CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2007

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2007-0965 DoS 2007-02-16 2011-03-08
7.8
None Remote Low Not required None None Complete
Cisco FWSM 3.x before 3.1(3.2), when authentication is configured to use "aaa authentication match" or "aaa authentication include", allows remote attackers to cause a denial of service (device reboot) via a long HTTP request.
152 CVE-2007-0964 DoS 2007-02-16 2011-03-08
5.4
None Remote High Not required None None Complete
Cisco FWSM 3.x before 3.1(3.18), when authentication is configured to use "aaa authentication match" or "aaa authentication include", allows remote attackers to cause a denial of service (device reboot) via a malformed HTTPS request.
153 CVE-2007-0963 DoS 2007-02-16 2011-03-08
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.3), when set to log at the "debug" level, allows remote attackers to cause a denial of service (device reboot) by sending packets that are not of a particular protocol such as TCP or UDP, which triggers the reboot during generation of Syslog message 710006.
154 CVE-2007-0962 DoS 2007-02-16 2018-10-30
7.8
None Remote Low Not required None None Complete
Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before 7.0(4.14) and 7.1 before 7.1(2.1), and the FWSM 2.x before 2.3(4.12) and 3.x before 3.1(3.24), when "inspect http" is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed HTTP traffic.
155 CVE-2007-0961 DoS 2007-02-16 2018-10-30
7.8
None Remote Low Not required None None Complete
Cisco PIX 500 and ASA 5500 Series Security Appliances 6.x before 6.3(5.115), 7.0 before 7.0(5.2), and 7.1 before 7.1(2.5), and the FWSM 3.x before 3.1(3.24), when the "inspect sip" option is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed SIP packets.
156 CVE-2007-0960 +Priv 2007-02-16 2018-10-30
9.0
None Remote Low ??? Complete Complete Complete
Unspecified vulnerability in Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when configured to use the LOCAL authentication method, allows remote authenticated users to gain privileges via unspecified vectors.
157 CVE-2007-0959 DoS 2007-02-16 2018-10-30
7.8
None Remote Low Not required None None Complete
Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when configured to inspect certain TCP-based protocols, allows remote attackers to cause a denial of service (device reboot) via malformed TCP packets.
158 CVE-2007-0958 2007-02-15 2018-10-30
2.1
None Local Low Not required Partial None None
Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable binaries by using the interpreter (PT_INTERP) functionality and triggering a core dump, a variant of CVE-2004-1073.
159 CVE-2007-0955 DoS 2007-02-15 2019-10-02
7.8
None Remote Low Not required None None Complete
The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable Professional 2.35 and earlier allows remote attackers to cause a denial of service (application crash) via certain base64-encoded data following an AUTHENTICATE NTLM command to the imap port (143/tcp), which results in an out-of-bounds read.
160 CVE-2007-0954 2007-02-15 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
MOHA Chat 0.1b7 and earlier does not require authentication for use of the plug in API, which has unknown impact and attack vectors.
161 CVE-2007-0953 XSS 2007-02-15 2017-07-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.pl in @Mail 4.61 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.
162 CVE-2007-0952 XSS 2007-02-15 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net Virtual Calendar allow remote attackers to inject arbitrary web script or HTML via the (1) t and (2) yr parameters, and the (3) sho parameter when the m parameter is outside the intended range.
163 CVE-2007-0951 Exec Code Sql 2007-02-15 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to execute arbitrary SQL commands via the cat parameter.
164 CVE-2007-0950 XSS 2007-02-15 2018-10-16
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
165 CVE-2007-0949 Exec Code Overflow 2007-02-15 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in iTinySoft Studio Total Video Player 1.03, and possibly earlier, allows remote attackers to execute arbitrary code via a M3U playlist file that contains a long file name. NOTE: it was later reported that 1.20 and 1.30 are also affected.
166 CVE-2007-0932 264 2007-02-14 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 do not properly implement authentication and privilege assignment for the guest account, which allows remote attackers to access administrative interfaces or the WLAN.
167 CVE-2007-0931 DoS Exec Code Overflow 2007-02-14 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the management interfaces in (1) Aruba Mobility Controllers 200, 800, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via long credential strings.
168 CVE-2007-0930 2007-02-14 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
169 CVE-2007-0929 Dir. Trav. 2007-02-14 2018-10-16
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in php rrd browser before 0.2.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter.
170 CVE-2007-0928 2007-02-14 2018-10-16
5.0
None Remote Low Not required Partial None None
Virtual Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an encoded password via a direct request for pwd.txt.
171 CVE-2007-0927 Exec Code Overflow 2007-02-14 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in uTorrent 1.6 allows remote attackers to execute arbitrary code via a torrent file with a crafted announce header.
172 CVE-2007-0926 +Priv 2007-02-14 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
The dologin function in guestbook.php in KvGuestbook 1.0 Beta allows remote attackers to gain administrative privileges, probably via modified $mysql['pass'] and $gbpass variables.
173 CVE-2007-0925 XSS 2007-02-14 2018-10-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in search/SearchResults.aspx in Community Server allows remote attackers to inject arbitrary web script or HTML via the q parameter.
