CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2007

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2007-6587 89 1 Exec Code Sql 2007-12-28 2017-08-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
2 CVE-2007-6515 94 1 Exec Code 2007-12-21 2017-08-07
7.5
User Remote Low Not required Partial Partial Partial
support/dispatch.cgi in SiteScape Forum allows remote attackers to execute arbitrary TCL code via code separator characters in the query string.
3 CVE-2007-6032 89 1 Exec Code Sql 2007-11-19 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in calendar/page.asp in Aleris Web Publishing Server 3.0 allows remote attackers to execute arbitrary SQL commands via the mode parameter.
4 CVE-2007-5994 94 1 Exec Code File Inclusion 2007-11-15 2008-11-15
6.8
User Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in check_noimage.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the config[path_src_include] parameter.
5 CVE-2007-5649 79 1 XSS 2007-10-23 2017-07-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in lostpwd.php in Creative Digital Resources SocketMail 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the lost_id parameter.
6 CVE-2007-5647 79 1 XSS 2007-10-23 2017-07-28
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in SocketKB 1.1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) art_id or (2) node parameter in an article action to the default URI.
7 CVE-2007-5629 79 1 XSS 2007-10-23 2017-07-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in admin/logon.asp in ShoppingTree CandyPress Store 4.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different vector than CVE-2007-2804. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
8 CVE-2007-5222 89 1 Exec Code Sql 2007-10-04 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.76 allows remote attackers to execute arbitrary SQL commands via a "Firefox ID=" substring in a Referer HTTP header.
9 CVE-2007-5182 79 1 XSS 2007-10-03 2017-07-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in mail.asp in Netkamp Emlak Scripti allows remote attackers to inject arbitrary web script or HTML via the (1) Email parameter, and possibly the (2) Ad, (3) Soyad, (4) Konu, and (5) Mesaj parameters to iletisim.asp.
10 CVE-2007-5181 89 1 Exec Code Sql 2007-10-03 2017-07-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in detay.asp in Netkamp Emlak Scripti allows remote attackers to execute arbitrary SQL commands via the ilan_id parameter.
11 CVE-2007-5180 89 1 Exec Code Sql 2007-10-03 2017-07-28
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Ohesa Emlak Portali allow remote attackers to execute arbitrary SQL commands via the (1) Kategori parameter in satilik.asp and the (2) Emlak parameter in detay.asp.
12 CVE-2007-4734 119 1 Exec Code Overflow 2007-09-06 2017-09-28
4.3
None Remote Medium Not required None None Partial
Buffer overflow in Ots Labs OTSTurntables 1.00 allows user-assisted remote attackers to execute arbitrary code via a long file path in an m3u file.
13 CVE-2007-3940 1 XSS 2007-07-20 2017-07-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in default.asp in QuickerSite 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the svalue parameter in a search action. NOTE: some of these details are obtained from third party information.
14 CVE-2007-3839 1 XSS 2007-07-17 2008-09-05
4.0
None Remote High Not required Partial Partial None
Cross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev.NET DR 010306 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the avatar parameter. NOTE: this may be related to the tracker program in the Janitor package. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
15 CVE-2007-3838 1 XSS 2007-07-17 2008-09-05
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev.NET DR 11-10-05-BETA-SF1:111005 and earlier allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of a SCRIPT element in the avatar parameter. NOTE: this may be related to the tracker program in the Janitor package. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
16 CVE-2007-3823 1 DoS 2007-07-16 2017-07-28
7.8
None Remote Low Not required None None Complete
The Logging Server (Logsrv.exe) in IPSwitch WS_FTP 7.5.29.0 allows remote attackers to cause a denial of service (daemon crash) by sending a crafted packet containing a long string to port 5151/udp.
17 CVE-2007-3812 1 Exec Code Sql 2007-07-16 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in forums.php in CMScout 1.23 and earlier allows remote attackers to execute arbitrary SQL commands via the f parameter in a forums action to index.php.
18 CVE-2007-3808 1 Exec Code Sql 2007-07-16 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in includes/search.php in paFileDB 3.6 allows remote attackers to execute arbitrary SQL commands via the categories[] parameter in a search action to index.php, a different vector than CVE-2005-2000.
19 CVE-2007-3806 20 1 DoS Exec Code Mem. Corr. 2007-07-16 2017-09-28
6.8
None Remote Medium Not required Partial Partial Partial
The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure.
20 CVE-2007-3703 1 Exec Code Overflow 2007-07-11 2017-09-28
6.8
User Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in a certain ActiveX control in sasatl.dll 1.5.0.531 in Zenturi Program Checker (ProgramChecker) Pro allows remote attackers to execute arbitrary code via a long argument to the Fill method. NOTE: this is probably a different issue than CVE-2007-2987.
21 CVE-2007-3655 119 1 Exec Code Overflow 2007-07-10 2017-09-28
6.8
User Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file.
