVE-2007-1129

2007-02-26T21:28:00.000-05:00

2018-10-16T12:36:53.327-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov BUGTRAQ 20070223 MTCMS multiple upload vulnerabilities BID 22690 VUPEN ADV-2007-0755 Multiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow remote attackers to upload and execute files via (1) an avatar upload in an add_down action, or (2) an add_link action.

cpe:/a:scipter.ch:gastebuch:2.2

CVE-2007-1130

2007-02-26T21:28:00.000-05:00

2017-10-10T21:31:45.907-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22696 VUPEN ADV-2007-0737 XF sinapis-gastebuch-sinagb-file-include(32657) EXPLOIT-DB 3366 PHP remote file inclusion vulnerability in sinagb.php in Sinapis Gastebuch 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter.

cpe:/a:scripter.ch:sinapis_forum:2.2

CVE-2007-1131

2007-02-26T21:28:00.000-05:00

2017-10-10T21:31:45.957-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22699 VUPEN ADV-2007-0738 XF sinapisforum-sinapis-file-include(32658) EXPLOIT-DB 3367 PHP remote file inclusion vulnerability in sinapis.php in Sinapis Forum 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter.

cpe:/a:mtcms:mtcms:2.2

CVE-2007-1132

2007-02-26T21:28:00.000-05:00

2018-10-16T12:36:53.563-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BUGTRAQ 20070223 MTCMS multiple upload vulnerabilities BID 22690 VUPEN ADV-2007-0755 Multiple cross-site scripting (XSS) vulnerabilities in the "Contact Us" functionality in MTCMS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) message and (2) title fields.

cpe:/a:scripter.ch:fcring:1.3 cpe:/a:scripter.ch:fcring:1.31

CVE-2007-1133

2007-02-26T21:28:00.000-05:00

2017-10-10T21:31:46.017-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22693 VUPEN ADV-2007-0736 XF fcring-fcring-file-include(32653) EXPLOIT-DB 3365 PHP remote file inclusion vulnerability in fcring.php in FCRing 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the s_fuss parameter.

cpe:/a:watchtower:watchtower:0.1:alpha cpe:/a:watchtower:watchtower:0.11

CVE-2007-1134

2007-03-02T16:18:00.000-05:00

2011-03-07T21:51:21.657-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://sourceforge.net/project/shownotes.php?release_id=486435&group_id=188798 BID 22721 VUPEN ADV-2007-0743 Unspecified vulnerability in Watchtower (WT) before 0.12 has unknown impact and attack vectors, related to "unauthorized accounts."

cpe:/a:sourceforge:webmplayer:0.6.1-alpha

CVE-2007-1135

2007-03-02T16:18:00.000-05:00

2011-03-07T21:51:21.750-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

CONFIRM http://sourceforge.net/project/shownotes.php?release_id=486880&group_id=172354 BID 22726 VUPEN ADV-2007-0742 Multiple SQL injection vulnerabilities in WebMplayer before 0.6.1-Alpha allow remote attackers to execute arbitrary SQL commands via the (1) strid parameter to index.php and the (2) id[0] or other id array index parameter to filecheck.php.

cpe:/a:webmplayer:webmplayer:0.1 cpe:/a:webmplayer:webmplayer:0.2.1 cpe:/a:webmplayer:webmplayer:0.3 cpe:/a:webmplayer:webmplayer:0.3.1 cpe:/a:webmplayer:webmplayer:0.3.2 cpe:/a:webmplayer:webmplayer:0.3.3 cpe:/a:webmplayer:webmplayer:0.4 cpe:/a:webmplayer:webmplayer:0.5:alpha cpe:/a:webmplayer:webmplayer:0.5.1:alpha cpe:/a:webmplayer:webmplayer:0.6:alpha

CVE-2007-1136

2007-03-02T16:18:00.000-05:00

2011-03-07T21:51:21.860-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VIM 20070227 WebMplayer "eval injection" is actually OS command injection CONFIRM http://sourceforge.net/project/shownotes.php?release_id=486880&group_id=172354 BID 22726 VUPEN ADV-2007-0742 index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to execute arbitrary code via shell metacharacters in an exec function call. NOTE: some sources have referred to this as eval injection in the param parameter, but CVE source inspection suggests that this is erroneous.

cpe:/a:sourceforge:putmail:.8 cpe:/a:sourceforge:putmail:.9 cpe:/a:sourceforge:putmail:.10 cpe:/a:sourceforge:putmail:.11 cpe:/a:sourceforge:putmail:.12 cpe:/a:sourceforge:putmail:1.0 cpe:/a:sourceforge:putmail:1.1 cpe:/a:sourceforge:putmail:1.2 cpe:/a:sourceforge:putmail:1.3

CVE-2007-1137

2007-03-02T16:18:00.000-05:00

2017-07-28T21:30:39.470-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://putmail.sourceforge.net/home.html BID 22718 VUPEN ADV-2007-0753 XF putmail-tls-password-plaintext(32689) putmail.py in Putmail before 1.4 does not detect when a user attempts to use TLS with a server that does not support it, which causes putmail.py to send the username and password in plaintext while the user believes encryption is in use, and allows remote attackers to obtain sensitive information.

cpe:/a:cromosoft:simple_plantilla_php:-

CVE-2007-1138

2007-03-02T16:18:00.000-05:00

2018-10-16T12:36:53.813-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2332 BUGTRAQ 20070222 Plantilla PHP Simple BID 22669 Absolute path traversal vulnerability in list_main_pages.php in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to list arbitrary directories, and read arbitrary files, via an absolute pathname in the nfolder parameter.

cpe:/a:cromosoft:simple_plantilla_php:-

CVE-2007-1139

2007-03-02T16:18:00.000-05:00

2018-10-16T12:36:54.030-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SREASON 2332 BUGTRAQ 20070222 Plantilla PHP Simple BID 22669 Unrestricted file upload vulnerability in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to upload arbitrary scripts via a filename with a double extension.

cpe:/a:barekoncept:pheap:-

CVE-2007-1140

2007-03-02T16:18:00.000-05:00

2018-10-16T12:36:54.237-04:00

9.4

NETWORK

LOW

NONE

COMPLETE

NONE

http://nvd.nist.gov SREASON 2354 BUGTRAQ 20070222 pheap [edit LFI] vulnerability BID 22670 Directory traversal vulnerability in edit.php in pheap allows remote attackers to read and modify arbitrary files via a .. (dot dot) in the filename parameter.

cpe:/a:reamday_enterprises:magic_news_plus:1.0.2

CVE-2007-1141

2007-03-02T16:18:00.000-05:00

2018-10-16T12:36:54.437-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

SREASON 2334 BUGTRAQ 20070221 Magic News Plus File Inclusion And Xss Vulnerabilitis BID 22661 PHP remote file inclusion vulnerability in preview.php in Magic News Plus 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the php_script_path parameter. NOTE: This issue may overlap CVE-2006-0723.

cpe:/a:reamday_enterprises:magic_news_plus:1.0.2

CVE-2007-1142

2007-03-02T16:18:00.000-05:00

2018-10-16T12:36:54.657-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2334 BUGTRAQ 20070221 Magic News Plus File Inclusion And Xss Vulnerabilitis BID 22661 Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the link_parameters parameter in (1) news.php and (2) n_layouts.php.

cpe:/a:jeunes-webmasters:j-web_pics_navigator:1.0 cpe:/a:jeunes-webmasters:j-web_pics_navigator:2.0

CVE-2007-1143

2007-03-02T16:18:00.000-05:00

2018-10-16T12:36:54.907-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

NONE

http://nvd.nist.gov MISC http://forums.avenir-geopolitique.net/viewtopic.php?t=2692 SREASON 2340 BUGTRAQ 20070222 Pics Navigator Directory Traversal Vulnerability XF picsnavigator-dir-directory-traversal(32646) Directory traversal vulnerability in pn-menu.php in J-Web Pics Navigator 1.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter.

cpe:/a:comscripts:j-web_pics_navigator:1.0 cpe:/a:comscripts:j-web_pics_navigator:2.0

CVE-2007-1144

2007-03-02T16:18:00.000-05:00

2018-10-16T12:36:55.157-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov MISC http://forums.avenir-geopolitique.net/viewtopic.php?t=2692 SREASON 2340 BUGTRAQ 20070222 Pics Navigator Directory Traversal Vulnerability BID 22681 VUPEN ADV-2007-0711 XF picsnavigator-dir-directory-traversal(32646) Directory traversal vulnerability in jwpn-photos.php in J-Web Pics Navigator 2.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter.

cpe:/a:kayako:esupport:3.00.13 cpe:/a:kayako:esupport:3.04.10

CVE-2007-1145

2007-03-02T16:18:00.000-05:00

2018-10-16T12:36:55.577-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2335 BUGTRAQ 20070219 ESupport Multiple HTML Injection Vulnerabilities BID 22631 VUPEN ADV-2007-0717 Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3.00.13 and 3.04.10 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a (1) lostpassword or (2) register action in index.php, (3) unspecified vectors in the Submit form in a submit action in index.php, and (4) the user's name in index.php; and (5) allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the Admin and Staff Control Panel. NOTE: this might issue overlap CVE-2004-1412, CVE-2005-0487, or CVE-2005-0842.

cpe:/a:delmaa.com:arabhost

CVE-2007-1146

2007-03-02T16:18:00.000-05:00

2018-10-16T12:36:55.877-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VIM 20070227 Verified: arabhost function.php RFI SREASON 2339 BUGTRAQ 20070222 Hasadya Raed PHP remote file inclusion vulnerability in function.php in arabhost allows remote attackers to execute arbitrary PHP code via a URL in the adminfolder parameter.

cpe:/a:hbm:hbm

CVE-2007-1147

2007-03-02T16:18:00.000-05:00

2018-10-16T12:36:56.063-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2339 BUGTRAQ 20070222 Hasadya Raed PHP remote file inclusion vulnerability in view.php in hbm allows remote attackers to execute arbitrary PHP code via a URL in the hbmpath parameter.

cpe:/a:lovecms:lovecms:1.4

CVE-2007-1148

2007-03-02T16:18:00.000-05:00

2018-10-16T12:36:56.187-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2338 BUGTRAQ 20070222 LoveCMS 1.4 multiple vulnerabilities BID 22675 VUPEN ADV-2007-0716 PHP remote file inclusion vulnerability in install/index.php in LoveCMS 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter.

cpe:/a:lovecms:lovecms:1.4

CVE-2007-1149

2007-03-02T16:18:00.000-05:00

2018-10-16T12:36:56.423-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2338 BUGTRAQ 20070222 LoveCMS 1.4 multiple vulnerabilities BID 22675 VUPEN ADV-2007-0716 Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the step parameter to install/index.php or (2) the load parameter to the top-level URI.

cpe:/a:lovecms:lovecms:1.4

CVE-2007-1150

2007-03-02T16:18:00.000-05:00

2018-10-16T12:36:56.673-04:00

3.6

NETWORK

HIGH

SINGLE_INSTANCE

NONE

PARTIAL

http://nvd.nist.gov SREASON 2338 BUGTRAQ 20070222 LoveCMS 1.4 multiple vulnerabilities BID 22675 Unrestricted file upload vulnerability in LoveCMS 1.4 allows remote authenticated administrators to upload arbitrary files to /modules/content/pictures/tmp/.

cpe:/a:lovecms:lovecms:1.4

CVE-2007-1151

2007-03-02T16:18:00.000-05:00

2018-10-16T12:36:56.937-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2338 BUGTRAQ 20070222 LoveCMS 1.4 multiple vulnerabilities BID 22675 VUPEN ADV-2007-0716 Cross-site scripting (XSS) vulnerability in LoveCMS 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter to the top-level URI, possibly related to a SQL error.

cpe:/a:pyrophobia:pyrophobia:2.1.3.1

CVE-2007-1152

2007-03-02T16:18:00.000-05:00

2017-10-10T21:31:46.080-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 22667 BID 33861 EXPLOIT-DB 8095 Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) act or (2) pid parameter to the top-level URI (index.php), or the (3) action parameter to admin/index.php. NOTE: some of these details are obtained from third party information.

cpe:/a:cutephp:cutenews:1.3.6

CVE-2007-1153

2007-03-02T16:18:00.000-05:00

2008-11-15T01:43:31.093-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22674 Multiple PHP remote file inclusion vulnerabilities in CutePHP CuteNews 1.3.6 allow remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: issue might overlap CVE-2004-1660 or CVE-2006-4445.

cpe:/a:webspell:webspell

CVE-2007-1154

2007-03-02T16:18:00.000-05:00

2018-10-16T12:36:57.250-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2337 BUGTRAQ 20070222 WebSpell > 4.0 Authentication Bypass and arbitrary code execution XF webspell-login-sql-injection(32669) SQL injection vulnerability in webSPELL allows remote attackers to execute arbitrary SQL commands via a ws_auth cookie, a different vulnerability than CVE-2006-4782.

cpe:/a:webspell:webspell

CVE-2007-1155

2007-03-02T16:18:00.000-05:00

2018-10-16T12:36:57.517-04:00

4.6

NETWORK

HIGH

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2337 BUGTRAQ 20070222 WebSpell > 4.0 Authentication Bypass and arbitrary code execution XF webspell-addsquad-file-upload(32670) Unrestricted file upload vulnerability in webSPELL allows remote authenticated administrators to upload and execute arbitrary PHP code via the add squad feature. NOTE: this issue may be an administrative feature, in which case this CVE may be REJECTED.

cpe:/a:man_machine_systems:jbrowser

CVE-2007-1156

2007-03-02T16:18:00.000-05:00

2018-10-16T12:36:57.783-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://forums.avenir-geopolitique.net/viewtopic.php?t=2693 SREASON 2370 SECTRACK 1008909 BUGTRAQ 20070222 JBrowser acces to admin/config files BUGTRAQ 20070223 JBrowser Acces to Admin Panel Exploit BID 9537 JBrowser allows remote attackers to bypass authentication and access certain administrative capabilities via a direct request for _admin/.

cpe:/a:jboss:jboss

CVE-2007-1157

2007-03-02T16:18:00.000-05:00

2018-10-16T12:36:58.267-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

BUGTRAQ 20070222 JBoss jmx-console CSRF BUGTRAQ 20070223 Re: JBoss jmx-console CSRF XF jboss-jmxconsole-csrf(32673) Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733.

cpe:/a:postnuke_software_foundation:pagesetter:6.2 cpe:/a:postnuke_software_foundation:pagesetter:6.3.0:beta_5

CVE-2007-1158

2007-03-02T16:18:00.000-05:00

2018-10-16T12:36:58.547-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov FULLDISC 20070226 SEC Consult SA-20070226-0 :: File Disclosure in FULLDISC 20070227 Re:SEC Consult SA-20070226-0 :: File Disclosure SREASON 2336 CONFIRM http://www.elfisk.dk/index.php?module=pagesetter&func=viewpub&tid=7&pid=125 BUGTRAQ 20070226 SEC Consult SA-20070226-0 :: File Disclosure in Pagesetter for PostNuke BID 22733 VUPEN ADV-2007-0758 XF pagesetter-index-directory-traversal(32695) Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 through 6.3.0 beta 5 module for PostNuke allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.

cpe:/a:pyrophobia:pyrophobia:2.1.3.1

CVE-2007-1159

2007-03-02T16:18:00.000-05:00

2008-11-15T01:43:32.453-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 22667 Cross-site scripting (XSS) vulnerability in modules/out.php in Pyrophobia 2.1.3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:webspell:webspell:4.0

CVE-2007-1160

2007-03-02T16:18:00.000-05:00

2018-10-16T12:36:59.237-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SREASON 2337 BUGTRAQ 20070222 WebSpell > 4.0 Authentication Bypass and arbitrary code execution webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782.

cpe:/a:call_center_software:call_center_software:0.93

CVE-2007-1161

2007-03-02T16:18:00.000-05:00

2018-10-16T12:36:59.533-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2333 VIM 20070222 [TRUE] Call Center Software - Remote Xss Post Exploit - BUGTRAQ 20070221 Call Center Software - Remote Xss Post Exploit - Cross-site scripting (XSS) vulnerability in call_entry.php in Call Center Software 0,93 allows remote attackers to inject arbitrary web script or HTML via the problem_desc parameter, as demonstrated by the ONLOAD attribute of a BODY element.

cpe:/a:common_controls_replacement_project:browsedialog_server

CVE-2007-1162

2007-03-02T16:18:00.000-05:00

2017-10-10T21:31:46.143-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 22645 MISC http://www.securityfocus.com/data/vulnerabilities/exploits/22645.html EXPLOIT-DB 3350 A certain ActiveX control in the Common Controls Replacement Project (CCRP) CCRP BrowseDialog Server (ccrpbds6.dll) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) IsFolderAvailable or (2) RootFolder property value, different vectors than CVE-2007-0371.

cpe:/a:webspell:webspell:4.0 cpe:/a:webspell:webspell:4.01.00 cpe:/a:webspell:webspell:4.01.01 cpe:/a:webspell:webspell:4.01.02

CVE-2007-1163

2007-03-02T16:18:00.000-05:00

2017-10-10T21:31:46.207-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22659 VUPEN ADV-2007-0714 EXPLOIT-DB 3351 SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783.

cpe:/a:dbscripts:dbimagegallery:1.2.2

CVE-2007-1164

2007-03-02T16:18:00.000-05:00

2018-10-16T12:36:59.813-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070302 Remote File Include In DBImageGallery BUGTRAQ 20070305 Re: Remote File Include In DBImageGallery BID 22657 VUPEN ADV-2007-0692 XF dbimagegallery-donsimg-file-include(32612) EXPLOIT-DB 3353 Multiple PHP remote file inclusion vulnerabilities in DBImageGallery 1.2.2 allow remote attackers to execute arbitrary PHP code via a URL in the donsimg_base_path parameter to (1) attributes.php, (2) images.php, or (3) scan.php in admin/; or (4) attributes.php, (5) db_utils.php, (6) images.php, (7) utils.php, or (8) values.php in includes/.

cpe:/a:dbscripts:dbguestbook:1.1

CVE-2007-1165

2007-03-02T16:18:00.000-05:00

2017-10-10T21:31:46.330-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22658 VUPEN ADV-2007-0693 EXPLOIT-DB 3354 Multiple PHP remote file inclusion vulnerabilities in DBGuestbook 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the dbs_base_path parameter to (1) utils.php, (2) guestbook.php, or (3) views.php in includes/.

cpe:/a:nabocorp:nabopoll:1.2

CVE-2007-1166

2007-03-02T16:18:00.000-05:00

2018-10-16T12:37:00.877-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

VIM 20070222 [TRUE] Nabopoll Blind SQL Injection vulnerabilies SREASON 2372 BUGTRAQ 20070221 Nabopoll Blind SQL Injection vulnerabilies BID 22649 EXPLOIT-DB 3355 SQL injection vulnerability in result.php in Nabopoll 1.2 allows remote attackers to execute arbitrary SQL commands via the surv parameter.

cpe:/a:dzcp:dev%21l%27z_clanportal:1.4.5

CVE-2007-1167

2007-03-02T16:18:00.000-05:00

2017-10-10T21:31:46.440-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://www.dzcp.de/inc/tinymce_files/Downloads/dzcp_update/notes_1.4.6.txt BID 22660 VUPEN ADV-2007-0695 EXPLOIT-DB 3357 inc/filebrowser/browser.php in deV!L`z Clanportal (DZCP) 1.4.5 and earlier allows remote attackers to obtain MySQL data via the inc/mysql.php value of the file parameter.

cpe:/a:trend_micro:serverprotect:1.3::linux cpe:/a:trend_micro:serverprotect:1.25_2007-02-16::linux cpe:/a:trend_micro:serverprotect:2.5::linux

