CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
15351 CVE-2007-1387 Exec Code Overflow 2007-03-13 2018-10-03
6.8
Admin Remote High Multiple systems Complete Complete Complete
The DirectShow loader (loader/dshow/DS_VideoDecoder.c) in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than CVE-2007-1246.
15352 CVE-2007-1384 Dir. Trav. 2007-03-10 2008-09-05
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.2 allows remote attackers to overwrite arbitrary files via ".." sequences in a torrent filename.
15353 CVE-2007-1382 Exec Code Bypass 2007-03-09 2017-10-10
6.8
Admin Local Low Single system Complete Complete Complete
The PHP COM extensions for PHP on Windows systems allow context-dependent attackers to execute arbitrary code via a WScript.Shell COM object, as demonstrated by using the Run method of this object to execute cmd.exe, which bypasses PHP's safe mode.
15354 CVE-2007-1371 Exec Code Overflow +Priv 2007-03-09 2018-10-16
6.9
Admin Local Medium Not required Complete Complete Complete
Multiple buffer overflows in Conquest 8.2a and earlier (1) allow local users to gain privileges by querying a metaserver that sends a long server entry processed by metaGetServerList and allow remote metaservers to execute arbitrary code via a long server entry processed by metaGetServerList; (2) allow attackers to have an unknown impact by exceeding the configured number of metaservers; and allow remote attackers to corrupt memory via a SP_CLIENTSTAT packet with certain values of (3) unum or (4) snum, different vulnerabilities than CVE-2003-0933.
15355 CVE-2007-1370 +Priv 2007-03-09 2017-07-28
6.2
Admin Local High Not required Complete Complete Complete
Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files. NOTE: this only occurs when safe_mode and open_basedir are disabled; other settings require leverage for other vulnerabilities.
15356 CVE-2007-1364 2007-04-11 2017-07-28
6.4
None Remote Low Not required Partial Partial None
DropAFew before 0.2.1 does not require authorization for certain privileged actions, which allows remote attackers to (1) view the logged calorie information of arbitrary users via the id parameter in editlogcal.php, (2) add arbitrary links via links.php, or (3) create arbitrary users via newaccount2.php.
15357 CVE-2007-1360 2007-03-08 2017-07-28
6.0
User Remote Medium Single system Partial Partial Partial
Unspecified vulnerability in the Nodefamily module for Drupal 5.x before 5.x-1.0 allows remote authenticated users to access and modify other users' profiles via unspecified URL parameters.
15358 CVE-2007-1359 Bypass 2007-03-08 2017-07-28
6.8
None Remote Medium Not required Partial Partial Partial
Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a terminator even though it is still processed as normal data by some HTTP parsers including PHP 5.2.0, and possibly parsers in Perl, and Python.
15359 CVE-2007-1354 +Priv 2007-07-27 2008-11-13
6.0
User Remote Medium Single system Partial Partial Partial
The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition and gain privileges by logging in during a session by a more privileged administrator, as demonstrated by privilege escalation from Read Mode to Write Mode.
15360 CVE-2007-1350 Exec Code Overflow 2007-03-08 2018-10-16
6.8
User Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 allows remote attackers to execute arbitrary code via a long username during HTTP Basic authentication.
15361 CVE-2007-1346 +Priv 2007-03-08 2008-11-13
6.6
Admin Local Medium Single system Complete Complete Complete
Unspecified vulnerability in ipmitool for Sun Fire X2100M2 and X2200M2 allows local users to gain privileges and reset or turn off the server.
15362 CVE-2007-1321 189 Overflow Bypass 2007-10-30 2017-10-10
6.6
None Local Medium Single system Complete Complete Complete
Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled "NE2000 network driver and the socket code," but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730.
15363 CVE-2007-1305 XSS 2007-03-06 2018-10-16
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in add2.php in Sava's Guestbook 23.11.2006 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) country, (3) email, and (4) website parameters.
15364 CVE-2007-1304 Exec Code Sql 2007-03-06 2018-10-16
6.8
User Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in add2.php in Sava's Guestbook 23.11.2006, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) country, (3) email, (4) website, and (5) message parameters.
15365 CVE-2007-1302 89 Exec Code Sql 2007-03-06 2018-10-16
6.8
User Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in guestbook.php in LI-Guestbook 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter. NOTE: it was later reported that 1.2 is also affected.
15366 CVE-2007-1289 Exec Code Sql 2007-03-06 2018-10-16
6.4
None Remote Low Not required Partial Partial None
SQL injection vulnerability in ViewBugs.php in Tyger Bug Tracking System (TygerBT) 1.1.3 allows remote attackers to execute arbitrary SQL commands via the s parameter.
