CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2007 (CVSS score >= 5)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2007-2967 20 DoS 2007-05-31 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files.
2 CVE-2007-2966 119 DoS Exec Code Overflow 2007-05-31 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the LHA decompression component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335.
3 CVE-2007-2965 +Priv 2007-05-31 2017-07-29
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in the Real-time Scanning component in multiple F-Secure products, including Internet Security 2005, 2006 and 2007; Anti-Virus 2005, 2006 and 2007; and Solutions based on F-Secure Protection Service for Consumers 6.40 and earlier allows local users to gain privileges via a crafted I/O request packet (IRP), related to IOCTL (Input/Output Control) and "access validation of the address space."
4 CVE-2007-2964 DoS 2007-05-31 2017-07-29
5.0
None Remote Low Not required None None Partial
The fsmsh.dll host module in F-Secure Policy Manager Server 7.00 and earlier allows remote attackers to cause a denial of service (application crash) via NTFS reserved words in filenames in URLs.
5 CVE-2007-2961 2007-05-31 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Unrestricted file upload vulnerability in FileCloset before 1.1.5 allows remote attackers to upload arbitrary PHP files via unspecified vectors.
6 CVE-2007-2960 Dir. Trav. 2007-05-31 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in Scallywag 2005-04-25 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin_name parameter to template.php in (1) skin/dark/, (2) skin/gold/, or (3) skin/original/, a different vector than CVE-2007-2900. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
7 CVE-2007-2959 Exec Code Sql 2007-05-31 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in manufacturer.php in cpCommerce before 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id_manufacturer parameter.
8 CVE-2007-2947 Exec Code File Inclusion 2007-05-31 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in OpenBASE Alpha 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the root_prefix parameter to (1) index.php, (2) email_subscribe.php, (3) download.php, or (4) development.php.
9 CVE-2007-2946 DoS Exec Code Overflow 2007-05-31 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in a certain ActiveX control in LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL) 14.5.0.44 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long DestinationPath property value.
10 CVE-2007-2945 2007-05-31 2018-10-16
5.0
None Remote Low Not required Partial None None
RMForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for rmforum.mdb.
11 CVE-2007-2944 264 2007-05-31 2018-10-16
5.0
None Remote Low Not required Partial None None
WabCMS 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/wabcmsn.mdb. NOTE: this issue was originally reported for "webCMS," but this was an error by an unreliable researcher.
12 CVE-2007-2943 Exec Code File Inclusion 2007-05-31 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in class/class.php in Webavis 0.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
13 CVE-2007-2942 Exec Code Sql 2007-05-31 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in user.php in My Little Forum 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
14 CVE-2007-2941 Exec Code File Inclusion 2007-05-31 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in the creator in vBulletin Google Yahoo Site Map (vBGSiteMap) 2.41 for vBulletin allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) vbgsitemap/vbgsitemap-config.php or (2) vbgsitemap/vbgsitemap-vbseo.php.
15 CVE-2007-2940 Exec Code File Inclusion 2007-05-31 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in FlaP 1.0b (1.0 Beta) allow remote attackers to execute arbitrary PHP code via a URL in the pachtofile parameter to (1) skin/html/table.php or (2) login.php.
16 CVE-2007-2939 Exec Code File Inclusion 2007-05-31 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Mazen's PHP Chat 3.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the basepath parameter to (1) ITX.php, (2) IT_Error.php, or (3) IT.php in include/pear/.
17 CVE-2007-2938 Exec Code Overflow 2007-05-31 2021-07-23
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoader100.dll) 5.4.0.6, when Internet Explorer 6 is used, allows remote attackers to execute arbitrary code via a long argument to the (1) Send485CMD method, and possibly the (2) SetLoginID, (3) AddSite, (4) SetScreen, and (5) SetVideoServer methods.
18 CVE-2007-2937 Exec Code File Inclusion 2007-05-31 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin/admin.php in TROforum 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the site_url parameter.
19 CVE-2007-2936 Exec Code File Inclusion 2007-05-31 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Frequency Clock 0.1b (Beta 0.1) allow remote attackers to execute arbitrary PHP code via a URL in the securelib parameter to (1) conf.php or (2) cp2.php.
20 CVE-2007-2935 Exec Code 2007-05-31 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
core/spellcheck/spellcheck.php in Fundanemt before 2.2.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dict parameter.
21 CVE-2007-2934 Dir. Trav. 2007-05-31 2017-10-11
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in skins/common.css.php in Vistered Little 1.6a allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter.
22 CVE-2007-2933 Exec Code Sql 2007-05-31 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the Phil-a-Form (com_philaform) 1.2.0.0 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the form_id parameter.
23 CVE-2007-2912 2007-05-30 2008-11-15
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in Jelsoft vBulletin before 3.6.6, when unauthenticated User Infraction Permissions is disabled, allows remote attackers to see the infraction "red flag" for a deleted user.
24 CVE-2007-2911 Exec Code Sql 2007-05-30 2017-07-29
8.5
None Remote Medium ??? Complete Complete Complete
SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached After" field (GPC['search']['datelineafter'] variable), a related issue to CVE-2007-1573.
25 CVE-2007-2906 DoS 2007-05-30 2008-11-13
5.0
None Remote Low Not required None None Partial
Java Embedding Plugin 0.9.6.1 allows remote attackers to cause a denial of service (browser crash) via a Thread subclass that calls super.run from its run method.
26 CVE-2007-2905 Exec Code Sql 2007-05-30 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the post_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
27 CVE-2007-2903 DoS Overflow 2007-05-30 2017-07-29
5.0
None Remote Low Not required None None Partial
Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries.
