| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2006-5276 |
|
|
Exec Code Overflow |
2007-02-20 |
2018-10-17 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic. |
|
2 |
CVE-2006-6490 |
|
|
Exec Code Overflow |
2007-02-22 |
2018-10-17 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message. |
|
3 |
CVE-2006-6997 |
287 |
|
|
2007-02-12 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in a cryptographic feature in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 leads to "weakened authentication security" with unknown impact and attack vectors. NOTE: due to lack of details, it is not clear whether this is the same as CVE-2006-1792. |
|
4 |
CVE-2006-7012 |
|
|
Exec Code |
2007-02-15 |
2018-10-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
scart.cgi in SCart 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter of a show_text action. |
|
5 |
CVE-2006-7015 |
|
|
Exec Code File Inclusion |
2007-02-15 |
2018-10-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** PHP remote file inclusion vulnerability in admin.jobline.php in Jobline 1.1.1 allows remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path parameter. NOTE: CVE disputes this issue because the script is protected against direct requests. |
|
6 |
CVE-2006-7018 |
|
|
Exec Code |
2007-02-15 |
2017-07-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via a crafted argument to the nome_evento parameter to phpwcms_code_snippets/mail_file_form.php and (2) sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function. |
|
7 |
CVE-2006-7022 |
|
|
|
2007-02-15 |
2018-10-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepresent the contents of a web page via an arbitrary URL in the url parameter to a showhtml action for index.php, which causes the URL to be displayed within an iframe. |
|
8 |
CVE-2006-7027 |
|
|
|
2007-02-23 |
2018-10-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks. |
|
9 |
CVE-2006-7032 |
|
|
Exec Code File Inclusion |
2007-02-23 |
2017-10-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
PHP remote file inclusion vulnerability in phpbb/getmsg.php in FlashBB 1.1.5 and earlier allows remote attackers to execute arbitrary code via a URL in the phpbb_root_path parameter. |
|
10 |
CVE-2006-7036 |
|
|
Exec Code File Inclusion |
2007-02-23 |
2018-10-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
PHP remote file inclusion vulnerability in register.php for Andys Chat 4.5 allows remote attackers to execute arbitrary code via the action parameter. NOTE: this issue was announced by an unreliable researcher, but the vendor is no longer distributing the product, so the original claims can not be evaluated. |
|
11 |
CVE-2006-7052 |
|
|
Exec Code File Inclusion |
2007-02-24 |
2017-07-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple PHP remote file inclusion vulnerabilities in DotWidget For Articles (dotwidgeta) 0.2 allow remote attackers to execute arbitrary code via a URL in the (1) file_path parameter to (a) index.php, (b) showcatpicks.php, and (c) showarticle.php; and the (2) admin_header_file and (3) admin_footer_file parameters to (d) admin/authors.php, (e) admin/index.php, (f) admin/categories.php, (g) admin/editconfig.php, and (h) admin/articles.php. |
|
12 |
CVE-2007-0217 |
|
|
Exec Code |
2007-02-13 |
2021-07-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption. |
|
13 |
CVE-2007-0219 |
|
|
Exec Code |
2007-02-13 |
2021-07-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697. |
|
14 |
CVE-2007-0446 |
|
|
Exec Code Overflow |
2007-02-08 |
2018-10-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in magentproc.exe for Hewlett-Packard Mercury LoadRunner Agent 8.0 and 8.1, Performance Center Agent 8.0 and 8.1, and Monitor over Firewall 8.1 allows remote attackers to execute arbitrary code via a packet with a long server_ip_name field to TCP port 54345, which triggers the overflow in mchan.dll. |
|
15 |
CVE-2007-0841 |
|
|
|
2007-02-08 |
2011-03-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have unknown impact and remote attack vectors. NOTE: the vector related to Drupal is covered by CVE-2007-0626. These vulnerabilities might be associated with other CVE identifiers. |
|
16 |
CVE-2007-0863 |
|
|
Exec Code File Inclusion |
2007-02-09 |
