Unknown · CVSS Not scored
Multiple buffer overflows in php_iisfunc.dll in the iisfunc extension for PHP 5.2.0 and earlier allow context-dependent attackers to execute arbitrary code, probably during Unicode conversion, as demonstrated by a long string in the first argument to the iis_getservicestate function, related to the ServiceId argument to the (1) fnStartService, (2) fnGetServiceState, (3) fnStopService, and possibly other functions.
Published Aug 29, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in shownews.php in phpns 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Published Aug 31, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a "BZip bomb").
Published Aug 28, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in viewitem.php in DL PayCart 1.01 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
Published Aug 31, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Polipo before 1.0.2 allows remote HTTP servers to cause a denial of service (daemon crash) by aborting the response to a POST request.
Published Aug 31, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
Published Aug 28, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in cms/revert-content.php in Implied by Design Micro CMS (Micro-CMS) 3.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Published Aug 31, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Easy Software Cafeteria escafeWeb (aka Tuigwaa) 1.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the setting of option.nopage.create in tuigwaa.properties.
Published Aug 29, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Format string vulnerability in ALPass 2.7 English and 3.02 Korean might allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an fnm field in a folder-name record in an ALPASS DB (APW) file.
Published Aug 28, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unreal Commander 0.92 build 565 and 573 lists the filenames from the Central Directory of a ZIP archive, but extracts to local filenames corresponding to names in Local File Header fields in this archive, which might allow remote attackers to trick a user into performing a dangerous file overwrite or creation.
Published Aug 27, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
TorrentTrader 1.07 and earlier sets insecure permissions for files in the root directory, which allows attackers to execute arbitrary PHP code by modifying (1) disclaimer.txt, (2) sponsors.txt, and (3) banners.txt, which are used in an include call. NOTE: there might be local attack vectors that extend to other files.
Published Aug 25, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors involving arguments to the (1) fvCom and (2) info methods. NOTE: some of these details are obtained from third party information.
Published Aug 31, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in tiki-remind_password.php in Tikiwiki (aka Tiki CMS/Groupware) 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: this issue might be related to CVE-2006-2635.7.
Published Aug 28, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
CRLF injection vulnerability in contact.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to add arbitrary mail headers via CRLF sequences in the subject parameter. NOTE: this can be leveraged for spam by adding To or Cc headers.
Published Aug 31, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 and 7.0 Gold through SP7 allows remote attackers to cause a denial of service (disk consumption) via certain malformed HTTP headers.
Published Aug 31, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in acrotxt.php in WBB2-Addon: Acrotxt 1 allows remote attackers to execute arbitrary SQL commands via the show parameter.
Published Aug 29, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Buffer overflow in the VThinker::BroadcastPrintf function in p_thinker.cpp in Vavoom 1.24 and earlier allows remote attackers to execute arbitrary code via (1) a long string in a chat message and possibly (2) a long name field.
Published Aug 25, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine function in maptemplate.c and the (2) writeError function in mapserv.c in the mapserv CGI program.
Published Aug 27, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unrestricted file upload vulnerability in output.php in American Financing eMail Image Upload 4.1 allows remote attackers to upload and execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published Aug 23, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Soldat game server 1.4.2 and earlier, and dedicated server 2.6.2 and earlier, allows remote attackers to cause a client denial of service (crash) via (1) a long string to the file transfer port or (2) a long chat message, or (3) a server denial of service (continuous beep and slowdown) via a string containing many 0x07 or other control characters to the file transfer port.
Published Aug 25, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in the login mechanism in sidvault in Alpha Centauri Software SIDVault LDAP Server before 2.0f allow remote attackers to execute arbitrary code via crafted LDAP packets, as demonstrated by a long dc entry in an LDAP bind.
Published Aug 28, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 RC 6 allows remote attackers to execute arbitrary SQL commands via the s[cid] parameter in a search_list action, a different vector than CVE-2007-2549.
Published Aug 30, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the p_mode variable.
Published Aug 29, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
vstor-ws60.sys in VMWare Workstation 6.0 allows local users to cause a denial of service (host operating system crash) and possibly gain privileges by sending a small file buffer size value to the FsSetVolumeInformation IOCTL handler with an FsSetFileInformation subcode.
Published Aug 29, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is compatible between the server and client, which might allow remote attackers to intercept communications.
Published Aug 31, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Buffer overflow in the EasyMailSMTPObj ActiveX control in emsmtp.dll 6.0.1 in the Quiksoft EasyMail SMTP Object, as used in Postcast Server Pro 3.0.61 and other products, allows remote attackers to execute arbitrary code via a long argument to the SubmitToExpress method, a different vulnerability than CVE-2007-1029. NOTE: this may have been fixed in version 6.0.3.15.
