CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2007(Gain Privilege)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2007-6182 264 +Priv 2007-11-29 2017-07-28
7.2
None Local Low Not required Complete Complete Complete
The responder program in ISPsystem ISPmanager (aka ISPmgr) 4.2.15.1 allows local users to gain privileges via shell metacharacters in command line arguments.
2 CVE-2007-6174 264 +Priv 2007-11-29 2017-07-28
8.5
Admin Remote Medium Single system Complete Complete Complete
PHPDevShell before 0.7.0 allows remote authenticated users to gain privileges via a crafted request to update a user profile. NOTE: some of these details are obtained from third party information.
3 CVE-2007-6081 264 +Priv 2007-11-21 2008-11-15
7.5
User Remote Low Not required Partial Partial Partial
AdventNet EventLog Analyzer build 4030 for Windows, and possibly other versions and platforms, installs a mysql instance with a default "root" account without a password, which allows remote attackers to gain privileges and modify logs.
4 CVE-2007-5956 22 +Priv Dir. Trav. 2007-11-14 2017-07-28
7.2
None Local Low Not required Complete Complete Complete
Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) before 10.00.xC7W1 allows local users to gain privileges by referencing modified NLS message files through directory traversal sequences in the DBLANG environment variable.
5 CVE-2007-5838 16 +Priv 2007-11-06 2017-07-28
7.2
None Local Low Not required Complete Complete Complete
Aclient in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows local users to gain local System privileges via the "Enable key-based authentication to Deployment server" browser option, a different issue than CVE-2007-4380.
6 CVE-2007-5829 264 +Priv 2007-11-05 2017-07-28
6.0
Admin Local High Single system Complete Complete Complete
The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and 10.x, Norton AntiVirus for Macintosh 10.0 and 10.1, and Norton Internet Security for Macintosh 3.x, uses a directory with weak permissions (group writable), which allows local admin users to gain root privileges by replacing unspecified files, which are executed when a user with physical access inserts a disk and the "Show Progress During Mount Scans" option is enabled.
7 CVE-2007-5756 119 Overflow +Priv 2007-11-13 2017-07-28
6.9
None Local Medium Not required Complete Complete Complete
Multiple array index errors in the bpf_filter_init function in NPF.SYS in WinPcap before 4.0.2, when run in monitor mode (aka Table Management Extensions or TME), and as used in Wireshark and possibly other products, allow local users to gain privileges via crafted IOCTL requests.
8 CVE-2007-5667 20 +Priv Bypass 2007-11-13 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the \.\nwfilter device available for arbitrary user-mode input via METHOD_NEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and overwriting kernel memory locations.
9 CVE-2007-4686 189 DoS +Priv 2007-11-14 2018-10-15
7.2
None Local Low Not required Complete Complete Complete
Integer signedness error in the ttioctl function in bsd/kern/tty.c in the xnu kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to cause a denial of service (system shutdown) or gain privileges via a crafted TIOCSETD ioctl request.
10 CVE-2007-4685 264 +Priv 2007-11-14 2017-07-28
7.2
None Local Low Not required Complete Complete Complete
The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing setuid or setgid programs in which the stdio, stderr, or stdout file descriptors are "in an unexpected state."
11 CVE-2007-4622 189 +Priv 2007-11-05 2017-07-28
7.2
Admin Local Low Not required Complete Complete Complete
Integer underflow in the dns_name_fromtext function in (1) libdns_nonsecure.a and (2) libdns_secure.a in IBM AIX 5.2 allows local users to gain privileges via a crafted "-y" (TSIG key) command line argument to dig.
12 CVE-2007-4621 119 Overflow +Priv 2007-11-05 2017-07-28
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in crontab in IBM AIX 5.2 allows local users to gain privileges via long command line arguments.
13 CVE-2007-4513 119 Overflow +Priv 2007-11-05 2017-09-28
7.2
Admin Local Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via a long argument to the (1) "-p" option to lqueryvg or (2) the "-V" option to lquerypv.
14 CVE-2007-4223 +Priv 2007-11-08 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Dbgv.sys in Microsoft Sysinternals DebugView before 4.72 provides an unspecified mechanism for copying data into kernel memory, which allows local users to gain privileges via unspecified vectors.
15 CVE-2007-4217 119 Overflow +Priv 2007-11-05 2017-07-28
7.2
Admin Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the domacro function in ftp in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long parameter to a macro, as demonstrated by executing a macro via the '$' command.
16 CVE-2007-3880 134 +Priv 2007-11-13 2018-10-30
7.2
Admin Local Low Not required Complete Complete Complete
Format string vulnerability in srsexec in Sun Remote Services (SRS) Net Connect 3.2.3 and 3.2.4, as distributed in the SRS Proxy Core (SUNWsrspx) package, allows local users to gain privileges via format string specifiers in unspecified input that is logged through syslog.
17 CVE-2007-3751 Exec Code +Priv 2007-11-07 2018-10-26
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in QuickTime for Java in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via untrusted Java applets that gain privileges via unspecified vectors.
Total number of vulnerabilities : 17   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.