CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2007

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
501 CVE-2007-1175 XSS 2007-03-02 2011-03-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in an admin feature in WebAPP before 20070209 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
502 CVE-2007-1174 XSS 2007-03-02 2017-07-29
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 20070214 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to unspecified fields in user Profiles. NOTE: some of these details are obtained from third party information.
503 CVE-2007-1172 Exec Code Sql 2007-03-02 2018-10-16
6.4
None Remote Low Not required Partial Partial None
SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the "File Disclosure Exploit."
504 CVE-2007-1171 89 Exec Code Sql Bypass 2007-03-02 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie.
505 CVE-2007-1170 DoS 2007-03-02 2018-10-16
5.0
None Remote Low Not required None None Partial
SimBin GTR - FIA GT Racing Game 1.5.0.0 and earlier, GT Legends 1.1.0.0 and earlier, GTR 2 1.1 and earlier, and RACE - The WTCC Game 1.0 and earlier allow remote attackers to cause a denial of service (client disconnection) via an empty UDP packet to the server port.
506 CVE-2007-1169 2007-03-02 2008-09-05
5.0
None Remote Low Not required Partial None None
The web interface in Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 accepts logon requests through unencrypted HTTP, which might allow remote attackers to obtain credentials by sniffing the network.
507 CVE-2007-1168 2007-03-02 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 allows remote attackers to access arbitrary web pages and reconfigure the product via HTTP requests with the splx_2376_info cookie to the web interface port (14942/tcp).
508 CVE-2007-1167 200 +Info 2007-03-02 2017-10-11
5.0
None Remote Low Not required Partial None None
inc/filebrowser/browser.php in deV!L`z Clanportal (DZCP) 1.4.5 and earlier allows remote attackers to obtain MySQL data via the inc/mysql.php value of the file parameter.
509 CVE-2007-1166 89 Exec Code Sql 2007-03-02 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in result.php in Nabopoll 1.2 allows remote attackers to execute arbitrary SQL commands via the surv parameter.
510 CVE-2007-1165 94 Exec Code File Inclusion 2007-03-02 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in DBGuestbook 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the dbs_base_path parameter to (1) utils.php, (2) guestbook.php, or (3) views.php in includes/.
511 CVE-2007-1164 94 Exec Code File Inclusion 2007-03-02 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in DBImageGallery 1.2.2 allow remote attackers to execute arbitrary PHP code via a URL in the donsimg_base_path parameter to (1) attributes.php, (2) images.php, or (3) scan.php in admin/; or (4) attributes.php, (5) db_utils.php, (6) images.php, (7) utils.php, or (8) values.php in includes/.
512 CVE-2007-1163 89 Exec Code Sql 2007-03-02 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783.
513 CVE-2007-1162 1 DoS 2007-03-02 2017-10-11
7.8
None Remote Low Not required None None Complete
A certain ActiveX control in the Common Controls Replacement Project (CCRP) CCRP BrowseDialog Server (ccrpbds6.dll) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) IsFolderAvailable or (2) RootFolder property value, different vectors than CVE-2007-0371.
514 CVE-2007-1161 79 XSS 2007-03-02 2018-10-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in call_entry.php in Call Center Software 0,93 allows remote attackers to inject arbitrary web script or HTML via the problem_desc parameter, as demonstrated by the ONLOAD attribute of a BODY element.
515 CVE-2007-1160 287 Bypass 2007-03-02 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782.
516 CVE-2007-1159 79 XSS 2007-03-02 2008-11-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in modules/out.php in Pyrophobia 2.1.3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
517 CVE-2007-1158 Dir. Trav. 2007-03-02 2018-10-16
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 through 6.3.0 beta 5 module for PostNuke allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
518 CVE-2007-1157 352 CSRF 2007-03-02 2018-10-16
7.6
None Remote High Not required Complete Complete Complete
Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733.
519 CVE-2007-1156 Bypass 2007-03-02 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
JBrowser allows remote attackers to bypass authentication and access certain administrative capabilities via a direct request for _admin/.
520 CVE-2007-1155 20 Exec Code 2007-03-02 2018-10-16
4.6
None Remote High ??? Partial Partial Partial
Unrestricted file upload vulnerability in webSPELL allows remote authenticated administrators to upload and execute arbitrary PHP code via the add squad feature. NOTE: this issue may be an administrative feature, in which case this CVE may be REJECTED.
521 CVE-2007-1154 89 Exec Code Sql 2007-03-02 2018-10-16
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in webSPELL allows remote attackers to execute arbitrary SQL commands via a ws_auth cookie, a different vulnerability than CVE-2006-4782.
522 CVE-2007-1153 94 Exec Code File Inclusion 2007-03-02 2008-11-15
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in CutePHP CuteNews 1.3.6 allow remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: issue might overlap CVE-2004-1660 or CVE-2006-4445.
523 CVE-2007-1152 22 Dir. Trav. 2007-03-02 2017-10-11
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) act or (2) pid parameter to the top-level URI (index.php), or the (3) action parameter to admin/index.php. NOTE: some of these details are obtained from third party information.
524 CVE-2007-1151 79 XSS 2007-03-02 2018-10-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in LoveCMS 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter to the top-level URI, possibly related to a SQL error.
525 CVE-2007-1150 264 2007-03-02 2018-10-16
3.6
None Remote High ??? None Partial Partial
Unrestricted file upload vulnerability in LoveCMS 1.4 allows remote authenticated administrators to upload arbitrary files to /modules/content/pictures/tmp/.
526 CVE-2007-1149 22 Dir. Trav. 2007-03-02 2018-10-16
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the step parameter to install/index.php or (2) the load parameter to the top-level URI.
