LiveActive security incident?Get immediate response
CVE archive

March 2007

Browse CVE records published in March 2007, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 549 matching CVEs · Page 1 of 11.

Medium · CVSS 5.4

CVE-2007-1679: Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1.0 allow remote authenticat...

Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in (1) imp/search.php and (2) ingo/rule.php. NOTE: this issue has been disputed by the vendor, noting that the search.php issue was resolved in CVE-2006-4255, and attackers can only use rule.php to inject XSS into their own pages

Published Mar 26, 2007 · Updated Jan 17, 2025

Unknown · CVSS Not scored

CVE-2007-1408: Multiple vulnerabilities in (1) bank.php, (2) landfill.php, (3) outposts.php, (4) tribes.php, (5) house.php...

Multiple vulnerabilities in (1) bank.php, (2) landfill.php, (3) outposts.php, (4) tribes.php, (5) house.php, (6) tribearmor.php, (7) tribeastral.php, (8) tribeware.php, and (9) includes/head.php in Bartek Jasicki Vallheru before 1.3 beta have unknown impact and remote attack vectors, probably related to large integer values containing more than 15 digits. NOTE: the original vendor report is for integer overflows, but this is probably an incorrect usage of the term.

Published Mar 10, 2007 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2007-6733: The nfs_lock function in fs/nfs/file.c in the Linux kernel 2.6.9 does not properly remove POSIX locks on fi...

The nfs_lock function in fs/nfs/file.c in the Linux kernel 2.6.9 does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on an NFS filesystem and then changing this file's permissions, a related issue to CVE-2010-0727.

Published Mar 16, 2010 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2007-6752: Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and earlier allows remote attackers to hijac...

Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that end a session via the user/logout URI. NOTE: the vendor disputes the significance of this issue, by considering the "security benefit against platform complexity and performance impact" and concluding that a change to the logout behavior is not planned because "for most sites it is not worth the trade-off.

Published Mar 28, 2012 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2007-6753: Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Wi...

Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari.

Published Mar 28, 2012 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-6708: Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gat...

Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI, as demonstrated by (1) a Restore Factory Defaults action using the mtenRestore parameter to setup.cgi and (2) creation of a user account using the sysname parameter to setup.cgi.

Published Mar 13, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-6705: The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or...

The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon connection to a queue manager, which allows local users to duplicate an arbitrary handle and possibly hijack an arbitrary process.

Published Mar 9, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-6722: Vidalia bundle before 0.1.2.18, when running on Windows and Mac OS X, installs Privoxy with a configuration...

Vidalia bundle before 0.1.2.18, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration.

Published Mar 31, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4592: Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before...

Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema parameters to the login component.

Published Mar 20, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-1790: Multiple PHP remote file inclusion vulnerabilities in Kaqoo Auction Software Free Edition allow remote atta...

Multiple PHP remote file inclusion vulnerabilities in Kaqoo Auction Software Free Edition allow remote attackers to execute arbitrary PHP code via a URL in the install_root parameter to (1) support.inc.php, (2) function.inc.php, (3) rdal_object.inc.php, (4) rdal_editor.inc.php. (5) login.inc.php, (6) request.inc.php, and (7) categories.inc.php in include/core/; (8) save.inc.php, (9) preview.inc.php, (10) edit_item.inc.php, (11) new_item.inc.php, and (12) item_info.inc.php in include/display/item/; (13) search.inc.php, (14) item_edit.inc.php, (15) register_succsess.inc.php, (16) context_menu.inc.php, (17) item_repost.inc.php, (18) balance.inc.php, (19) featured.inc.php, (20) user.inc.php, (21) buynow.inc.php, (22) install_complete.inc.php, (23) fees_info.inc.php, (24) user_feedback.inc.php, (25) admin_balance.inc.php, (26) activate.inc.php, (27) user_info.inc.php, (28) member.inc.php, (29) add_bid.inc.php, (30) items_filter.inc.php, (31) my_info.inc.php, (32) register.inc.php, (33) leave_feedback.inc.php, and (34) user_auctions.inc.php in include/display/; and (35) design/form.inc.php, (36) processor.inc.php, (37) interfaces.inc.php (38) left_menu.inc.php, (39) login.inc.php, and (40) categories.inc.php in include/.

Published Mar 31, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-1770: Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS be...

Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests.

Published Mar 30, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-1765: Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute ar...

Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.

Published Mar 30, 2007 · Updated Aug 7, 2024