Unknown · CVSS Not scored
Unspecified vulnerability in the Nortel CS 1000 M media card in Enterprise VoIP-Core-CS 1000E, 1000M, and 1000S 04.50W before 20070523 in Meridian/CS 1000 allows remote attackers to cause a denial of service (card hang) via unspecified vectors.
Published May 30, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in mods.php in GTP GNUTurk Portal System 3G allows remote attackers to inject arbitrary web script or HTML via the month parameter.
Published May 29, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in main/auth/my_progress.php in Dokeos 1.8.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the course parameter.
Published May 30, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
core/spellcheck/spellcheck.php in Fundanemt before 2.2.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dict parameter.
Published May 31, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Buffer overflow in a certain ActiveX control in LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL) 14.5.0.44 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long DestinationPath property value.
Published May 31, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allow user-assisted remote attackers to cause a denial of service (CPU consumption) or execute arbitrary code via a Visual Basic Project (vbp) file with a long (1) Description or (2) Company Name (VersionCompanyName) field.
Published May 30, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple PHP remote file inclusion vulnerabilities in FirmWorX 0.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bank_data[root] parameter to modules/bank/includes/design/main.inc.php, or the (2) fm_data[root] parameter to (a) includes/config/master.inc.php or (b) includes/functions/master.inc.php.
Published May 30, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached After" field (GPC['search']['datelineafter'] variable), a related issue to CVE-2007-1573.
Published May 30, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error.
Published May 30, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in PsychoStats 3.0.6b allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) awards.php, (2) login.php, (3) register.php, (4) weapons.php, and possibly other unspecified files.
Published May 30, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoader100.dll) 5.4.0.6, when Internet Explorer 6 is used, allows remote attackers to execute arbitrary code via a long argument to the (1) Send485CMD method, and possibly the (2) SetLoginID, (3) AddSite, (4) SetScreen, and (5) SetVideoServer methods.
Published May 31, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow remote attackers to execute arbitrary SQL commands via an unspecified parameter to cart.inc.php and certain other files in an include directory, related to missing sanitization of the $option variable and possibly cookie modification.
Published May 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unrestricted file upload vulnerability in FileCloset before 1.1.5 allows remote attackers to upload arbitrary PHP files via unspecified vectors.
Published May 31, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in admin/admin.php in TROforum 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the site_url parameter.
Published May 31, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in class/class.php in Webavis 0.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
Published May 31, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in index.php in BoastMachine allows remote attackers to inject arbitrary web script or HTML via the blog parameter in a content search action.
Published May 31, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The fsmsh.dll host module in F-Secure Policy Manager Server 7.00 and earlier allows remote attackers to cause a denial of service (application crash) via NTFS reserved words in filenames in URLs.
Published May 31, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple PHP remote file inclusion vulnerabilities in Frequency Clock 0.1b (Beta 0.1) allow remote attackers to execute arbitrary PHP code via a URL in the securelib parameter to (1) conf.php or (2) cp2.php.
Published May 31, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in category.php in cpCommerce 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id_category parameter.
Published May 30, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
RMForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for rmforum.mdb.
Published May 31, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic); and might allow attackers with physical access to execute arbitrary code after connecting a data stream to a device COM port; via requests for a URI containing a '/' immediately before and after the name of a DOS device, as demonstrated by the /AUX/.aspx URI, which bypasses a blacklist for DOS device requests.
Published May 30, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Buffer overflow in a certain ActiveX control in LTRDF14e.DLL 14.5.0.44 in LeadTools Raster Dialog File Object allows remote attackers to execute arbitrary code via a long Directory property value.
Published May 30, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the NFS client module in Sun Solaris 8 through 10 before 20070524, when operating as an NFS server, allows remote attackers to cause a denial of service (crash) via certain Access Control List (acl) packets.
Published May 30, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in modules/admin/modules/gallery.php in PHPEcho CMS 2.0-rc1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter and possibly other parameters. NOTE: some of these details are obtained from third party information.
Published May 25, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple stack-based buffer overflows in ESET NOD32 Antivirus before 2.70.37.0 allow remote attackers to execute arbitrary code during (1) delete/disinfect or (2) rename operations via a crafted directory name.
Published May 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple stack-based buffer overflows in the SOCKS proxy support (sockd) in Sun Java Web Proxy Server before 4.0.5 allow remote attackers to execute arbitrary code via crafted packets during protocol negotiation.
