CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
12701 CVE-2007-5593 94 Exec Code 2007-10-19 2017-07-28
6.8
None Remote Medium Not required Partial Partial Partial
install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified.
12702 CVE-2007-5592 94 Exec Code File Inclusion 2007-10-19 2017-09-28
6.8
User Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in awzMB 4.2 beta 1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the Setting[OPT_includepath] parameter to (1) adminhelp.php; and (2) admin.incl.php, (3) reg.incl.php, (4) help.incl.php, (5) gbook.incl.php, and (6) core/core.incl.php in modules/.
12703 CVE-2007-5590 119 Exec Code Overflow 2007-10-19 2017-07-28
6.8
None Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in Miranda before 0.7.1 allow remote attackers to execute arbitrary code via unspecified vectors involving (1) IRC options, (2) Jabber forms, and unspecified aspects of the (3) ICQ and (4) Yahoo! instant messaging functionality. NOTE: some of these details are obtained from third party information.
12704 CVE-2007-5587 119 Overflow +Priv 2007-10-19 2018-10-15
6.9
None Local Medium Not required Complete Complete Complete
Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild.
12705 CVE-2007-5576 200 +Info 2007-10-18 2018-10-30
6.8
Admin Local Low Single system Complete Complete Complete
BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands.
12706 CVE-2007-5574 94 Exec Code File Inclusion 2007-10-18 2017-09-28
6.8
User Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in djpage.php in PHPDJ 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
12707 CVE-2007-5573 94 Exec Code File Inclusion 2007-10-18 2017-09-28
6.8
User Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in classes/core/language.php in LimeSurvey 1.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter.
12708 CVE-2007-5571 264 Bypass 2007-10-18 2017-07-28
6.8
None Remote Medium Not required Partial Partial Partial
Cisco Firewall Services Module (FWSM) 3.1(6), and 3.2(2) and earlier, does not properly enforce edited ACLs, which might allow remote attackers to bypass intended restrictions on network traffic, aka CSCsj52536.
12709 CVE-2007-5555 200 +Info 2007-10-18 2008-09-05
6.9
Admin Local Medium Not required Complete Complete Complete
Unspecified vulnerability in Symantec Altiris Deployment Solution allows attackers to obtain authentication credentials via unknown vectors, aka "Authentication Credentials Information Leakage in Altiris Deployment Solution." NOTE: this description is based on a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
12710 CVE-2007-5548 119 Overflow +Priv 2007-10-18 2008-11-15
6.9
Admin Local Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in Command EXEC in Cisco IOS allow local users to gain privileges via unspecified vectors, aka (1) PSIRT-0474975756 and (2) PSIRT-0388256465. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
12711 CVE-2007-5544 264 +Info 2007-10-29 2008-09-05
6.2
None Local High Not required Complete Complete Complete
IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus Script or other character sequences into a session.
12712 CVE-2007-5533 2007-10-17 2012-10-22
6.5
None Remote Low Single system Partial Partial Partial
Unspecified vulnerability in the People Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.47.14, 8.48.13, 8.49.05 has unknown impact and remote attack vectors, aka PSE02.
12713 CVE-2007-5515 2007-10-17 2012-10-22
6.5
None Remote Low Single system Partial Partial Partial
Unspecified vulnerability in the Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.2, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB27.
12714 CVE-2007-5514 2007-10-17 2012-10-22
6.5
None Remote Low Single system Partial Partial Partial
Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and attack vectors related to (1) Database Vault component (DB24) and (2) SQL Execution component (DB26).
12715 CVE-2007-5511 89 Exec Code Sql 2007-10-17 2018-10-15
6.5
User Remote Low Single system Partial Partial Partial
SQL injection vulnerability in Workspace Manager for Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 allows attackers to execute arbitrary SQL commands via the FINDRICSET procedure in the LT package. NOTE: this is probably covered by CVE-2007-5510, but there are insufficient details to be certain.
12716 CVE-2007-5510 2007-10-17 2012-10-22
6.5
None Remote Low Single system Partial Partial Partial
Multiple unspecified vulnerabilities in the Workspace Manager component in Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 have unknown impact and remote attack vectors, aka (1) DB08, (2) DB09, (3) DB10, (4) DB11, (5) DB12, (6) DB13, (7) DB14, (8) DB15, (9) DB16, (10) DB17, and (11) DB18. NOTE: one of these issues is probably CVE-2007-5511, but there are insufficient details to be certain.
12717 CVE-2007-5509 2007-10-17 2013-08-09
6.5
None Remote Low Single system Partial Partial Partial
Unspecified vulnerability in the Spatial component in Oracle Database 9.2.0.8 and 9.2.0.8DV has unknown impact and remote attack vectors, aka DB06.
12718 CVE-2007-5508 89 Exec Code Sql 2007-10-17 2018-10-15
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text component (CTX_DOC) in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) THEMES, (2) GIST, (3) TOKENS, (4) FILTER, (5) HIGHLIGHT, and (6) MARKUP procedures, aka DB03. NOTE: remote unauthenticated attack vectors exist when CTXSYS is used with oracle Application Server.
