CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
14301 CVE-2007-3851 399 +Priv 2007-08-13 2017-09-28
6.0
None Local High Single system Complete Complete Complete
The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer.
14302 CVE-2007-3846 22 Dir. Trav. 2007-08-28 2017-07-28
6.0
None Remote Medium Single system Partial Partial Partial
Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create arbitrary files via a ..\ (dot dot backslash) sequence in the filename, as stored in the file repository.
14303 CVE-2007-3806 20 1 DoS Exec Code Mem. Corr. 2007-07-16 2017-09-28
6.8
None Remote Medium Not required Partial Partial Partial
The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure.
14304 CVE-2007-3800 +Priv 2007-07-16 2017-07-28
6.0
Admin Local High Single system Complete Complete Complete
Unspecified vulnerability in the Real-time scanner (RTVScan) component in Symantec AntiVirus Corporate Edition 9.0 through 10.1 and Client Security 2.0 through 3.1, when the Notification Message window is enabled, allows local users to gain privileges via crafted code.
14305 CVE-2007-3798 189 Exec Code Overflow 2007-07-16 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.
14306 CVE-2007-3772 Dir. Trav. 2007-07-15 2017-09-28
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in news/show.php in PsNews 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newspath parameter.
14307 CVE-2007-3759 16 2007-09-27 2017-07-28
6.8
None Remote Medium Not required Partial Partial Partial
Safari in Apple iPhone 1.1.1, when requested to disable Javascript, does not disable it until Safari is restarted, which might leave Safari open to attacks that the user does not expect.
14308 CVE-2007-3747 Exec Code 2007-08-03 2017-07-28
6.8
User Remote Medium Not required Partial Partial Partial
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not restrict object instantiation and manipulation to valid heap addresses, which allows remote attackers to execute arbitrary code via a crafted applet.
14309 CVE-2007-3746 Exec Code 2007-08-03 2017-07-28
6.8
User Remote Medium Not required Partial Partial Partial
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not properly check the bounds of heap read and write operations, which allows remote attackers to execute arbitrary code via a crafted applet.
14310 CVE-2007-3745 Exec Code 2007-08-03 2017-07-28
6.8
User Remote Medium Not required Partial Partial Partial
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 contains an unsafe interface that is exposed by JDirect, which allows remote attackers to free arbitrary memory and thereby execute arbitrary code.
14311 CVE-2007-3743 119 DoS Exec Code Overflow 2007-08-03 2017-07-28
6.8
User Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in bookmark handling in Apple Safari 3 Beta before Update 3.0.3 on Windows allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a bookmark with a long title.
14312 CVE-2007-3717 +Priv 2007-07-12 2018-10-30
6.9
Admin Local Medium Not required Complete Complete Complete
rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call certain helper applications, which allows local users to gain privileges by creating files with certain names, possibly containing shell metacharacters or spaces, a similar issue to CVE-2006-0225.
14313 CVE-2007-3703 1 Exec Code Overflow 2007-07-11 2017-09-28
6.8
User Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in a certain ActiveX control in sasatl.dll 1.5.0.531 in Zenturi Program Checker (ProgramChecker) Pro allows remote attackers to execute arbitrary code via a long argument to the Fill method. NOTE: this is probably a different issue than CVE-2007-2987.
14314 CVE-2007-3691 Exec Code Sql 2007-07-11 2017-07-28
6.8
User Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in changePW.php in AV Tutorial Script (avtutorial) 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) userid parameters, a different issue than CVE-2007-3630.
14315 CVE-2007-3687 89 Exec Code Sql 2007-07-11 2017-09-28
6.5
User Remote Low Single system Partial Partial Partial
SQL injection vulnerability in inferno.php in the Inferno Technologies RPG Inferno 2.4 and earlier, a vBulletin module, allows remote authenticated attackers to execute arbitrary SQL commands via the id parameter in a ScanMember do action.
14316 CVE-2007-3681 Exec Code 2007-07-11 2018-10-15
6.6
Admin Local Medium Single system Complete Complete Complete
The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in WinPcap before 4.0.1 allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters.
14317 CVE-2007-3673 +Priv 2007-07-15 2017-07-28
6.9
Admin Local Medium Not required Complete Complete Complete
Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus Corporate Edition 9 through 10.1 and Client Security 2.0 through 3.1, Norton AntiSpam 2005, and Norton AntiVirus, Internet Security, Personal Firewall, and System Works 2005 and 2006; allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in an IOCTL 0x83022323 request to \\symTDI\, which results in memory overwrite.
