CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2007 (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2007-6191 94 Exec Code File Inclusion 2007-11-30 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Armin Burger p.mapper 3.2.0 beta3 allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[PM_INCPHP] parameter to (1) incphp/globals.php or (2) plugins/export/mc_table.php. NOTE: it could be argued that this vulnerability is caused by a problem in PHP and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in p.mapper.
2 CVE-2007-6189 119 Exec Code Overflow 2007-11-30 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
A certain ActiveX control in (1) OScan8.ocx and (2) Oscan81.ocx in BitDefender Online Anti-Virus Scanner 8.0 allows remote attackers to execute arbitrary code via a long argument to the InitX method that begins with a "%%" sequence, which is misinterpreted as a Unicode string and decoded twice, leading to improper memory allocation and a heap-based buffer overflow.
3 CVE-2007-6188 22 Dir. Trav. 2007-11-30 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in TuMusika Evolution 1.7R5 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) languages_n.php, (2) languages_f.php, or (3) languages.php in inc/; and (4) allow remote attackers to read arbitrary local files via a .. (dot dot) in the uri parameter to frames/nogui/sc_download.php.
4 CVE-2007-6186 2007-11-30 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in PHPDevShell before 0.7.0 has unknown impact and attack vectors, involving a "minor security bug in repair & optimize database."
5 CVE-2007-6185 22 Dir. Trav. 2007-11-30 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in users/files.php in Eurologon CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a download action, as demonstrated by a certain PHP file containing database credentials.
6 CVE-2007-6184 22 Dir. Trav. 2007-11-30 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in index.php in Project Alumni 1.0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter.
7 CVE-2007-6183 134 Exec Code 2007-11-30 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter.
8 CVE-2007-6182 264 +Priv 2007-11-30 2017-07-29
7.2
None Local Low Not required Complete Complete Complete
The responder program in ISPsystem ISPmanager (aka ISPmgr) 4.2.15.1 allows local users to gain privileges via shell metacharacters in command line arguments.
9 CVE-2007-6181 119 Exec Code Overflow 2007-11-30 2018-10-26
8.5
None Remote Medium ??? Complete Complete Complete
Heap-based buffer overflow in cygwin1.dll in Cygwin 1.5.7 and earlier allows context-dependent attackers to execute arbitrary code via a filename with a certain length, as demonstrated by a remote authenticated user who uses the SCP protocol to send a file to the Cygwin machine, and thereby causes scp.exe on this machine to execute, and then overwrite heap memory with characters from the filename. NOTE: it is also reported that a related issue might exist in 1.5.7 through 1.5.19.
10 CVE-2007-6180 362 DoS 2007-11-30 2017-07-29
7.6
None Local Network Medium Not required Partial Complete Complete
Race condition in the Remote Procedure Call kernel module (rpcmod) in Sun Solaris 8 through 10 allows local users to cause a denial of service (NULL dereference and panic) via unspecified vectors.
11 CVE-2007-6179 20 Exec Code File Inclusion 2007-11-30 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Charray's CMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the ccms_library_path parameter to (1) markdown.php and (2) gallery.php in decoder/.
12 CVE-2007-6178 20 Exec Code File Inclusion 2007-11-30 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Easy Hosting Control Panel for Ubuntu (EHCP) 0.22.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the confdir parameter to (1) dbutil.bck.php and (2) dbutil.php in config/.
13 CVE-2007-6177 94 Exec Code File Inclusion 2007-11-30 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in Exchange/include.php in PHP_CON 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the webappcfg[APPPATH] parameter.
14 CVE-2007-6176 20 Exec Code 2007-11-30 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
kb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) domain or (2) tld parameter in a check_owner action.
15 CVE-2007-6175 119 Exec Code Overflow 2007-11-30 2017-07-29
6.6
None Remote High Not required Partial Partial Complete
Buffer overflow in Lhaplus 1.55 and earlier allows remote attackers to execute arbitrary code via a crafted LZH archive, a different vector than CVE-2007-5048.
16 CVE-2007-6174 264 +Priv 2007-11-30 2017-07-29
8.5
None Remote Medium ??? Complete Complete Complete
PHPDevShell before 0.7.0 allows remote authenticated users to gain privileges via a crafted request to update a user profile. NOTE: some of these details are obtained from third party information.
17 CVE-2007-6172 89 Exec Code Sql 2007-11-30 2017-10-19
10.0
None Remote Low Not required Complete Complete Complete
Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewimage.php and (2) comments.php.
18 CVE-2007-6171 89 Exec Code Sql 2007-11-30 2018-10-26
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
19 CVE-2007-6170 89 Exec Code Sql 2007-11-30 2018-10-26
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments.
20 CVE-2007-6169 89 Exec Code Sql 2007-11-29 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the uname parameter, a different vector than CVE-2007-6163. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
21 CVE-2007-6168 89 Exec Code Sql 2007-11-29 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in default.asp in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the username parameter, a different vector than CVE-2007-6143. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
22 CVE-2007-6167 264 Exec Code 2007-11-29 2008-11-15
7.2
None Local Low Not required Complete Complete Complete
Untrusted search path vulnerability in yast2-core in SUSE Linux might allow local users to execute arbitrary code by creating a malicious yast2 module in the current working directory.
23 CVE-2007-6166 119 Exec Code Overflow 2007-11-29 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.
24 CVE-2007-6165 264 Exec Code 2007-11-29 2011-10-06
9.3
None Remote Medium Not required Complete Complete Complete
Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. NOTE: this is a regression error related to CVE-2006-0395.
25 CVE-2007-6164 89 Exec Code Sql 2007-11-29 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Eurologon CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) reviews.php, (2) links.php and (3) articles.php.
