# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
64101 |
CVE-2007-4091 |
|
|
Exec Code |
2007-08-15 |
2018-10-15 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function. |
64102 |
CVE-2007-4090 |
|
|
XSS |
2007-07-30 |
2008-11-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to inc/lib/screen.php or (2) the title parameter to post.php. NOTE: vector 2 might overlap CVE-2006-6283. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
64103 |
CVE-2007-4089 |
|
|
+Info |
2007-07-30 |
2017-07-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Vikingboard 0.1.2 allows remote attackers to obtain sensitive information via the debug parameter to (1) forum.php, (2) cp.php, and possibly other unspecified components. |
64104 |
CVE-2007-4088 |
|
|
XSS |
2007-07-30 |
2017-07-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) f, (3) quote, and (4) act parameters to cp.php; the (5) u parameter to user.php; the (6) f parameter to post.php; the (7) s parameter to topic.php; the (8) quote, (9) t, (10) poll, and (11) p parameters to post.php; the (12) Message Title field of a private message (PM) in mode 6 of cp.php; the (13) title field of a private message (PM) in mode 7 of cp.php; and (14) allow user-assisted remote attackers to inject arbitrary web script or HTML via a dosearch action to search.php, which reflects the first lines of all posts by a user. NOTE: the act parameter to help.php and the p parameter to report.php are already covered by CVE-2006-4708. NOTE: vectors 12 and 13 might overlap CVE-2006-6283.1. NOTE: vector 14 might overlap CVE-2006-4708.b. |
64105 |
CVE-2007-4087 |
|
|
XSS +Info |
2007-07-30 |
2008-11-15 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
AlstraSoft Video Share Enterprise allows remote attackers to obtain sensitive information (the full path) via (1) a ' (quote) character in the category parameter to view_video.php, or (2) an XSS sequence in the UID parameter to (a) uprofile.php, (b) channel_detail.php, (c) uvideos.php, (d) groups_home.php, or (e) ufriends.php. |
64106 |
CVE-2007-4086 |
|
|
Exec Code Sql |
2007-07-30 |
2008-11-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple SQL injection vulnerabilities in AlstraSoft Video Share Enterprise allow remote attackers to execute arbitrary SQL commands via (1) the gid parameter to gmembers.php, or (2) the UID parameter to (a) uvideos.php, (b) ugroups.php, (c) uprofile.php, (d) ufavour.php, (e) ufriends.php, or (f) uplaylist.php. |
64107 |
CVE-2007-4085 |
|
|
Exec Code Sql |
2007-07-30 |
2009-04-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple SQL injection vulnerabilities in AlstraSoft AskMe Pro allow remote attackers to execute arbitrary SQL commands via the (1) que_id parameter to forum_answer.php or (2) the cat_id parameter to search.php. |
64108 |
CVE-2007-4083 |
|
|
XSS |
2007-07-30 |
2008-11-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft AskMe Pro allow remote attackers to inject arbitrary web script or HTML via (1) the cat_id parameter to search.php or the (2) typ parameter to register.php. |
64109 |
CVE-2007-4082 |
|
|
XSS |
2007-07-30 |
2008-11-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in contact_author.php AlstraSoft Article Manager Pro allows remote attackers to inject arbitrary web script or HTML via the userid parameter. |
64110 |
CVE-2007-4081 |
|
|
XSS |
2007-07-30 |
2008-11-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to inject arbitrary web script or HTML via vectors in (a) merchants/index.php, including the (1) id or (2) msg parameter in a programedit action; the (3) pgmid parameter in an uploadProducts action; the (4) d, (5) m, or (6) y parameter in a daily action; the (7) err parameter in a ProgramReport action; the (8) i, (9) txtto, (10) txtfrom, or (11) programs parameter in a LinkReport action; or the (12) msg parameter in an add_money action; and one vector in (b) merchants/temp.php using (13) the rowid parameter. NOTE: vector 7 might overlap CVE-2005-3795.1. |
64111 |
CVE-2007-4080 |
|
|
XSS |
2007-07-30 |
2008-11-15 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
Cross-site scripting (XSS) vulnerability in index.php AlstraSoft E-Friends allows remote attackers to inject arbitrary web script or HTML via the p_id parameter in a people_card action. NOTE: this might overlap CVE-2006-2564. |
64112 |
CVE-2007-4079 |
|
|
XSS |
2007-07-30 |
2008-11-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft SMS Text Messaging Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) q parameter to (a) admin/membersearch.php, or (3) the userid parameter to (b) admin/edituser.php. |
64113 |
CVE-2007-4078 |
|
|
XSS |
2007-07-30 |
2008-11-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Text Ads Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) r parameter to (a) forgot_uid.php, the (2) query or (3) sk parameter to (b) search_results.php, or (4) the pageId parameter to (c) website_page.php. |
64114 |
CVE-2007-4077 |
|
|
XSS |
2007-07-30 |
2008-11-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Video Share Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) msg, (2) page, (3) viewkey, or (4) viewtype parameter to (a) view_video.php; the (5) next parameter to (b) signup.php; the (6) search_id parameter to (c) search_result.php; the (7) category or (8) page parameter to (d) video.php; the (9) receiver parameter to (e) compose.php; the (10) catgy parameter to (f) groups.php; the (11) channelname parameter to (g) siteadmin/channels.php; or the (12) uname parameter to (h) siteadmin/muser.php. |
