CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2007(Gain Privilege)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2006-5586 +Priv 2007-04-04 2018-10-17
7.2
Admin Local Low Not required Complete Complete Complete
The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."
2 CVE-2006-5753 DoS +Priv 2007-01-30 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is present, allows local users to cause a denial of service (data corruption) and possibly gain privileges via unknown vectors.
3 CVE-2006-6952 +Priv 2007-01-24 2018-10-16
7.2
Admin Local Low Not required Complete Complete Complete
Computer Associates Host Intrusion Prevention System (HIPS) drivers (1) Core kmxstart.sys 6.5.4.31 and (2) Firewall kmxfw.sys 6.5.4.10 allow local users to gain privileges by using certain privileged IOCTLs to modify callback function pointers.
4 CVE-2006-6995 +Priv 2007-02-12 2018-10-16
6.0
User Remote Medium Single system Partial Partial Partial
mycontacts.php in V3 Chat allows remote authenticated users to gain privileges as other users via a modified membername parameter.
5 CVE-2006-7014 +Priv 2007-02-14 2018-10-16
7.5
User Remote Low Not required Partial Partial Partial
admin.php in BloggIT 1.01 and earlier does not properly establish a user session, which allows remote attackers to gain privileges via a direct request.
6 CVE-2006-7016 +Priv Bypass 2007-02-14 2018-10-16
7.5
User Remote Low Not required Partial Partial Partial
phpjobboard allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin.php with adminop=job-edit.
7 CVE-2006-7074 798 +Priv Bypass 2007-03-02 2017-07-28
7.5
User Remote Low Not required Partial Partial Partial
admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the userName cookie.
8 CVE-2006-7098 264 +Priv 2007-03-03 2017-07-28
6.6
Admin Local Medium Single system Complete Complete Complete
The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
9 CVE-2006-7152 +Priv 2007-03-07 2017-10-10
8.5
Admin Remote Medium Single system Complete Complete Complete
default.asp in ASP-Nuke Community 1.5 and earlier allows remote attackers to gain privileges by setting certain pseudo cookie values.
10 CVE-2006-7191 +Priv 2007-04-02 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Untrusted search path vulnerability in lamdaemon.pl in LDAP Account Manager (LAM) before 1.0.0 allows local users to gain privileges via a modified PATH that points to a malicious rm program.
11 CVE-2007-0005 119 Overflow +Priv 2007-03-09 2018-10-16
6.9
Admin Local Medium Not required Complete Complete Complete
Multiple buffer overflows in the (1) read and (2) write handlers in the Omnikey CardMan 4040 driver in the Linux kernel before 2.6.21-rc3 allow local users to gain privileges.
12 CVE-2007-0022 +Priv 2007-01-22 2017-07-28
7.2
Admin Local Low Not required Complete Complete Complete
Untrusted search path vulnerability in writeconfig in Apple Mac OS X 10.4.8 allows local users to gain privileges via a modified PATH that points to a malicious launchctl program.
13 CVE-2007-0023 +Priv 2007-01-23 2017-07-28
6.9
Admin Local Medium Not required Complete Complete Complete
The CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, when used in combination with diskutil, allows local users to gain privileges via a malicious InputManager in Library/InputManagers in a user's home directory, which is executed when Cocoa applications attempt to notify the user.
14 CVE-2007-0068 +Priv 2007-06-06 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature on a signed scheduled agent after the agent is modified, which allows remote authenticated users to gain privileges via a modified agent in a server database.
15 CVE-2007-0084 Overflow +Priv 2007-01-05 2018-10-16
6.6
Admin Local Medium Single system Complete Complete Complete
** DISPUTED ** Buffer overflow in the Windows NT Message Compiler (MC) 1.00.5239 on Microsoft Windows XP allows local users to gain privileges via a long MC-filename. NOTE: this issue has been disputed by a reliable third party who states that the compiler is not a privileged program, so privilege boundaries cannot be crossed.
16 CVE-2007-0085 +Priv 2007-01-05 2017-07-28
6.0
Admin Local High Single system Complete Complete Complete
Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics driver for wscons in OpenBSD 3.9 and 4.0, when the kernel is compiled with the PCIAGP option and a non-AGP device is being used, allows local users to gain privileges via unspecified vectors, possibly related to agp_ioctl NULL pointer reference.
17 CVE-2007-0117 +Priv 2007-01-08 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation.
18 CVE-2007-0161 +Priv 2007-01-09 2018-10-16
4.1
User Local Medium Single system Partial Partial Partial
The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument, a related issue to CVE-2006-0023.