CVE-2007-1168

2007-03-02T16:18:00.000-05:00

2011-03-07T21:51:24.953-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

IDEFENSE 20070221 Trend Micro ServerProtect Web Interface Authorization Bypass Vulnerability SECTRACK 1017685 BID 22662 CONFIRM http://www.trendmicro.com/download/product.asp?productid=20 VUPEN ADV-2007-0691 Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 allows remote attackers to access arbitrary web pages and reconfigure the product via HTTP requests with the splx_2376_info cookie to the web interface port (14942/tcp).

cpe:/a:trend_micro:serverprotect:1.25_2007-02-16::linux cpe:/a:trend_micro:serverprotect:1.25_2007-02-16:1.3

CVE-2007-1169

2007-03-02T16:18:00.000-05:00

2008-09-05T17:19:49.940-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2007-03-06T09:35:00.000-05:00

CONFIRM http://www.trendmicro.com/download/product.asp?productid=20 The web interface in Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 accepts logon requests through unencrypted HTTP, which might allow remote attackers to obtain credentials by sniffing the network.

cpe:/a:simbin:gt_legends:1.1.0.0 cpe:/a:simbin:gtr_-_fia_get_racing_game:1.5.0.0 cpe:/a:simbin:gtr_2:1.1 cpe:/a:simbin:race_-_the_wtcc_game:1.0

CVE-2007-1170

2007-03-02T16:18:00.000-05:00

2018-10-16T12:37:01.283-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov MISC http://aluigi.altervista.org/adv/simbinzero-adv.txt SREASON 2369 BUGTRAQ 20070221 Players disconnection in Simbin racing games BID 22651 VUPEN ADV-2007-0696 SimBin GTR - FIA GT Racing Game 1.5.0.0 and earlier, GT Legends 1.1.0.0 and earlier, GTR 2 1.1 and earlier, and RACE - The WTCC Game 1.0 and earlier allow remote attackers to cause a denial of service (client disconnection) via an empty UDP packet to the server port.

cpe:/a:nukescripts:nukesentinel:2.5.11

CVE-2007-1171

2007-03-02T16:18:00.000-05:00

2018-10-16T12:37:01.657-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov SREASON 2344 VIM 20070928 CVE-2007-5125 - dupe CONFIRM http://www.nukescripts.net/index.php?op=NEArticle&sid=4076 BUGTRAQ 20070220 NukeSentinel 2.5.05 (nsbypass.php) Blind SQL Injection Exploit BUGTRAQ 20070925 [waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11 BUGTRAQ 20070928 Re: [waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11 BID 22629 BID 25805 MISC http://www.waraxe.us/advisory-53.html XF nukesentinel-nsbypass-sql-injection(32582) EXPLOIT-DB 3337 SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie.

cpe:/a:nukescripts:nukesentinel:2.5.05

CVE-2007-1172

2007-03-02T16:18:00.000-05:00

2018-10-16T12:37:02.673-04:00

6.4

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov VIM 20070314 SQL injection (x2) in NukeSentinel SREASON 2341 BUGTRAQ 20070220 NukeSentinel 2.5.05 (nukesentinel.php) File Disclosure Exploit EXPLOIT-DB 3338 SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the "File Disclosure Exploit."

cpe:/a:centennial:discovery:2006_featurepack1 cpe:/a:numara:asset_manager:8.0 cpe:/a:symantec:discovery:6.5

CVE-2007-1173

2007-05-16T18:30:00.000-04:00

2017-07-28T21:30:40.047-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

BID 24002 SECTRACK 1018072 VUPEN ADV-2007-1832 VUPEN ADV-2007-1833 VUPEN ADV-2007-1834 XF xferwan-tcp-bo(34313) Multiple buffer overflows in the CentennialIPTransferServer service (XFERWAN.EXE), as used by (1) Centennial Discovery 2006 Feature Pack 1, (2) Numara Asset Manager 8.0, and (3) Symantec Discovery 6.5, allow remote attackers to execute arbitrary code via long strings in a crafted TCP packet.

cpe:/a:web-app.org:webapp:0.9.9.4

CVE-2007-1174

2007-03-02T16:18:00.000-05:00

2017-07-28T21:30:40.093-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 22563 VUPEN ADV-2007-0605 CONFIRM http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=251 XF webapporg-net-profileedit-xss(32506) Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 20070214 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to unspecified fields in user Profiles. NOTE: some of these details are obtained from third party information.

cpe:/a:web-app.org:webapp:0.9.9.4

CVE-2007-1175

2007-03-02T16:18:00.000-05:00

2011-03-07T21:51:25.937-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 22563 VUPEN ADV-2007-0604 CONFIRM http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=249 Cross-site scripting (XSS) vulnerability in an admin feature in WebAPP before 20070209 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

cpe:/a:web-app.org:webapp:0.9.9.4

CVE-2007-1176

2007-03-02T16:18:00.000-05:00

2017-07-28T21:30:40.157-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 22563 VUPEN ADV-2007-0604 CONFIRM http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250 XF webapp-statisticslogviewer-xss(32498) XF webapp-searchresultspages-xss(32499) XF webapp-gallery-feedback-xss(32526) Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 0.9.9.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) Gallery Comments pages, (2) Feedback pages, (3) Search Results pages, and (4) the Statistics Log viewer.

cpe:/a:web-app.org:webapp:0.9.9 cpe:/a:web-app.org:webapp:0.9.9.1 cpe:/a:web-app.org:webapp:0.9.9.2 cpe:/a:web-app.org:webapp:0.9.9.2.1 cpe:/a:web-app.org:webapp:0.9.9.3 cpe:/a:web-app.org:webapp:0.9.9.3.1 cpe:/a:web-app.org:webapp:0.9.9.3.2 cpe:/a:web-app.org:webapp:0.9.9.4

CVE-2007-1177

2007-03-02T16:18:00.000-05:00

2011-03-07T21:51:26.143-05:00

5.8

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 22563 VUPEN ADV-2007-0604 CONFIRM http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250 WebAPP before 0.9.9.5 does not properly filter certain characters in contexts related to (1) the query string, (2) Profiles, (3) the Forum Post icon field, (4) the Edit Profile, and (5) the Gallery, which has unknown impact and remote attack vectors, possibly related to cross-site scripting (XSS).

cpe:/a:web-app.org:webapp:0.9.9.4

CVE-2007-1178

2007-03-02T16:18:00.000-05:00

2011-03-07T21:51:26.267-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov BID 22563 VUPEN ADV-2007-0604 CONFIRM http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250 WebAPP before 0.9.9.5 does not check access in certain contexts related to (1) Calendar Administration, (2) Instant Messages Administration, and (3) the Image Uploader, which has unknown impact and attack vectors.

cpe:/a:web-app.org:webapp:0.9.9.4

CVE-2007-1179

2007-03-02T16:18:00.000-05:00

2011-03-07T21:51:26.347-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 22563 VUPEN ADV-2007-0604 CONFIRM http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250 WebAPP before 0.9.9.5 does not properly manage e-mail addresses in certain contexts related to (1) the Recommend feature, Email Article (2) senders and (3) recipients, (4) New User Approval, (5) Edit Profiles, (6) the Newsletter Subscription form, (7) the Recommend form, and (8) sending of articles, which has unknown impact, and remote attack vectors related to spam attacks and possibly other attacks.

cpe:/a:web-app.org:webapp:0.9.9.4

CVE-2007-1180

2007-03-02T16:18:00.000-05:00

2011-03-07T21:51:26.437-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 22563 VUPEN ADV-2007-0604 CONFIRM http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250 WebAPP before 0.9.9.5 does not check referrers in certain forms, which might facilitate remote cross-site request forgery (CSRF) attacks or have other unknown impact.

CVE-2007-1181

2007-03-02T16:18:00.000-05:00

2011-03-07T21:51:26.547-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 22563 VUPEN ADV-2007-0604 CONFIRM http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250 WebAPP before 0.9.9.5 passes (1) Unused Informations and (2) the username through Edit Profile forms, which has unknown impact and attack vectors.

CVE-2007-1182

2007-03-02T16:18:00.000-05:00

2011-03-07T21:51:26.657-05:00

6.4

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 22563 VUPEN ADV-2007-0604 CONFIRM http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250 WebAPP before 0.9.9.5 allows remote Guest users to edit a Guest profile, which has unknown impact.

cpe:/a:web-app.org:webapp:0.9.9.4

CVE-2007-1183

2007-03-02T16:18:00.000-05:00

2011-03-07T21:51:26.750-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov BID 22563 VUPEN ADV-2007-0604 CONFIRM http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250 WebAPP before 0.9.9.5 allows remote authenticated users to spoof another user's Real Name via whitespace, which has unknown impact and attack vectors.

CVE-2007-1184

2007-03-02T16:18:00.000-05:00

2011-03-07T21:51:26.847-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 22563 VUPEN ADV-2007-0604 CONFIRM http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250 The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA setting of "no," which makes it easier for automated programs to submit false data.

CVE-2007-1185

2007-03-02T16:18:00.000-05:00

2011-03-07T21:51:26.937-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 22563 VUPEN ADV-2007-0604 CONFIRM http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250 The (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval forms in WebAPP before 0.9.9.5 use hidden inputs, which has unknown impact and remote attack vectors.

CVE-2007-1186

2007-03-02T16:18:00.000-05:00

2011-03-07T21:51:27.033-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 22563 VUPEN ADV-2007-0604 CONFIRM http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250 WebAPP before 0.9.9.5 does not "censor" the Latest Member real name, which has unknown impact.

CVE-2007-1187

2007-03-02T16:18:00.000-05:00

2011-03-07T21:51:27.127-05:00

5.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

NONE

http://nvd.nist.gov BID 22563 VUPEN ADV-2007-0604 CONFIRM http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250 WebAPP before 0.9.9.5 allows remote authenticated users, without admin privileges, to obtain sensitive information via (1) the Forum Archive feature and (2) Recent Searches.

CVE-2007-1188

2007-03-02T16:18:00.000-05:00

2011-03-07T21:51:27.187-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov BID 22563 VUPEN ADV-2007-0604 CONFIRM http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250 WebAPP before 0.9.9.5 allows remote attackers to submit Search form input that is not checked for (1) composition or (2) length, which has unknown impact, possibly related to "search form hijacking".

cpe:/o:bell_labs:plan_9

CVE-2007-1189

2007-03-02T16:18:00.000-05:00

2017-10-10T21:31:46.610-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

MISC http://kernelspace.us/itheft.c MLIST [dailydave] 20070227 Wow, free kernel zero day? BID 22749 EXPLOIT-DB 3383 Integer overflow in the envwrite function in the Alcatel-Lucent Bell Labs Plan 9 kernel allows local users to overwrite certain memory addresses with kernel memory via a large n argument, as demonstrated by (1) modifying the iseve function to gain privileges and (2) making the devpermcheck function grant unrestricted device permissions.

cpe:/a:bsalsa:embeddedwb_web_browser

CVE-2007-1190

2007-03-02T16:18:00.000-05:00

2008-11-15T01:43:42.127-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22755 Unspecified vulnerability in the EmbeddedWB Web Browser ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:quicksilver:del.icio.us_module:8f

CVE-2007-1191

2007-03-02T16:18:00.000-05:00

2017-07-28T21:30:40.220-04:00

2.1

LOCAL

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov FULLDISC 20070228 Quicksilver Social Bookmark plugin v.8F: password in clear text SREASON 2368 BID 22752 XF socialbookmarks-password-plaintext(32721) The Social Bookmarks (del.icio.us) plug-in 8F in Quicksilver writes usernames and passwords in plaintext to the /Library/Logs/Console/UID/Console.log file, which allows local users to obtain sensitive information by reading this file.

cpe:/a:hyperbook:guestbook:1.30

CVE-2007-1192

2007-03-02T16:18:00.000-05:00

2008-11-15T01:43:42.547-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov MISC http://downloads.securityfocus.com/vulnerabilities/exploits/22754.py BID 22754 Thomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an admin password hash via a direct request for data/gbconfiguration.dat.

cpe:/a:orangehrm:orangehrm:2.1:alpha_4

CVE-2007-1193

2007-03-02T16:18:00.000-05:00

2011-03-07T21:51:29.847-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://sourceforge.net/tracker/index.php?func=detail&aid=1656000&group_id=156477&atid=799942 BID 22756 VUPEN ADV-2007-0781 Multiple unspecified vulnerabilities in the Login page in OrangeHRM before 20070212 have unknown impact and attack vectors.

cpe:/a:norman:norman_sandbox_analyzer

CVE-2007-1194

2007-03-02T16:18:00.000-05:00

2018-10-16T12:37:03.047-04:00

2.1

LOCAL

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov MISC http://www.ntsecurity.nu/onmymind/2007/2007-02-27.html BUGTRAQ 20070228 Evading the Norman SandBox Analyzer BUGTRAQ 20070302 Re: Evading the Norman SandBox Analyzer BUGTRAQ 20070303 Re: Evading the Norman SandBox Analyzer Norman SandBox Analyzer does not use the proper range for Interrupt Descriptor Table (IDT) entries, which allows local users to determine that the local machine is an emulator, or a similar environment not based on a physical Intel processor, which allows attackers to produce malware that is more difficult to analyze.

cpe:/a:dxmsoft:xm_easy_personal_ftp_server:5.0.1 cpe:/a:dxmsoft:xm_easy_personal_ftp_server:5.2.1 cpe:/a:dxmsoft:xm_easy_personal_ftp_server:5.3

CVE-2007-1195

2007-03-02T16:18:00.000-05:00

2017-10-10T21:31:46.657-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://downloads.securityfocus.com/vulnerabilities/exploits/22747.pl BID 22747 VUPEN ADV-2007-0786 EXPLOIT-DB 3385 Multiple buffer overflows in XM Easy Personal FTP Server 5.3.0 allow remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might overlap CVE-2006-2225, CVE-2006-2226, or CVE-2006-5728.

cpe:/a:citrix:presentation_server_client:9.200::windows

CVE-2007-1196

2007-03-02T16:18:00.000-05:00

2017-07-28T21:30:40.283-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://support.citrix.com/article/CTX112589 CERT-VN VU#798364 BID 22762 SECTRACK 1017712 VUPEN ADV-2007-0784 XF citrix-ica-code-execution(32754) Unspecified vulnerability in Citrix Presentation Server Client for Windows before 10.0 allows remote web sites to execute arbitrary code via unspecified vectors, related to the implementation of ICA connectivity through proxy servers.

cpe:/a:epiware:epiware:4.6.6 cpe:/a:epiware:epiware:4.7

CVE-2007-1197

2007-03-02T16:18:00.000-05:00

2008-11-15T01:43:44.187-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://sourceforge.net/forum/forum.php?forum_id=669653 Multiple unspecified vulnerabilities in Epiware before 4.7.5 have unknown impact and attack vectors, possibly related to cross-site scripting (XSS) and other unspecified issues.

cpe:/a:taskfreak:taskfreak:0.5.0 cpe:/a:taskfreak:taskfreak:0.5.1 cpe:/a:taskfreak:taskfreak:0.5.2 cpe:/a:taskfreak:taskfreak:0.5.3 cpe:/a:taskfreak:taskfreak:0.5.4 cpe:/a:taskfreak:taskfreak:0.5.5 cpe:/a:taskfreak:taskfreak:0.5.6

CVE-2007-1198

2007-03-02T16:18:00.000-05:00

2008-11-15T01:43:44.360-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://www.taskfreak.com/versions.html Cross-site scripting (XSS) vulnerability in TaskFreak! before 0.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a variant of CVE-2007-0982.

cpe:/a:adobe:acrobat_reader:4.0 cpe:/a:adobe:acrobat_reader:4.0.5 cpe:/a:adobe:acrobat_reader:4.5 cpe:/a:adobe:acrobat_reader:5.0 cpe:/a:adobe:acrobat_reader:5.0.5 cpe:/a:adobe:acrobat_reader:5.0.6 cpe:/a:adobe:acrobat_reader:5.0.7 cpe:/a:adobe:acrobat_reader:5.0.9 cpe:/a:adobe:acrobat_reader:5.0.10 cpe:/a:adobe:acrobat_reader:5.1 cpe:/a:adobe:acrobat_reader:6.0 cpe:/a:adobe:acrobat_reader:6.0.1 cpe:/a:adobe:acrobat_reader:6.0.2 cpe:/a:adobe:acrobat_reader:6.0.3 cpe:/a:adobe:acrobat_reader:6.0.4 cpe:/a:adobe:acrobat_reader:7.0 cpe:/a:adobe:acrobat_reader:7.0.1 cpe:/a:adobe:acrobat_reader:7.0.2 cpe:/a:adobe:acrobat_reader:7.0.3 cpe:/a:adobe:acrobat_reader:7.0.4 cpe:/a:adobe:acrobat_reader:7.0.5 cpe:/a:adobe:acrobat_reader:7.0.6 cpe:/a:adobe:acrobat_reader:7.0.7 cpe:/a:adobe:acrobat_reader:7.0.8 cpe:/a:adobe:acrobat_reader:7.0.9 cpe:/a:adobe:acrobat_reader:8.0

CVE-2007-1199

2007-03-02T16:18:00.000-05:00

2017-07-28T21:30:40.360-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov GENTOO GLSA-200803-01 MISC http://www.gnucitizen.org/projects/pdf-strikes-back/ BID 22753 XF adobe-pdf-file-information-disclosure(32815) Adobe Reader and Acrobat Trial allow remote attackers to read arbitrary files via a file:// URI in a PDF document, as demonstrated with <</URI(file:///C:/)/S/URI>>, a different issue than CVE-2007-0045.

cpe:/a:microsoft:biztalk_server:2000 cpe:/a:microsoft:biztalk_server:2002 cpe:/a:microsoft:commerce_server:2000 cpe:/a:microsoft:internet_security_and_acceleration_server:2000:sp2 cpe:/a:microsoft:office:2000:sp3 cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:visual_studio_.net:2002:sp1 cpe:/a:microsoft:visual_studio_.net:2003:sp1

CVE-2007-1201

2008-03-11T19:44:00.000-04:00

2018-10-12T17:43:04.157-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov HP SSRT080028 BID 28136 SECTRACK 1019581 CERT TA08-071A VUPEN ADV-2008-0849 MS MS08-017 Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."

cpe:/a:microsoft:word:2000:sp3 cpe:/a:microsoft:word:2002:sp3 cpe:/a:microsoft:word:2003:sp2 cpe:/a:microsoft:word:2004::mac cpe:/a:microsoft:word_viewer:2003 cpe:/a:microsoft:works:2004 cpe:/a:microsoft:works:2005 cpe:/a:microsoft:works:2006

CVE-2007-1202

2007-05-08T19:19:00.000-04:00

2018-10-16T12:37:03.487-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

IDEFENSE 20070508 Microsoft Word RTF File Parsing Heap Corruption Vulnerability CERT-VN VU#555489 HP HPSBST02214 BID 23836 SECTRACK 1018013 CERT TA07-128A VUPEN ADV-2007-1709 MS MS07-024 Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability."

cpe:/a:microsoft:excel:2000:sp3 cpe:/a:microsoft:excel:2002:sp3 cpe:/a:microsoft:excel:2003:sp2 cpe:/a:microsoft:excel:2004::mac cpe:/a:microsoft:excel:2007 cpe:/a:microsoft:excel_viewer:2003

CVE-2007-1203

2007-05-08T18:19:00.000-04:00

2018-10-16T12:37:04.220-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

HP HPSBST02214 BID 23779 SECTRACK 1018012 CERT TA07-128A VUPEN ADV-2007-1708 MS MS07-023 XF excel-placeholder-code-execution(33914) Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption.

cpe:/o:microsoft:windows_xp::sp2

CVE-2007-1204

2007-04-10T17:19:00.000-04:00

2018-10-16T12:37:04.987-04:00

6.8

ADJACENT_NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

IDEFENSE 20070410 Microsoft Windows Universal Plug and Play Memory Corruption Vulnerability HP HPSBST02208 BID 23371 SECTRACK 1017895 VUPEN ADV-2007-1323 MS MS07-019 Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in Microsoft Windows XP SP2 allows remote attackers on the same subnet to execute arbitrary code via crafted HTTP headers in request or notification messages, which trigger memory corruption.

cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_2003_server:gold cpe:/o:microsoft:windows_2003_server:gold::itanium cpe:/o:microsoft:windows_2003_server:sp1 cpe:/o:microsoft:windows_2003_server:sp1::itanium cpe:/o:microsoft:windows_2003_server:sp1::x64 cpe:/o:microsoft:windows_2003_server:sp2 cpe:/o:microsoft:windows_2003_server:sp2::itanium cpe:/o:microsoft:windows_2003_server:sp2::x64 cpe:/o:microsoft:windows_xp::gold:professional_x64 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_xp::sp2:professional_x64

CVE-2007-1205

2007-04-10T17:19:00.000-04:00

2018-10-16T12:37:05.627-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CERT-VN VU#728057 BUGTRAQ 20070410 Secunia Research: Microsoft Agent URL Parsing Memory CorruptionVulnerability HP HPSBST02208 BID 23337 SECTRACK 1017896 CERT TA07-100A VUPEN ADV-2007-1324 MS MS07-020 Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.

cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_2003_server:gold cpe:/o:microsoft:windows_2003_server:sp1 cpe:/o:microsoft:windows_2003_server:sp2 cpe:/o:microsoft:windows_xp::sp2

CVE-2007-1206

2007-04-10T17:19:00.000-04:00

2018-10-16T12:37:06.470-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

MISC http://research.eeye.com/html/advisories/published/AD20070410a.html SECTRACK 1017898 CERT-VN VU#337953 BUGTRAQ 20070410 EEYE: Windows VDM Zero Page Race Condition Privilege Escalation HP HPSBST02208 BID 23367 CERT TA07-100A VUPEN ADV-2007-1326 MS MS07-022 The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1, and 2003 SP2; and Windows Vista before June 2006; uses insecure permissions (PAGE_READWRITE) for a physical memory view, which allows local users to gain privileges by modifying the "zero page" during a race condition before the view is unmapped.

