| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2007-6607 |
200 |
|
+Info |
2007-12-31 |
2018-10-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain sensitive information via a direct request for (1) shared/footer.php, (2) circ/mbr_fields.php, or (3) admin/custom_marc_form_fields.php, which reveals the path in various error messages. |
|
2 |
CVE-2007-6606 |
200 |
|
+Info |
2007-12-31 |
2018-10-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. |
|
3 |
CVE-2007-6536 |
200 |
|
+Info |
2007-12-27 |
2018-10-15 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, which makes it easier for remote attackers to spoof domain names and trick users into installing malicious button XML files, as demonstrated by presenting www.google.com when the button was downloaded from an arbitrary site through an open redirector on www.google.com. |
|
4 |
CVE-2007-6524 |
200 |
|
+Info |
2007-12-24 |
2018-10-15 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap (BMP) file, as demonstrated using a CANVAS element and JavaScript in an HTML document for copying these contents from 9.50 beta, a related issue to CVE-2008-0420. |
|
5 |
CVE-2007-6514 |
200 |
|
+Info |
2007-12-21 |
2018-10-15 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive. |
|
6 |
CVE-2007-6513 |
200 |
|
+Info |
2007-12-21 |
2017-08-07 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
HP eSupportDiagnostics ActiveX control (hpediag.dll) 1.0.11.0 exports dangerous methods, which allows remote attackers to (1) read arbitrary files via the ReadTextFile method, or (2) read arbitrary registry values via the ReadValue method. |
|
7 |
CVE-2007-6512 |
264 |
|
+Info |
2007-12-21 |
2018-10-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
PHP MySQL Banner Exchange 2.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database information via a direct request to inc/lib.inc. |
|
8 |
CVE-2007-6502 |
200 |
|
+Info |
2007-12-20 |
2018-10-15 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to obtain sensitive information via (1) the AdminName and AdminLevel parameters to fp2000/NEWSRVR.asp, which discloses usernames; and (2) certain XML HTTP requests to hosting/css.asp using Microsoft.XMLHTTP or MSXML2.XMLHTTP objects, which trigger a response with the setup directory pathname in the HTML source; and (3) might allow remote attackers to obtain sensitive information via a request for /admin/forum/, which reveals the path in an error message when a forum is not found. |
|
9 |
CVE-2007-6476 |
200 |
|
+Info |
2007-12-20 |
2017-09-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
GF-3XPLORER 2.4 allows remote attackers to obtain configuration information via a direct request to explorer/phpinfo.php, which calls the phpinfo function. |
|
10 |
CVE-2007-6418 |
200 |
|
+Info |
2007-12-17 |
2008-11-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments. |
|
11 |
CVE-2007-6417 |
200 |
|
DoS +Info |
2007-12-17 |
2018-10-30 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service (crash). |
|
12 |
CVE-2007-6408 |
200 |
|
+Info |
2007-12-17 |
2018-10-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Tivoli Provisioning Manager Express provides unspecified information in error messages when (1) attempted duplication of a username occurs when creating an account or (2) when trying to login using a valid username, which makes it easier for remote attackers to enumerate usernames. |
|
13 |
CVE-2007-6405 |
200 |
|
+Info |
2007-12-17 |
2018-10-15 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended (1) '+' character, (2) '.' character, (3) %2e sequence (hex-encoded dot), or (4) hex-encoded character greater than 0x7f. NOTE: the %20 vector is already covered by CVE-2007-3407. |
|
14 |
CVE-2007-6395 |
264 |
|
+Info |
2007-12-17 |
2018-10-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Flat PHP Board 1.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials via a direct request for the username php file for any user account in users/. |
|
15 |
CVE-2007-6379 |
16 |
|
+Info |
2007-12-14 |
2018-10-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
BadBlue 2.72b and earlier allows remote attackers to obtain sensitive information via an invalid browse parameter, which reveals the installation path in an error message. |
|
16 |
CVE-2007-6283 |
200 |
|
DoS +Info |
2007-12-17 |
2017-09-28 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named. |
|
17 |
CVE-2007-6271 |
20 |
|
+Info |
2007-12-07 |
2018-10-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Absolute News Manager.NET 5.1 allows remote attackers to obtain sensitive information via a direct request to getpath.aspx, which reveals the installation path in an error message. |
