CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2007

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2007-4223 +Priv 2007-11-08 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Dbgv.sys in Microsoft Sysinternals DebugView before 4.72 provides an unspecified mechanism for copying data into kernel memory, which allows local users to gain privileges via unspecified vectors.
2 CVE-2007-4689 399 DoS Exec Code 2007-11-15 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Double free vulnerability in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via crafted IPV6 packets.
3 CVE-2007-4691 264 Bypass 2007-11-15 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs.
4 CVE-2007-4703 Bypass 2007-11-15 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
The Application Firewall in Apple Mac OS X 10.5 does not prevent a root process from accepting incoming connections, even when "Block incoming connections" has been set for its associated executable, which might allow remote attackers or local root processes to bypass intended access restrictions.
5 CVE-2007-4704 Bypass 2007-11-15 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
The Application Firewall in Apple Mac OS X 10.5 does not apply changed settings to processes that are started by launchd until the processes are restarted, which might allow attackers to bypass intended access restrictions.
6 CVE-2007-5395 119 Exec Code Overflow 2007-11-08 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the separate_word function in tokenize.c in Link Grammar 4.1b and possibly other versions, as used in AbiWord Link Grammar 4.2.4, allows remote attackers to execute arbitrary code via a long word, as reachable through the separate_sentence function.
7 CVE-2007-5767 119 Exec Code Overflow 2007-11-02 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the Client Trust application (clntrust.exe) in Novell BorderManager 3.8 before Update 1.5 allows remote attackers to execute arbitrary code via a validation request in which the Novell tree name is not properly delimited with a wide-character backslash or NULL character.
8 CVE-2007-5791 287 DoS 2007-11-01 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
The Vonage Motorola Phone Adapter VT 2142-VD does not properly verify that a SIP INVITE message originated from a legitimate server, which allows remote attackers to send spoofed INVITE messages, as demonstrated by a flood of messages triggering a denial of service, and by phone calls with malicious content.
9 CVE-2007-5815 22 Dir. Trav. 2007-11-05 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Absolute path traversal vulnerability in the WebCacheCleaner ActiveX control 1.3.0.3 in SonicWall SSL-VPN 200 before 2.1, and SSL-VPN 2000/4000 before 2.5, allows remote attackers to delete arbitrary files via a full pathname in the argument to the FileDelete method.
10 CVE-2007-5889 Exec Code File Inclusion 2007-11-08 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Multiple PHP remote file inclusion vulnerabilities in IDMOS 1.0 Alpha (aka Phoenix) allow remote attackers to execute arbitrary PHP code via a URL in the site_absolute_path parameter to (1) admin.php, (2) menu_add.php, and (3) menu_operation.php in administrator/, different vectors than CVE-2007-5294.
11 CVE-2007-5890 Dir. Trav. 2007-11-08 2008-11-15
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in index.php in easyGB 2.1.1 allows remote attackers to include arbitrary files via the DatabaseType parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
12 CVE-2007-5892 119 Exec Code Overflow 2007-11-08 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the pdg2.dll ActiveX control in SSReader 4.0 and earlier allow remote attackers to execute arbitrary code via a long argument to the Register method. NOTE: some details were obtained from third party sources.
13 CVE-2007-5941 119 DoS Exec Code Overflow 2007-11-14 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the SWCtl.SWCtl ActiveX control in Adobe Shockwave allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument to the ShockwaveVersion method.
14 CVE-2007-6006 287 2007-11-15 2008-11-15
10.0
None Remote Low Not required Complete Complete Complete
TestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors.
15 CVE-2007-6011 287 Bypass 2007-11-16 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in main.php of BugHotel Reservation System before 4.9.9 P3 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
16 CVE-2007-6030 2007-11-20 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Weird Solutions BOOTPTurbo 1.2 has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
17 CVE-2007-6044 399 Mem. Corr. 2007-11-20 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in IBM WebSphere MQ 6.0 have unknown impact and remote attack vectors involving "memory corruption." NOTE: as of 20071116, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
18 CVE-2007-6045 2007-11-20 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in (1) DB2WATCH and (2) DB2FREEZE in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors.
19 CVE-2007-6047 264 Exec Code 2007-11-20 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the DB2DART tool in IBM DB2 UDB 9.1 before Fixpak 4 allows attackers to execute arbitrary commands as the DB2 instance owner, related to invocation of TPUT by DB2DART.
20 CVE-2007-6048 264 2007-11-20 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
IBM DB2 UDB 9.1 before Fixpak 4 uses incorrect permissions on ACLs for DB2NODES.CFG, which has unknown impact and attack vectors. NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
21 CVE-2007-6051 264 2007-11-20 2012-10-31
10.0
None Remote Low Not required Complete Complete Complete
IBM DB2 UDB 9.1 before Fixpak 4 assigns incorrect privileges to the (1) DB2ADMNS and (2) DB2USERS alternative groups, which has unknown impact. NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
22 CVE-2007-6092 119 Overflow 2007-11-22 2008-11-15
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in libsrtp in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries.
