Lista CVE - 2007 / Gennaio
Visualizzazione 201 - 300 di 725 CVE per Gennaio 2007 (Pagina 3 di 8)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2007-0149 | 2007-01-09 | EMembersPro 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for users.mdb. |
| CVE-2007-0150 | 2007-01-09 | Multiple PHP remote file inclusion vulnerabilities in index.php in Dayfox Blog allow remote attackers to execute arbitrary PHP code via a URL in the (1) page, (2) subject, and (3)... |
| CVE-2007-0151 | 2007-01-09 | MitiSoft stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for access_MS/MitiSoft.mdb. |
| CVE-2007-0152 | 2007-01-09 | OhhASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/OhhASP.mdb. |
| CVE-2007-0153 | 2007-01-09 | AJLogin 3.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for ajlogin.mdb. |
| CVE-2007-0154 | 2007-01-09 | Webulas stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/db.mdb. |
| CVE-2007-0155 | 2007-01-09 | HarikaOnline 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for harikaonline.mdb. |
| CVE-2007-0156 | 2007-01-09 | M-Core stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to db/uyelik.mdb. |
| CVE-2004-2672 | 2007-01-09 | Unspecified vulnerability in ArGoSoft FTP server before 1.4.2.2 allows attackers to upload .lnk files via unknown vectors. |
| CVE-2004-2673 | 2007-01-09 | Multiple buffer overflows in ArGoSoft FTP Server before 1.4.1.6 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a SITE ZIP command... |
| CVE-2004-2674 | 2007-01-09 | Directory traversal vulnerability in ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users to determine the existence of arbitrary files via ".." sequences in the SITE UNZIP argument. |
| CVE-2004-2675 | 2007-01-09 | ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users to cause a denial of service (crash) via a SITE PASS command with a long password parameter, which causes the database... |
| CVE-2007-0157 | 2007-01-09 | Array index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of... |
| CVE-2006-5574 | 2007-01-09 | Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute... |
| CVE-2007-0027 | 2007-01-09 | Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption. |
| CVE-2006-1305 | 2007-01-09 | Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to... |
| CVE-2006-6101 | 2007-01-09 | Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a... |
| CVE-2006-6102 | 2007-01-09 | Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a... |
| CVE-2006-6103 | 2007-01-09 | Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a... |
| CVE-2007-0024 | 2007-01-09 | Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1... |
| CVE-2007-0028 | 2007-01-09 | Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary... |
| CVE-2007-0029 | 2007-01-09 | Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed... |
| CVE-2007-0030 | 2007-01-09 | Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range... |
| CVE-2007-0031 | 2007-01-09 | Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8... |
| CVE-2007-0033 | 2007-01-09 | Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file. |
| CVE-2007-0034 | 2007-01-09 | Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS)... |
| CVE-2006-6143 | 2007-01-10 | The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized... |
| CVE-2006-6144 | 2007-01-10 | The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote... |
| CVE-2006-6914 | 2007-01-10 | Unspecified vulnerability in ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote attackers to obtain sensitive information, including passwords, via unspecified vectors. |
| CVE-2006-6915 | 2007-01-10 | ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote authenticated users to cause a denial of service (port exhaustion) via unspecified vectors. NOTE: some details were obtained from third party... |
| CVE-2007-0159 | 2007-01-10 | Directory traversal vulnerability in the GeoIP_update_database_general function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious update servers (possibly only update.maxmind.com) to overwrite arbitrary files via a .. (dot dot) in... |
| CVE-2007-0160 | 2007-01-10 | Stack-based buffer overflow in the LiveJournal support (hooks/ljhook.cc) in CenterICQ 4.9.11 through 4.21.0, when using unofficial LiveJournal servers, allows remote attackers to cause a denial of service (crash) and possibly... |
| CVE-2007-0161 | 2007-01-10 | The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute... |
| CVE-2007-0162 | 2007-01-10 | Unsanity Application Enhancer (APE) 2.0.2 installs with insecure permissions for the (1) ApplicationEnhancer binary and the (2) /Library/Frameworks/ApplicationEnhancer.framework directory, which allows local users to gain privileges by modifying or replacing... |
| CVE-2007-0163 | 2007-01-10 | SecureKit Steganography 1.7.1 and 1.8 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing the last 20 bytes... |
| CVE-2007-0164 | 2007-01-10 | Camouflage 1.2.1 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing certain bytes of the JPEG image with... |
| CVE-2007-0165 | 2007-01-10 | Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind. |
| CVE-2007-0167 | 2007-01-10 | Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search Engine), as distributed with other aliases, allow remote attackers to execute arbitrary PHP code via a URL in the INC... |
| CVE-2006-5857 | 2007-01-10 | Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code via a crafted PDF file that triggers memory corruption and overwrites a subroutine pointer during rendering. |
