CVE List - 2007 / January
Showing 1 - 100 of 725 CVEs for January 2007 (Page 1 of 8)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2006-6828 | 2007-01-01 | Multiple SQL injection vulnerabilities in Efkan Forum 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the grup parameter in admin.asp, or the id parameter in... |
| CVE-2006-6829 | 2007-01-01 | Efkan Forum 1.0 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum.mdb.... |
| CVE-2006-6830 | 2007-01-01 | PHP remote file inclusion vulnerability in b2verifauth.php in b2 Blog 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the index parameter. |
| CVE-2006-6831 | 2007-01-01 | SQL injection vulnerability in faqDsp.asp in aFAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catcode parameter. |
| CVE-2006-6832 | 2007-01-01 | Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to poll.php or the module title. |
| CVE-2006-6833 | 2007-01-01 | com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors. |
| CVE-2006-6834 | 2007-01-01 | Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have unknown impact and attack vectors related to (1) "unneeded legacy functions" and (2) "Several low level security fixes." |
| CVE-2006-6835 | 2007-01-01 | SQL injection vulnerability in Journal.inc.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the w parameter to journal.php. |
| CVE-2007-0015 | 2007-01-01 | Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI. |
| CVE-2006-6836 | 2007-01-01 | Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 have unspecified impact and attack vectors, related to ASN.1 parsing. |
| CVE-2006-6837 | 2007-01-03 | Multiple stack-based buffer overflows in the (1) LoadTree, (2) ReadHeader, and (3) LoadXBOXTree functions in the ISO (iso_wincmd) plugin 1.7.3.3 and earlier for Total Commander allow user-assisted remote attackers to... |
| CVE-2006-6838 | 2007-01-03 | Rediff Bol Downloader ActiveX (OCX) control allows remote attackers to execute arbitrary files, and obtain sensitive information (usernames and pathnames), via a URL in the url vbscript parameter. |
| CVE-2006-6839 | 2007-01-03 | Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets." |
| CVE-2006-6840 | 2007-01-03 | Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter." |
| CVE-2006-6841 | 2007-01-03 | Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors. |
| CVE-2006-6842 | 2007-01-03 | SQL injection vulnerability in admin/admin_acronyms.php in the Acronym Mod 0.9.5 for phpBB2 Plus 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2006-6844 | 2007-01-03 | Cross-site scripting (XSS) vulnerability in the optional user comment module in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the user comment form. |
| CVE-2006-6845 | 2007-01-03 | Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the cntnt01searchinput parameter in a Search action. |
| CVE-2006-6846 | 2007-01-03 | Multiple SQL injection vulnerabilities in While You Were Out (WYWO) InOut Board 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the num parameter in (a) phonemessage.asp, (2)... |
| CVE-2006-6847 | 2007-01-03 | An ActiveX control in ierpplug.dll for RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the RealPlayer.OpenURLInPlayerBrowser method with a long... |
| CVE-2006-6848 | 2007-01-03 | SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO, possibly related to the Password parameter. |
| CVE-2006-6849 | 2007-01-03 | administration/index.php in Cahier de texte (CDT) 2.2 does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions. |
| CVE-2006-6850 | 2007-01-03 | PHP remote file inclusion vulnerability in include.php in the Roster Module (character_roster) in Shadowed Portal 5.7 allows remote attackers to execute arbitrary PHP code via a URL in the mod_root... |
| CVE-2007-0016 | 2007-01-03 | Stack-based buffer overflow in MoviePlay 4.76 allows remote attackers to execute arbitrary code via a long filename in a LST file. |
| CVE-2007-0017 | 2007-01-03 | Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin)... |
| CVE-2006-6843 | 2007-01-03 | PHP remote file inclusion vulnerability in the BE IT EasyPartner 0.0.9 beta component for Joomla! allows remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: The provenance of... |
| CVE-2006-4575 | 2007-01-03 | Multiple SQL injection vulnerabilities in The Address Book 1.04e allow remote attackers to execute arbitrary SQL commands via the (1) lastname, (2) firstname, (3) passwordOld, (4) passwordNew, (5) id, (6)... |
