LiveActive security incident?Get immediate response
CVE archive

November 2007

Browse CVE records published in November 2007, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 426 matching CVEs · Page 1 of 9.

Critical · CVSS 9.8

CVE-2007-5775: Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors...

Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. NOTE: as of 20071029, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.

Published Nov 1, 2007 · Updated Apr 3, 2025

Unknown · CVSS Not scored

CVE-2007-6043: The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier f...

The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898.

Published Nov 20, 2007 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2007-6008: Heap-based buffer overflow in emlsr.dll before 2.0.0.4 in Autonomy (formerly Verity) KeyView Viewer, Filter...

Heap-based buffer overflow in emlsr.dll before 2.0.0.4 in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK allows remote attackers to execute arbitrary code via a long Content-Type header line in an EML file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Nov 15, 2007 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2007-6011: Unspecified vulnerability in main.php of BugHotel Reservation System before 4.9.9 P3 allows remote attacker...

Unspecified vulnerability in main.php of BugHotel Reservation System before 4.9.9 P3 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Nov 16, 2007 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2007-6029: Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via...

Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via a crafted e-mail message. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.

Published Nov 20, 2007 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2007-6189: A certain ActiveX control in (1) OScan8.ocx and (2) Oscan81.ocx in BitDefender Online Anti-Virus Scanner 8....

A certain ActiveX control in (1) OScan8.ocx and (2) Oscan81.ocx in BitDefender Online Anti-Virus Scanner 8.0 allows remote attackers to execute arbitrary code via a long argument to the InitX method that begins with a "%%" sequence, which is misinterpreted as a Unicode string and decoded twice, leading to improper memory allocation and a heap-based buffer overflow.

Published Nov 30, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-6191: Multiple PHP remote file inclusion vulnerabilities in Armin Burger p.mapper 3.2.0 beta3 allow remote attack...

Multiple PHP remote file inclusion vulnerabilities in Armin Burger p.mapper 3.2.0 beta3 allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[PM_INCPHP] parameter to (1) incphp/globals.php or (2) plugins/export/mc_table.php. NOTE: it could be argued that this vulnerability is caused by a problem in PHP and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in p.mapper.

Published Nov 30, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-6142: Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC2 al...

Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) show parameter to index.php and the (2) print parameter to print.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Nov 27, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-6188: Multiple directory traversal vulnerabilities in TuMusika Evolution 1.7R5 allow remote attackers to include...

Multiple directory traversal vulnerabilities in TuMusika Evolution 1.7R5 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) languages_n.php, (2) languages_f.php, or (3) languages.php in inc/; and (4) allow remote attackers to read arbitrary local files via a .. (dot dot) in the uri parameter to frames/nogui/sc_download.php.

Published Nov 30, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-6190: The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remot...

The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream.

Published Nov 30, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-6129: Directory traversal vulnerability in scripts/include/show_content.php in Amber Script 1.0 allows remote att...

Directory traversal vulnerability in scripts/include/show_content.php in Amber Script 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

Published Nov 26, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-6103: I Hear U (IHU) 0.5.6 and earlier allows remote attackers to cause (1) a denial of service (infinite loop) v...

I Hear U (IHU) 0.5.6 and earlier allows remote attackers to cause (1) a denial of service (infinite loop) via a packet that contains zero in the size field in its header, which is improperly handled by the Receiver::processPacket function; and (2) a denial of service (daemon crash) via an (a) IHU_INFO_INIT or a (b) IHU_INFO_RING packet that does not specify the mode, which is improperly handled by the Player::ring function in Player.cpp.

Published Nov 23, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-6136: Multiple cross-site scripting (XSS) vulnerabilities in index.php in M2Scripts MySpace Scripts Poll Creator...

Multiple cross-site scripting (XSS) vulnerabilities in index.php in M2Scripts MySpace Scripts Poll Creator allow remote attackers to inject arbitrary web script or HTML via the (1) title, (2) intro, and (3) question parameters, and (4) unspecified answer parameters, in a create_new action. NOTE: some of these details are obtained from third party information.

Published Nov 27, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-6059: Javamail does not properly handle a series of invalid login attempts in which the same e-mail address is en...

Javamail does not properly handle a series of invalid login attempts in which the same e-mail address is entered as username and password, and the domain portion of this address yields a Java UnknownHostException error, which allows remote attackers to cause a denial of service (connection pool exhaustion) via a large number of requests, resulting in a SQLNestedException. NOTE: Sun disputes this issue, stating "The report makes references to source code and files that do not exist in the mentioned products.

Published Nov 20, 2007 · Updated Aug 7, 2024