64115 |
CVE-2007-4075 |
|
|
XSS |
2007-07-30 |
2008-11-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in index.asp in Alisveris Sitesi Scripti allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search mod action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
64116 |
CVE-2007-4073 |
|
|
|
2007-07-30 |
2018-10-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Webbler CMS before 3.1.6 does not properly restrict use of "mail a friend" forms, which allows remote attackers to send arbitrary amounts of forged e-mail. NOTE: this could be leveraged for spam or phishing attacks. |
64117 |
CVE-2007-4072 |
|
|
+Info |
2007-07-30 |
2018-10-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Webbler CMS before 3.1.6 provides the full installation path within HTML comments in certain documents, which allows remote attackers to obtain sensitive information by viewing the HTML source, as demonstrated by viewing the source generated from index.php. |
64118 |
CVE-2007-4071 |
|
|
XSS |
2007-07-30 |
2018-10-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in uploader/index.php in Webbler CMS before 3.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) login parameter. |
64119 |
CVE-2007-4070 |
|
|
|
2007-07-30 |
2017-09-28 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
Unspecified vulnerability in Low Bandwidth X proxy (lbxproxy) on Sun Solaris 8 through 10 before 20070725 allows local users to read arbitrary files with root group ownership via unknown vectors. |
64120 |
CVE-2007-4068 |
|
|
Exec Code Sql |
2007-07-30 |
2017-09-28 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
Multiple SQL injection vulnerabilities in Webyapar 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the kat_id parameter to the default URI in a download action or (2) the id parameter to the default URI in a duyurular_detay action. |
64121 |
CVE-2007-4066 |
119 |
|
DoS Overflow |
2007-09-21 |
2017-09-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an overflow in oggenc.exe related to the _psy_noiseguards_8 array. |
64122 |
CVE-2007-4065 |
|
|
DoS |
2007-09-21 |
2017-09-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted OGG file, aka trac Changeset 13217. |
64123 |
CVE-2007-4064 |
79 |
|
XSS |
2007-07-30 |
2017-07-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x before 5.2, and 4.7.x before 4.7.7, (1) allow remote attackers to inject arbitrary web script or HTML via "some server variables," including PHP_SELF; and (2) allow remote authenticated administrators to inject arbitrary web script or HTML via custom content type names. |
64124 |
CVE-2007-4063 |
|
|
CSRF |
2007-07-30 |
2017-07-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to (1) delete comments, (2) delete content revisions, and (3) disable menu items as privileged users, related to improper use of HTTP GET and the Forms API. |
64125 |
CVE-2007-4059 |
|
|
|
2007-07-30 |
2017-09-28 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
Absolute path traversal vulnerability in a certain ActiveX control in IntraProcessLogging.dll 5.5.3.42958 in EMC VMware allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SetLogFileName method. |
64126 |
CVE-2007-4058 |
22 |
|
Dir. Trav. |
2007-07-30 |
2017-09-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Absolute path traversal vulnerability in a certain ActiveX control in vielib.dll 2.2.5.42958 in EMC VMware 6.0.0 allows remote attackers to execute arbitrary local programs via a full pathname in the first argument to the StartProcess method. |
64127 |
CVE-2007-4057 |
|
|
|
2007-07-30 |
2017-09-28 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
Unrestricted file upload vulnerability in pfs.php in Neocrome Seditio 121 and earlier allows remote authenticated users to upload arbitrary PHP code via a filename ending with (1) .php.gif, (2) .php.jpg, or (3) .php.png. |
64128 |
CVE-2007-4052 |
|
|
XSS |
2007-07-30 |
2008-11-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in utilities/login.asp in nukedit 4.9.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
64129 |
CVE-2007-4051 |
|
|
Overflow +Priv |
2007-07-30 |
2017-07-28 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Heap-based buffer overflow in the FindFiles function in UltraDefrag 1.0.3 allows local users to gain privileges via a file with a long pathname. NOTE: some of these details are obtained from third party information. |
64130 |
CVE-2007-4048 |
|
|
XSS |
2007-07-30 |
2018-10-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo 2.5.4-dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. |
64131 |
CVE-2007-4047 |
|
|
|
2007-07-27 |
2018-10-15 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
geoBlog (aka BitDamaged) 1 does not require authentication for (1) deletecomment.php, (2) deleteblog.php, and (3) listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request with a valid id parameter. |
64132 |
CVE-2007-4045 |
|
|
DoS |
2007-07-27 |
2017-09-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial of service via unspecified vectors related to an incomplete fix for CVE-2007-0720 that introduced a different denial of service problem in SSL negotiation. |
64133 |
CVE-2007-4043 |
287 |
|
Bypass |
2007-07-27 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence. NOTE: a separate traversal vulnerability could be leveraged to download arbitrary files. |
