CVE List - 2007 / October
Showing 601 - 700 of 970 CVEs for October 2007 (Page 7 of 10)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2007-5588 | 2007-10-19 | Cross-site scripting (XSS) vulnerability in mnoGoSearch before 3.2.43 allows remote attackers to inject arbitrary web script or HTML via the t parameter in search.cgi, as reachable from search.htm-dist. |
| CVE-2007-5589 | 2007-10-19 | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and... |
| CVE-2007-5590 | 2007-10-19 | Multiple buffer overflows in Miranda before 0.7.1 allow remote attackers to execute arbitrary code via unspecified vectors involving (1) IRC options, (2) Jabber forms, and unspecified aspects of the (3)... |
| CVE-2007-5591 | 2007-10-19 | The CS1000 signaling server in Nortel Enterprise VoIP-Core-CS 1000M Chassis/Cabinet, Enterprise VoIP-Core-CS 1000E and 1000S, Meridian-Core-Option 11C Chassis and Cabinet, and Meridian-Core-Option 51C, 61C, and 81C allows remote attackers to... |
| CVE-2007-5592 | 2007-10-19 | Multiple PHP remote file inclusion vulnerabilities in awzMB 4.2 beta 1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the Setting[OPT_includepath] parameter to (1)... |
| CVE-2007-5593 | 2007-10-19 | install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified. |
| CVE-2007-5594 | 2007-10-19 | Drupal 5.x before 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote attackers to delete users via a cross-site request forgery (CSRF)... |
| CVE-2007-5595 | 2007-10-19 | CRLF injection vulnerability in the drupal_goto function in includes/common.inc Drupal 4.7.x before 4.7.8 and 5.x before 5.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting... |
| CVE-2007-5596 | 2007-10-19 | The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 places the .html extension on a whitelist, which allows remote attackers to conduct cross-site scripting (XSS) attacks... |
| CVE-2007-5597 | 2007-10-19 | The hook_comments API in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 does not pass publication status, which might allow attackers to bypass access restrictions and trigger e-mail with unpublished... |
| CVE-2007-5598 | 2007-10-19 | Cross-site scripting (XSS) vulnerability in Weblinks for Drupal 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2007-5599 | 2007-10-19 | Multiple PHP remote file inclusion vulnerabilities in awrate 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to (1) 404.php or (2) topbar.php,... |
| CVE-2007-5600 | 2007-10-19 | Incomplete blacklist vulnerability in index.php in Artmedic CMS 3.4 and earlier allows remote attackers to execute arbitrary PHP code via a (1) UNC share pathname, or a (2) ftps, (3)... |
| CVE-2003-1401 | 2007-10-20 | login.php in php-Board 1.0 stores plaintext passwords in $username.txt with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information via a direct request. |
| CVE-2003-1402 | 2007-10-20 | PHP remote file inclusion vulnerability in hit.php for Kietu 2.0 and 2.3 allows remote attackers to execute arbitrary PHP code via the url_hit parameter, a different vulnerability than CVE-2006-5015. |
| CVE-2003-1403 | 2007-10-20 | foo.php3 in DotBr 0.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function. |
| CVE-2003-1404 | 2007-10-20 | DotBr 0.1 stores config.inc with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information such as SQL usernames and passwords. |
| CVE-2003-1405 | 2007-10-20 | DotBr 0.1 allows remote attackers to execute arbitrary shell commands via the cmd parameter to (1) exec.php3 or (2) system.php3. |
| CVE-2003-1406 | 2007-10-20 | PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the (1) my_header parameter to header.php3 or (2)... |
| CVE-2003-1407 | 2007-10-20 | Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to execute arbitrary code via a long pathname argument to the cd command. |
| CVE-2003-1408 | 2007-10-20 | Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot. |
| CVE-2003-1409 | 2007-10-20 | TOPo 1.43 allows remote attackers to obtain sensitive information by sending an HTTP request with an invalid parameter to (1) in.php or (2) out.php, which reveals the path to the... |
| CVE-2003-1410 | 2007-10-20 | PHP remote file inclusion vulnerability in email.php (aka email.php3) in Cedric Email Reader 0.2 and 0.3 allows remote attackers to execute arbitrary PHP code via the cer_skin parameter. |
| CVE-2003-1411 | 2007-10-20 | PHP remote file inclusion vulnerability in emailreader_execute_on_each_page.inc.php in Cedric Email Reader 0.4 allows remote attackers to execute arbitrary PHP code via the emailreader_ini parameter. |
