CVE List - 2007 / July
Showing 1 - 100 of 587 CVEs for July 2007 (Page 1 of 6)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2007-3505 | 2007-07-02 | Multiple directory traversal vulnerabilities in QuickTalk forum 1.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) sequence in the lang parameter to (1)... |
| CVE-2007-3506 | 2007-07-02 | The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType 2.3.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors involving bitmap fonts, related to... |
| CVE-2007-3507 | 2007-07-02 | Stack-based buffer overflow in the local__vcentry_parse_value function in vorbiscomment.c in flac123 (aka flac-tools or flac) before 0.0.10 allows user-assisted remote attackers to execute arbitrary code via a large comment value_length. |
| CVE-2007-2835 | 2007-07-03 | Multiple stack-based buffer overflows in (1) CCE_pinyin.c and (2) xl_pinyin.c in ImmModules/cce/ in unicon-imc2 3.0.4, as used by zhcon and other applications, allow local users to gain privileges via a... |
| CVE-2007-2838 | 2007-07-03 | The populate_conns function in src/populate_conns.c in GSAMBAD 0.1.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gsambadtmp temporary file. |
| CVE-2007-3511 | 2007-07-03 | The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy... |
| CVE-2007-3512 | 2007-07-03 | Stack-based buffer overflow in Lhaca File Archiver before 1.22 allows user-assisted remote attackers to execute arbitrary code via a large LHA "Extended Header Size" value in an LZH archive, a... |
| CVE-2007-3513 | 2007-07-03 | The lcd_write function in drivers/usb/misc/usblcd.c in the Linux kernel before 2.6.22-rc7 does not limit the amount of memory used by a caller, which allows local users to cause a denial... |
| CVE-2007-3514 | 2007-07-03 | Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document... |
| CVE-2007-2837 | 2007-07-03 | The (1) getRule and (2) getChains functions in server/rules.cpp in fireflierd (fireflier-server) in FireFlier 1.1.6 allow local users to overwrite arbitrary files via a symlink attack on the /tmp/fireflier.rules temporary... |
| CVE-2007-3515 | 2007-07-03 | SQL injection vulnerability in view_event.php in TotalCalendar 2.402 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2007-3516 | 2007-07-03 | Multiple cross-site scripting (XSS) vulnerabilities in kayit.asp in Gorki Online Santrac Sitesi allow remote attackers to inject arbitrary web script or HTML via the (1) kullanici, (2) posta, or (3)... |
| CVE-2007-3517 | 2007-07-03 | Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) index.php, (2) demo/claroline170/index.php, and possibly other... |
| CVE-2007-3518 | 2007-07-03 | SQL injection vulnerability in msg.php in HispaH YouTube Clone Script (youtubeclone) allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2007-3519 | 2007-07-03 | SQL injection vulnerability in eventdisplay.php in phpEventCalendar 0.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2007-3520 | 2007-07-03 | SQL injection vulnerability in process.php in Easybe 1-2-3 Music Store allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter. |
| CVE-2007-3521 | 2007-07-03 | SQL injection vulnerability in ArcadeBuilder Game Portal Manager 1.7 allows remote attackers to execute arbitrary SQL commands via a usercookie cookie. |
| CVE-2007-3522 | 2007-07-03 | Multiple PHP remote file inclusion vulnerabilities in sPHPell 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the SpellIncPath parameter to (1) spellcheckpageinc.php, (2) spellchecktext.php, (3)... |
| CVE-2007-3523 | 2007-07-03 | Multiple directory traversal vulnerabilities in Module/Galerie.php in XCMS 1.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) Ent or (2)... |
| CVE-2007-3524 | 2007-07-03 | Multiple PHP remote file inclusion vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the level parameter to (1)... |
| CVE-2007-3525 | 2007-07-03 | Ripe Website Manager 0.8.9 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information... |
| CVE-2007-3526 | 2007-07-03 | Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the news_id parameter to view_news.php, (2) the cat_id parameter to... |
| CVE-2007-3527 | 2007-07-03 | Integer overflow in Firebird 2.0.0 allows remote authenticated users to cause a denial of service (CPU consumption) via certain database operations with multi-byte character sets that trigger an attempt to... |
| CVE-2007-3528 | 2007-07-03 | The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC cryptography by (1) discarding random bits by the blowfish::make_ivec function in libdar/crypto.cpp that results in predictable and repeating IV values,... |