CVE-2007-1207

2017-05-11T10:29:05.777-04:00

2017-05-11T10:29:05.793-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none.

CVE-2007-1208

2017-05-11T10:29:05.807-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none.

cpe:/o:microsoft:windows_vista

CVE-2007-1209

2007-04-10T17:19:00.000-04:00

2018-10-16T12:37:07.423-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

MISC http://research.eeye.com/html/advisories/published/AD20070410b.html SREASON 2531 CERT-VN VU#219848 BUGTRAQ 20070410 EEYE: Windows Vista CSRSS Dangling Process Pointer Privilege Escalation HP HPSBST02208 BID 23338 SECTRACK 1017897 CERT TA07-100A VUPEN ADV-2007-1325 MS MS07-021 Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure.

CVE-2007-1210

2017-05-11T10:29:05.840-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none.

cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_2003_server:gold cpe:/o:microsoft:windows_2003_server:gold::itanium cpe:/o:microsoft:windows_2003_server:gold::x64 cpe:/o:microsoft:windows_2003_server:sp1 cpe:/o:microsoft:windows_2003_server:sp1::itanium cpe:/o:microsoft:windows_2003_server:sp2 cpe:/o:microsoft:windows_2003_server:sp2::itanium cpe:/o:microsoft:windows_2003_server:sp2::x64 cpe:/o:microsoft:windows_xp::gold:professional_x64 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_xp::sp2:professional_x64

CVE-2007-1211

2007-04-04T12:19:00.000-04:00

2018-10-16T12:37:08.487-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov IDEFENSE 20070403 Microsoft Windows WMF Triggerable Kernel Design Error DoS Vulnerability HP HPSBST02206 BID 23275 SECTRACK 1017843 VUPEN ADV-2007-1215 MS MS07-017 XF win-wmf-dos(33258) Unspecified kernel GDI functions in Microsoft Windows 2000 SP4; XP SP2; and Server 2003 Gold, SP1, and SP2 allows user-assisted remote attackers to cause a denial of service (possibly persistent restart) via a crafted Windows Metafile (WMF) image that causes an invalid dereference of an offset in a kernel structure, a related issue to CVE-2005-4560.

CVE-2007-1212

2007-04-04T12:19:00.000-04:00

2018-10-16T12:37:09.157-04:00

6.6

LOCAL

MEDIUM

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

HP HPSBST02206 BID 23278 SECTRACK 1017844 VUPEN ADV-2007-1215 MS MS07-017 Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via a crafted Enhanced Metafile (EMF) image format file.

cpe:/o:microsoft:windows_2000::sp4

CVE-2007-1213

2007-04-04T12:19:00.000-04:00

2018-10-16T12:37:09.673-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

HP HPSBST02206 BID 23276 SECTRACK 1017845 VUPEN ADV-2007-1215 MS MS07-017 The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer.

cpe:/a:microsoft:excel:2000:sp3 cpe:/a:microsoft:excel:2002:sp3 cpe:/a:microsoft:excel:2003:sp2 cpe:/a:microsoft:excel:2004::mac cpe:/a:microsoft:excel_viewer:2003

CVE-2007-1214

2007-05-08T18:19:00.000-04:00

2018-10-16T12:37:10.127-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov IDEFENSE 20070508 Microsoft Excel Filter Record Code Execution Vulnerability CERT-VN VU#253825 HP HPSBST02214 BID 23780 SECTRACK 1018012 CERT TA07-128A VUPEN ADV-2007-1708 MS MS07-023 XF excel-autofilter-code-execution(33915) Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption.

CVE-2007-1215

2007-04-04T12:19:00.000-04:00

2018-10-16T12:37:11.033-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

HP HPSBST02206 BID 23273 SECTRACK 1017847 VUPEN ADV-2007-1215 MS MS07-017 Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via certain "color-related parameters" in crafted images.

cpe:/a:mit:kerberos:5-1.6

CVE-2007-1216

2007-04-05T21:19:00.000-04:00

2018-10-16T12:37:11.533-04:00

8.5

NETWORK

MEDIUM

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SGI 20070401-01-P CONFIRM http://docs.info.apple.com/article.html?artnum=305391 HP HPSBUX02217 APPLE APPLE-SA-2007-04-19 SUSE SUSE-SA:2007:025 GENTOO GLSA-200704-02 CONFIRM http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-003.txt DEBIAN DSA-1276 CERT-VN VU#419344 MANDRIVA MDKSA-2007:077 REDHAT RHSA-2007:0095 BUGTRAQ 20070403 MITKRB5-SA-2007-003: double-free vulnerability in kadmind (via GSS-API library) [CVE-2007-1216] BUGTRAQ 20070404 rPSA-2007-0063-1 krb5 krb5-server krb5-services krb5-test krb5-workstation BUGTRAQ 20070405 FLEA-2007-0008-1: krb5 BID 23282 SECTRACK 1017852 UBUNTU USN-449-1 CERT TA07-093B CERT TA07-109A VUPEN ADV-2007-1218 VUPEN ADV-2007-1470 VUPEN ADV-2007-1916 XF kerberos-kadmind-code-execution(33413) Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an "an invalid direction encoding".

cpe:/o:linux:linux_kernel:2.6.9 cpe:/o:linux:linux_kernel:2.6.10 cpe:/o:linux:linux_kernel:2.6.10:rc1 cpe:/o:linux:linux_kernel:2.6.10:rc2 cpe:/o:linux:linux_kernel:2.6.10:rc3 cpe:/o:linux:linux_kernel:2.6.11 cpe:/o:linux:linux_kernel:2.6.11::x86_64 cpe:/o:linux:linux_kernel:2.6.11:rc1 cpe:/o:linux:linux_kernel:2.6.11:rc2 cpe:/o:linux:linux_kernel:2.6.11:rc3 cpe:/o:linux:linux_kernel:2.6.11:rc4 cpe:/o:linux:linux_kernel:2.6.11:rc5 cpe:/o:linux:linux_kernel:2.6.11.1 cpe:/o:linux:linux_kernel:2.6.11.2 cpe:/o:linux:linux_kernel:2.6.11.3 cpe:/o:linux:linux_kernel:2.6.11.4 cpe:/o:linux:linux_kernel:2.6.11.5 cpe:/o:linux:linux_kernel:2.6.11.6 cpe:/o:linux:linux_kernel:2.6.11.7 cpe:/o:linux:linux_kernel:2.6.11.8 cpe:/o:linux:linux_kernel:2.6.11.9 cpe:/o:linux:linux_kernel:2.6.11.10 cpe:/o:linux:linux_kernel:2.6.11.11 cpe:/o:linux:linux_kernel:2.6.11.12 cpe:/o:linux:linux_kernel:2.6.11_rc1_bk6 cpe:/o:linux:linux_kernel:2.6.12 cpe:/o:linux:linux_kernel:2.6.12:rc1 cpe:/o:linux:linux_kernel:2.6.12:rc2 cpe:/o:linux:linux_kernel:2.6.12:rc3 cpe:/o:linux:linux_kernel:2.6.12:rc4 cpe:/o:linux:linux_kernel:2.6.12:rc5 cpe:/o:linux:linux_kernel:2.6.12:rc6 cpe:/o:linux:linux_kernel:2.6.12.1 cpe:/o:linux:linux_kernel:2.6.12.2 cpe:/o:linux:linux_kernel:2.6.12.3 cpe:/o:linux:linux_kernel:2.6.12.4 cpe:/o:linux:linux_kernel:2.6.12.5 cpe:/o:linux:linux_kernel:2.6.12.6 cpe:/o:linux:linux_kernel:2.6.12.12 cpe:/o:linux:linux_kernel:2.6.12.22 cpe:/o:linux:linux_kernel:2.6.13 cpe:/o:linux:linux_kernel:2.6.13:rc1 cpe:/o:linux:linux_kernel:2.6.13:rc2 cpe:/o:linux:linux_kernel:2.6.13:rc3 cpe:/o:linux:linux_kernel:2.6.13:rc4 cpe:/o:linux:linux_kernel:2.6.13:rc5 cpe:/o:linux:linux_kernel:2.6.13:rc6 cpe:/o:linux:linux_kernel:2.6.13:rc7 cpe:/o:linux:linux_kernel:2.6.13.1 cpe:/o:linux:linux_kernel:2.6.13.2 cpe:/o:linux:linux_kernel:2.6.13.3 cpe:/o:linux:linux_kernel:2.6.13.4 cpe:/o:linux:linux_kernel:2.6.13.5 cpe:/o:linux:linux_kernel:2.6.14 cpe:/o:linux:linux_kernel:2.6.14:rc1 cpe:/o:linux:linux_kernel:2.6.14:rc2 cpe:/o:linux:linux_kernel:2.6.14:rc3 cpe:/o:linux:linux_kernel:2.6.14:rc4 cpe:/o:linux:linux_kernel:2.6.14:rc5 cpe:/o:linux:linux_kernel:2.6.14.1 cpe:/o:linux:linux_kernel:2.6.14.2 cpe:/o:linux:linux_kernel:2.6.14.3 cpe:/o:linux:linux_kernel:2.6.14.4 cpe:/o:linux:linux_kernel:2.6.14.5 cpe:/o:linux:linux_kernel:2.6.14.6 cpe:/o:linux:linux_kernel:2.6.14.7 cpe:/o:linux:linux_kernel:2.6.15 cpe:/o:linux:linux_kernel:2.6.15:rc1 cpe:/o:linux:linux_kernel:2.6.15:rc2 cpe:/o:linux:linux_kernel:2.6.15:rc3 cpe:/o:linux:linux_kernel:2.6.15:rc4 cpe:/o:linux:linux_kernel:2.6.15:rc5 cpe:/o:linux:linux_kernel:2.6.15:rc6 cpe:/o:linux:linux_kernel:2.6.15:rc7 cpe:/o:linux:linux_kernel:2.6.15.1 cpe:/o:linux:linux_kernel:2.6.15.2 cpe:/o:linux:linux_kernel:2.6.15.3 cpe:/o:linux:linux_kernel:2.6.15.4 cpe:/o:linux:linux_kernel:2.6.15.5 cpe:/o:linux:linux_kernel:2.6.15.6 cpe:/o:linux:linux_kernel:2.6.15.7 cpe:/o:linux:linux_kernel:2.6.15.11 cpe:/o:linux:linux_kernel:2.6.16 cpe:/o:linux:linux_kernel:2.6.16:rc1 cpe:/o:linux:linux_kernel:2.6.16:rc2 cpe:/o:linux:linux_kernel:2.6.16:rc3 cpe:/o:linux:linux_kernel:2.6.16:rc4 cpe:/o:linux:linux_kernel:2.6.16:rc5 cpe:/o:linux:linux_kernel:2.6.16:rc6 cpe:/o:linux:linux_kernel:2.6.16.1 cpe:/o:linux:linux_kernel:2.6.16.2 cpe:/o:linux:linux_kernel:2.6.16.3 cpe:/o:linux:linux_kernel:2.6.16.4 cpe:/o:linux:linux_kernel:2.6.16.5 cpe:/o:linux:linux_kernel:2.6.16.6 cpe:/o:linux:linux_kernel:2.6.16.7 cpe:/o:linux:linux_kernel:2.6.16.8 cpe:/o:linux:linux_kernel:2.6.16.9 cpe:/o:linux:linux_kernel:2.6.16.10 cpe:/o:linux:linux_kernel:2.6.16.11 cpe:/o:linux:linux_kernel:2.6.16.12 cpe:/o:linux:linux_kernel:2.6.16.13 cpe:/o:linux:linux_kernel:2.6.16.14 cpe:/o:linux:linux_kernel:2.6.16.15 cpe:/o:linux:linux_kernel:2.6.16.16 cpe:/o:linux:linux_kernel:2.6.16.17 cpe:/o:linux:linux_kernel:2.6.16.18 cpe:/o:linux:linux_kernel:2.6.16.19 cpe:/o:linux:linux_kernel:2.6.16.20 cpe:/o:linux:linux_kernel:2.6.16.21 cpe:/o:linux:linux_kernel:2.6.16.22 cpe:/o:linux:linux_kernel:2.6.16.23 cpe:/o:linux:linux_kernel:2.6.16.24 cpe:/o:linux:linux_kernel:2.6.16.25 cpe:/o:linux:linux_kernel:2.6.16.26 cpe:/o:linux:linux_kernel:2.6.16.27 cpe:/o:linux:linux_kernel:2.6.16.28 cpe:/o:linux:linux_kernel:2.6.16.29 cpe:/o:linux:linux_kernel:2.6.16.30 cpe:/o:linux:linux_kernel:2.6.16.31 cpe:/o:linux:linux_kernel:2.6.16.32 cpe:/o:linux:linux_kernel:2.6.16.33 cpe:/o:linux:linux_kernel:2.6.16.34 cpe:/o:linux:linux_kernel:2.6.16.35 cpe:/o:linux:linux_kernel:2.6.16.36 cpe:/o:linux:linux_kernel:2.6.16.37 cpe:/o:linux:linux_kernel:2.6.16.38 cpe:/o:linux:linux_kernel:2.6.16.39 cpe:/o:linux:linux_kernel:2.6.16.40 cpe:/o:linux:linux_kernel:2.6.16.41 cpe:/o:linux:linux_kernel:2.6.16_rc7 cpe:/o:linux:linux_kernel:2.6.17 cpe:/o:linux:linux_kernel:2.6.17:rc1 cpe:/o:linux:linux_kernel:2.6.17:rc2 cpe:/o:linux:linux_kernel:2.6.17:rc3 cpe:/o:linux:linux_kernel:2.6.17:rc4 cpe:/o:linux:linux_kernel:2.6.17:rc5 cpe:/o:linux:linux_kernel:2.6.17:rc6 cpe:/o:linux:linux_kernel:2.6.17.1 cpe:/o:linux:linux_kernel:2.6.17.2 cpe:/o:linux:linux_kernel:2.6.17.3 cpe:/o:linux:linux_kernel:2.6.17.4 cpe:/o:linux:linux_kernel:2.6.17.5 cpe:/o:linux:linux_kernel:2.6.17.6 cpe:/o:linux:linux_kernel:2.6.17.7 cpe:/o:linux:linux_kernel:2.6.17.8 cpe:/o:linux:linux_kernel:2.6.17.9 cpe:/o:linux:linux_kernel:2.6.17.10 cpe:/o:linux:linux_kernel:2.6.17.11 cpe:/o:linux:linux_kernel:2.6.17.12 cpe:/o:linux:linux_kernel:2.6.17.13 cpe:/o:linux:linux_kernel:2.6.17.14 cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:2.6.18:rc1 cpe:/o:linux:linux_kernel:2.6.18:rc2 cpe:/o:linux:linux_kernel:2.6.18:rc3 cpe:/o:linux:linux_kernel:2.6.18:rc4 cpe:/o:linux:linux_kernel:2.6.18:rc5 cpe:/o:linux:linux_kernel:2.6.18:rc6 cpe:/o:linux:linux_kernel:2.6.18:rc7 cpe:/o:linux:linux_kernel:2.6.18.1 cpe:/o:linux:linux_kernel:2.6.18.2 cpe:/o:linux:linux_kernel:2.6.18.3 cpe:/o:linux:linux_kernel:2.6.18.4 cpe:/o:linux:linux_kernel:2.6.18.5 cpe:/o:linux:linux_kernel:2.6.18.6 cpe:/o:linux:linux_kernel:2.6.19 cpe:/o:linux:linux_kernel:2.6.19:rc1 cpe:/o:linux:linux_kernel:2.6.19:rc2 cpe:/o:linux:linux_kernel:2.6.19:rc3 cpe:/o:linux:linux_kernel:2.6.19:rc4 cpe:/o:linux:linux_kernel:2.6.19.1 cpe:/o:linux:linux_kernel:2.6.19.2 cpe:/o:linux:linux_kernel:2.6.19.3 cpe:/o:linux:linux_kernel:2.6.20

CVE-2007-1217

2007-03-02T16:18:00.000-05:00

2018-10-30T12:25:10.013-04:00

6.9

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=408530 CONFIRM http://bugzilla.kernel.org/show_bug.cgi?id=8028 GENTOO GLSA-200704-23 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-404.htm MANDRIVA MDKSA-2007:078 REDHAT RHSA-2007:0671 REDHAT RHSA-2007:0672 REDHAT RHSA-2007:0673 REDHAT RHSA-2007:0705 REDHAT RHSA-2007:0774 BID 23333 SECTRACK 1018539 Buffer overflow in the bufprint function in capiutil.c in libcapi, as used in Linux kernel 2.6.9 to 2.6.20 and isdn4k-utils, allows local users to cause a denial of service (crash) and possibly gain privileges via a crafted CAPI packet.

cpe:/a:tcpdump:tcpdump:3.9.5

CVE-2007-1218

2007-03-02T16:18:00.000-05:00

2017-10-10T21:31:47.720-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

CONFIRM http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-802_11.c MISC http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-802_11.c?r1=1.31.2.11&r2=1.31.2.12 CONFIRM http://docs.info.apple.com/article.html?artnum=307179 FEDORA FEDORA-2007-347 FEDORA FEDORA-2007-348 APPLE APPLE-SA-2007-12-17 FULLDISC 20070301 tcpdump: off-by-one heap overflow in 802.11 printer DEBIAN DSA-1272 MANDRIVA MDKSA-2007:056 MANDRIVA MDKSA-2007:155 REDHAT RHSA-2007:0368 REDHAT RHSA-2007:0387 BID 22772 SECTRACK 1017717 TURBO TLSA-2007-46 UBUNTU USN-429-1 CERT TA07-352A VUPEN ADV-2007-0793 VUPEN ADV-2007-4238 MISC https://bugs.gentoo.org/show_bug.cgi?id=168916 XF tcpdump-print80211c-bo(32749) CONFIRM https://issues.rpath.com/browse/RPL-1100 Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. NOTE: this was originally referred to as heap-based, but it might be stack-based.

