CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2007

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2007-1133 1 Exec Code File Inclusion 2007-02-26 2008-11-15
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in fcring.php in FCRing 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the s_fuss parameter.
2 CVE-2007-1132 79 XSS 2007-02-26 2011-09-13
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the "Contact Us" functionality in MTCMS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) message and (2) title fields.
3 CVE-2007-1131 1 Exec Code File Inclusion 2007-02-26 2008-11-15
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in sinapis.php in Sinapis Forum 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter.
4 CVE-2007-1130 1 Exec Code File Inclusion 2007-02-26 2008-11-15
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in sinagb.php in Sinapis Gastebuch 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter.
5 CVE-2007-1129 2007-02-26 2011-09-06
7.5
None Remote Low Not required Partial Partial Partial
Multiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow remote attackers to upload and execute files via (1) an avatar upload in an add_down action, or (2) an add_link action.
6 CVE-2007-1128 +Info 2007-02-26 2008-11-15
5.0
None Remote Low Not required Partial None None
shopkitplus allows remote attackers to obtain sensitive information via a request to (1) events.php with a curmonth[]=01 query string or (2) enc/stylecss.php with a changetheme[]= query string, which reveals the path in various error messages.
7 CVE-2007-1127 Dir. Trav. 2007-02-26 2008-11-15
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in enc/stylecss.php in shopkitplus allows remote attackers to read arbitrary files via a .. (dot dot) in the changetheme parameter.
8 CVE-2007-1126 Dir. Trav. 2007-02-26 2008-11-15
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in index.php in xtcommerce allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
9 CVE-2007-1125 XSS 2007-02-26 2008-11-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to inject arbitrary web script or HTML via the f parameter.
10 CVE-2007-1124 Dir. Trav. 2007-02-26 2008-11-15
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.
11 CVE-2007-1123 Exec Code File Inclusion 2007-02-26 2008-11-15
7.5
User Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in ZPanel 2.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the body parameter to templates/ZPanelV2/template.php or (2) the page parameter to zpanel.php. NOTE: the zpanel.php vector may overlap CVE-2005-0793.2. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
12 CVE-2007-1122 Exec Code Sql 2007-02-26 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 and 1.01 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php, a variant of a SQL injection issue that was fixed in 1.01. NOTE: some of these details are obtained from third party information.
13 CVE-2007-1121 Exec Code Sql 2007-02-26 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php. NOTE: some of these details are obtained from third party information.
14 CVE-2007-1120 2007-02-26 2008-11-15
9.3
Admin Remote Medium Not required Complete Complete Complete
The (1) Import.LoadFromURL and (2) Export.asText.SaveToFile functions in TeeChart Pro ActiveX control (TeeChart7.ocx) allow remote attackers to download a crafted .tee file to an arbitrary location. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
15 CVE-2007-1119 2007-02-26 2008-11-15
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in Novell ZENworks 7 Desktop Management Support Pack 1 before Hot patch 3 (ZDM7SP1HP3) allows remote attackers to upload images to certain folders that were not configured in the "Only allow uploads to the following directories" setting via unspecified vectors.
16 CVE-2007-1118 1 Exec Code File Inclusion 2007-02-26 2008-11-15
6.8
User Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path_to_smf parameter to (1) bridges/SMF/logout.php or (2) get_session_vars.php.
17 CVE-2007-1117 Exec Code 2007-02-26 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
18 CVE-2007-1116 200 +Info 2007-02-26 2008-11-15
5.0
None Remote Low Not required Partial None None
The CheckLoadURI function in Mozilla Firefox 1.8 lists the about: URI as a ChromeProtocol and can be loaded via JavaScript, which allows remote attackers to obtain sensitive information by querying the browser's session history.
19 CVE-2007-1115 79 XSS 2007-02-26 2011-07-13
4.3
None Remote Medium Not required None Partial None
The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.
20 CVE-2007-1114 XSS 2007-02-26 2008-09-05
4.3
None Remote Medium Not required None Partial None
The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.
21 CVE-2007-1111 XSS 2007-02-26 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the css parameter to (1) flatevents.php, (2) js.php, (3) mysqlevents.php, (4) m_2.php, (5) m_3.php, (6) m_4.php, (7) xmlevents.php, (8) y_2.php, or (9) y_3.php in data/.
22 CVE-2007-1110 Dir. Trav. 2007-02-26 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in data/showcode.php in ActiveCalendar 1.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter.
23 CVE-2007-1109 79 XSS 2007-02-26 2010-12-21
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Phpwebgallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) login or (2) mail_address field in Register.php, or the (3) search_author, (4) mode, (5) start_year, (6) end_year, or (7) date_type field in Search.php, a different vulnerability than CVE-2006-1674. NOTE: 1.6.2 and other versions might also be affected.
24 CVE-2007-1108 1 Exec Code File Inclusion 2007-02-26 2008-11-15
6.8
User Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in Christian Schneider CS-Gallery 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the album parameter during a securealbum todo action.
25 CVE-2007-1107 3 Exec Code Sql 2007-02-26 2009-09-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using similar cookies.
