LiveActive security incident?Get immediate response
CVE archive

May 2007

Browse CVE records published in May 2007, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 568 matching CVEs · Page 2 of 12.

Unknown · CVSS Not scored

CVE-2007-2891: Multiple PHP remote file inclusion vulnerabilities in FirmWorX 0.1.2 allow remote attackers to execute arbi...

Multiple PHP remote file inclusion vulnerabilities in FirmWorX 0.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bank_data[root] parameter to modules/bank/includes/design/main.inc.php, or the (2) fm_data[root] parameter to (a) includes/config/master.inc.php or (b) includes/functions/master.inc.php.

Published May 30, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-2938: Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoader100.d...

Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoader100.dll) 5.4.0.6, when Internet Explorer 6 is used, allows remote attackers to execute arbitrary code via a long argument to the (1) Send485CMD method, and possibly the (2) SetLoginID, (3) AddSite, (4) SetScreen, and (5) SetVideoServer methods.

Published May 31, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-2897: Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (ser...

Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic); and might allow attackers with physical access to execute arbitrary code after connecting a data stream to a device COM port; via requests for a URI containing a '/' immediately before and after the name of a DOS device, as demonstrated by the /AUX/.aspx URI, which bypasses a blacklist for DOS device requests.

Published May 30, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-2903: Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office Activ...

Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries.

Published May 30, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-2907: Unspecified vulnerability in SSL-Explorer before 0.2.13 allows remote authenticated users to enter redirect...

Unspecified vulnerability in SSL-Explorer before 0.2.13 allows remote authenticated users to enter redirect URLs containing (1) JavaScript or (2) HTTP headers via an unspecified vector, possibly the forwardTo parameter to redirect.do. NOTE: the impact might be cross-site scripting (XSS) or HTTP request smuggling.

Published May 30, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-2883: Credant Mobile Guardian Shield for Windows 5.2.1.105 and earlier stores account names and passwords in plai...

Credant Mobile Guardian Shield for Windows 5.2.1.105 and earlier stores account names and passwords in plaintext in memory, which allows local users to obtain sensitive information by (1) reading the paging file or (2) dumping and searching the memory image. NOTE: This issue crosses privilege boundaries because the product is intended to protect the data on a stolen computer.

Published May 30, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-2893: Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 devi...

Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka "RX Frame heap overflow."

Published May 30, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-2859: Multiple PHP remote file inclusion vulnerabilities in SimpGB 1.46.0 allow remote attackers to execute arbit...

Multiple PHP remote file inclusion vulnerabilities in SimpGB 1.46.0 allow remote attackers to execute arbitrary PHP code via a URL in the path_simpgb parameter to (1) guestbook.php, (2) search.php, (3) mailer.php, (4) avatars.php, (5) ccode.php, (6) comments.php, (7) emoticons.php, (8) gbdownload.php, and possibly other PHP scripts.

Published May 24, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-2845: Heap-based buffer overflow in the CAB unpacker in avast!

Heap-based buffer overflow in the CAB unpacker in avast! Anti-Virus Managed Client before 4.7.700 allows user-assisted remote attackers to execute arbitrary code via a crafted CAB archive, resulting from an "integer cast around".

Published May 24, 2007 · Updated Aug 7, 2024