| CVE-2003-1412 | 2007-10-20 | PHP remote file inclusion vulnerability in index.php for GONiCUS System Administrator (GOsa) 1.0 allows remote attackers to execute arbitrary PHP code via the plugin parameter to (1) 3fax/1blocklists/index.php; (2) 6departamentadmin/index.php,... |
| CVE-2003-1413 | 2007-10-20 | parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting error... |
| CVE-2003-1414 | 2007-10-20 | Directory traversal vulnerability in parse_xml.cg Apple Darwin Streaming Server 4.1.2 and Apple Quicktime Streaming Server 4.1.1 allows remote attackers to read arbitrary files via a ... (triple dot) in the... |
| CVE-2003-1415 | 2007-10-20 | NetCharts XBRL Server 4.0.0 allows remote attackers to obtain sensitive information via an HTTP request with an invalid chunked transfer encoding specification. |
| CVE-2003-1416 | 2007-10-20 | BisonFTP Server 4 release 2 allows remote attackers to cause a denial of service (CPU consumption) via a long (1) ls or (2) cwd command. |
| CVE-2003-1417 | 2007-10-20 | nCipher Support Software 6.00, when using generatekey KeySafe to import keys, does not delete the temporary copies of the key, which may allow local users to gain access to the... |
| CVE-2003-1418 | 2007-10-20 | Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary,... |
| CVE-2003-1419 | 2007-10-20 | Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function. |
| CVE-2003-1420 | 2007-10-20 | Cross-site scripting (XSS) vulnerability in Opera 6.0 through 7.0 with automatic redirection disabled allows remote attackers to inject arbitrary web script or HTML via the HTTP Location header. |
| CVE-2003-1421 | 2007-10-20 | Unspecified vulnerability in mod_mysql_logger shared object in SuckBot 0.006 allows remote attackers to cause a denial of service (seg fault) via unknown attack vectors. |
| CVE-2003-1422 | 2007-10-20 | Multiple unspecified vulnerabilities in the installer for SYSLINUX 2.01, when running setuid root, allow local users to gain privileges via unknown vectors. |
| CVE-2003-1423 | 2007-10-20 | Petitforum stores the liste.txt data file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as e-mail addresses and encrypted passwords. |
| CVE-2003-1424 | 2007-10-20 | message.php in Petitforum does not properly authenticate users, which allows remote attackers to impersonate forum users via a modified connect cookie. |
| CVE-2003-1425 | 2007-10-20 | guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter. |
| CVE-2003-1426 | 2007-10-20 | Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code... |
| CVE-2003-1427 | 2007-10-20 | Directory traversal vulnerability in the web configuration interface in Netgear FM114P 1.4 allows remote attackers to read arbitrary files, such as the netgear.cfg configuration file, via a hex-encoded (%2e%2e%2f) ../... |
| CVE-2003-1428 | 2007-10-20 | Gallery 1.3.3 creates directories with insecure permissions, which allows local users to read, modify, or delete photos. |
| CVE-2007-5601 | 2007-10-20 | Stack-based buffer overflow in the Database Component in MPAMedia.dll in RealNetworks RealPlayer 10.5 and 11 beta, and earlier versions including 10, RealOne Player, and RealOne Player 2, allows remote attackers... |
| CVE-2007-5339 | 2007-10-21 | Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory... |
| CVE-2007-5340 | 2007-10-21 | Multiple vulnerabilities in the Javascript engine in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted... |
| CVE-2007-5334 | 2007-10-21 | Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displaying XUL markup language documents, which makes it easier for remote attackers to conduct phishing and... |
| CVE-2007-5337 | 2007-10-21 | Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key... |
| CVE-2007-5338 | 2007-10-21 | Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that... |
| CVE-2007-5617 | 2007-10-21 | Unspecified vulnerability in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1, prevents it from launching, which has unspecified impact, related... |
| CVE-2007-5618 | 2007-10-21 | Unquoted Windows search path vulnerability in the Authorization and other services in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, VMware Server before 1.0.4, and Workstation 5.x before 5.5.5... |
| CVE-2007-5619 | 2007-10-21 | Unspecified vulnerability in VMware Server before 1.0.4 causes user passwords to be recorded in cleartext in server logs, which might allow local users to gain privileges. |
| CVE-2007-5190 | 2007-10-22 | Multiple cross-site scripting (XSS) vulnerabilities in Alcatel OmniVista 4760 R4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the action parameter to php-bin/Webclient.php or... |