26 CVE-2007-1106 1 Exec Code File Inclusion 2007-02-26 2008-11-15
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in includes/functions_nomoketos_rules.php in the NoMoKeTos Rules 0.0.1 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
27 CVE-2007-1105 1 Exec Code File Inclusion 2007-02-26 2008-11-15
5.0
None Remote Low Not required None Partial None
PHP remote file inclusion vulnerability in functions.php in Extreme phpBB (aka phpBB Extreme) 3.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
28 CVE-2007-1104 1 Exec Code File Inclusion 2007-02-26 2008-11-15
4.3
None Remote Medium Not required None Partial None
PHP remote file inclusion vulnerability in top.php in PHP Module Implementation (PHP-MIP) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the laypath parameter.
29 CVE-2007-1103 2007-02-26 2008-11-15
4.3
None Remote Medium Not required Partial None None
Tor does not verify a node's uptime and bandwidth advertisements, which allows remote attackers who operate a low resource node to make false claims of greater resources, which places the node into use for many circuits and compromises the anonymity of traffic sources and destinations.
30 CVE-2007-1102 +Info 2007-02-26 2008-11-15
5.0
None Remote Low Not required Partial None None
Photostand 1.2.0 allows remote attackers to obtain sensitive information via a ' (quote) character in (1) a PHPSESSID cookie or (2) the id parameter in an article action in index.php, which reveal the path in various error messages.
31 CVE-2007-1101 79 XSS 2007-02-26 2011-09-13
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Photostand 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) message ("comment") or (2) name field, or the (3) q parameter in a search action in index.php.
32 CVE-2007-1100 Dir. Trav. 2007-02-26 2008-11-15
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in download.php in Ahmet Sacan Pickle before 20070301 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
33 CVE-2007-1099 2007-02-26 2008-11-15
7.5
None Remote Low Not required Partial Partial Partial
dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which might allow remote attackers to conduct man-in-the-middle attacks.
34 CVE-2007-1098 DoS 2007-02-26 2008-11-15
7.8
None Remote Low Not required None None Complete
Multiple unspecified vulnerabilities in ScryMUD before 2.1.11 have unknown impact and attack vectors, possibly related to denial of service caused by a search that begins with a .* sequence.
35 CVE-2007-1097 20 Exec Code 2007-02-26 2011-03-17
10.0
None Remote Low Not required Complete Complete Complete
Unrestricted file upload vulnerability in the onAttachFiles function in the upload tool (inc/lib/attachment.lib.php) in Wiclear before 0.11.1 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to filename validation. NOTE: some details were obtained from third party information.
36 CVE-2007-1096 XSS 2007-02-26 2008-09-10
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart before 20070116 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue might overlap CVE-2007-0376.
37 CVE-2007-1095 2007-02-26 2011-09-20
6.8
User Remote Medium Not required Partial Partial Partial
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.
38 CVE-2007-1094 DoS 2007-02-26 2008-11-15
7.8
None Remote Low Not required None None Complete
Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (NULL dereference and application crash) via JavaScript onUnload handlers that modify the structure of a document.
39 CVE-2007-1093 94 DoS Exec Code 2007-02-26 2008-11-19
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager (NNM) before 07-10-05, and before 08-00-02 in the 08-x series, allow remote attackers to execute arbitrary code, cause a denial of service, or trigger invalid Web utility behavior.
40 CVE-2007-1092 Exec Code Mem. Corr. 2007-02-26 2013-07-06
9.3
Admin Remote Medium Not required Complete Complete Complete
Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects.
41 CVE-2007-1091 2007-02-26 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers.
42 CVE-2007-1090 DoS 2007-02-26 2008-11-15
7.1
None Remote Medium Not required None None Complete
Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder.
43 CVE-2007-1089 2007-02-23 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1 allows local users with table SELECT privileges to perform unauthorized UPDATE and DELETE SQL commands via unknown vectors.
44 CVE-2007-1088 Exec Code Overflow 2007-02-23 2008-11-15
7.2
Admin Local Low Not required Complete Complete Complete
Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables.
45 CVE-2007-1087 Exec Code Overflow 2007-02-23 2008-11-15
7.2
Admin Local Low Not required Complete Complete Complete
IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow.
46 CVE-2007-1086 2007-02-23 2008-11-15
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allow local users to create or modify arbitrary files via unspecified environment variables related to "unsafe file access."
47 CVE-2007-1085 XSS Bypass 2007-02-22 2008-11-15
7.6
Admin Remote High Not required Complete Complete Complete
Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulnerability in google.com to extract the signature for the internal web server, then calling the "under" parameter in Advanced Search with the proper signature.
48 CVE-2007-1084 16 Bypass 2007-02-22 2011-02-10
6.8
User Remote Medium Not required Partial Partial Partial
Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page.
49 CVE-2007-1083 119 Exec Code Overflow 2007-02-22 2009-02-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method.
50 CVE-2007-1082 399 1 DoS 2007-02-22 2011-01-06
7.1
None Remote Medium Not required None None Complete
FTP Explorer 1.0.1 Build 047, and other versions before 1.0.1.52, allows remote servers to cause a denial of service (CPU consumption) via a long response to a PWD command.
Total number of vulnerabilities : 528   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.