26 CVE-2007-6163 89 Exec Code Sql 2007-11-29 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the pword (aka Password) parameter. NOTE: some of these details are obtained from third party information.
27 CVE-2007-6159 89 Exec Code Sql 2007-11-29 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to execute arbitrary SQL commands via the aarstal parameter in a yeardetail action, a different vector than CVE-2006-1500.
28 CVE-2007-6158 89 Exec Code Sql 2007-11-29 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in caladmin.inc.php in Proverbs Web Calendar 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) loginname (aka Username) and (2) loginpass (aka Password) parameters to caladmin.php.
29 CVE-2007-6147 94 Exec Code File Inclusion 2007-11-27 2017-10-19
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in IAPR COMMENCE 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the (a) php_root_path and sometimes the (b) privilege_root_path parameter to various PHP scripts under (1) admin/includes/, (2) admin/phase/, (3) includes/, (4) includes/page_includes/, (5) reviewer/includes/, (6) reviewer/phase/, and (7) user/phase/.
30 CVE-2007-6144 119 Exec Code Overflow 2007-11-27 2011-03-08
6.0
None Remote Medium ??? Partial Partial Partial
Heap-based buffer overflow in the PPlayer.XPPlayer.1 ActiveX control in pplayer.dll_1_work in Xunlei Thunder 5.7.4.401 allows remote attackers to execute arbitrary code via a long string in a FlvPlayerUrl property value. NOTE: some of these details are obtained from third party information.
31 CVE-2007-6143 89 Exec Code Sql 2007-11-27 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in default.asp (aka the Login Page) in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the password parameter.
32 CVE-2007-6140 89 Exec Code Sql 2007-11-27 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Dora Emlak 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) emlak_detay.asp and (b) haber_detay.asp, the (2) kategori parameter to (c) kategorisirala.asp, and the (3) tip parameter to (d) tipsirala.asp.
33 CVE-2007-6139 94 Exec Code File Inclusion 2007-11-27 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in Mp3 ToolBox 1.0 beta 5 allows remote attackers to execute arbitrary PHP code via a URL in the skin_file parameter.
34 CVE-2007-6138 89 Exec Code Sql 2007-11-27 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in redir.asp in VU Mass Mailer allows remote attackers to execute arbitrary SQL commands via the password parameter to Default.asp (aka the Login Page). NOTE: some of these details are obtained from third party information.
35 CVE-2007-6137 89 Exec Code Sql 2007-11-27 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in news.php in Content Injector 1.52 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php. NOTE: some of these details are obtained from third party information.
36 CVE-2007-6134 89 Exec Code Sql 2007-11-27 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in pkinc/public/article.php in PHPKIT 1.6.4pl1 allows remote attackers to execute arbitrary SQL commands via the contentid parameter in an article action to include.php, a different vector than CVE-2006-1773.
37 CVE-2007-6128 89 Exec Code Sql 2007-11-26 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in events.php in WorkingOnWeb 2.0.1400 allows remote attackers to execute arbitrary SQL commands via the idevent parameter.
38 CVE-2007-6127 89 Exec Code Sql 2007-11-26 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the year parameter to (1) view.page.inc.php, which is reachable through a view action to index.php; or (2) the year parameter to news.page.inc.php, which is reachable through a news action to index.php.
39 CVE-2007-6125 89 Exec Code Sql 2007-11-26 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in search_form.php in Softbiz Freelancers Script 1 allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter.
40 CVE-2007-6123 2007-11-26 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in IRC Services 5.1.8 has unknown impact and attack vectors.
41 CVE-2007-6119 DoS 2007-11-23 2018-10-15
7.8
None Remote Low Not required None None Complete
The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors.
42 CVE-2007-6118 DoS 2007-11-23 2018-10-15
7.8
None Remote Low Not required None None Complete
The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors.
43 CVE-2007-6115 119 DoS Exec Code Overflow 2007-11-23 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the ANSI MAP dissector for Wireshark (formerly Ethereal) 0.99.5 to 0.99.6, when running on unspecified platforms, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors.
44 CVE-2007-6114 119 DoS Exec Code Overflow 2007-11-23 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 through 0.99.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) the SSL dissector or (2) the iSeries (OS/400) Communication trace file parser.
45 CVE-2007-6112 119 DoS Exec Code Overflow 2007-11-23 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the PPP dissector Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.
46 CVE-2007-6111 DoS 2007-11-23 2018-10-15
7.1
None Remote Medium Not required None None Complete
Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remote attackers to cause a denial of service (crash) via (1) a crafted MP3 file or (2) unspecified vectors to the NCP dissector.
47 CVE-2007-6106 89 Exec Code Sql 2007-11-23 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98 and earlier allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewevent action.
48 CVE-2007-6105 94 Exec Code File Inclusion 2007-11-23 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_file parameter to (a) comments-display-tpl.php and (b) addons/separate-comments-mod/my-comments-display-tpl.php and the (2) config[comments_form_tpl] parameter to comments-display-tpl.php.
49 CVE-2007-6099 2007-11-22 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 might leave "media pinholes" open upon a restart of the SIP module, which might make it easier for remote attackers to conduct unauthorized activities.
50 CVE-2007-6098 2007-11-22 2008-11-15
7.5
None Remote Low Not required Partial Partial Partial
Ingate Firewall before 4.6.0 and SIParator before 4.6.0 do not log truncated (1) ICMP, (2) UDP, and (3) TCP packets, which has unknown impact and remote attack vectors; and do not log (4) serial-console login attempts with nonexistent usernames, which might make it easier for attackers with physical access to guess valid login credentials while avoiding detection.
Total number of vulnerabilities : 276   Page : 1 (This Page)2 3 4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.