CVE List - 2007 / December
Showing 301 - 400 of 436 CVEs for December 2007 (Page 4 of 5)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2007-6478 | 2007-12-20 | Stack-based buffer overflow in Rosoft Media Player 4.1.7, 4.1.8, and possibly earlier versions allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a... |
| CVE-2007-6479 | 2007-12-20 | Unrestricted file upload vulnerability in the "My productions" component for main/auth/profile.php (aka the "My profile" page) in Dokeos 1.8.4 allows remote authenticated users to upload and execute arbitrary PHP files... |
| CVE-2007-6480 | 2007-12-20 | The Oracle database component in Sun Management Center (Sun MC) 3.6.1, 3.6, and 3.5 Update 1 has a default account, which allows remote attackers to obtain database access and execute... |
| CVE-2007-6481 | 2007-12-20 | Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to create or delete arbitrary directories via unspecified vectors. |
| CVE-2007-6482 | 2007-12-20 | Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to cause a denial of service (daemon crash) via... |
| CVE-2007-6483 | 2007-12-20 | Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.0.0 through 7.4.0 and possibly earlier versions, and Sentinel Keys Server 1.0.3 and possibly earlier versions, allows remote attackers to read arbitrary... |
| CVE-2007-6485 | 2007-12-20 | Multiple PHP remote file inclusion vulnerabilities in Centreon 1.4.1 (aka Oreon 1.4) allow remote attackers to execute arbitrary PHP code via a URL in the fileOreonConf parameter to (1) MakeXML.php... |
| CVE-2007-6486 | 2007-12-20 | Multiple cross-site scripting (XSS) vulnerabilities in shout.php (aka the shoutbox) in LineShout 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username (nickname) or (2)... |
| CVE-2007-6487 | 2007-12-20 | Unspecified vulnerability in Plain Black WebGUI 7.4.0 through 7.4.17 allows remote authenticated users with Secondary Admin privileges to create Admin accounts, a different vulnerability than CVE-2006-0680. |
| CVE-2007-6488 | 2007-12-20 | Multiple PHP remote file inclusion vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the dir[classes] parameter to sitemap.xml.php... |
| CVE-2007-6489 | 2007-12-20 | Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gb_mail, (2) gb_name, and (3) gb_text... |
| CVE-2007-6490 | 2007-12-20 | Cross-site request forgery (CSRF) vulnerability in Falcon Series One CMS 1.4.3 allows remote attackers to change a password via a certain changepass action to index.php. |
| CVE-2007-6491 | 2007-12-20 | Multiple SQL injection vulnerabilities in Kvaliitti WebDoc 3.0 CMS allow remote attackers to execute arbitrary SQL commands via (1) the cat_id parameter to categories.asp; and probably (2) the document_id parameter... |
| CVE-2007-6492 | 2007-12-20 | The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via an... |
| CVE-2007-6493 | 2007-12-20 | The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to execute arbitrary code via a certain argument to the SetHandler method. |
| CVE-2007-6494 | 2007-12-20 | Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to obtain login access via a request to hosting/addreseller.asp with a username in the reseller parameter, followed by a... |
| CVE-2007-6495 | 2007-12-20 | inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the permissions of directories named (1) db, (2) www, (3) Special, and (4) log... |
| CVE-2007-6496 | 2007-12-20 | Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to register arbitrary users via a request to hosting/addsubsite.asp with the loginname and password parameters set, when preceded by... |
| CVE-2007-6497 | 2007-12-20 | Hosting Controller 6.1 Hot fix 3.3 and earlier (1) allows remote attackers to change arbitrary user profiles via a request to Hosting/Addreseller.asp with modified loginname and email parameters; and (2)... |
| CVE-2007-6498 | 2007-12-20 | Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) email and (2) loginname parameters... |
| CVE-2007-6499 | 2007-12-20 | Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to uninstall the FrontPage extensions of an arbitrary account via a request to fp2002/UNINSTAL.asp with... |
| CVE-2007-6500 | 2007-12-20 | Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to delete "gateway information" via a request to OpenApi/GatewayVariables.asp. |
| CVE-2007-6501 | 2007-12-20 | Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to enable or disable "pay type" via a request to adminsettings/choosetranstype.asp. |
