LiveActive security incident?Get immediate response
CVE archive

January 2007

Browse CVE records published in January 2007, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 675 matching CVEs · Page 1 of 14.

Low · CVSS 3.5

CVE-2007-10001: web-cyradm search.php sql injection

A vulnerability classified as problematic has been found in web-cyradm. This affects an unknown part of the file search.php. The manipulation of the argument searchstring leads to sql injection. It is recommended to apply a patch to fix this issue. The identifier VDB-217449 was assigned to this vulnerability.

Published Jan 5, 2023 · Updated Apr 10, 2025

High · CVSS 7.5

CVE-2007-10002: web-cyradm auth.inc.php sql injection

A vulnerability, which was classified as critical, has been found in web-cyradm. Affected by this issue is some unknown functionality of the file auth.inc.php. The manipulation of the argument login/login_password/LANG leads to sql injection. The attack may be launched remotely. The name of the patch is 2bcbead3bdb5f118bf2c38c541eaa73c29dcc90f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217640.

Published Jan 8, 2023 · Updated Apr 9, 2025

High · CVSS 7.8

CVE-2007-0257: Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privile...

Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven. As of 20070120, the original researcher has released demonstration code

Published Jan 16, 2007 · Updated Jan 17, 2025

Unknown · CVSS Not scored

CVE-2007-2795: Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to...

Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via (1) the authentication feature in IMailsec.dll, which triggers heap corruption in the IMail Server, or (2) a long SUBSCRIBE IMAP command, which triggers a stack-based buffer overflow in the IMAP Daemon.

Published Jan 27, 2009 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2007-6744: Flexera Macrovision InstallShield before 2008 sends a digital-signature password to an unintended applicati...

Flexera Macrovision InstallShield before 2008 sends a digital-signature password to an unintended application during certain signature operations involving .spc and .pvk files, which might allow local users to obtain sensitive information via unspecified vectors, related to an incorrect interaction between InstallShield and Signcode.exe.

Published Jan 19, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2007-6691: Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to (1) "h...

Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to (1) "hotlink protection" in the URL rewrite module, (2) a WebDAV view in the WebDAV module, (3) a comment view in the Comment module, (4) unspecified "item information disclosure attacks" in the Core module Gallery application, (5) the slideshow in the Slideshow module, and (6) multiple Print modules.

Published Jan 17, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-6720: libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the cha...

libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels.

Published Jan 20, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-6676: The default configuration of Uber Uploader (UU) 5.3.6 and earlier does not block uploads of (1) .html, (2)...

The default configuration of Uber Uploader (UU) 5.3.6 and earlier does not block uploads of (1) .html, (2) .asp, and other possibly dangerous extensions, which allows remote attackers to use these extensions in uploads via (a) uu_file_upload.php, related to uu_file_upload.js and (b) uber_uploader_file.php, related to uber_uploader_file.js, a different issue than CVE-2007-0123. NOTE: the vendor disputes the severity of the issue, noting that it is the administrator's responsibility to "add file extensions that you may or may not want uploaded."

Published Jan 8, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-6659: Multiple cross-site scripting (XSS) vulnerabilities in 2z project 0.9.6.1 allow remote attackers to inject...

Multiple cross-site scripting (XSS) vulnerabilities in 2z project 0.9.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) contentshort or (2) contentfull parameter in an addnews action to the default URI; (3) the content parameter in a pm write action to 2z/admin.php; (4) the referer parameter to templates/default/usermenu.tpl, accessed through index.php; or the (5) newavatar or (6) newphoto parameter in a profile action to the default URI under 2z/.

Published Jan 4, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-6652: cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allows remot...

cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct direct static code injection attacks and execute arbitrary code via the testo_0 parameter in a cpie admin action to index.php, which writes to dati/generali/footer.dtb (aka the XCMS footer).

Published Jan 4, 2008 · Updated Aug 7, 2024