| CVE-2006-4576 | 2007-01-03 | Cross-site scripting (XSS) vulnerability in The Address Book 1.04e allows remote attackers to inject arbitrary web script or HTML by uploading the HTML file with a GIF or JPG extension,... |
| CVE-2006-4577 | 2007-01-03 | Multiple cross-site scripting (XSS) vulnerabilities in The Address Book 1.04e allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) email, (2) websites, and... |
| CVE-2006-4578 | 2007-01-03 | export.php in The Address Book 1.04e writes username and password hash information into a publicly accessible file when dumping the MySQL database contents, which allows remote attackers to obtain sensitive... |
| CVE-2006-4579 | 2007-01-03 | Directory traversal vulnerability in users.php in The Address Book 1.04e allows remote attackers to include arbitrary files via a .. (dot dot) in the language parameter. |
| CVE-2006-4580 | 2007-01-03 | register.php in The Address Book 1.04e allows remote attackers to bypass the "Allow User Self-Registration" setting and create arbitrary users by setting the mode parameter to "confirm". |
| CVE-2006-4581 | 2007-01-03 | Unrestricted file upload vulnerability in The Address Book 1.04e validates the Content-Type header but not the file extension, which allows remote attackers to upload arbitrary PHP scripts. |
| CVE-2006-4582 | 2007-01-03 | Cross-site request forgery (CSRF) vulnerability in The Address Book 1.04e allows remote attackers to perform unauthorized actions as other users via unspecified vectors, as demonstrated by deleting arbitrary users via... |
| CVE-2006-6488 | 2007-01-03 | Stack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control (DlgWrapper.dll) before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, allows remote... |
| CVE-2007-0044 | 2007-01-03 | Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites... |
| CVE-2007-0045 | 2007-01-03 | Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2,... |
| CVE-2007-0046 | 2007-01-03 | Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a... |
| CVE-2007-0047 | 2007-01-03 | CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct... |
| CVE-2007-0048 | 2007-01-03 | Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google... |
| CVE-2006-5749 | 2007-01-04 | The isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c in the Linux 2.4 kernel before 2.4.34-rc4 does not call the init_timer function for the ISDN PPP CCP reset state timer, which has unknown attack... |
| CVE-2006-6851 | 2007-01-04 | Multiple cross-site scripting (XSS) vulnerabilities in contact_us.php in ac4p Mobilelib gold 2 allow remote attackers to inject arbitrary web script or HTML via the (1) email or (2) errr parameter. |
| CVE-2006-6852 | 2007-01-04 | Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validation by (1) conf.rhtml... |
| CVE-2006-6853 | 2007-01-04 | Buffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002. |
| CVE-2006-6854 | 2007-01-04 | The qcamvc_video_init function in qcamvc.c in De Marchi Daniele QuickCam VC Linux device driver (aka quickcam-vc) 1.0.9 and earlier does not properly check a boundary, triggering memory corruption, which might... |
| CVE-2006-6855 | 2007-01-04 | AIDeX Mini-WebServer 1.1 early release 3 allows remote attackers to cause a denial of service (daemon crash) via a flood of HTTP GET requests, possibly related to display of HTTP... |
| CVE-2006-6856 | 2007-01-04 | Direct static code injection vulnerability in WebText CMS 0.4.5.2 and earlier allows remote attackers to inject arbitrary PHP code into a script in wt/users/ via the im parameter during a... |
| CVE-2006-6857 | 2007-01-04 | Cross-site scripting (XSS) vulnerability in modules/credits/credits.php in Docebo LMS allows remote attackers to inject arbitrary web script or HTML via the lang parameter. |
| CVE-2006-5870 | 2007-01-04 | Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a... |
| CVE-2006-6858 | 2007-01-04 | Miredo 0.9.8 through 1.0.5 does not properly authenticate a Teredo bubble during UDP hole punching with HMAC-MD5-64 hashing, which allows remote attackers to impersonate an arbitrary Teredo client. |
| CVE-2007-0049 | 2007-01-04 | Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to add administrative or other accounts via an Add action with a modified GroupID in a direct request to Customize.asp. |
| CVE-2007-0050 | 2007-01-04 | PHP remote file inclusion vulnerability in index.php in OpenPinboard 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the language parameter. NOTE: this issue has been... |