| CVE-2007-6502 | 2007-12-20 | Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to obtain sensitive information via (1) the AdminName and AdminLevel parameters to fp2000/NEWSRVR.asp, which discloses usernames; and (2)... |
| CVE-2007-6503 | 2007-12-20 | Multiple unspecified vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to (1) import an arbitrary plan via a request to hosting/importhostingplans.asp; or (2) change... |
| CVE-2007-6504 | 2007-12-20 | Unspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the headers of arbitrary hosts via an unspecified parameter. |
| CVE-2007-6484 | 2007-12-20 | SQL injection vulnerability in index.php in phpRPG 0.8 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details... |
| CVE-2003-1538 | 2007-12-20 | susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server, and Openexchange Server 4 does not properly filter shell metacharacters, which allows remote attackers to execute arbitrary commands via CGI... |
| CVE-2007-6285 | 2007-12-20 | The default configuration for autofs 5 (autofs5) in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 4 and 5, does not specify the nodev mount option for the... |
| CVE-2007-6334 | 2007-12-20 | Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first... |
| CVE-2007-6341 | 2007-12-20 | Net/DNS/RR/A.pm in Net::DNS 0.60 build 654, as used in packages such as SpamAssassin and OTRS, allows remote attackers to cause a denial of service (program "croak") via a crafted DNS... |
| CVE-2007-6349 | 2007-12-20 | P4Webs.exe in Perforce P4Web 2006.2 and earlier, when running on Windows, allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with an empty body... |
| CVE-2007-6505 | 2007-12-20 | Solaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit records with an audit-ID of 0 even when the user logging into ssh is not... |
| CVE-2007-6506 | 2007-12-20 | The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile... |
| CVE-2007-6507 | 2007-12-20 | SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain "full... |
| CVE-2007-4567 | 2007-12-21 | The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service... |
| CVE-2007-6508 | 2007-12-21 | Directory traversal vulnerability in view.php in xeCMS 1.0 allows remote attackers to read arbitrary files via a ..%2F (dot dot slash) in the list parameter. |
| CVE-2007-6509 | 2007-12-21 | Unspecified vulnerability in Appian Enterprise Business Process Management (BPM) Suite 5.6 SP1 allows remote attackers to cause a denial of service via a crafted packet to port 5400/tcp. |
| CVE-2007-6510 | 2007-12-21 | Multiple stack-based buffer overflows in ProWizard 4 PC (prowiz) 1.62 and earlier allow remote attackers to execute arbitrary code via a crafted file to the (1) AMOS-MusicBank, (2) FuzzacPacker, and... |
| CVE-2007-6511 | 2007-12-21 | Websense Enterprise 6.3.1 allows remote attackers to bypass content filtering by visiting http URLs with a (1) RealPlayer G2, (2) MSMSGS, or (3) StoneHttpAgent User-Agent header, which results in a... |
| CVE-2007-6512 | 2007-12-21 | PHP MySQL Banner Exchange 2.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database information via a direct request to inc/lib.inc. |
| CVE-2007-6513 | 2007-12-21 | HP eSupportDiagnostics ActiveX control (hpediag.dll) 1.0.11.0 exports dangerous methods, which allows remote attackers to (1) read arbitrary files via the ReadTextFile method, or (2) read arbitrary registry values via the... |
| CVE-2007-6514 | 2007-12-21 | Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for... |
| CVE-2007-6515 | 2007-12-21 | support/dispatch.cgi in SiteScape Forum allows remote attackers to execute arbitrary TCL code via code separator characters in the query string. |
| CVE-2007-6516 | 2007-12-21 | Buffer overflow in RavWare Software MAS Flic ActiveX Control (masflc.ocx) 1.0.0.1 allows remote attackers to execute arbitrary code via a long FileName property. |
| CVE-2007-6419 | 2007-12-24 | Unspecified vulnerability in rpc.yppasswdd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. |
| CVE-2007-6517 | 2007-12-24 | SQL injection vulnerability in the forget password section (LostPwd.asp) in Eagle Software Aeries Browser Interface (ABI) 3.7.9.17 allows remote attackers to execute arbitrary SQL commands via the EmailAddress parameter. NOTE:... |
| CVE-2007-6518 | 2007-12-24 | Multiple SQL injection vulnerabilities in search.php in WoltLab Burning Board (wBB) Lite 1.0.2 pl3e allow remote attackers to execute arbitrary SQL commands via the (1) showposts, (2) sortby, and (3)... |
| CVE-2007-6519 | 2007-12-24 | Unspecified vulnerability in the File-on-File Mounting File System (FFM) in HP Tru64 UNIX 5.1B-4 and 5.1B-3 allows local users to cause a denial of service (system crash) via unspecified vectors. |
