CVE List - 2007 / November
Showing 301 - 400 of 478 CVEs for November 2007 (Page 4 of 5)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2007-6002 | 2007-11-15 | Cross-site scripting (XSS) vulnerability in Fenriru (1) Sleipnir 2.5.17 R2 and earlier and (2) Grani 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the... |
| CVE-2007-6003 | 2007-11-15 | Cross-site scripting (XSS) vulnerability in cgi/b/ic/connect in the Thomson SpeedTouch 716 with firmware 5.4.0.14 allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the... |
| CVE-2007-6004 | 2007-11-15 | Multiple SQL injection vulnerabilities in index.php in Toko Instan 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an artikel action or (2) the... |
| CVE-2007-6005 | 2007-11-15 | Unspecified vulnerability in the GpcContainer.GpcContainer.1 ActiveX control in WebEx allows remote attackers to cause a denial of service (memory access violation and crash) via (1) an invalid argument to the... |
| CVE-2007-6006 | 2007-11-15 | TestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors. |
| CVE-2007-6007 | 2007-11-15 | Integer overflow in the ID_PSP.apl plug-in for ACD ACDSee Photo Manager 9.0 build 108, Pro Photo Manager 8.1 build 99, and Photo Editor 4.0 build 195 allows user-assisted remote attackers... |
| CVE-2007-6009 | 2007-11-15 | Multiple buffer overflows in ACD products allow user-assisted remote attackers to execute arbitrary code via a long section string in a (1) XBM or (2) XPM file to (a) ID_X.apl... |
| CVE-2007-6008 | 2007-11-15 | Heap-based buffer overflow in emlsr.dll before 2.0.0.4 in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK allows remote attackers to execute arbitrary code via a long Content-Type header line... |
| CVE-2004-2754 | 2007-11-15 | SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the... |
| CVE-2004-2755 | 2007-11-15 | Cross-site scripting (XSS) vulnerability in Symantec Web Security 2.5, 3.0.0, and 3.0.1 before build 62 allows remote attackers to inject arbitrary web script or HTML via the query string in... |
| CVE-2007-6010 | 2007-11-15 | Unspecified vulnerability in pioneers (formerly gnocatan) 0.11.3 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors that trigger an assert error. NOTE: this issue reportedly... |
| CVE-2007-6011 | 2007-11-16 | Unspecified vulnerability in main.php of BugHotel Reservation System before 4.9.9 P3 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. NOTE: the provenance of this information... |
| CVE-2007-4572 | 2007-11-16 | Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC... |
| CVE-2007-5398 | 2007-11-16 | Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via... |
| CVE-2007-6012 | 2007-11-16 | SQL injection vulnerability in SearchR.asp in DocuSafe 4.1.0 and 4.1.2 allows remote attackers to execute arbitrary SQL commands via the artnr parameter (aka the search section). NOTE: some of these... |
| CVE-2007-6013 | 2007-11-19 | Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the... |
| CVE-2007-6025 | 2007-11-19 | Stack-based buffer overflow in driver_wext.c in wpa_supplicant 0.6.0 and earlier allows remote attackers to cause a denial of service (crash) via crafted TSF data. |
| CVE-2002-2426 | 2007-11-20 | Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications,... |
| CVE-2007-6026 | 2007-11-20 | Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a... |
| CVE-2007-6027 | 2007-11-20 | PHP remote file inclusion vulnerability in admin.jjgallery.php in the Carousel Flash Image Gallery (com_jjgallery) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the... |
| CVE-2007-6028 | 2007-11-20 | Multiple stack-based buffer overflows in the VSFlexGrid.VSFlexGridL ActiveX control in ComponentOne FlexGrid 7.1 Light allow remote attackers to cause a denial of service and possibly execute arbitrary code via a... |
| CVE-2004-2756 | 2007-11-20 | Cross-site scripting (XSS) vulnerability in viewtopic.php in Xoops 2.x, possibly 2 through 2.0.5, allows remote attackers to inject arbitrary web script or HTML via the (1) forum and (2) topic_id... |
| CVE-2004-2757 | 2007-11-20 | Cross-site scripting (XSS) vulnerability in the failed login page in Novell iChain before 2.2 build 2.2.113 and 2.3 First Customer Ship (FCS) allows remote attackers to inject arbitrary web script... |
| CVE-2007-5500 | 2007-11-20 | The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash)... |
| CVE-2007-6030 | 2007-11-20 | Unspecified vulnerability in Weird Solutions BOOTPTurbo 1.2 has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that... |
| CVE-2007-6031 | 2007-11-20 | Unspecified vulnerability in VanDyke VShell 3.0.1 allows remote attackers to cause a denial of service via unspecified vectors. NOTE: this information is based upon a vague advisory by a vulnerability... |
