CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2007

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2007-6007 119 Exec Code Overflow 2007-11-15 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the ID_PSP.apl plug-in for ACD ACDSee Photo Manager 9.0 build 108, Pro Photo Manager 8.1 build 99, and Photo Editor 4.0 build 195 allows user-assisted remote attackers to execute arbitrary code via a crafted PSP image that triggers a heap-based buffer overflow.
152 CVE-2007-6006 287 2007-11-15 2008-11-15
10.0
None Remote Low Not required Complete Complete Complete
TestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors.
153 CVE-2007-6005 399 DoS 2007-11-15 2017-07-29
4.3
None Remote Medium Not required None None Partial
Unspecified vulnerability in the GpcContainer.GpcContainer.1 ActiveX control in WebEx allows remote attackers to cause a denial of service (memory access violation and crash) via (1) an invalid argument to the InitParam method or (2) an unspecified vector involving the SetParam method.
154 CVE-2007-6004 89 Exec Code Sql 2007-11-15 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in index.php in Toko Instan 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an artikel action or (2) the katid parameter in a produk action.
155 CVE-2007-6003 79 XSS 2007-11-15 2017-07-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in cgi/b/ic/connect in the Thomson SpeedTouch 716 with firmware 5.4.0.14 allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
156 CVE-2007-6002 79 XSS 2007-11-15 2017-07-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Fenriru (1) Sleipnir 2.5.17 R2 and earlier and (2) Grani 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search field in a search for additions to the Favorites section.
157 CVE-2007-6001 79 XSS 2007-11-15 2017-07-29
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Bandersnatch 0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) func or (2) date parameter, or the jid parameter in a (3) log or (4) user action, a different vulnerability than CVE-2007-3910.
158 CVE-2007-6000 399 DoS 2007-11-15 2018-10-15
5.0
None Remote Low Not required None None Partial
KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a denial of service (crash) via large HTTP cookie parameters.
159 CVE-2007-5999 89 Exec Code Sql 2007-11-15 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in product_desc.php in Softbiz Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
160 CVE-2007-5998 89 Exec Code Sql 2007-11-15 2017-09-29
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in ads.php in Softbiz Ad Management plus Script 1 allows remote authenticated users to execute arbitrary SQL commands via the package parameter.
161 CVE-2007-5997 89 Exec Code Sql 2007-11-15 2017-09-29
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in campaign_stats.php in Softbiz Banner Exchange Network Script 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
162 CVE-2007-5996 89 Exec Code Sql 2007-11-15 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in searchresult.php in Softbiz Link Directory Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter, a related issue to CVE-2007-5449.
163 CVE-2007-5995 94 Exec Code File Inclusion 2007-11-15 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in examples/patExampleGen/bbcodeSource.php in patBBcode 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the example parameter.
164 CVE-2007-5994 94 1 Exec Code File Inclusion 2007-11-15 2008-11-15
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in check_noimage.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the config[path_src_include] parameter.
165 CVE-2007-5993 79 XSS 2007-11-15 2018-10-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Visionary Technology in Library Solutions (VTLS) vtls.web.gateway before 48.1.1 allows remote attackers to inject arbitrary web script or HTML via the searchtype parameter.
166 CVE-2007-5992 89 Exec Code Sql 2007-11-15 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in datecomm Social Networking Script (aka Myspace Clone Script) allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewcat s action on the forums page.
167 CVE-2007-5991 89 Exec Code Sql 2007-11-15 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in ExoPHPdesk allows remote attackers to execute arbitrary SQL commands via the user parameter in a profile fn action.
168 CVE-2007-5990 79 XSS 2007-11-15 2018-10-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in ExoPHPdesk allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a user profile, possibly the (1) name and (2) website parameters to register.php.
169 CVE-2007-5988 287 2007-11-15 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user accounts, which allows remote attackers to post shoutbox entries as arbitrary users via a modified nick field.
170 CVE-2007-5987 287 Bypass 2007-11-15 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
details.php in BtiTracker before 1.4.5, when torrent viewing is disabled for guests, allows remote attackers to bypass protection mechanisms via a direct request, as demonstrated by (1) reading the details of an arbitrary torrent and (2) modifying a torrent owned by a guest.
171 CVE-2007-5986 89 Exec Code Sql 2007-11-15 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in include/functions.php in BtiTracker before 1.4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
172 CVE-2007-5985 79 XSS 2007-11-15 2017-07-29
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in BtiTracker before 1.4.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) account.php, (2) moresmiles.php, or (3) recover.php; or (4) the "to" parameter to usercp.php.
173 CVE-2007-5984 20 DoS 2007-11-15 2018-10-15
7.8
None Remote Low Not required None None Complete
classes/Url.php in Justin Hagstrom AutoIndex PHP Script before 2.2.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via a %00 sequence in the dir parameter to index.php, which triggers an erroneous "recursive calculation."
174 CVE-2007-5983 79 XSS 2007-11-15 2018-10-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Justin Hagstrom AutoIndex PHP Script before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).
