CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2007

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
451 CVE-2007-1242 Exec Code Sql 2007-03-03 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in system/index.php in Audins Audiens 3.3 allows remote attackers to execute arbitrary SQL commands via the PHPSESSID cookie. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
452 CVE-2007-1241 XSS 2007-03-03 2017-07-29
5.8
None Remote Medium Not required Partial Partial None
Cross-site scripting (XSS) vulnerability in setup.php in Audins Audiens 3.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
453 CVE-2007-1240 79 XSS 2007-03-03 2017-07-29
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS 3.0.3 through 3.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the searchkey parameter to index.php, or the (2) sn or (3) ri parameter to modules/htmlframechat/index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
454 CVE-2007-1239 DoS 2007-03-03 2018-10-16
4.3
None Remote Medium Not required None None Partial
Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference.
455 CVE-2007-1238 399 DoS 2007-03-03 2018-10-16
4.3
None Remote Medium Not required None None Partial
Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file.
456 CVE-2007-1237 200 +Info 2007-03-03 2018-10-16
5.0
None Remote Low Not required Partial None None
sitex allows remote attackers to obtain potentially sensitive information via a ' (quote) value for certain parameters, as demonstrated by parameters used in forum and search, which forces a SQL error.
457 CVE-2007-1236 +Info 2007-03-03 2018-10-16
6.4
None Remote Low Not required Partial Partial None
sitex allows remote attackers to obtain sensitive information via a request with a numerical value for the (1) sxMonth[] or (2) sxYear[] parameter to calendar.php, or the (3) page[] parameter to calendar_events.php, which reveals the path in various error messages.
458 CVE-2007-1235 20 2007-03-03 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Unrestricted file upload vulnerability in sitex allows remote attackers to upload arbitrary PHP code via an avatar filename with a double extension such as .php.jpg, which fails verification and is saved as a .php file.
459 CVE-2007-1234 79 XSS 2007-03-03 2018-10-16
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in sitex allow remote attackers to inject arbitrary web script or HTML via (1) the sxYear parameter to calendar.php, (2) the search parameter to search.php, (3) the linkid parameter to redirect.php, or (4) the page parameter to calendar_events.php.
460 CVE-2007-1233 94 Exec Code File Inclusion 2007-03-03 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in downloadcounter.php in STWC-Counter 3.4.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the stwc_counter_verzeichniss parameter.
461 CVE-2007-1232 Dir. Trav. 2007-03-03 2018-10-16
5.1
None Remote High Not required Partial Partial Partial
Directory traversal vulnerability in SQLiteManager 1.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in a SQLiteManager_currentTheme cookie.
462 CVE-2007-1231 79 XSS 2007-03-03 2018-10-16
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) database name, (2) table name, (3) ViewName, (4) view, (5) trigger, and (6) function fields in main.php and certain other files.
463 CVE-2007-1230 XSS 2007-03-02 2011-03-08
5.8
None Remote Medium Not required Partial Partial None
Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via (1) the Referer HTTP header or (2) the URI, a different vulnerability than CVE-2007-1049.
464 CVE-2007-1229 79 XSS 2007-03-02 2018-10-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the top-level URI on the Incoming interface (port 8001/tcp), which is not properly handled in the administrator interface when viewing the log file.
465 CVE-2007-1228 287 2007-03-02 2009-02-11
4.4
None Local Medium ??? Complete None None
IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories.
466 CVE-2007-1227 264 Exec Code 2007-03-02 2018-10-16
6.6
None Local Medium ??? Complete Complete Complete
VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 allow local users to change permissions of arbitrary files via a symlink attack on /Library/Application Support/Virex/VShieldExclude.txt, as demonstrated by symlinking to the root crontab file to execute arbitrary commands.
467 CVE-2007-1226 2007-03-02 2018-10-16
4.1
None Local Medium ??? Partial Partial Partial
McAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak permissions (0666) for /Library/Application Support/Virex/VShieldExclude.txt, which allows local users to reconfigure Virex to skip scanning of arbitrary files.
468 CVE-2007-1225 2007-03-02 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
The connection log file implementation in Grok Developments NetProxy 4.03 does not record requests that omit http:// in a URL, which might allow remote attackers to conduct unauthorized activities and avoid detection.