| CVE-2007-5472 | 2007-10-22 | Cross-site scripting (XSS) vulnerability in the Server component in CA Host-Based Intrusion Prevention System (HIPS) before 8.0.0.93 allows remote attackers to inject arbitrary web script or HTML via requests that... |
| CVE-2007-5620 | 2007-10-22 | Directory traversal vulnerability in admin/inc/help.php in ZZ:FlashChat 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter. |
| CVE-2007-5621 | 2007-10-22 | Multiple cross-site scripting (XSS) vulnerabilities in the Token module before 4.7.x-1.5, and 5.x before 5.x-1.9, for Drupal; as used by the ASIN Field, e-Commerce, Fullname field for CCK, Invite, Node... |
| CVE-2003-1429 | 2007-10-23 | Buffer overflow in Proxomitron Naoko 4.4 allows remote attackers to execute arbitrary code via a long request. |
| CVE-2003-1430 | 2007-10-23 | Directory traversal vulnerability in Unreal Tournament Server 436 and earlier allows remote attackers to access known files via a ".." (dot dot) in an unreal:// URL. |
| CVE-2003-1431 | 2007-10-23 | Buffer overflow in Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (crash) via a long host string in the Unreal URL. |
| CVE-2003-1432 | 2007-10-23 | Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via (1) a packet with... |
| CVE-2003-1433 | 2007-10-23 | Epic Games Unreal Engine 226f through 436 does not validate the challenge key, which allows remote attackers to exhaust the player limit by joining the game multiple times. |
| CVE-2003-1434 | 2007-10-23 | login_ldap 3.1 and 3.2 allows remote attackers to initiate unauthenticated bind requests if (1) bind_anon_dn is on, which allows a bind with no password provided, (2) bind_anon_cred is on, which... |
| CVE-2003-1435 | 2007-10-23 | SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module. |
| CVE-2003-1436 | 2007-10-23 | PHP remote file inclusion vulnerability in nukebrowser.php in Nukebrowser 2.1 to 2.5 allows remote attackers to execute arbitrary PHP code via the filhead parameter. |
| CVE-2003-1437 | 2007-10-23 | BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local... |
| CVE-2003-1438 | 2007-10-23 | Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two... |
| CVE-2003-1439 | 2007-10-23 | Secure Internet Live Conferencing (SILC) 0.9.11 and 0.9.12 stores passwords and sessions in plaintext in memory, which could allow local users to obtain sensitive information. |
| CVE-2003-1440 | 2007-10-23 | SpamProbe 0.8a allows remote attackers to cause a denial of service (crash) via HTML e-mail with newline characters within an href tag, which is not properly handled by certain regular... |
| CVE-2003-1441 | 2007-10-23 | Posadis 0.50.4 through 0.50.8 allows remote attackers to cause a denial of service (crash) via a DNS message without a question section, which triggers null dereference. |
| CVE-2003-1442 | 2007-10-23 | The web administration page for the Ericsson HM220dp ADSL modem does not require authentication, which could allow remote attackers to gain access from the LAN side. |
| CVE-2003-1443 | 2007-10-23 | Kaspersky Antivirus (KAV) 4.0.9.0 does not detect viruses in files with MS-DOS device names in their filenames, which allows local users to bypass virus protection, as demonstrated using aux.vbs and... |
| CVE-2003-1444 | 2007-10-23 | Kaspersky Antivirus (KAV) 4.0.9.0 allows local users to cause a denial of service (CPU consumption or crash) and prevent malicious code from being detected via a file with a long... |
| CVE-2003-1445 | 2007-10-23 | Stack-based buffer overflow in Far Manager 1.70beta1 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long pathname. |
| CVE-2003-1446 | 2007-10-23 | Buffer overflow in the save_into_file function in save.c for Rogue 5.2-2 allows local users to execute arbitrary code with games group privileges by setting a long HOME environment variable and... |
| CVE-2003-1447 | 2007-10-23 | IBM WebSphere Advanced Server Edition 4.0.4 uses a weak encryption algorithm (XOR and base64 encoding), which allows local users to decrypt passwords when the configuration file is exported to XML. |
| CVE-2003-1448 | 2007-10-23 | Memory leak in the Windows 2000 kernel allows remote attackers to cause a denial of service (SMB request hang) via a NetBIOS continuation packet. |
| CVE-2003-1449 | 2007-10-23 | Aladdin Knowlege Systems eSafe Gateway 3.5.126.0 does not check the entire stream of Content Vectoring Protocol (CVP) data, which allows remote attackers to bypass virus protection. |
| CVE-2003-1450 | 2007-10-23 | BitchX 75p3 and 1.0c16 through 1.0c20cvs allows remote attackers to cause a denial of service (segmentation fault) via a malformed RPL_NAMREPLY numeric 353 message. |
