CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2007

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2007-4408 2007-08-18 2018-10-15
5.0
None Remote Low Not required None Partial None
ircu 2.10.12.05 and earlier ignores timestamps in bounces, which allows remote attackers to take over a channel during a netjoin by causing a bounce while a server with an older version of the channel is linking.
202 CVE-2007-4407 2007-08-18 2018-10-15
6.4
None Remote Low Not required None Partial Partial
ircu 2.10.12.03 and 2.10.12.04 does not associate a timestamp with ops privilege on an unused channel (zannel), which allows remote attackers to (1) set or remove certain channel modes via a "netriding" attack or (2) take over a channel by joining an unlinked server with the A/Upass and then setting a new Apass.
203 CVE-2007-4406 +Priv 2007-08-18 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
ircu 2.10.12.01 through 2.10.12.04 does not remove ops privilege after a join from a server with an older timestamp (TS), which allows remote attackers to gain control of a channel during a split.
204 CVE-2007-4405 DoS 2007-08-18 2018-10-15
7.8
None Remote Low Not required None None Complete
ircu 2.10.12.02 through 2.10.12.04 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by creating a large number of unused channels (zannels).
205 CVE-2007-4404 DoS 2007-08-18 2018-10-15
7.8
None Remote Low Not required None None Complete
ircu 2.10.12.01 allows remote attackers to (1) cause a denial of service (flood wallops) by joining two channels with certain long names that differ in the final character, which triggers a protocol violation and (2) cause a denial of service (daemon crash) via a "J 0:#channel" message on a channel without an apass; and (3) allows remote authenticated operators to cause a denial of service (daemon crash) via a remote "names -D" command.
206 CVE-2007-4403 264 Exec Code 2007-08-18 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
The mIRC Control Plug-in for Winamp allows user-assisted remote attackers to execute arbitrary code via the '|' (pipe) shell metacharacter in the name of the song in a .mp3 file.
207 CVE-2007-4402 Exec Code 2007-08-18 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
Multiple unspecified scripts in mIRC allow user-assisted remote attackers to execute arbitrary code via the '|' (pipe) shell metacharacter in the name of the song in a .mp3 file.
208 CVE-2007-4401 Exec Code 2007-08-18 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
Multiple CRLF injection vulnerabilities in the Advanced mIRC Integration Plugin and possibly other unspecified scripts in mIRC allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
209 CVE-2007-4400 Exec Code 2007-08-18 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
CRLF injection vulnerability in the included media script in Konversation allows user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
210 CVE-2007-4399 Exec Code 2007-08-18 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
CRLF injection vulnerability in the xmms.bx 1.0 script for BitchX allows user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
211 CVE-2007-4398 Exec Code 2007-08-18 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
Multiple CRLF injection vulnerabilities in the (1) now-playing.rb and (2) xmms.pl 1.1 scripts for WeeChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
212 CVE-2007-4397 Exec Code 2007-08-18 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
213 CVE-2007-4396 Exec Code 2007-08-18 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) l33tmusic.pl 2.00, (3) mpg123.pl 0.01, (4) ogg123.pl 0.01, (5) xmms.pl 2.0, (6) xmms2.pl 1.1.3, and (7) xmmsinfo.pl 1.1.1.1 scripts for irssi before 0.8.11 allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
214 CVE-2007-4395 +Priv 2007-08-17 2018-10-30
7.6
None Remote High Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the Role Based Access Control (RBAC) functionality in Sun Solaris 8 allow remote attackers who know the password for a role to gain privileges via that role.
215 CVE-2007-4394 2007-08-17 2018-10-30
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in a "core clean" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors.
216 CVE-2007-4393 2007-08-17 2008-11-15
4.6
None Local Low Not required Partial Partial Partial
The installation script for orarun on SUSE Linux before 20070810 places the oracle user into the disk group, which allows the local oracle user to read or write raw disk partitions.
217 CVE-2007-4392 DoS Overflow 2007-08-17 2018-10-15
4.3
None Remote Medium Not required None None Partial
Winamp 5.35 allows remote attackers to cause a denial of service (program stack overflow and application crash) via an M3U file that recursively includes itself.
218 CVE-2007-4391 119 DoS Overflow 2007-08-17 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an "invite to view my webcam" request, and then injecting a DLL into the attacker's peer Yahoo! Messenger application when this request is accepted.