28 CVE-2007-2902 Exec Code Sql 2007-05-30 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in main/auth/my_progress.php in Dokeos 1.8.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the course parameter.
29 CVE-2007-2900 94 Exec Code File Inclusion 2007-05-30 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Scallywag 2005-04-25 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to template.php in (1) skin/dark/, (2) skin/gold/, or (3) skin/original/.
30 CVE-2007-2899 94 2007-05-30 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Direct static code injection vulnerability in admin_config.php in NavBoard 2.6.0 allows remote attackers to inject arbitrary PHP code into data/config.php via multiple parameters, as demonstrated via the threadperpage parameter in an editconfig action.
31 CVE-2007-2898 89 Exec Code Sql 2007-05-30 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php.
32 CVE-2007-2897 DoS Exec Code Bypass +Info 2007-05-30 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic); and might allow attackers with physical access to execute arbitrary code after connecting a data stream to a device COM port; via requests for a URI containing a '/' immediately before and after the name of a DOS device, as demonstrated by the /AUX/.aspx URI, which bypasses a blacklist for DOS device requests.
33 CVE-2007-2895 Exec Code Overflow 2007-05-30 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in a certain ActiveX control in LTRDF14e.DLL 14.5.0.44 in LeadTools Raster Dialog File Object allows remote attackers to execute arbitrary code via a long Directory property value.
34 CVE-2007-2893 119 Overflow +Priv 2007-05-30 2020-05-19
7.2
None Local Low Not required Complete Complete Complete
Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka "RX Frame heap overflow."
35 CVE-2007-2891 Exec Code File Inclusion 2007-05-30 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in FirmWorX 0.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bank_data[root] parameter to modules/bank/includes/design/main.inc.php, or the (2) fm_data[root] parameter to (a) includes/config/master.inc.php or (b) includes/functions/master.inc.php.
36 CVE-2007-2890 Exec Code Sql 2007-05-30 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in category.php in cpCommerce 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id_category parameter.
37 CVE-2007-2889 Exec Code Sql 2007-05-30 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the scormcontopen parameter.
38 CVE-2007-2888 Exec Code Overflow 2007-05-30 2017-10-11
7.6
None Remote High Not required Complete Complete Complete
Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows user-assisted remote attackers to execute arbitrary code via a long FILE string (filename) in a .cue file, a related issue to CVE-2007-2761. NOTE: some details are obtained from third party information.
39 CVE-2007-2886 DoS 2007-05-30 2017-07-29
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the Nortel CS 1000 M media card in Enterprise VoIP-Core-CS 1000E, 1000M, and 1000S 04.50W before 20070523 in Meridian/CS 1000 allows remote attackers to cause a denial of service (card hang) via unspecified vectors.
40 CVE-2007-2884 20 DoS Exec Code Overflow 2007-05-30 2017-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allow user-assisted remote attackers to cause a denial of service (CPU consumption) or execute arbitrary code via a Visual Basic Project (vbp) file with a long (1) Description or (2) Company Name (VersionCompanyName) field.
41 CVE-2007-2882 DoS 2007-05-30 2018-10-30
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the NFS client module in Sun Solaris 8 through 10 before 20070524, when operating as an NFS server, allows remote attackers to cause a denial of service (crash) via certain Access Control List (acl) packets.
42 CVE-2007-2881 Exec Code Overflow 2007-05-29 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the SOCKS proxy support (sockd) in Sun Java Web Proxy Server before 4.0.5 allow remote attackers to execute arbitrary code via crafted packets during protocol negotiation.
43 CVE-2007-2877 Overflow +Priv 2007-05-29 2017-07-29
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in tcl/win/tclWinReg.c in Tcl (Tcl/Tk) before 8.5a6 allows local users to gain privileges via long registry key paths.
44 CVE-2007-2866 Exec Code Sql 2007-05-25 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in modules/admin/modules/gallery.php in PHPEcho CMS 2.0-rc1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter and possibly other parameters. NOTE: some of these details are obtained from third party information.
45 CVE-2007-2865 XSS 2007-05-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter.
46 CVE-2007-2862 Exec Code Sql 2007-05-24 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow remote attackers to execute arbitrary SQL commands via an unspecified parameter to cart.inc.php and certain other files in an include directory, related to missing sanitization of the $option variable and possibly cookie modification.
47 CVE-2007-2861 Exec Code File Inclusion 2007-05-24 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Simple Accessible XHTML Online News (SAXON) 4.6 allow remote attackers to execute arbitrary PHP code via a URL in the template parameter to (1) news.php, (2) preview.php, or (3) archive-display.php.
48 CVE-2007-2860 +Priv 2007-05-24 2018-10-16
6.5
None Remote Low ??? Partial Partial Partial
user.php in BoastMachine 3.0 platinum allows remote authenticated users to gain privileges via a modified id parameter, as demonstrated by an edit_post action.
49 CVE-2007-2859 Exec Code File Inclusion 2007-05-24 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in SimpGB 1.46.0 allow remote attackers to execute arbitrary PHP code via a URL in the path_simpgb parameter to (1) guestbook.php, (2) search.php, (3) mailer.php, (4) avatars.php, (5) ccode.php, (6) comments.php, (7) emoticons.php, (8) gbdownload.php, and possibly other PHP scripts.
50 CVE-2007-2858 Exec Code Sql 2007-05-24 2018-10-16
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the IP-Search functionality in the IP-Tracking Mod for phpBB 2.0.x allows remote authenticated administrators to execute arbitrary SQL commands via the Search Query field.
Total number of vulnerabilities : 466   Page : 1 (This Page)2 3 4 5 6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.