CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2007(Overflow)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2007-6609 119 Exec Code Overflow 2007-12-31 2008-11-15
5.0
None Remote Low Not required None Partial None
Multiple stack-based buffer overflows in the CPLI_ReadTag_OGG function in CPI_PlaylistItem.c in CoolPlayer 217 and earlier allow user-assisted remote attackers to execute arbitrary code via a long (1) cTag or (2) cValue field in an OGG Vorbis file.
2 CVE-2007-6605 119 1 Exec Code Overflow 2007-12-31 2008-11-15
5.8
None Remote Medium Not required Partial Partial None
Buffer overflow in a certain ActiveX control in SkyFexClient.ocx 1.0.2.77 in SkyFex Client 1.0 allows remote attackers to execute arbitrary code via long strings in the first four arguments to the Start method.
3 CVE-2007-6593 119 Exec Code Overflow 2007-12-28 2008-09-05
8.8
None Remote Medium Not required Complete Complete None
Multiple stack-based buffer overflows in l123sr.dll in Autonomy (formerly Verity) KeyView SDK, as used by IBM Lotus Notes 5.x through 8.x, allow user-assisted remote attackers to execute arbitrary code via the (1) Length and (2) Value fields for certain Types in a Lotus 1-2-3 (.123) file in the Worksheet File (WKS) format, as demonstrated by a file with a crafted SRANGE record, a different vulnerability than CVE-2007-5909.
4 CVE-2007-6563 119 Exec Code Overflow 2007-12-27 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in WinAce 2.65 and earlier, and possibly other versions before 2.69, allows user-assisted remote attackers to execute arbitrary code via a long filename in a compressed UUE archive.
5 CVE-2007-6562 119 DoS Overflow 2007-12-27 2008-11-15
5.0
None Remote Low Not required None None Partial
Multiple stack-based buffer overflows in the use of FD_SET in TCPreen before 1.4.4 allow remote attackers to cause a denial of service via multiple concurrent connections, which result in overflows in the (1) SocketAddress::Connect function in libsolve/sockprot.cpp and (2) monitor_bridge function in src/bridge.cpp.
6 CVE-2007-6561 119 Exec Code Overflow 2007-12-27 2013-08-30
5.7
None Local Network Medium Not required None None Complete
Multiple stack-based buffer overflows in PDFLib allow user-assisted remote attackers to execute arbitrary code via a long filename argument to the PDF_load_image function that results in an overflow in the pdc_fsearch_fopen function, and possibly other vectors.
7 CVE-2007-6537 119 Exec Code Overflow 2007-12-27 2008-11-15
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the zfile_gunzip function in zfile.c in WinUAE 1.4.4 and earlier allows user-assisted remote attackers to execute arbitrary code via a long filename in a gzipped archive, such as a (1) gz, (2) adz, (3) roz, or (4) hdz archive in a compressed floppy disk image.
8 CVE-2007-6535 119 Exec Code Overflow 2007-12-27 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Buffer overflow in the YShortcut ActiveX control in YShortcut.dll 2006.8.15.1 in Yahoo! Toolbar might allow attackers to execute arbitrary code via a long string to the IsTaggedBM method.
9 CVE-2007-6533 119 Exec Code Overflow 2007-12-27 2008-11-15
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Zoom Player 6.00 beta 2 and earlier allows user-assisted remote attackers to execute arbitrary code via an HTTP link to a PLS file in a crafted ZPL file, which causes an overflow in Unicode handling when generating an error message.
10 CVE-2007-6530 119 Exec Code Overflow 2007-12-27 2008-11-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in the XUpload.ocx ActiveX control in Persits Software XUpload 2.1.0.1, and probably other versions before 3.0, as used by HP Mercury LoadRunner and Groove Virtual Office, allows remote attackers to execute arbitrary code via a long argument to the AddFolder function.