| CVE-2007-0051 | 2007-01-04 | Format string vulnerability in Apple iPhoto 6.0.5 (316), and other versions before 6.0.6, allows remote user-assisted attackers to execute arbitrary code via a crafted photocast with format string specifiers in... |
| CVE-2006-6859 | 2007-01-04 | SQL injection vulnerability in coupon_detail.asp in Website Designs For Less Click N' Print Coupons 2005.01 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter. |
| CVE-2006-6860 | 2007-01-04 | Buffer overflow in the sendToMythTV function in MythControlServer.c in MythControl 1.0 and earlier allows remote attackers to execute arbitrary code via a crafted sendStr string to the Bluetooth interface. NOTE:... |
| CVE-2006-6861 | 2007-01-04 | Multiple SQL injection vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the UserUpdate parameter to login/register.asp or (2) unspecified parameters to includes/a_register.asp. |
| CVE-2006-6862 | 2007-01-04 | Multiple cross-site scripting (XSS) vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login/login.asp or (2) login/register.asp. |
| CVE-2006-6863 | 2007-01-04 | PHP remote file inclusion vulnerability in the Enigma2 plugin (Enigma2.php) in Enigma WordPress Bridge allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. NOTE:... |
| CVE-2006-6864 | 2007-01-04 | PHP remote file inclusion vulnerability in E2_header.inc.php in Enigma2 Coppermine Bridge 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. |
| CVE-2006-6865 | 2007-01-04 | Directory traversal vulnerability in SAFileUpSamples/util/viewsrc.asp in SoftArtisans FileUp (SAFileUp) 5.0.14 allows remote attackers to read arbitrary files via a %c0%ae. (Unicode dot dot) in the path parameter, which bypasses the... |
| CVE-2006-6866 | 2007-01-04 | STphp EasyNews PRO 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, email addresses, and password hashes via a direct... |
| CVE-2006-6867 | 2007-01-04 | Multiple PHP remote file inclusion vulnerabilities in Vladimir Menshakov buratinable templator (aka bubla) 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the bu_dir parameter to... |
| CVE-2006-6868 | 2007-01-04 | Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart Web Shopping Cart before 1.3.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2006-6869 | 2007-01-04 | Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via... |
| CVE-2007-0052 | 2007-01-04 | SQL injection vulnerability in haberdetay.asp in Vizayn Haber allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2007-0053 | 2007-01-04 | SQL injection vulnerability in detail.asp in ASP SiteWare autoDealer 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the iPro parameter. |
| CVE-2007-0054 | 2007-01-04 | Cross-site scripting (XSS) vulnerability in gbrowse.php in Belchior Foundry vCard PRO allows remote attackers to inject arbitrary web script or HTML via the sortby parameter. |
| CVE-2007-0055 | 2007-01-04 | Directory traversal vulnerability in formbankcgi.exe/AbfrageForm in Formbankserver 1.9 allows remote attackers to read arbitrary files via directory traversal sequences in the Name parameter. NOTE: The provenance of this information is... |
| CVE-2007-0056 | 2007-01-04 | Multiple cross-site scripting (XSS) vulnerabilities in AShop Deluxe 4.5 and AShop Administration Panel allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to (a)... |
| CVE-2007-0057 | 2007-01-04 | Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3.2 does not properly configure or allow modification of a shared secret authentication key, which causes all devices to have... |
| CVE-2007-0058 | 2007-01-04 | Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 on the Clean Access Manager (CAM) allows remote attackers to bypass authentication and download arbitrary manual database backups by... |
| CVE-2006-6870 | 2007-01-05 | The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that... |
| CVE-2007-0059 | 2007-01-05 | Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track... |
| CVE-2003-1316 | 2007-01-05 | mod.php in eNdonesia 8.2 allows remote attackers to obtain sensitive information via a ' (quote) value in the lng parameter, which reveals the path in an error message. NOTE: The... |
| CVE-2003-1317 | 2007-01-05 | Cross-site scripting (XSS) vulnerability in mod.php in eNdonesia 8.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter. NOTE: The provenance of this information is... |
| CVE-2004-2670 | 2007-01-05 | Multiple cross-site scripting (XSS) vulnerabilities in mod.php in eNdonesia 8.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewcat operation or... |