12719 CVE-2007-5507 20 DoS 2007-10-17 2018-10-15
6.4
None Remote Low Not required Partial None Partial
The GIOP service in TNS Listener in the Oracle Net Services component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (crash) or read potentially sensitive memory via a connect GIOP packet with an invalid data size, which triggers a buffer over-read, aka DB22.
12720 CVE-2007-5504 Overflow 2007-10-17 2018-10-15
6.5
None Remote Low Single system Partial Partial Partial
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+ and 10.1.0.5 unknown impact and remote attack vectors, related to (1) Import (DB01) and (2) Advanced Queuing (DB25). NOTE: as of 20071108, Oracle has not disputed reliable researcher claims that DB25 is for a buffer overflow in the DBLINK_INFO procedure in the DBMS_AQADM_SYS package.
12721 CVE-2007-5503 189 Exec Code Overflow 2007-11-29 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the read_png function.
12722 CVE-2007-5502 310 Bypass 2007-12-01 2017-07-28
6.4
None Remote Low Not required Partial Partial None
The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness.
12723 CVE-2007-5486 264 2007-10-16 2017-07-28
6.4
None Remote Low Not required Partial Partial None
dotProject before 2.1 does not properly check privileges when invoking the Companies module, which allows remote attackers to access this module via a crafted URL. NOTE: some of these details are obtained from third party information.
12724 CVE-2007-5482 DoS 2007-10-16 2017-07-28
6.4
None Remote Low Not required Partial None Partial
Unspecified vulnerability in the FTP service in Sun StorEdge/StorageTek 3510 FC Array with firmware before 4.21 allows remote attackers, with access to the Ethernet management interface, to cause a denial of service (I/O request timeout and device hang) via unspecified vectors.
12725 CVE-2007-5475 119 DoS Exec Code Overflow 2009-11-12 2018-10-15
6.8
None Remote Low Single system None None Complete
Multiple buffer overflows in the Marvell wireless driver, as used in Linksys WAP4400N Wi-Fi access point with firmware 1.2.17 on the Marvell 88W8361P-BEM1 chipset, and other products, allow remote 802.11-authenticated users to cause a denial of service (wireless access point crash) and possibly execute arbitrary code via an association request with long (1) rates, (2) extended rates, and unspecified other information elements.
12726 CVE-2007-5474 20 DoS Exec Code 2008-09-05 2018-10-15
6.3
None Remote Medium Single system None None Complete
The driver for the Linksys WRT350N Wi-Fi access point with firmware 2.00.17 on the Atheros AR5416-AC1E chipset does not properly parse the Atheros vendor-specific information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via an Atheros information element with an invalid length, as demonstrated by an element that is too long.
12727 CVE-2007-5464 119 DoS Exec Code Overflow 2007-10-15 2018-10-15
6.5
None Remote Low Single system Partial Partial Partial
Stack-based buffer overflow in Live for Speed 0.5X10 and earlier allows remote authenticated users to cause a denial of service (client crash) and possibly execute arbitrary code via a long skin name.
12728 CVE-2007-5458 89 Exec Code Sql 2007-10-14 2017-09-28
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in index.php in the newsletter module 1.0 for KwsPHP, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsletter parameter.
12729 CVE-2007-5457 94 Exec Code File Inclusion 2007-10-14 2018-10-15
6.8
User Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Michael Dempfle Joomla Flash Uploader (com_jfu or com_joomla_flash_uploader) 2.5.1 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) install.joomla_flash_uploader.php and (2) uninstall.joomla_flash_uploader.php.
12730 CVE-2007-5451 94 Exec Code File Inclusion 2007-10-14 2017-09-28
6.8
User Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin.color.php in the com_colorlab (aka com_color) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
12731 CVE-2007-5446 22 Dir. Trav. 2007-10-14 2017-09-28
6.4
None Remote Low Not required None Partial Partial
Absolute path traversal vulnerability in a certain ActiveX control in PBEmail7Ax.dll in PBEmail 7 ActiveX Edition allows remote attackers to create or overwrite arbitrary files via a full pathname in the XmlFilePath argument to the SaveSenderToXml method.
12732 CVE-2007-5445 119 Exec Code Overflow 2007-10-14 2018-10-15
6.8
User Remote Medium Not required Partial Partial Partial
Buffer overflow in the DB Software Laboratory VImpX (VImpAX1) ActiveX control in VImpX.ocx 4.7.3.0 allows remote attackers to execute arbitrary code via a long RejectedRecordsFile parameter, a different vector than CVE-2007-2667.
12733 CVE-2007-5441 264 2007-10-14 2018-10-15
6.5
None Remote Low Single system Partial Partial Partial
CMS Made Simple 1.1.3.1 does not check the permissions assigned to users in some situations, which allows remote authenticated users to perform some administrative actions, as demonstrated by (1) adding a user via a direct request to admin/adduser.php and (2) reading the admin log via an "admin/adminlog.php?page=1" request.
