CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1651 CVE-2007-0495 Exec Code File Inclusion 2007-01-25 2017-10-18
10.0
Admin Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in include/config.inc.php in PhpSherpa allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter.
1652 CVE-2007-0496 Exec Code File Inclusion 2007-01-25 2017-10-18
10.0
Admin Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the g_strRootDir parameter.
1653 CVE-2007-0504 Exec Code 2007-01-25 2017-10-18
10.0
Admin Remote Low Not required Complete Complete Complete
Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and possibly other scripts, allows remote attackers to execute arbitrary code via the poll_id parameter, which is supplied to an eval function call, a different vulnerability type than CVE-2005-4632.
1654 CVE-2007-0510 Overflow 2007-01-25 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in (1) graphs.c, (2) output.c, and (3) preserve.c in AWFFull 3.7.1 and earlier have unknown impact and attack vectors. NOTE: some of these details are obtained from third party information. NOTE: There may not be any attack vector that crosses privilege boundaries.
1655 CVE-2007-0640 Overflow 2007-01-31 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses."
1656 CVE-2007-0655 Exec Code +Priv 2007-05-02 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
The MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan 8.0.671.1, and possibly other versions, allows remote or local attackers to gain privileges and execute arbitrary commands by connecting directly to TCP port 2222.
1657 CVE-2007-0746 Exec Code Overflow 2007-04-24 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via a "crafted SIP packet when initializing an audio/video conference".
1658 CVE-2007-0748 Exec Code Overflow 2007-05-13 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allows remote attackers to execute arbitrary code via multiple trackID values in a SETUP RTSP request.
1659 CVE-2007-0749 Exec Code Overflow 2007-05-13 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the is_command function in proxy.c in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allow remote attackers to execute arbitrary code via a long (1) cmd or (2) server value in an RTSP request.
1660 CVE-2007-0841 2007-02-07 2008-11-13
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have unknown impact and remote attack vectors. NOTE: the vector related to Drupal is covered by CVE-2007-0626. These vulnerabilities might be associated with other CVE identifiers.
1661 CVE-2007-0863 Exec Code File Inclusion 2007-02-08 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
** DISPUTED ** PHP remote file inclusion vulnerability in Trevorchan 0.7 and earlier allows remote attackers to execute arbitrary code via the tc_config[rootdir] parameter to (1) upgrade.php, (2) paint_save.php, (3) menu.php, (4) manage.php, and (5) banned.php. NOTE: his issue has been disputed by reliable third parties, who state that the variable is set before use in config.php.
1662 CVE-2007-0882 94 2007-02-12 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.
1663 CVE-2007-0886 119 DoS Exec Code Overflow 2007-02-12 2017-10-18
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via certain base64-encoded data on the pop3 port (110/tcp), which triggers an integer overflow.
1664 CVE-2007-0888 Dir. Trav. 2007-02-12 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET or (2) PUT command.
1665 CVE-2007-0903 2007-02-13 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the mod_roster_odbc module in ejabberd before 1.1.3 has unknown impact and attack vectors.
1666 CVE-2007-0910 2007-02-13 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors.
1667 CVE-2007-0915 +Priv 2007-02-13 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers to overwrite arbitrary files and gain privileges via a crafted RPC request.
1668 CVE-2007-0938 Exec Code Mem. Corr. 2007-04-10 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability."
1669 CVE-2007-0949 Exec Code Overflow 2007-02-14 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in iTinySoft Studio Total Video Player 1.03, and possibly earlier, allows remote attackers to execute arbitrary code via a M3U playlist file that contains a long file name. NOTE: it was later reported that 1.20 and 1.30 are also affected.
1670 CVE-2007-0954 2007-02-14 2008-11-15
10.0
None Remote Low Not required Complete Complete Complete
MOHA Chat 0.1b7 and earlier does not require authentication for use of the plug in API, which has unknown impact and attack vectors.
1671 CVE-2007-0976 Exec Code Overflow 2007-02-15 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the ActSoft DVD-Tools ActiveX control (dvdtools.ocx) allows remote attackers to execute arbitrary code via a long DVD_TOOLS.OpenDVD property value.
1672 CVE-2007-0980 2007-02-15 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Serviceguard for Linux; packaged for SuSE SLES8 and United Linux 1.0 before SG A.11.15.07, SuSE SLES9 and SLES10 before SG A.11.16.10, and Red Hat Enterprise Linux (RHEL) before SG A.11.16.10; allows remote attackers to obtain unauthorized access via unspecified vectors.
1673 CVE-2007-1006 134 DoS Exec Code 2007-02-19 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause a denial of service and possibly execute arbitrary code via a crafted Q.931 SETUP packet.
1674 CVE-2007-1007 DoS Exec Code 2007-02-20 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function.
1675 CVE-2007-1013 Exec Code File Inclusion 2007-02-21 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in generate.php in VirtualSystem Htaccess Passwort Generator 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the ht_pfad parameter.
