Critical · CVSS 9.8 · CISA KEV
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.
Published Sep 18, 2007 · Updated Oct 22, 2025
Critical · CVSS 9.8
PHP remote file inclusion vulnerability in lib/classes/offl_nflteam.php in Online Fantasy Football League (OFFL) 0.2.6 allows remote attackers to execute arbitrary PHP code via a URL in the DOC_ROOT parameter. NOTE: this issue is disputed by CVE because a __FILE__ test protects offl_nflteam.php against direct requests
Published Sep 26, 2007 · Updated Jan 17, 2025
Medium · CVSS 6.1
Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
Published Sep 14, 2007 · Updated Jan 17, 2025
Medium · CVSS 5.3
Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to a remote syslog server or places them in a local logging buffer, which allows context-dependent attackers to obtain sensitive information.
Published Sep 10, 2007 · Updated Jan 17, 2025
Unknown · CVSS Not scored
EMC VMware Server before 1.0.4 Build 56528 writes passwords in cleartext to unspecified log files, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2005-3620.
Published Sep 21, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via an OXM file with a negative value, which bypasses a check in (1) test_oxm and (2) decrunch_oxm functions in misc/oxm.c, leading to a buffer overflow.
Published Sep 13, 2009 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Race condition in the tee (sys_tee) system call in the Linux kernel 2.6.17 through 2.6.17.6 might allow local users to cause a denial of service (system crash), obtain sensitive information (kernel memory contents), or gain privileges via unspecified vectors related to a potentially dropped ipipe lock during a race between two pipe readers.
Published Sep 18, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to upload arbitrary script files with crafted image filenames to uploads/, where they are saved with a .txt extension and are not executable. NOTE: there are limited usage scenarios under which this would be a vulnerability, but it is being tracked by CVE since the vendor has stated it is security-relevant.
Published Sep 17, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in EMC VMware ACE before 1.0.3 Build 54075 allows attackers to have an unknown impact via an unspecified manipulation of "images stored in virtual machines downloaded by the user."
Published Sep 21, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Dibbler 0.6.0 on Linux uses weak world-writable permissions for unspecified files in /var/lib/dibbler, which has unknown impact and local attack vectors.
Published Sep 21, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in the dtt_load function in loaders/dtt_load.c Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via unspecified vectors related to an untrusted length value and the (1) pofs and (2) plen arrays.
Published Sep 13, 2009 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in buscar.asp in Solidweb Novus 1.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published Sep 28, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The NFS client implementation in the kernel in Red Hat Enterprise Linux (RHEL) 3, when a filesystem is mounted with the noacl option, checks permissions for the open system call via vfs_permission (mode bits) data rather than an NFS ACCESS call to the server, which allows local client processes to obtain a false success status from open calls that the server would deny, and possibly obtain sensitive information about file permissions on the server, as demonstrated in a root_squash environment. NOTE: it is uncertain whether any scenarios involving this issue cross privilege boundaries.
Published Sep 18, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in admin/adminusers.php in Claroline before 1.8.6 allows remote authenticated administrators to inject arbitrary web script or HTML via the sort parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published Sep 6, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in Office Efficiencies SafeSquid 4.1.x has unknown impact and attack vectors, related to a "serious security flaw," possibly specific to Linux.
Published Sep 18, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Avnex AV MP3 Player allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error.
Published Sep 14, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in netInvoicing before 2.7.3 has unknown impact and attack vectors, related to "security check soap".
Published Sep 17, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in the ZyXEL P-330W router allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote router management via goform/formRmtMgt or (2) modify the administrator password via goform/formPasswordSetup.
Published Sep 10, 2009 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the web management interface in the ZyXEL P-330W router allows remote attackers to inject arbitrary web script or HTML via the pingstr parameter and other unspecified vectors.
Published Sep 10, 2009 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Buffer overflow in tftp in bos.net.tcp.client in IBM AIX 5.2.0 and 5.3.0 allows local users to gain privileges via unspecified vectors.
Published Sep 10, 2008 · Updated Aug 7, 2024
Unknown · CVSS Not scored
fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test.
Published Sep 4, 2008 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The driver for the Linksys WRT350N Wi-Fi access point with firmware 2.00.17 on the Atheros AR5416-AC1E chipset does not properly parse the Atheros vendor-specific information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via an Atheros information element with an invalid length, as demonstrated by an element that is too long.
Published Sep 5, 2008 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."
Published Sep 10, 2008 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl (Tcl/Tk) 8.4.13 through 8.4.15 allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the first. NOTE: this issue is due to an incorrect patch for CVE-2007-5378.
Published Sep 28, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in forum/forum.php in lustig.cms BETA 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the view parameter.