22 CVE-2007-3574 79 1 XSS 2007-07-05 2012-10-30
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3) snmp_getcomm, or (4) snmp_setcomm parameter.
23 CVE-2007-3530 1 +Priv 2007-07-03 2017-09-28
7.2
Admin Local Low Not required Complete Complete Complete
PHPDirector 0.21 and earlier stores the admin account name and password in config.php, which allows local users to gain privileges by reading this file.
24 CVE-2007-3529 1 +Info 2007-07-03 2017-09-28
7.8
None Remote Low Not required Complete None None
videos.php in PHPDirector 0.21 and earlier allows remote attackers to obtain sensitive information via an empty value of the id[] parameter, which reveals the path in an error message.
25 CVE-2007-3340 119 1 DoS Overflow 2007-06-21 2017-10-10
7.8
None Remote Low Not required None None Complete
BugHunter HTTP SERVER (httpsv.exe) 1.6.2 allows remote attackers to cause a denial of service (application crash) via a large number of requests for nonexistent pages.
26 CVE-2007-3162 1 DoS Overflow 2007-06-11 2017-10-10
5.0
None Remote Low Not required None None Partial
Buffer overflow in the NotSafe function in the idaiehlp ActiveX control in idaiehlp.dll 1.9.1.74 in Internet Download Accelerator (ida) 5.2 allows remote attackers to cause a denial of service (Internet Explorer crash) via a long argument.
27 CVE-2007-3133 1 Exec Code Sql 2007-06-08 2017-10-10
6.8
User Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in urunbak.asp in W1L3D4 WEBmarket 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
28 CVE-2007-2821 1 Exec Code Sql 2007-05-22 2017-10-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter.
29 CVE-2007-2792 2 Exec Code Sql 2007-05-21 2017-10-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Yet another Newsletter Component (aka YaNC or com_yanc) component before 1.5 beta 3 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter to index.php. NOTE: some of these details are obtained from third party information.
30 CVE-2007-2586 264 1 Exec Code Overflow 2007-05-09 2017-10-10
9.3
None Remote Medium Not required Complete Complete Complete
The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have other impact including reading startup-config, as demonstrated by a crafted MKD command that involves access to a VTY device and overflows a buffer, aka bug ID CSCek55259.
31 CVE-2007-2583 189 1 DoS 2007-05-09 2017-10-10
4.0
None Remote Low Single system None None Partial
The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.
32 CVE-2007-2526 1 Exec Code Overflow 2007-05-08 2017-10-10
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the ConnectAsyncEx function in VNC Viewer ActiveX control (scvncctrl.dll) in the SmartCode VNC Manager 3.6 allows remote attackers to execute arbitrary code via a long argument.
33 CVE-2007-2482 1 Dir. Trav. 2007-05-03 2017-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in wordtube-button.php in the wordTube 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the wpPATH parameter.
34 CVE-2007-2373 1 Exec Code Sql 2007-04-30 2017-10-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in viewcat.php in the WF-Links (wflinks) 1.03 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter.
35 CVE-2007-2222 119 1 Exec Code Overflow Mem. Corr. 2007-06-12 2017-10-10
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS.
36 CVE-2007-2195 1 DoS 2007-04-24 2008-11-13
5.0
None Remote Low Not required None None Partial
aMSN (aka Alvaro's Messenger) 0.96 and earlier allows remote attackers to cause a denial of service (application crash) by sending invalid data to TCP port 31337.
37 CVE-2007-1377 1 DoS 2007-03-09 2017-07-28
5.0
None Remote Low Not required None None Partial
AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236.
38 CVE-2007-1162 1 DoS 2007-03-02 2017-10-10
7.8
None Remote Low Not required None None Complete
A certain ActiveX control in the Common Controls Replacement Project (CCRP) CCRP BrowseDialog Server (ccrpbds6.dll) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) IsFolderAvailable or (2) RootFolder property value, different vectors than CVE-2007-0371.
39 CVE-2007-0641 1 Exec Code Overflow 2007-01-31 2008-11-13
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the EnumPrintersA function in dapcnfsd.dll 0.6.4.0 in Shaffer Solutions (SSC) DiskAccess NFS Client allows remote attackers to execute arbitrary code via a long argument, an issue similar to CVE-2006-5854 and CVE-2007-0444.
40 CVE-2007-0444 119 1 Exec Code Overflow 2007-01-24 2009-01-02
7.2
Admin Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions.
41 CVE-2006-7005 1 Exec Code Sql 2007-02-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in item.php in PSY Auction allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
42 CVE-2006-7004 1 XSS 2007-02-12 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in email_request.php in PSY Auction allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
43 CVE-2006-6958 94 1 Exec Code File Inclusion 2007-01-29 2017-07-28
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in phpBlueDragon 2.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter to (1) team_admin.php, (2) rss_admin.php, (3) manual_admin.php, and (4) forum_admin.php in includes/root_modules/, a different set of vectors than CVE-2006-3076.
Total number of vulnerabilities : 43   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.