cpe:/a:admin_phorum:admin_phorum:3.3.1a

CVE-2007-1219

2007-03-02T17:19:00.000-05:00

2017-10-10T21:31:47.783-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22739 VUPEN ADV-2007-0778 XF admin-phorum-del-file-include(32719) EXPLOIT-DB 3382 PHP remote file inclusion vulnerability in actions/del.php in Admin Phorum 3.3.1a allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.

cpe:/h:microsoft:xbox_360:4532 cpe:/h:microsoft:xbox_360:4548

CVE-2007-1220

2007-03-02T17:19:00.000-05:00

2018-10-16T12:37:17.640-04:00

6.2

LOCAL

HIGH

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SREASON 2367 BUGTRAQ 20070227 Xbox 360 Hypervisor Privilege Escalation Vulnerability BID 22745 The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not properly verify the parameters passed to the syscall dispatcher, which allows attackers with physical access to bypass code-signing requirements and execute arbitrary code.

cpe:/h:microsoft:xbox_360:4532 cpe:/h:microsoft:xbox_360:4548

CVE-2007-1221

2007-03-02T17:19:00.000-05:00

2018-10-16T12:37:18.657-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SREASON 2367 BUGTRAQ 20070227 Xbox 360 Hypervisor Privilege Escalation Vulnerability BUGTRAQ 20070327 Re: RE: Xbox 360 Hypervisor Privilege Escalation Vulnerability BID 22745 The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows attackers with physical access to force execution of the hypervisor syscall with a certain register set, which bypasses intended code protection.

cpe:/a:parallels:parallels_desktop

CVE-2007-1222

2007-03-02T17:19:00.000-05:00

2008-11-15T01:43:49.187-05:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

MLIST [dailydave] 20070216 Minor Virtualization Vulnerability Parallels Desktop for Mac before 20070216 implements Drag and Drop by sharing the entire host filesystem as the .psf share, which allows local users of the guest operating system to write arbitrary files to the host filesystem, and execute arbitrary code via launchd by writing a plist file to a LaunchAgents directory.

cpe:/a:hitachi:osas%2fft%2fw:01-00 cpe:/a:hitachi:osas%2fft%2fw:01-01 cpe:/a:hitachi:osas%2fft%2fw:01-02 cpe:/a:hitachi:osas%2fft%2fw:01-03 cpe:/a:hitachi:osas%2fft%2fw:01-04 cpe:/a:hitachi:osas%2fft%2fw:01-05 cpe:/a:hitachi:osas%2fft%2fw:01-06 cpe:/a:hitachi:osas%2fft%2fw:01-07 cpe:/a:hitachi:osas%2fft%2fw:01-08 cpe:/a:hitachi:osas%2fft%2fw:01-09 cpe:/a:hitachi:osas%2fft%2fw:01-10 cpe:/a:hitachi:osas%2fft%2fw:01-10-%2fa

CVE-2007-1223

2007-03-02T17:19:00.000-05:00

2017-07-28T21:30:40.843-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://www.hitachi-support.com/security_e/vuls_e/HS07-004_e/index-e.html XF osas-unspecified-dos(32696) Unspecified vulnerability in Hitachi OSAS/FT/W before 20070223 allows attackers to cause a denial of service (responder control processing halt) by sending "data unexpectedly through the port".

cpe:/a:grok_developments:netproxy:4.03

CVE-2007-1224

2007-03-02T17:19:00.000-05:00

2017-10-10T21:31:47.847-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 22741 VUPEN ADV-2007-0779 XF netproxy-url-filtering-bypass(32697) EXPLOIT-DB 3381 Grok Developments NetProxy 4.03 allows remote attackers to bypass URL filtering via a request that omits "http://" from the URL and specifies the destination port (:80).

cpe:/a:grok_developments:netproxy:4.03

CVE-2007-1225

2007-03-02T17:19:00.000-05:00

2017-10-10T21:31:47.907-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

BID 22741 VUPEN ADV-2007-0779 XF netproxy-url-filtering-bypass(32697) EXPLOIT-DB 3381 The connection log file implementation in Grok Developments NetProxy 4.03 does not record requests that omit http:// in a URL, which might allow remote attackers to conduct unauthorized activities and avoid detection.

cpe:/a:mcafee:virex:7.7::macintosh

CVE-2007-1226

2007-03-02T17:19:00.000-05:00

2018-10-16T12:37:20.000-04:00

4.1

LOCAL

MEDIUM

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2342 BUGTRAQ 20070227 [NETRAGARD-20070220 SECURITY ADVISORY] [McAfee VirusScan for Mac (Virex) Local root exploit and Scan Bypass] BID 22744 SECTRACK 1017707 VUPEN ADV-2007-0777 CONFIRM https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=518722&sliceId=SAL_Public&command=show&forward=nonthreadedKC&kcId=518722 McAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak permissions (0666) for /Library/Application Support/Virex/VShieldExclude.txt, which allows local users to reconfigure Virex to skip scanning of arbitrary files.

cpe:/a:mcafee:virex:6.2:-:mac cpe:/a:mcafee:virex:7.7:-:mac

CVE-2007-1227

2007-03-02T17:19:00.000-05:00

2018-10-16T12:37:22.267-04:00

6.6

LOCAL

MEDIUM

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SREASON 2342 BUGTRAQ 20070227 [NETRAGARD-20070220 SECURITY ADVISORY] [McAfee VirusScan for Mac (Virex) Local root exploit and Scan Bypass] BID 22744 SECTRACK 1017707 VUPEN ADV-2007-0777 XF mcafee-virex-library-privilege-escalation(32729) VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 allow local users to change permissions of arbitrary files via a symlink attack on /Library/Application Support/Virex/VShieldExclude.txt, as demonstrated by symlinking to the root crontab file to execute arbitrary commands.

cpe:/a:ibm:db2:8.2 cpe:/a:ibm:db2:8.2:fp1 cpe:/a:ibm:db2:8.2:fp2 cpe:/a:ibm:db2:8.2:fp3 cpe:/a:ibm:db2:8.2:fp4 cpe:/a:ibm:db2:8.2:fp5 cpe:/a:ibm:db2:8.2:fp6 cpe:/a:ibm:db2:9.0 cpe:/a:ibm:db2:9.0:fp1

CVE-2007-1228

2007-03-02T17:19:00.000-05:00

2009-02-11T00:00:00.000-05:00

4.4

LOCAL

MEDIUM

SINGLE_INSTANCE

COMPLETE

NONE

http://nvd.nist.gov

2007-03-06T15:01:00.000-05:00

BID 22729 SECTRACK 1017731 AIXAPAR IY86711 AIXAPAR IY87492 IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories.

cpe:/a:nullsoft:shoutcast_server:1.9.7

CVE-2007-1229

2007-03-02T17:19:00.000-05:00

2018-10-16T12:37:25.063-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov FULLDISC 20070227 Nullsoft ShoutcastServer Persistant XSS - 0day BUGTRAQ 20070227 Nullsoft ShoutcastServer Persistant XSS - 0day BID 22742 VUPEN ADV-2007-0775 XF shoutcast-admin-interface-xss(32726) Cross-site scripting (XSS) vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the top-level URI on the Incoming interface (port 8001/tcp), which is not properly handled in the administrator interface when viewing the log file.

cpe:/a:wordpress:wordpress:2.1

CVE-2007-1230

2007-03-02T17:19:00.000-05:00

2011-03-07T21:51:33.377-05:00

5.8

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://trac.wordpress.org/changeset/4951 CONFIRM http://trac.wordpress.org/changeset/4952 GENTOO GLSA-200703-23 VUPEN ADV-2007-0756 Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via (1) the Referer HTTP header or (2) the URI, a different vulnerability than CVE-2007-1049.

cpe:/a:sqlitemanager:sqlitemanager:1.2.0

CVE-2007-1231

2007-03-03T14:19:00.000-05:00

2018-10-16T12:37:27.453-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2366 BUGTRAQ 20070224 SQLiteManager v1.2.0 Multiple Vulnerabilities BID 22731 XF sqlitemanager-main-xss(32692) Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) database name, (2) table name, (3) ViewName, (4) view, (5) trigger, and (6) function fields in main.php and certain other files.

cpe:/a:sqlite_manager:sqlite_manager:1.2

CVE-2007-1232

2007-03-03T14:19:00.000-05:00

2018-10-16T12:37:28.047-04:00

5.1

NETWORK

HIGH

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2366 BUGTRAQ 20070224 SQLiteManager v1.2.0 Multiple Vulnerabilities BID 22727 XF sqlitemanager-sqlitemanager-file-include(32693) Directory traversal vulnerability in SQLiteManager 1.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in a SQLiteManager_currentTheme cookie.

cpe:/a:stwc-counter:stwc-counter:1.1 cpe:/a:stwc-counter:stwc-counter:1.2 cpe:/a:stwc-counter:stwc-counter:1.11 cpe:/a:stwc-counter:stwc-counter:1.12 cpe:/a:stwc-counter:stwc-counter:1.21 cpe:/a:stwc-counter:stwc-counter:1.22 cpe:/a:stwc-counter:stwc-counter:2.0.0 cpe:/a:stwc-counter:stwc-counter:2.0.1 cpe:/a:stwc-counter:stwc-counter:2.0.2 cpe:/a:stwc-counter:stwc-counter:2.1.0 cpe:/a:stwc-counter:stwc-counter:2.1.1 cpe:/a:stwc-counter:stwc-counter:2.2.0 cpe:/a:stwc-counter:stwc-counter:2.2.1 cpe:/a:stwc-counter:stwc-counter:2.2.2 cpe:/a:stwc-counter:stwc-counter:2.2.3 cpe:/a:stwc-counter:stwc-counter:2.2.4 cpe:/a:stwc-counter:stwc-counter:2.2.5 cpe:/a:stwc-counter:stwc-counter:2.2.6 cpe:/a:stwc-counter:stwc-counter:2.2.7 cpe:/a:stwc-counter:stwc-counter:2.3.0 cpe:/a:stwc-counter:stwc-counter:2.3.1 cpe:/a:stwc-counter:stwc-counter:2.4.0 cpe:/a:stwc-counter:stwc-counter:2.5.0 cpe:/a:stwc-counter:stwc-counter:2.5.1 cpe:/a:stwc-counter:stwc-counter:2.5.2 cpe:/a:stwc-counter:stwc-counter:2.6.0 cpe:/a:stwc-counter:stwc-counter:2.6.1 cpe:/a:stwc-counter:stwc-counter:2.6.2 cpe:/a:stwc-counter:stwc-counter:2.6.3 cpe:/a:stwc-counter:stwc-counter:2.6.4 cpe:/a:stwc-counter:stwc-counter:2.6.5 cpe:/a:stwc-counter:stwc-counter:2.6.6 cpe:/a:stwc-counter:stwc-counter:2.7.0 cpe:/a:stwc-counter:stwc-counter:2.7.1 cpe:/a:stwc-counter:stwc-counter:2.8.0 cpe:/a:stwc-counter:stwc-counter:2.8.1 cpe:/a:stwc-counter:stwc-counter:2.9.0 cpe:/a:stwc-counter:stwc-counter:2.9.1 cpe:/a:stwc-counter:stwc-counter:3.0.0 cpe:/a:stwc-counter:stwc-counter:3.0.1 cpe:/a:stwc-counter:stwc-counter:3.0.2 cpe:/a:stwc-counter:stwc-counter:3.0.3 cpe:/a:stwc-counter:stwc-counter:3.1.0 cpe:/a:stwc-counter:stwc-counter:3.2.0 cpe:/a:stwc-counter:stwc-counter:3.3.0 cpe:/a:stwc-counter:stwc-counter:3.4.0

CVE-2007-1233

2007-03-03T14:19:00.000-05:00

2017-10-10T21:31:47.970-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22723 VUPEN ADV-2007-0754 XF stwccounter-downloadcounter-file-include(32681) EXPLOIT-DB 3379 PHP remote file inclusion vulnerability in downloadcounter.php in STWC-Counter 3.4.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the stwc_counter_verzeichniss parameter.

cpe:/a:bj_sintay:sitex:0.7.3

CVE-2007-1234

2007-03-03T14:19:00.000-05:00

2018-10-16T12:37:28.470-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2373 BUGTRAQ 20070223 sitex multiple vulnerabilities BUGTRAQ 20070414 Re: sitex multiple vulnerabilities Multiple cross-site scripting (XSS) vulnerabilities in sitex allow remote attackers to inject arbitrary web script or HTML via (1) the sxYear parameter to calendar.php, (2) the search parameter to search.php, (3) the linkid parameter to redirect.php, or (4) the page parameter to calendar_events.php.

cpe:/a:bj_sintay:sitex:0.7.3

CVE-2007-1235

2007-03-03T14:19:00.000-05:00

2018-10-16T12:37:28.937-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2373 BUGTRAQ 20070223 sitex multiple vulnerabilities Unrestricted file upload vulnerability in sitex allows remote attackers to upload arbitrary PHP code via an avatar filename with a double extension such as .php.jpg, which fails verification and is saved as a .php file.

cpe:/a:sitex:sitex

CVE-2007-1236

2007-03-03T14:19:00.000-05:00

2018-10-16T12:37:29.143-04:00

6.4

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2373 BUGTRAQ 20070223 sitex multiple vulnerabilities sitex allows remote attackers to obtain sensitive information via a request with a numerical value for the (1) sxMonth[] or (2) sxYear[] parameter to calendar.php, or the (3) page[] parameter to calendar_events.php, which reveals the path in various error messages.

cpe:/a:bj_sintay:sitex:0.7.3

CVE-2007-1237

2007-03-03T14:19:00.000-05:00

2018-10-16T12:37:29.393-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2373 BUGTRAQ 20070223 sitex multiple vulnerabilities sitex allows remote attackers to obtain potentially sensitive information via a ' (quote) value for certain parameters, as demonstrated by parameters used in forum and search, which forces a SQL error.

cpe:/a:microsoft:office:2003

CVE-2007-1238

2007-03-03T14:19:00.000-05:00

2018-10-16T12:37:29.610-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov MISC http://securityvulns.com/Qdocument120.html BUGTRAQ 20070225 Few unreported vulnerabilities by SehaTo Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file.

cpe:/a:microsoft:excel:2003 cpe:/a:microsoft:excel:2003:sp1 cpe:/a:microsoft:excel:2003:sp2

CVE-2007-1239

2007-03-03T14:19:00.000-05:00

2018-10-16T12:37:29.813-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov MISC http://securityvulns.com/news/Microsoft/Excel/XML/DoS.html BUGTRAQ 20070225 Few unreported vulnerabilities by SehaTo BID 22717 Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference.

cpe:/a:docebo:docebo:3.0.3 cpe:/a:docebo:docebo:3.0.4 cpe:/a:docebo:docebo:3.0.5

CVE-2007-1240

2007-03-03T14:19:00.000-05:00

2017-07-28T21:30:41.377-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov MISC http://downloads.securityfocus.com/vulnerabilities/exploits/22719.html BID 22719 XF Docebocms-index-xss(32842) Multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS 3.0.3 through 3.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the searchkey parameter to index.php, or the (2) sn or (3) ri parameter to modules/htmlframechat/index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:audins_audiens:audins_audiens:3.3

CVE-2007-1241

2007-03-03T14:19:00.000-05:00

2017-07-28T21:30:41.453-04:00

5.8

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov MISC http://downloads.securityfocus.com/vulnerabilities/exploits/22728.html BID 22728 XF audins-setup-xss(32839) Cross-site scripting (XSS) vulnerability in setup.php in Audins Audiens 3.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:audins_audiens:audins_audiens:3.3

CVE-2007-1242

2007-03-03T14:19:00.000-05:00

2017-07-28T21:30:41.500-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22728 XF audins-index-sql-injection(32837) SQL injection vulnerability in system/index.php in Audins Audiens 3.3 allows remote attackers to execute arbitrary SQL commands via the PHPSESSID cookie. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:audins_audiens:audins_audiens:3.3

CVE-2007-1243

2007-03-03T14:19:00.000-05:00

2017-07-28T21:30:41.547-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22728 XF audins-unistall-authentication-bypass(32707) Audins Audiens 3.3 allows remote attackers to bypass authentication and perform certain privileged actions, possibly an uninstall of the product, by calling unistall.php with the values cnf=disinstalla and status=on. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:wordpress:wordpress:2.1.1

CVE-2007-1244

2007-03-03T14:19:00.000-05:00

2018-10-16T12:37:30.017-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

FULLDISC 20070226 WordPress AdminPanel CSRF/XSS - 0day GENTOO GLSA-200703-23 BUGTRAQ 20070226 WordPress AdminPanel CSRF/XSS - 0day BID 22735 XF wordpress-post-csrf(32703) Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks and steal cookies via the post parameter.

cpe:/a:irfanview:irfanview:3.99

CVE-2007-1245

2007-03-03T14:19:00.000-05:00

2018-10-16T12:37:30.517-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov MISC http://securityvulns.com/news/IrfanView/WMF/DoS.html MISC http://securityvulns.com/Qdocument120.html BUGTRAQ 20070225 Few unreported vulnerabilities by SehaTo IrfanView 3.99 allows remote attackers to cause a denial of service (application crash) via a malformed WMF file.

cpe:/a:mplayer:mplayer:1.0_rc1

CVE-2007-1246

2007-03-03T14:19:00.000-05:00

2018-10-16T12:37:30.783-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

FULLDISC 20070301 MPlayer DMO buffer overflow GENTOO GLSA-200704-09 GENTOO GLSA-200705-21 SLACKWARE SSA:2007-109-02 CONFIRM http://svn.mplayerhq.hu/mplayer/trunk/loader/dmo/DMO_VideoDecoder.c MISC http://svn.mplayerhq.hu/mplayer/trunk/loader/dmo/DMO_VideoDecoder.c?r1=22019&r2=22204 DEBIAN DSA-1536 MANDRIVA MDKSA-2007:055 MANDRIVA MDKSA-2007:057 SUSE SUSE-SR:2007:007 SUSE SUSE-SR:2007:005 BUGTRAQ 20070423 FLEA-2007-0013-1: xine-lib BID 22771 UBUNTU USN-433-1 VUPEN ADV-2007-0794 XF mplayer-dmovideodecoder-bo(32747) The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than CVE-2007-1387.

cpe:/a:aweb_labs:awebnews:1.5

CVE-2007-1247

2007-03-03T15:19:00.000-05:00

2018-10-16T12:37:35.643-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2365 BUGTRAQ 20070301 aWebNews v 1.1=>RFI BUGTRAQ 20070301 aWebNews V 1.1 BID 22781 VUPEN ADV-2007-0808 XF awebnews-pathtonews-file-include(32770) Multiple PHP remote file inclusion vulnerabilities in aWeb Labs aWebNews 1.5 allow remote attackers to execute arbitrary PHP code via a URL in the path_to_news parameter to (1) listing.php or (2) visview.php.

cpe:/a:built2go:news_manager_blog:1.0

CVE-2007-1248

2007-03-03T15:19:00.000-05:00

2018-10-16T12:37:36.860-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2343 BUGTRAQ 20070301 Built2Go v.1.0 => ( news.php & rating.php ) Cross Site Scripting BID 22783 VUPEN ADV-2007-0818 XF newsmanagerblog-news-rating-xss(32772) Multiple cross-site scripting (XSS) vulnerabilities in built2go News Manager Blog 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) uid, and (3) nid parameters to (a) news.php, and the nid parameter to (b) rating.php.

