CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2007(Gain Privilege)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2007-3880 134 +Priv 2007-11-13 2018-10-30
7.2
Admin Local Low Not required Complete Complete Complete
Format string vulnerability in srsexec in Sun Remote Services (SRS) Net Connect 3.2.3 and 3.2.4, as distributed in the SRS Proxy Core (SUNWsrspx) package, allows local users to gain privileges via format string specifiers in unspecified input that is logged through syslog.
102 CVE-2007-3851 399 +Priv 2007-08-13 2017-09-28
6.0
None Local High Single system Complete Complete Complete
The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer.
103 CVE-2007-3818 +Priv XSS 2007-07-16 2012-10-30
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the LoginToboggan module 5.x-1.x-dev before 20070712 for Drupal allows remote authenticated users with "administer blocks" permission to inject arbitrary JavaScript and gain privileges via "the message displayed above the default user login block."
104 CVE-2007-3800 +Priv 2007-07-16 2017-07-28
6.0
Admin Local High Single system Complete Complete Complete
Unspecified vulnerability in the Real-time scanner (RTVScan) component in Symantec AntiVirus Corporate Edition 9.0 through 10.1 and Client Security 2.0 through 3.1, when the Notification Message window is enabled, allows local users to gain privileges via crafted code.
105 CVE-2007-3787 +Priv CSRF 2007-07-15 2018-10-15
7.5
User Remote Low Not required Partial Partial Partial
The eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password, which might allow remote attackers to gain privileges by conducting a CSRF attack, making a password change from an unattended workstation, or other attacks.
106 CVE-2007-3782 264 +Priv 2007-07-15 2018-10-15
3.5
None Remote Medium Single system None Partial None
MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.
107 CVE-2007-3777 +Priv 2007-07-15 2018-10-15
7.2
Admin Local Low Not required Complete Complete Complete
avg7core.sys 7.5.0.444 in Grisoft AVG Anti-Virus 7.5.448 and Free Edition 7.5.446, provides an internal function that copies data to an arbitrary address, which allows local users to gain privileges via arbitrary address arguments to a function provided by the 0x5348E004 IOCTL for the generic DeviceIoControl handler.
108 CVE-2007-3751 Exec Code +Priv 2007-11-07 2018-10-26
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in QuickTime for Java in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via untrusted Java applets that gain privileges via unspecified vectors.
109 CVE-2007-3740 264 +Priv 2007-09-13 2017-09-28
4.4
None Local Medium Not required Partial Partial Partial
The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges.
110 CVE-2007-3717 +Priv 2007-07-12 2018-10-30
6.9
Admin Local Medium Not required Complete Complete Complete
rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call certain helper applications, which allows local users to gain privileges by creating files with certain names, possibly containing shell metacharacters or spaces, a similar issue to CVE-2006-0225.
111 CVE-2007-3700 +Priv 2007-07-11 2017-07-28
1.7
None Local Low Single system Partial None None
Sun Java System Access Manager (formerly Java System Identity Server) before 20070710, when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.properties, logs cleartext login passwords, which allows local users to gain privileges by reading /var/opt/SUNWam/debug/amAuth.
112 CVE-2007-3673 +Priv 2007-07-15 2017-07-28
6.9
Admin Local Medium Not required Complete Complete Complete
Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus Corporate Edition 9 through 10.1 and Client Security 2.0 through 3.1, Norton AntiSpam 2005, and Norton AntiVirus, Internet Security, Personal Firewall, and System Works 2005 and 2006; allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in an IOCTL 0x83022323 request to \\symTDI\, which results in memory overwrite.
113 CVE-2007-3587 Exec Code +Priv 2007-07-05 2018-10-15
7.5
User Remote Low Not required Partial Partial Partial
MyCMS 0.9.8 and earlier allows remote attackers to gain privileges via the admin cookie parameter, as demonstrated by a post to admin/settings.php that injects PHP code into settings.inc, which can then be executed via a direct request to index.php.
114 CVE-2007-3530 1 +Priv 2007-07-03 2018-10-15
7.2
Admin Local Low Not required Complete Complete Complete
PHPDirector 0.21 and earlier stores the admin account name and password in config.php, which allows local users to gain privileges by reading this file.
115 CVE-2007-3500 264 +Priv 2007-06-29 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Xeweb XEForum allows remote attackers to gain privileges via a modified xeforum cookie.
116 CVE-2007-3464 +Priv CSRF 2007-06-27 2018-10-16
8.5
Admin Remote Medium Single system Complete Complete Complete
Check Point SofaWare [email protected], with firmware before Embedded NGX 7.0.45 GA, does not require entry of the old password when changing the admin password, which might allow attackers to gain privileges by conducting a CSRF attack, making a password change on an unattended workstation, or other vectors.