|
18 |
CVE-2007-6267 |
255 |
|
+Info |
2007-12-07 |
2017-08-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information. |
|
19 |
CVE-2007-6249 |
200 |
|
+Info |
2007-12-14 |
2017-08-07 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file. |
|
20 |
CVE-2007-6221 |
200 |
|
+Info |
2007-12-04 |
2017-07-28 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
TuMusika Evolution 1.7R5 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
21 |
CVE-2007-6206 |
16 |
|
+Info |
2007-12-03 |
2018-10-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information. |
|
22 |
CVE-2007-6197 |
200 |
|
+Info |
2007-12-01 |
2018-10-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page. |
|
23 |
CVE-2007-6193 |
200 |
|
+Info |
2007-11-29 |
2018-10-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The web management interface in Citrix NetScaler 8.0 build 47.8 stores the device's primary IP address in a cookie, which might allow remote attackers to obtain sensitive network configuration information if this address is not the same as the address being used by the web interface. |
|
24 |
CVE-2007-6190 |
200 |
|
+Info |
2007-11-29 |
2008-11-15 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream. |
|
25 |
CVE-2007-6161 |
200 |
|
+Info |
2007-11-28 |
2018-10-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
index.php in Tilde CMS 4.x and earlier allows remote attackers to obtain sensitive information via a certain search parameter value in a search action, which reveals the path. |
|
26 |
CVE-2007-6150 |
200 |
|
Bypass +Info |
2007-11-29 |
2017-07-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The "internal state tracking" code for the random and urandom devices in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local users to obtain portions of previously-accessed random values, which could be leveraged to bypass protection mechanisms that rely on secrecy of those values. |
|
27 |
CVE-2007-6095 |
200 |
|
+Info |
2007-11-21 |
2008-11-15 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
The SIP component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0, when Remote NAT Traversal is employed, does not properly perform user registration and message distribution, which might allow remote authenticated users to receive messages intended for other users. |
|
28 |
CVE-2007-6043 |
200 |
|
+Info |
2007-11-20 |
2008-09-05 |
7.1 |
None |
Remote |
Medium |
Not required |
Complete |
None |
None |
|
The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898. |
|
29 |
CVE-2007-5953 |
|
|
+Info |
2007-11-13 |
2008-11-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in Really Simple CalDAV Store (RSCDS) before 0.9.0 allows attackers to obtain sensitive information via unspecified vectors. |
|
30 |
CVE-2007-5942 |
|
|
+Info |
2007-11-13 |
2017-07-28 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Bandersnatch 0.4 allows remote attackers to obtain sensitive information via a malformed request for index.php with (1) a certain func parameter value; or (2) certain func, jid, page, and limit parameter values; which reveals the path in various error messages. |
|
31 |
CVE-2007-5936 |
264 |
|
+Info |
2007-11-13 |
2018-10-15 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place. |
|
32 |
CVE-2007-5934 |
200 |
|
+Info |
2007-11-13 |
2008-11-15 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request to store a URL string as a request to retrieve and store the contents of the URL, which might allow remote attackers to use MDB2 as an indirect proxy or obtain sensitive information via a URL into a form field in an MDB2 application, as demonstrated by a file:// URL or a URL for an intranet web site. |
|
33 |
CVE-2007-5922 |
200 |
|
+Info |
2007-11-09 |
2018-10-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The modules/mdop.m in the Cypress 1.0k script for BitchX, as downloaded from a distribution site in November 2007, contains an externally introduced backdoor that e-mails sensitive information (hostnames, usernames, and shell history) to a fixed address. |
|
34 |
CVE-2007-5919 |
264 |
|
+Info |
2007-11-09 |
2018-10-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
MyWebFTP, possibly 5.3.2, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain an MD5 password hash via a direct request for pass/pass.txt. |
|
35 |
CVE-2007-5899 |
200 |
|
+Info |
2007-11-20 |
2018-10-15 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID. |
|
36 |
CVE-2007-5858 |
79 |
|
XSS +Info |
2007-12-19 |
2017-07-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information. |
|
37 |
CVE-2007-5857 |
264 |
|
+Info |