cpe:/a:contelligent:c1_financial_services:9.1.4

CVE-2007-1249

2007-03-03T15:19:00.000-05:00

2017-07-28T21:30:41.860-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

CONFIRM http://www.contelligent.com/contell/cms/c1web/contelligent/site/contelligent/changelog.html?fromRelease=9.1.4 BID 22785 VUPEN ADV-2007-0814 XF contelligent-sortedcontent-security-bypass(32775) MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 does not check "the additional environment security configuration," which allows remote attackers with write permissions to reorder components.

cpe:/a:angel_learning:learning_management_suite:7.1

CVE-2007-1250

2007-03-03T15:19:00.000-05:00

2018-10-16T12:37:37.143-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070301 Angel LMS 7.1 - Remote SQL Injection BUGTRAQ 20070301 Re: Angel LMS 7.1 - Remote SQL Injection BUGTRAQ 20070301 [Fwd: Re: Angel LMS 7.1 - Remote SQL Injection] BID 22768 VUPEN ADV-2007-0807 XF angellms-default-sql-injection(32756) EXPLOIT-DB 3390 SQL injection vulnerability in section/default.asp in ANGEL Learning Management Suite (LMS) 7.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

cpe:/a:netrek:netrek_vanilla_server:2.12.0

CVE-2007-1251

2007-03-03T15:19:00.000-05:00

2018-10-16T12:37:37.610-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

MISC http://aluigi.altervista.org/adv/netrekfs-adv.txt CONFIRM http://sourceforge.net/project/shownotes.php?release_id=490561 BUGTRAQ 20070302 Limited format string in Netrek 2.12.0 BID 22786 VUPEN ADV-2007-0815 XF vanilla-vsprintf-format-string(32777) Format string vulnerability in the new_warning function in ntserv/warning.c for Netrek Vanilla Server 2.12.0, when EVENTLOG is enabled, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the message handling.

cpe:/a:symantec:mail_security:5.0::smtp

CVE-2007-1252

2007-03-03T15:19:00.000-05:00

2017-07-28T21:30:42.017-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

MISC ftp://ftp.symantec.com/public/english_us_canada/products/symantec_mail_security/5.0_smtp/updates/release_notes_p175.txt CERT-VN VU#875633 BID 22782 SECTRACK 1017716 VUPEN ADV-2007-0799 XF symantec-email-headers-code-execution(32781) Buffer overflow in Symantec Mail Security for SMTP 5.0 before Patch 175 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted headers in an e-mail message. NOTE: some information was obtained from third party sources.

cpe:/a:blender:blender:2.25 cpe:/a:blender:blender:2.36 cpe:/a:blender:blender:2.37a cpe:/a:blender:blender:2.42a

CVE-2007-1253

2007-03-03T15:19:00.000-05:00

2017-07-28T21:30:42.080-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

GENTOO GLSA-200704-19 BID 22770 SECTRACK 1017714 VUPEN ADV-2007-0798 XF blender-kml-kmz-command-execution(32778) Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script for Blender 0.1.9h, as used in (b) Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted (1) KML or (2) KMZ file.

cpe:/a:connectix:connectix_boards:0.4 cpe:/a:connectix:connectix_boards:0.4.1 cpe:/a:connectix:connectix_boards:0.4.2 cpe:/a:connectix:connectix_boards:0.4.3 cpe:/a:connectix:connectix_boards:0.4.4 cpe:/a:connectix:connectix_boards:0.5 cpe:/a:connectix:connectix_boards:0.5.1 cpe:/a:connectix:connectix_boards:0.5.2 cpe:/a:connectix:connectix_boards:0.5.3 cpe:/a:connectix:connectix_boards:0.5.4 cpe:/a:connectix:connectix_boards:0.5.5 cpe:/a:connectix:connectix_boards:0.6 cpe:/a:connectix:connectix_boards:0.6.1 cpe:/a:connectix:connectix_boards:0.7

CVE-2007-1254

2007-03-03T15:19:00.000-05:00

2018-10-16T12:37:37.907-04:00

6.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2364 BUGTRAQ 20070221 Connectix Boards <= 0.7 (p_skin) Multiple Vulnerabilities Exploit EXPLOIT-DB 3352 SQL injection vulnerability in part.userprofile.php in Connectix Boards 0.7 and earlier allows remote authenticated users to execute arbitrary SQL commands and obtain privileges via the p_skin parameter to index.php.

CVE-2007-1255

2007-03-03T15:19:00.000-05:00

2018-10-16T12:37:38.157-04:00

6.0

NETWORK

MEDIUM

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2364 BUGTRAQ 20070221 Connectix Boards <= 0.7 (p_skin) Multiple Vulnerabilities Exploit EXPLOIT-DB 3352 Unrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated administrators to execute arbitrary PHP code by uploading a crafted GIF smiley image with a .php extension via the uploadimage parameter to admin.php, which can be later accessed via a direct request for the file in smileys/. NOTE: this can be leveraged with a separate SQL injection issue for remote unauthenticated attacks.

cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:firefox:2.0.0.2

CVE-2007-1256

2007-03-03T15:19:00.000-05:00

2018-10-16T12:37:38.407-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov FULLDISC 20070227 Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr) FULLDISC 20070227 RE: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr) BUGTRAQ 20070227 Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr) Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address bar, favicons, and document source, and perform updates in the context of arbitrary websites, by repeatedly setting document.location in the onunload attribute when linking to another website, a variant of CVE-2007-1092.

cpe:/h:cisco:catalyst_6000_ws-svc-nam-1:2.2%281a%29 cpe:/h:cisco:catalyst_6000_ws-svc-nam-2:2.2%281a%29 cpe:/h:cisco:catalyst_6000_ws-x6380-nam:3.1%281a%29 cpe:/h:cisco:catalyst_6500_ws-svc-nam-1:2.2%281a%29 cpe:/h:cisco:catalyst_6500_ws-svc-nam-2:2.2%281a%29 cpe:/h:cisco:catalyst_6500_ws-x6380-nam:3.1%281a%29 cpe:/h:cisco:catalyst_7600_ws-svc-nam-1:2.2%281a%29 cpe:/h:cisco:catalyst_7600_ws-svc-nam-2:2.2%281a%29 cpe:/h:cisco:catalyst_7600_ws-x6380-nam:3.1%281a%29 cpe:/h:cisco:network_analysis_module

CVE-2007-1257

2007-03-03T15:19:00.000-05:00

2017-10-10T21:31:48.097-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CISCO 20070228 Cisco Catalyst 6000, 6500 Series and Cisco 7600 Series NAM (Network Analysis Module) Vulnerability CERT-VN VU#472412 BID 22751 SECTRACK 1017710 VUPEN ADV-2007-0783 XF cisco-catalyst-nam-unauthorized-access(32750) The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM's own IP address.

cpe:/h:cisco:catalyst_6000 cpe:/h:cisco:catalyst_6500 cpe:/h:cisco:catalyst_7600 cpe:/o:cisco:ios:12.2%2818%29sxf4 cpe:/o:cisco:ios:12.2sxa cpe:/o:cisco:ios:12.2sxb cpe:/o:cisco:ios:12.2sxd cpe:/o:cisco:ios:12.2sxf

CVE-2007-1258

2007-03-03T15:19:00.000-05:00

2017-10-10T21:31:48.157-04:00

6.1

ADJACENT_NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CISCO 20070228 Cisco Catalyst 6000, 6500 and Cisco 7600 Series MPLS Packet Vulnerability SECTRACK 1017709 VUPEN ADV-2007-0782 XF cisco-catalyst-mpls-dos(32748) Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and the MSFC2, MSFC2a and MSFC3 running in Hybrid Mode on Cisco Catalyst 6000, 6500 and Cisco 7600 series systems; allows remote attackers on a local network segment to cause a denial of service (software reload) via a certain MPLS packet.

CVE-2007-1259

2007-03-03T15:19:00.000-05:00

2011-09-01T00:00:00.000-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-03-07T10:53:00.000-05:00

VUPEN ADV-2007-0720 CONFIRM http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=252 CONFIRM http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=254 Multiple unspecified vulnerabilities in WebAPP before 0.9.9.6 have unknown impact and attack vectors.

cpe:/a:webmod:webmod:0.48

CVE-2007-1260

2007-03-03T16:19:00.000-05:00

2017-10-10T21:31:48.220-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

MISC http://cybermind.user.stfunoob.com/w48crash/ BID 22788 XF webmod-contentlength-bo(32755) EXPLOIT-DB 3395 Stack-based buffer overflow in the connectHandle function in server.cpp in WebMod 0.48 allows remote attackers to execute arbitrary code via a long string in the Content-Length HTTP header.

cpe:/a:openbiblio:openbiblio:0.1.0 cpe:/a:openbiblio:openbiblio:0.2 cpe:/a:openbiblio:openbiblio:0.2.1 cpe:/a:openbiblio:openbiblio:0.3 cpe:/a:openbiblio:openbiblio:0.3.0 cpe:/a:openbiblio:openbiblio:0.4.0 cpe:/a:openbiblio:openbiblio:0.5.0 cpe:/a:openbiblio:openbiblio:0.5.1 cpe:/a:openbiblio:openbiblio:0.5.2 cpe:/a:openbiblio:openbiblio:0.5.2:pre4

CVE-2007-1261

2007-03-03T16:19:00.000-05:00

2017-07-28T21:30:42.297-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

CONFIRM http://sourceforge.net/project/shownotes.php?group_id=50071&release_id=488061 VUPEN ADV-2007-0790 XF openbiblio-reports-privilege-escalation(32758) Unspecified vulnerability in the reports system in OpenBiblio before 0.6.0 allows attackers to gain privileges via unspecified vectors.

cpe:/a:squirrelmail:squirrelmail:1.4.0 cpe:/a:squirrelmail:squirrelmail:1.4.1 cpe:/a:squirrelmail:squirrelmail:1.4.2 cpe:/a:squirrelmail:squirrelmail:1.4.3 cpe:/a:squirrelmail:squirrelmail:1.4.3_r3 cpe:/a:squirrelmail:squirrelmail:1.4.3_rc1 cpe:/a:squirrelmail:squirrelmail:1.4.3a cpe:/a:squirrelmail:squirrelmail:1.4.3aa cpe:/a:squirrelmail:squirrelmail:1.4.4 cpe:/a:squirrelmail:squirrelmail:1.4.4_rc1 cpe:/a:squirrelmail:squirrelmail:1.4.5 cpe:/a:squirrelmail:squirrelmail:1.4.6 cpe:/a:squirrelmail:squirrelmail:1.4.6_cvs cpe:/a:squirrelmail:squirrelmail:1.4.6_rc1 cpe:/a:squirrelmail:squirrelmail:1.4.7 cpe:/a:squirrelmail:squirrelmail:1.4.8 cpe:/a:squirrelmail:squirrelmail:1.4.9 cpe:/a:squirrelmail:squirrelmail:1.4.9a

CVE-2007-1262

2007-05-11T00:20:00.000-04:00

2017-10-10T21:31:48.283-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://docs.info.apple.com/article.html?artnum=306172 JVN JVN#09157962 JVNDB JVNDB-2007-000398 APPLE APPLE-SA-2007-07-31 DEBIAN DSA-1290 MANDRIVA MDKSA-2007:106 SUSE SUSE-SR:2007:013 BID 23910 BID 25159 SECTRACK 1018033 CONFIRM http://www.squirrelmail.org/security/issue/2007-05-09 VUPEN ADV-2007-1748 VUPEN ADV-2007-2732 CONFIRM https://issues.rpath.com/browse/RPL-1353 REDHAT RHSA-2007:0358 Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer.

cpe:/a:gnu:gpgme:1.1.3 cpe:/a:gnupg:gnupg:1.4.6

CVE-2007-1263

2007-03-06T15:19:00.000-05:00

2018-10-16T12:37:38.643-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SGI 20070301-01-P FEDORA FEDORA-2007-316 FEDORA FEDORA-2007-315 MLIST [gnupg-users] 20070306 [Announce] Multiple Messages Problem in GnuPG and GPGME SUSE SUSE-SA:2007:024 SREASON 2353 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-144.htm MISC http://www.coresecurity.com/?action=item&id=1687 DEBIAN DSA-1266 MANDRIVA MDKSA-2007:059 REDHAT RHSA-2007:0106 REDHAT RHSA-2007:0107 BUGTRAQ 20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability BUGTRAQ 20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability BID 22757 SECTRACK 1017727 TRUSTIX 2007-0009 UBUNTU USN-432-1 UBUNTU USN-432-2 VUPEN ADV-2007-0835 CONFIRM https://issues.rpath.com/browse/RPL-1111 GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.

cpe:/a:enigmail:enigmail:0.94.2

CVE-2007-1264

2007-03-06T15:19:00.000-05:00

2018-10-16T12:37:40.283-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov MLIST [gnupg-users] 20070306 [Announce] Multiple Messages Problem in GnuPG and GPGME SREASON 2353 MISC http://www.coresecurity.com/?action=item&id=1687 BUGTRAQ 20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability BUGTRAQ 20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability BID 22758 SECTRACK 1017727 VUPEN ADV-2007-0835 Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.

cpe:/a:kde:k-mail:0.0.29.2 cpe:/a:kde:k-mail:1.0.23 cpe:/a:kde:k-mail:1.0.24 cpe:/a:kde:k-mail:1.0.25 cpe:/a:kde:k-mail:1.0.26 cpe:/a:kde:k-mail:1.0.27 cpe:/a:kde:k-mail:1.0.28 cpe:/a:kde:k-mail:1.0.29 cpe:/a:kde:k-mail:1.0.29.1 cpe:/a:kde:k-mail:1.0.29.2 cpe:/a:kde:k-mail:1.1 cpe:/a:kde:k-mail:1.2 cpe:/a:kde:k-mail:1.3.1 cpe:/a:kde:k-mail:1.7.1 cpe:/a:kde:k-mail:1.9.1 cpe:/a:kde:k-mail:1.86.2.36 cpe:/a:kde:k-mail:1.87 cpe:/a:kde:k-mail:1.88 cpe:/a:kde:k-mail:1.89 cpe:/a:kde:k-mail:1.90 cpe:/a:kde:k-mail:1.92 cpe:/a:kde:k-mail:1.93 cpe:/a:kde:k-mail:1.94 cpe:/a:kde:k-mail:1.95 cpe:/a:kde:k-mail:1.101 cpe:/a:kde:k-mail:1.102

CVE-2007-1265

2007-03-06T15:19:00.000-05:00

2018-10-16T12:37:40.673-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

NONE

http://nvd.nist.gov MLIST [gnupg-users] 20070306 [Announce] Multiple Messages Problem in GnuPG and GPGME SREASON 2353 MISC http://www.coresecurity.com/?action=item&id=1687 BUGTRAQ 20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability BUGTRAQ 20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability BID 22759 SECTRACK 1017727 VUPEN ADV-2007-0835 KMail 1.9.5 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents KMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.

cpe:/a:gnome:evolution:2.8.1

CVE-2007-1266

2007-03-06T15:19:00.000-05:00

2018-10-16T12:37:41.097-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov MLIST [gnupg-users] 20070306 [Announce] Multiple Messages Problem in GnuPG and GPGME SREASON 2353 MISC http://www.coresecurity.com/?action=item&id=1687 BUGTRAQ 20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability BUGTRAQ 20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability BID 22760 SECTRACK 1017727 VUPEN ADV-2007-0835 Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.

cpe:/a:sylpheed:sylpheed:2.2.7

CVE-2007-1267

2007-03-06T15:19:00.000-05:00

2018-10-16T12:37:41.470-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov MLIST [gnupg-users] 20070306 [Announce] Multiple Messages Problem in GnuPG and GPGME SREASON 2353 MISC http://www.coresecurity.com/?action=item&id=1687 BUGTRAQ 20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability BUGTRAQ 20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability BID 22777 SECTRACK 1017727 VUPEN ADV-2007-0835 Sylpheed 2.2.7 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Sylpheed from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.

cpe:/a:mutt:mutt:1.5.13

CVE-2007-1268

2007-03-06T15:19:00.000-05:00

2018-10-16T12:37:41.847-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov MLIST [gnupg-users] 20070306 [Announce] Multiple Messages Problem in GnuPG and GPGME SREASON 2353 MISC http://www.coresecurity.com/?action=item&id=1687 BUGTRAQ 20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability BUGTRAQ 20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability BID 22778 SECTRACK 1017727 VUPEN ADV-2007-0835 Mutt 1.5.13 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Mutt from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.

cpe:/a:gnu:gnumail:1.1.2

CVE-2007-1269

2007-03-06T15:19:00.000-05:00

2018-10-16T12:37:42.203-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov MLIST [gnupg-users] 20070306 [Announce] Multiple Messages Problem in GnuPG and GPGME SREASON 2353 MISC http://www.coresecurity.com/?action=item&id=1687 BUGTRAQ 20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability BUGTRAQ 20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability BID 22779 SECTRACK 1017727 VUPEN ADV-2007-0835 GNUMail 1.1.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents GNUMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.

cpe:/a:vmware:esx_server:3.0 cpe:/o:vmware:esx:3.0.0 cpe:/o:vmware:esx:3.0.1

CVE-2007-1270

2007-04-05T20:19:00.000-04:00

2018-10-30T12:26:23.590-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2524 BUGTRAQ 20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates BID 23323 SECTRACK 1017875 CONFIRM http://www.vmware.com/support/vi3/doc/esx-5754280-patch.html CONFIRM http://www.vmware.com/support/vi3/doc/esx-6431040-patch.html VUPEN ADV-2007-1267 Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows attackers to cause a denial of service (crash), obtain sensitive information, or possibly execute arbitrary code via unspecified vectors.

cpe:/o:vmware:esx:3.0.0 cpe:/o:vmware:esx:3.0.1

CVE-2007-1271

2007-04-05T20:19:00.000-04:00

2018-10-30T12:26:23.590-04:00

6.6

LOCAL

MEDIUM

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SREASON 2524 BUGTRAQ 20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates BID 23322 SECTRACK 1017875 CONFIRM http://www.vmware.com/support/vi3/doc/esx-5754280-patch.html CONFIRM http://www.vmware.com/support/vi3/doc/esx-6431040-patch.html VUPEN ADV-2007-1267 Buffer overflow in VMware ESX Server 3.0.0 and 3.0.1 might allow attackers to gain privileges or cause a denial of service (application crash) via unspecified vectors.

cpe:/a:navision:financials_server:3.0

CVE-2007-1273

2007-03-10T15:19:00.000-05:00

2009-10-14T00:56:15.297-04:00

6.9

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

NETBSD NetBSD-SA2007-001 BID 22878 Integer overflow in the ktruser function in NetBSD-current before 20061022, NetBSD 3 and 3-0 before 20061024, and NetBSD 2 before 20070209, when the kernel is built with the COMPAT_FREEBSD or COMPAT_DARWIN option, allows local users to cause a denial of service and possibly gain privileges.

