Lista CVE - 2007 / Gennaio
Visualizzazione 701 - 725 di 725 CVE per Gennaio 2007 (Pagina 8 di 8)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2007-0619 | 2007-01-31 | chmlib before 0.39 allows user-assisted remote attackers to execute arbitrary code via a crafted page block length in a CHM file, which triggers memory corruption. |
| CVE-2007-0620 | 2007-01-31 | download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in... |
| CVE-2007-0622 | 2007-01-31 | Cross-site request forgery (CSRF) vulnerability in MyBB (aka MyBulletinBoard) 1.2.2 allows remote attackers to send messages to arbitrary users. NOTE: the provenance of this information is unknown; the details are... |
| CVE-2007-0623 | 2007-01-31 | SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows remote attackers to execute arbitrary SQL commands via the startrow parameter. |
| CVE-2007-0624 | 2007-01-31 | user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the full path via a ' (quote) character, and possibly other invalid values, in the uname parameter in a userinfo... |
| CVE-2007-0625 | 2007-01-31 | nxconfigure.sh in NoMachine NX Server before 2.1.0-18 does not validate the invoking user, which allows local users to modify server configuration keys in /usr/NX/etc/server.cfg, resulting in an unspecified denial of... |
| CVE-2007-0626 | 2007-01-31 | The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute... |
| CVE-2007-0627 | 2007-01-31 | Michael Still gtalkbot before 1.2 places username and password arguments on the command line, which allows local users to obtain sensitive information by listing the process. |
| CVE-2007-0628 | 2007-01-31 | Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script... |
| CVE-2007-0629 | 2007-01-31 | The www_purgeList method in Plain Black WebGUI before 7.3.8 does not properly check user permissions, which allows attackers to delete unauthorized assets. NOTE: some of these details are obtained from... |
| CVE-2007-0630 | 2007-01-31 | Multiple SQL injection vulnerabilities in the generate_csv function in classes/class.news.php in X-dev xNews 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) from,... |
| CVE-2007-0631 | 2007-01-31 | SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. |
| CVE-2007-0632 | 2007-01-31 | SQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via a username cookie, a different vector than CVE-2007-0560. |
| CVE-2007-0633 | 2007-01-31 | PHP remote file inclusion vulnerability in include/themes/themefunc.php in MyNews 4.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter. |
| CVE-2007-0634 | 2007-01-31 | Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets. |
| CVE-2007-0635 | 2007-01-31 | Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) config[path] parameter to (a) common_foot.php or (b)... |
| CVE-2007-0636 | 2007-01-31 | Unspecified vulnerability in inotify before 0.3.5 has unknown impact and attack vectors, related to "access rights to watched files." |
| CVE-2007-0637 | 2007-01-31 | Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter,... |
| CVE-2007-0638 | 2007-01-31 | show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers to obtain sensitive information (database contents) via a % (percent) character in the dbfieldv parameter. |
| CVE-2007-0639 | 2007-01-31 | Multiple static code injection vulnerabilities in error.php in GuppY 4.5.16 and earlier allow remote attackers to inject arbitrary PHP code into a .inc file in the data/ directory via (1)... |
| CVE-2007-0640 | 2007-01-31 | Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses." |
| CVE-2007-0641 | 2007-01-31 | Buffer overflow in the EnumPrintersA function in dapcnfsd.dll 0.6.4.0 in Shaffer Solutions (SSC) DiskAccess NFS Client allows remote attackers to execute arbitrary code via a long argument, an issue similar... |
| CVE-2007-0642 | 2007-01-31 | SQL injection vulnerability in tForum 2.00 in the Raymond BERTHOU script collection (aka RBL - ASP) allows remote attackers to execute arbitrary SQL commands via the (1) id and (2)... |
| CVE-2007-0643 | 2007-01-31 | Stack-based buffer overflow in Bloodshed Dev-C++ 4.9.9.2 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a... |
| CVE-2007-0644 | 2007-02-01 | Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled... |
| CVE-2007-0645 | 2007-02-01 | Format string vulnerability in iPhoto 6.0.5 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when... |
| CVE-2007-0646 | 2007-02-01 | Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format... |