15367 CVE-2007-1286 Exec Code Overflow 2007-03-06 2018-10-16
6.8
User Remote Medium Not required Partial Partial Partial
Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.
15368 CVE-2007-1273 DoS Overflow +Priv 2007-03-10 2009-10-14
6.9
Admin Local Medium Not required Complete Complete Complete
Integer overflow in the ktruser function in NetBSD-current before 20061022, NetBSD 3 and 3-0 before 20061024, and NetBSD 2 before 20070209, when the kernel is built with the COMPAT_FREEBSD or COMPAT_DARWIN option, allows local users to cause a denial of service and possibly gain privileges.
15369 CVE-2007-1271 DoS Overflow +Priv 2007-04-05 2018-10-30
6.6
Admin Local Medium Single system Complete Complete Complete
Buffer overflow in VMware ESX Server 3.0.0 and 3.0.1 might allow attackers to gain privileges or cause a denial of service (application crash) via unspecified vectors.
15370 CVE-2007-1258 DoS 2007-03-03 2017-10-10
6.1
None Local Network Low Not required None None Complete
Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and the MSFC2, MSFC2a and MSFC3 running in Hybrid Mode on Cisco Catalyst 6000, 6500 and Cisco 7600 series systems; allows remote attackers on a local network segment to cause a denial of service (software reload) via a certain MPLS packet.
15371 CVE-2007-1256 119 Overflow 2007-03-03 2018-10-16
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address bar, favicons, and document source, and perform updates in the context of arbitrary websites, by repeatedly setting document.location in the onunload attribute when linking to another website, a variant of CVE-2007-1092.
15372 CVE-2007-1255 Exec Code Sql 2007-03-03 2018-10-16
6.0
User Remote Medium Single system Partial Partial Partial
Unrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated administrators to execute arbitrary PHP code by uploading a crafted GIF smiley image with a .php extension via the uploadimage parameter to admin.php, which can be later accessed via a direct request for the file in smileys/. NOTE: this can be leveraged with a separate SQL injection issue for remote unauthenticated attacks.
15373 CVE-2007-1254 Exec Code Sql 2007-03-03 2018-10-16
6.5
User Remote Low Single system Partial Partial Partial
SQL injection vulnerability in part.userprofile.php in Connectix Boards 0.7 and earlier allows remote authenticated users to execute arbitrary SQL commands and obtain privileges via the p_skin parameter to index.php.
15374 CVE-2007-1249 362 2007-03-03 2017-07-28
6.8
User Remote Medium Not required Partial Partial Partial
MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 does not check "the additional environment security configuration," which allows remote attackers with write permissions to reorder components.
15375 CVE-2007-1247 94 Exec Code File Inclusion 2007-03-03 2018-10-16
6.8
User Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in aWeb Labs aWebNews 1.5 allow remote attackers to execute arbitrary PHP code via a URL in the path_to_news parameter to (1) listing.php or (2) visview.php.
15376 CVE-2007-1244 XSS CSRF 2007-03-03 2018-10-16
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks and steal cookies via the post parameter.
15377 CVE-2007-1236 +Info 2007-03-03 2018-10-16
6.4
None Remote Low Not required Partial Partial None
sitex allows remote attackers to obtain sensitive information via a request with a numerical value for the (1) sxMonth[] or (2) sxYear[] parameter to calendar.php, or the (3) page[] parameter to calendar_events.php, which reveals the path in various error messages.
15378 CVE-2007-1227 264 Exec Code 2007-03-02 2018-10-16
6.6
Admin Local Medium Single system Complete Complete Complete
VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 allow local users to change permissions of arbitrary files via a symlink attack on /Library/Application Support/Virex/VShieldExclude.txt, as demonstrated by symlinking to the root crontab file to execute arbitrary commands.
15379 CVE-2007-1220 Exec Code Bypass 2007-03-02 2018-10-16
6.2
Admin Local High Not required Complete Complete Complete
The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not properly verify the parameters passed to the syscall dispatcher, which allows attackers with physical access to bypass code-signing requirements and execute arbitrary code.
15380 CVE-2007-1218 119 DoS Overflow 2007-03-02 2017-10-10
6.8
User Remote Medium Not required Partial Partial Partial
Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. NOTE: this was originally referred to as heap-based, but it might be stack-based.
