CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2007(Gain Information)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2007-6607 200 +Info 2007-12-31 2013-09-10
5.0
None Remote Low Not required Partial None None
OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain sensitive information via a direct request for (1) shared/footer.php, (2) circ/mbr_fields.php, or (3) admin/custom_marc_form_fields.php, which reveals the path in various error messages.
2 CVE-2007-6606 200 +Info 2007-12-31 2008-11-15
5.0
None Remote Low Not required Partial None None
OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.
3 CVE-2007-6536 200 +Info 2007-12-27 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, which makes it easier for remote attackers to spoof domain names and trick users into installing malicious button XML files, as demonstrated by presenting www.google.com when the button was downloaded from an arbitrary site through an open redirector on www.google.com.
4 CVE-2007-6524 200 +Info 2007-12-24 2011-08-26
7.8
None Remote Low Not required Complete None None
Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap (BMP) file, as demonstrated using a CANVAS element and JavaScript in an HTML document for copying these contents from 9.50 beta, a related issue to CVE-2008-0420.
5 CVE-2007-6514 200 +Info 2007-12-21 2008-09-05
4.3
None Remote Medium Not required Partial None None
Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
6 CVE-2007-6513 200 +Info 2007-12-21 2008-09-05
4.3
None Remote Medium Not required Partial None None
HP eSupportDiagnostics ActiveX control (hpediag.dll) 1.0.11.0 exports dangerous methods, which allows remote attackers to (1) read arbitrary files via the ReadTextFile method, or (2) read arbitrary registry values via the ReadValue method.
7 CVE-2007-6512 264 +Info 2007-12-21 2008-11-15
5.0
None Remote Low Not required Partial None None
PHP MySQL Banner Exchange 2.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database information via a direct request to inc/lib.inc.
8 CVE-2007-6502 200 1 +Info 2007-12-20 2008-09-05
5.5
None Remote Low Single system Partial Partial None
Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to obtain sensitive information via (1) the AdminName and AdminLevel parameters to fp2000/NEWSRVR.asp, which discloses usernames; and (2) certain XML HTTP requests to hosting/css.asp using Microsoft.XMLHTTP or MSXML2.XMLHTTP objects, which trigger a response with the setup directory pathname in the HTML source; and (3) might allow remote attackers to obtain sensitive information via a request for /admin/forum/, which reveals the path in an error message when a forum is not found.
9 CVE-2007-6476 200 1 +Info 2007-12-20 2008-09-05
5.0
None Remote Low Not required Partial None None
GF-3XPLORER 2.4 allows remote attackers to obtain configuration information via a direct request to explorer/phpinfo.php, which calls the phpinfo function.
10 CVE-2007-6418 200 +Info 2007-12-17 2008-11-15
2.1
None Local Low Not required Partial None None
The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments.
11 CVE-2007-6408 200 +Info 2007-12-17 2008-09-05
5.0
None Remote Low Not required Partial None None
IBM Tivoli Provisioning Manager Express provides unspecified information in error messages when (1) attempted duplication of a username occurs when creating an account or (2) when trying to login using a valid username, which makes it easier for remote attackers to enumerate usernames.
12 CVE-2007-6405 200 1 +Info 2007-12-17 2008-11-15
6.4
None Remote Low Not required Partial Partial None
Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended (1) '+' character, (2) '.' character, (3) %2e sequence (hex-encoded dot), or (4) hex-encoded character greater than 0x7f. NOTE: the %20 vector is already covered by CVE-2007-3407.
13 CVE-2007-6395 264 1 +Info 2007-12-17 2008-11-15
5.0
None Remote Low Not required Partial None None
Flat PHP Board 1.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials via a direct request for the username php file for any user account in users/.
14 CVE-2007-6379 16 +Info 2007-12-14 2008-11-15
5.0
None Remote Low Not required Partial None None
BadBlue 2.72b and earlier allows remote attackers to obtain sensitive information via an invalid browse parameter, which reveals the installation path in an error message.
15 CVE-2007-6283 200 DoS +Info 2007-12-17 2010-08-21
4.9
None Local Low Not required None None Complete
Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.
16 CVE-2007-6271 20 +Info 2007-12-07 2008-11-15
5.0
None Remote Low Not required Partial None None
Absolute News Manager.NET 5.1 allows remote attackers to obtain sensitive information via a direct request to getpath.aspx, which reveals the installation path in an error message.