19 CVE-2007-0162 +Priv 2007-01-09 2017-07-28
6.8
Admin Local Low Single system Complete Complete Complete
Unsanity Application Enhancer (APE) 2.0.2 installs with insecure permissions for the (1) ApplicationEnhancer binary and the (2) /Library/Frameworks/ApplicationEnhancer.framework directory, which allows local users to gain privileges by modifying or replacing the binary or library files.
20 CVE-2007-0210 Overflow +Priv 2007-02-13 2018-10-12
7.2
Admin Local Low Not required Complete Complete Complete
The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 allows local users to gain privileges via unspecified vectors involving an "unchecked buffer," probably a buffer overflow.
21 CVE-2007-0211 +Priv 2007-02-13 2018-10-12
7.2
Admin Local Low Not required Complete Complete Complete
The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."
22 CVE-2007-0229 189 DoS Overflow +Priv 2007-01-12 2017-07-28
7.2
Admin Local Low Not required Complete Complete Complete
Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem.
23 CVE-2007-0243 119 Overflow +Priv Mem. Corr. 2007-01-17 2018-10-30
6.8
User Remote Medium Not required Partial Partial Partial
Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.
24 CVE-2007-0257 +Priv 2007-01-16 2018-10-16
7.2
Admin Local Low Not required Complete Complete Complete
** DISPUTED ** Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven. As of 20070120, the original researcher has released demonstration code.
25 CVE-2007-0345 +Priv 2007-01-17 2017-10-18
6.8
Admin Local Low Single system Complete Complete Complete
The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain Access.app/Contents/Resources/kcproxy, and (3) ODBC Administrator.app/Contents/Resources/iodbcadmintool programs in /Applications/Utilities/ in Mac OS X 10.4.8 have weak permissions (writable by admin group), which allows local admin users to gain root privileges by modifying a program and then performing permissions repair via diskutil.
26 CVE-2007-0351 +Priv 2007-01-18 2018-10-16
6.2
Admin Local High Not required Complete Complete Complete
Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user.
27 CVE-2007-0355 119 Exec Code Overflow +Priv 2007-01-18 2017-10-18
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in Mac OS X 10.4.11 and earlier, including 10.4.8, allows local users, and possibly remote attackers, to gain privileges and possibly execute arbitrary code via a registration request with an invalid attr-list field.
28 CVE-2007-0366 +Priv 2007-01-19 2017-07-28
4.6
User Local Low Not required Partial Partial Partial
Untrusted search path vulnerability in Rumpus 5.1 and earlier allows local users to gain privileges via a modified PATH that points to a malicious ipfw program.
29 CVE-2007-0392 +Priv 2007-01-19 2018-10-16
4.6
User Local Low Not required Partial Partial Partial
IBM AIX 5.3 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.
30 CVE-2007-0393 +Priv 2007-01-19 2018-10-16
4.6
User Local Low Not required Partial Partial Partial
Sun Solaris 9 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.
31 CVE-2007-0394 +Priv 2007-01-19 2018-10-16
4.6
None Local Low Not required Partial Partial Partial
HP HP-UX B11.11 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.
32 CVE-2007-0405 +Priv 2007-01-22 2017-07-28
6.5
User Remote Low Single system Partial Partial Partial
The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user.
33 CVE-2007-0406 DoS Overflow +Priv 2007-01-22 2017-07-28
4.6
User Local Low Not required Partial Partial Partial
Multiple buffer overflows in the (1) main function in (a) client.c, and the (2) server_setup and (3) server_client_connect functions in (b) server.c in gxine 0.5.9 and earlier allow local users to cause a denial of service (daemon crash) or gain privileges via a long HOME environment variable. NOTE: some of these details are obtained from third party information.
34 CVE-2007-0425 Overflow +Priv 2007-01-22 2008-11-13
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 through 8.1 SP5, and JRockit 1.4.2 R4.5 and earlier, allows attackers to gain privileges via unspecified vectors, related to an "overflow condition," probably a buffer overflow.
35 CVE-2007-0436 264 +Priv 2007-02-03 2011-05-18
4.6
User Local Low Not required Partial Partial Partial
Barron McCann X-Kryptor Driver BMS1446HRR (Xgntr BMS1351 Install BMS1472) in X-Kryptor Secure Client does not drop privileges when launching an Explorer window in response to a help command, which allows local users to gain LocalSystem privileges via interactive use of Explorer.
