CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2007

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
351 CVE-2007-0687 Exec Code Sql 2007-02-03 2017-10-19
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in i-search.php in Michelle's L2J Dropcalc 4 and earlier allows remote authenticated users to execute arbitrary SQL commands via the itemid parameter.
352 CVE-2007-0686 DoS Mem. Corr. 2007-02-03 2017-10-19
7.1
None Remote Medium Not required None None Complete
The Intel 2200BG 802.11 Wireless Mini-PCI driver 9.0.3.9 (w29n51.sys) allows remote attackers to cause a denial of service (system crash) via crafted disassociation packets, which triggers memory corruption of "internal kernel structures," a different vulnerability than CVE-2006-6651. NOTE: this issue might overlap CVE-2006-3992.
353 CVE-2007-0685 DoS Overflow 2007-02-03 2017-07-29
2.6
None Remote High Not required None None Partial
Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows attackers to cause a denial of service (application crash and device instability) via unspecified vectors, possibly related to a buffer overflow.
354 CVE-2007-0684 Exec Code File Inclusion 2007-02-03 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in portal.php in Cerulean Portal System 0.7b allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
355 CVE-2007-0683 20 Exec Code File Inclusion 2007-02-03 2018-11-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in includes/functions.php in Omegaboard 1.0beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
356 CVE-2007-0682 Exec Code File Inclusion 2007-02-03 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in theme/include_mode/template.php in JV2 Folder Gallery 3.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the galleryfilesdir parameter.
357 CVE-2007-0681 2007-02-03 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to register.php.
358 CVE-2007-0680 Exec Code File Inclusion 2007-02-03 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in includes/functions.php in Phpbb Tweaked 3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
359 CVE-2007-0679 Exec Code File Inclusion 2007-02-03 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in lang/leslangues.php in Nicolas Grandjean PHPMyRing 4.1.3b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fichier parameter.
360 CVE-2007-0678 Exec Code Sql 2007-02-03 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in windows.asp in Fullaspsite Asp Hosting Sitesi allows remote attackers to execute arbitrary SQL commands via the kategori_id parameter.
361 CVE-2007-0677 Exec Code File Inclusion 2007-02-03 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in fw/class.Quick_Config_Browser.php in Cadre PHP Framework 20020724 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][framework_path] parameter.
362 CVE-2007-0676 Exec Code Sql 2007-02-03 2017-10-19
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in faq.php in ExoPHPDesk 1.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
363 CVE-2007-0675 94 2007-02-03 2018-10-12
7.6
None Remote High Not required Complete Complete Complete
A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer.
364 CVE-2007-0674 DoS 2007-02-03 2017-07-29
7.1
None Remote Medium Not required None None Complete
Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows user-assisted remote attackers to cause a denial of service (device hang) via a malformed JPEG file.
365 CVE-2007-0673 119 DoS Overflow 2007-02-03 2021-04-08
7.8
None Remote Low Not required None None Complete
LGSERVER.EXE in BrightStor ARCserve Backup for Laptops & Desktops r11.1 allows remote attackers to cause a denial of service (daemon crash) via a value of 0xFFFFFFFF at a certain point in an authentication negotiation packet, which results in an out-of-bounds read.
366 CVE-2007-0672 DoS 2007-02-03 2021-04-08
7.8
None Remote Low Not required None None Complete
LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers to cause a denial of service (disk consumption and daemon hang) via a value of 0xFFFFFF7F at a certain point in an authentication negotiation packet, which writes a large amount of data to a .USX file in CA_BABLDdata\Server\data\transfer\.
367 CVE-2007-0671 Exec Code 2007-02-03 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.
368 CVE-2007-0670 119 Exec Code Overflow 2007-02-03 2017-07-29
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in bos.rte.libc in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via the "r-commands", possibly including (1) rdist, (2) rsh, (3) rcp, (4) rsync, and (5) rlogin.
