CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In September 2007 (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2007-5141 89 Exec Code Sql 2007-09-28 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in search.php in SiteX CMS 0.7.3 Beta allows remote attackers to execute arbitrary SQL commands via the search parameter.
2 CVE-2007-5140 94 Exec Code File Inclusion 2007-09-28 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in includes/archive/archive_topic.php in IntegraMOD Nederland 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
3 CVE-2007-5139 94 Exec Code File Inclusion 2007-09-28 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin/include/header.php in chupix 0.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the repertoire parameter.
4 CVE-2007-5138 94 Exec Code File Inclusion 2007-09-28 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in forum/forum.php in lustig.cms BETA 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the view parameter.
5 CVE-2007-5137 119 Exec Code Overflow 2007-09-28 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl (Tcl/Tk) 8.4.13 through 8.4.15 allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the first. NOTE: this issue is due to an incorrect patch for CVE-2007-5378.
6 CVE-2007-5135 189 Exec Code 2007-09-27 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.
7 CVE-2007-5133 189 DoS Overflow 2007-09-27 2021-07-07
7.1
None Remote Medium Not required None None Complete
Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service (CPU consumption) via a certain PNG file with a large tEXt chunk that possibly triggers an integer overflow in PNG chunk size handling, as demonstrated by badlycrafted.png.
8 CVE-2007-5131 89 Exec Code Sql 2007-09-27 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Interspire ActiveKB NX 2.x allows remote attackers to execute arbitrary SQL commands via the catId parameter in a browse action. NOTE: it was separately reported that ActiveKB 1.5 is also affected.
9 CVE-2007-5126 2007-09-27 2008-11-15
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the client in Symantec Veritas Backup Exec for Windows Servers 11d has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
10 CVE-2007-5124 94 Exec Code 2007-09-27 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.5.3.12 and earlier allows remote attackers to execute arbitrary code via unspecified web script or HTML in an instant message, related to AIM's filtering of "specific tags and attributes" and the lack of Local Machine Zone lockdown. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4901.
11 CVE-2007-5123 89 Exec Code Sql 2007-09-27 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in notas.asp in Novus 1.0 allows remote attackers to execute arbitrary SQL commands via the nota_id parameter.
12 CVE-2007-5122 89 Exec Code Sql 2007-09-27 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in store_info.php in SoftBiz Classifieds PLUS allows remote attackers to execute arbitrary SQL commands via the id parameter.
13 CVE-2007-5117 94 Exec Code File Inclusion 2007-09-27 2017-10-19
9.3
None Remote Medium Not required Complete Complete Complete
Multiple PHP remote file inclusion vulnerabilities in FrontAccounting (FA) 1.13, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter to (1) access/login.php and (2) includes/lang/language.php, different vectors than CVE-2007-4279.
14 CVE-2007-5115 94 Exec Code File Inclusion 2007-09-26 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Ekke Doerre Contenido 42VariablVersion (42VV10) in contenido_hacks in Mods 4 Xoops Contenido eZ publish (pdf4cms) allow remote attackers to execute arbitrary PHP code via a URL in the cfgPathInc parameter to (1) main_upl.php, (2) main_con_editside.php, (3) main_news_rcp.php, (4) main_mod.php, (5) main_tplinput_edit.php, (6) main_con.php, (7) main_tpl.php, (8) main_con_sidelist.php, (9) main_str.php, (10) main_news.php, (11) main_tplinput.php, (12) main_lang.php, (13) main_mod_edit.php, (14) main_lay.php, (15) main_lay_edit.php, (16) main_news_send.php, (17) main_con_edittpl.php, (18) main_stat.php, (19) main_tpl_edit.php, (20) main_news_edit.php, or (21) inc/upl_show_uploads.inc.php; the (a) cfgPathContenido or (b) cfgPathTpl parameter to (22) con_show_sidelist.inc.php, (23) mod_show_modules.inc.php, (24) con_edit_form.inc.php, (25) lay_show_layouts.inc.php, (26) con_show_tree.inc.php, (27) news_show_newsletters.inc.php, (28) str_show_tree.inc.php, (29) tpl_show_templates.inc.php, (30) stat_show_tree.inc.php, (31) con_editcontent.inc.php, or (32) news_show_recipients.inc.php in inc/; or the cfgPathTpl parameter to (33) main_user_md5.php3, or (34) actions_mod.php, (35) actions_lay.php, (36) actions_upl.php, (37) actions_stat.php, (38) actions_news.php, (39) actions_str.php, (40) header.php, (41) actions_con_sidelist.php, (42) main_top.inc.php, (43) actions_tpl.php, or (44) actions_con.php in tpl/. NOTE: vectors 21, 24, 26, 27, 32, 34, 35, 36, 37, 38, 39, 40, 41, 43, and 44 are disputed by CVE because PHP encounters a fatal function-call error on a direct request for the file, before reaching the include statement.