117 CVE-2007-3260 +Priv 2007-06-19 2017-07-28
9.0
Admin Remote Low Single system Complete Complete Complete
HP System Management Homepage (SMH) before 2.1.9 for Linux, when used with Novell eDirectory, assigns the eDirectory members to the root group, which allows remote authenticated eDirectory users to gain privileges.
118 CVE-2007-3149 +Priv 2007-06-11 2018-10-16
7.2
Admin Local Low Not required Complete Complete Complete
sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings. NOTE: another researcher disputes this vulnerability, stating that the attacker must be "a user, who can already log into your system, and can already use sudo."
119 CVE-2007-3124 Overflow +Priv 2007-06-07 2017-07-28
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in backup/src/vmsbackup.c (aka the backup utility) in FreeVMS before 0.3.6 might allow local users to gain privileges via a long string in response to an "extract [ny]" prompt.
120 CVE-2007-3105 119 DoS Overflow +Priv 2007-07-27 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size, which triggers writing random numbers to the stack by the pool transfer function involving "bound check ordering". NOTE: this issue might only cross privilege boundaries in environments that have granular assignment of privileges for root.
121 CVE-2007-3036 264 +Priv 2007-09-11 2018-10-12
6.9
Admin Local Medium Not required Complete Complete Complete
Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."
122 CVE-2007-2996 +Priv 2007-06-04 2012-10-30
6.6
Admin Local Medium Single system Complete Complete Complete
Unspecified vulnerability in perl.rte 5.8.0.10 through 5.8.0.95 on IBM AIX 5.2, and 5.8.2.10 through 5.8.2.50 on AIX 5.3, allows local users to gain privileges via unspecified vectors related to the installation and "waiting for a legitimate user to execute a binary that ships with Perl."
123 CVE-2007-2975 264 Exec Code +Priv 2007-05-31 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
The admin console in Ignite Realtime Openfire 3.3.0 and earlier (formerly Wildfire) does not properly specify a filter mapping in web.xml, which allows remote attackers to gain privileges and execute arbitrary code by accessing functionality that is exposed through DWR, as demonstrated using the downloader.
124 CVE-2007-2965 +Priv 2007-05-31 2017-07-28
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in the Real-time Scanning component in multiple F-Secure products, including Internet Security 2005, 2006 and 2007; Anti-Virus 2005, 2006 and 2007; and Solutions based on F-Secure Protection Service for Consumers 6.40 and earlier allows local users to gain privileges via a crafted I/O request packet (IRP), related to IOCTL (Input/Output Control) and "access validation of the address space."
125 CVE-2007-2950 +Priv 2007-07-23 2017-07-28
7.2
None Local Low Not required Complete Complete Complete
Centennial Discovery 2006 Feature Pack 1, which is used by (1) Numara Asset Manager 8.0 and (2) Symantec Discovery 6.5, uses insecure permissions on certain directories, which allows local users to gain privileges.
126 CVE-2007-2893 119 Overflow +Priv 2007-05-29 2017-07-28
7.2
Admin Local Low Not required Complete Complete Complete
Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka "RX Frame heap overflow."
127 CVE-2007-2877 Overflow +Priv 2007-05-29 2017-07-28
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in tcl/win/tclWinReg.c in Tcl (Tcl/Tk) before 8.5a6 allows local users to gain privileges via long registry key paths.
128 CVE-2007-2860 +Priv 2007-05-24 2018-10-16
6.5
User Remote Low Single system Partial Partial Partial
user.php in BoastMachine 3.0 platinum allows remote authenticated users to gain privileges via a modified id parameter, as demonstrated by an edit_post action.
129 CVE-2007-2835 Overflow +Priv 2007-07-02 2017-07-28
6.8
Admin Local Low Single system Complete Complete Complete
Multiple stack-based buffer overflows in (1) CCE_pinyin.c and (2) xl_pinyin.c in ImmModules/cce/ in unicon-imc2 3.0.4, as used by zhcon and other applications, allow local users to gain privileges via a long HOME environment variable.
130 CVE-2007-2760 +Priv 2007-05-18 2017-07-28
9.0
Admin Remote Low Single system Complete Complete Complete
The canUpdate function in model/MRole.java in Adempiere before 3.1.6 does not properly validate user roles, which allows remote authenticated read-only users to gain read-write privileges. NOTE: some of these details are obtained from third party information.
131 CVE-2007-2730 +Priv Bypass 2007-05-16 2018-10-16
7.2
Admin Local Low Not required Complete Complete Complete
Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.