17 CVE-2007-6267 255 +Info 2007-12-07 2008-09-05
2.1
None Local Low Not required Partial None None
Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information.
18 CVE-2007-6249 200 +Info 2007-12-14 2008-11-15
2.1
None Local Low Not required None Partial None
etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file.
19 CVE-2007-6221 200 +Info 2007-12-04 2008-09-05
7.8
None Remote Low Not required Complete None None
TuMusika Evolution 1.7R5 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
20 CVE-2007-6206 16 +Info 2007-12-03 2012-03-19
2.1
None Local Low Not required Partial None None
The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information.
21 CVE-2007-6197 200 +Info 2007-12-01 2008-09-05
5.0
None Remote Low Not required Partial None None
The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page.
22 CVE-2007-6193 200 +Info 2007-11-29 2008-09-05
5.0
None Remote Low Not required Partial None None
The web management interface in Citrix NetScaler 8.0 build 47.8 stores the device's primary IP address in a cookie, which might allow remote attackers to obtain sensitive network configuration information if this address is not the same as the address being used by the web interface.
23 CVE-2007-6190 200 +Info 2007-11-29 2008-11-15
3.5
None Remote Medium Single system Partial None None
The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream.
24 CVE-2007-6161 200 +Info 2007-11-28 2008-09-05
5.0
None Remote Low Not required Partial None None
index.php in Tilde CMS 4.x and earlier allows remote attackers to obtain sensitive information via a certain search parameter value in a search action, which reveals the path.
25 CVE-2007-6150 200 Bypass +Info 2007-11-29 2008-11-15
2.1
None Local Low Not required Partial None None
The "internal state tracking" code for the random and urandom devices in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local users to obtain portions of previously-accessed random values, which could be leveraged to bypass protection mechanisms that rely on secrecy of those values.
26 CVE-2007-6095 200 +Info 2007-11-21 2008-11-15
4.0
None Remote Low Single system Partial None None
The SIP component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0, when Remote NAT Traversal is employed, does not properly perform user registration and message distribution, which might allow remote authenticated users to receive messages intended for other users.
27 CVE-2007-6043 200 +Info 2007-11-20 2008-09-05
7.1
None Remote Medium Not required Complete None None
The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898.
28 CVE-2007-5953 +Info 2007-11-13 2008-11-15
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in Really Simple CalDAV Store (RSCDS) before 0.9.0 allows attackers to obtain sensitive information via unspecified vectors.
29 CVE-2007-5942 +Info 2007-11-13 2008-09-05
4.0
None Remote Low Single system Partial None None
Bandersnatch 0.4 allows remote attackers to obtain sensitive information via a malformed request for index.php with (1) a certain func parameter value; or (2) certain func, jid, page, and limit parameter values; which reveals the path in various error messages.
30 CVE-2007-5936 264 +Info 2007-11-13 2012-11-05
3.6
None Local Low Not required Partial Partial None
dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place.
31 CVE-2007-5934 200 +Info 2007-11-13 2008-11-15
4.3
None Remote Medium Not required Partial None None
The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request to store a URL string as a request to retrieve and store the contents of the URL, which might allow remote attackers to use MDB2 as an indirect proxy or obtain sensitive information via a URL into a form field in an MDB2 application, as demonstrated by a file:// URL or a URL for an intranet web site.
32 CVE-2007-5922 200 +Info 2007-11-09 2008-11-15
5.0
None Remote Low Not required Partial None None
The modules/mdop.m in the Cypress 1.0k script for BitchX, as downloaded from a distribution site in November 2007, contains an externally introduced backdoor that e-mails sensitive information (hostnames, usernames, and shell history) to a fixed address.
33 CVE-2007-5919 264 +Info 2007-11-09 2008-09-05
5.0
None Remote Low Not required Partial None None
MyWebFTP, possibly 5.3.2, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain an MD5 password hash via a direct request for pass/pass.txt.
34 CVE-2007-5899 200 +Info 2007-11-20 2010-08-21
4.3
None Remote Medium Not required Partial None None
The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID.
35 CVE-2007-5858 79 XSS +Info 2007-12-19 2011-03-09
4.3
None Remote Medium Not required None Partial None
WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information.
36 CVE-2007-5857 264 +Info 2007-12-19 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Quick Look in Apple Mac OS X 10.5.1 does not prevent a movie from accessing URLs when the movie file is previewed or if an icon is created, which might allow remote attackers to obtain sensitive information via HREFTrack.