2008-11-15 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** PHP remote file inclusion vulnerability in Trevorchan 0.7 and earlier allows remote attackers to execute arbitrary code via the tc_config[rootdir] parameter to (1) upgrade.php, (2) paint_save.php, (3) menu.php, (4) manage.php, and (5) banned.php. NOTE: his issue has been disputed by reliable third parties, who state that the variable is set before use in config.php. |
|
17 |
CVE-2007-0882 |
94 |
|
|
2007-02-12 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account. |
|
18 |
CVE-2007-0886 |
119 |
|
DoS Exec Code Overflow |
2007-02-12 |
2017-10-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via certain base64-encoded data on the pop3 port (110/tcp), which triggers an integer overflow. |
|
19 |
CVE-2007-0888 |
|
|
Dir. Trav. |
2007-02-12 |
2018-10-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET or (2) PUT command. |
|
20 |
CVE-2007-0903 |
|
|
|
2007-02-13 |
2017-07-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the mod_roster_odbc module in ejabberd before 1.1.3 has unknown impact and attack vectors. |
|
21 |
CVE-2007-0910 |
|
|
|
2007-02-13 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors. |
|
22 |
CVE-2007-0915 |
|
|
+Priv |
2007-02-14 |
2017-07-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers to overwrite arbitrary files and gain privileges via a crafted RPC request. |
|
23 |
CVE-2007-0949 |
|
|
Exec Code Overflow |
2007-02-15 |
2017-10-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in iTinySoft Studio Total Video Player 1.03, and possibly earlier, allows remote attackers to execute arbitrary code via a M3U playlist file that contains a long file name. NOTE: it was later reported that 1.20 and 1.30 are also affected. |
|
24 |
CVE-2007-0954 |
|
|
|
2007-02-15 |
2011-03-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
MOHA Chat 0.1b7 and earlier does not require authentication for use of the plug in API, which has unknown impact and attack vectors. |
|
25 |
CVE-2007-0976 |
|
|
Exec Code Overflow |
2007-02-16 |
2017-10-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the ActSoft DVD-Tools ActiveX control (dvdtools.ocx) allows remote attackers to execute arbitrary code via a long DVD_TOOLS.OpenDVD property value. |
|
26 |
CVE-2007-0980 |
|
|
|
2007-02-16 |
2011-03-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in HP Serviceguard for Linux; packaged for SuSE SLES8 and United Linux 1.0 before SG A.11.15.07, SuSE SLES9 and SLES10 before SG A.11.16.10, and Red Hat Enterprise Linux (RHEL) before SG A.11.16.10; allows remote attackers to obtain unauthorized access via unspecified vectors. |
|
27 |
CVE-2007-1006 |
134 |
|
DoS Exec Code |
2007-02-20 |
2017-10-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause a denial of service and possibly execute arbitrary code via a crafted Q.931 SETUP packet. |
|
28 |
CVE-2007-1007 |
|
|
DoS Exec Code |
2007-02-20 |
2017-10-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function. |
|
29 |
CVE-2007-1013 |
|
|
Exec Code File Inclusion |
2007-02-21 |
2017-10-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
PHP remote file inclusion vulnerability in generate.php in VirtualSystem Htaccess Passwort Generator 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the ht_pfad parameter. |
|
30 |
CVE-2007-1014 |
|
|
DoS Exec Code Overflow |
2007-02-21 |
2017-10-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in VicFTPS before 5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long CWD command. |
|
31 |
CVE-2007-1015 |
|
|
Exec Code Sql |
2007-02-21 |
2017-10-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
SQL injection vulnerability in HaberDetay.asp in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
32 |
CVE-2007-1021 |
|
|
Exec Code Sql |
2007-02-21 |
2017-10-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
SQL injection vulnerability in inc_listnews.asp in CodeAvalanche News 1.x allows remote attackers to execute arbitrary SQL commands via the CAT_ID parameter. |
|
33 |
CVE-2007-1024 |
|
|
Exec Code File Inclusion |
2007-02-21 |
2018-10-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
PHP remote file inclusion vulnerability in include.php in Meganoide's news 1.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter. |
|