Published Sep 28, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in includes/archive/archive_topic.php in IntegraMOD Nederland 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
Published Sep 28, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in DFD Cart 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published Sep 28, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in search.php in SiteX CMS 0.7.3 Beta allows remote attackers to execute arbitrary SQL commands via the search parameter.
Published Sep 28, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in admin/include/header.php in chupix 0.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the repertoire parameter.
Published Sep 28, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
JSPWiki 2.4.103 and 2.5.139-beta allows remote attackers to obtain sensitive information (full path) via an invalid integer in the version parameter to the default URI under attach/Main/.
Published Sep 27, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cisco Catalyst 6500 and Cisco 7600 series devices use 127/8 IP addresses for Ethernet Out-of-Band Channel (EOBC) internal communication, which might allow remote attackers to send packets to an interface for which network exposure was unintended.
Published Sep 27, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Stack-based buffer overflow in the AskJeevesToolBar.SettingsPlugin.1 ActiveX control in askBar.dll in IAC Search & Media ask.com Ask Toolbar 4.0.2.53 and earlier allows remote attackers to execute arbitrary code via a long ShortFormat property value. NOTE: some of these details are obtained from third party information. NOTE: the researcher claims that this is the same as CVE-2007-5108, but there is insufficient detail for CVE-2007-5108 to be certain.
Published Sep 26, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors related to "the handling of thread contexts."
Published Sep 27, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 allows remote attackers to inject arbitrary web script or HTML via the user_login parameter.
Published Sep 26, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in JSPWiki 2.4.103 and 2.5.139-beta allow remote attackers to inject arbitrary web script or HTML via the (1) group and (2) members parameters in (a) NewGroup.jsp; the (3) edittime parameter in (b) Edit.jsp; the (4) edittime, (5) author, and (6) link parameters in (c) Comment.jsp; the (7) loginname, (8) wikiname, (9) fullname, and (10) email parameters in (d) UserPreferences.jsp and (e) Login.jsp; the (11) r1 and (12) r2 parameters in (f) Diff.jsp; and the (13) changenote parameter in (g) PageInfo.jsp.
Published Sep 27, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Microsoft Windows Media Player (WMP) 9 on Windows XP SP2 invokes Internet Explorer to render HTML documents contained inside some media files, regardless of what default web browser is configured, which might allow remote attackers to exploit vulnerabilities in software that the user does not expect to run, as demonstrated by the HTMLView parameter in an .asx file.
Published Sep 26, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in index.php in Interspire ActiveKB NX 2.x allows remote attackers to execute arbitrary SQL commands via the catId parameter in a browse action. NOTE: it was separately reported that ActiveKB 1.5 is also affected.
Published Sep 27, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.
Published Sep 27, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service (CPU consumption) via a certain PNG file with a large tEXt chunk that possibly triggers an integer overflow in PNG chunk size handling, as demonstrated by badlycrafted.png.
Published Sep 27, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in IAC Search & Media ask.com toolbar has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. NOTE: this might be the same issue as CVE-2007-5107.
Published Sep 26, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.5.3.12 and earlier allows remote attackers to execute arbitrary code via unspecified web script or HTML in an instant message, related to AIM's filtering of "specific tags and attributes" and the lack of Local Machine Zone lockdown. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4901.
Published Sep 27, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Vigile CMS 1.8 allow remote attackers to inject arbitrary web script or HTML via a request to the wiki module with (1) the title parameter or (2) a "title=" sequence in the PATH_INFO, or a request to the download module with (3) the cat parameter or (4) a "cat=" sequence in the PATH_INFO.
Published Sep 24, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in SimpGB 1.46.02 allow remote attackers to inject arbitrary web script or HTML via (1) the l_username parameter to the default URI under admin/ or (2) the l_emoticonlist parameter to admin/emoticonlist.php.
Published Sep 27, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
ChironFS before 1.0 RC7 sets user/group ownership to the mounter account instead of the creator account when files are created, which allows local users to gain privileges.
Published Sep 26, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows.
Published Sep 27, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in notas.asp in Novus 1.0 allows remote attackers to execute arbitrary SQL commands via the nota_id parameter.
Published Sep 27, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.4.001 allow remote attackers to inject arbitrary web script or HTML via the cat_data[color] parameter to (1) preferences/inc/class.uicategories.inc.php and (2) admin/inc/class.uicategories.inc.php.
Published Sep 26, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the HID (Human Interface Device) class driver in Sun Solaris 8, 9, and 10 before 20070925 allows local users to cause a denial of service (panic) via unspecified vectors.
Published Sep 27, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in index.php in the Dance Music module for phpNuke, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in an ACCEPT_FILE array parameter to modules.php.
Published Sep 26, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in JSPWiki 2.5.139-beta allows remote attackers to inject arbitrary web script or HTML via the redirect parameter to wiki-3/Login.jsp and unspecified other components.
Published Sep 27, 2007 · Updated Aug 7, 2024