15 CVE-2007-5114 94 Exec Code File Inclusion 2007-09-26 2008-11-15
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** PHP remote file inclusion vulnerability in include/plugin/block.t.php in Peter Schmidt phpmyProfiler 0.9.6b allows remote attackers to execute arbitrary PHP code via a URL in the pmp_rel_path parameter. NOTE: this issue is disputed by CVE because the applicable require_once is in a function that is not called on a direct request.
16 CVE-2007-5110 22 Dir. Trav. 2007-09-26 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Absolute path traversal vulnerability in the EbCrypt.eb_c_PRNGenerator.1 ActiveX control in EBCRYPT.DLL 2.0.0.2087 and earlier in EB Design ebCrypt allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveToFile method. NOTE: some of these details are obtained from third party information.
17 CVE-2007-5108 2007-09-26 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in IAC Search & Media ask.com toolbar has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. NOTE: this might be the same issue as CVE-2007-5107.
18 CVE-2007-5107 119 Exec Code Overflow 2007-09-26 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the AskJeevesToolBar.SettingsPlugin.1 ActiveX control in askBar.dll in IAC Search & Media ask.com Ask Toolbar 4.0.2.53 and earlier allows remote attackers to execute arbitrary code via a long ShortFormat property value. NOTE: some of these details are obtained from third party information. NOTE: the researcher claims that this is the same as CVE-2007-5108, but there is insufficient detail for CVE-2007-5108 to be certain.
19 CVE-2007-5104 89 Exec Code Sql 2007-09-26 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the Arcade module in bcoos 1.0.10 allows remote attackers to execute arbitrary SQL commands via the gid parameter in a play_game action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
20 CVE-2007-5103 22 Dir. Trav. 2007-09-26 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in config.inc.php in Wordsmith 1.0 RC1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _path parameter.
21 CVE-2007-5102 94 Exec Code File Inclusion 2007-09-26 2017-10-19
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in config.inc.php in Wordsmith 1.0 RC1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the _path parameter.
22 CVE-2007-5101 264 +Priv 2007-09-26 2017-07-29
7.2
None Local Low Not required Complete Complete Complete
ChironFS before 1.0 RC7 sets user/group ownership to the mounter account instead of the creator account when files are created, which allows local users to gain privileges.
23 CVE-2007-5100 94 Exec Code File Inclusion 2007-09-26 2011-03-08
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in phpBB Plus 1.53, and 1.53a before 20070922, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) language/lang_german/lang_admin_album.php, (2) language/lang_english/lang_main_album.php, and (3) language/lang_english/lang_admin_album.php, different vectors than CVE-2007-5009.
24 CVE-2007-5099 94 Exec Code File Inclusion 2007-09-26 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in show.php in David Watters Helplink 0.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
25 CVE-2007-5098 94 Exec Code File Inclusion 2007-09-26 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in DFD Cart 1.1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the set_depth parameter to (1) app.lib/product.control/core.php/product.control.config.php, or (2) customer.browse.list.php or (3) customer.browse.search.php in app.lib/product.control/core.php/customer.area/.
26 CVE-2007-5097 94 Exec Code File Inclusion 2007-09-26 2008-11-15
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** PHP remote file inclusion vulnerability in lib/classes/offl_nflteam.php in Online Fantasy Football League (OFFL) 0.2.6 allows remote attackers to execute arbitrary PHP code via a URL in the DOC_ROOT parameter. NOTE: this issue is disputed by CVE because a __FILE__ test protects offl_nflteam.php against direct requests.
27 CVE-2007-5096 94 Exec Code File Inclusion 2007-09-26 2008-11-15
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in modules/webmail2/inc/rfc822.php in guanxiCRM Business Solution 0.9.1 allows remote attackers to execute arbitrary PHP code via a URL in the webmail2_inc_dir parameter.
28 CVE-2007-5095 20 2007-09-26 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
Microsoft Windows Media Player (WMP) 9 on Windows XP SP2 invokes Internet Explorer to render HTML documents contained inside some media files, regardless of what default web browser is configured, which might allow remote attackers to exploit vulnerabilities in software that the user does not expect to run, as demonstrated by the HTMLView parameter in an .asx file.
29 CVE-2007-5094 119 Exec Code Overflow 2007-09-26 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in iaspam.dll in the SMTP Server in Ipswitch IMail Server 8.01 through 8.11 allows remote attackers to execute arbitrary code via a set of four different e-mail messages with a long boundary parameter in a certain malformed Content-Type header line, the string "MIME" by itself on a line in the header, and a long Content-Transfer-Encoding header line.
30 CVE-2007-5092 22 Dir. Trav. 2007-09-26 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in index.php in the Dance Music module for phpNuke, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in an ACCEPT_FILE array parameter to modules.php.