219 CVE-2007-4390 264 +Priv 2007-08-17 2018-10-15
7.2
None Local Low Not required Complete Complete Complete
The Command Line Interface (CLI), aka Adonis Administration Console, on the BlueCat Networks Adonis DNS/DHCP appliance 5.0.2.8 allows local admin users to gain root privileges on the underlying operating system via shell metacharacters in a command.
220 CVE-2007-4389 CSRF 2007-08-17 2018-10-15
7.8
None Remote Medium Not required None Partial Complete
Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG, 1800HW, and 2071 Gateway routers, with 3.17.5, 3.7.1, and 5.29.51 software, allows remote attackers to create DNS mappings as administrators, and conduct DNS poisoning attacks, via the NAME and ADDR parameters.
221 CVE-2007-4388 2007-08-17 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
2wire 1701HG and 2071 Gateway routers, with 5.29.51 and possibly 3.17.5 software, have a blank password by default.
222 CVE-2007-4387 CSRF 2007-08-17 2018-10-15
4.3
None Remote Medium Not required None Partial None
Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG and 2071 Gateway routers, with 3.17.5 and 5.29.51 software, allows remote attackers to perform certain configuration changes as administrators.
223 CVE-2007-4386 Exec Code Sql 2007-08-17 2017-09-29
6.0
None Remote Medium ??? Partial Partial Partial
SQL injection vulnerability in search.php in GetMyOwnArcade allows remote attackers to execute arbitrary SQL commands via the query parameter.
224 CVE-2007-4385 Bypass 2007-08-17 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
OWASP Stinger before 2.5 allows remote attackers to bypass input validation routines by using multipart encoded requests instead of form-urlencoded requests. NOTE: this might be used to expose vulnerabilities in applications that would otherwise be protected by the validation routines.
225 CVE-2007-4384 Exec Code File Inclusion 2007-08-17 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in depouilg.php3 in Stephane Pineau VOTE 1c allow remote attackers to execute arbitrary PHP code via a URL in the (1) NomVote and (2) FilePalHex parameters.
226 CVE-2007-4383 Exec Code File Inclusion 2007-08-17 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** PHP remote file inclusion vulnerability in tracking.php in Trackeur 1 allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: CVE and a third party dispute this vulnerability because header is defined before use. The researcher is known to be unreliable.
227 CVE-2007-4382 DoS 2007-08-17 2018-10-15
5.0
None Remote Low Not required None None Partial
CounterPath X-Lite 3.0 34025, and possibly eyeBeam, allows remote attackers to cause a denial of service (device crash) via a SIP INVITE message without a Content-Type header.
228 CVE-2007-4381 2007-08-17 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself.
229 CVE-2007-4380 +Priv 2007-08-16 2017-07-29
7.2
None Local Low Not required Complete Complete Complete
Aclient in Symantec Altiris Deployment Solution 6 before 6.8 SP2 (6.8.378) allows local users to gain local System privileges via the Log File Viewer.
230 CVE-2007-4379 DoS 2007-08-16 2018-10-15
4.3
None Remote Medium Not required None None Partial
Babo Violent 2 2.08.00 and earlier allows remote attackers to cause a denial of service (application crash) via (1) a value greater than 0x27 for the (a) 0xca, (b) 0xcb, (c) 0xcc, (d) 0xce, (e) 0xcf, or (f) 0xd0 data ID; (2) a nonexistent map name; or (3) a UDP packet that specifies a large data size.
231 CVE-2007-4378 Exec Code 2007-08-16 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
Multiple format string vulnerabilities in Babo Violent 2 2.08.00 and earlier allow remote attackers to execute arbitrary code via format string specifiers in (1) a message or (2) certain data associated with an admin login.
232 CVE-2007-4377 Exec Code Overflow 2007-08-16 2017-10-19
6.0
None Remote Medium ??? Partial Partial Partial
Stack-based buffer overflow in the IMAP service in SurgeMail 38k allows remote authenticated users to execute arbitrary code via a long argument to the SEARCH command. NOTE: this might overlap CVE-2007-4372.
233 CVE-2007-4376 2007-08-16 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
Unrestricted file upload vulnerability in banner-upload.php in Szymon Kosok Best Top List allows remote attackers to upload and execute arbitrary PHP files in banners/.