469 CVE-2007-1224 Bypass 2007-03-02 2017-10-11
5.0
None Remote Low Not required Partial None None
Grok Developments NetProxy 4.03 allows remote attackers to bypass URL filtering via a request that omits "http://" from the URL and specifies the destination port (:80).
470 CVE-2007-1223 DoS 2007-03-02 2017-07-29
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Hitachi OSAS/FT/W before 20070223 allows attackers to cause a denial of service (responder control processing halt) by sending "data unexpectedly through the port".
471 CVE-2007-1222 Exec Code 2007-03-02 2008-11-15
7.2
None Local Low Not required Complete Complete Complete
Parallels Desktop for Mac before 20070216 implements Drag and Drop by sharing the entire host filesystem as the .psf share, which allows local users of the guest operating system to write arbitrary files to the host filesystem, and execute arbitrary code via launchd by writing a plist file to a LaunchAgents directory.
472 CVE-2007-1221 Exec Code Bypass 2007-03-02 2018-10-16
7.2
None Local Low Not required Complete Complete Complete
The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows attackers with physical access to force execution of the hypervisor syscall with a certain register set, which bypasses intended code protection.
473 CVE-2007-1220 Exec Code Bypass 2007-03-02 2018-10-16
6.2
None Local High Not required Complete Complete Complete
The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not properly verify the parameters passed to the syscall dispatcher, which allows attackers with physical access to bypass code-signing requirements and execute arbitrary code.
474 CVE-2007-1219 Exec Code File Inclusion 2007-03-02 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in actions/del.php in Admin Phorum 3.3.1a allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
475 CVE-2007-1218 119 DoS Overflow 2007-03-02 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. NOTE: this was originally referred to as heap-based, but it might be stack-based.
476 CVE-2007-1217 119 DoS Overflow +Priv 2007-03-02 2018-10-30
6.9
None Local Medium Not required Complete Complete Complete
Buffer overflow in the bufprint function in capiutil.c in libcapi, as used in Linux kernel 2.6.9 to 2.6.20 and isdn4k-utils, allows local users to cause a denial of service (crash) and possibly gain privileges via a crafted CAPI packet.
477 CVE-2007-1199 2007-03-02 2017-07-29
4.3
None Remote Medium Not required Partial None None
Adobe Reader and Acrobat Trial allow remote attackers to read arbitrary files via a file:// URI in a PDF document, as demonstrated with <</URI(file:///C:/)/S/URI>>, a different issue than CVE-2007-0045.
478 CVE-2007-1198 XSS 2007-03-02 2008-11-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in TaskFreak! before 0.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a variant of CVE-2007-0982.
479 CVE-2007-1197 XSS 2007-03-02 2008-11-15
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Epiware before 4.7.5 have unknown impact and attack vectors, possibly related to cross-site scripting (XSS) and other unspecified issues.
480 CVE-2007-1196 Exec Code 2007-03-02 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Citrix Presentation Server Client for Windows before 10.0 allows remote web sites to execute arbitrary code via unspecified vectors, related to the implementation of ICA connectivity through proxy servers.
481 CVE-2007-1195 Exec Code Overflow 2007-03-02 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in XM Easy Personal FTP Server 5.3.0 allow remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might overlap CVE-2006-2225, CVE-2006-2226, or CVE-2006-5728.
482 CVE-2007-1194 200 +Info 2007-03-02 2018-10-16
2.1
None Local Low Not required Partial None None
Norman SandBox Analyzer does not use the proper range for Interrupt Descriptor Table (IDT) entries, which allows local users to determine that the local machine is an emulator, or a similar environment not based on a physical Intel processor, which allows attackers to produce malware that is more difficult to analyze.
483 CVE-2007-1193 2007-03-02 2011-03-08
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the Login page in OrangeHRM before 20070212 have unknown impact and attack vectors.
484 CVE-2007-1192 2007-03-02 2008-11-15
5.0
None Remote Low Not required Partial None None
Thomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an admin password hash via a direct request for data/gbconfiguration.dat.
485 CVE-2007-1191 +Info 2007-03-02 2017-07-29
2.1
None Local Low Not required Partial None None
The Social Bookmarks (del.icio.us) plug-in 8F in Quicksilver writes usernames and passwords in plaintext to the /Library/Logs/Console/UID/Console.log file, which allows local users to obtain sensitive information by reading this file.