174 CVE-2007-0924 Bypass 2007-02-14 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Till Gerken phpPolls 1.0.3 allows remote attackers to bypass authentication and perform certain administrative actions via a direct request to phpPollAdmin.php3. NOTE: this issue might subsume CVE-2006-3764.
175 CVE-2007-0923 +Info 2007-02-14 2018-10-16
7.8
None Remote Low Not required Complete None None
buscador/buscador.htm in Portal Search allows remote attackers to obtain sensitive information (business logic) via a query string composed of a search for certain characters.
176 CVE-2007-0922 XSS 2007-02-14 2018-10-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in buscador/buscador.htm in Portal Search allows remote attackers to inject arbitrary web script or HTML via the query string.
177 CVE-2007-0921 2007-02-14 2018-10-16
9.4
None Remote Low Not required None Complete Complete
Portal Search allows remote attackers to redirect a URL to an arbitrary web site by placing the URL in the query string to the top-level URI.
178 CVE-2007-0920 Exec Code Sql 2007-02-14 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in philboard_forum.asp in Philboard 1.14 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
179 CVE-2007-0919 Dir. Trav. 2007-02-14 2018-10-16
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in Nickolas Grigoriadis Mini Web server (MiniWebsvr) 0.0.6 allows remote attackers to list the directory immediately above the web root via a ..%00 sequence in the URI.
180 CVE-2007-0918 20 DoS 2007-02-14 2018-10-30
7.1
None Remote Medium Not required None None Complete
The ATOMIC.TCP signature engine in the Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service (IPS crash and traffic loss) via unspecified manipulations that are not properly handled by the regular expression feature, as demonstrated using the 3123.0 (Netbus Pro Traffic) signature.
181 CVE-2007-0917 Bypass 2007-02-14 2017-10-11
6.4
None Remote Low Not required Partial Partial None
The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets.
182 CVE-2007-0916 DoS 2007-02-14 2017-10-11
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.
183 CVE-2007-0915 +Priv 2007-02-14 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers to overwrite arbitrary files and gain privileges via a crafted RPC request.
184 CVE-2007-0914 DoS 2007-02-14 2017-10-11
7.1
None Remote Medium Not required None None Complete
Race condition in the TCP subsystem for Solaris 10 allows remote attackers to cause a denial of service (system panic) via unknown vectors.
185 CVE-2007-0913 Exec Code 2007-02-14 2008-11-15
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues.
186 CVE-2007-0912 CSRF 2007-02-13 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php in Jportal 2.3.1, and possibly earlier, allows remote attackers to perform privileged actions as administrators by tricking the admin into accessing a URL with modified arguments to admin/admin.adm.php.
187 CVE-2007-0911 DoS 2007-02-13 2018-10-16
7.8
None Remote Low Not required None None Complete
Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash).
188 CVE-2007-0910 2007-02-13 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors.
189 CVE-2007-0909 Exec Code 2007-02-13 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function.
190 CVE-2007-0908 20 2007-02-13 2018-10-30
5.0
None Remote Low Not required Partial None None
The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable.
191 CVE-2007-0907 DoS 2007-02-13 2018-10-30
5.0
None Remote Low Not required None None Partial
Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function.
192 CVE-2007-0906 119 DoS Exec Code Overflow 2007-02-13 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. NOTE: vector 6 might actually be an integer overflow (CVE-2007-1885). NOTE: as of 20070411, vector (3) might involve the imap_mail_compose function (CVE-2007-1825).
193 CVE-2007-0905 Bypass 2007-02-13 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383.
194 CVE-2007-0904 Exec Code Sql 2007-02-13 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in projects.php in LightRO CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter to index.php.
195 CVE-2007-0903 2007-02-13 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the mod_roster_odbc module in ejabberd before 1.1.3 has unknown impact and attack vectors.
196 CVE-2007-0902 +Info 2007-02-13 2008-11-15
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the "Show debugging information" feature in MoinMoin 1.5.7 allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
197 CVE-2007-0901 XSS 2007-02-13 2008-11-15
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Info pages in MoinMoin 1.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) hitcounts and (2) general parameters, different vectors than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
198 CVE-2007-0900 Exec Code File Inclusion 2007-02-13 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard 2.1.B Build 2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) configpath parameter to (a) tagviewer.php, (b) tag_process.php, and (c) CONFIG/errmsg.inc.php; and (d) addTagmin.php, (e) ban_watch.php, (f) delTagmin.php, (g) delTag.php, (h) editTagmin.php, (i) editTag.php, (j) manageTagmins.php, and (k) verify.php in tagmin/; the (2) adminpath parameter to (l) tagviewer.php, (m) tag_process.php, and (n) tagmin/index.php; and the (3) admin parameter to (o) readconf.php, (p) updateconf.php, (q) updatefilter.php, and (r) wordfilter.php in tagmin/; different vectors than CVE-2006-5249.
199 CVE-2007-0898 22 Dir. Trav. 2007-02-16 2017-07-29
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message.
200 CVE-2007-0897 DoS 2007-02-16 2017-07-29
4.3
None Remote Medium Not required None None Partial
Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor.
Total number of vulnerabilities : 534   Page : 1 2 3 4 (This Page)5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.