| CVE-2007-6520 | 2007-12-24 | Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vectors related to plug-ins. |
| CVE-2007-6521 | 2007-12-24 | Unspecified vulnerability in Opera before 9.25 allows remote attackers to execute arbitrary code via crafted TLS certificates. |
| CVE-2007-6522 | 2007-12-24 | The rich text editing functionality in Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks by using designMode to modify contents of pages in other domains. |
| CVE-2007-6523 | 2007-12-24 | Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x before 9.25 allows remote attackers to cause a denial of service (CPU consumption) via a crafted bitmap (BMP) file that triggers... |
| CVE-2007-6524 | 2007-12-24 | Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap (BMP) file, as demonstrated using a CANVAS element and JavaScript in an HTML document... |
| CVE-2007-4474 | 2007-12-27 | Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attackers to... |
| CVE-2007-5342 | 2007-12-27 | The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to... |
| CVE-2007-6525 | 2007-12-27 | Unspecified vulnerability in eClient in IBM DB2 Content Manager (CM) Toolkit 8.3 before fix pack 7 for z/OS has unknown impact and attack vectors, related to "scripting." |
| CVE-2007-6526 | 2007-12-27 | Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via the area_name parameter. |
| CVE-2007-6527 | 2007-12-27 | uploadimg.php in the Automatic Image Upload with Thumbnails (imgUpload) module 1.3.2 for PunBB only verifies the Content-type field of uploaded files, which allows remote attackers to upload and execute arbitrary... |
| CVE-2007-6528 | 2007-12-27 | Directory traversal vulnerability in tiki-listmovies.php in TikiWiki before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and modified filename in the movie parameter. |
| CVE-2007-6529 | 2007-12-27 | Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have unknown impact and attack vectors involving (1) tiki-edit_css.php, (2) tiki-list_games.php, or (3) tiki-g-admin_shared_source.php. |
| CVE-2007-6530 | 2007-12-27 | Buffer overflow in the XUpload.ocx ActiveX control in Persits Software XUpload 2.1.0.1, and probably other versions before 3.0, as used by HP Mercury LoadRunner and Groove Virtual Office, allows remote... |
| CVE-2007-6533 | 2007-12-27 | Buffer overflow in Zoom Player 6.00 beta 2 and earlier allows user-assisted remote attackers to execute arbitrary code via an HTTP link to a PLS file in a crafted ZPL... |
| CVE-2007-6534 | 2007-12-27 | Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart. |
| CVE-2007-6535 | 2007-12-27 | Buffer overflow in the YShortcut ActiveX control in YShortcut.dll 2006.8.15.1 in Yahoo! Toolbar might allow attackers to execute arbitrary code via a long string to the IsTaggedBM method. |
| CVE-2007-6536 | 2007-12-27 | The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names,... |
| CVE-2007-6537 | 2007-12-27 | Stack-based buffer overflow in the zfile_gunzip function in zfile.c in WinUAE 1.4.4 and earlier allows user-assisted remote attackers to execute arbitrary code via a long filename in a gzipped archive,... |
| CVE-2007-6538 | 2007-12-27 | SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2007-6539 | 2007-12-27 | PHP local file inclusion vulnerability in index.php in IDevspot iSupport 1.8 allows remote attackers to include local files via the include_file parameter. |
| CVE-2007-6540 | 2007-12-27 | SQL injection vulnerability in neuron news 1.0 allows remote attackers to execute arbitrary SQL commands via the q parameter to the default URI in patch/. |
| CVE-2007-6541 | 2007-12-27 | Multiple cross-site scripting (XSS) vulnerabilities in neuron news 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the topic parameter in a viewtopic action, or the... |
| CVE-2007-6542 | 2007-12-27 | PHP remote file inclusion vulnerability in admin/frontpage_right.php in Arcadem LE 2.04 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter. |
| CVE-2007-6543 | 2007-12-28 | SQL injection vulnerability in suggest-link.php in eSyndiCat Link Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2007-6544 | 2007-12-28 | Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/;... |
| CVE-2007-6545 | 2007-12-28 | Multiple cross-site scripting (XSS) vulnerabilities in RunCMS before 1.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) the subject parameter to modules/news/submit.php; (2) the PATH_INFO to... |
