LiveActive security incident?Get immediate response
CVE archive

2007 CVE Archive

Browse CVE records published in 2007 CVE Archive, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 6458 matching CVEs · Page 2 of 130.

Unknown · CVSS Not scored

CVE-2007-5552: Integer overflow in Cisco IOS allows remote attackers to execute arbitrary code via unspecified vectors.

Integer overflow in Cisco IOS allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.

Published Oct 18, 2007 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2007-5550: Unspecified vulnerability in Cisco IOS allows remote attackers to obtain the IOS version via unspecified ve...

Unspecified vulnerability in Cisco IOS allows remote attackers to obtain the IOS version via unspecified vectors involving a "common network service", aka PSIRT-1255024833. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.

Published Oct 18, 2007 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2007-0997: Race condition in the tee (sys_tee) system call in the Linux kernel 2.6.17 through 2.6.17.6 might allow loc...

Race condition in the tee (sys_tee) system call in the Linux kernel 2.6.17 through 2.6.17.6 might allow local users to cause a denial of service (system crash), obtain sensitive information (kernel memory contents), or gain privileges via unspecified vectors related to a potentially dropped ipipe lock during a race between two pipe readers.

Published Sep 18, 2007 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2007-4913: ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote at...

ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to upload arbitrary script files with crafted image filenames to uploads/, where they are saved with a .txt extension and are not executable. NOTE: there are limited usage scenarios under which this would be a vulnerability, but it is being tracked by CVE since the vendor has stated it is security-relevant.

Published Sep 17, 2007 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2007-4006: Buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 has unknown impact and remote attack vectors,...

Buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 has unknown impact and remote attack vectors, aka ZD-00000034. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.

Published Jul 26, 2007 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2007-4548: The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException...

The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.

Published Aug 27, 2007 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2007-5560: Heap-based buffer overflow in the Juniper HTTP Service allows remote attackers to execute arbitrary code vi...

Heap-based buffer overflow in the Juniper HTTP Service allows remote attackers to execute arbitrary code via a crafted HTTP packet. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.

Published Oct 18, 2007 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2007-6365: Cross-site scripting (XSS) vulnerability in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10...

Cross-site scripting (XSS) vulnerability in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 allows remote attackers to inject arbitrary web script or HTML via the month parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the day and year vectors are covered by CVE-2007-6274.

Published Dec 15, 2007 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2007-1408: Multiple vulnerabilities in (1) bank.php, (2) landfill.php, (3) outposts.php, (4) tribes.php, (5) house.php...

Multiple vulnerabilities in (1) bank.php, (2) landfill.php, (3) outposts.php, (4) tribes.php, (5) house.php, (6) tribearmor.php, (7) tribeastral.php, (8) tribeware.php, and (9) includes/head.php in Bartek Jasicki Vallheru before 1.3 beta have unknown impact and remote attack vectors, probably related to large integer values containing more than 15 digits. NOTE: the original vendor report is for integer overflows, but this is probably an incorrect usage of the term.

Published Mar 10, 2007 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2007-6733: The nfs_lock function in fs/nfs/file.c in the Linux kernel 2.6.9 does not properly remove POSIX locks on fi...

The nfs_lock function in fs/nfs/file.c in the Linux kernel 2.6.9 does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on an NFS filesystem and then changing this file's permissions, a related issue to CVE-2010-0727.

Published Mar 16, 2010 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2007-3992: SQL injection vulnerability in vir_login.asp in iExpress Property Pro allows remote attackers to execute ar...

SQL injection vulnerability in vir_login.asp in iExpress Property Pro allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the Username parameter is covered by CVE-2006-6029. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Jul 25, 2007 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2007-3924: Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape inst...

Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape; this issue could arise with other protocol handlers in IE.

Published Jul 21, 2007 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2007-2795: Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to...

Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via (1) the authentication feature in IMailsec.dll, which triggers heap corruption in the IMail Server, or (2) a long SUBSCRIBE IMAP command, which triggers a stack-based buffer overflow in the IMAP Daemon.

Published Jan 27, 2009 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2007-5160: Multiple PHP remote file inclusion vulnerabilities in Thierry Leriche Restaurant Management System (ReMaSys...

Multiple PHP remote file inclusion vulnerabilities in Thierry Leriche Restaurant Management System (ReMaSys) 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the DIR_ROOT parameter to (a) global.php, or the (2) DIR_PAGE parameter to (b) template/fr/page.php or (c) page/fr/boxConnection.php.

Published Oct 1, 2007 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2007-6752: Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and earlier allows remote attackers to hijac...

Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that end a session via the user/logout URI. NOTE: the vendor disputes the significance of this issue, by considering the "security benefit against platform complexity and performance impact" and concluding that a change to the logout behavior is not planned because "for most sites it is not worth the trade-off.

Published Mar 28, 2012 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2007-5557: Unspecified vulnerability in the NEC mobile handset allows remote attackers to cause a denial of service (r...

Unspecified vulnerability in the NEC mobile handset allows remote attackers to cause a denial of service (reboot) via crafted packets. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.

Published Oct 18, 2007 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2007-6380: Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and 1.05 Rev 1 through 3, allow remote att...

Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and 1.05 Rev 1 through 3, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to (a) mylinks/ratelink.php, (b) adresses/ratefile.php, (c) mydownloads/ratefile.php, (d) mysections/ratefile.php, and (e) myalbum/ratephoto.php in modules/; the (2) bid parameter to (f) modules/banners/click.php; and the (3) gid parameter to (g) modules/arcade/index.php in a show_stats and play_game action, related issues to CVE-2007-5104 and CVE-2007-6266.

Published Dec 15, 2007 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2007-5554: Oracle allows remote attackers to obtain server memory contents via crafted packets, aka Oracle reference n...

Oracle allows remote attackers to obtain server memory contents via crafted packets, aka Oracle reference number 7892711. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.

Published Oct 18, 2007 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2007-5559: Heap-based buffer overflow in the IBM ThinkVantage TPM Service allows remote attackers to execute arbitrary...

Heap-based buffer overflow in the IBM ThinkVantage TPM Service allows remote attackers to execute arbitrary code via a crafted HTTP packet. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.

Published Oct 18, 2007 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2007-2280: Stack-based buffer overflow in OmniInet.exe (aka the backup client service daemon) in the Application Recov...

Stack-based buffer overflow in OmniInet.exe (aka the backup client service daemon) in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via an MSG_PROTOCOL command with long arguments, a different vulnerability than CVE-2009-3844.

Published Dec 18, 2009 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2007-0437: Multiple cross-site scripting (XSS) vulnerabilities in the sample Cache' Server Page (CSP) scripts in Inter...

Multiple cross-site scripting (XSS) vulnerabilities in the sample Cache' Server Page (CSP) scripts in InterSystems Cache' allow remote attackers to inject arbitrary web script or HTML via (1) the TO parameter to loop.csp, (2) the VALUE parameter to cookie.csp, and (3) the PAGE parameter to showsource.csp in csp/samples/; and allow remote authenticated users to inject arbitrary web script or HTML via (4) the ERROR parameter to csp/samples/xmlclasseserror.csp, and unspecified vectors in (5) object.csp and (6) lotteryhistory.csp in csp/samples/.

Published Aug 20, 2007 · Updated Sep 16, 2024