23 CVE-2007-6097 2007-11-22 2008-11-15
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the ICMP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and remote attack vectors, related to ICMP packets that are "incorrectly accepted."
24 CVE-2007-6099 2007-11-22 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 might leave "media pinholes" open upon a restart of the SIP module, which might make it easier for remote attackers to conduct unauthorized activities.
25 CVE-2007-6112 119 DoS Exec Code Overflow 2007-11-23 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the PPP dissector Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.
26 CVE-2007-6114 119 DoS Exec Code Overflow 2007-11-23 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 through 0.99.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) the SSL dissector or (2) the iSeries (OS/400) Communication trace file parser.
27 CVE-2007-6115 119 DoS Exec Code Overflow 2007-11-23 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the ANSI MAP dissector for Wireshark (formerly Ethereal) 0.99.5 to 0.99.6, when running on unspecified platforms, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors.
28 CVE-2007-6123 2007-11-26 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in IRC Services 5.1.8 has unknown impact and attack vectors.
29 CVE-2007-6172 89 Exec Code Sql 2007-11-30 2017-10-19
10.0
None Remote Low Not required Complete Complete Complete
Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewimage.php and (2) comments.php.
30 CVE-2007-6176 20 Exec Code 2007-11-30 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
kb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) domain or (2) tld parameter in a check_owner action.
31 CVE-2007-6186 2007-11-30 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in PHPDevShell before 0.7.0 has unknown impact and attack vectors, involving a "minor security bug in repair & optimize database."
32 CVE-2007-2395 Exec Code Mem. Corr. 2007-11-07 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a crafted image description atom in a movie file, related to "memory corruption."
33 CVE-2007-3750 119 Exec Code Overflow 2007-11-07 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via crafted Sample Table Sample Descriptor (STSD) atoms in a movie file.
34 CVE-2007-3751 Exec Code +Priv 2007-11-07 2018-10-26
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in QuickTime for Java in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via untrusted Java applets that gain privileges via unspecified vectors.
35 CVE-2007-4344 119 Exec Code Overflow 2007-11-15 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Multiple input validation errors in ACD ACDSee Photo Manager 9.0 build 108, Pro Photo Manager 8.1 build 99, and Photo Editor 4.0 build 195 allow user-assisted remote attackers to execute arbitrary code via a long section string in (1) a PSP image to the ID_PSP.apl plug-in or (2) an LHA archive to the AM_LHA.apl plug-in, resulting in a heap-based buffer overflow.
36 CVE-2007-4572 119 Overflow 2007-11-16 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests.
37 CVE-2007-4675 119 Exec Code Overflow 2007-11-07 2018-10-26
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in QuickTime.qts in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie file containing a large size field in the atom header of a panorama sample atom.
38 CVE-2007-4676 119 Exec Code Overflow 2007-11-07 2018-10-26
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via malformed elements when parsing (1) Poly type (0x0070 through 0x0074) and (2) PackBitsRgn field (0x0099) opcodes in a PICT image.
39 CVE-2007-4677 119 Exec Code Overflow 2007-11-07 2018-10-26
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid color table size when parsing the color table atom (CTAB) in a movie file, related to the CTAB RGB values.
40 CVE-2007-4687 16 2007-11-15 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private directory and access arbitrary files.
41 CVE-2007-4702 Bypass 2007-11-15 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions.
42 CVE-2007-5392 119 Exec Code Overflow 2007-11-08 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow.
43 CVE-2007-5393 119 Exec Code Overflow 2007-11-08 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter.
44 CVE-2007-5398 119 Exec Code Overflow 2007-11-16 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request.
45 CVE-2007-5603 119 Exec Code Overflow 2007-11-05 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allows remote attackers to execute arbitrary code via a long string in the second argument to the AddRouteEntry method.
46 CVE-2007-5660 Exec Code Overflow 2007-11-02 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect and InstallShield 2008 allows remote attackers to execute arbitrary code via an unspecified "unsafe method," possibly involving a buffer overflow.
47 CVE-2007-5755 119 Exec Code Overflow 2007-11-14 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the AOL AmpX ActiveX control in AmpX.dll 2.6.1.11 in AOL Radio allow remote attackers to execute arbitrary code via long arguments to unspecified methods.
48 CVE-2007-5775 Exec Code 2007-11-01 2008-09-05
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. NOTE: as of 20071029, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
49 CVE-2007-5814 119 Exec Code Overflow 2007-11-05 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allow remote attackers to execute arbitrary code via a long (1) serverAddress, (2) sessionId, (3) clientIPLower, (4) clientIPHigher, (5) userName, (6) domainName, or (7) dnsSuffix Unicode property value. NOTE: the AddRouteEntry vector is covered by CVE-2007-5603.
50 CVE-2007-5820 22 Dir. Trav. 2007-11-05 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in index.php in Ax Developer CMS (AxDCMS) 0.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
Total number of vulnerabilities : 422   Page : 1 (This Page)2 3 4 5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.