527 CVE-2007-1148 94 Exec Code File Inclusion 2007-03-02 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in install/index.php in LoveCMS 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter.
528 CVE-2007-1147 94 Exec Code File Inclusion 2007-03-02 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in view.php in hbm allows remote attackers to execute arbitrary PHP code via a URL in the hbmpath parameter.
529 CVE-2007-1146 Exec Code File Inclusion 2007-03-02 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in function.php in arabhost allows remote attackers to execute arbitrary PHP code via a URL in the adminfolder parameter.
530 CVE-2007-1145 79 XSS 2007-03-02 2018-10-16
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3.00.13 and 3.04.10 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a (1) lostpassword or (2) register action in index.php, (3) unspecified vectors in the Submit form in a submit action in index.php, and (4) the user's name in index.php; and (5) allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the Admin and Staff Control Panel. NOTE: this might issue overlap CVE-2004-1412, CVE-2005-0487, or CVE-2005-0842.
531 CVE-2007-1144 22 Dir. Trav. 2007-03-02 2018-10-16
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in jwpn-photos.php in J-Web Pics Navigator 2.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter.
532 CVE-2007-1143 22 Dir. Trav. 2007-03-02 2018-10-16
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in pn-menu.php in J-Web Pics Navigator 1.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter.
533 CVE-2007-1142 79 XSS 2007-03-02 2018-10-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the link_parameters parameter in (1) news.php and (2) n_layouts.php.
534 CVE-2007-1141 94 Exec Code File Inclusion 2007-03-02 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in preview.php in Magic News Plus 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the php_script_path parameter. NOTE: This issue may overlap CVE-2006-0723.
535 CVE-2007-1140 22 Dir. Trav. 2007-03-02 2018-10-16
9.4
None Remote Low Not required Complete Complete None
Directory traversal vulnerability in edit.php in pheap allows remote attackers to read and modify arbitrary files via a .. (dot dot) in the filename parameter.
536 CVE-2007-1139 94 2007-03-02 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Unrestricted file upload vulnerability in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to upload arbitrary scripts via a filename with a double extension.
537 CVE-2007-1138 22 Dir. Trav. 2007-03-02 2018-10-16
5.0
None Remote Low Not required Partial None None
Absolute path traversal vulnerability in list_main_pages.php in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to list arbitrary directories, and read arbitrary files, via an absolute pathname in the nfolder parameter.
538 CVE-2007-1137 +Info 2007-03-02 2017-07-29
5.0
None Remote Low Not required Partial None None
putmail.py in Putmail before 1.4 does not detect when a user attempts to use TLS with a server that does not support it, which causes putmail.py to send the username and password in plaintext while the user believes encryption is in use, and allows remote attackers to obtain sensitive information.
539 CVE-2007-1136 20 Exec Code 2007-03-02 2011-03-08
6.8
None Remote Medium Not required Partial Partial Partial
index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to execute arbitrary code via shell metacharacters in an exec function call. NOTE: some sources have referred to this as eval injection in the param parameter, but CVE source inspection suggests that this is erroneous.
540 CVE-2007-1135 Exec Code Sql 2007-03-02 2011-03-08
6.8
None Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in WebMplayer before 0.6.1-Alpha allow remote attackers to execute arbitrary SQL commands via the (1) strid parameter to index.php and the (2) id[0] or other id array index parameter to filecheck.php.
541 CVE-2007-1134 2007-03-02 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Watchtower (WT) before 0.12 has unknown impact and attack vectors, related to "unauthorized accounts."
542 CVE-2007-1005 DoS Overflow 2007-03-02 2021-04-09
7.8
None Remote Low Not required None None Complete
Heap-based buffer overflow in SW3eng.exe in the eID Engine service in CA (formerly Computer Associates) eTrust Intrusion Detection 3.0.5.57 and earlier allows remote attackers to cause a denial of service (application crash) via a long key length value to the remote administration port (9191/tcp).
543 CVE-2007-1002 Exec Code 2007-03-21 2018-10-16
6.8
None Remote Medium Not required Partial Partial Partial
Format string vulnerability in the write_html function in calendar/gui/e-cal-component-memo-preview.c in Evolution Shared Memo 2.8.2.1, and possibly earlier versions, allows user-assisted remote attackers to execute arbitrary code via format specifiers in the categories of a crafted shared memo.
544 CVE-2007-1000 2007-03-12 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the Linux kernel before 2.6.20.2 allows local users to read arbitrary kernel memory via certain getsockopt calls that trigger a NULL dereference.
545 CVE-2007-0999 Exec Code 2007-03-10 2017-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Format string vulnerability in Ekiga 2.0.3, and probably other versions, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2007-1006.
546 CVE-2007-0998 264 2007-03-20 2017-10-11
4.3
None Remote Medium Not required Partial None None
The VNC server implementation in QEMU, as used by Xen and possibly other environments, allows local users of a guest operating system to read arbitrary files on the host operating system via unspecified vectors related to QEMU monitor mode, as demonstrated by mapping files to a CDROM device. NOTE: some of these details are obtained from third party information.
547 CVE-2007-0994 94 Exec Code Bypass 2007-03-06 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges.
548 CVE-2007-0774 Exec Code Overflow 2007-03-04 2019-04-15
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
549 CVE-2007-0733 DoS Exec Code Mem. Corr. 2007-03-13 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in ImageIO in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RAW image that triggers memory corruption.
550 CVE-2007-0731 Exec Code Overflow 2007-03-13 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Apple-specific Samba module (SMB File Server) in Apple Mac OS X 10.4 through 10.4.8 allows context-dependent attackers to execute arbitrary code via a long ACL.
Total number of vulnerabilities : 704   Page : 1 2 3 4 5 6 7 8 9 10 11 (This Page)12 13 14 15
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.