36 CVE-2007-0467 +Priv 2007-01-30 2017-07-28
6.2
Admin Local High Not required Complete Complete Complete
crashdump in Apple Mac OS X 10.4.8 allows local users in the admin group to modify arbitrary files or gain privileges via a symlink attack on application logs in /Library/Logs/CrashReporter/.
37 CVE-2007-0470 +Priv 2007-01-23 2018-10-30
7.2
Admin Local Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and 10 allow local users to gain uucp account privileges via unspecified vectors.
38 CVE-2007-0475 Overflow +Priv 2007-02-03 2010-09-15
4.4
User Local Medium Not required Partial Partial Partial
Multiple stack-based buffer overflows in utilities/smb4k_*.cpp in Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to gain privileges via unspecified vectors related to the args variable and unspecified other variables, in conjunction with the sudo configuration.
39 CVE-2007-0536 +Priv 2007-01-26 2017-07-28
7.2
Admin Local Low Not required Complete Complete Complete
The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges.
40 CVE-2007-0557 +Priv 2007-01-29 2008-11-15
7.2
Admin Local Low Not required Complete Complete Complete
rMake before 1.0.4 drops root privileges in a way that retains the original supplemental groups, which might allow attackers to gain privileges via a crafted recipe file, a different vulnerability than CVE-2007-0536.
41 CVE-2007-0602 Overflow +Priv 2007-01-30 2018-10-16
6.9
Admin Local Medium Not required Complete Complete Complete
Buffer overflow in libvsapi.so in the VSAPI library in Trend Micro VirusWall 3.81 for Linux, as used by IScan.BASE/vscan, allows local users to gain privileges via a long command line argument, a different vulnerability than CVE-2005-0533.
42 CVE-2007-0603 Exec Code +Priv 2007-01-30 2018-10-16
7.1
Admin Remote High Single system Complete Complete Complete
PGP Desktop before 9.5.1 does not validate data objects received over the (1) \pipe\pgpserv named pipe for PGPServ.exe or the (2) \pipe\pgpsdkserv named pipe for PGPsdkServ.exe, which allows remote authenticated users to gain privileges by sending a data object representing an absolute pointer, which causes code execution at the corresponding address.
43 CVE-2007-0655 Exec Code +Priv 2007-05-02 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
The MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan 8.0.671.1, and possibly other versions, allows remote or local attackers to gain privileges and execute arbitrary commands by connecting directly to TCP port 2222.
44 CVE-2007-0708 DoS +Priv 2007-02-03 2018-10-16
7.2
None Local Low Not required Complete Complete Complete
cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) before 2.4.16.174 does not validate arguments that originate in user mode for the (1) NtConnectPort and (2) NtCreatePort hooked SSDT functions, which allows local users to cause a denial of service (system crash) and possibly gain privileges via invalid arguments.
45 CVE-2007-0709 DoS +Priv 2007-02-03 2018-10-16
7.2
None Local Low Not required Complete Complete Complete
cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.16.174 and earlier does not validate arguments that originate in user mode for the (1) NtCreateSection, (2) NtOpenProcess, (3) NtOpenSection, (4) NtOpenThread, and (5) NtSetValueKey hooked SSDT functions, which allows local users to cause a denial of service (system crash) and possibly gain privileges via invalid arguments.
46 CVE-2007-0723 +Priv 2007-03-13 2008-09-05
8.5
Admin Remote Medium Single system Complete Complete Complete
Unspecified vulnerability in the authentication feature for DirectoryService (DS Plug-Ins) for Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote authenticated LDAP users to modify the root password and gain privileges via unknown vectors.
47 CVE-2007-0724 +Priv 2007-03-13 2017-07-28
6.9
Admin Local Medium Not required Complete Complete Complete
The IOKit HID interface in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently limit access to certain controls, which allows local users to gain privileges by using HID device events to read keystrokes from the console.
48 CVE-2007-0729 264 +Priv 2007-04-24 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment before executing commands, which allows local users to gain privileges by setting unspecified environment variables.
49 CVE-2007-0732 +Priv 2007-04-24 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in the CoreServices daemon in CarbonCore in Apple Mac OS X 10.4 through 10.4.9 allows local users to gain privileges via unspecified vectors involving "obtaining a send right to [the] Mach task port."
50 CVE-2007-0737 +Priv 2007-04-24 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
The Login Window in Apple Mac OS X 10.3.9 through 10.4.9 does not properly check certain environment variables, which allows local users to gain privileges via unspecified vectors.
Total number of vulnerabilities : 242   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.