| CVE-2007-0647 | 2007-02-01 | Format string vulnerability in Help Viewer 3.0.0 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled... |
| CVE-2007-0648 | 2007-02-01 | Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending... |
| CVE-2007-0649 | 2007-02-01 | Variable overwrite vulnerability in interface/globals.php in OpenEMR 2.8.2 and earlier allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as conduct (a) remote file inclusion... |
| CVE-2007-0650 | 2007-02-01 | Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in teTeX might allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename.... |
| CVE-2007-0656 | 2007-02-01 | PHP remote file inclusion vulnerability in includes/functions.php in phpBB2-MODificat 0.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
| CVE-2007-0657 | 2007-02-01 | Unspecified vulnerability in Nexuiz 2.2.2 allows remote attackers to read and overwrite arbitrary files via the gamedir command. |
| CVE-2007-0658 | 2007-02-01 | The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal and the (2) Captcha 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal allow remote attackers... |
| CVE-2007-0659 | 2007-02-01 | download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials. |
| CVE-2007-0660 | 2007-02-01 | Cross-site scripting (XSS) vulnerability in the IFrame module before 03.02.01 for DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "Pass through... |
| CVE-2007-0661 | 2007-02-01 | Intel Enterprise Southbridge 2 Baseboard Management Controller (BMC), Intel Server Boards 5000XAL, S5000PAL, S5000PSL, S5000XVN, S5000VCL, S5000VSA, SC5400RA, and OEM Firmware for Intel Enterprise Southbridge Baseboard Management Controller before 20070119,... |
| CVE-2007-0662 | 2007-02-01 | PHP remote file inclusion vulnerability in includes/usercp_viewprofile.php in Hailboards 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
| CVE-2007-0663 | 2007-02-01 | SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the qid parameter, a different vector than CVE-2007-0631. NOTE:... |
| CVE-2007-0664 | 2007-02-02 | thttpd before 2.25b-r6 in Gentoo Linux is started from the system root directory (/) by the Gentoo baselayout 1.12.6 package, which allows remote attackers to read arbitrary files. |
| CVE-2007-0456 | 2007-02-02 | Unspecified vulnerability in the LLT dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors. |
| CVE-2007-0457 | 2007-02-02 | Unspecified vulnerability in the IEEE 802.11 dissector in Wireshark (formerly Ethereal) 0.10.14 through 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors. |
| CVE-2007-0458 | 2007-02-02 | Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors, a different issue... |
| CVE-2007-0459 | 2007-02-02 | packet-tcp.c in the TCP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.4 allows remote attackers to cause a denial of service (application crash or hang) via fragmented HTTP packets. |
| CVE-2007-0665 | 2007-02-02 | Format string vulnerability in the SCP module in Ipswitch WS_FTP 2007 Professional might allow remote attackers to execute arbitrary commands via format string specifiers in the filename, related to the... |
| CVE-2007-0666 | 2007-02-02 | Ipswitch WS_FTP Server 5.04 allows FTP site administrators to execute arbitrary code on the system via a long input string to the (1) iFTPAddU or (2) iFTPAddH file, or to... |
| CVE-2007-0667 | 2007-02-02 | The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2) SQL-Ledger allows remote authenticated users to execute arbitrary code via redirects, related to callbacks, a different issue than... |
| CVE-2007-0668 | 2007-02-02 | The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local users in a non-global zone to move and rename files in a read-only filesystem, which could lead to a denial... |
| CVE-2007-0670 | 2007-02-03 | Buffer overflow in bos.rte.libc in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via the "r-commands", possibly including (1) rdist, (2) rsh, (3) rcp, (4) rsync,... |
| CVE-2007-0672 | 2007-02-03 | LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers to cause a denial of service (disk consumption and daemon hang) via a value of 0xFFFFFF7F at a certain point in... |
| CVE-2007-0673 | 2007-02-03 | LGSERVER.EXE in BrightStor ARCserve Backup for Laptops & Desktops r11.1 allows remote attackers to cause a denial of service (daemon crash) via a value of 0xFFFFFFFF at a certain point... |
| CVE-2007-0674 | 2007-02-03 | Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows user-assisted remote attackers to cause a denial of service (device hang) via... |
| CVE-2007-0675 | 2007-02-03 | A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete... |