Published May 29, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The VCDAPILibApi ActiveX control in vc9api.DLL 9.0.0.57 in Virtual CD 9.0.0.2 allows remote attackers to execute arbitrary commands via a command line in the first argument to the VCDLaunchAndWait function.
Published May 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Buffer overflow in tcl/win/tclWinReg.c in Tcl (Tcl/Tk) before 8.5a6 allows local users to gain privileges via long registry key paths.
Published May 29, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries.
Published May 30, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows user-assisted remote attackers to execute arbitrary code via a long FILE string (filename) in a .cue file, a related issue to CVE-2007-2761. NOTE: some details are obtained from third party information.
Published May 30, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in SSL-Explorer before 0.2.13 allows remote authenticated users to enter redirect URLs containing (1) JavaScript or (2) HTTP headers via an unspecified vector, possibly the forwardTo parameter to redirect.do. NOTE: the impact might be cross-site scripting (XSS) or HTTP request smuggling.
Published May 30, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Credant Mobile Guardian Shield for Windows 5.2.1.105 and earlier stores account names and passwords in plaintext in memory, which allows local users to obtain sensitive information by (1) reading the paging file or (2) dumping and searching the memory image. NOTE: This issue crosses privilege boundaries because the product is intended to protect the data on a stolen computer.
Published May 30, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter.
Published May 25, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Race condition in the Symantec Enterprise Security Manager (ESM) 6.5.3 managers and agents on Windows before 20070524 allows remote attackers to cause a denial of service (CPU consumption and application hang) via certain network scans to ESM ports.
Published May 30, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple PHP remote file inclusion vulnerabilities in Simple Accessible XHTML Online News (SAXON) 4.6 allow remote attackers to execute arbitrary PHP code via a URL in the template parameter to (1) news.php, (2) preview.php, or (3) archive-display.php.
Published May 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka "RX Frame heap overflow."
Published May 30, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.6.7 PL1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_367_xss_fix_plugin.xml update, a related issue to CVE-2007-2909.
Published May 30, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in the IP-Search functionality in the IP-Tracking Mod for phpBB 2.0.x allows remote authenticated administrators to execute arbitrary SQL commands via the Search Query field.
Published May 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Buffer overflow in a certain ActiveX control in DartZipLite.dll 1.8.5.3 in Dart ZipLite Compression for ActiveX allows user-assisted remote attackers to execute arbitrary code via a long first argument to the QuickZip function, a related issue to CVE-2007-2856.
Published May 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Buffer overflow in the Dart Communications PowerTCP ZIP Compression ActiveX control in DartZip.dll 1.8.5.3, when Internet Explorer 6 is used, allows user-assisted remote attackers to execute arbitrary code via a long first argument to the QuickZip function, a related issue to CVE-2007-2855.
Published May 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Java Embedding Plugin 0.9.6.1 allows remote attackers to cause a denial of service (browser crash) via a Thread subclass that calls super.run from its run method.
Published May 30, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
KnowledgeTree Document Management (aka KnowledgeTree Open Source) before STABLE 3.3.7 does not require a password for an unregistered user, when the user exists in Active Directory, which allows remote attackers to log onto KTDMS without the intended authorization check.
Published May 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in sample/xls2mysql in ABC Excel Parser Pro 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the parser_path parameter.
Published May 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
A certain ActiveX control in LeadTools Raster Variant Object Library (LTRVR14e.dll) 14.5.0.44 allows remote attackers to overwrite arbitrary files via the WriteDataToFile method.
Published May 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple PHP remote file inclusion vulnerabilities in SimpGB 1.46.0 allow remote attackers to execute arbitrary PHP code via a URL in the path_simpgb parameter to (1) guestbook.php, (2) search.php, (3) mailer.php, (4) avatars.php, (5) ccode.php, (6) comments.php, (7) emoticons.php, (8) gbdownload.php, and possibly other PHP scripts.
Published May 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in hlstats.php in HLstats 1.35, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) authusername or (2) authpassword parameter, different vectors than CVE-2007-0840 and CVE-2007-2812.
Published May 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in the CAB unpacker in avast! Anti-Virus Managed Client before 4.7.700 allows user-assisted remote attackers to execute arbitrary code via a crafted CAB archive, resulting from an "integer cast around".
Published May 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a modified address:port string.
Published May 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in account_change.php in BtiTracker 1.4.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) style or (2) langue parameter.
Published May 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access.
Published May 24, 2007 · Updated Aug 7, 2024