CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2007

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
351 CVE-2007-4239 XSS 2007-08-08 2018-10-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in user/forgotPassStep2.jsp in the admin interface in C-SAM oneWallet 210_07062007;1.0 allows remote attackers to inject arbitrary web script or HTML via the loginID parameter.
352 CVE-2007-4238 +Priv 2007-08-08 2011-03-08
6.9
None Local Medium Not required Complete Complete Complete
AIX 5.2 and 5.3 install pioinit with user and group ownership of bin, which allows local users with bin or possibly printq privileges to gain root privileges by modifying pioinit.
353 CVE-2007-4237 Overflow +Priv 2007-08-08 2011-03-08
6.9
None Local Medium Not required Complete Complete Complete
Buffer overflow in the atm subset in arp in devices.common.IBM.atm.rte in AIX 5.2 and 5.3 allows local users to gain root privileges.
354 CVE-2007-4236 Overflow +Priv 2007-08-08 2011-03-08
6.9
None Local Medium Not required Complete Complete Complete
Buffer overflow in lpd in bos.rte.printers in AIX 5.2 and 5.3 allows local users with printq group privileges to gain root privileges.
355 CVE-2007-4235 Exec Code File Inclusion 2007-08-08 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Multiple PHP remote file inclusion vulnerabilities in VietPHP allow remote attackers to execute arbitrary PHP code via a URL in (1) the dirpath parameter to (a) _functions.php, or (2) the language parameter to (b) admin/index.php or (c) index.php.
356 CVE-2007-4234 2007-08-08 2018-08-13
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in Camera Life before 2.6 allows remote attackers to download private photos via unspecified vectors associated with the names of the photos. NOTE: some of these details are obtained from third party information.
357 CVE-2007-4233 DoS 2007-08-08 2018-08-13
4.3
None Remote Medium Not required None None Partial
Multiple unspecified vulnerabilities in Camera Life before 2.6 allow attackers to cause a denial of service via unknown vectors.
358 CVE-2007-4232 Exec Code File Inclusion 2007-08-08 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin/inc/change_action.php in Andreas Robertz PHPNews 0.93 allows remote attackers to execute arbitrary PHP code via a URL in the format_menue parameter.
359 CVE-2007-4231 Exec Code File Inclusion 2007-08-08 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in order/login.php in IDevSpot PhpHostBot 1.06 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the svr_rootscript parameter, a different vector than CVE-2007-4094 and CVE-2006-3776.
360 CVE-2007-4230 +Priv 2007-08-08 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** BellaBiblio allows remote attackers to gain administrative privileges via a bellabiblio cookie with the value "administrator." NOTE: this issue is disputed by CVE and multiple third parties because the cookie value must be an MD5 hash.
361 CVE-2007-4229 DoS 2007-08-08 2018-10-15
4.3
None Remote Medium Not required None None Partial
Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows remote attackers to cause a denial of service (failed assertion and application crash) via certain malformed HTML, as demonstrated by a document containing TEXTAREA, BUTTON, BR, BDO, PRE, FRAMESET, and A tags. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
362 CVE-2007-4228 DoS 2007-08-08 2017-07-29
4.7
None Local Medium Not required None None Complete
rmpvc on IBM AIX 4.3 allows local users to cause a denial of service (system crash) via long port logical name (-l) argument.
363 CVE-2007-4227 DoS 2007-08-08 2021-07-23
4.3
None Remote Medium Not required None None Partial
Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain JPG file, as demonstrated by something.jpg. NOTE: this issue might be related to CVE-2007-3958.
364 CVE-2007-4226 Dir. Trav. 2007-08-08 2018-10-15
7.1
None Remote High ??? Complete Complete Complete
Directory traversal vulnerability in the BlueCat Networks Proteus IPAM appliance 2.0.2.0 (Adonis DNS/DHCP appliance 5.0.2.8) allows remote authenticated administrators, with certain TFTP privileges, to create and overwrite arbitrary files via a .. (dot dot) in a pathname. NOTE: this can be leveraged for administrative access by overwriting /etc/shadow.
365 CVE-2007-4225 2007-08-08 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion.
366 CVE-2007-4224 59 2007-08-08 2018-10-15
4.3
None Remote Medium Not required None Partial None
KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property.
367 CVE-2007-4221 119 DoS Exec Code Overflow 2007-08-29 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Motorola Timbuktu Pro before 8.6.5 for Windows allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via (1) a long user name and (2) certain malformed requests; and (3) allow remote Timbuktu servers to have an unknown impact via a malformed HELLO response, related to the Scanner component and possibly related to a malformed computer name.
368 CVE-2007-4220 22 Dir. Trav. 2007-08-29 2017-07-29
7.8
None Remote Low Not required None Complete None
Directory traversal vulnerability in Motorola Timbuktu Pro before 8.6.5 for Windows allows remote attackers to create or delete arbitrary files via a .. (dot dot) in a Send request, probably related to the (1) Send and (2) Exchange services.