cpe:/a:usermin:usermin:1.000 cpe:/a:usermin:usermin:1.010 cpe:/a:usermin:usermin:1.020 cpe:/a:usermin:usermin:1.030 cpe:/a:usermin:usermin:1.040 cpe:/a:usermin:usermin:1.051 cpe:/a:usermin:usermin:1.060 cpe:/a:usermin:usermin:1.070 cpe:/a:usermin:usermin:1.080 cpe:/a:usermin:usermin:1.090 cpe:/a:usermin:usermin:1.100 cpe:/a:usermin:usermin:1.110 cpe:/a:usermin:usermin:1.120 cpe:/a:usermin:usermin:1.130 cpe:/a:usermin:usermin:1.140 cpe:/a:usermin:usermin:1.150 cpe:/a:usermin:usermin:1.210 cpe:/a:usermin:usermin:1.220 cpe:/a:usermin:usermin:1.230 cpe:/a:usermin:usermin:1.240 cpe:/a:usermin:usermin:1.250 cpe:/a:webmin:webmin:1.0.00 cpe:/a:webmin:webmin:1.0.10 cpe:/a:webmin:webmin:1.0.20 cpe:/a:webmin:webmin:1.0.30 cpe:/a:webmin:webmin:1.0.40 cpe:/a:webmin:webmin:1.0.50 cpe:/a:webmin:webmin:1.0.51 cpe:/a:webmin:webmin:1.0.60 cpe:/a:webmin:webmin:1.0.70 cpe:/a:webmin:webmin:1.0.80 cpe:/a:webmin:webmin:1.0.90 cpe:/a:webmin:webmin:1.1.00 cpe:/a:webmin:webmin:1.1.10 cpe:/a:webmin:webmin:1.1.20 cpe:/a:webmin:webmin:1.1.21 cpe:/a:webmin:webmin:1.1.30 cpe:/a:webmin:webmin:1.1.40 cpe:/a:webmin:webmin:1.1.50 cpe:/a:webmin:webmin:1.2.20 cpe:/a:webmin:webmin:1.2.30 cpe:/a:webmin:webmin:1.2.40 cpe:/a:webmin:webmin:1.2.50 cpe:/a:webmin:webmin:1.3.20

CVE-2007-1276

2007-03-05T15:19:00.000-05:00

2017-07-28T21:30:42.360-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov SECTRACK 1017711 VUPEN ADV-2007-0780 CONFIRM http://www.webmin.com/changes-1.330.html CONFIRM http://www.webmin.com/security.html XF webmin-chooser-xss(32725) Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename.

cpe:/a:wordpress:wordpress:2.1.1

CVE-2007-1277

2007-03-05T15:19:00.000-05:00

2018-10-16T12:37:43.470-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

MISC http://ifsec.blogspot.com/2007/03/wordpress-code-compromised-to-enable.html CONFIRM http://wordpress.org/development/2007/03/upgrade-212/ CERT-VN VU#214480 CERT-VN VU#641456 BUGTRAQ 20070303 WordPress source code compromised to enable remote code execution BID 22797 VUPEN ADV-2007-0812 XF wordpress-feed-code-execution(32804) XF wordpress-theme-command-execution(32807) WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via (1) an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and (2) an untrusted passthru call in the iz parameter to wp-includes/theme.php.

cpe:/a:adobe:coldfusion:6.1::enterprise_server cpe:/a:adobe:coldfusion:7.0::enterprise_server cpe:/a:adobe:jrun:4.0:updater6

CVE-2007-1278

2007-03-16T16:19:00.000-04:00

2019-07-03T13:25:47.480-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://www.adobe.com/support/security/bulletins/apsb07-07.html BID 22958 SECTRACK 1017752 VUPEN ADV-2007-0932 XF coldfusion-jrun-iisconnector-dos(32994) Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root.

cpe:/a:adobe:bridge:1.0.3

CVE-2007-1279

2007-04-11T18:19:00.000-04:00

2017-07-28T21:30:42.547-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://www.adobe.com/support/security/bulletins/apsb07-09.html BID 23404 SECTRACK 1017900 VUPEN ADV-2007-1342 XF bridge-unspecified-privilege-escalation(33570) Unspecified vulnerability in the installer for Adobe Bridge 1.0.3 update for Apple OS X, when patching with desktop management tools, allows local users to gain privileges via unspecified vectors during installation of the update by a different user who has administrative privileges.

cpe:/a:adobe:robohelp:6 cpe:/a:adobe:robohelp:x5 cpe:/a:adobe:robohelp_server:6

CVE-2007-1280

2007-05-09T20:19:00.000-04:00

2018-10-16T12:37:43.940-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://www.adobe.com/support/security/bulletins/apsb07-10.html MISC http://www.devtarget.org/adobe-advisory-05-2007.txt BUGTRAQ 20070511 Cross-Site Scripting in Adobe RoboHelp 6, Server 6 and X5 BID 23878 SECTRACK 1018020 VUPEN ADV-2007-1714 XF robohelp-files-xss(34181) Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5, 6, and Server 6 allows remote attackers to inject arbitrary web script or HTML via a URL after a # (hash) in the URL path, as demonstrated using en/frameset-7.html, and possibly other unspecified vectors involving templates and (1) whstart.js and (2) whcsh_home.htm in WebHelp, (3) wf_startpage.js and (4) wf_startqs.htm in FlashHelp, or (5) WindowManager.dll in RoboHelp Server 6.

cpe:/a:kaspersky_lab:kaspersky_antivirus_engine:5.5.10 cpe:/a:kaspersky_lab:kaspersky_antivirus_engine:6.0.1.411

CVE-2007-1281

2007-03-05T20:19:00.000-05:00

2017-07-28T21:30:42.673-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov IDEFENSE 20070302 Kaspersky AntiVirus UPX File Decompression DoS Vulnerability BID 22795 SECTRACK 1017718 VUPEN ADV-2007-0810 XF kaspersky-upx-dos(32797) Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux allows remote attackers to cause a denial of service (CPU consumption) via a crafted UPX compressed file with a negative offset, which triggers an infinite loop during decompression.

cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:thunderbird:0.1 cpe:/a:mozilla:thunderbird:0.2 cpe:/a:mozilla:thunderbird:0.3 cpe:/a:mozilla:thunderbird:0.4 cpe:/a:mozilla:thunderbird:0.5 cpe:/a:mozilla:thunderbird:0.6 cpe:/a:mozilla:thunderbird:0.7 cpe:/a:mozilla:thunderbird:0.7.1 cpe:/a:mozilla:thunderbird:0.7.2 cpe:/a:mozilla:thunderbird:0.7.3 cpe:/a:mozilla:thunderbird:0.8 cpe:/a:mozilla:thunderbird:0.9 cpe:/a:mozilla:thunderbird:1.0 cpe:/a:mozilla:thunderbird:1.0.1 cpe:/a:mozilla:thunderbird:1.0.2 cpe:/a:mozilla:thunderbird:1.0.3 cpe:/a:mozilla:thunderbird:1.0.4 cpe:/a:mozilla:thunderbird:1.0.5 cpe:/a:mozilla:thunderbird:1.0.6 cpe:/a:mozilla:thunderbird:1.0.7 cpe:/a:mozilla:thunderbird:1.0.8 cpe:/a:mozilla:thunderbird:1.5 cpe:/a:mozilla:thunderbird:1.5.0.1 cpe:/a:mozilla:thunderbird:1.5.0.2 cpe:/a:mozilla:thunderbird:1.5.0.3 cpe:/a:mozilla:thunderbird:1.5.0.4 cpe:/a:mozilla:thunderbird:1.5.0.6 cpe:/a:mozilla:thunderbird:1.5.0.7 cpe:/a:mozilla:thunderbird:1.5.0.8 cpe:/a:mozilla:thunderbird:1.5.0.9

CVE-2007-1282

2007-03-05T21:19:00.000-05:00

2017-10-10T21:31:48.597-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SGI 20070202-01-P FEDORA FEDORA-2007-308 FEDORA FEDORA-2007-309 GENTOO GLSA-200703-18 SLACKWARE SSA:2007-066-05 SLACKWARE SSA:2007-066-04 DEBIAN DSA-1336 CONFIRM http://www.mozilla.org/security/announce/2007/mfsa2007-10.html REDHAT RHSA-2007:0078 REDHAT RHSA-2007:0108 BID 22845 VUPEN ADV-2007-0824 MISC https://bugzilla.mozilla.org/show_bug.cgi?id=362735 XF mozilla-email-messages-overflow(32810) Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail message with an extremely long line.

cpe:/a:php:php:4.0.0 cpe:/a:php:php:4.0.1 cpe:/a:php:php:4.0.1:patch1 cpe:/a:php:php:4.0.1:patch2 cpe:/a:php:php:4.0.2 cpe:/a:php:php:4.0.3 cpe:/a:php:php:4.0.3:patch1 cpe:/a:php:php:4.0.4 cpe:/a:php:php:4.0.4:patch1 cpe:/a:php:php:4.0.5 cpe:/a:php:php:4.0.6 cpe:/a:php:php:4.0.7 cpe:/a:php:php:4.0.7:rc1 cpe:/a:php:php:4.0.7:rc2 cpe:/a:php:php:4.0.7:rc3 cpe:/a:php:php:4.0.7:rc4 cpe:/a:php:php:4.1.0 cpe:/a:php:php:4.1.1 cpe:/a:php:php:4.1.2 cpe:/a:php:php:4.2.0 cpe:/a:php:php:4.2.1 cpe:/a:php:php:4.2.2 cpe:/a:php:php:4.2.3 cpe:/a:php:php:4.3.0 cpe:/a:php:php:4.3.1 cpe:/a:php:php:4.3.2 cpe:/a:php:php:4.3.3 cpe:/a:php:php:4.3.4 cpe:/a:php:php:4.3.5 cpe:/a:php:php:4.3.6 cpe:/a:php:php:4.3.7 cpe:/a:php:php:4.3.8 cpe:/a:php:php:4.3.9 cpe:/a:php:php:4.3.10 cpe:/a:php:php:4.3.11 cpe:/a:php:php:4.4.0 cpe:/a:php:php:4.4.1 cpe:/a:php:php:4.4.2 cpe:/a:php:php:4.4.3 cpe:/a:php:php:4.4.4 cpe:/a:php:php:4.4.5 cpe:/a:php:php:4.4.6 cpe:/a:php:php:5.0.1 cpe:/a:php:php:5.0.2 cpe:/a:php:php:5.0.3 cpe:/a:php:php:5.0.4 cpe:/a:php:php:5.0.5 cpe:/a:php:php:5.1.0 cpe:/a:php:php:5.1.1 cpe:/a:php:php:5.1.2 cpe:/a:php:php:5.1.3 cpe:/a:php:php:5.1.4 cpe:/a:php:php:5.1.5 cpe:/a:php:php:5.1.6 cpe:/a:php:php:5.2.0 cpe:/a:php:php:5.2.1 cpe:/a:zend:engine

CVE-2007-1285

2007-03-06T15:19:00.000-05:00

2018-10-30T12:25:35.747-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov SUSE SUSE-SA:2007:044 REDHAT RHSA-2007:0154 REDHAT RHSA-2007:0155 REDHAT RHSA-2007:0163 GENTOO GLSA-200705-19 SLACKWARE SSA:2008-045-03 CONFIRM http://us2.php.net/releases/4_4_7.php CONFIRM http://us2.php.net/releases/5_2_2.php MANDRIVA MDKSA-2007:087 MANDRIVA MDKSA-2007:088 MANDRIVA MDKSA-2007:089 MANDRIVA MDKSA-2007:090 CONFIRM http://www.php.net/ChangeLog-4.php CONFIRM http://www.php.net/ChangeLog-5.php#5.2.4 CONFIRM http://www.php.net/releases/4_4_8.php CONFIRM http://www.php.net/releases/5_2_4.php MISC http://www.php-security.org/MOPB/MOPB-03-2007.html REDHAT RHSA-2007:0082 REDHAT RHSA-2007:0162 BUGTRAQ 20070418 rPSA-2007-0073-1 php php-mysql php-pgsql BID 22764 SECTRACK 1017771 UBUNTU USN-549-2 CONFIRM https://issues.rpath.com/browse/RPL-1268 CONFIRM https://launchpad.net/bugs/173043 UBUNTU USN-549-1 The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.

cpe:/a:php:php:4.4.4

CVE-2007-1286

2007-03-06T15:19:00.000-05:00

2018-10-16T12:37:48.453-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

HP SSRT071423 HP HPSBTU02232 REDHAT RHSA-2007:0154 REDHAT RHSA-2007:0155 REDHAT RHSA-2007:0163 GENTOO GLSA-200703-21 GENTOO GLSA-200705-19 DEBIAN DSA-1282 DEBIAN DSA-1283 MANDRIVA MDKSA-2007:087 MANDRIVA MDKSA-2007:088 MISC http://www.php-security.org/MOPB/MOPB-04-2007.html BUGTRAQ 20070418 rPSA-2007-0073-1 php php-mysql php-pgsql BID 22765 TRUSTIX 2007-0009 VUPEN ADV-2007-1991 VUPEN ADV-2007-2374 XF php-zval-code-execution(32796) CONFIRM https://issues.rpath.com/browse/RPL-1268 Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.

cpe:/a:php:php:4.4.4 cpe:/a:php:php:4.4.5 cpe:/a:php:php:4.4.6 cpe:/a:php:php:6.0

CVE-2007-1287

2007-03-06T15:19:00.000-05:00

2011-03-07T21:51:40.813-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://docs.info.apple.com/article.html?artnum=306172 APPLE APPLE-SA-2007-07-31 CONFIRM http://us2.php.net/releases/4_4_7.php MISC http://www.php-security.org/MOPB/MOPB-08-2007.html BID 25159 VUPEN ADV-2007-2732 A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388.

cpe:/a:webmobo:wbnews:1.4.1

CVE-2007-1288

2007-03-06T19:19:00.000-05:00

2018-10-16T12:37:50.923-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SREASON 2355 BUGTRAQ 20070301 WB News Remote File Include in all versions XF wbnews-multiple-scripts-file-include(32774) Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News 1.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) comment.php, (2) themes.php, (3) directory.php, and (4) sendmsg.php in admin/.

cpe:/a:tyger:bug_tracking_system:1.1.3

CVE-2007-1289

2007-03-06T19:19:00.000-05:00

2018-10-16T12:37:51.407-04:00

6.4

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2356 BUGTRAQ 20070303 Tyger Bug Tracking System Multiple Vulnerability BID 22799 VUPEN ADV-2007-0822 XF tyger-viewbugs-sql-injection(32791) SQL injection vulnerability in ViewBugs.php in Tyger Bug Tracking System (TygerBT) 1.1.3 allows remote attackers to execute arbitrary SQL commands via the s parameter.

cpe:/a:tyger:bug_tracking_system:1.1.3

CVE-2007-1290

2007-03-06T19:19:00.000-05:00

2017-07-28T21:30:43.000-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

XF tyger-viewbugs-sql-injection(32791) SQL injection vulnerability in ViewReport.php in Tyger Bug Tracking System (TygerBT) 1.1.3 allows remote attackers to execute arbitrary SQL commands via the bug parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:tyger:bug_tracking_system:1.1.3

CVE-2007-1291

2007-03-06T19:19:00.000-05:00

2018-10-16T12:37:51.860-04:00

5.8

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2356 BUGTRAQ 20070303 Tyger Bug Tracking System Multiple Vulnerability BID 22799 VUPEN ADV-2007-0822 XF tyger-login-register-xss(32792) Multiple cross-site scripting (XSS) vulnerabilities in Tyger Bug Tracking System (TygerBT) 1.1.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) Login.php and (2) Register.php.

cpe:/a:jelsoft:vbulletin:3.5.8 cpe:/a:jelsoft:vbulletin:3.6.0 cpe:/a:jelsoft:vbulletin:3.6.1 cpe:/a:jelsoft:vbulletin:3.6.2 cpe:/a:jelsoft:vbulletin:3.6.3 cpe:/a:jelsoft:vbulletin:3.6.4 cpe:/a:jelsoft:vbulletin:3.6.5

CVE-2007-1292

2007-03-06T19:19:00.000-05:00

2017-10-10T21:31:48.860-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22780 CONFIRM http://www.vbulletin.com/forum/showthread.php?postid=1314422 XF vbulletin-inlinemod-sql-injection(32746) EXPLOIT-DB 3387 SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances "almost impossible to achieve."

cpe:/a:rigter_portal_system:rigter_portal_system:6.2

CVE-2007-1293

2007-03-06T19:19:00.000-05:00

2018-10-16T12:37:52.283-04:00

5.8

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BUGTRAQ 20070303 RPS 6.2 SQL Injection Exploit BID 22813 VUPEN ADV-2007-0813 XF rps-index-sql-injection(32784) EXPLOIT-DB 3403 SQL injection vulnerability in Rigter Portal System (RPS) 6.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the categoria parameter to the top-level URI (index.php), possibly related to ver_descarga.php.

cpe:/a:divx:divx_web_player:1.3.0

CVE-2007-1294

2007-03-06T19:19:00.000-05:00

2017-10-10T21:31:49.033-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 22776 XF divxwebplayer-npdivx32-dos(32759) EXPLOIT-DB 3392 A certain ActiveX control in the DivXBrowserPlugin (npdivx32.dll) in DivX Web Player, as distributed with DivX Player 1.3.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via large values to DivxWP.Resize, related to resizing images.

cpe:/a:aj_forum:aj_forum:1.0

CVE-2007-1295

2007-03-06T19:19:00.000-05:00

2017-10-18T21:30:07.083-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22808 VUPEN ADV-2007-0820 XF ajforum-topictitle-sql-injection(32785) EXPLOIT-DB 3411 SQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the td_id parameter.

cpe:/a:aj_square:aj_classifieds:1.0

CVE-2007-1296

2007-03-06T19:19:00.000-05:00

2017-10-10T21:31:49.080-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22808 VUPEN ADV-2007-0833 XF ajclassifieds-postingdetails-sql-injection(32786) EXPLOIT-DB 3410 SQL injection vulnerability in postingdetails.php in AJ Classifieds 1.0 allows remote attackers to execute arbitrary SQL commands via the postingid parameter.

cpe:/a:aj_square:ajdating:1.0

CVE-2007-1297

2007-03-06T19:19:00.000-05:00

2017-10-10T21:31:49.157-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22808 BID 29154 VUPEN ADV-2007-0821 XF ajdating-viewprofile-sql-injection(32788) XF ajdating-userid-sql-injection(42326) EXPLOIT-DB 3409 EXPLOIT-DB 5593 SQL injection vulnerability in view_profile.php in AJDating 1.0 allows remote attackers to execute arbitrary SQL commands via the user_id parameter.

cpe:/a:aj_square:ajauction:1.0

CVE-2007-1298

2007-03-06T19:19:00.000-05:00

2017-10-10T21:31:49.220-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22808 VUPEN ADV-2007-0819 XF ajauctionpro-subcat-sql-injection(32789) EXPLOIT-DB 3408 SQL injection vulnerability in subcat.php in AJ Auction 1.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.

cpe:/a:mani_stats_reader:mani_stats_reader:1.2

CVE-2007-1299

2007-03-06T19:19:00.000-05:00

2017-10-10T21:31:49.283-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22794 XF mani-stats-index-file-include(32782) EXPLOIT-DB 3398 PHP remote file inclusion vulnerability in index.php in Mani Stats Reader 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ipath parameter.

cpe:/a:douran_software_technologies:isputil:3.32.84.1

CVE-2007-1300

2007-03-06T19:19:00.000-05:00

2017-07-28T21:30:43.640-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

NONE

http://nvd.nist.gov XF isputil-activesessions-info-disclosure(32800) DOURAN Software Technologies ISPUtil 3.32.84.1, and possibly earlier versions, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and reseller data via a direct request for scripts/activesessions.ini. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:mailenable:mailenable_enterprise cpe:/a:mailenable:mailenable_professional:2.37::professional

CVE-2007-1301

2007-03-06T19:19:00.000-05:00

2017-10-10T21:31:49.330-04:00

9.0

NETWORK

LOW

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://www.mailenable.com/hotfix/ BID 22792 SECTRACK 1017739 VUPEN ADV-2007-0811 XF mailenable-append-bo(32801) EXPLOIT-DB 3397 Stack-based buffer overflow in the IMAP service in MailEnable Enterprise and Professional Editions 2.37 and earlier allows remote authenticated users to execute arbitrary code via a long argument to the APPEND command. NOTE: this is probably different than CVE-2006-6423.