| CVE-2003-1451 | 2007-10-23 | Buffer overflow in Symantec Norton AntiVirus 2002 allows remote attackers to execute arbitrary code via an e-mail attachment with a compressed ZIP file that contains a file with a long... |
| CVE-2003-1452 | 2007-10-23 | Untrusted search path vulnerability in Qualcomm qpopper 4.0 through 4.05 allows local users to execute arbitrary code by modifying the PATH environment variable to reference a malicious smbpasswd program. |
| CVE-2003-1453 | 2007-10-23 | Cross-site scripting (XSS) vulnerability in the MytextSanitizer function in XOOPS 1.3.5 through 1.3.9 and XOOPS 2.0 through 2.0.1 allows remote attackers to inject arbitrary web script or HTML via a... |
| CVE-2003-1454 | 2007-10-23 | Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain... |
| CVE-2003-1455 | 2007-10-23 | Multiple buffer overflows in the launch_bcrelay function in pptpctrl.c in PoPToP 1.1.4-b1 through PoPToP 1.1.4-b3 allow local users to execute arbitrary code. |
| CVE-2003-1456 | 2007-10-23 | Album.pl 6.1 allows remote attackers to execute arbitrary commands, when an alternative configuration file is used, via unknown attack vectors. |
| CVE-2003-1457 | 2007-10-23 | Auerswald COMsuite CTI ControlCenter 3.1 creates a default "runasositron" user account with an easily guessable password, which allows local users or remote attackers to gain access. |
| CVE-2003-1458 | 2007-10-23 | SQL injection vulnerability in Profile.php in ttCMS 2.2 and ttForum allows remote attackers to execute arbitrary SQL commands via the member name. |
| CVE-2003-1459 | 2007-10-23 | Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and ttForum allow remote attackers to execute arbitrary PHP code via the (1) template parameter in News.php or (2) installdir parameter... |
| CVE-2003-1461 | 2007-10-23 | Buffer overflow in rwrite for HP-UX 11.0 could allow local users to execute arbitrary code via a long argument. NOTE: the vendor was unable to reproduce the problem on a... |
| CVE-2003-1460 | 2007-10-23 | Worker Filemanager 1.0 through 2.7 sets the permissions on the destination directory to world-readable and executable while copying data, which could allow local users to obtain sensitive information. |
| CVE-2007-3850 | 2007-10-23 | The eHCA driver in Linux kernel 2.6 before 2.6.22, when running on PowerPC, does not properly map userspace resources, which allows local users to read portions of physical address space. |
| CVE-2007-4574 | 2007-10-23 | Unspecified vulnerability in the "stack unwinder fixes" in kernel in Red Hat Enterprise Linux 5, when running on AMD64 and Intel 64, allows local users to cause a denial of... |
| CVE-2007-5623 | 2007-10-23 | Buffer overflow in the check_snmp function in Nagios Plugins (nagios-plugins) 1.4.10 allows remote attackers to cause a denial of service (crash) via crafted snmpget replies. |
| CVE-2007-5624 | 2007-10-23 | Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts. |
| CVE-2007-5625 | 2007-10-23 | Cross-site scripting (XSS) vulnerability in filename.asp in ASP Site Search SearchSimon Lite 1.0 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter. |
| CVE-2007-5626 | 2007-10-23 | make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to... |
| CVE-2007-5627 | 2007-10-23 | PHP remote file inclusion vulnerability in content/fnc-readmail3.php in SocketMail 2.2.8 allows remote attackers to execute arbitrary PHP code via a URL in the __SOCKETMAIL_ROOT parameter. |
| CVE-2007-5628 | 2007-10-23 | PHP remote file inclusion vulnerability in src/scripture.php in The Online Web Library Site (TOWels) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the pageHeaderFile parameter. |
| CVE-2007-5629 | 2007-10-23 | Cross-site scripting (XSS) vulnerability in admin/logon.asp in ShoppingTree CandyPress Store 4.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different vector than CVE-2007-2804.... |
| CVE-2007-5630 | 2007-10-23 | SQL injection vulnerability in tnews.php in BBsProcesS BBPortalS 1.5.10 through 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a tnews action. |
| CVE-2007-5631 | 2007-10-23 | Multiple PHP remote file inclusion vulnerabilities in PeopleAggregator 1.2pre6, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the current_blockmodule_path parameter to (1)... |
| CVE-2007-5632 | 2007-10-23 | Multiple unspecified vulnerabilities in the kernel in Sun Solaris 8 through 10 allow local users to cause a denial of service (panic), related to the support for retrieval of kernel... |
| CVE-2007-5633 | 2007-10-23 | Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on Microsoft Windows Vista x64, allows local users to read or write arbitrary MSRs, and gain privileges and load unsigned drivers,... |