| CVE-2007-3529 | 2007-07-03 | videos.php in PHPDirector 0.21 and earlier allows remote attackers to obtain sensitive information via an empty value of the id[] parameter, which reveals the path in an error message. |
| CVE-2007-3530 | 2007-07-03 | PHPDirector 0.21 and earlier stores the admin account name and password in config.php, which allows local users to gain privileges by reading this file. |
| CVE-2007-3533 | 2007-07-03 | The 3Com IntelliJack Switch NJ220 before 2.0.23 allows remote attackers to cause a denial of service (reboot and reporting outage) via a loopback packet with zero in the length field. |
| CVE-2007-3534 | 2007-07-03 | SQL injection vulnerability in login.php in WebChat 0.78 allows remote attackers to execute arbitrary SQL commands via the rid parameter. |
| CVE-2007-3535 | 2007-07-03 | Multiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) FORUM_LANGUAGE... |
| CVE-2007-3536 | 2007-07-03 | Multiple buffer overflows in the AMX NetLinx VNC (AmxVnc) ActiveX control in AmxVnc.dll 1.0.13.0 allow remote attackers to execute arbitrary code via long (1) Host, (2) Password, or (3) LogFile... |
| CVE-2007-3537 | 2007-07-03 | IBM OS/400 (aka i5/OS) V4R2M0 through V5R3M0 on iSeries machines sends responses to TCP SYN-FIN packets, which allows remote attackers to obtain system information and possibly bypass firewall rules. |
| CVE-2007-3538 | 2007-07-03 | SQL injection vulnerability in qtg_msg_view.php in QuickTalk guestbook 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2007-3539 | 2007-07-03 | Multiple SQL injection vulnerabilities in QuickTicket 1.2 build:20070621 and QuickTalk Forum 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) t and (2) f parameters in (a)... |
| CVE-2007-3540 | 2007-07-03 | Multiple cross-site scripting (XSS) vulnerabilities in search.asp in rwAuction Pro 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) show, (3) searchtype, (4)... |
| CVE-2007-3541 | 2007-07-03 | Cross-site scripting (XSS) vulnerability in Kurinton sHTTPd 20070408 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2007-3542 | 2007-07-03 | Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. |
| CVE-2007-3543 | 2007-07-03 | Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies... |
| CVE-2007-3544 | 2007-07-03 | Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified... |
| CVE-2007-3545 | 2007-07-03 | Buffer overflow in Warzone 2100 Resurrection before 2.0.7 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long filename when setting background... |
| CVE-2007-3546 | 2007-07-03 | Cross-site scripting (XSS) vulnerability in the Windows GUI in Nessus Vulnerability Scanner before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2007-3547 | 2007-07-03 | Directory traversal vulnerability in qti_checkname.php in QuickTicket 1.2 allows remote attackers to include and execute arbitrary local files a .. (dot dot) in the lang parameter. |
| CVE-2007-3508 | 2007-07-03 | Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc... |
| CVE-2007-3548 | 2007-07-03 | Stack-based buffer overflow in W3Filer 2.1.3 allows remote FTP servers to cause a denial of service (application hang or crash) and possibly execute arbitrary code by sending a large banner... |
| CVE-2007-3549 | 2007-07-03 | SQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. |
| CVE-2007-3550 | 2007-07-03 | Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to fill Zones with arbitrary domains using certain metacharacters such as wildcards via JavaScript, which results in a denial of service... |
| CVE-2007-3551 | 2007-07-03 | Buffer overflow in bbs100 before 3.2 allows remote attackers to cause a denial of service (crash) by attempting to login as the Guest user when another Guest user is already... |
| CVE-2007-3552 | 2007-07-03 | Multiple unspecified vulnerabilities in bbs100 before 3.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving certain v*printf and shift_StringIO functions. NOTE: some details... |
| CVE-2007-3553 | 2007-07-03 | Cross-site scripting (XSS) vulnerability in Rapid Install Web Server in Oracle Application Server 11i allows remote attackers to inject arbitrary web script or HTML via a URL to the "Secondary... |
| CVE-2006-7215 | 2007-07-03 | The Intel Core 2 Extreme processor X6800 and Core 2 Duo desktop processor E6000 and E4000 incorrectly set the memory page Access (A) bit for a page in certain circumstances... |
| CVE-2007-2949 | 2007-07-04 | Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1)... |