cpe:/a:li-scripts:li-guestbook:1.1 cpe:/a:li-scripts:li-guestbook:1.2

CVE-2007-1302

2007-03-06T19:19:00.000-05:00

2018-10-16T12:37:52.830-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://belsec.com/advisories/139/summary.html SREASON 2348 BUGTRAQ 20070305 LI-Guestbook SQL Injection Vulnerability BUGTRAQ 20071109 li-guestbook sql inj BID 22821 MISC http://www.security-news.ws/li-sql-injection XF liguestbook-country-sql-injection(38369) SQL injection vulnerability in guestbook.php in LI-Guestbook 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter. NOTE: it was later reported that 1.2 is also affected.

cpe:/a:rrdbrowse:rrdbrowse:1.6

CVE-2007-1303

2007-03-06T19:19:00.000-05:00

2018-10-16T12:37:53.453-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

NONE

http://nvd.nist.gov SREASON 2349 MISC http://www.devtarget.org/rrdbrowse-advisory-03-2007.txt CONFIRM http://www.rrdbrowse.org/index.php BUGTRAQ 20070304 Arbitrary file disclosure vulnerability in rrdbrowse <= 1.6 BID 22817 VUPEN ADV-2007-0834 XF rrdbrowse-file-directory-traversal(32793) Directory traversal vulnerability in rb.cgi in RRDBrowse 1.6 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

cpe:/a:savas_place:savas_guestbook:2006-11-23

CVE-2007-1304

2007-03-06T19:19:00.000-05:00

2018-10-16T12:37:53.940-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://belsec.com/advisories/142/summary.html SREASON 2350 BUGTRAQ 20070305 Sava's GuestBook Multiple Vulnerabilities BID 22820 XF savasguestbook-add2-sql-injection(32811) Multiple SQL injection vulnerabilities in add2.php in Sava's Guestbook 23.11.2006, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) country, (3) email, (4) website, and (5) message parameters.

cpe:/a:savas_place:savas_guestbook:2006-11-23

CVE-2007-1305

2007-03-06T19:19:00.000-05:00

2018-10-16T12:37:54.330-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MISC http://belsec.com/advisories/142/summary.html SREASON 2350 BUGTRAQ 20070305 Sava's GuestBook Multiple Vulnerabilities BID 22820 XF savasguestbook-add2-xss(32812) Multiple cross-site scripting (XSS) vulnerabilities in add2.php in Sava's Guestbook 23.11.2006 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) country, (3) email, and (4) website parameters.

cpe:/a:digium:asterisk:1.2.0_beta1 cpe:/a:digium:asterisk:1.2.0_beta2 cpe:/a:digium:asterisk:1.2.6 cpe:/a:digium:asterisk:1.2.7 cpe:/a:digium:asterisk:1.2.8 cpe:/a:digium:asterisk:1.2.9 cpe:/a:digium:asterisk:1.2.10 cpe:/a:digium:asterisk:1.2.11 cpe:/a:digium:asterisk:1.2.12 cpe:/a:digium:asterisk:1.2.12.1 cpe:/a:digium:asterisk:1.2.13 cpe:/a:digium:asterisk:1.2.14 cpe:/a:digium:asterisk:1.2.15 cpe:/a:digium:asterisk:1.2_beta1 cpe:/a:digium:asterisk:1.2_beta2 cpe:/a:digium:asterisk:1.4.0 cpe:/a:digium:asterisk:1.4.0_beta1 cpe:/a:digium:asterisk:1.4.0_beta2

CVE-2007-1306

2007-03-06T19:19:00.000-05:00

2017-07-28T21:30:43.953-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://asterisk.org/node/48319 CONFIRM http://asterisk.org/node/48320 MISC http://labs.musecurity.com/advisories/MU-200703-01.txt GENTOO GLSA-200703-14 DEBIAN DSA-1358 CERT-VN VU#228032 SUSE SUSE-SA:2007:034 BID 22838 SECTRACK 1017723 VUPEN ADV-2007-0830 XF asterisk-sip-channeldriver-dos(32830) Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference.

cpe:/h:intel:pro_1000_lan_adapter:135400 cpe:/h:lenovo:thinkpad:r50 cpe:/h:lenovo:thinkpad:r50e cpe:/h:lenovo:thinkpad:r50p cpe:/h:lenovo:thinkpad:r51 cpe:/h:lenovo:thinkpad:t41 cpe:/h:lenovo:thinkpad:t41p cpe:/h:lenovo:thinkpad:t42 cpe:/h:lenovo:thinkpad:t42p cpe:/h:lenovo:thinkpad:t60 cpe:/h:lenovo:thinkpad:t60p cpe:/h:lenovo:thinkpad:x31 cpe:/h:lenovo:thinkpad:x32 cpe:/h:lenovo:thinkpad:x40 cpe:/h:lenovo:thinkpad:x60 cpe:/h:lenovo:thinkpad:x60_tablet cpe:/h:lenovo:thinkpad:x60s

CVE-2007-1307

2007-03-06T19:19:00.000-05:00

2011-03-07T21:51:43.033-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 22822 VUPEN ADV-2007-0801 CONFIRM http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-62922 Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors.

cpe:/a:kde:konqueror:3.5.5

CVE-2007-1308

2007-03-06T19:19:00.000-05:00

2018-10-16T12:37:54.720-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov MISC http://bindshell.net/advisories/konq355 MISC http://bindshell.net/advisories/konq355/konq355-patch.diff FULLDISC 20070304 Konqueror DoS Via JavaScript Read Of FTP Iframe SREASON 2345 MANDRIVA MDKSA-2007:054 REDHAT RHSA-2007:0909 BUGTRAQ 20070304 Konqueror DoS Via JavaScript Read Of FTP Iframe BID 22814 UBUNTU USN-447-1 VUPEN ADV-2007-0886 XF konqueror-ftp-dos(32798) ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference.

cpe:/a:novell:access_manager:3

CVE-2007-1309

2007-03-06T19:19:00.000-05:00

2011-03-07T21:51:43.377-05:00

9.0

NETWORK

LOW

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov SECTRACK 1017722 VUPEN ADV-2007-0800 CONFIRM https://secure-support.novell.com/KanisaPlatform/Publishing/648/3429077_f.SAL_Public.html Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt.

cpe:/a:netxautomation:netxeib:3.0

CVE-2007-1313

2007-03-21T15:19:00.000-04:00

2018-10-16T12:37:55.657-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

CERT-VN VU#296593 CONFIRM http://www.kb.cert.org/vuls/id/MIMG-6XEPXN MISC http://www.neutralbit.com/advisories/NB07-22.txt BUGTRAQ 20070322 [NB07-22] Multiple vulnerabilities in NETxEIB OPC server BID 23059 SECTRACK 1017803 VUPEN ADV-2007-1038 NETxAutomation NETxEIB OPC Server before 3.0.1300 does not properly validate OLE for Process Control (OPC) server handles, which allows attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors involving the (1) IOPCSyncIO::Read, (2) IOPCSyncIO::Write, (3) IOPCServer::AddGroup, (4) IOPCServer::RemoveGroup, (5) IOPCCommon::SetClientName, and (6) IOPCGroupStateMgt::CloneGroup functions, which allow access to arbitrary memory. NOTE: the vectors might be limited to attackers with physical access.

cpe:/a:takebishi_corporation:devicexplorer_opc_server:3.12_build1 cpe:/a:takebishi_corporation:devicexplorer_opc_server:3.12_build2

CVE-2007-1319

2007-03-19T18:19:00.000-04:00

2018-10-16T12:37:56.250-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://www.faweb.net/us/opc/1231207.html CERT-VN VU#926551 MISC http://www.neutralbit.com/advisories/NB07-07.txt MISC http://www.neutralbit.com/advisories/NB07-08.txt MISC http://www.neutralbit.com/advisories/NB07-09.txt MISC http://www.neutralbit.com/advisories/NB07-10.txt MISC http://www.neutralbit.com/advisories/NB07-17.txt BUGTRAQ 20070322 [NB07-17] Multiple vulnerabilities in Takebishi Electric DeviceXplorer SYSMAC OPC server BUGTRAQ 20070322 [NB07-07] Multiple vulnerabilities in Takebishi Electric DeviceXplorer HIDIC OPC server BUGTRAQ 20070322 [NB07-08] Multiple vulnerabilities in Takebishi Electric DeviceXplorer MELSEC OPC server BUGTRAQ 20070322 [NB07-09] Multiple vulnerabilities in Takebishi Electric DeviceXplorer FA-M3 OPC server BUGTRAQ 20070322 [NB07-10] Multiple vulnerabilities in Takebishi Electric DeviceXplorer MODBUS OPC server BID 23037 SECTRACK 1017793 VUPEN ADV-2007-1029 Unspecified vulnerability in the IOPCServer::RemoveGroup function in the OPCDA interface in Takebishi Electric DeviceXPlorer OLE for Process Control (OPC) Server before 3.12 Build3 allows remote attackers to execute arbitrary code via unspecified vectors involving access to arbitrary memory. NOTE: this issue affects the (1) HIDIC, (2) MELSEC, (3) FA-M3, (4) MODBUS, and (5) SYSMAC OPC Servers.

cpe:/a:fabrice_bellard:qemu:0.8.2

CVE-2007-1320

2007-05-02T13:19:00.000-04:00

2017-10-10T21:31:49.470-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SUSE SUSE-SR:2009:002 MISC http://taviso.decsystem.org/virtsec.pdf DEBIAN DSA-1284 DEBIAN DSA-1384 MANDRIVA MDKSA-2007:203 MANDRIVA MDVSA-2008:162 REDHAT RHSA-2007:0323 BID 23731 VUPEN ADV-2007-1597 FEDORA FEDORA-2007-713 FEDORA FEDORA-2008-4386 FEDORA FEDORA-2008-4604 Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow.

cpe:/a:fabrice_bellard:qemu:0.8.2

CVE-2007-1321

2007-10-30T18:46:00.000-04:00

2017-10-10T21:31:49.550-04:00

6.6

LOCAL

MEDIUM

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov SECTRACK 1018761 MISC http://taviso.decsystem.org/virtsec.pdf VIM 20071030 Clarification on old QEMU/NE2000/Xen issues DEBIAN DSA-1284 MANDRIVA MDKSA-2007:203 MANDRIVA MDVSA-2008:162 REDHAT RHSA-2007:0323 BID 23731 VUPEN ADV-2007-1597 FEDORA FEDORA-2007-2708 FEDORA FEDORA-2007-2270 FEDORA FEDORA-2007-713 Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled "NE2000 network driver and the socket code," but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730.

cpe:/a:fabrice_bellard:qemu:0.8.2

CVE-2007-1322

2007-05-02T13:19:00.000-04:00

2017-07-28T21:30:44.080-04:00

4.9

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov MISC http://taviso.decsystem.org/virtsec.pdf DEBIAN DSA-1284 MANDRIVA MDVSA-2008:162 BID 23731 VUPEN ADV-2007-1597 XF qemu-icebp-dos(34043) QEMU 0.8.2 allows local users to halt a virtual machine by executing the icebp instruction.

CVE-2007-1323

2007-10-30T17:46:00.000-04:00

2008-09-10T20:51:00.367-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-2893. Reason: this candidate was intended for one issue, but some sources used this identifier for a separate issue, and a duplicate identifier had also been created by the time dual use was detected. Notes: All CVE users should consult CVE-2007-2893 to determine if it is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage.

cpe:/h:snapgear:560:1.7.8_firmware cpe:/h:snapgear:560:1.7.9_firmware cpe:/h:snapgear:560:1.7.10_firmware cpe:/h:snapgear:560:1.8.4_firmware cpe:/h:snapgear:560:1.8.5_firmware cpe:/h:snapgear:560:1.8_firmware cpe:/h:snapgear:560:3.1.4u2 cpe:/h:snapgear:580:1.7.8_firmware cpe:/h:snapgear:580:1.7.9_firmware cpe:/h:snapgear:580:1.7.10_firmware cpe:/h:snapgear:580:1.8.4_firmware cpe:/h:snapgear:580:1.8.5_firmware cpe:/h:snapgear:580:1.8_firmware cpe:/h:snapgear:580:3.1.4u2_firmware cpe:/h:snapgear:585:1.7.8_firmware cpe:/h:snapgear:585:1.7.9_firmware cpe:/h:snapgear:585:1.7.10_firmware cpe:/h:snapgear:585:1.8.4_firmware cpe:/h:snapgear:585:1.8.5_firmware cpe:/h:snapgear:585:1.8_firmware cpe:/h:snapgear:585:3.1.4u2_firmware cpe:/h:snapgear:640:1.7.8_firmware cpe:/h:snapgear:640:1.7.9_firmware cpe:/h:snapgear:640:1.7.10_firmware cpe:/h:snapgear:640:1.8.4_firmware cpe:/h:snapgear:640:1.8.5_firmware cpe:/h:snapgear:640:1.8_firmware cpe:/h:snapgear:640:3.1.4u2_firmware cpe:/h:snapgear:710:1.7.8_firmware cpe:/h:snapgear:710:1.7.9_firmware cpe:/h:snapgear:710:1.7.10_firmware cpe:/h:snapgear:710:1.8.4_firmware cpe:/h:snapgear:710:1.8.5_firmware cpe:/h:snapgear:710:1.8_firmware cpe:/h:snapgear:710:3.1.4u2_firmware cpe:/h:snapgear:720:1.7.8_firmware cpe:/h:snapgear:720:1.7.9_firmware cpe:/h:snapgear:720:1.7.10_firmware cpe:/h:snapgear:720:1.8.4_firmware cpe:/h:snapgear:720:1.8.5_firmware cpe:/h:snapgear:720:1.8_firmware cpe:/h:snapgear:720:3.1.4u2_firmware

CVE-2007-1324

2007-03-07T16:19:00.000-05:00

2017-07-28T21:30:44.140-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://www.cyberguard.info/snapgear/releases.html BID 22835 VUPEN ADV-2007-0850 XF snapgear-packet-dos(32824) SnapGear 560, 585, 580, 640, 710, and 720 appliances before the 3.1.4u5 firmware allow remote attackers to cause a denial of service (complete packet loss) via a packet flood, a different vulnerability than CVE-2006-4613.

cpe:/a:phpmyadmin:phpmyadmin:2.10.0.1

CVE-2007-1325

2007-03-07T16:19:00.000-05:00

2011-03-07T21:51:56.393-05:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://sourceforge.net/tracker/index.php?func=detail&aid=1671813&group_id=23067&atid=377408 MANDRIVA MDKSA-2007:199 CONFIRM http://www.php.net/ChangeLog-4.php CONFIRM http://www.php.net/releases/4_4_8.php CONFIRM http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-3 MISC http://www.php-security.org/MOPB/MOPB-02-2007.html BID 22841 DEBIAN DSA-1370 VUPEN ADV-2007-0831 The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions. NOTE: it could be argued that this vulnerability is caused by a problem in PHP (CVE-2006-1549) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpMyAdmin.

cpe:/a:serendipity:serendipity:1.1.1

CVE-2007-1326

2007-03-07T16:19:00.000-05:00

2018-10-16T12:37:57.547-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2383 BUGTRAQ 20070301 Serendipity unauthenticated SQL-Injection XF serendipity-index-sql-injection(32768) SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[multiCat][] parameter.

cpe:/a:silc:silc-server:1.0.2

CVE-2007-1327

2007-03-07T16:19:00.000-05:00

2017-07-28T21:30:44.267-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov FULLDISC 20070306 silc-server 1.0.2 denial-of-service vulnerability GENTOO GLSA-200703-12 BID 22846 XF silc-command-dos(32846) The SILC_SERVER_CMD_FUNC function in apps/silcd/command.c in silc-server 1.0.2 allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a request without a cipher algorithm and an invalid HMAC algorithm.

cpe:/a:bernard_joly:bj_webring

CVE-2007-1328

2007-03-07T16:19:00.000-05:00

2018-10-16T12:37:57.797-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov MISC http://forums.avenir-geopolitique.net/viewtopic.php?t=2707 SREASON 2384 BUGTRAQ 20070303 BJ Webring XSS Cross-site scripting (XSS) vulnerability in formulaire.php in Bernard JOLY BJ Webring allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter related to the add link menu.

cpe:/a:ledgersmb:ledgersmb:1.1.1 cpe:/a:sql-ledger:sql-ledger:2.6.25

CVE-2007-1329

2007-03-07T16:19:00.000-05:00

2018-10-16T12:37:57.987-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SREASON 2381 SECTRACK 1017715 BUGTRAQ 20070301 Full disclosure: Directory Transversal and Arbitrary Code Execution Vulnerability in SQL-Ledger and LedgerSMB XF sqlledger-userpathmemberfile-dir-traversal(32776) Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting functions that filter these strings and collapse into .. (dot dot) sequences.

cpe:/a:comodo:comodo_firewall_pro:2.4.16.174 cpe:/a:comodo:comodo_firewall_pro:2.4.17.183 cpe:/a:comodo:comodo_firewall_pro:2.4.18.184

CVE-2007-1330

2007-03-07T16:19:00.000-05:00

2018-10-16T12:37:58.533-04:00

4.4

LOCAL

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2388 MISC http://www.matousec.com/info/advisories/Comodo-Bypassing-settings-protection-using-magic-pipe.php BUGTRAQ 20070301 Comodo Bypassing settings protection using magic pipe Vulnerability BID 22775 XF comodofirewallpro-pipe-security-bypass(32771) Comodo Firewall Pro (CFP) (formerly Comodo Personal Firewall) 2.4.18.184 and earlier allows local users to bypass driver protections on the HKLM\SYSTEM\Software\Comodo\Personal Firewall registry key by guessing the name of a named pipe under \Device\NamedPipe\OLE and attempting to open it multiple times.

cpe:/a:tks_banking_solutions:eportfolio:1.0

CVE-2007-1331

2007-03-07T16:19:00.000-05:00

2018-10-16T12:37:58.957-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2385 MISC http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2893 MISC http://www.scip.ch/publikationen/advisories/scip_advisory-2893_eportfolio_%201.0_java_multiple_vulnerabilities.txt BUGTRAQ 20070305 ePortfolio version 1.0 Java Multiple Input Validation Vulnerabilities BID 22829 Multiple cross-site scripting (XSS) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java allow remote attackers to inject arbitrary web script or HTML via unspecified vectors that bypass the client-side protection scheme, one of which may be the q parameter to the search program. NOTE: some of these details are obtained from third party information.

cpe:/a:tks_banking_solutions:eportfolio:1.0

CVE-2007-1332

2007-03-07T16:19:00.000-05:00

2018-10-16T12:37:59.313-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SREASON 2385 MISC http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2893 MISC http://www.scip.ch/publikationen/advisories/scip_advisory-2893_eportfolio_%201.0_java_multiple_vulnerabilities.txt BUGTRAQ 20070305 ePortfolio version 1.0 Java Multiple Input Validation Vulnerabilities BID 22829 Multiple cross-site request forgery (CSRF) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java allow remote attackers to perform unspecified restricted actions in the context of certain accounts by bypassing the client-side protection scheme.

cpe:/a:vmware:workstation:5.5.3

CVE-2007-1337

2007-05-02T15:19:00.000-04:00

2018-10-16T12:37:59.657-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov BUGTRAQ 20070507 VMSA-2007-0004 Multiple Denial-of-Service issues fixed BUGTRAQ 20070518 VMSA-2007-0004.1 Updated: Multiple Denial-of-Service issues fixed and directory traversal vulnerability BID 23732 SECTRACK 1018011 CONFIRM http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html#554 VUPEN ADV-2007-1592 XF vmware-acpi-unspecified(33990) The virtual machine process (VMX) in VMware Workstation before 5.5.4 does not properly read state information when moving from the ACPI sleep state to the run state, which allows attackers to cause a denial of service (virtual machine reboot) via unknown vectors.