2007-12-19 |
2017-07-28 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Quick Look in Apple Mac OS X 10.5.1 does not prevent a movie from accessing URLs when the movie file is previewed or if an icon is created, which might allow remote attackers to obtain sensitive information via HREFTrack. |
|
38 |
CVE-2007-5856 |
264 |
|
+Info |
2007-12-19 |
2017-07-28 |
9.4 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
None |
|
Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information. |
|
39 |
CVE-2007-5854 |
79 |
|
XSS +Info |
2007-12-19 |
2017-07-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Launch Services in Apple Mac OS X 10.4.11 and 10.5.1 does not treat HTML files as unsafe content, which allows attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via a crafted HTML file. |
|
40 |
CVE-2007-5847 |
362 |
|
+Info |
2007-12-19 |
2017-07-28 |
6.6 |
None |
Local |
Low |
Not required |
Complete |
Complete |
None |
|
Race condition in the CFURLWriteDataAndPropertiesToResource API in Core Foundation in Apple Mac OS X 10.4.11 creates files with insecure permissions, which might allow local users to obtain sensitive information. |
|
41 |
CVE-2007-5816 |
200 |
|
+Info |
2007-11-05 |
2008-11-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to obtain sensitive author credentials by making a request with an editauthor action, then reading the value of the newlocalpassword password input field in the HTML source of the resulting page. |
|
42 |
CVE-2007-5808 |
|
|
+Info |
2007-11-05 |
2017-07-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the Groupmax Collaboration - Schedule component in Hitachi Groupmax Collaboration Portal 07-30 through 07-30-/F and 07-32 through 07-32-/C, uCosminexus Collaboration Portal 06-30 through 06-30-/F and 06-32 through 06-32-/C, and Groupmax Collaboration Web Client - Mail/Schedule 07-30 through 07-30-/F and 07-32 through 07-32-/B might allow remote attackers to obtain sensitive information via unspecified vectors related to schedule portlets. |
|
43 |
CVE-2007-5790 |
310 |
|
+Info |
2007-11-01 |
2017-07-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Globe7 soft phone client 7.3 uses weak cryptography (reversed sequence of binary values) for the password, which might allow local users to obtain sensitive information. |
|
44 |
CVE-2007-5778 |
310 |
|
+Info |
2007-11-01 |
2018-10-15 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
Mobile Spy (1) stores login credentials in cleartext under the RetinaxStudios registry key, and (2) sends login credentials and log data over a cleartext HTTP connection, which allows attackers to obtain sensitive information by reading the registry or sniffing the network. |
|
45 |
CVE-2007-5774 |
200 |
|
+Info |
2007-11-01 |
2017-09-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
index.php in the File Manager module in Flatnuke 3 allows remote attackers to obtain sensitive information via an invalid argumentname parameter in a disc op action, which reveals the path in an error message. |
|
46 |
CVE-2007-5768 |
310 |
|
+Info |
2007-10-31 |
2008-11-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Globe7 soft phone client 7.3 sends username and password information in cleartext, which allows remote attackers to obtain sensitive information by sniffing the HTTP traffic. |
|
47 |
CVE-2007-5735 |
264 |
|
+Info |
2007-10-30 |
2018-10-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
eFileMan 7.1.0.87-88 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain unspecified user information via a direct request for cgi-bin/efileman/efileman_config.pm. |
|
48 |
CVE-2007-5701 |
310 |
|
Bypass +Info |
2007-10-29 |
2017-07-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Incomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 7.0.3 allows local users, or attackers with physical access, to obtain sensitive information (passwords) when an administrator enters a "ca activate" or "ca unlock" command with any uppercase character, which bypasses a blacklist designed to suppress password logging, resulting in cleartext password disclosure in the console log and Admin panel. |
|
49 |
CVE-2007-5700 |
|
|
+Priv +Info |
2007-10-29 |
2017-07-28 |
6.3 |
None |
Remote |
Medium |
Single system |
Complete |
None |
None |
|
The Evaluate LotusScript method in IBM Lotus Domino before 7.0.3 uses an incorrect security context for @ formula commands in some circumstances, which might allow remote authenticated users to gain privileges and obtain sensitive information. |
|
50 |
CVE-2007-5686 |
264 |
|
+Info |
2007-10-28 |
2018-10-15 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers. |