| CVE-2004-2671 | 2007-01-05 | mod.php in eNdonesia 8.3 allows remote attackers to obtain sensitive information via certain direct requests, and certain requests with invalid parameter values, which reveal the path in various error messages,... |
| CVE-2006-6871 | 2007-01-05 | Multiple cross-site scripting (XSS) vulnerabilities in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewlink operation in mod.php, (2)... |
| CVE-2006-6872 | 2007-01-05 | Directory traversal vulnerability in mod.php in eNdonesia 8.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter. |
| CVE-2006-6873 | 2007-01-05 | Multiple SQL injection vulnerabilities in mod.php in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via (1) the did parameter in a (a) viewdisk operation (diskusi mod), or... |
| CVE-2006-6875 | 2007-01-05 | Buffer overflow in the validateospheader function in the Open Settlement Protocol (OSP) module in OpenSER 1.1.0 and earlier allows remote attackers to execute arbitrary code via a crafted OSP header. |
| CVE-2006-6876 | 2007-01-05 | Buffer overflow in the fetchsms function in the SMS handling module (libsms_getsms.c) in OpenSER 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted... |
| CVE-2006-6877 | 2007-01-05 | Directory traversal vulnerability in index.php in Matteo Lucarelli 3editor CMS 0.42 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot) in... |
| CVE-2006-6878 | 2007-01-05 | admin/uploads.php in PHP-Update 2.7 and earlier allows remote attackers to gain privileges by setting the rights[7] parameter to 1 during a login action. |
| CVE-2006-6879 | 2007-01-05 | Unrestricted file upload vulnerability in admin/uploads.php in PHP-Update 2.7 and earlier allows remote authenticated users to upload arbitrary PHP scripts to the gfx/ and files/ directories via the userfile parameter. |
| CVE-2006-6880 | 2007-01-05 | Multiple SQL injection vulnerabilities in code/guestadd.php in PHP-Update 2.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) newmessage, (2) newname, (3) newwebsite, or (4) newemail... |
| CVE-2006-6874 | 2007-01-05 | Multiple cross-site scripting (XSS) vulnerabilities in friend.php in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Message or (2) Your Name field. NOTE:... |
| CVE-2006-6881 | 2007-01-05 | Buffer overflow in the Get_Wep function in cofvnet.c for ATMEL Linux PCI PCMCIA USB Drivers drivers 3.4.1.1 corruption allows attackers to execute arbitrary code via a long name argument. |
| CVE-2006-6882 | 2007-01-05 | Cross-site scripting (XSS) vulnerability in golden book allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2006-6883 | 2007-01-05 | PHP remote file inclusion vulnerability in php4you.php in PHPIrc_bot 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue is disputed... |
| CVE-2006-6884 | 2007-01-05 | Buffer overflow in the WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 Build 6667 allows remote attackers to execute arbitrary code via a long argument to... |
| CVE-2006-6885 | 2007-01-05 | An ActiveX control in SwDir.dll in Macromedia Shockwave 10 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the swURL attribute. |
| CVE-2006-6886 | 2007-01-05 | phpwcms 1.2.5-DEV allows remote attackers to obtain sensitive information via a direct request for (1) files.public-userroot.inc.php or (2) files.private.additions.inc.php in include/inc_lib/, which reveals the path in various error messages. |
| CVE-2007-0075 | 2007-01-05 | AspBB stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user passwords via a direct request for db/aspbb.mdb. |
| CVE-2007-0076 | 2007-01-05 | Openforum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user passwords via a direct request for openforum.mdb. |
| CVE-2007-0077 | 2007-01-05 | lblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for a certain file in admin/db/newFolder/. |
| CVE-2007-0078 | 2007-01-05 | BattleBlog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/blankmaster.mdb. |
| CVE-2007-0079 | 2007-01-05 | rblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) data/admin.mdb or (2) data/rblog.mdb. |
| CVE-2007-0080 | 2007-01-05 | Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact... |
| CVE-2007-0081 | 2007-01-05 | Sunbelt Kerio Personal Firewall (SKPF) 4.3.268 and 4.3.246, and possibly other versions allows local users to provide a Trojan horse iphlpapi.dll to SKPF by placing it in the installation directory. |