31 CVE-2007-5090 264 2007-09-26 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows attackers to corrupt data via unspecified vectors.
32 CVE-2007-5089 94 Exec Code File Inclusion 2007-09-26 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in php-inc/log.inc.php in sk.log 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SKIN_URL parameter.
33 CVE-2007-5079 Bypass 2007-09-25 2017-07-29
6.0
None Remote Medium ??? Partial Partial Partial
Red Hat Enterprise Linux 4 does not properly compile and link gdm with tcp_wrappers on x86_64 platforms, which might allow remote attackers to bypass intended access restrictions.
34 CVE-2007-5071 16 Exec Code 2007-09-24 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
Incomplete blacklist vulnerability in upload_img_cgi.php in Simple PHP Blog before 0.5.1 allows remote attackers to upload dangerous files and execute arbitrary code, as demonstrated by a filename ending in .php. or a .htaccess file, a different vector than CVE-2005-2733. NOTE: the vulnerability was also present in a 0.5.1 download available in the early morning of 20070923. NOTE: the original 20070920 disclosure provided an incorrect filename, img_upload_cgi.php.
35 CVE-2007-5070 119 Exec Code Overflow 2007-09-24 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the EasyMailMessagePrinter ActiveX control in emprint.DLL 6.0.1.0 in the Quiksoft EasyMail MessagePrinter Object allows remote attackers to execute arbitrary code via a long string in the first argument to the SetFont method.
36 CVE-2007-5069 22 Dir. Trav. 2007-09-24 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in data/compatible.php in the Nuke Mobile Entertainment 1 addon for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter.
37 CVE-2007-5068 89 Exec Code Sql 2007-09-24 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in phpFullAnnu (PFA) 6.0 allows remote attackers to execute arbitrary SQL commands via the mod parameter.
38 CVE-2007-5067 119 Exec Code Overflow 2007-09-24 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in iMatix Xitami Web Server 2.5c2 allow remote attackers to execute arbitrary code via a long If-Modified-Since header to (1) xigui32.exe or (2) xitami.exe.
39 CVE-2007-5066 20 Exec Code 2007-09-24 2017-07-29
9.0
None Remote Low ??? Complete Complete Complete
Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL.
40 CVE-2007-5065 94 Exec Code File Inclusion 2007-09-24 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin.slideshow1.php in the Flash Slide Show (com_slideshow) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
41 CVE-2007-5064 119 Exec Code Overflow 2007-09-24 2011-03-08
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in a certain ActiveX control in Xunlei Web Thunder 5.6.9.344, possibly the DapPlayer ActiveX control in DapPlayer_Now.dll, allows remote attackers to execute arbitrary code via a long first argument to the DownURL2 method. NOTE: some of these details are obtained from third party information.
42 CVE-2007-5062 264 2007-09-24 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
account.php in Adam Scheinberg Flip 3.0 and earlier allows remote attackers to create administrative accounts via the un parameter in a register action.
43 CVE-2007-5061 89 Exec Code Sql 2007-09-24 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in mods/banners/navlist.php in Clansphere 2007.4 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to index.php in a banners action.
44 CVE-2007-5057 287 Bypass 2007-09-24 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
NetSupport Manager Client before 10.20.0004 allows remote attackers to bypass the (1) basic and (2) authentication schemes by spoofing the NetSupport Manager.
45 CVE-2007-5056 94 Exec Code 2007-09-24 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter.
46 CVE-2007-5055 22 Dir. Trav. 2007-09-24 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in iziContents 1 RC6 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the admin_home parameter to modules/poll/poll_summary.php or (2) the rootdp parameter to include/db.php.
47 CVE-2007-5054 94 Exec Code File Inclusion 2007-09-24 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in iziContents 1 RC6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the gsLanguage parameter to (1) search/search.php, (2) poll/inlinepoll.php, (3) poll/showpoll.php, (4) links/showlinks.php, or (5) links/submit_links.php in modules/.
48 CVE-2007-5053 94 Exec Code 2007-09-24 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple incomplete blacklist vulnerabilities in iziContents 1 RC6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in (1) the admin_home parameter to modules/poll/poll_summary.php or (2) the rootdp parameter to include/db.php; or a URL in the language_home parameter to (3) search/search.php, (4) poll/inlinepoll.php, (5) poll/showpoll.php, (6) links/showlinks.php, or (7) links/submit_links.php in modules/; related to missing checks in (a) modules/moduleSec.php and (b) include/includeSec.php for inclusion of certain URLs, as demonstrated by an ftps:// URL.
49 CVE-2007-5050 22 Dir. Trav. 2007-09-24 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in index.php in Neuron News 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the q parameter.
50 CVE-2007-5048 119 Exec Code Overflow 2007-09-24 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in Lhaplus before 1.55 allows remote attackers to execute arbitrary code via a long filename in an ARJ archive.
Total number of vulnerabilities : 250   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.