234 CVE-2007-4375 DoS +Info 2007-08-16 2018-10-15
5.8
None Remote Medium Not required Partial None Partial
The administrative interface (aka DkService.exe) in Diskeeper 9 Professional, 2007 Pro Premier, and probably other versions exposes a memory comparison function via RPC over TCP, which allows remote attackers to (1) obtain sensitive information (process memory contents), as demonstrated by an attack that obtains module base addresses to defeat Address Space Layout Randomization (ASLR); or (2) cause a denial of service (application crash) via an out-of-bounds address.
235 CVE-2007-4374 2007-08-16 2018-10-15
4.0
None Remote Low ??? None Partial None
Babo Violent 2 2.08.00 does not validate the sender field of a chat message composed by a client, which allows remote authenticated users to spoof messages.
236 CVE-2007-4373 Bypass 2007-08-16 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
The server in Babo Violent 2 2.08.00 and earlier does not properly implement password protection, which might allow remote attackers to bypass authentication by reconnecting after a connection closes.
237 CVE-2007-4372 2007-08-16 2008-11-15
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server 2003 has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
238 CVE-2007-4371 2007-08-15 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
Unrestricted file upload vulnerability in admin/pages/blog-add.php in Neuron Blog 1.1 allows remote attackers to upload and execute arbitrary PHP files in uploads/.
239 CVE-2007-4370 Exec Code Overflow 2007-08-15 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the (1) client and (2) server in Racer 0.5.3 beta 5 allow remote attackers to execute arbitrary code via a long string to UDP port 26000.
240 CVE-2007-4369 Dir. Trav. 2007-08-15 2018-10-15
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in go/_files in SOTEeSKLEP before 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
241 CVE-2007-4368 89 Exec Code Sql 2007-08-15 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) Web 7.0.0.0-IFIX02 and 7.0.0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter in a GenerateMainFrame command.
242 CVE-2007-4367 Exec Code 2007-08-15 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a "virtual function call on an invalid pointer."
243 CVE-2007-4366 DoS 2007-08-15 2018-10-15
5.0
None Remote Low Not required None None Partial
WengoPhone 2.1 allows remote attackers to cause a denial of service (device crash) via a SIP INVITE message without a Content-Type header.
244 CVE-2007-4365 XSS 2007-08-15 2018-10-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a set_lang cookie to an unspecified component. NOTE: this may overlap CVE-2007-1965.
245 CVE-2007-4364 287 Bypass 2007-08-15 2017-07-29
8.5
None Remote Medium ??? Complete Complete Complete
Fedora Commons before 2.2.1 does not properly handle certain authentication requests involving Java Naming and Directory Interface (JNDI), related to (1) a nonexistent account name in combination with an empty password, which allows remote attackers to trigger a certain "unexpected / strange response" from an LDAP server, and (2) a reauthentication attempt that throws an exception, which allows remote attackers to trigger use of a cached authentication decision. NOTE: authentication can be bypassed by using vector 1 followed by vector 2, and possibly can be bypassed by using a single vector.
246 CVE-2007-4363 XSS 2007-08-15 2017-07-29
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the nodereference module in Drupal Content Construction Kit (CCK) before 4.7.x-1.6, and 5.x before 5.x-1.6 ,allow remote attackers to inject arbitrary web script or HTML via nodereference fields, when using (1) the plain formatter or (2) the autocomplete text field widget without Views.module.
247 CVE-2007-4362 Exec Code Sql 2007-08-15 2017-10-19
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in category.php in Prozilla Webring allows remote attackers to execute arbitrary SQL commands via the cat parameter.
248 CVE-2007-4361 2007-08-15 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardware serial number, which makes it easier for remote attackers to guess the password and obtain login access.
249 CVE-2007-4360 DoS 2007-08-15 2018-10-15
4.3
None Remote Medium Not required None None Partial
Unspecified vulnerability in Dell Remote Access Card 4 (DRAC4) with firmware 1.50 Build 02.16 allows remote attackers to cause a denial of service (SSH daemon crash) via certain network traffic, as demonstrated by an "nmap -O" scan with nmap 4.03, possibly related to a Mocana (Mocanada) SSH vulnerability.
250 CVE-2007-4359 Exec Code Sql 2007-08-15 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in SkilMatch Staffing Systems JobLister3 allow remote attackers to execute arbitrary SQL commands via (1) the search form or (2) the jobid parameter to index.php in a showbyID action.
Total number of vulnerabilities : 522   Page : 1 2 3 4 5 (This Page)6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.