12734 CVE-2007-5425 94 Exec Code Sql 2007-10-12 2018-10-15
6.4
None Remote Low Not required None Partial Partial
SQL injection vulnerability in admin/index.php in Interspire ActiveKB 1.5 allows remote attackers to execute arbitrary SQL commands via the questId parameter in a hideQuestion ToDo action. NOTE: the catId vector is already covered by CVE-2007-5131.
12735 CVE-2007-5416 189 Exec Code 2007-10-12 2018-10-15
6.8
User Remote Medium Not required Partial Partial Partial
Drupal 5.2 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by invoking the drupal_eval function through a callback parameter to the default URI, as demonstrated by the _menu[callbacks][1][callback] parameter. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Drupal.
12736 CVE-2007-5412 94 Exec Code File Inclusion 2007-10-12 2017-09-28
6.8
User Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in the Quoc-Huy MP3 Allopass (com_mp3_allopass) 1.0 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter to (1) allopass.php and (2) allopass-error.php.
12737 CVE-2007-5410 94 Exec Code File Inclusion 2007-10-12 2018-10-15
6.8
User Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin.wmtrssreader.php in the webmaster-tips.net Flash RSS Reader (com_wmtrssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
12738 CVE-2007-5409 94 Exec Code File Inclusion 2007-10-12 2017-09-28
6.8
User Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin/nuseo_admin_d.php in NuSEO PHP Enterprise 1.6 (NuSEO.PHP), when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the nuseo_dir parameter.
12739 CVE-2007-5408 89 Exec Code Sql 2007-10-12 2017-09-28
6.8
User Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in category.php in cpDynaLinks 1.02 allows remote attackers to execute arbitrary SQL commands via the category parameter.
12740 CVE-2007-5407 94 Exec Code File Inclusion 2007-10-12 2017-09-28
6.8
User Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in the JContentSubscription (com_jcs) 1.5.8 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) jcs.function.php; (2) add.php, (3) history.php, and (4) register.php, in view/; and (5) list.sub.html.php, (6) list.user.sub.html.php, and (7) reports.html.php in views/.
12741 CVE-2007-5402 89 Exec Code Sql 2008-01-09 2017-07-28
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in Layton HelpBox 3.7.1 allow (1) remote attackers to execute arbitrary SQL commands via the sys_request_id parameter to editrequestenduser.asp; and allow remote authenticated users to execute arbitrary SQL commands via (2) the oldpassword parameter to writepwdenduser.asp, and the sys_request_id parameter to (3) changerequeststatus.asp, (4) editrequestuser.asp, (5) requestcommentsuser.asp, and (6) useractions.asp, different vectors than CVE-2004-2551.
12742 CVE-2007-5401 264 2008-01-09 2017-07-28
6.5
None Remote Low Single system Partial Partial Partial
Unrestricted file upload vulnerability in uploadrequest.asp in Layton HelpBox 3.7.1 allows remote authenticated users to upload and execute arbitrary ASP files, related to not properly checking file extensions.
12743 CVE-2007-5396 134 Exec Code 2007-11-09 2017-07-28
6.8
User Remote Medium Not required Partial Partial Partial
Format string vulnerability in the ext_yahoo_contact_added function in yahoo.c in Miranda IM 0.7.1 allows remote attackers to execute arbitrary code via a Y7 Buddy Authorization packet with format string specifiers in the contact Yahoo! handle (who).
12744 CVE-2007-5390 94 Exec Code File Inclusion 2007-10-12 2017-09-28
6.8
User Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in PicoFlat CMS 0.4.14 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pagina parameter.
12745 CVE-2007-5389 94 Exec Code File Inclusion 2007-10-12 2018-10-15
6.8
User Remote Medium Not required Partial Partial Partial
** DISPUTED ** PHP remote file inclusion vulnerability in preview.php in the swMenuFree (com_swmenufree) 4.6 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: a reliable third party disputes this issue because preview.php tests a certain constant to prevent direct requests.
12746 CVE-2007-5388 94 Exec Code File Inclusion 2007-10-12 2017-09-28
6.8
User Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in WebDesktop 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) app parameter to apps/apps.php and the (2) wsk parameter to wsk/wsk.php.
12747 CVE-2007-5387 94 Exec Code File Inclusion 2007-10-12 2017-09-28
6.8
User Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in active/components/xmlrpc/client.php in Pindorama 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the c[components] parameter.
12748 CVE-2007-5380 2007-10-19 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."
12749 CVE-2007-5377 59 2007-10-11 2008-11-15
6.9
None Local Medium Not required Complete Complete Complete
The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file functions in Tramp 2.1.10 extension for Emacs, and possibly earlier 2.1.x versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
12750 CVE-2007-5374 287 2007-10-11 2017-09-28
6.5
User Remote Low Single system Partial Partial Partial
cp_memberedit.php in LightBlog 8.4.1.1 does not check for administrative credentials when processing an admin action, which allows remote authenticated users to increase the privileges of any account.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.