1676 CVE-2007-1014 DoS Exec Code Overflow 2007-02-21 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in VicFTPS before 5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long CWD command.
1677 CVE-2007-1015 Exec Code Sql 2007-02-21 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in HaberDetay.asp in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via the id parameter.
1678 CVE-2007-1021 Exec Code Sql 2007-02-21 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in inc_listnews.asp in CodeAvalanche News 1.x allows remote attackers to execute arbitrary SQL commands via the CAT_ID parameter.
1679 CVE-2007-1024 Exec Code File Inclusion 2007-02-21 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in include.php in Meganoide's news 1.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter.
1680 CVE-2007-1039 2007-02-21 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Peanut Knowledge Base (PeanutKB) 0.0.3 and earlier has unknown impact and attack vectors.
1681 CVE-2007-1045 264 +Priv 2007-02-21 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
mAlbum 0.3 has default accounts (1) "login"/"pass" for its administrative account and (2) "dqsfg"/"sdfg", which allows remote attackers to gain privileges.
1682 CVE-2007-1052 Exec Code File Inclusion 2007-02-21 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
** DISPUTED ** PHP remote file inclusion vulnerability in index.php in PBLang (PBL) 4.60 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the dbpath parameter, a different vector than CVE-2006-5062. NOTE: this issue has been disputed by a reliable third party for 4.65, stating that the dbpath variable is initialized in an included file that is created upon installation.
1683 CVE-2007-1053 Exec Code File Inclusion 2007-02-21 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in phpXmms 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the tcmdp parameter to (1) phpxmmsb.php or (2) phpxmmst.php. NOTE: this issue has been disputed by a reliable third party, stating that the tcmdp variable is initialized by config.php.
1684 CVE-2007-1062 287 Bypass 2007-02-21 2019-05-23
10.0
Admin Remote Low Not required Complete Complete Complete
The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and Station 7936 3.3(12) and earlier does not properly handle administrator HTTP sessions, which allows remote attackers to bypass authentication controls via a direct URL request to the administrative HTTP interface for a limited time
1685 CVE-2007-1063 798 2007-02-21 2019-05-23
10.0
Admin Remote Low Not required Complete Complete Complete
The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device.
1686 CVE-2007-1070 Exec Code Overflow 2007-02-21 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll.
1687 CVE-2007-1073 Exec Code 2007-02-22 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Static code injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary PHP code via the bgcolor parameter, which is inserted into mcrconf.inc.php.
1688 CVE-2007-1093 94 DoS Exec Code 2007-02-26 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager (NNM) before 07-10-05, and before 08-00-02 in the 08-x series, allow remote attackers to execute arbitrary code, cause a denial of service, or trigger invalid Web utility behavior.
1689 CVE-2007-1097 20 Exec Code 2007-02-26 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Unrestricted file upload vulnerability in the onAttachFiles function in the upload tool (inc/lib/attachment.lib.php) in Wiclear before 0.11.1 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to filename validation. NOTE: some details were obtained from third party information.
1690 CVE-2007-1112 2007-04-05 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods.
1691 CVE-2007-1117 Exec Code 2007-02-26 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
1692 CVE-2007-1134 2007-03-02 2009-02-12
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Watchtower (WT) before 0.12 has unknown impact and attack vectors, related to "unauthorized accounts."
1693 CVE-2007-1139 94 2007-03-02 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Unrestricted file upload vulnerability in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to upload arbitrary scripts via a filename with a double extension.
1694 CVE-2007-1160 287 Bypass 2007-03-02 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782.
1695 CVE-2007-1173 Exec Code Overflow 2007-05-16 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the CentennialIPTransferServer service (XFERWAN.EXE), as used by (1) Centennial Discovery 2006 Feature Pack 1, (2) Numara Asset Manager 8.0, and (3) Symantec Discovery 6.5, allow remote attackers to execute arbitrary code via long strings in a crafted TCP packet.
1696 CVE-2007-1225 2007-03-02 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
The connection log file implementation in Grok Developments NetProxy 4.03 does not record requests that omit http:// in a URL, which might allow remote attackers to conduct unauthorized activities and avoid detection.
1697 CVE-2007-1257 20 Exec Code 2007-03-03 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM's own IP address.
1698 CVE-2007-1288 Exec Code File Inclusion 2007-03-06 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News 1.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) comment.php, (2) themes.php, (3) directory.php, and (4) sendmsg.php in admin/.
1699 CVE-2007-1307 2007-03-06 2008-11-15
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors.
1700 CVE-2007-1319 Exec Code 2007-03-19 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the IOPCServer::RemoveGroup function in the OPCDA interface in Takebishi Electric DeviceXPlorer OLE for Process Control (OPC) Server before 3.12 Build3 allows remote attackers to execute arbitrary code via unspecified vectors involving access to arbitrary memory. NOTE: this issue affects the (1) HIDIC, (2) MELSEC, (3) FA-M3, (4) MODBUS, and (5) SYSMAC OPC Servers.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.