| CVE-2007-0676 | 2007-02-03 | SQL injection vulnerability in faq.php in ExoPHPDesk 1.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2007-0677 | 2007-02-03 | PHP remote file inclusion vulnerability in fw/class.Quick_Config_Browser.php in Cadre PHP Framework 20020724 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][framework_path] parameter. |
| CVE-2007-0678 | 2007-02-03 | SQL injection vulnerability in windows.asp in Fullaspsite Asp Hosting Sitesi allows remote attackers to execute arbitrary SQL commands via the kategori_id parameter. |
| CVE-2007-0679 | 2007-02-03 | PHP remote file inclusion vulnerability in lang/leslangues.php in Nicolas Grandjean PHPMyRing 4.1.3b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fichier parameter. |
| CVE-2007-0680 | 2007-02-03 | PHP remote file inclusion vulnerability in includes/functions.php in Phpbb Tweaked 3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
| CVE-2007-0681 | 2007-02-03 | profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values... |
| CVE-2007-0682 | 2007-02-03 | PHP remote file inclusion vulnerability in theme/include_mode/template.php in JV2 Folder Gallery 3.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the galleryfilesdir parameter. |
| CVE-2007-0683 | 2007-02-03 | PHP remote file inclusion vulnerability in includes/functions.php in Omegaboard 1.0beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
| CVE-2007-0684 | 2007-02-03 | PHP remote file inclusion vulnerability in portal.php in Cerulean Portal System 0.7b allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
| CVE-2007-0685 | 2007-02-03 | Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows attackers to cause a denial of service (application crash and device instability) via... |
| CVE-2007-0686 | 2007-02-03 | The Intel 2200BG 802.11 Wireless Mini-PCI driver 9.0.3.9 (w29n51.sys) allows remote attackers to cause a denial of service (system crash) via crafted disassociation packets, which triggers memory corruption of "internal... |
| CVE-2007-0687 | 2007-02-03 | SQL injection vulnerability in i-search.php in Michelle's L2J Dropcalc 4 and earlier allows remote authenticated users to execute arbitrary SQL commands via the itemid parameter. |
| CVE-2007-0688 | 2007-02-03 | SQL injection vulnerability in oku.asp in Hunkaray Duyuru Scripti allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2007-0671 | 2007-02-03 | Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as... |
| CVE-2007-0695 | 2007-02-03 | Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some sources mention the escape_sqlData, implode_sql,... |
| CVE-2007-0696 | 2007-02-03 | Cross-site scripting (XSS) vulnerability in error messages in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, different vectors... |
| CVE-2007-0697 | 2007-02-03 | index2.php in ACGVannu 1.3 and earlier allows remote attackers to change the password or profile of a user via a modified id parameter, related to templates/modif.html. NOTE: some of these... |
| CVE-2007-0698 | 2007-02-03 | Multiple SQL injection vulnerabilities in ACGVannu 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the id_mod parameter to templates/modif.html, and other unspecified vectors. NOTE: The provenance... |
| CVE-2007-0472 | 2007-02-03 | Multiple race conditions in Smb4K before 0.8.0 allow local users to (1) modify arbitrary files via unspecified manipulations of Smb4K's lock file, which is not properly handled by the remove_lock_file... |
| CVE-2007-0473 | 2007-02-03 | The writeFile function in core/smb4kfileio.cpp in Smb4K before 0.8.0 does not preserve /etc/sudoers permissions across modifications, which allows local users to obtain sensitive information (/etc/sudoers contents) by reading this file. |
| CVE-2007-0474 | 2007-02-03 | Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to kill arbitrary processes, related to a "design issue with smb4k_kill." |
| CVE-2007-0475 | 2007-02-03 | Multiple stack-based buffer overflows in utilities/smb4k_*.cpp in Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to gain privileges via unspecified vectors related to the args... |
| CVE-2006-6966 | 2007-02-04 | phpGraphy before 0.9.13a does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to... |
| CVE-2007-0436 | 2007-02-04 | Barron McCann X-Kryptor Driver BMS1446HRR (Xgntr BMS1351 Install BMS1472) in X-Kryptor Secure Client does not drop privileges when launching an Explorer window in response to a help command, which allows... |