| CVE-2007-3554 | 2007-07-04 | Stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX control in sdd.dll in HP Instant Support - Driver Check before 1.5.0.3 allows remote attackers to execute arbitrary code via a... |
| CVE-2007-3555 | 2007-07-04 | Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability... |
| CVE-2007-3556 | 2007-07-04 | Liesbeth base CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an include file containing account credentials via a direct request... |
| CVE-2007-3557 | 2007-07-04 | SQL injection vulnerability in admin/login.php in Wheatblog (wB) 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter. |
| CVE-2007-3559 | 2007-07-04 | Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or HTML via the URI,... |
| CVE-2007-3560 | 2007-07-04 | Multiple unspecified vulnerabilities in Esqlanelapse before 2.6 have unknown impact and attack vectors. |
| CVE-2007-3561 | 2007-07-04 | Cross-site scripting (XSS) vulnerability in ara.asp in Efendy Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the ara parameter. NOTE: the provenance of this information... |
| CVE-2007-3562 | 2007-07-04 | SQL injection vulnerability in videos.php in PHP Director 0.21 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2007-3563 | 2007-07-04 | SQL injection vulnerability in includes/view_page.php in AV Arcade 2.1b allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_page action to index.php. |
| CVE-2007-3558 | 2007-07-04 | SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component. |
| CVE-2007-3011 | 2007-07-05 | The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens Computers ServerView before 4.50.09 allows remote attackers to execute arbitrary commands via shell metacharacters in the Servername subparameter of the... |
| CVE-2007-3012 | 2007-07-05 | The web interface in Fujitsu-Siemens Computers PRIMERGY BX300 Switch Blade allows remote attackers to obtain sensitive information by canceling the authentication dialog when accessing a sub-page, which still displays the... |
| CVE-2007-3567 | 2007-07-05 | MySQLDumper 1.21b through 1.23 REV227 uses a "Limit GET" statement in the .htaccess authentication mechanism, which allows remote attackers to bypass authentication requirements via HTTP POST requests. |
| CVE-2007-3568 | 2007-07-05 | The _LoadBMP function in imlib 1.9.15 and earlier allows context-dependent attackers to cause a denial of service (infinite loop) via a BMP image with a Bits Per Page (BPP) value... |
| CVE-2007-3569 | 2007-07-05 | Multiple cross-site scripting (XSS) vulnerabilities in Oliver Library Management System allow remote attackers to inject arbitrary web script or HTML via the (1) updateform and (2) displayform parameter to (a)... |
| CVE-2007-3570 | 2007-07-05 | The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a... |
| CVE-2007-3571 | 2007-07-05 | The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response... |
| CVE-1999-1591 | 2007-07-05 | Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements,... |
| CVE-2004-2681 | 2007-07-05 | PeerSec MatrixSSL before 1.1 caches session keys for an indefinitely long time, which might make it easier for remote attackers to hijack a session. |
| CVE-2006-7217 | 2007-07-05 | Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode. |
| CVE-2007-3572 | 2007-07-05 | Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in the web interface on the Yoggie Pico and Pico Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the param parameter,... |
| CVE-2007-3573 | 2007-07-05 | Multiple SQL injection vulnerabilities in akocomment allow remote attackers to execute arbitrary SQL commands via the (1) acparentid or (2) acitemid parameter to an unspecified component, different vectors than CVE-2006-1421. |
| CVE-2007-3574 | 2007-07-05 | Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the... |
| CVE-2007-3575 | 2007-07-05 | SQL injection vulnerability in includes/functions in FreeDomain.co.nr Clone allows remote attackers to execute arbitrary SQL commands via the logindomain parameter to members.php. |
| CVE-2007-3576 | 2007-07-05 | Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the "script" character sequence, using the (1) vbscript: handler for scheme names with 7 through... |
| CVE-2007-3577 | 2007-07-05 | PHPIDS before 20070703 does not properly handle use of the substr method in (1) document.location.search and (2) document.referrer; (3) certain use of document.location.hash; (4) certain "window[eval" and similar expressions; (5)... |
