CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2007(Gain Privilege) (CVSS score >= 8)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2007-6293 +Priv 2007-12-10 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 6 R1.3 allow attackers to gain privileges via "some HMC commands."
2 CVE-2007-6174 264 +Priv 2007-11-29 2017-07-28
8.5
Admin Remote Medium Single system Complete Complete Complete
PHPDevShell before 0.7.0 allows remote authenticated users to gain privileges via a crafted request to update a user profile. NOTE: some of these details are obtained from third party information.
3 CVE-2007-5539 +Priv 2007-10-17 2017-07-28
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in Cisco Unified Intelligent Contact Management Enterprise (ICME), Unified ICM Hosted (ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH), and System Unified Contact Center Enterprise (SUCCE) 7.1(5) allows remote authenticated users to gain privileges, and read reports or change the SUCCE configuration, via certain web interfaces, aka CSCsj55686.
4 CVE-2007-5382 264 +Priv 2007-10-11 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 and earlier to Cisco Wireless Control System (WCS) creates administrator accounts with default usernames and passwords, which allows remote attackers to gain privileges.
5 CVE-2007-4223 +Priv 2007-11-08 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Dbgv.sys in Microsoft Sysinternals DebugView before 4.72 provides an unspecified mechanism for copying data into kernel memory, which allows local users to gain privileges via unspecified vectors.
6 CVE-2007-3751 Exec Code +Priv 2007-11-07 2018-10-26
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in QuickTime for Java in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via untrusted Java applets that gain privileges via unspecified vectors.
7 CVE-2007-3500 264 +Priv 2007-06-29 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Xeweb XEForum allows remote attackers to gain privileges via a modified xeforum cookie.
8 CVE-2007-3464 +Priv CSRF 2007-06-27 2018-10-16
8.5
Admin Remote Medium Single system Complete Complete Complete
Check Point SofaWare [email protected], with firmware before Embedded NGX 7.0.45 GA, does not require entry of the old password when changing the admin password, which might allow attackers to gain privileges by conducting a CSRF attack, making a password change on an unattended workstation, or other vectors.
9 CVE-2007-3260 +Priv 2007-06-19 2017-07-28
9.0
Admin Remote Low Single system Complete Complete Complete
HP System Management Homepage (SMH) before 2.1.9 for Linux, when used with Novell eDirectory, assigns the eDirectory members to the root group, which allows remote authenticated eDirectory users to gain privileges.
10 CVE-2007-2760 +Priv 2007-05-18 2017-07-28
9.0
Admin Remote Low Single system Complete Complete Complete
The canUpdate function in model/MRole.java in Adempiere before 3.1.6 does not properly validate user roles, which allows remote authenticated read-only users to gain read-write privileges. NOTE: some of these details are obtained from third party information.
11 CVE-2007-2462 +Priv Bypass 2007-05-02 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, when using Layer 2 Tunneling Protocol (L2TP) or Remote Management Access, allows remote attackers to bypass LDAP authentication and gain privileges via unknown vectors.
12 CVE-2007-2149 +Priv 2007-04-19 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier stores usernames and unencrypted passwords in (1) classes/vars.php and (2) classes/varstuff.php, and recommends 0666 or 0777 permissions for these files, which allows local users to gain privileges by reading the files, and allows remote attackers to obtain credentials via a direct request for admin/options.php.
13 CVE-2007-2034 +Priv 2007-04-16 2017-07-28
9.0
Admin Remote Low Single system Complete Complete Complete
Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.87.0 allows remote authenticated users to gain the privileges of the SuperUsers group, and manage the application and its networks, related to the group membership of user accounts, aka Bug ID CSCsg05190.
14 CVE-2007-1045 264 +Priv 2007-02-21 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
mAlbum 0.3 has default accounts (1) "login"/"pass" for its administrative account and (2) "dqsfg"/"sdfg", which allows remote attackers to gain privileges.
15 CVE-2007-0960 +Priv 2007-02-15 2018-10-30
9.0
Admin Remote Low Single system Complete Complete Complete
Unspecified vulnerability in Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when configured to use the LOCAL authentication method, allows remote authenticated users to gain privileges via unspecified vectors.
16 CVE-2007-0915 +Priv 2007-02-13 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers to overwrite arbitrary files and gain privileges via a crafted RPC request.
17 CVE-2007-0723 +Priv 2007-03-13 2008-09-05
8.5
Admin Remote Medium Single system Complete Complete Complete
Unspecified vulnerability in the authentication feature for DirectoryService (DS Plug-Ins) for Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote authenticated LDAP users to modify the root password and gain privileges via unknown vectors.
18 CVE-2007-0655 Exec Code +Priv 2007-05-02 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
The MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan 8.0.671.1, and possibly other versions, allows remote or local attackers to gain privileges and execute arbitrary commands by connecting directly to TCP port 2222.
19 CVE-2007-0117 +Priv 2007-01-08 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation.
20 CVE-2007-0068 +Priv 2007-06-06 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature on a signed scheduled agent after the agent is modified, which allows remote authenticated users to gain privileges via a modified agent in a server database.
21 CVE-2006-7152 +Priv 2007-03-07 2017-10-10
8.5
Admin Remote Medium Single system Complete Complete Complete
default.asp in ASP-Nuke Community 1.5 and earlier allows remote attackers to gain privileges by setting certain pseudo cookie values.
Total number of vulnerabilities : 21   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.