Published Aug 31, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Webmaster Level (SiteWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) siteworx.php, (3) users.php, (4) ftp.php, (5) mysql.php, (6) domains.php, (7) htaccess.php, (8) scriptworx.php, (9) stats.php, (10) backup.php, (11) restore.php, and (12) httpd.php; and unspecified vectors to (13) cron.php and (14) prefs.php.
Published Aug 29, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The Thomson ST 2030 SIP phone with software 1.52.1 allows remote attackers to cause a denial of service (device hang) via an INVITE message with a Via header that contains a '/' (slash) instead of the required space following the SIP version number.
Published Aug 28, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote authenticated users with the ServerAdmin flag to assign Registered users certain privileges, resulting in a privilege set that extends beyond that ServerAdmin's own servers, as demonstrated by the (1) AdminAddServer, (2) AdminDeleteServer, (3) AdminStartServer, and (4) AdminStopServer privileges; and administration of arbitrary virtual servers via a request to a .tscmd URI with a modified serverid parameter, as demonstrated by (a) add_server.tscmd, (b) ask_delete_server.tscmd, (c) start_server.tscmd, and (d) stop_server.tscmd.
Published Aug 25, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in index.php in the Nice Talk component (com_nicetalk) 0.9.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the tagid parameter.
Published Aug 23, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in Olate Download (od) 3.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the PHP_SELF variable in modules/core/uim.php and (2) [url] tags in a comment in modules/core/fldm.php.
Published Aug 27, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
IBM SurePOS 500 has (1) a default password of "12345" for the manager and (2) blank default passwords for operator accounts.
Published Aug 30, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in wp-newblog.php in WordPress multi-user (MU) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the weblog_id parameter (Username field).
Published Aug 27, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple absolute path traversal vulnerabilities in the nvUtility.Utility.1 ActiveX control in nvUtility.dll 1.0.14.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allow remote attackers to (1) create or overwrite arbitrary files via a full pathname in the first argument to the SaveXMLFile method or (2) delete arbitrary files via a full pathname in the argument to the DeleteXMLFile method.
Published Aug 29, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in vstor2-ws60.sys in VMWare Workstation 6.0 allows local users to cause a denial of service (host operating system crash) via unspecified vectors, as demonstrated by the DC2 test suite, possibly a related issue to CVE-2007-4591. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published Aug 29, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote attackers to obtain sensitive information via certain XML-RPC requests, as demonstrated by the (1) Deadline and (2) Estimated Time fields.
Published Aug 27, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
A regression error in tcp-wrappers 7.6.dbs-10 and 7.6.dbs-11 might allow remote attackers to bypass intended access restrictions when a service uses libwrap but does not specify server connection information.
Published Aug 30, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The VStr::Resize function in str.cpp in Vavoom 1.24 and earlier allows remote attackers to cause a denial of service (daemon crash) via a string with a negative NewLen value within a certain UDP packet that triggers an assertion error.
Published Aug 25, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications.
Published Aug 31, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The Sun Admin Console in Sun Application Server 9.0_0.1 does not apply certain configuration changes persistently, which causes the (1) SSL and (2) SSL_MutualAuth ORB listener services to enable all protocols and ciphers after the services are restarted, possibly allowing remote attackers to bypass intended policy.
Published Aug 23, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in index.php in ACG News 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the aid parameter in a showarticle action or (2) the catid parameter in a showcat action.
Published Aug 31, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in viewevent.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to execute arbitrary SQL commands via the id parameter.
Published Aug 31, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.
Published Aug 28, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unreal Commander 0.92 build 565 and 573 writes portions of heap memory into local files when extracting from an archive with malformed size information in a file header, which might allow user-assisted attackers to obtain sensitive information (memory contents) by reading the extracted files. NOTE: this issue is only a vulnerability if Unreal is run with privileges, or if the extracted files are made accessible to other users.
Published Aug 27, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Entrust Entelligence Security Provider (ESP) 8 does not properly validate certificates in certain circumstances involving (1) a chain that omits the root Certification Authority (CA) certificate, or an application that specifies disregarding (2) unknown revocation statuses during path validation or (3) certain errors in the certification path, which might allow context-dependent attackers to spoof certificate authentication. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published Aug 29, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Format string vulnerability in the Say command in sv_main.cpp in Vavoom 1.24 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a chat message, related to a call to the BroadcastPrintf function.
Published Aug 25, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."
Published Aug 28, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unrestricted file upload vulnerability in config/upload.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to upload and execute arbitrary PHP files in images/, possibly related to config/admin.php.
Published Aug 31, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UPX packed file, resulting from an "integer cast around". NOTE: as of 20070828, the vendor says this is a DoS and the researcher says this allows code execution, but the researcher is reliable.
Published Aug 28, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an IMAP voicemail storage backend, allows remote attackers to cause a denial of service via an e-mail with an "invalid/corrupted" MIME body, which triggers a crash when the recipient listens to voicemail.
Published Aug 28, 2007 · Updated Aug 7, 2024