| CVE-2007-3578 | 2007-07-05 | PHPIDS before 20070703 does not properly handle (1) arithmetic expressions and (2) unclosed comments, which allows remote attackers to inject arbitrary web script. |
| CVE-2007-3579 | 2007-07-05 | PHPIDS before 20070703 does not properly handle setting the .text property of a SCRIPT element before its attachment to the DOM, which allows remote attackers to inject arbitrary web script. |
| CVE-2007-3580 | 2007-07-05 | PHPIDS does not properly handle certain code containing newlines, as demonstrated by a try/catch block within a loop, which allows user-assisted remote attackers to inject arbitrary web script. |
| CVE-2007-3581 | 2007-07-05 | The Jedox Palo 1.5 client transmits the password in cleartext, which might allow remote attackers to obtain the password by sniffing the network, as demonstrated by starting Excel with the... |
| CVE-2007-3582 | 2007-07-05 | SQL injection vulnerability in index.php in SuperCali PHP Event Calendar 0.4.0 allows remote attackers to execute arbitrary SQL commands via the o parameter. |
| CVE-2007-3583 | 2007-07-05 | SQL injection vulnerability in details_news.php in Girlserv ads 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the idnew parameter. |
| CVE-2007-3584 | 2007-07-05 | SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i and earlier for Postnuke allows remote attackers to execute arbitrary SQL commands via the order parameter. |
| CVE-2007-3585 | 2007-07-05 | PHP remote file inclusion vulnerability in games.php in MyCMS 0.9.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the id parameter. |
| CVE-2007-3586 | 2007-07-05 | Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 and earlier allow remote attackers to inject arbitrary PHP code into (1) a _score.txt file via the score parameter, or (2)... |
| CVE-2007-3587 | 2007-07-05 | MyCMS 0.9.8 and earlier allows remote attackers to gain privileges via the admin cookie parameter, as demonstrated by a post to admin/settings.php that injects PHP code into settings.inc, which can... |
| CVE-2007-3588 | 2007-07-05 | SQL injection vulnerability in reply.php in VBZooM 1.12 allows remote attackers to execute arbitrary SQL commands via the UserID parameter to sub-join.php. NOTE: this may be the same as CVE-2006-3691.4. |
| CVE-2004-2682 | 2007-07-05 | PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which allows context-dependent attackers to obtain the server's private key by determining factors using timing differences on (1) the number of... |
| CVE-2005-4849 | 2007-07-05 | Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL... |
| CVE-2006-7216 | 2007-07-05 | Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated... |
| CVE-2007-2839 | 2007-07-05 | gfax 0.4.2 and probably other versions creates temporary files insecurely, which allows local users to execute arbitrary commands via unknown vectors. |
| CVE-2007-3589 | 2007-07-05 | Multiple SQL injection vulnerabilities in b1gbb 2.24.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showthread.php or (2) showboard.php. |
| CVE-2007-3590 | 2007-07-05 | Cross-site scripting (XSS) vulnerability in visitenkarte.php in b1gBB 2.24.0 allows remote attackers to inject arbitrary web script or HTML via the user parameter. |
| CVE-2007-3591 | 2007-07-06 | Unspecified vulnerability in Profile.php in Elite Bulletin Board before 1.0.10 allows remote attackers to modify profile information via unspecified vectors related to "a remote form," probably related to direct requests... |
| CVE-2007-3592 | 2007-07-06 | PM.php in Elite Bulletin Board before 1.0.10 allows remote authenticated users to delete arbitrary PM messages and conduct other attacks via modified id fields. |
| CVE-2007-3593 | 2007-07-06 | Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine NetFlow Analyzer 5 allow remote attackers to inject arbitrary web script or HTML via the (1) alpha parameter in (a) netflow/jspui/applicationList.jsp, the (2)... |
| CVE-2007-3594 | 2007-07-06 | Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do... |
| CVE-2007-3596 | 2007-07-06 | inc/vul_check.inc in phpVideoPro before 0.8.8 permits non-alphanumeric characters in the sess_id parameter, which has unknown impact and remote attack vectors, probably cross-site scripting (XSS). |
| CVE-2007-3597 | 2007-07-06 | Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows remote attackers to hijack web sessions by setting the Cookie parameter. |
| CVE-2007-3599 | 2007-07-06 | vtiger CRM before 5.0.3 allows remote authenticated users to import and export the information for a contact even when they only have the View permission. |