| CVE-2007-6546 | 2007-12-28 | RunCMS before 1.6.1 uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id. |
| CVE-2007-6547 | 2007-12-28 | RunCMS before 1.6.1 does not require entry of the old password during a password change, which allows context-dependent attackers to change passwords upon obtaining temporary access to a session. |
| CVE-2007-6548 | 2007-12-28 | Multiple direct static code injection vulnerabilities in RunCMS before 1.6.1 allow remote authenticated administrators to inject arbitrary PHP code via the (1) header and (2) footer parameters to modules/system/admin.php in... |
| CVE-2007-6549 | 2007-12-28 | Unspecified vulnerability in RunCMS before 1.6.1 has unknown impact and attack vectors, related to "pagetype using." |
| CVE-2007-6550 | 2007-12-28 | form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute... |
| CVE-2007-6551 | 2007-12-28 | SQL injection vulnerability in showMsg.php in MailMachine Pro 2.2.4, and other versions before 2.2.6, allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2007-6552 | 2007-12-28 | Directory traversal vulnerability in index.php in AuraCMS 2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the act parameter, possibly involving... |
| CVE-2007-6553 | 2007-12-28 | Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONF[app_root] parameter to (1) tcuser.class.php,... |
| CVE-2007-6554 | 2007-12-28 | Multiple directory traversal vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to... |
| CVE-2007-6555 | 2007-12-28 | PHP remote file inclusion vulnerability in modules/mod_pxt_latest.php in the mosDirectory (com_directory) 2.3.2 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter. |
| CVE-2007-6556 | 2007-12-28 | Multiple SQL injection vulnerabilities in websihirbazi 5.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to default.asp in a news page action or (2) the... |
| CVE-2007-6557 | 2007-12-28 | Multiple SQL injection vulnerabilities in MeGaCheatZ 1.1 allow remote attackers to execute arbitrary SQL commands via the ItemID parameter to (1) comments.php, (2) view.php, (3) siteadmin/ViewItem.php, and unspecified other vectors. |
| CVE-2007-6558 | 2007-12-28 | TotalPlayer 3.0 allows user-assisted remote attackers to cause a denial of service (application crash) via a large .m3u file. NOTE: this might be a duplicate of CVE-2006-6288. |
| CVE-2007-6559 | 2007-12-28 | Multiple SQL injection vulnerabilities in Logaholic before 2.0 RC8 allow remote attackers to execute arbitrary SQL commands via (1) the from parameter to index.php or (2) the page parameter to... |
| CVE-2007-6560 | 2007-12-28 | Multiple cross-site scripting (XSS) vulnerabilities in Logaholic before 2.0 RC8 allow remote attackers to inject arbitrary web script or HTML via (1) the newconfname parameter to profiles.php or (2) the... |
| CVE-2007-6561 | 2007-12-28 | Multiple stack-based buffer overflows in PDFLib allow user-assisted remote attackers to execute arbitrary code via a long filename argument to the PDF_load_image function that results in an overflow in the... |
| CVE-2007-6562 | 2007-12-28 | Multiple stack-based buffer overflows in the use of FD_SET in TCPreen before 1.4.4 allow remote attackers to cause a denial of service via multiple concurrent connections, which result in overflows... |
| CVE-2007-6563 | 2007-12-28 | Heap-based buffer overflow in WinAce 2.65 and earlier, and possibly other versions before 2.69, allows user-assisted remote attackers to execute arbitrary code via a long filename in a compressed UUE... |
| CVE-2007-6564 | 2007-12-28 | Cross-site scripting (XSS) vulnerability in admin.php in Limbo CMS 1.0.4.2 allows remote attackers to inject arbitrary web script or HTML via the com_option parameter. |
| CVE-2007-6565 | 2007-12-28 | Multiple SQL injection vulnerabilities in Blakord Portal 1.3.A Beta and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to an arbitrary component. |
| CVE-2007-6566 | 2007-12-28 | SQL injection vulnerability in post.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatid parameter to index.php. |
| CVE-2007-6567 | 2007-12-28 | Directory traversal vulnerability in index.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename... |
| CVE-2007-6568 | 2007-12-28 | PHP remote file inclusion vulnerability in config.inc.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path_escape parameter. |
| CVE-2007-6569 | 2007-12-28 | Cross-site scripting (XSS) vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows remote attackers to inject arbitrary web script or HTML... |
| CVE-2007-6570 | 2007-12-28 | Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject... |