| CVE-2006-5858 | 2007-01-10 | Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double... |
| CVE-2007-0170 | 2007-01-11 | PHP remote file inclusion vulnerability in index.php in AllMyVisitors 0.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the AMV_serverpath parameter. |
| CVE-2007-0171 | 2007-01-11 | PHP remote file inclusion vulnerability in index.php in AllMyLinks 0.5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AML_opensite parameter. |
| CVE-2007-0172 | 2007-01-11 | Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the AMG_serverpath parameter to (1) comments.php and... |
| CVE-2007-0173 | 2007-01-11 | Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files... |
| CVE-2007-0174 | 2007-01-11 | Multiple stack-based multiple buffer overflows in the BRWOSSRE2UC.dll ActiveX Control in Sina UC2006 and earlier allow remote attackers to execute arbitrary code via a long string in the (1) astrVerion... |
| CVE-2007-0175 | 2007-01-11 | Cross-site scripting (XSS) vulnerability in htsrv/login.php in b2evolution 1.8.6 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes in the redirect_to parameter. |
| CVE-2007-0176 | 2007-01-11 | Cross-site scripting (XSS) vulnerability in search/advanced_search.php in GForge 4.5.11 allows remote attackers to inject arbitrary web script or HTML via the words parameter. |
| CVE-2007-0177 | 2007-01-11 | Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to... |
| CVE-2007-0178 | 2007-01-11 | PHP remote file inclusion vulnerability in info.php in Easy Banner Pro 2.8 allows remote attackers to execute arbitrary PHP code via a URL in the s[phppath] parameter. |
| CVE-2007-0179 | 2007-01-11 | SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the subid parameter. |
| CVE-2007-0180 | 2007-01-11 | Stack-based buffer overflow in EF Commander 5.75 allows user-assisted attackers to execute arbitrary code via a crafted ISO file containing a file within several nested directories, which produces a large... |
| CVE-2007-0181 | 2007-01-11 | PHP remote file inclusion vulnerability in include/common_function.php in magic photo storage website allows remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter. |
| CVE-2007-0182 | 2007-01-11 | Multiple PHP remote file inclusion vulnerabilities in magic photo storage website allow remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter to (1) admin_password.php, (2)... |
| CVE-2007-0183 | 2007-01-11 | Cross-site scripting (XSS) vulnerability in /search in iPlanet Web Server 4.x allows remote attackers to inject arbitrary web script or HTML via the NS-max-records parameter. NOTE: The provenance of this... |
| CVE-2007-0184 | 2007-01-11 | Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks. |
| CVE-2007-0185 | 2007-01-11 | Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to cause a denial of service (memory exhaustion and servlet outage) via unknown vectors related to a large number of calls... |
| CVE-2007-0186 | 2007-01-11 | Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN allow remote attackers to inject arbitrary web script or HTML via (1) the xcho parameter to my.logon.php3; the (2) topblue,... |
| CVE-2007-0187 | 2007-01-11 | F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via (1) a trailing null byte, (2) multiple leading slashes, (3) Unicode encoding, (4) URL-encoded directory... |
| CVE-2007-0188 | 2007-01-11 | F5 FirePass 5.4 through 5.5.1 does not properly enforce host access restrictions when a client uses a single integer (dword) representation of an IP address ("dotless IP address"), which allows... |
| CVE-2007-0189 | 2007-01-11 | PHP remote file inclusion vulnerability in index.php in GeoBB Georgian Bulletin Board allows remote attackers to execute arbitrary PHP code via a URL in the action parameter. NOTE: CVE disputes... |
| CVE-2007-0190 | 2007-01-11 | PHP remote file inclusion vulnerability in edit_address.php in edit-x ecommerce allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter. |
| CVE-2007-0191 | 2007-01-11 | Cross-site scripting (XSS) vulnerability in admin.php in MKPortal allows remote attackers to inject arbitrary web script or HTML via two certain fields in a contents_new operation in the ad_contents section. |
| CVE-2007-0192 | 2007-01-11 | Cross-site request forgery (CSRF) vulnerability in the save_main operation in the ad_perms section in admin.php in MKPortal allows remote attackers to modify privilege settings, as demonstrated using a getURL of... |
| CVE-2007-0193 | 2007-01-11 | FON La Fonera routers do not properly limit DNS service access by unauthenticated clients, which allows remote attackers to tunnel traffic via DNS requests for hosts that should not be... |
| CVE-2007-0194 | 2007-01-11 | admin.php in MKPortal M1.1 RC1 allows remote attackers to obtain sensitive information via a direct request with an MK_PATH=1 query string, which reveals the path in an error message. |
| CVE-2007-0195 | 2007-01-11 | my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows... |
| CVE-2006-6916 | 2007-01-11 | Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers to cause a denial of service (infinite loop) via unknown vectors related to "crafted input." |
| CVE-2007-0196 | 2007-01-11 | SQL injection vulnerability in admin_check_user.asp in Motionborg Web Real Estate 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (txtUserName parameter) and possibly other... |
| CVE-2007-0197 | 2007-01-11 | Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long volume name in a... |