cpe:/h:apple:airport_extreme:7.1

CVE-2007-1338

2007-03-08T17:19:00.000-05:00

2017-07-28T21:30:44.487-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

MISC http://arstechnica.com/journals/apple.ars/2007/2/14/7063 CONFIRM http://docs.info.apple.com/article.html?artnum=305366 APPLE APPLE-SA-2007-04-09 SECTRACK 1017889 VUPEN ADV-2007-1308 XF airportextreme-ipv6-security-bypass(33526) The default configuration of the AirPort utility in Apple AirPort Extreme creates an IPv6 tunnel but does not enable the "Block incoming IPv6 connections" setting, which might allow remote attackers to bypass intended access restrictions by establishing IPv6 sessions that would have been rejected over IPv4.

cpe:/a:monitor-line:links_management:1.0

CVE-2007-1339

2007-03-08T17:19:00.000-05:00

2017-10-18T21:30:07.143-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22825 VUPEN ADV-2007-0849 XF links-index-sql-injection(32813) EXPLOIT-DB 3416 SQL injection vulnerability in index.php in Links Management Application 1.0 allows remote attackers to execute arbitrary SQL commands via the lcnt parameter.

cpe:/a:weltennetz:news-letterman:1.1

CVE-2007-1340

2007-03-08T17:19:00.000-05:00

2017-10-10T21:31:49.597-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

BID 22807 XF newsletterman-eintrag-file-include(32787) EXPLOIT-DB 3406 PHP remote file inclusion vulnerability in eintrag.php in Weltennetz News-Letterman 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the sqllog parameter.

cpe:/a:simple_invoices:simple_invoices:2006-12-11 cpe:/a:simple_invoices:simple_invoices:2007-01-25 cpe:/a:simple_invoices:simple_invoices:2007-02-02

CVE-2007-1341

2007-03-08T17:19:00.000-05:00

2008-11-13T01:34:40.083-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov MISC http://code.google.com/p/simpleinvoices/issues/detail?id=35 MISC http://forum.tufat.com/showthread.php?p=116753#post116753 BID 22818 CONFIRM https://sourceforge.net/project/shownotes.php?group_id=164303&release_id=491300 include/auth/auth.php in Simple Invoices before 2007 03 05 does not use the login system to protect print preview pages for invoices, which might allow attackers to obtain sensitive information.

cpe:/a:jelsoft:vbulletin:3.6.5

CVE-2007-1342

2007-03-08T17:19:00.000-05:00

2018-10-16T12:38:00.347-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 2396 BUGTRAQ 20070302 vBulletin v3.6.5 admincp/index.php ( rss feed ) xss vuln. BID 22790 XF vbulletin-admincpindex-xss(32780) Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the add rss url form.

cpe:/a:webcalendar:webcalendar:1.0.0 cpe:/a:webcalendar:webcalendar:1.0.1 cpe:/a:webcalendar:webcalendar:1.0.2 cpe:/a:webcalendar:webcalendar:1.0.3 cpe:/a:webcalendar:webcalendar:1.0.4

CVE-2007-1343

2007-03-08T17:19:00.000-05:00

2017-07-28T21:30:44.687-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

MLIST [webcalendar-announce] 20070304 Announce: Release 1.0.5 (security patch) CONFIRM http://sourceforge.net/project/shownotes.php?group_id=3870&release_id=491130 CONFIRM http://webcalendar.cvs.sourceforge.net/webcalendar/webcalendar/includes/functions.php?r1=1.211.2.7&r2=1.211.2.8 CONFIRM http://webcalendar.cvs.sourceforge.net/webcalendar/webcalendar/includes/functions.php?view=log DEBIAN DSA-1267 BID 22834 VUPEN ADV-2007-0851 XF webcalendar-noset-variable-overwrite(32832) includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that probably include remote file inclusion and other issues.

cpe:/a:icecast:ezstream:0.1.0 cpe:/a:icecast:ezstream:0.1.1 cpe:/a:icecast:ezstream:0.1.2 cpe:/a:icecast:ezstream:0.1.3 cpe:/a:icecast:ezstream:0.2.0 cpe:/a:icecast:ezstream:0.2.1

CVE-2007-1344

2007-03-08T17:19:00.000-05:00

2017-07-28T21:30:44.737-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://www.icecast.org/ezstream.php#ez_relnotes BID 22840 VUPEN ADV-2007-0852 XF ezstream-replacestring-urlparse-bo(32867) Multiple buffer overflows in src/ezstream.c in Ezstream before 0.3.0 allow remote attackers to execute arbitrary code via a crafted XML configuration file processed by the (1) urlParse function, which causes a stack-based overflow and the (2) ReplaceString function, which causes a heap-based overflow. NOTE: some of these details are obtained from third party information.

cpe:/a:ca:etrust_admin:8.1 cpe:/a:ca:etrust_admin:8.1.1 cpe:/a:ca:etrust_admin:8.1.2

CVE-2007-1345

2007-03-10T14:19:00.000-05:00

2018-10-16T12:38:00.643-04:00

4.1

LOCAL

MEDIUM

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

ALLOWS_OTHER_ACCESS

SREASON 2404 BUGTRAQ 20070309 [CAID 35145]: CA eTrust Admin Privilege Escalation Vulnerability BID 22885 SECTRACK 1017740 VUPEN ADV-2007-0885 CONFIRM http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=35145 XF ca-etrust-admin-authentication-bypass(32887) Unspecified vulnerability in cube.exe in the GINA component for CA (Computer Associates) eTrust Admin 8.1.0 through 8.1.2 allows attackers with physical interactive or Remote Desktop access to bypass authentication and gain privileges via the password reset interface.

cpe:/h:sun:sun_fire:x2100m2 cpe:/h:sun:sun_fire:x2200m2

CVE-2007-1346

2007-03-08T17:19:00.000-05:00

2011-03-07T21:51:58.393-05:00

6.6

LOCAL

MEDIUM

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SUNALERT 102828 BID 22859 SECTRACK 1017738 VUPEN ADV-2007-0869 Unspecified vulnerability in ipmitool for Sun Fire X2100M2 and X2200M2 allows local users to gain privileges and reset or turn off the server.

cpe:/a:microsoft:windows_explorer

CVE-2007-1347

2007-03-08T17:19:00.000-05:00

2017-10-10T21:31:49.673-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov MISC http://lostmon.blogspot.com/2007/08/windows-extended-file-attributes-buffer.html CERT-VN VU#194944 BID 22847 SECTRACK 1017736 EXPLOIT-DB 3419 Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll.

CVE-2007-1348

2018-02-23T11:29:00.203-05:00

2018-02-23T11:29:00.237-05:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

cpe:/a:apache:apache_test:1.29 cpe:/a:apache:http_server cpe:/a:apache:mod_perl:2.0.0 cpe:/a:apache:mod_perl:2.0.1 cpe:/a:apache:mod_perl:2.0.2 cpe:/a:apache:mod_perl:2.0.3

CVE-2007-1349

2007-03-29T20:19:00.000-04:00

2017-10-10T21:31:49.753-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov SGI 20070602-01-P REDHAT RHSA-2007:0395 REDHAT RHSA-2008:0630 GENTOO GLSA-200705-04 SUNALERT 248386 SUNALERT 1021508 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-293.htm CONFIRM http://svn.apache.org/repos/asf/perl/modperl/branches/1.x/Changes MISC http://www.gossamer-threads.com/lists/modperl/modperl/92739 MANDRIVA MDKSA-2007:083 SUSE SUSE-SR:2007:012 SUSE SUSE-SR:2007:008 REDHAT RHSA-2007:0396 REDHAT RHSA-2007:0486 REDHAT RHSA-2008:0261 REDHAT RHSA-2008:0627 BID 23192 SECTRACK 1018259 UBUNTU USN-488-1 VUPEN ADV-2007-1150 XF modperl-pathinfo-dos(33312) PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.

cpe:/a:novell:netmail:3.5.2:a cpe:/a:novell:netmail:3.5.2:b cpe:/a:novell:netmail:3.5.2:c cpe:/a:novell:netmail:3.5.2:c1 cpe:/a:novell:netmail:3.5.2:d cpe:/a:novell:netmail:3.5.2:e-ftfl

CVE-2007-1350

2007-03-08T17:19:00.000-05:00

2018-10-16T12:38:01.220-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

CONFIRM http://download.novell.com/Download?buildid=sMYRODW09pw SREASON 2395 CERT-VN VU#919369 BUGTRAQ 20070307 ZDI-07-009: Novell Netmail WebAdmin Buffer Overflow Vulnerability BID 22857 SECTRACK 1017734 VUPEN ADV-2007-0870 MISC http://www.zerodayinitiative.com/advisories/ZDI-07-009.html XF netmail-sprintf-bo(32861) Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 allows remote attackers to execute arbitrary code via a long username during HTTP Basic authentication.

cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0 cpe:/a:x.org:libxfont:1.2.2 cpe:/a:xfree86_project:x11r6:4.3.0 cpe:/a:xfree86_project:x11r6:4.3.0.1 cpe:/a:xfree86_project:x11r6:4.3.0.2 cpe:/o:openbsd:openbsd:3.9 cpe:/o:openbsd:openbsd:4.0 cpe:/o:redhat:enterprise_linux:2.1::advanced_server cpe:/o:redhat:enterprise_linux:2.1::advanced_server_ia64 cpe:/o:redhat:enterprise_linux:2.1::enterprise_server cpe:/o:redhat:enterprise_linux:2.1::enterprise_server_ia64 cpe:/o:redhat:enterprise_linux:2.1::workstation cpe:/o:redhat:enterprise_linux:2.1::workstation_ia64 cpe:/o:redhat:enterprise_linux:3.0::advanced_servers cpe:/o:redhat:enterprise_linux:3.0::enterprise_server cpe:/o:redhat:enterprise_linux:3.0::workstation cpe:/o:redhat:enterprise_linux:4.0::advanced_server cpe:/o:redhat:enterprise_linux:4.0::enterprise_server cpe:/o:redhat:enterprise_linux:4.0::workstation cpe:/o:redhat:enterprise_linux:5.0::desktop cpe:/o:redhat:enterprise_linux:5.0::desktop_workstation cpe:/o:redhat:enterprise_linux:5.0::server cpe:/o:redhat:enterprise_linux_desktop:3.0 cpe:/o:redhat:enterprise_linux_desktop:4.0 cpe:/o:redhat:linux_advanced_workstation:2.1::ia64 cpe:/o:redhat:linux_advanced_workstation:2.1::itanium cpe:/o:rpath:rpath_linux:1 cpe:/o:ubuntu:ubuntu_linux:5.10::amd64 cpe:/o:ubuntu:ubuntu_linux:5.10::i386 cpe:/o:ubuntu:ubuntu_linux:5.10::powerpc cpe:/o:ubuntu:ubuntu_linux:5.10::sparc cpe:/o:ubuntu:ubuntu_linux:6.06_lts::amd64 cpe:/o:ubuntu:ubuntu_linux:6.06_lts::i386 cpe:/o:ubuntu:ubuntu_linux:6.06_lts::powerpc cpe:/o:ubuntu:ubuntu_linux:6.06_lts::sparc cpe:/o:ubuntu:ubuntu_linux:6.10::amd64 cpe:/o:ubuntu:ubuntu_linux:6.10::i386 cpe:/o:ubuntu:ubuntu_linux:6.10::powerpc cpe:/o:ubuntu:ubuntu_linux:6.10::sparc

CVE-2007-1351

2007-04-05T21:19:00.000-04:00

2018-10-16T12:38:01.957-04:00

8.5

NETWORK

MEDIUM

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://issues.foresightlinux.org/browse/FL-223 IDEFENSE 20070403 Multiple Vendor X Server BDF Font Parsing Integer Overflow Vulnerability APPLE APPLE-SA-2007-11-14 APPLE APPLE-SA-2009-02-12 MLIST [xorg-announce] 20070403 various integer overflow vulnerabilites in xserver, libX11 and libXfont REDHAT RHSA-2007:0125 GENTOO GLSA-200705-02 GENTOO GLSA-200705-10 SLACKWARE SSA:2007-109-01 CONFIRM http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954 CONFIRM http://sourceforge.net/project/shownotes.php?release_id=498954 SUNALERT 102886 CONFIRM http://support.apple.com/kb/HT3438 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm DEBIAN DSA-1294 DEBIAN DSA-1454 GENTOO GLSA-200805-07 MANDRIVA MDKSA-2007:079 MANDRIVA MDKSA-2007:080 MANDRIVA MDKSA-2007:081 SUSE SUSE-SA:2007:027 SUSE SUSE-SR:2007:006 OPENBSD [3.9] 021: SECURITY FIX: April 4, 2007 OPENBSD [4.0] 011: SECURITY FIX: April 4, 2007 REDHAT RHSA-2007:0126 REDHAT RHSA-2007:0132 REDHAT RHSA-2007:0150 BUGTRAQ 20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs BUGTRAQ 20070405 FLEA-2007-0009-1: xorg-x11 freetype BID 23283 BID 23300 BID 23402 SECTRACK 1017857 TRUSTIX 2007-0013 UBUNTU USN-448-1 VUPEN ADV-2007-1217 VUPEN ADV-2007-1264 VUPEN ADV-2007-1548 XF xorg-bdf-font-bo(33417) CONFIRM https://issues.rpath.com/browse/RPL-1213 Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.

cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0 cpe:/a:x.org:libxfont:1.2.2 cpe:/o:openbsd:openbsd:3.9 cpe:/o:openbsd:openbsd:4.0 cpe:/o:redhat:enterprise_linux:2.1::advanced_server cpe:/o:redhat:enterprise_linux:2.1::advanced_server_ia64 cpe:/o:redhat:enterprise_linux:2.1::enterprise_server cpe:/o:redhat:enterprise_linux:2.1::enterprise_server_ia64 cpe:/o:redhat:enterprise_linux:2.1::workstation cpe:/o:redhat:enterprise_linux:2.1::workstation_ia64 cpe:/o:redhat:enterprise_linux:3.0::advanced_server cpe:/o:redhat:enterprise_linux:3.0::enterprise_server cpe:/o:redhat:enterprise_linux:3.0::workstation_server cpe:/o:redhat:enterprise_linux:4.0::advanced_server cpe:/o:redhat:enterprise_linux:4.0::enterprise_server cpe:/o:redhat:enterprise_linux:4.0::workstation cpe:/o:redhat:enterprise_linux_desktop:3.0 cpe:/o:redhat:enterprise_linux_desktop:4.0 cpe:/o:redhat:enterprise_linux_desktop:5.0::client cpe:/o:redhat:enterprise_linux_desktop:5.0::client_workstation cpe:/o:redhat:fedora_core:core_1.0 cpe:/o:redhat:linux:9.0::i386 cpe:/o:redhat:linux_advanced_workstation:2.1::ia64 cpe:/o:redhat:linux_advanced_workstation:2.1::itanium cpe:/o:rpath:linux:1 cpe:/o:slackware:slackware_linux:9.0 cpe:/o:slackware:slackware_linux:9.1 cpe:/o:slackware:slackware_linux:current cpe:/o:turbolinux:turbolinux_desktop:10.0 cpe:/o:ubuntu:ubuntu_linux:4.1::ia32 cpe:/o:ubuntu:ubuntu_linux:4.1::ia64 cpe:/o:ubuntu:ubuntu_linux:4.1::ppc cpe:/o:ubuntu:ubuntu_linux:5.10::amd64 cpe:/o:ubuntu:ubuntu_linux:5.10::i386 cpe:/o:ubuntu:ubuntu_linux:5.10::powerpc cpe:/o:ubuntu:ubuntu_linux:5.10::sparc cpe:/o:ubuntu:ubuntu_linux:6.06_lts::amd64 cpe:/o:ubuntu:ubuntu_linux:6.06_lts::i386 cpe:/o:ubuntu:ubuntu_linux:6.06_lts::powerpc cpe:/o:ubuntu:ubuntu_linux:6.06_lts::sparc cpe:/o:ubuntu:ubuntu_linux:6.10::amd64 cpe:/o:ubuntu:ubuntu_linux:6.10::i386 cpe:/o:ubuntu:ubuntu_linux:6.10::powerpc cpe:/o:ubuntu:ubuntu_linux:6.10::sparc

CVE-2007-1352

2007-04-05T21:19:00.000-04:00

2018-10-16T12:38:09.313-04:00

3.8

ADJACENT_NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://issues.foresightlinux.org/browse/FL-223 IDEFENSE 20070403 Multiple Vendor X Server fonts.dir File Parsing Integer Overflow Vulnerability APPLE APPLE-SA-2007-11-14 APPLE APPLE-SA-2009-02-12 MLIST [xorg-announce] 20070403 various integer overflow vulnerabilites in xserver, libX11 and libXfont REDHAT RHSA-2007:0125 GENTOO GLSA-200705-10 SUNALERT 102886 CONFIRM http://support.apple.com/kb/HT3438 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm DEBIAN DSA-1294 MANDRIVA MDKSA-2007:079 MANDRIVA MDKSA-2007:080 SUSE SUSE-SA:2007:027 OPENBSD [3.9] 021: SECURITY FIX: April 4, 2007 OPENBSD [4.0] 011: SECURITY FIX: April 4, 2007 REDHAT RHSA-2007:0126 REDHAT RHSA-2007:0132 BUGTRAQ 20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs BUGTRAQ 20070405 FLEA-2007-0009-1: xorg-x11 freetype BID 23283 BID 23300 SECTRACK 1017857 UBUNTU USN-448-1 VUPEN ADV-2007-1217 VUPEN ADV-2007-1548 XF xorg-fontsdir-bo(33419) CONFIRM https://issues.rpath.com/browse/RPL-1213 Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.

cpe:/o:linux:linux_kernel:2.4.34.2

CVE-2007-1353

2007-04-24T12:19:00.000-04:00

2017-10-10T21:31:50.110-04:00

2.1

LOCAL

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov REDHAT RHSA-2007:0488 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-404.htm DEBIAN DSA-1356 DEBIAN DSA-1503 DEBIAN DSA-1504 CONFIRM http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.34.3 SUSE SUSE-SA:2007:035 REDHAT RHSA-2007:0671 REDHAT RHSA-2007:0672 REDHAT RHSA-2007:0673 BID 23594 UBUNTU USN-470-1 UBUNTU USN-486-1 UBUNTU USN-489-1 VUPEN ADV-2007-1495 REDHAT RHSA-2007:0376 The setsockopt function in the L2CAP and HCI Bluetooth support in the Linux kernel before 2.4.34.3 allows context-dependent attackers to read kernel memory and obtain sensitive information via unspecified vectors involving the copy_from_user function accessing an uninitialized stack buffer.

cpe:/a:jboss:jboss_application_server:4.0.2.ga_cp02 cpe:/a:jboss:jboss_application_server:4.0.2.ga_cp03 cpe:/a:jboss:jboss_application_server:4.0.2.ga_cp04 cpe:/a:jboss:jboss_application_server:4.0.5.ga cpe:/a:jboss:jboss_application_server:4.0.5_cp01 cpe:/a:jboss:jboss_application_server:4.0.5_cp02

CVE-2007-1354

2007-07-27T17:30:00.000-04:00

2008-11-13T01:34:42.910-05:00

6.0

NETWORK

MEDIUM

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

ALLOWS_USER_ACCESS

CONFIRM http://jira.jboss.com/jira/browse/ASPATCH-172 CONFIRM http://jira.jboss.com/jira/browse/ASPATCH-175 REDHAT RHSA-2007:0151 MLIST [jboss-watch-list] 20070416 [RHSA-2007:0151-01] Low: JBoss Application Server security update The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition and gain privileges by logging in during a session by a more privileged administrator, as demonstrated by privilege escalation from Read Mode to Write Mode.

cpe:/a:apache:tomcat:4.0.0 cpe:/a:apache:tomcat:4.0.1 cpe:/a:apache:tomcat:4.0.2 cpe:/a:apache:tomcat:4.0.3 cpe:/a:apache:tomcat:4.0.4 cpe:/a:apa