| CVE-2007-0699 | 2007-02-04 | PHP remote file inclusion vulnerability in includes/includes.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) before 2.5.1.1 allows remote attackers to execute arbitrary PHP code via a... |
| CVE-2007-0700 | 2007-02-04 | Directory traversal vulnerability in index.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allows remote attackers to read arbitrary files via a .. (dot dot) in the... |
| CVE-2007-0701 | 2007-02-04 | PHP remote file inclusion vulnerability in inc/common.inc.php in Epistemon 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter. |
| CVE-2007-0702 | 2007-02-04 | Multiple PHP remote file inclusion vulnerabilities in phpEventMan 1.0.2 allow remote attackers to execute arbitrary PHP code via a URL in the level parameter to (1) Shared/controller/text.ctrl.php or (2) UserMan/controller/common.function.php. |
| CVE-2007-0703 | 2007-02-04 | PHP remote file inclusion vulnerability in library/StageLoader.php in WebBuilder 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[core][module_path] parameter. |
| CVE-2007-0704 | 2007-02-04 | PHP remote file inclusion vulnerability in install.php in Somery 0.4.6 allows remote attackers to execute arbitrary PHP code via a URL in the skindir parameter, a different vector than CVE-2006-4669.... |
| CVE-2007-0705 | 2007-02-04 | Cross-zone scripting vulnerability in Sleipnir 2.49 and earlier, and Portable Sleipnir 2.45 and earlier, allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data.... |
| CVE-2007-0706 | 2007-02-04 | Cross-zone scripting vulnerability in Darksky RSS bar for Internet Explorer before 1.29, RSS bar for Sleipnir before 1.29, and RSS bar for unDonut before 1.29 allows remote attackers to bypass... |
| CVE-2007-0707 | 2007-02-04 | Stack-based buffer overflow in GOM Player 2.0.12.3375 allows user-assisted remote attackers to execute arbitrary code via a .ASX file with a long URI in the "ref href" tag. NOTE: The... |
| CVE-2007-0708 | 2007-02-04 | cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) before 2.4.16.174 does not validate arguments that originate in user mode for the (1) NtConnectPort and (2) NtCreatePort hooked SSDT functions,... |
| CVE-2007-0709 | 2007-02-04 | cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.16.174 and earlier does not validate arguments that originate in user mode for the (1) NtCreateSection, (2) NtOpenProcess, (3) NtOpenSection, (4)... |
| CVE-2007-0555 | 2007-02-06 | PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function... |
| CVE-2007-0556 | 2007-02-06 | The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows... |
| CVE-2006-6968 | 2007-02-06 | Cross-site scripting (XSS) vulnerability in the group moderation control center page in Phorum before 5.1.19 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2007-0452 | 2007-02-06 | smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service (memory and CPU exhaustion) by renaming a file in a way that prevents a... |
| CVE-2007-0453 | 2007-02-06 | Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 through 3.0.23d, as used in the winbindd daemon on Solaris, allows attackers to execute arbitrary code via the (1) gethostbyname and... |
| CVE-2007-0454 | 2007-02-06 | Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS... |
| CVE-2007-0756 | 2007-02-06 | Chicken of the VNC (cotv) 2.0 allows remote attackers to cause a denial of service (application crash) via a large computer-name size value in a ServerInit packet, which triggers a... |
| CVE-2007-0757 | 2007-02-06 | PHP remote file inclusion vulnerability in index.php in Miguel Nunes Call of Duty 2 (CoD2) DreamStats System 4.2 and earlier allows remote attackers to execute arbitrary PHP code via a... |
| CVE-2007-0758 | 2007-02-06 | PHP remote file inclusion vulnerability in lang.php in PHPProbid 5.24 allows remote attackers to execute arbitrary PHP code via a URL in the SRC attribute of an HTML element in... |
| CVE-2007-0759 | 2007-02-06 | Multiple SQL injection vulnerabilities in EasyMoblog 0.5.1 allow remote attackers to execute arbitrary SQL commands via the (1) i or (2) post_id parameter to add_comment.php, which triggers an injection in... |
| CVE-2007-0760 | 2007-02-06 | EQdkp 1.3.1 and earlier authenticates administrative requests by verifying that the HTTP Referer header specifies an admin/ URL, which allows remote attackers to read or modify account names and passwords... |
| CVE-2007-0761 | 2007-02-06 | PHP remote file inclusion vulnerability in config.php in phpBB ezBoard converter (ezconvert) 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the ezconvert_dir parameter. |