CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
13051 CVE-2007-1498 Exec Code Overflow 2007-03-16 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ActiveX control (SiteManager.dll) in the ePO management console in McAfee ePolicy Orchestrator (ePO) before 3.6.1 Patch 1 and ProtectionPilot (PRP) before 1.5.0 HotFix allow remote attackers to execute arbitrary code via a long argument to the (1) ExportSiteList and (2) VerifyPackageCatalog functions, and (3) unspecified vectors involving a swprintf function call.
13052 CVE-2007-1486 Exec Code File Inclusion 2007-03-16 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in template.class.php in Carbonize Lazarus Guestbook before 1.7.3 allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to admin.php, probably due to a dynamic variable evaluation vulnerability.
13053 CVE-2007-1485 Exec Code Overflow 2007-03-16 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
** DISPUTED ** Buffer overflow in the set_umask function in QFTP in LIBFtp 3.1-1 allows local users to execute arbitrary code via a long -m argument. NOTE: CVE disputes this issue because QFTP is not setuid, and it is unlikely that there are web interfaces to QFTP that would accept untrusted command line arguments.
13054 CVE-2007-1465 Exec Code Overflow 2007-03-24 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in dproxy.c for dproxy 0.1 through 0.5 allows remote attackers to execute arbitrary code via a long DNS query packet to UDP port 53.
13055 CVE-2007-1457 Exec Code Overflow 2007-03-14 2008-11-13
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the urarlib_get function in Christian Scheurer UniquE RAR File Library (unrarlib, aka URARFileLib) 0.4 allows context-dependent attackers to execute arbitrary code via a long (1) filename, (2) rarfile, or (3) libpassword argument.
13056 CVE-2007-1455 2007-03-14 2018-10-16
9.0
Admin Remote Low Single system Complete Complete Complete
Multiple absolute path traversal vulnerabilities in Fantastico, as used with cPanel 10.x, allow remote authenticated users to include and execute arbitrary local files via (1) the userlanguage parameter to includes/load_language.php or (2) the fantasticopath parameter to includes/mysqlconfig.php and certain other files.
13057 CVE-2007-1447 DoS Exec Code Mem. Corr. 2007-03-16 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
The Tape Engine in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC procedure arguments, which result in memory corruption, a different vulnerability than CVE-2006-6076.
13058 CVE-2007-1439 Exec Code File Inclusion 2007-03-13 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
PHP remote file inclusion vulnerability in ressourcen/dbopen.php in bitesser MySQL Commander 2.7 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the home parameter.
13059 CVE-2007-1437 Exec Code Bypass 2007-03-13 2018-10-16
9.0
Admin Remote Low Single system Complete Complete Complete
Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution.
13060 CVE-2007-1435 DoS Overflow Mem. Corr. 2007-03-13 2008-11-13
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to cause a denial of service (crash) via a long (1) GET or (2) PUT request, which triggers memory corruption. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
13061 CVE-2007-1423 Exec Code File Inclusion 2007-03-12 2017-10-18
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple PHP remote file inclusion vulnerabilities in WORK system e-commerce 3.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the g_include parameter to include/include_top.php and certain other PHP scripts.
13062 CVE-2007-1421 Exec Code File Inclusion 2007-03-12 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple PHP remote file inclusion vulnerabilities in Premod SubDog 2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) functions_kb.php, (2) themen_portal_mitte.php, or (3) logger_engine.php in includes/.
13063 CVE-2007-1416 Exec Code File Inclusion 2007-03-12 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in createurl.php in JCcorp (aka James Coyle) URLshrink allows remote attackers to execute arbitrary PHP code via a URL in the formurl parameter.
13064 CVE-2007-1414 Exec Code File Inclusion 2007-03-12 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter to (c) include/functions.php, (d) include/plugin_api.inc.php, (e) index.php, or (f) pluginmgr.php.
13065 CVE-2007-1408 Overflow 2007-03-10 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Multiple vulnerabilities in (1) bank.php, (2) landfill.php, (3) outposts.php, (4) tribes.php, (5) house.php, (6) tribearmor.php, (7) tribeastral.php, (8) tribeware.php, and (9) includes/head.php in Bartek Jasicki Vallheru before 1.3 beta have unknown impact and remote attack vectors, probably related to large integer values containing more than 15 digits. NOTE: the original vendor report is for integer overflows, but this is probably an incorrect usage of the term.
13066 CVE-2007-1406 2007-03-10 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors.
13067 CVE-2007-1399 Exec Code Overflow 2007-03-10 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback.
13068 CVE-2007-1397 Exec Code Overflow 2007-03-10 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) decrypt_topic_332 functions in FiSH allow remote attackers to execute arbitrary code via long strings.
13069 CVE-2007-1394 Exec Code 2007-03-10 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
Direct static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote attackers to execute arbitrary PHP code via the Chat Name field, which is inserted into online.txt and included by users.php. NOTE: some of these details are obtained from third party information.
13070 CVE-2007-1393 Exec Code File Inclusion 2007-03-10 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in mysave.php in Magic CMS 4.2.747 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
13071 CVE-2007-1391 Exec Code File Inclusion 2007-03-10 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in modules/abook/foldertree.php in Leo West WEBO (aka weborganizer) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter.
13072 CVE-2007-1383 189 Exec Code Overflow 2007-03-09 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes the same variable to be destroyed twice, a related issue to CVE-2007-1286.
13073 CVE-2007-1373 Exec Code Overflow 2007-03-09 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute arbitrary code via a long LOGIN command. NOTE: this might be the same issue as CVE-2006-5961.