14318 CVE-2007-3663 DoS Exec Code 2007-07-10 2012-10-30
6.8
User Remote Medium Not required Partial Partial Partial
Divide-by-zero error in Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted MPA file.
14319 CVE-2007-3662 DoS Exec Code 2007-07-10 2008-11-15
6.8
None Remote Medium Not required Partial Partial Partial
Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted FLV file.
14320 CVE-2007-3656 200 +Info 2007-07-10 2018-10-15
6.8
User Remote Medium Not required Partial Partial Partial
Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 redirect controls, (2) XMLHttpRequest, or (3) view-source URIs.
14321 CVE-2007-3655 119 1 Exec Code Overflow 2007-07-10 2018-10-30
6.8
User Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file.
14322 CVE-2007-3652 89 Exec Code Sql 2008-07-08 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might be the same issue as CVE-2008-0328.
14323 CVE-2007-3649 2007-07-10 2017-09-28
6.8
None Remote Medium Not required Partial Partial Partial
Absolute path traversal vulnerability in a certain ActiveX control in hpqvwocx.dll 2.1.0.556 in Hewlett-Packard (HP) Digital Imaging allows remote attackers to create or overwrite arbitrary files via the second argument to the SaveToFile method.
14324 CVE-2007-3638 119 Exec Code Overflow 2007-07-09 2008-09-05
6.0
User Remote Medium Single system Partial Partial Partial
Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users, who are listed in an address book, to execute arbitrary code via unspecified vectors, aka ZD-00000005. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
14325 CVE-2007-3634 Exec Code 2007-07-09 2008-11-15
6.5
None Remote Low Single system Partial Partial Partial
Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelmail 1.4.10a allows remote authenticated users to execute arbitrary commands via unspecified vectors, possibly related to the passphrase variable in the gpg_sign_attachment function, aka ZD-00000004. this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
14326 CVE-2007-3633 2007-07-09 2017-09-28
6.4
None Remote Low Not required Partial Partial None
Absolute path traversal vulnerability in the Chilkat Software Chilkat Zip ActiveX control in ChilkatZip2.dll 12.4.2.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveLastError method and probably the (2) WriteExe method.
14327 CVE-2007-3632 Exec Code File Inclusion 2007-07-09 2017-09-28
6.8
User Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka PHPSurveyor) 1.49RC2 allow remote attackers to execute arbitrary PHP code via a URL in the homedir parameter to (1) OLE/PPS/File.php, (2) OLE/PPS/Root.php, (3) Spreadsheet/Excel/Writer.php, or (4) OLE/PPS.php in admin/classes/pear/; or (5) Worksheet.php, (6) Parser.php, (7) Workbook.php, (8) Format.php, or (9) BIFFwriter.php in admin/classes/pear/Spreadsheet/Excel/Writer/.
14328 CVE-2007-3630 2007-07-09 2017-09-28
6.4
None Remote Low Not required Partial Partial None
changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter.
14329 CVE-2007-3616 2007-07-06 2008-09-05
6.5
User Remote Low Single system Partial Partial Partial
index.php in vtiger CRM before 5.0.3 allows remote authenticated users to perform administrative changes to arbitrary profile settings via a certain profilePrivileges action in the Users module.
14330 CVE-2007-3603 Exec Code Sql 2007-07-06 2008-11-13
6.5
User Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the dashboard (include/utils/SearchUtils.php) in vtiger CRM before 5.0.3 allows remote authenticated users to execute arbitrary SQL commands via the assigned_user_id parameter in a Potentials ListView action to index.php.
14331 CVE-2007-3592 2007-07-06 2017-07-28
6.5
None Remote Low Single system Partial Partial Partial
PM.php in Elite Bulletin Board before 1.0.10 allows remote authenticated users to delete arbitrary PM messages and conduct other attacks via modified id fields.
14332 CVE-2007-3573 Exec Code Sql 2007-07-05 2018-10-15
6.8
User Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in akocomment allow remote attackers to execute arbitrary SQL commands via the (1) acparentid or (2) acitemid parameter to an unspecified component, different vectors than CVE-2006-1421.
14333 CVE-2007-3557 Exec Code Sql 2007-07-04 2018-10-15
6.8
User Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in admin/login.php in Wheatblog (wB) 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter.
14334 CVE-2007-3551 119 DoS Overflow 2007-07-03 2017-07-28
6.1
None Remote Low Multiple systems None None Complete
Buffer overflow in bbs100 before 3.2 allows remote attackers to cause a denial of service (crash) by attempting to login as the Guest user when another Guest user is already logged in, possibly related to the state_login_prompt function in state_login.c.
