# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
65551 |
CVE-2007-0897 |
|
|
DoS |
2007-02-16 |
2017-07-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor. |
65552 |
CVE-2007-0896 |
79 |
|
XSS |
2007-02-13 |
2017-07-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "<SCRIPT/=''SRC='" sequence in an RSS feed, a different vulnerability than CVE-2006-4712. |
65553 |
CVE-2007-0895 |
|
|
|
2007-02-12 |
2018-10-30 |
2.6 |
None |
Local |
High |
Not required |
None |
Partial |
Partial |
Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which causes rm to chdir to a ".." directory that is higher than expected, possibly up to the root file system, a related issue to CVE-2002-0435. |
65554 |
CVE-2007-0894 |
|
|
+Info |
2007-02-12 |
2018-10-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the installation path in the resulting error message. |
65555 |
CVE-2007-0893 |
22 |
|
Dir. Trav. Bypass |
2007-02-12 |
2018-10-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Directory traversal vulnerability in phpMyVisites before 2.2 allows remote attackers to include arbitrary files via leading ".." sequences on the pmv_ck_view COOKIE parameter, which bypasses the protection scheme. |
65556 |
CVE-2007-0891 |
79 |
|
XSS |
2007-02-12 |
2018-10-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the GetCurrentCompletePath function in phpmyvisites.php in phpMyVisites before 2.2 allows remote attackers to inject arbitrary web script or HTML via the query string. |
65557 |
CVE-2007-0890 |
|
|
XSS |
2007-02-12 |
2018-10-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPanel WebHost Manager (WHM) 11.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the password parameter. |
65558 |
CVE-2007-0889 |
|
|
Dir. Trav. |
2007-02-12 |
2018-10-16 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Kiwi CatTools before 3.2.0 beta uses weak encryption ("reversible encoding") for passwords, account names, and IP addresses in kiwidb-cattools.kdb, which might allow local users to gain sensitive information by decrypting the file. NOTE: this issue could be leveraged with a directory traversal vulnerability for a remote attack vector. |
65559 |
CVE-2007-0885 |
|
|
XSS |
2007-02-12 |
2018-10-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
65560 |
CVE-2007-0883 |
|
|
Dir. Trav. |
2007-02-12 |
2018-10-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in portalgroups/portalgroups/getfile.cgi in IP3 NetAccess before firmware 4.1.9.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. |
65561 |
CVE-2007-0881 |
|
|
Exec Code File Inclusion |
2007-02-12 |
2017-10-18 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
PHP remote file inclusion vulnerability in the Seitenschutz plugin for OPENi-CMS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the (1) config[oi_dir] and possibly (2) config[openi_dir] parameters to open-admin/plugins/site_protection/index.php. NOTE: vector 2 might be the same as CVE-2006-4750. |
65562 |
CVE-2007-0877 |
|
|
DoS |
2007-02-12 |
2008-11-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in March Networks DVR 3000 and 4000 Digital Video Recorders allows attackers to cause an unspecified denial of service. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
65563 |
CVE-2007-0876 |
|
|
XSS |
2007-02-12 |
2018-10-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Quick Digital Image Gallery (Qdig) 1.2.9.3 and devel-20060624 allows remote attackers to inject arbitrary web script or HTML via the Qwd parameter to the top-level URI. |
65564 |
CVE-2007-0874 |
|
|
XSS Bypass |
2007-02-12 |
2018-10-16 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Allons_voter 1.0 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) admin_ajouter.php or (2) admin_supprimer.php. NOTE: this could be leveraged to conduct cross-site scripting (XSS) attacks. |
65565 |
CVE-2007-0872 |
|
|
Dir. Trav. |
2007-02-12 |
2017-07-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in the Plain Old Webserver (POW) add-on before 0.0.9 for Mozilla Firefox allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. |
65566 |
CVE-2007-0869 |
|
|
XSS |
2007-02-09 |
2008-11-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the Attachment Manager (admincp/attachment.php) in Jelsoft vBulletin 3.6.4 allows remote attackers to inject arbitrary web script or HTML via the Extension field. NOTE: this might be a duplicate of CVE-2007-0830.5. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
65567 |
CVE-2007-0868 |
|
|
DoS |
2007-02-09 |
2008-11-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in the Chat Room functionality in Yahoo! Messenger 8.1.0.239 and earlier allows remote attackers to cause a denial of service via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
65568 |
CVE-2007-0866 |
|
|
Exec Code |
2007-02-08 |
2018-10-16 |
6.8 |
Admin |
Local |
Low |
Single system |
Complete |
Complete |
Complete |
Unspecified vulnerability in HP OpenView Storage Data Protector on HP-UX B.11.00, B.11.11, or B.11.23 allows local users to execute arbitrary code via unknown vectors. |
65569 |
CVE-2007-0862 |
94 |
|
Exec Code File Inclusion |
2007-02-08 |
2018-10-16 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
