CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
15001 CVE-2007-3851 399 +Priv 2007-08-13 2017-09-28
6.0
None Local High Single system Complete Complete Complete
The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer.
15002 CVE-2007-3846 22 Dir. Trav. 2007-08-28 2017-07-28
6.0
None Remote Medium Single system Partial Partial Partial
Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create arbitrary files via a ..\ (dot dot backslash) sequence in the filename, as stored in the file repository.
15003 CVE-2007-3806 20 1 DoS Exec Code Mem. Corr. 2007-07-16 2017-09-28
6.8
None Remote Medium Not required Partial Partial Partial
The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure.
15004 CVE-2007-3800 +Priv 2007-07-16 2017-07-28
6.0
Admin Local High Single system Complete Complete Complete
Unspecified vulnerability in the Real-time scanner (RTVScan) component in Symantec AntiVirus Corporate Edition 9.0 through 10.1 and Client Security 2.0 through 3.1, when the Notification Message window is enabled, allows local users to gain privileges via crafted code.
15005 CVE-2007-3798 189 Exec Code Overflow 2007-07-16 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.
15006 CVE-2007-3772 Dir. Trav. 2007-07-15 2017-09-28
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in news/show.php in PsNews 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newspath parameter.
15007 CVE-2007-3759 16 2007-09-27 2017-07-28
6.8
None Remote Medium Not required Partial Partial Partial
Safari in Apple iPhone 1.1.1, when requested to disable Javascript, does not disable it until Safari is restarted, which might leave Safari open to attacks that the user does not expect.
15008 CVE-2007-3747 Exec Code 2007-08-03 2017-07-28
6.8
User Remote Medium Not required Partial Partial Partial
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not restrict object instantiation and manipulation to valid heap addresses, which allows remote attackers to execute arbitrary code via a crafted applet.
15009 CVE-2007-3746 Exec Code 2007-08-03 2017-07-28
6.8
User Remote Medium Not required Partial Partial Partial
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not properly check the bounds of heap read and write operations, which allows remote attackers to execute arbitrary code via a crafted applet.
15010 CVE-2007-3745 Exec Code 2007-08-03 2017-07-28
6.8
User Remote Medium Not required Partial Partial Partial
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 contains an unsafe interface that is exposed by JDirect, which allows remote attackers to free arbitrary memory and thereby execute arbitrary code.
15011 CVE-2007-3743 119 DoS Exec Code Overflow 2007-08-03 2017-07-28
6.8
User Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in bookmark handling in Apple Safari 3 Beta before Update 3.0.3 on Windows allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a bookmark with a long title.
15012 CVE-2007-3717 +Priv 2007-07-12 2018-10-30
6.9
Admin Local Medium Not required Complete Complete Complete
rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call certain helper applications, which allows local users to gain privileges by creating files with certain names, possibly containing shell metacharacters or spaces, a similar issue to CVE-2006-0225.
15013 CVE-2007-3703 1 Exec Code Overflow 2007-07-11 2017-09-28
6.8
User Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in a certain ActiveX control in sasatl.dll 1.5.0.531 in Zenturi Program Checker (ProgramChecker) Pro allows remote attackers to execute arbitrary code via a long argument to the Fill method. NOTE: this is probably a different issue than CVE-2007-2987.
15014 CVE-2007-3691 Exec Code Sql 2007-07-11 2017-07-28
6.8
User Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in changePW.php in AV Tutorial Script (avtutorial) 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) userid parameters, a different issue than CVE-2007-3630.
15015 CVE-2007-3687 89 Exec Code Sql 2007-07-11 2017-09-28
6.5
User Remote Low Single system Partial Partial Partial
SQL injection vulnerability in inferno.php in the Inferno Technologies RPG Inferno 2.4 and earlier, a vBulletin module, allows remote authenticated attackers to execute arbitrary SQL commands via the id parameter in a ScanMember do action.
15016 CVE-2007-3681 Exec Code 2007-07-11 2018-10-15
6.6
Admin Local Medium Single system Complete Complete Complete
The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in WinPcap before 4.0.1 allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters.
15017 CVE-2007-3673 +Priv 2007-07-15 2017-07-28
6.9
Admin Local Medium Not required Complete Complete Complete
Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus Corporate Edition 9 through 10.1 and Client Security 2.0 through 3.1, Norton AntiSpam 2005, and Norton AntiVirus, Internet Security, Personal Firewall, and System Works 2005 and 2006; allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in an IOCTL 0x83022323 request to \\symTDI\, which results in memory overwrite.