14335 CVE-2007-3544 Exec Code 2007-07-03 2013-09-08
6.5
User Remote Low Single system Partial Partial Partial
Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543.
14336 CVE-2007-3543 Exec Code 2007-07-03 2008-11-15
6.0
User Remote Medium Single system Partial Partial Partial
Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php.
14337 CVE-2007-3535 Dir. Trav. 2007-07-03 2017-09-28
6.4
None Remote Low Not required Partial Partial None
Multiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) FORUM_LANGUAGE parameter to functions.php or the (2) style parameter to bottom.php.
14338 CVE-2007-3531 2007-07-25 2017-07-28
6.6
Admin Local Medium Single system Complete Complete Complete
The set_default_speeds function in backend/backend.c in NVidia NVClock before 0.8b2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvclock temporary file.
14339 CVE-2007-3527 DoS Overflow 2007-07-03 2012-10-30
6.8
None Remote Low Single system None None Complete
Integer overflow in Firebird 2.0.0 allows remote authenticated users to cause a denial of service (CPU consumption) via certain database operations with multi-byte character sets that trigger an attempt to use the value 65536 for a 16-bit integer, which is treated as 0 and causes an infinite loop on zero-length data.
14340 CVE-2007-3524 Exec Code File Inclusion 2007-07-03 2017-09-28
6.8
User Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the level parameter to (1) admin/includes/author_panel_header.php or (2) admin/includes/admin_header.php.
14341 CVE-2007-3523 Dir. Trav. 2007-07-03 2017-09-28
6.4
None Remote Low Not required Partial Partial None
Multiple directory traversal vulnerabilities in Module/Galerie.php in XCMS 1.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) Ent or (2) Lang parameter.
14342 CVE-2007-3522 Exec Code File Inclusion 2007-07-03 2017-09-28
6.8
User Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in sPHPell 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the SpellIncPath parameter to (1) spellcheckpageinc.php, (2) spellchecktext.php, (3) spellcheckwindow.php, or (4) spellcheckwindowframeset.php.
14343 CVE-2007-3505 Dir. Trav. 2007-07-02 2017-10-18
6.4
None Remote Low Not required Partial Partial None
Multiple directory traversal vulnerabilities in QuickTalk forum 1.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) sequence in the lang parameter to (1) qtf_checkname.php, (2) qtf_j_birth.php, or (3) qtf_j_exists.php.
14344 CVE-2007-3499 DoS 2007-06-29 2008-11-15
6.4
None Remote Low Not required None Partial Partial
SlackRoll before 8 accepts gpg exit codes other than 0 and 1 as evidence of a valid signature, which allows remote Slackware mirror sites or man-in-the-middle attackers to cause a denial of service (data inconsistency) or possibly install Trojan horse packages via malformed gpg signatures.
14345 CVE-2007-3494 2007-06-29 2018-10-16
6.8
None Remote Low Single system Complete None None
Papoo CMS 3.6, and possibly earlier, does not verify user privileges when accessing the backend administration plugins, which allows remote authenticated users to (1) read the entire database by accessing the database backup plugin via a devtools/templates/newdump_backend.html argument in the template parameter to interna/plugin.php, (2) create plugins, (3) remove plugins, (4) enable debug mode, and have other unspecified impact.
14346 CVE-2007-3492 DoS 2007-06-29 2018-10-16
6.8
None Remote Low Single system None None Complete
Conti FtpServer 1.0 allows remote authenticated users to cause a denial of service (daemon crash) via a certain string containing "//A:" in the argument to the LIST command.
14347 CVE-2007-3487 22 Dir. Trav. 2007-06-29 2018-10-16
6.4
None Remote Low Not required Partial Partial None
Absolute path traversal in a certain ActiveX control in hpqxml.dll 2.0.0.133 in Hewlett-Packard (HP) Photo Digital Imaging allows remote attackers to create or overwrite arbitrary files via the argument to the saveXMLAsFile method.
14348 CVE-2007-3479 Exec Code Overflow 2007-06-28 2018-10-16
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to execute arbitrary code via a long string in the "used DLL" field in a WDP project file.
14349 CVE-2007-3462 Exec Code CSRF 2007-06-27 2018-10-16
6.0
User Remote Medium Single system Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Check Point SofaWare [email protected], with firmware before Embedded NGX 7.0.45 GA, allows remote attackers to execute commands as arbitrary users, and disable firewalling of the protected network.
14350 CVE-2007-3459 2007-06-27 2018-10-16
6.4
None Remote Low Not required None Partial Partial
A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax Vector 1.3 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the WriteMovie method.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.