** DISPUTED ** PHP remote file inclusion vulnerability in index.php in gnopaste 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code via the GNP_REAL_PATH parameter. NOTE: CVE and a third party dispute this issue, since GNP_REAL_PATH is a constant, not a variable. |
65570 |
CVE-2007-0859 |
|
|
+Info |
2007-02-15 |
2018-10-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The Find feature in Palm OS Treo smart phones operates despite the system password lock, which allows attackers with physical access to obtain sensitive information (memory contents) by doing (1) text searches or (2) paste operations after pressing certain keyboard shortcut keys. |
65571 |
CVE-2007-0857 |
|
|
XSS |
2007-02-08 |
2017-07-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin before 1.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the page info, or the page name in a (2) AttachFile, (3) RenamePage, or (4) LocalSiteMap action. |
65572 |
CVE-2007-0855 |
|
|
Exec Code Overflow |
2007-02-08 |
2017-07-28 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR and possibly other products, allows user-assisted remote attackers to execute arbitrary code via a crafted, password-protected archive. |
65573 |
CVE-2007-0852 |
|
|
XSS |
2007-02-08 |
2008-11-15 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote attackers to inject arbitrary web script or HTML via the "Keyword search" form field and unspecified other form fields that populate a public saved query. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
65574 |
CVE-2007-0846 |
|
|
XSS |
2007-02-08 |
2017-10-18 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site scripting (XSS) vulnerability in forum.php in Open Tibia Server CMS (OTSCMS) 2.1.5 and earlier allows remote attackers to inject arbitrary HTML or web script via the name parameter. |
65575 |
CVE-2007-0844 |
|
|
Bypass |
2007-02-08 |
2008-11-15 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when the allow_blank_passphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase. |
65576 |
CVE-2007-0843 |
264 |
|
Bypass |
2007-02-22 |
2018-10-16 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information. |
65577 |
CVE-2007-0842 |
399 |
|
DoS |
2007-02-13 |
2018-10-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The 64-bit versions of Microsoft Visual C++ 8.0 standard library (MSVCR80.DLL) time functions, including (1) localtime, (2) localtime_s, (3) gmtime, (4) gmtime_s, (5) ctime, (6) ctime_s, (7) wctime, (8) wctime_s, and (9) fstat, trigger an assertion error instead of a NULL pointer or EINVAL when processing a time argument later than Jan 1, 3000, which might allow context-dependent attackers to cause a denial of service (application exit) via large time values. NOTE: it could be argued that this is a design limitation of the functions, and the vulnerability lies with any application that does not validate arguments to these functions. However, this behavior is inconsistent with documentation, which does not list assertions as a possible result of an error condition. |
65578 |
CVE-2007-0840 |
|
|
XSS |
2007-02-07 |
2008-11-15 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site scripting (XSS) vulnerability in HLstats before 1.35 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the search class. NOTE: it is possible that this issue overlaps CVE-2006-4543.3 or CVE-2006-4454. |
65579 |
CVE-2007-0838 |
|
|
DoS |
2007-02-07 |
2017-07-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
FreeProxy before 3.92 Build 1626 allows malicious users to cause a denial of service (infinite loop) via a HOST: header with a hostname and port number that refers to the server itself. |
65580 |
CVE-2007-0836 |
|
|
|
2007-02-07 |
2017-07-28 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) "Path to custom header include" and (2) "Path to custom footer include" form fields. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
65581 |
CVE-2007-0835 |
|
|
Exec Code |
2007-02-07 |
2017-07-28 |
6.5 |
User |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters (";" semicolon) in the "Command line options for ImageMagick" form field, when used as an option to ImageMagick's convert command. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
65582 |
CVE-2007-0834 |
|
|
XSS |
2007-02-07 |
2017-07-28 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site scripting (XSS) vulnerability in FlashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via the user name field when the user joins a chat room, a different vulnerability than CVE-2007-0807. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
65583 |
CVE-2007-0833 |
|
|
|
2007-02-07 |
2018-10-16 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
VMware Workstation 5.5.3 34685, when the "Enable copy and paste to and from this virtual machine" option is enabled, preserves clipboard data on the guest operating system after it was deleted on the host operating system, which might allow local users to read clipboard contents by moving the focus back to the host operating system. |
65584 |
CVE-2007-0832 |
|
|
+Info |
2007-02-07 |
2018-10-16 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