| CVE-2007-6032 | 2007-11-20 | SQL injection vulnerability in calendar/page.asp in Aleris Web Publishing Server 3.0 allows remote attackers to execute arbitrary SQL commands via the mode parameter. |
| CVE-2007-6033 | 2007-11-20 | Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure permissions (Everyone/Full Control), which allows remote authenticated attackers, and possibly anonymous users, to execute arbitrary programs. |
| CVE-2007-6029 | 2007-11-20 | Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via a crafted e-mail message. NOTE: this information is based upon a vague advisory by a... |
| CVE-2007-6035 | 2007-11-20 | SQL injection vulnerability in graph.php in Cacti before 0.8.7a allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter. |
| CVE-2007-6036 | 2007-11-20 | The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and earlier allows remote attackers to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative... |
| CVE-2007-6037 | 2007-11-20 | Cross-site scripting (XSS) vulnerability in ws/generic_api_call.pl in Citrix NetScaler 8.0 build 47.8 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter and other unspecified parameters. |
| CVE-2007-6038 | 2007-11-20 | PHP remote file inclusion vulnerability in xajax_functions.php in the JUser (com_juser) 1.0.14 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| CVE-2007-5898 | 2007-11-20 | The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465. |
| CVE-2007-5900 | 2007-11-20 | PHP before 5.2.5 allows local users to bypass protection mechanisms configured through php_admin_value or php_admin_flag in httpd.conf by using ini_set to modify arbitrary configuration variables, a different issue than CVE-2006-4625. |
| CVE-2007-5361 | 2007-11-20 | The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the... |
| CVE-2007-5899 | 2007-11-20 | The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading... |
| CVE-2007-6039 | 2007-11-20 | PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in (1) the domain parameter to the dgettext function, the message... |
| CVE-2007-6040 | 2007-11-20 | The Belkin F5D7230-4 Wireless G Router allows remote attackers to cause a denial of service (degraded networking and logging) via a flood of TCP SYN packets, a related issue to... |
| CVE-2007-6041 | 2007-11-20 | Buffer overflow in the Sequencer::queueMessage function in sequencer.cpp in the server in Rigs of Rods (RoR) before 0.33d SP1 allows remote attackers to cause a denial of service (daemon crash)... |
| CVE-2007-6042 | 2007-11-20 | PHP remote file inclusion vulnerability in fehler.inc.php in SWSoft Confixx Professional 3.2.1 allows remote attackers to execute arbitrary PHP code via a URL in an unspecified parameter. NOTE: the provenance... |
| CVE-2007-6043 | 2007-11-20 | The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1)... |
| CVE-2007-6044 | 2007-11-20 | Multiple unspecified vulnerabilities in IBM WebSphere MQ 6.0 have unknown impact and remote attack vectors involving "memory corruption." NOTE: as of 20071116, the only disclosure is a vague pre-advisory with... |
| CVE-2007-6045 | 2007-11-20 | Unspecified vulnerability in (1) DB2WATCH and (2) DB2FREEZE in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors. |
| CVE-2007-6046 | 2007-11-20 | Unspecified vulnerability in unspecified setuid programs in IBM DB2 UDB 9.1 before Fixpak 4 allows local users to have an unknown impact. |
| CVE-2007-6047 | 2007-11-20 | Unspecified vulnerability in the DB2DART tool in IBM DB2 UDB 9.1 before Fixpak 4 allows attackers to execute arbitrary commands as the DB2 instance owner, related to invocation of TPUT... |
| CVE-2007-6048 | 2007-11-20 | IBM DB2 UDB 9.1 before Fixpak 4 uses incorrect permissions on ACLs for DB2NODES.CFG, which has unknown impact and attack vectors. NOTE: the vendor description of this issue is too... |
| CVE-2007-6049 | 2007-11-20 | Unspecified vulnerability in the SSL LOAD GSKIT action in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, involving a call to dlopen when the effective... |
| CVE-2007-6050 | 2007-11-20 | Unspecified vulnerability in DB2LICD in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, related to creation of an "insecure directory." |
| CVE-2007-6051 | 2007-11-20 | IBM DB2 UDB 9.1 before Fixpak 4 assigns incorrect privileges to the (1) DB2ADMNS and (2) DB2USERS alternative groups, which has unknown impact. NOTE: the vendor description of this issue... |
| CVE-2007-6052 | 2007-11-20 | IBM DB2 UDB 9.1 before Fixpak 4 does not properly perform vector aggregation, which might allow attackers to cause a denial of service (divide-by-zero error and DBMS crash), related to... |