34 |
CVE-2007-1039 |
|
|
|
2007-02-21 |
2017-07-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Peanut Knowledge Base (PeanutKB) 0.0.3 and earlier has unknown impact and attack vectors. |
|
35 |
CVE-2007-1045 |
264 |
|
+Priv |
2007-02-21 |
2018-10-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
mAlbum 0.3 has default accounts (1) "login"/"pass" for its administrative account and (2) "dqsfg"/"sdfg", which allows remote attackers to gain privileges. |
|
36 |
CVE-2007-1052 |
|
|
Exec Code File Inclusion |
2007-02-21 |
2018-10-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** PHP remote file inclusion vulnerability in index.php in PBLang (PBL) 4.60 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the dbpath parameter, a different vector than CVE-2006-5062. NOTE: this issue has been disputed by a reliable third party for 4.65, stating that the dbpath variable is initialized in an included file that is created upon installation. |
|
37 |
CVE-2007-1053 |
|
|
Exec Code File Inclusion |
2007-02-21 |
2018-10-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in phpXmms 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the tcmdp parameter to (1) phpxmmsb.php or (2) phpxmmst.php. NOTE: this issue has been disputed by a reliable third party, stating that the tcmdp variable is initialized by config.php. |
|
38 |
CVE-2007-1062 |
287 |
|
Bypass |
2007-02-22 |
2019-05-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and Station 7936 3.3(12) and earlier does not properly handle administrator HTTP sessions, which allows remote attackers to bypass authentication controls via a direct URL request to the administrative HTTP interface for a limited time |
|
39 |
CVE-2007-1063 |
798 |
|
|
2007-02-22 |
2019-05-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device. |
|
40 |
CVE-2007-1070 |
|
|
Exec Code Overflow |
2007-02-21 |
2018-10-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll. |
|
41 |
CVE-2007-1073 |
|
|
Exec Code |
2007-02-22 |
2018-10-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Static code injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary PHP code via the bgcolor parameter, which is inserted into mcrconf.inc.php. |
|
42 |
CVE-2007-1093 |
94 |
|
DoS Exec Code |
2007-02-26 |
2017-07-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager (NNM) before 07-10-05, and before 08-00-02 in the 08-x series, allow remote attackers to execute arbitrary code, cause a denial of service, or trigger invalid Web utility behavior. |
|
43 |
CVE-2007-1097 |
20 |
|
Exec Code |
2007-02-26 |
2017-07-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unrestricted file upload vulnerability in the onAttachFiles function in the upload tool (inc/lib/attachment.lib.php) in Wiclear before 0.11.1 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to filename validation. NOTE: some details were obtained from third party information. |
|
44 |
CVE-2007-1117 |
|
|
Exec Code |
2007-02-27 |
2008-11-15 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source. |
|
45 |
CVE-2007-0921 |
|
|
|
2007-02-14 |
2018-10-16 |
9.4 |
None |
Remote |
Low |
Not required |
None |
Complete |
Complete |
|
Portal Search allows remote attackers to redirect a URL to an arbitrary web site by placing the URL in the query string to the top-level URI. |
|
46 |
CVE-2006-1311 |
|
|
Exec Code Mem. Corr. |
2007-02-13 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption. |
|
47 |
CVE-2006-3448 |
119 |
|
Exec Code Overflow |
2007-02-13 |
2018-10-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212. |
|
48 |
CVE-2006-4697 |
|
|
Exec Code |
2007-02-13 |
2021-07-23 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193. |
|
49 |
CVE-2006-5270 |
|
|
Exec Code Overflow |
2007-02-13 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the Microsoft Malware Protection Engine (mpengine.dll), as used by Windows Live OneCare, Antigen, Defender, and Forefront Security, allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file. |
|
50 |
CVE-2006-7046 |
94 |
|
Exec Code File Inclusion |
2007-02-24 |
2008-09-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
PHP remote file inclusion vulnerability in cmpro.intern/login.inc.php for Clan Manager Pro (CMPRO) 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