11 CVE-2007-6516 119 Exec Code Overflow 2007-12-21 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Buffer overflow in RavWare Software MAS Flic ActiveX Control (masflc.ocx) 1.0.0.1 allows remote attackers to execute arbitrary code via a long FileName property.
12 CVE-2007-6510 119 Exec Code Overflow 2007-12-21 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Multiple stack-based buffer overflows in ProWizard 4 PC (prowiz) 1.62 and earlier allow remote attackers to execute arbitrary code via a crafted file to the (1) AMOS-MusicBank, (2) FuzzacPacker, and (3) QuadraComposer rippers; and (4) have an unknown impact via a crafted file to the SkytPacker ripper.
13 CVE-2007-6478 119 1 DoS Exec Code Overflow 2007-12-20 2011-08-02
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in Rosoft Media Player 4.1.7, 4.1.8, and possibly earlier versions allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a .M3U file. NOTE: some of these details are obtained from third party information.
14 CVE-2007-6473 119 1 Exec Code Overflow 2007-12-20 2008-09-05
5.8
None Remote Medium Not required Partial Partial None
Heap-based buffer overflow in Texas Imperial Software WFTPD Pro Explorer 1.0 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command.
15 CVE-2007-6468 119 DoS Exec Code Overflow 2007-12-19 2008-11-15
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the HuffDecode function in hw_utils/hwrcon/huffman.c and hexenworld/Client/huffman.c in Hammer of Thyrion 1.4.2 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted huffman encoded packet. NOTE: some of these details are obtained from third party information.
16 CVE-2007-6457 119 DoS Overflow 2007-12-19 2008-09-05
5.0
None Remote Low Not required None None Partial
Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header.
17 CVE-2007-6454 119 DoS Exec Code Overflow 2007-12-19 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request.
18 CVE-2007-6438 119 DoS Overflow 2007-12-19 2012-08-13
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the SMB dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service via unknown vectors. NOTE: this identifier originally included MP3 and NCP, but those issues are already covered by CVE-2007-6111.
19 CVE-2007-6436 119 Exec Code Overflow 2007-12-18 2008-09-05
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, 2006, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted document, as actively exploited in December 2007 by the Tarodrop.F trojan. NOTE: some of these details are obtained from third party information.
20 CVE-2007-6435 119 Exec Code Overflow 2007-12-18 2008-11-15
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Novell GroupWise before 6.5.7, when HTML preview of e-mail is enabled, allows user-assisted remote attackers to execute arbitrary code via a long SRC attribute in an IMG element when forwarding or replying to a crafted e-mail.
21 CVE-2007-6411 119 DoS Exec Code Overflow 2007-12-17 2008-09-05
4.3
None Remote Medium Not required None None Partial
Multiple buffer overflows in the HandleEmotsConfig function in the GG Client in Gadu-Gadu 7.7 Build 3669 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (gg.exe process crash) via a long string in an emots.txt file.
22 CVE-2007-6403 119 Exec Code Overflow 2007-12-17 2012-08-13
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in Nullsoft Winamp 5.32 allows user-assisted remote attackers to execute arbitrary code via crafted unicode in a .mp4 file, with crafted tags, contained in a certain .rar archive, a related issue to CVE-2007-2498. NOTE: for exploitation, the victim must select a certain menu option at the time of the attack.
23 CVE-2007-6402 119 Exec Code Overflow 2007-12-17 2008-09-05
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in mplayerc.exe in Media Player Classic (MPC) 6.4.9, when used with the 3ivx 4.5.1 or 5.0.1 codec, allows remote attackers to execute arbitrary code via a certain .mp4 file, possibly a related issue to CVE-2007-6401.
24 CVE-2007-6401 119 Exec Code Overflow 2007-12-17 2008-09-05
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in mplayer2.exe in Microsoft Windows Media Player (WMP) 6.4, when used with the 3ivx 4.5.1 or 5.0.1 codec, allows remote attackers to execute arbitrary code via a certain .mp4 file, possibly a related issue to CVE-2007-6402.
