LiveActive security incident?Get immediate response
CVE archive

December 2007

Browse CVE records published in December 2007, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 437 matching CVEs · Page 2 of 9.

Unknown · CVSS Not scored

CVE-2007-6495: inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to chan...

inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the permissions of directories named (1) db, (2) www, (3) Special, and (4) log at arbitrary locations under the web root via a modified Dirroot parameter in an AddUser action to accounts/AccountActions.asp. NOTE: this can be leveraged for remote code execution by changing the permissions of \Forum\db, which is configured for execution of ASP scripts with administrative privileges, and then uploading a script to \Forum\db.

Published Dec 20, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-6579: Multiple SQL injection vulnerabilities in Ip Reg 0.3 allow remote attackers to execute arbitrary SQL comman...

Multiple SQL injection vulnerabilities in Ip Reg 0.3 allow remote attackers to execute arbitrary SQL commands via the vlan_id parameter to (1) vlanview.php, (2) vlanedit.php, and (3) vlandel.php; the (4) assetclassgroup_id parameter to assetclassgroupview.php; the (5) subnet_id parameter to nodelist.php; and unspecified other vectors. NOTE: it was later reported that the vlanview.php and vlandel.php vectors are also in 0.4.

Published Dec 28, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-6562: Multiple stack-based buffer overflows in the use of FD_SET in TCPreen before 1.4.4 allow remote attackers t...

Multiple stack-based buffer overflows in the use of FD_SET in TCPreen before 1.4.4 allow remote attackers to cause a denial of service via multiple concurrent connections, which result in overflows in the (1) SocketAddress::Connect function in libsolve/sockprot.cpp and (2) monitor_bridge function in src/bridge.cpp.

Published Dec 28, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-6553: Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attacker...

Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONF[app_root] parameter to (1) tcuser.class.php, (2) absencecount.inc.php, (3) avatar.inc.php, (4) csvhandler.class.php, (5) functions.tcpro.php, (6) header.html.inc.php, (7) joomlajack.tcpro.php, (8) menu.inc.php, (9) other.inc.php, (10) tcabsence.class.php, (11) tcabsencegroup.class.php, (12) tcallowance.class.php, (13) tcannouncement.class.php, (14) tcconfig.class.php, (15) tcdaynote.class.php, (16) tcgroup.class.php, (17) tcholiday.class.php, (18) tclogin.class.php, (19) tcmonth.class.php, (20) tctemplate.class.php, (21) tcusergroup.class.php, or (22) tcuseroption.class.php in includes/, possibly a related issue to CVE-2006-4845.

Published Dec 28, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-6496: Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to register arbitrary users via a re...

Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to register arbitrary users via a request to hosting/addsubsite.asp with the loginname and password parameters set, when preceded by certain requests to hosting/default.asp and hosting/selectdomain.asp, a related issue to CVE-2005-1654.

Published Dec 20, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-6604: Multiple directory traversal vulnerabilities in index.php in XCMS 1.82 and earlier allow remote attackers t...

Multiple directory traversal vulnerabilities in index.php in XCMS 1.82 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the s parameter to the admin page or (2) the pg parameter to an arbitrary module, as demonstrated by reading a password hash in a .dtb file under dati/membri/ or by executing embedded PHP code in images under uploads/avatar/.

Published Dec 31, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-6592: Apple Safari 2, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN...

Apple Safari 2, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.

Published Dec 28, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-6589: The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the...

The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a different vulnerability than CVE-2007-5947.

Published Dec 28, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-6548: Multiple direct static code injection vulnerabilities in RunCMS before 1.6.1 allow remote authenticated adm...

Multiple direct static code injection vulnerabilities in RunCMS before 1.6.1 allow remote authenticated administrators to inject arbitrary PHP code via the (1) header and (2) footer parameters to modules/system/admin.php in a meta-generator action, (3) the disclaimer parameter to modules/system/admin.php in a disclaimer action, (4) the disclaimer parameter to modules/mydownloads/admin/index.php in a mydownloadsConfigAdmin action, (5) the disclaimer parameter to modules/newbb_plus/admin/forum_config.php, (6) the disclaimer parameter to modules/mylinks/admin/index.php in a myLinksConfigAdmin action, or (7) the intro parameter to modules/sections/admin/index.php in a secconfig action, which inject PHP sequences into (a) sections/cache/intro.php, (b) mylinks/cache/disclaimer.php, (c) mydownloads/cache/disclaimer.php, (d) newbb_plus/cache/disclaimer.php, (e) system/cache/disclaimer.php, (f) system/cache/footer.php, (g) system/cache/header.php, or (h) system/cache/maintenance.php in modules/.

Published Dec 28, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-6506: The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.0...

The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method.

Published Dec 20, 2007 · Updated Aug 7, 2024