369 CVE-2007-4219 189 Exec Code Overflow 2007-08-22 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as used by the ServerProtect service (SpntSvc.exe), in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a certain integer field in a request packet to TCP port 5168, which triggers a heap-based buffer overflow.
370 CVE-2007-4218 119 Exec Code Overflow 2007-08-22 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allow remote attackers to execute arbitrary code via certain RPC requests to certain TCP ports that are processed by the (1) RPCFN_ENG_NewManualScan, (2) RPCFN_ENG_TimedNewManualScan, and (3) RPCFN_SetComputerName functions in (a) StRpcSrv.dll; the (4) RPCFN_CMON_SetSvcImpersonateUser and (5) RPCFN_OldCMON_SetSvcImpersonateUser functions in (b) Stcommon.dll; the (6) RPCFN_ENG_TakeActionOnAFile and (7) RPCFN_ENG_AddTaskExportLogItem functions in (c) Eng50.dll; the (8) NTF_SetPagerNotifyConfig function in (d) Notification.dll; or the (9) RPCFN_CopyAUSrc function in the (e) ServerProtect Agent service.
371 CVE-2007-4216 20 +Priv 2007-08-21 2018-10-15
7.2
None Local Low Not required Complete Complete Complete
vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before 7.0.362 allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in a METHOD_NEITHER (1) IOCTL 0x8400000F or (2) IOCTL 0x84000013 request, which can be used to overwrite arbitrary memory locations.
372 CVE-2007-4213 DoS 2007-08-21 2018-10-15
7.1
None Remote Medium Not required None None Complete
Palm OS on Treo 650, 680, 700p, and 755p Smart phones allows remote attackers to cause a denial of service (device reset or hang) via a flood of large ICMP echo requests. NOTE: this is probably a different vulnerability than CVE-2003-0293.
373 CVE-2007-4212 XSS 2007-08-08 2018-10-15
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Search Module in PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via a trailing "<" instead of a ">" in (1) the onerror attribute of an IMG element, (2) the onload attribute of an IFRAME element, or (3) redirect users to other sites via the META tag.
374 CVE-2007-4211 2007-08-08 2017-09-29
6.0
None Remote Medium ??? Partial Partial Partial
The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
375 CVE-2007-4210 Exec Code Sql 2007-08-08 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid parameter in a view action in the GALLERY Modules.
376 CVE-2007-4209 Exec Code Sql 2007-08-08 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Recherche.php in Aceboard forum allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
377 CVE-2007-4208 Exec Code Sql 2007-08-08 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in default.asp in Next Gen Portfolio Manager allows remote attackers to execute arbitrary SQL commands via the (1) Users_Email or (2) Users_Password parameter in an ExecuteTheLogin action.
378 CVE-2007-4207 89 Exec Code Sql 2007-08-08 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin_console/index.asp in Gallery In A Box allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password field. NOTE: these fields might be associated with the txtUsername and txtPassword parameters.
379 CVE-2007-4206 +Priv 2007-08-08 2017-07-29
4.4
None Local Medium Not required Partial Partial Partial
Kaspersky Anti-Spam 3.0 MP1 before Critical Fix 2 (3.0.278.4) sets incorrect permissions for application files in certain upgrade scenarios, which might allow local users to gain privileges.
380 CVE-2007-4205 DoS 2007-08-08 2018-10-15
7.1
None Remote Medium Not required None None Complete
XHA (Linux-HA) on the BlueCat Networks Adonis DNS/DHCP Appliance 5.0.2.8 allows remote attackers to cause a denial of service (heartbeat control process crash) via a UDP packet to port 694. NOTE: this may be the same as CVE-2006-3121.
381 CVE-2007-4204 +Info 2007-08-08 2017-07-29
3.5
None Remote Medium ??? Partial None None
Hitachi Groupmax Collaboration - Schedule, as used in Groupmax Collaboration Portal 07-32 through 07-32-/B, uCosminexus Collaboration Portal 06-32 through 06-32-/B, and Groupmax Collaboration Web Client - Mail/Schedule 07-32 through 07-32-/A, can assign schedule data to the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information.
382 CVE-2007-4203 287 2007-08-08 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Session fixation vulnerability in Mambo 4.6.2 CMS allows remote attackers to hijack web sessions by setting the Cookie parameter.
383 CVE-2007-4202 2007-08-08 2018-10-15
4.3
None Remote Medium Not required None Partial None
Guidance Software EnCase Enterprise Edition (EEE) 6 does not properly verify the identity of the acquisition target during communication with the EnCase Servlet (EEE servlet), which might allow remote attackers to spoof the disk image.
384 CVE-2007-4201 2007-08-08 2018-10-15
5.0
None Remote Low Not required None None Partial
Guidance Software EnCase 6.2 and 6.5 does not properly handle a volume with more than 25 partitions, which might allow remote attackers to prevent examination of certain data, a related issue to CVE-2007-4035.
385 CVE-2007-4200 DoS 2007-08-08 2018-10-15
4.3
None Remote Medium Not required None None Partial
ntfs.c in fsstat in Brian Carrier The Sleuth Kit (TSK) before 2.09 interprets a certain variable as a byte count rather than a count of 32-bit integers, which allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image.