15381 CVE-2007-1217 119 DoS Overflow +Priv 2007-03-02 2018-10-30
6.9
Admin Local Medium Not required Complete Complete Complete
Buffer overflow in the bufprint function in capiutil.c in libcapi, as used in Linux kernel 2.6.9 to 2.6.20 and isdn4k-utils, allows local users to cause a denial of service (crash) and possibly gain privileges via a crafted CAPI packet.
15382 CVE-2007-1214 119 Exec Code Overflow Mem. Corr. 2007-05-08 2018-10-16
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption.
15383 CVE-2007-1212 Overflow +Priv 2007-04-04 2018-10-16
6.6
Admin Local Medium Single system Complete Complete Complete
Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via a crafted Enhanced Metafile (EMF) image format file.
15384 CVE-2007-1204 119 Exec Code Overflow Mem. Corr. 2007-04-10 2018-10-16
6.8
Admin Local Network High Not required Complete Complete Complete
Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in Microsoft Windows XP SP2 allows remote attackers on the same subnet to execute arbitrary code via crafted HTTP headers in request or notification messages, which trigger memory corruption.
15385 CVE-2007-1202 20 Exec Code 2007-05-08 2018-10-16
6.8
User Remote Medium Not required Partial Partial Partial
Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability."
15386 CVE-2007-1190 Exec Code 2007-03-02 2008-11-15
6.8
User Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in the EmbeddedWB Web Browser ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
15387 CVE-2007-1182 2007-03-02 2008-11-15
6.4
None Remote Low Not required Partial Partial None
WebAPP before 0.9.9.5 allows remote Guest users to edit a Guest profile, which has unknown impact.
15388 CVE-2007-1172 Exec Code Sql 2007-03-02 2018-10-16
6.4
None Remote Low Not required Partial Partial None
SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the "File Disclosure Exploit."
15389 CVE-2007-1154 89 Exec Code Sql 2007-03-02 2018-10-16
6.8
User Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in webSPELL allows remote attackers to execute arbitrary SQL commands via a ws_auth cookie, a different vulnerability than CVE-2006-4782.
15390 CVE-2007-1136 20 Exec Code 2007-03-02 2009-02-10
6.8
User Remote Medium Not required Partial Partial Partial
index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to execute arbitrary code via shell metacharacters in an exec function call. NOTE: some sources have referred to this as eval injection in the param parameter, but CVE source inspection suggests that this is erroneous.
15391 CVE-2007-1135 Exec Code Sql 2007-03-02 2008-11-15
6.8
User Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in WebMplayer before 0.6.1-Alpha allow remote attackers to execute arbitrary SQL commands via the (1) strid parameter to index.php and the (2) id[0] or other id array index parameter to filecheck.php.
15392 CVE-2007-1127 Dir. Trav. 2007-02-26 2018-10-16
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in enc/stylecss.php in shopkitplus allows remote attackers to read arbitrary files via a .. (dot dot) in the changetheme parameter.
15393 CVE-2007-1122 Exec Code Sql 2007-02-26 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 and 1.01 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php, a variant of a SQL injection issue that was fixed in 1.01. NOTE: some of these details are obtained from third party information.
15394 CVE-2007-1121 Exec Code Sql 2007-02-26 2017-07-28
6.4
None Remote Low Not required Partial Partial None
Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php. NOTE: some of these details are obtained from third party information.
15395 CVE-2007-1119 2007-02-26 2008-11-15
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in Novell ZENworks 7 Desktop Management Support Pack 1 before Hot patch 3 (ZDM7SP1HP3) allows remote attackers to upload images to certain folders that were not configured in the "Only allow uploads to the following directories" setting via unspecified vectors.
15396 CVE-2007-1118 Exec Code File Inclusion 2007-02-26 2017-10-10
6.8
User Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path_to_smf parameter to (1) bridges/SMF/logout.php or (2) get_session_vars.php.
15397 CVE-2007-1111 XSS 2007-02-26 2018-10-16
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the css parameter to (1) flatevents.php, (2) js.php, (3) mysqlevents.php, (4) m_2.php, (5) m_3.php, (6) m_4.php, (7) xmlevents.php, (8) y_2.php, or (9) y_3.php in data/.
15398 CVE-2007-1108 Exec Code File Inclusion 2007-02-26 2017-10-10
6.8
User Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in Christian Schneider CS-Gallery 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the album parameter during a securealbum todo action.
15399 CVE-2007-1106 Exec Code File Inclusion 2007-02-26 2017-10-10
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in includes/functions_nomoketos_rules.php in the NoMoKeTos Rules 0.0.1 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
15400 CVE-2007-1096 XSS 2007-02-26 2018-08-13
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart before 20070116 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue might overlap CVE-2007-0376.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.