175 CVE-2007-5982 79 XSS 2007-11-15 2008-11-15
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4, 2.0.5, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) room parameter to sources/frame.php, the (2) theme_c parameter to help/index.php, or the (3) INSTALL_X7CHATVERSION parameter to upgradev1.php.
176 CVE-2007-5981 DoS 2007-11-15 2017-07-29
3.3
None Local Network Low Not required None None Partial
Lantronix SCS3200 does not properly handle public-key requests, which allows remote attackers to cause a denial of service (unresponsive device) via unspecified keyscan requests. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
177 CVE-2007-5980 79 XSS 2007-11-15 2018-10-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in home/rss.php in eggblog before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).
178 CVE-2007-5979 79 XSS 2007-11-15 2018-10-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 Firepass 4100 SSL VPN 5.4 through 5.5.2 and 6.0 through 6.0.1 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter.
179 CVE-2007-5978 89 Exec Code Sql 2007-11-15 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in brokenlink.php in the mylinks module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter.
180 CVE-2007-5977 79 XSS 2007-11-15 2017-07-29
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than CVE-2006-6942.
181 CVE-2007-5976 89 Exec Code Sql 2007-11-15 2017-07-29
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter.
182 CVE-2007-5975 89 Exec Code Sql 2007-11-15 2018-10-15
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in index.php in TBSource, as used in (1) TBDev and (2) TorrentStrike 0.4, allows remote authenticated users to execute arbitrary SQL commands via the choice parameter. NOTE: some of these details are obtained from third party information.
183 CVE-2007-5974 89 Exec Code Sql 2007-11-15 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in mailer.php in JPortal 2 allows remote attackers to execute arbitrary SQL commands via the to parameter.
184 CVE-2007-5973 89 Exec Code Sql 2007-11-15 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in articles.php in JPortal 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter.
185 CVE-2007-5960 22 Dir. Trav. Bypass CSRF 2007-11-26 2018-10-15
4.3
None Remote Medium Not required None Partial None
Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.
186 CVE-2007-5959 DoS Exec Code Mem. Corr. 2007-11-26 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger memory corruption.
187 CVE-2007-5957 DoS 2007-11-14 2017-07-29
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.00.TC3TL and 11.10.TB4TL on Windows allows attackers to cause a denial of service (application crash) via unspecified SQ_ONASSIST requests.
188 CVE-2007-5956 22 +Priv Dir. Trav. 2007-11-14 2017-07-29
7.2
None Local Low Not required Complete Complete Complete
Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) before 10.00.xC7W1 allows local users to gain privileges by referencing modified NLS message files through directory traversal sequences in the DBLANG environment variable.
189 CVE-2007-5955 79 XSS 2007-11-14 2017-07-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in updir.php in UPDIR.NET before 2.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
190 CVE-2007-5954 79 XSS 2007-11-14 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in buscador.php in JLMForo System allows remote attackers to inject arbitrary web script or HTML via the clave parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
191 CVE-2007-5953 +Info 2007-11-14 2011-03-08
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in Really Simple CalDAV Store (RSCDS) before 0.9.0 allows attackers to obtain sensitive information via unspecified vectors.
192 CVE-2007-5952 79 XSS 2007-11-14 2008-11-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in admin/index.php in Helios Calendar 1.2.1 Beta allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
193 CVE-2007-5951 89 Exec Code Sql 2007-11-14 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in articles.php in E-Vendejo 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
194 CVE-2007-5950 79 XSS 2007-11-14 2017-07-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in NetCommons before 1.0.11, and 1.1.x before 1.1.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-4165.
195 CVE-2007-5949 79 XSS 2007-11-14 2017-07-29
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in IBM Tivoli Service Desk 6.2 allows remote authenticated users to inject arbitrary web script or HTML via the Description parameter in a Maximo change action.
196 CVE-2007-5948 79 XSS 2007-11-14 2011-03-08
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in main.php in SF-Shoutbox 1.2.1 through 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) nick (aka Name) and (2) shout (aka Shout) parameters.
197 CVE-2007-5947 79 XSS 2007-11-14 2018-10-15
4.3
None Remote Medium Not required None Partial None
The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI.
198 CVE-2007-5946 2007-11-14 2017-09-29
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in the Aries PA-RISC emulator on HP-UX B.11.23 and B.11.31 on the IA-64 platform allows local users to obtain unspecified access.
199 CVE-2007-5945 264 2007-11-14 2017-07-29
5.0
None Remote Low Not required Partial None None
USVN before 0.6.5 allows remote attackers to obtain a list of repository contents via unspecified vectors.
200 CVE-2007-5944 79 XSS 2007-11-14 2011-03-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server (WAS) 5.1.1.4 through 5.1.1.16 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. NOTE: this might be the same issue as CVE-2006-3918, but there are insufficient details to be sure.
Total number of vulnerabilities : 422   Page : 1 2 3 4 (This Page)5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.