15018 CVE-2007-3663 DoS Exec Code 2007-07-10 2012-10-30
6.8
User Remote Medium Not required Partial Partial Partial
Divide-by-zero error in Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted MPA file.
15019 CVE-2007-3662 DoS Exec Code 2007-07-10 2008-11-15
6.8
None Remote Medium Not required Partial Partial Partial
Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted FLV file.
15020 CVE-2007-3656 200 +Info 2007-07-10 2018-10-15
6.8
User Remote Medium Not required Partial Partial Partial
Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 redirect controls, (2) XMLHttpRequest, or (3) view-source URIs.
15021 CVE-2007-3655 119 1 Exec Code Overflow 2007-07-10 2018-10-30
6.8
User Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file.
15022 CVE-2007-3652 89 Exec Code Sql 2008-07-08 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might be the same issue as CVE-2008-0328.
15023 CVE-2007-3649 2007-07-10 2017-09-28
6.8
None Remote Medium Not required Partial Partial Partial
Absolute path traversal vulnerability in a certain ActiveX control in hpqvwocx.dll 2.1.0.556 in Hewlett-Packard (HP) Digital Imaging allows remote attackers to create or overwrite arbitrary files via the second argument to the SaveToFile method.
15024 CVE-2007-3638 119 Exec Code Overflow 2007-07-09 2008-09-05
6.0
User Remote Medium Single system Partial Partial Partial
Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users, who are listed in an address book, to execute arbitrary code via unspecified vectors, aka ZD-00000005. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
15025 CVE-2007-3634 Exec Code 2007-07-09 2008-11-15
6.5
None Remote Low Single system Partial Partial Partial
Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelmail 1.4.10a allows remote authenticated users to execute arbitrary commands via unspecified vectors, possibly related to the passphrase variable in the gpg_sign_attachment function, aka ZD-00000004. this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
15026 CVE-2007-3633 2007-07-09 2017-09-28
6.4
None Remote Low Not required Partial Partial None
Absolute path traversal vulnerability in the Chilkat Software Chilkat Zip ActiveX control in ChilkatZip2.dll 12.4.2.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveLastError method and probably the (2) WriteExe method.
15027 CVE-2007-3632 Exec Code File Inclusion 2007-07-09 2017-09-28
6.8
User Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka PHPSurveyor) 1.49RC2 allow remote attackers to execute arbitrary PHP code via a URL in the homedir parameter to (1) OLE/PPS/File.php, (2) OLE/PPS/Root.php, (3) Spreadsheet/Excel/Writer.php, or (4) OLE/PPS.php in admin/classes/pear/; or (5) Worksheet.php, (6) Parser.php, (7) Workbook.php, (8) Format.php, or (9) BIFFwriter.php in admin/classes/pear/Spreadsheet/Excel/Writer/.
15028 CVE-2007-3630 2007-07-09 2017-09-28
6.4
None Remote Low Not required Partial Partial None
changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter.
15029 CVE-2007-3616 2007-07-06 2008-09-05
6.5
User Remote Low Single system Partial Partial Partial
index.php in vtiger CRM before 5.0.3 allows remote authenticated users to perform administrative changes to arbitrary profile settings via a certain profilePrivileges action in the Users module.
15030 CVE-2007-3603 Exec Code Sql 2007-07-06 2008-11-13
6.5
User Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the dashboard (include/utils/SearchUtils.php) in vtiger CRM before 5.0.3 allows remote authenticated users to execute arbitrary SQL commands via the assigned_user_id parameter in a Potentials ListView action to index.php.
15031 CVE-2007-3592 2007-07-06 2017-07-28
6.5
None Remote Low Single system Partial Partial Partial
PM.php in Elite Bulletin Board before 1.0.10 allows remote authenticated users to delete arbitrary PM messages and conduct other attacks via modified id fields.
15032 CVE-2007-3573 Exec Code Sql 2007-07-05 2018-10-15
6.8
User Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in akocomment allow remote attackers to execute arbitrary SQL commands via the (1) acparentid or (2) acitemid parameter to an unspecified component, different vectors than CVE-2006-1421.
15033 CVE-2007-3557 Exec Code Sql 2007-07-04 2018-10-15
6.8
User Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in admin/login.php in Wheatblog (wB) 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter.
15034 CVE-2007-3551 119 DoS Overflow 2007-07-03 2017-07-28
6.1
None Remote Low Multiple systems None None Complete
Buffer overflow in bbs100 before 3.2 allows remote attackers to cause a denial of service (crash) by attempting to login as the Guest user when another Guest user is already logged in, possibly related to the state_login_prompt function in state_login.c.