| CVE-2007-6053 | 2007-11-20 | IBM DB2 UDB 9.1 before Fixpak 4 does not properly handle use of large numbers of file descriptors, which might allow attackers to have an unknown impact involving "memory corruption."... |
| CVE-2007-6054 | 2007-11-20 | Cross-site scripting (XSS) vulnerability in the login page in the management interface in the Aruba 800 Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier, allows remote attackers to inject... |
| CVE-2007-6055 | 2007-11-20 | Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Portal 4.1.0 and 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter. NOTE: this issue reportedly... |
| CVE-2007-6056 | 2007-11-20 | frame.html in Aida-Web (Aida Web) allows remote attackers to bypass a protection mechanism and obtain comment and task details via modified values to the (1) Mehr and (2) SUPER parameters. |
| CVE-2007-6057 | 2007-11-20 | PHP remote file inclusion vulnerability in index.php in datecomm Social Networking Script (aka Myspace Clone Script) allows remote attackers to execute arbitrary PHP code via a URL in the pg... |
| CVE-2007-6058 | 2007-11-20 | Multiple SQL injection vulnerabilities in index.php in ProfileCMS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) codes action in the... |
| CVE-2007-6059 | 2007-11-20 | Javamail does not properly handle a series of invalid login attempts in which the same e-mail address is entered as username and password, and the domain portion of this address... |
| CVE-2007-6060 | 2007-11-20 | AhnLab Antivirus 3 Internet Security 2008 Platinum appends data to a filename string at a location indicated by the "Filename length" field in a ZIP header, which allows remote attackers... |
| CVE-2003-0857 | 2007-11-20 | The (1) ipq_read and (2) ipulog_read functions in iptables allow local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. |
| CVE-2007-6061 | 2007-11-20 | Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock)... |
| CVE-2007-6062 | 2007-11-20 | irc-channel.c in ngIRCd before 0.10.3 allows remote attackers to cause a denial of service (crash) via a JOIN command without a channel argument. |
| CVE-2007-6063 | 2007-11-21 | Buffer overflow in the isdn_net_setcfg function in isdn_net.c in Linux kernel 2.6.23 allows local users to have an unknown impact via a crafted argument to the isdn_ioctl function. |
| CVE-2007-6077 | 2007-11-21 | The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes cookie_only to be... |
| CVE-2007-5612 | 2007-11-21 | CIM Server in IBM Director 5.20.1 and earlier allows remote attackers to cause a denial of service (CPU consumption, connection slot exhaustion, and daemon crash) via a large number of... |
| CVE-2007-6078 | 2007-11-21 | Multiple SQL injection vulnerabilities in SkyPortal RC6 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) nc_top.asp; (2) inc_bookmarks.asp, possibly involving a parameter passed from cp_main.asp;... |
| CVE-2007-6079 | 2007-11-21 | Directory traversal vulnerability in include/common.php in bcoos 1.0.10 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsOption[pagetype] parameter to the default... |
| CVE-2007-6080 | 2007-11-21 | SQL injection vulnerability in modules/banners/click.php in the banners module for bcoos 1.0.10 allows remote attackers to execute arbitrary SQL commands via the bid parameter. NOTE: it was later reported that... |
| CVE-2007-6081 | 2007-11-21 | AdventNet EventLog Analyzer build 4030 for Windows, and possibly other versions and platforms, installs a mysql instance with a default "root" account without a password, which allows remote attackers to... |
| CVE-2007-6082 | 2007-11-22 | Direct static code injection vulnerability in acp/savenews.php in Sciurus Hosting Panel, possibly 2.0.3, allows remote attackers to inject arbitrary PHP code via the filecontents parameter, which can be executed by... |
| CVE-2007-6083 | 2007-11-22 | SQL injection vulnerability in admin/index.php in IceBB 1.0-rc6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header. |
| CVE-2007-6084 | 2007-11-22 | SQL injection vulnerability in software-description.php in HotScripts Clone Script allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2007-6085 | 2007-11-22 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in VigileCMS 1.4 allow remote attackers to inject arbitrary web script or HTML via the message field in the (1) vedipm or (2)... |
| CVE-2007-6086 | 2007-11-22 | Directory traversal vulnerability in index.php in VigileCMS 1.4 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the module parameter. |