25 CVE-2007-6387 119 1 Exec Code Overflow 2007-12-14 2008-09-05
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 ActiveX control in awApi4.dll 4.0.0.42, as used by Vantage Linguistics AnswerWorks, and Intuit Clearly Bookkeeping, ProSeries, QuickBooks, Quicken, QuickTax, and TurboTax, allow remote attackers to execute arbitrary code via long arguments to the (1) GetHistory, (2) GetSeedQuery, (3) SetSeedQuery, and possibly other methods. NOTE: some of these details are obtained from third party information.
26 CVE-2007-6386 119 DoS Overflow +Priv 2007-12-14 2008-11-15
7.2
Admin Local Low Not required Complete Complete Complete
Stack-based buffer overflow in PccScan.dll before build 1451 in Trend Micro AntiVirus plus AntiSpyware 2008, Internet Security 2008, and Internet Security Pro 2008 allows user-assisted remote attackers to cause a denial of service (SfCtlCom.exe crash), and allows local users to gain privileges, via a malformed .zip archive with a long name, as demonstrated by a .zip file created via format string specifiers in a crafted .uue file.
27 CVE-2007-6377 119 1 Exec Code Overflow 2007-12-14 2009-08-19
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier allows remote attackers to execute arbitrary code via a long query string.
28 CVE-2007-6357 119 Exec Code Overflow 2007-12-14 2008-11-15
5.8
None Remote Medium Not required Partial Partial None
Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of details as of 20071210, it is not clear whether this issue is the same as CVE-2007-6026 or CVE-2005-0944.
29 CVE-2007-6355 189 Overflow 2007-12-18 2011-05-13
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in exiftags before 1.01 has unknown impact and attack vectors, resulting from a "field offset overflow" that triggers an "illegal memory access," a different vulnerability than CVE-2007-6354.
30 CVE-2007-6354 Overflow 2007-12-18 2011-05-13
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in exiftags before 1.01 has unknown impact and attack vectors, resulting from a "field offset overflow" that triggers an "illegal memory access," a different vulnerability than CVE-2007-6355.
31 CVE-2007-6353 189 Exec Code Overflow 2007-12-19 2008-10-23
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.
32 CVE-2007-6352 189 Exec Code Overflow 2007-12-19 2010-08-21
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in libexif 0.6.16 and earlier allows context-dependent attackers to execute arbitrary code via an image with crafted EXIF tags, possibly involving the exif_data_load_data_thumbnail function in exif-data.c.
33 CVE-2007-6341 119 DoS Overflow 2007-12-20 2008-09-05
5.0
None Remote Low Not required None None Partial
Net/DNS/RR/A.pm in Net::DNS 0.60 build 654, as used in packages such as SpamAssassin and OTRS, allows remote attackers to cause a denial of service (program "croak") via a crafted DNS response.
34 CVE-2007-6336 119 Exec Code Overflow 2007-12-19 2011-08-30
6.8
None Remote Medium Not required Partial Partial Partial
Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file.
35 CVE-2007-6335 189 1 Exec Code Overflow 2007-12-19 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow.
36 CVE-2007-6327 119 1 Exec Code Overflow 2007-12-13 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in a certain ActiveX control in Online Media Technologies AVSMJPEGFILE.DLL 1.1.1.102 allows remote attackers to execute arbitrary code via a long first argument to the CreateStill method.
37 CVE-2007-6315 119 DoS Overflow 2007-12-11 2008-09-05
4.0
None Remote Low Single system None None Partial
Group Chat in BarracudaDrive Web Server before 3.8 allows remote authenticated users to cause a denial of service (crash) via a HTTP request to /eh/chat.ehintf/C. that does not contain a Connection ID, which results in a NULL pointer dereference.
38 CVE-2007-6305 119 Overflow +Priv 2007-12-10 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 7 R3.2.0 allow attackers to gain privileges via "some HMC commands."