369 CVE-2007-0669 Exec Code 2007-02-08 2017-07-29
4.6
None Local Low Not required Partial Partial Partial
Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows local users to execute arbitrary Perl code via unknown vectors related to CGI session files.
370 CVE-2007-0668 DoS 2007-02-02 2017-10-11
6.2
None Local Low ??? None Complete Complete
The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local users in a non-global zone to move and rename files in a read-only filesystem, which could lead to a denial of service.
371 CVE-2007-0667 Exec Code 2007-02-02 2018-10-16
6.5
None Remote Low ??? Partial Partial Partial
The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2) SQL-Ledger allows remote authenticated users to execute arbitrary code via redirects, related to callbacks, a different issue than CVE-2006-5872.
372 CVE-2007-0666 Exec Code 2007-02-02 2018-10-16
6.8
None Remote Medium Not required Partial Partial Partial
Ipswitch WS_FTP Server 5.04 allows FTP site administrators to execute arbitrary code on the system via a long input string to the (1) iFTPAddU or (2) iFTPAddH file, or to a (3) edition module.
373 CVE-2007-0665 Exec Code 2007-02-02 2018-10-16
6.8
None Remote Medium Not required Partial Partial Partial
Format string vulnerability in the SCP module in Ipswitch WS_FTP 2007 Professional might allow remote attackers to execute arbitrary commands via format string specifiers in the filename, related to the SHELL WS_FTP script command.
374 CVE-2007-0664 2007-02-02 2008-11-15
5.0
None Remote Low Not required Partial None None
thttpd before 2.25b-r6 in Gentoo Linux is started from the system root directory (/) by the Gentoo baselayout 1.12.6 package, which allows remote attackers to read arbitrary files.
375 CVE-2007-0663 Exec Code Sql 2007-02-01 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the qid parameter, a different vector than CVE-2007-0631. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
376 CVE-2007-0662 Exec Code File Inclusion 2007-02-01 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in includes/usercp_viewprofile.php in Hailboards 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
377 CVE-2007-0661 DoS 2007-02-01 2011-03-08
5.4
None Local Network Medium Not required Partial Partial Partial
Intel Enterprise Southbridge 2 Baseboard Management Controller (BMC), Intel Server Boards 5000XAL, S5000PAL, S5000PSL, S5000XVN, S5000VCL, S5000VSA, SC5400RA, and OEM Firmware for Intel Enterprise Southbridge Baseboard Management Controller before 20070119, when Intelligent Platform Management Interface (IPMI) is enabled, allow remote attackers to connect and issue arbitrary IPMI commands, possibly triggering a denial of service.
378 CVE-2007-0660 XSS 2007-02-01 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in the IFrame module before 03.02.01 for DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "Pass through values."
379 CVE-2007-0659 2007-02-01 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials.
380 CVE-2007-0658 Bypass 2007-02-01 2017-07-29
5.0
None Remote Low Not required None Partial None
The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal and the (2) Captcha 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal allow remote attackers to bypass the CAPTCHA test via an empty captcha element in $_SESSION.
381 CVE-2007-0657 2007-02-01 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Nexuiz 2.2.2 allows remote attackers to read and overwrite arbitrary files via the gamedir command.
382 CVE-2007-0656 Exec Code File Inclusion 2007-02-01 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in includes/functions.php in phpBB2-MODificat 0.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
383 CVE-2007-0652 CSRF 2007-02-15 2018-10-16
5.1
None Remote High Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag.
384 CVE-2007-0651 XSS 2007-02-15 2018-10-16
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and (c) Forms/VCF/list.asp in mewebmail/base/default/lang/EN/.
385 CVE-2007-0650 Exec Code Overflow 2007-02-01 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in teTeX might allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename. NOTE: other overflows exist but might not be exploitable, such as a heap-based overflow in the check_idx function.