| CVE-2007-6087 | 2007-11-22 | Cross-site request forgery (CSRF) vulnerability in index.php in VigileCMS 1.4 allows remote attackers to change the admin password via certain parameters to the changepass module. |
| CVE-2007-6088 | 2007-11-22 | PHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBBViet 02.03.07 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
| CVE-2007-6089 | 2007-11-22 | PHP remote file inclusion vulnerability in index.php in meBiblio 0.4.5 allows remote attackers to execute arbitrary PHP code via a URL in the action parameter. |
| CVE-2007-6091 | 2007-11-22 | Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System (JBS) 2.0, and possibly JiRo's Upload Manager (aka JiRo's Upload System or JUS), allow remote attackers to execute arbitrary SQL... |
| CVE-2007-6092 | 2007-11-22 | Buffer overflow in libsrtp in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries. |
| CVE-2007-6093 | 2007-11-22 | The SRTP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (kernel crash) via an RTCP index that is "much... |
| CVE-2007-6094 | 2007-11-22 | The IPsec module in the VPN component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (module crash) via an IPsec... |
| CVE-2007-6095 | 2007-11-22 | The SIP component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0, when Remote NAT Traversal is employed, does not properly perform user registration and message distribution, which might allow... |
| CVE-2007-6096 | 2007-11-22 | Ingate Firewall before 4.6.0 and SIParator before 4.6.0 use cleartext storage for passwords of "administrators with less privileges," which might allow attackers to read these passwords via unknown vectors. |
| CVE-2007-6097 | 2007-11-22 | Unspecified vulnerability in the ICMP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and remote attack vectors, related to ICMP packets that are "incorrectly accepted." |
| CVE-2007-6098 | 2007-11-22 | Ingate Firewall before 4.6.0 and SIParator before 4.6.0 do not log truncated (1) ICMP, (2) UDP, and (3) TCP packets, which has unknown impact and remote attack vectors; and do... |
| CVE-2007-6090 | 2007-11-22 | Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: the provenance of this information is... |
| CVE-2007-6099 | 2007-11-22 | Unspecified vulnerability in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 might leave "media pinholes" open upon a restart of the SIP module, which might make it easier for remote... |
| CVE-2007-6100 | 2007-11-23 | Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the... |
| CVE-2007-6101 | 2007-11-23 | Ability Mail Server before 2.61 allows remote authenticated users to cause a denial of service (daemon crash) via (1) malformed number list ranges in unspecified IMAP commands, and possibly (2)... |
| CVE-2007-6102 | 2007-11-23 | Cross-site scripting (XSS) vulnerability in Feed to JavaScript (Feed2JS) 1.91 allows remote attackers to inject arbitrary web script or HTML via a URL in a feed. |
| CVE-2007-6103 | 2007-11-23 | I Hear U (IHU) 0.5.6 and earlier allows remote attackers to cause (1) a denial of service (infinite loop) via a packet that contains zero in the size field in... |
| CVE-2007-6104 | 2007-11-23 | Cross-site scripting (XSS) vulnerability in the Instant Web Publishing feature in FileMaker Pro 7 and 8, Server 7 and 8, and Developer 7 allows remote attackers to inject arbitrary web... |
| CVE-2007-6105 | 2007-11-23 | Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_file parameter to (a) comments-display-tpl.php and (b)... |
| CVE-2007-6106 | 2007-11-23 | SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98 and earlier allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewevent action. |
| CVE-2007-6110 | 2007-11-23 | Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter. |
| CVE-2007-6111 | 2007-11-23 | Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remote attackers to cause a denial of service (crash) via (1) a crafted MP3 file or (2) unspecified vectors to the NCP... |
| CVE-2007-6112 | 2007-11-23 | Buffer overflow in the PPP dissector Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. |
| CVE-2007-6113 | 2007-11-23 | Integer signedness error in the DNP3 dissector in Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote attackers to cause a denial of service (long loop) via a malformed DNP3 packet. |
| CVE-2007-6114 | 2007-11-23 | Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 through 0.99.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) the SSL dissector... |
| CVE-2007-6115 | 2007-11-23 | Buffer overflow in the ANSI MAP dissector for Wireshark (formerly Ethereal) 0.99.5 to 0.99.6, when running on unspecified platforms, allows remote attackers to cause a denial of service and possibly... |