132 CVE-2007-2729 +Priv Bypass 2007-05-16 2018-10-16
7.2
Admin Local Low Not required Complete Complete Complete
Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.
133 CVE-2007-2692 +Priv 2007-05-15 2018-10-16
6.0
User Remote Medium Single system Partial Partial Partial
The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.
134 CVE-2007-2553 +Priv 2007-05-09 2018-10-16
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in dop in HP Tru64 UNIX 5.1B-4, 5.1B-3, and 5.1A PK6 allows local users to gain privileges via a large amount of data in the environment, as demonstrated by a long environment variable.
135 CVE-2007-2529 DoS +Priv 2007-05-08 2018-10-30
7.2
Admin Local Low Not required Complete Complete Complete
Integer signedness error in the acl (facl) system call in Solaris 10 before 20070507 allows local users to cause a denial of service (kernel panic) and possibly gain privileges via a certain argument, related to ACE_SETACL.
136 CVE-2007-2523 Overflow +Priv 2007-05-11 2018-10-16
7.2
Admin Local Low Not required Complete Complete Complete
CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0.
137 CVE-2007-2462 +Priv Bypass 2007-05-02 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, when using Layer 2 Tunneling Protocol (L2TP) or Remote Management Access, allows remote attackers to bypass LDAP authentication and gain privileges via unknown vectors.
138 CVE-2007-2444 +Priv 2007-05-14 2018-10-16
7.2
Admin Local Low Not required Complete Complete Complete
Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user.
139 CVE-2007-2359 Overflow +Priv 2007-04-30 2017-07-28
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in Ghost Service Manager, as used in Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, allows local users to gain privileges via a long string.
140 CVE-2007-2251 +Priv 2007-04-25 2017-07-28
7.5
User Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the Roles module in Xaraya 1.1.2 and earlier allows attackers to gain privileges via unspecified vectors, probably related to incorrect permission checking in xartemplates/user-view.xd.
141 CVE-2007-2249 +Priv 2007-04-25 2018-10-16
6.5
User Remote Low Single system Partial Partial Partial
include/controlcenter/users.php in Phorum before 5.1.22 allows remote authenticated moderators to gain privileges via a modified (1) user_ids POST parameter or (2) userdata array.
142 CVE-2007-2149 +Priv 2007-04-19 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier stores usernames and unencrypted passwords in (1) classes/vars.php and (2) classes/varstuff.php, and recommends 0666 or 0777 permissions for these files, which allows local users to gain privileges by reading the files, and allows remote attackers to obtain credentials via a direct request for admin/options.php.
143 CVE-2007-2138 264 +Priv 2007-04-24 2018-10-19
6.0
User Remote Medium Single system Partial Partial Partial
Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."
144 CVE-2007-2108 264 +Priv 2007-04-18 2018-10-16
6.8
User Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote attackers to have an unknown impact, aka DB01. NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue occurs because the NTLM SSPI AcceptSecurityContext function grants privileges based on the username provided even though all users are authenticated as Guest, which allows remote attackers to gain privileges.
145 CVE-2007-2075 +Priv 2007-04-17 2017-07-28
6.9
Admin Local Medium Not required Complete Complete Complete
ScramDisk 4 Linux before 1.0-1 does not perform permission checks on mount points, which allows local users to gain privileges by using a system directory as a mount point for a container.
146 CVE-2007-2074 +Priv 2007-04-17 2017-07-28
4.6
None Local Low Not required Partial Partial Partial
Certain programs in containers in ScramDisk 4 Linux before 1.0-1 execute with SUID permissions, which allows local users to gain privileges via mounted containers.
147 CVE-2007-2034 +Priv 2007-04-16 2017-07-28
9.0
Admin Remote Low Single system Complete Complete Complete
Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.87.0 allows remote authenticated users to gain the privileges of the SuperUsers group, and manage the application and its networks, related to the group membership of user accounts, aka Bug ID CSCsg05190.
148 CVE-2007-1973 +Priv 2007-04-11 2018-10-16
6.9
Admin Local Medium Not required Complete Complete Complete
Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 allows local users to modify memory and gain privileges via the temporary \Device\PhysicalMemory section handle, a related issue to CVE-2007-1206.
149 CVE-2007-1881 +Priv 2007-04-05 2008-09-05
6.8
Admin Local Low Single system Complete Complete Complete
Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows local users to gain Ring-0 privileges via unspecified vectors.
150 CVE-2007-1741 362 Exec Code +Priv 2007-04-13 2017-07-28
6.2
Admin Local High Not required Complete Complete Complete
Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
Total number of vulnerabilities : 242   Page : 1 2 3 (This Page)4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.