VMware Workstation 5.5.3 34685 does not immediately change the availability of a shared clipboard when the "Enable copy and paste to and from this virtual machine" checkbox is changed, which allows local users to obtain sensitive information or conduct certain attacks that are facilitated by weaker isolation between the host and guest operating systems. |
65585 |
CVE-2007-0830 |
79 |
|
XSS |
2007-02-07 |
2018-10-16 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in the Admin Control Panel (AdminCP) in Jelsoft vBulletin 3.6.4 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors related to the (1) User Group Manager, (2) User Rank Manager, (3) User Title Manager, (4) BB Code Manager, (5) Attachment Manager, (6) Calendar Manager, and (7) Forums & Moderators functions. NOTE: the vendor disputes this issue, stating that modifying HTML is an intended privilege of an administrator. NOTE: it is possible that this issue overlaps CVE-2006-6040. |
65586 |
CVE-2007-0829 |
|
|
Bypass |
2007-02-07 |
2017-07-28 |
4.4 |
User |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
avast! Server Edition before 4.7.726 does not demand a password in a certain intended context, even when a password has been set, which allows local users to bypass authentication requirements. |
65587 |
CVE-2007-0827 |
|
|
Exec Code |
2007-02-07 |
2017-10-18 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The Alibaba Alipay PTA Module ActiveX control (PTA.DLL) allows remote attackers to execute arbitrary code via a JavaScript function that invokes the Remove method with an invalid index argument, which is used as an offset for a function call. |
65588 |
CVE-2007-0823 |
|
|
Bypass +Info |
2007-02-07 |
2008-11-15 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
xterm on Slackware Linux 10.2 stores information that had been displayed for a different user account using the same xterm process, which might allow local users to bypass file permissions and read other users' files, or obtain other sensitive information, by reading the xterm process memory. NOTE: it could be argued that this is an expected consequence of multiple users sharing the same interactive process, in which case this is not a vulnerability. |
65589 |
CVE-2007-0822 |
|
|
+Info |
2007-02-07 |
2010-09-15 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
umount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensitive information, including core file contents. |
65590 |
CVE-2007-0821 |
|
|
Dir. Trav. |
2007-02-07 |
2008-11-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Multiple directory traversal vulnerabilities in Cedric CLAIRE PortailPhp 2 allow remote attackers to read arbitrary files via a .. (dot dot) in the chemin parameter to (1) mod_news/index.php or (2) mod_news/goodies.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
65591 |
CVE-2007-0817 |
|
|
XSS |
2007-02-07 |
2018-10-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page. |
65592 |
CVE-2007-0816 |
|
|
DoS |
2007-02-07 |
2017-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The RPC Server service (catirpc.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 SP2 and earlier allows remote attackers to cause a denial of service (service crash) via a crafted TADDR2UADDR that triggers a null pointer dereference in catirpc.dll, possibly related to null credentials or verifier fields. |
65593 |
CVE-2007-0815 |
|
|
XSS |
2007-02-07 |
2018-10-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in images_archive.asp in Uapplication Uphotogallery 1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the s parameter. NOTE: the thumbnails.asp vector is already covered by CVE-2006-3023. |
65594 |
CVE-2007-0814 |
|
|
XSS |
2007-02-07 |
2018-10-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in Adrenalin's ASP Chat allow remote attackers to inject arbitrary web script or HTML (1) via the psuedo (pseudo) field or (2) during chat. |
65595 |
CVE-2007-0813 |
|
|
XSS |
2007-02-07 |
2018-10-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Home production MySearchEngine allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
65596 |
CVE-2007-0811 |
|
|
DoS |
2007-02-07 |
2017-10-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById. |
65597 |
CVE-2007-0807 |
|
|
XSS |
2007-02-07 |
2018-10-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site scripting (XSS) vulnerability in info.php in flashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via a channel title (aka room name) that is not properly handled by the "who's online" feature. |
65598 |
CVE-2007-0805 |
|
|
+Info |
2007-02-07 |
2018-10-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The ps (/usr/ucb/ps) command on HP Tru64 UNIX 5.1 1885 allows local users to obtain sensitive information, including environment variables of arbitrary processes, via the "auxewww" argument, a similar issue to CVE-1999-1587. |
65599 |
CVE-2007-0803 |
|
|
Exec Code Overflow |
2007-02-07 |
2017-07-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple buffer overflows in STLport before 5.0.3 allow remote attackers to execute arbitrary code via unspecified vectors relating to (1) "print floats" and (2) a missing null termination in the "rope constructor." |
65600 |
CVE-2007-0802 |
264 |
|
Bypass |
2007-02-07 |
2018-10-16 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter. |