386 CVE-2007-0649 94 XSS File Inclusion 2007-02-01 2018-10-16
4.3
None Remote High ??? Partial Partial Partial
Variable overwrite vulnerability in interface/globals.php in OpenEMR 2.8.2 and earlier allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as conduct (a) remote file inclusion attacks via the srcdir parameter in custom/import_xml.php or (b) cross-site scripting (XSS) attacks via the rootdir parameter in interface/login/login_frame.php, via vectors associated with extract operations on the (1) POST and (2) GET superglobal arrays. NOTE: this issue was originally disputed before the extract behavior was identified in post-disclosure analysis. Also, the original report identified "Open Conference Systems," but this was an error.
387 CVE-2007-0648 DoS 2007-02-01 2017-10-11
7.8
None Remote Low Not required None None Complete
Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP.
388 CVE-2007-0647 DoS 2007-02-01 2008-09-05
7.1
None Remote Medium Not required None None Complete
Format string vulnerability in Help Viewer 3.0.0 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSBeginAlertSheet Apple AppKit function.
389 CVE-2007-0646 134 DoS 2007-02-01 2011-03-07
7.1
None Remote Medium Not required None None Complete
Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSRunCriticalAlertPanel Apple AppKit function.
390 CVE-2007-0645 DoS 2007-02-01 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
Format string vulnerability in iPhoto 6.0.5 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling certain Apple AppKit functions.
391 CVE-2007-0644 DoS 2007-02-01 2008-09-05
7.1
None Remote Medium Not required None None Complete
Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit functions.
392 CVE-2007-0556 DoS 2007-02-06 2018-10-16
6.6
None Remote High ??? Complete None Complete
The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server.
393 CVE-2007-0555 DoS 2007-02-06 2018-10-16
8.5
None Remote Low ??? Complete None Complete
PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content.
394 CVE-2007-0475 Overflow +Priv 2007-02-03 2011-03-08
4.4
None Local Medium Not required Partial Partial Partial
Multiple stack-based buffer overflows in utilities/smb4k_*.cpp in Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to gain privileges via unspecified vectors related to the args variable and unspecified other variables, in conjunction with the sudo configuration.
395 CVE-2007-0474 2007-02-03 2011-03-08
3.3
None Local Medium Not required None Partial Partial
Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to kill arbitrary processes, related to a "design issue with smb4k_kill."
396 CVE-2007-0473 +Info 2007-02-03 2011-03-08
1.9
None Local Medium Not required Partial None None
The writeFile function in core/smb4kfileio.cpp in Smb4K before 0.8.0 does not preserve /etc/sudoers permissions across modifications, which allows local users to obtain sensitive information (/etc/sudoers contents) by reading this file.
397 CVE-2007-0472 2007-02-03 2011-03-08
3.7
None Local High Not required Partial Partial Partial
Multiple race conditions in Smb4K before 0.8.0 allow local users to (1) modify arbitrary files via unspecified manipulations of Smb4K's lock file, which is not properly handled by the remove_lock_file function in core/smb4kfileio.cpp, and (2) add lines to the sudoers file via a symlink attack on temporary files, which isn't properly handled by the writeFile function in core/smb4kfileio.cpp.
398 CVE-2007-0459 DoS 2007-02-02 2017-10-11
5.0
None Remote Low Not required None None Partial
packet-tcp.c in the TCP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.4 allows remote attackers to cause a denial of service (application crash or hang) via fragmented HTTP packets.
399 CVE-2007-0458 DoS 2007-02-02 2017-10-11
4.3
None Remote Medium Not required None None Partial
Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors, a different issue than CVE-2006-5468.
400 CVE-2007-0457 DoS 2007-02-02 2017-10-11
4.3
None Remote Medium Not required None None Partial
Unspecified vulnerability in the IEEE 802.11 dissector in Wireshark (formerly Ethereal) 0.10.14 through 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
Total number of vulnerabilities : 534   Page : 1 2 3 4 5 6 7 8 (This Page)9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.