39 CVE-2007-6302 119 Exec Code Overflow 2007-12-10 2012-01-13
6.8
None Remote Medium Not required Partial Partial Partial
Multiple heap-based buffer overflows in avirus.exe in Novell NetMail 3.5.2 before Messaging Architects M+NetMail 3.52f (aka 3.5.2F) allows remote attackers to execute arbitrary code via unspecified ASCII integers used as memory allocation arguments, aka "ZDI-CAN-162."
40 CVE-2007-6281 119 Exec Code Overflow 2007-12-19 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Open File Manager service (ofmnt.exe) in St. Bernard Open File Manager 9.5 allows remote attackers to execute arbitrary code via a long request.
41 CVE-2007-6277 119 Exec Code Overflow 2007-12-07 2010-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size, (5) Picture Data Length, (6) Padding Length, and (7) PICTURE Metadata width and height values in a .FLAC file, which result in a heap-based overflow; and large (8) VORBIS Comment String Size Length, (9) Picture MIME-Type, (10) Picture MIME-Type URL, and (11) Picture Description Length values in a .FLAC file, which result in a stack-based overflow. NOTE: some of these issues may overlap CVE-2007-4619.
42 CVE-2007-6265 119 Overflow 2007-12-07 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in avast! 4 Home and Professional Editions before 4.7.1098 allows remote attackers to have an unknown impact via a crafted TAR archive.
43 CVE-2007-6262 119 Exec Code Overflow 2007-12-05 2012-01-27
6.8
None Remote Medium Not required Partial Partial Partial
A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive plugin release vulnerability."
44 CVE-2007-6261 189 DoS Overflow 2007-12-05 2008-09-05
4.9
None Local Low Not required None None Complete
Integer overflow in the load_threadstack function in the Mach-O loader (mach_loader.c) in the xnu kernel in Apple Mac OS X 10.4 through 10.5.1 allows local users to cause a denial of service (infinite loop) via a crafted Mach-O binary.
45 CVE-2007-6245 119 Overflow 2007-12-19 2010-08-21
5.8
None Remote Medium Not required Partial Partial None
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks.
46 CVE-2007-6228 119 DoS Overflow 2007-12-04 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the Helper class in the yt.ythelper.2 ActiveX control in Yahoo! Toolbar 1.4.1 allows remote attackers to cause a denial of service (browser crash) via a long argument to the c method.
47 CVE-2007-6227 119 Overflow 2007-12-04 2008-12-20
7.2
None Local Low Not required Complete Complete Complete
QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock (code_gen_buffer) buffer, and probably have unspecified other impacts related to an "overflow," via certain Windows executable programs, as demonstrated by qemu-dos.com.
48 CVE-2007-6204 119 1 Exec Code Overflow 2007-12-13 2011-09-06
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allow remote attackers to execute arbitrary code via unspecified long arguments to (1) ovlogin.exe, (2) OpenView5.exe, (3) snmpviewer.exe, and (4) webappmon.exe, as demonstrated via a long Action parameter to OpenView5.exe.
49 CVE-2007-6195 119 DoS Exec Code Overflow 2007-12-14 2011-05-13
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the sw_rpc_agent_init function in swagentd in Software Distributor (SD), and possibly other DCE applications, in HP HP-UX B.11.11 and B.11.23 allows remote attackers to execute arbitrary code or cause a denial of service via malformed arguments in an opcode 0x04 DCE RPC request.
50 CVE-2007-6189 119 1 Exec Code Overflow 2007-11-29 2008-09-05
9.3
None Remote Medium Not required Complete Complete Complete
A certain ActiveX control in (1) OScan8.ocx and (2) Oscan81.ocx in BitDefender Online Anti-Virus Scanner 8.0 allows remote attackers to execute arbitrary code via a long argument to the InitX method that begins with a "%%" sequence, which is misinterpreted as a Unicode string and decoded twice, leading to improper memory allocation and a heap-based buffer overflow.
Total number of vulnerabilities : 952   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.