64134 |
CVE-2007-4041 |
78 |
|
Exec Code |
2007-07-27 |
2008-09-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670. |
64135 |
CVE-2007-4040 |
79 |
|
Exec Code XSS |
2007-07-27 |
2008-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670. |
64136 |
CVE-2007-4039 |
79 |
|
Exec Code XSS |
2007-07-27 |
2008-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670. |
64137 |
CVE-2007-4038 |
94 |
|
Exec Code |
2007-07-27 |
2018-10-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, when running on systems with Thunderbird 1.5 installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking Thunderbird.exe, a similar issue to CVE-2007-3670. |
64138 |
CVE-2007-4037 |
119 |
|
Overflow |
2007-07-27 |
2018-10-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
** DISPUTED ** Guidance Software EnCase allows user-assisted attackers to trigger a buffer over-read and application crash via a malformed NTFS filesystem containing a modified FILE record with a certain large offset. NOTE: the vendor disputes the significance of this issue, asserting that relevant attackers typically do not corrupt a filesystem, and indicating that the relevant read operation can be disabled. |
64139 |
CVE-2007-4036 |
399 |
|
DoS |
2007-07-27 |
2018-10-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
** DISPUTED ** Guidance Software EnCase allows user-assisted remote attackers to cause a denial of service via (1) a corrupted Microsoft Exchange database, which triggers an application crash when many options are selected; (2) a corrupted NTFS filesystem, which causes the application to report "memory allocation errors;" or (3) deeply nested directories, which trigger an application crash during an Expand All action. NOTE: the vendor disputes the significance of these vectors because the user can select fewer options, there is no operational impact, or the user can do less expansion. |
64140 |
CVE-2007-4035 |
|
|
|
2007-07-27 |
2018-10-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
** DISPUTED ** Guidance Software EnCase does not properly handle (1) certain malformed MBR partition tables with many entries, which allows remote attackers to prevent logical collection of a disk image; (2) NTFS filesystems with directory loops, which allows remote attackers to prevent examination of certain directory contents; and (3) certain other malformed NTFS filesystems, which allows remote attackers to prevent examination of corrupted records. NOTE: the vendor disputes the significance of these issues, because physical collection can be used instead, because the vendor believes that relevant attackers typically do not corrupt an MBR or a filesystem, and because detection of a loop is valuable on its own. |
64141 |
CVE-2007-4032 |
|
|
Exec Code Overflow |
2007-07-27 |
2017-09-28 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in CrystalPlayer Pro 1.98 allows user-assisted remote attackers to execute arbitrary code via a long string in a .mls Playlist file. |
64142 |
CVE-2007-4029 |
|
|
DoS |
2007-07-26 |
2018-10-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c. |
64143 |
CVE-2007-4027 |
|
|
Overflow +Priv |
2007-07-26 |
2018-10-15 |
6.6 |
Admin |
Local |
Medium |
Single system |
Complete |
Complete |
Complete |
Buffer overflow in cli32 in Areca CLI 1.72.250 and earlier might allow local users to gain privileges via a long argument. NOTE: this program is not setuid by default, but there are some usage scenarios in which an administrator might make it setuid. |
64144 |
CVE-2007-4026 |
|
|
Exec Code |
2007-07-26 |
2017-07-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
epesi framework before 0.8.6 does not properly verify file extensions, which allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving the gallery images upload feature. NOTE: some of these details are obtained from third party information. |
64145 |
CVE-2007-4025 |
|
|
|
2007-07-26 |
2017-07-28 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Unspecified vulnerability in Sun Java System (SJS) Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to obtain JSP source code via unspecified vectors. |
64146 |
CVE-2007-4024 |
|
|
XSS |
2007-07-26 |
2017-07-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in W1L3D4_aramasonuc.asp in W1L3D4 Philboard 0.3 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
64147 |
CVE-2007-4023 |
|
|
XSS |
2007-07-26 |
2017-07-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the login CGI program in Aruba Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier FIPS versions, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
64148 |
CVE-2007-4022 |
|
|
XSS |
2007-07-26 |
2018-10-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in frontend/x/htaccess/changepro.html in cPanel 10.9.1 allows remote attackers to inject arbitrary web script or HTML via the resname parameter. |
64149 |
CVE-2007-4021 |
|
|
XSS |
2007-07-26 |
2017-07-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in login.php in Brain Book Software Secure 1.0.20070629 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user and (2) pwd parameters. |
64150 |
CVE-2007-4020 |
|
|
XSS |
2007-07-26 |
2017-07-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in login.php in AdMan 1.0.20051202 FF 3 patch and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user and (2) pwd parameters. |