37 CVE-2007-5856 264 +Info 2007-12-19 2008-09-05
9.4
None Remote Low Not required Complete Complete None
Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information.
38 CVE-2007-5854 79 XSS +Info 2007-12-19 2008-09-05
4.3
None Remote Medium Not required None Partial None
Launch Services in Apple Mac OS X 10.4.11 and 10.5.1 does not treat HTML files as unsafe content, which allows attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via a crafted HTML file.
39 CVE-2007-5847 362 +Info 2007-12-19 2008-09-05
6.6
None Local Low Not required Complete Complete None
Race condition in the CFURLWriteDataAndPropertiesToResource API in Core Foundation in Apple Mac OS X 10.4.11 creates files with insecure permissions, which might allow local users to obtain sensitive information.
40 CVE-2007-5816 200 +Info 2007-11-05 2008-11-15
5.0
None Remote Low Not required Partial None None
dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to obtain sensitive author credentials by making a request with an editauthor action, then reading the value of the newlocalpassword password input field in the HTML source of the resulting page.
41 CVE-2007-5808 +Info 2007-11-05 2008-11-15
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the Groupmax Collaboration - Schedule component in Hitachi Groupmax Collaboration Portal 07-30 through 07-30-/F and 07-32 through 07-32-/C, uCosminexus Collaboration Portal 06-30 through 06-30-/F and 06-32 through 06-32-/C, and Groupmax Collaboration Web Client - Mail/Schedule 07-30 through 07-30-/F and 07-32 through 07-32-/B might allow remote attackers to obtain sensitive information via unspecified vectors related to schedule portlets.
42 CVE-2007-5790 310 +Info 2007-11-01 2008-09-05
2.1
None Local Low Not required Partial None None
The Globe7 soft phone client 7.3 uses weak cryptography (reversed sequence of binary values) for the password, which might allow local users to obtain sensitive information.
43 CVE-2007-5778 310 +Info 2007-11-01 2008-11-15
6.4
None Remote Low Not required Partial None Partial
Mobile Spy (1) stores login credentials in cleartext under the RetinaxStudios registry key, and (2) sends login credentials and log data over a cleartext HTTP connection, which allows attackers to obtain sensitive information by reading the registry or sniffing the network.
44 CVE-2007-5774 200 1 +Info 2007-11-01 2008-11-15
5.0
None Remote Low Not required Partial None None
index.php in the File Manager module in Flatnuke 3 allows remote attackers to obtain sensitive information via an invalid argumentname parameter in a disc op action, which reveals the path in an error message.
45 CVE-2007-5768 310 +Info 2007-10-31 2008-11-15
5.0
None Remote Low Not required Partial None None
The Globe7 soft phone client 7.3 sends username and password information in cleartext, which allows remote attackers to obtain sensitive information by sniffing the HTTP traffic.
46 CVE-2007-5735 264 +Info 2007-10-30 2008-11-15
5.0
None Remote Low Not required Partial None None
eFileMan 7.1.0.87-88 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain unspecified user information via a direct request for cgi-bin/efileman/efileman_config.pm.
47 CVE-2007-5701 310 Bypass +Info 2007-10-29 2008-11-15
2.1
None Local Low Not required Partial None None
Incomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 7.0.3 allows local users, or attackers with physical access, to obtain sensitive information (passwords) when an administrator enters a "ca activate" or "ca unlock" command with any uppercase character, which bypasses a blacklist designed to suppress password logging, resulting in cleartext password disclosure in the console log and Admin panel.
48 CVE-2007-5700 +Priv +Info 2007-10-29 2008-11-15
6.3
None Remote Medium Single system Complete None None
The Evaluate LotusScript method in IBM Lotus Domino before 7.0.3 uses an incorrect security context for @ formula commands in some circumstances, which might allow remote authenticated users to gain privileges and obtain sensitive information.
49 CVE-2007-5686 264 +Info 2007-10-28 2008-09-05
4.9
None Local Low Not required Complete None None
initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.
50 CVE-2007-5654 200 1 +Info 2007-10-23 2008-11-15
5.0
None Remote Low Not required Partial None None
LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger use of an arbitrary MIME type for a file via a "%00." sequence followed by a new extension, as demonstrated by reading PHP source code via requests for .php%00.txt files, aka "Mime Type Injection."
Total number of vulnerabilities : 322   Page : 1 (This Page)2 3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.