| CVE-2007-0198 | 2007-01-11 | The JTapi Gateway process in Cisco Unified Contact Center Enterprise, Unified Contact Center Hosted, IP Contact Center Enterprise, and Cisco IP Contact Center Hosted 5.0 through 7.1 allows remote attackers... |
| CVE-2007-0199 | 2007-01-11 | The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message...... |
| CVE-2007-0200 | 2007-01-11 | PHP remote file inclusion vulnerability in template.php in Geoffrey Golliher Axiom Photo/News Gallery (axiompng) 0.8.6 allows remote attackers to execute arbitrary PHP code via a URL in the baseAxiomPath parameter. |
| CVE-2007-0201 | 2007-01-11 | Buffer overflow in the cmd_usr function in ftp-gw in TIS Internet Firewall Toolkit (FWTK) allows remote attackers to execute arbitrary code via a long destination hostname (dest). |
| CVE-2007-0202 | 2007-01-11 | SQL injection vulnerability in index.php in @lex Guestbook 4.0.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the lang parameter. |
| CVE-2007-0203 | 2007-01-11 | Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors. |
| CVE-2007-0204 | 2007-01-11 | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from... |
| CVE-2006-6917 | 2007-01-11 | Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup R11.5 Server before SP2 allows remote attackers to execute arbitrary code in the Tape Engine (tapeeng.exe) via a crafted RPC... |
| CVE-2007-0166 | 2007-01-11 | The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathnames when writing to /var/log/console.log during a jail start-up, or when file systems are mounted or unmounted,... |
| CVE-2007-0168 | 2007-01-11 | The Tape Engine service in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allows remote attackers to execute arbitrary code... |
| CVE-2007-0169 | 2007-01-11 | Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allow remote attackers to execute arbitrary code via... |
| CVE-2007-0205 | 2007-01-11 | Directory traversal vulnerability in admin/skins.php for @lex Guestbook 4.0.2 and earlier allows remote attackers to create files in arbitrary directories via ".." sequences in the (1) aj_skin and (2) skin_edit... |
| CVE-2006-6919 | 2007-01-11 | Firefox Sage extension 1.3.8 and earlier allows remote attackers to execute arbitrary Javascript in the local context via an RSS feed with an img tag containing the script followed by... |
| CVE-2006-6920 | 2007-01-11 | Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly involving (1) lib/ADMIN.php and (2) lib/SKIN.php. |
| CVE-2006-6918 | 2007-01-11 | Unspecified vulnerability in the Admin login for Georgian discussion board (GeoBB) before 1.0 has unknown impact and attack vectors. |
| CVE-2007-0206 | 2007-01-12 | Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allows remote attackers to read arbitrary files via unknown vectors. |
| CVE-2005-4823 | 2007-01-12 | Buffer overflow in the HP HTTP Server 5.0 through 5.95 of the HP Web-enabled Management Software allows remote attackers to execute arbitrary code via unknown vectors. |
| CVE-2006-6921 | 2007-01-12 | Unspecified versions of the Linux kernel allow local users to cause a denial of service (unrecoverable zombie process) via a program with certain instructions that prevent init from properly reaping... |
| CVE-2006-6922 | 2007-01-13 | SQL injection vulnerability in Deadlock User Management System (phpdeadlock) 0.64 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2006-6923 | 2007-01-13 | SQL injection vulnerability in newsletters/edition.php in bitweaver 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the tk parameter. |
| CVE-2006-6924 | 2007-01-13 | bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitive information via a sort_mode=-98 query string to (1) blogs/list_blogs.php, (2) fisheye/index.php, (3) wiki/orphan_pages.php, or (4) wiki/list_pages.php, which forces a SQL... |
| CVE-2006-6925 | 2007-01-13 | Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the message title field when submitting an article... |
| CVE-2006-6927 | 2007-01-13 | Multiple SQL injection vulnerabilities in Rialto 1.6 allow remote attackers to execute arbitrary SQL commands via (1) the uname (username) and (2) pword (passwd) fields in (a) admin/default.asp; the (3)... |
| CVE-2006-6928 | 2007-01-13 | Multiple cross-site scripting (XSS) vulnerabilities in Rialto 1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to (a) listmain.asp or (b) searchmain.asp, the... |
| CVE-2006-6929 | 2007-01-13 | Multiple cross-site scripting (XSS) vulnerabilities in Rapid Classified 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) reply.asp or (b) view_print.asp,... |
| CVE-2006-6930 | 2007-01-13 | SQL injection vulnerability in viewad.asp in Rapid Classified 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2007-0223 | 2007-01-13 | SQL injection vulnerability in shared/code/cp_functions_downloads.php in Nicola Asuni All In One Control Panel (AIOCP) before 1.3.009 allows remote attackers to execute arbitrary SQL commands via the download_category parameter. |
| CVE-2007-0224 | 2007-01-13 | SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginLastname parameter. |
| CVE-2007-0225 | 2007-01-13 | Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. |
| CVE-2007-0226 | 2007-01-13 | SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier allows remote attackers to execute arbitrary SQL commands via the "by User" field (aka the TXbyuser parameter). |
| CVE-2007-0227 | 2007-01-13 | slocate 3.1 does not properly manage database entries that specify names of files in protected directories, which allows local users to obtain the names of private files. NOTE: another researcher... |