386 CVE-2007-4199 DoS 2007-08-08 2018-10-15
4.3
None Remote Medium Not required None None Partial
Brian Carrier The Sleuth Kit (TSK) before 2.09 allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image that triggers (1) dereference of a certain integer value by ntfs_dent.c in fls, or (2) dereference of a certain other integer value by ntfs.c in fsstat.
387 CVE-2007-4198 DoS 2007-08-08 2018-10-15
4.3
None Remote Medium Not required None None Partial
The fs_data_put_str function in ntfs.c in fls in Brian Carrier The Sleuth Kit (TSK) before 2.09 does not validate a certain length value, which allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image, which triggers a buffer over-read.
388 CVE-2007-4197 DoS 2007-08-08 2018-10-15
4.3
None Remote Medium Not required None None Partial
icat in Brian Carrier The Sleuth Kit (TSK) before 2.09 omits NULL pointer checks in certain code paths, which allows user-assisted remote attackers to cause a denial of service (NULL dereference and application crash) and prevent examination of certain NTFS files via a malformed NTFS image.
389 CVE-2007-4196 DoS 2007-08-08 2018-10-15
4.3
None Remote Medium Not required None None Partial
icat in Brian Carrier The Sleuth Kit (TSK) before 2.09 misinterprets a certain memory location as the holder of a loop iteration count, which allows user-assisted remote attackers to cause a denial of service (long loop) and prevent examination of certain NTFS files via a malformed NTFS image.
390 CVE-2007-4195 DoS 2007-08-08 2018-10-15
4.3
None Remote Medium Not required None None Partial
Use-after-free vulnerability in ext2fs.c in Brian Carrier The Sleuth Kit (TSK) before 2.09 allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain ext2fs files via a malformed ext2fs image.
391 CVE-2007-4194 DoS 2007-08-08 2018-10-15
4.3
None Remote Medium Not required None None Partial
Guidance Software EnCase 5.0 allows user-assisted remote attackers to cause a denial of service (stack memory consumption) and possibly have other unspecified impact via a malformed file, related to "EnCase's file system parsing." NOTE: this information is based upon a vague pre-advisory. It might overlap CVE-2007-4036.
392 CVE-2007-4193 CSRF 2007-08-08 2017-07-29
4.3
None Remote Medium Not required None Partial None
Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in IDE Group DVD Rental System (DRS) 5.1 before 20070801 allow remote attackers to perform certain actions as arbitrary users, as demonstrated by (1) modifying data or (2) canceling a subscription. NOTE: it is not clear whether IDE Group updates all DRS installations in its role as an application service provider. If so, then this issue should not be included in CVE.
393 CVE-2007-4192 XSS 2007-08-08 2017-07-29
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in IDE Group DVD Rental System (DRS) 5.1 before 20070801 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is not clear whether IDE Group updates all DRS installations in its role as an application service provider. If so, then this issue should not be included in CVE.
394 CVE-2007-4191 2007-08-08 2018-10-15
6.9
None Local Medium Not required Complete Complete Complete
Panda Antivirus 2008 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying PAVSRV51.EXE or other unspecified files, a related issue to CVE-2006-4657.
395 CVE-2007-4190 74 XSS Http R.Spl. 2007-08-08 2021-10-01
4.3
None Remote Medium Not required None Partial None
CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. NOTE: some of these details are obtained from third party information.
396 CVE-2007-4189 79 XSS 2007-08-08 2021-10-01
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the (1) com_search, (2) com_content, and (3) mod_login components. NOTE: some of these details are obtained from third party information.
397 CVE-2007-4188 384 2007-08-08 2021-10-01
9.3
None Remote Medium Not required Complete Complete Complete
Session fixation vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to hijack administrative web sessions via unspecified vectors.
398 CVE-2007-4187 94 Exec Code 2007-08-08 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
Multiple eval injection vulnerabilities in the com_search component in Joomla! 1.5 beta before RC1 (aka Mapya) allow remote attackers to execute arbitrary PHP code via PHP sequences in the searchword parameter, related to default_results.php in (1) components/com_search/views/search/tmpl/ and (2) templates/beez/html/com_search/search/.
399 CVE-2007-4186 Exec Code File Inclusion 2007-08-08 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin.tour_toto.php in the Tour de France Pool (com_tour_toto) 1.0.1 module for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
400 CVE-2007-4185 +Info 2007-08-08 2018-10-15
5.0
None Remote Low Not required Partial None None
Joomla! 1.0.12 allows remote attackers to obtain sensitive information via a direct request for (1) Stat.php (2) OutputFilter.php, (3) OutputCache.php, (4) Modifier.php, (5) Reader.php, and (6) TemplateCache.php in includes/patTemplate/patTemplate/; (7) includes/Cache/Lite/Output.php; and other unspecified components, which reveal the path in various error messages.
Total number of vulnerabilities : 522   Page : 1 2 3 4 5 6 7 8 (This Page)9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.