486 CVE-2007-1190 Exec Code 2007-03-02 2008-11-15
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in the EmbeddedWB Web Browser ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
487 CVE-2007-1189 Overflow +Priv 2007-03-02 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
Integer overflow in the envwrite function in the Alcatel-Lucent Bell Labs Plan 9 kernel allows local users to overwrite certain memory addresses with kernel memory via a large n argument, as demonstrated by (1) modifying the iseve function to gain privileges and (2) making the devpermcheck function grant unrestricted device permissions.
488 CVE-2007-1188 2007-03-02 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
WebAPP before 0.9.9.5 allows remote attackers to submit Search form input that is not checked for (1) composition or (2) length, which has unknown impact, possibly related to "search form hijacking".
489 CVE-2007-1187 +Info 2007-03-02 2011-03-08
5.5
None Remote Low ??? Partial Partial None
WebAPP before 0.9.9.5 allows remote authenticated users, without admin privileges, to obtain sensitive information via (1) the Forum Archive feature and (2) Recent Searches.
490 CVE-2007-1186 2007-03-02 2011-03-08
5.0
None Remote Low Not required Partial None None
WebAPP before 0.9.9.5 does not "censor" the Latest Member real name, which has unknown impact.
491 CVE-2007-1185 2007-03-02 2011-03-08
5.0
None Remote Low Not required Partial None None
The (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval forms in WebAPP before 0.9.9.5 use hidden inputs, which has unknown impact and remote attack vectors.
492 CVE-2007-1184 16 2007-03-02 2011-03-08
5.0
None Remote Low Not required None Partial None
The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA setting of "no," which makes it easier for automated programs to submit false data.
493 CVE-2007-1183 2007-03-02 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
WebAPP before 0.9.9.5 allows remote authenticated users to spoof another user's Real Name via whitespace, which has unknown impact and attack vectors.
494 CVE-2007-1182 2007-03-02 2011-03-08
6.4
None Remote Low Not required Partial Partial None
WebAPP before 0.9.9.5 allows remote Guest users to edit a Guest profile, which has unknown impact.
495 CVE-2007-1181 2007-03-02 2011-03-08
5.0
None Remote Low Not required Partial None None
WebAPP before 0.9.9.5 passes (1) Unused Informations and (2) the username through Edit Profile forms, which has unknown impact and attack vectors.
496 CVE-2007-1180 CSRF 2007-03-02 2011-03-08
4.3
None Remote Medium Not required None Partial None
WebAPP before 0.9.9.5 does not check referrers in certain forms, which might facilitate remote cross-site request forgery (CSRF) attacks or have other unknown impact.
497 CVE-2007-1179 2007-03-02 2011-03-08
5.0
None Remote Low Not required Partial None None
WebAPP before 0.9.9.5 does not properly manage e-mail addresses in certain contexts related to (1) the Recommend feature, Email Article (2) senders and (3) recipients, (4) New User Approval, (5) Edit Profiles, (6) the Newsletter Subscription form, (7) the Recommend form, and (8) sending of articles, which has unknown impact, and remote attack vectors related to spam attacks and possibly other attacks.
498 CVE-2007-1178 2007-03-02 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
WebAPP before 0.9.9.5 does not check access in certain contexts related to (1) Calendar Administration, (2) Instant Messages Administration, and (3) the Image Uploader, which has unknown impact and attack vectors.
499 CVE-2007-1177 XSS 2007-03-02 2011-03-08
5.8
None Remote Medium Not required Partial Partial None
WebAPP before 0.9.9.5 does not properly filter certain characters in contexts related to (1) the query string, (2) Profiles, (3) the Forum Post icon field, (4) the Edit Profile, and (5) the Gallery, which has unknown impact and remote attack vectors, possibly related to cross-site scripting (XSS).
500 CVE-2007-1176 XSS 2007-03-02 2017-07-29
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 0.9.9.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) Gallery Comments pages, (2) Feedback pages, (3) Search Results pages, and (4) the Statistics Log viewer.
Total number of vulnerabilities : 704   Page : 1 2 3 4 5 6 7 8 9 10 (This Page)11 12 13 14 15
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.