15035 CVE-2007-3544 Exec Code 2007-07-03 2013-09-08
6.5
User Remote Low Single system Partial Partial Partial
Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543.
15036 CVE-2007-3543 Exec Code 2007-07-03 2008-11-15
6.0
User Remote Medium Single system Partial Partial Partial
Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php.
15037 CVE-2007-3535 Dir. Trav. 2007-07-03 2017-09-28
6.4
None Remote Low Not required Partial Partial None
Multiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) FORUM_LANGUAGE parameter to functions.php or the (2) style parameter to bottom.php.
15038 CVE-2007-3531 2007-07-25 2017-07-28
6.6
Admin Local Medium Single system Complete Complete Complete
The set_default_speeds function in backend/backend.c in NVidia NVClock before 0.8b2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvclock temporary file.
15039 CVE-2007-3527 DoS Overflow 2007-07-03 2012-10-30
6.8
None Remote Low Single system None None Complete
Integer overflow in Firebird 2.0.0 allows remote authenticated users to cause a denial of service (CPU consumption) via certain database operations with multi-byte character sets that trigger an attempt to use the value 65536 for a 16-bit integer, which is treated as 0 and causes an infinite loop on zero-length data.
15040 CVE-2007-3524 Exec Code File Inclusion 2007-07-03 2017-09-28
6.8
User Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the level parameter to (1) admin/includes/author_panel_header.php or (2) admin/includes/admin_header.php.
15041 CVE-2007-3523 Dir. Trav. 2007-07-03 2017-09-28
6.4
None Remote Low Not required Partial Partial None
Multiple directory traversal vulnerabilities in Module/Galerie.php in XCMS 1.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) Ent or (2) Lang parameter.
15042 CVE-2007-3522 Exec Code File Inclusion 2007-07-03 2017-09-28
6.8
User Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in sPHPell 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the SpellIncPath parameter to (1) spellcheckpageinc.php, (2) spellchecktext.php, (3) spellcheckwindow.php, or (4) spellcheckwindowframeset.php.
15043 CVE-2007-3505 Dir. Trav. 2007-07-02 2017-10-18
6.4
None Remote Low Not required Partial Partial None
Multiple directory traversal vulnerabilities in QuickTalk forum 1.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) sequence in the lang parameter to (1) qtf_checkname.php, (2) qtf_j_birth.php, or (3) qtf_j_exists.php.
15044 CVE-2007-3499 DoS 2007-06-29 2008-11-15
6.4
None Remote Low Not required None Partial Partial
SlackRoll before 8 accepts gpg exit codes other than 0 and 1 as evidence of a valid signature, which allows remote Slackware mirror sites or man-in-the-middle attackers to cause a denial of service (data inconsistency) or possibly install Trojan horse packages via malformed gpg signatures.
15045 CVE-2007-3494 2007-06-29 2018-10-16
6.8
None Remote Low Single system Complete None None
Papoo CMS 3.6, and possibly earlier, does not verify user privileges when accessing the backend administration plugins, which allows remote authenticated users to (1) read the entire database by accessing the database backup plugin via a devtools/templates/newdump_backend.html argument in the template parameter to interna/plugin.php, (2) create plugins, (3) remove plugins, (4) enable debug mode, and have other unspecified impact.
15046 CVE-2007-3492 DoS 2007-06-29 2018-10-16
6.8
None Remote Low Single system None None Complete
Conti FtpServer 1.0 allows remote authenticated users to cause a denial of service (daemon crash) via a certain string containing "//A:" in the argument to the LIST command.
15047 CVE-2007-3487 22 Dir. Trav. 2007-06-29 2018-10-16
6.4
None Remote Low Not required Partial Partial None
Absolute path traversal in a certain ActiveX control in hpqxml.dll 2.0.0.133 in Hewlett-Packard (HP) Photo Digital Imaging allows remote attackers to create or overwrite arbitrary files via the argument to the saveXMLAsFile method.
15048 CVE-2007-3479 Exec Code Overflow 2007-06-28 2018-10-16
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to execute arbitrary code via a long string in the "used DLL" field in a WDP project file.
15049 CVE-2007-3462 Exec Code CSRF 2007-06-27 2018-10-16
6.0
User Remote Medium Single system Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Check Point SofaWare [email protected], with firmware before Embedded NGX 7.0.45 GA, allows remote attackers to execute commands as arbitrary users, and disable firewalling of the protected network.
15050 CVE-2007-3459 2007-06-27 2018-10-16
6.4
None Remote Low Not required None Partial Partial
A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax Vector 1.3 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the WriteMovie method.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.