13074 CVE-2007-1372 Exec Code File Inclusion 2007-03-09 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in styles/internal/header.php in the PostGuestbook 0.6.1 module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the tpl_pgb_moddir parameter.
13075 CVE-2007-1365 DoS Exec Code Overflow 2007-03-10 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 allows remote attackers to execute arbitrary code via fragmented IPv6 packets due to "incorrect mbuf handling for ICMP6 packets." NOTE: this was originally reported as a denial of service.
13076 CVE-2007-1344 Exec Code Overflow 2007-03-08 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in src/ezstream.c in Ezstream before 0.3.0 allow remote attackers to execute arbitrary code via a crafted XML configuration file processed by the (1) urlParse function, which causes a stack-based overflow and the (2) ReplaceString function, which causes a heap-based overflow. NOTE: some of these details are obtained from third party information.
13077 CVE-2007-1332 Bypass CSRF 2007-03-07 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple cross-site request forgery (CSRF) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java allow remote attackers to perform unspecified restricted actions in the context of certain accounts by bypassing the client-side protection scheme.
13078 CVE-2007-1329 Exec Code Dir. Trav. 2007-03-07 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting functions that filter these strings and collapse into .. (dot dot) sequences.
13079 CVE-2007-1319 Exec Code 2007-03-19 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the IOPCServer::RemoveGroup function in the OPCDA interface in Takebishi Electric DeviceXPlorer OLE for Process Control (OPC) Server before 3.12 Build3 allows remote attackers to execute arbitrary code via unspecified vectors involving access to arbitrary memory. NOTE: this issue affects the (1) HIDIC, (2) MELSEC, (3) FA-M3, (4) MODBUS, and (5) SYSMAC OPC Servers.
13080 CVE-2007-1309 264 Bypass 2007-03-06 2008-11-13
9.0
None Remote Low Single system Complete Complete Complete
Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt.
13081 CVE-2007-1307 2007-03-06 2008-11-15
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors.
13082 CVE-2007-1301 Exec Code Overflow 2007-03-06 2017-10-10
9.0
Admin Remote Low Single system Complete Complete Complete
Stack-based buffer overflow in the IMAP service in MailEnable Enterprise and Professional Editions 2.37 and earlier allows remote authenticated users to execute arbitrary code via a long argument to the APPEND command. NOTE: this is probably different than CVE-2006-6423.
13083 CVE-2007-1288 Exec Code File Inclusion 2007-03-06 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News 1.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) comment.php, (2) themes.php, (3) directory.php, and (4) sendmsg.php in admin/.
13084 CVE-2007-1282 Exec Code Overflow 2007-03-05 2017-10-10
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail message with an extremely long line.
13085 CVE-2007-1257 20 Exec Code 2007-03-03 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM's own IP address.
13086 CVE-2007-1253 94 Exec Code 2007-03-03 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script for Blender 0.1.9h, as used in (b) Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted (1) KML or (2) KMZ file.
13087 CVE-2007-1252 DoS Exec Code Overflow 2007-03-03 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in Symantec Mail Security for SMTP 5.0 before Patch 175 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted headers in an e-mail message. NOTE: some information was obtained from third party sources.
13088 CVE-2007-1251 134 DoS Exec Code 2007-03-03 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Format string vulnerability in the new_warning function in ntserv/warning.c for Netrek Vanilla Server 2.12.0, when EVENTLOG is enabled, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the message handling.
13089 CVE-2007-1225 2007-03-02 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
The connection log file implementation in Grok Developments NetProxy 4.03 does not record requests that omit http:// in a URL, which might allow remote attackers to conduct unauthorized activities and avoid detection.
13090 CVE-2007-1205 Exec Code Mem. Corr. 2007-04-10 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.
13091 CVE-2007-1203 Exec Code Mem. Corr. 2007-05-08 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption.
13092 CVE-2007-1201 94 Exec Code Mem. Corr. 2008-03-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."
13093 CVE-2007-1197 XSS 2007-03-02 2008-11-15
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Epiware before 4.7.5 have unknown impact and attack vectors, possibly related to cross-site scripting (XSS) and other unspecified issues.
13094 CVE-2007-1196 Exec Code 2007-03-02 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Citrix Presentation Server Client for Windows before 10.0 allows remote web sites to execute arbitrary code via unspecified vectors, related to the implementation of ICA connectivity through proxy servers.
13095 CVE-2007-1193 2007-03-02 2008-11-15
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the Login page in OrangeHRM before 20070212 have unknown impact and attack vectors.
13096 CVE-2007-1173 Exec Code Overflow 2007-05-16 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the CentennialIPTransferServer service (XFERWAN.EXE), as used by (1) Centennial Discovery 2006 Feature Pack 1, (2) Numara Asset Manager 8.0, and (3) Symantec Discovery 6.5, allow remote attackers to execute arbitrary code via long strings in a crafted TCP packet.
13097 CVE-2007-1160 287 Bypass 2007-03-02 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782.
13098 CVE-2007-1140 22 Dir. Trav. 2007-03-02 2018-10-16
9.4
None Remote Low Not required Complete Complete None
Directory traversal vulnerability in edit.php in pheap allows remote attackers to read and modify arbitrary files via a .. (dot dot) in the filename parameter.
13099 CVE-2007-1139 94 2007-03-02 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Unrestricted file upload vulnerability in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to upload arbitrary scripts via a filename with a double extension.
13100 CVE-2007-1134 2007-03-02 2009-02-12
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Watchtower (WT) before 0.12 has unknown impact and attack vectors, related to "unauthorized accounts."
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.