The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2007-6106 | SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98 and earlier allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewevent action. | High | Feb 29, 2008 | n/a |
| CVE-2007-6105 | Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_file parameter to (a) comments-display-tpl.php and (b) addons/separate-comments-mod/my-comments-display-tpl.php and the (2) config[comments_form_tpl] parameter to comments-display-tpl.php. | Medium | Feb 29, 2008 | n/a |
| CVE-2007-6104 | Cross-site scripting (XSS) vulnerability in the Instant Web Publishing feature in FileMaker Pro 7 and 8, Server 7 and 8, and Developer 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Mar 4, 2008 | n/a |
| CVE-2007-6103 | I Hear U (IHU) 0.5.6 and earlier allows remote attackers to cause (1) a denial of service (infinite loop) via a packet that contains zero in the size field in its header, which is improperly handled by the Receiver::processPacket function; and (2) a denial of service (daemon crash) via an (a) IHU_INFO_INIT or a (b) IHU_INFO_RING packet that does not specify the mode, which is improperly handled by the Player::ring function in Player.cpp. | Medium | Nov 27, 2007 | n/a |
| CVE-2007-6102 | Cross-site scripting (XSS) vulnerability in Feed to JavaScript (Feed2JS) 1.91 allows remote attackers to inject arbitrary web script or HTML via a URL in a feed. | Medium | Nov 26, 2007 | n/a |
| CVE-2007-6101 | Ability Mail Server before 2.61 allows remote authenticated users to cause a denial of service (daemon crash) via (1) malformed number list ranges in unspecified IMAP commands, and possibly (2) a blank string in unspecified messages. | Medium | Dec 10, 2007 | n/a |
| CVE-2007-6100 | Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability than CVE-2005-0992. | Low | Nov 26, 2007 | n/a |
| CVE-2007-6099 | Unspecified vulnerability in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 might leave "media pinholes" open upon a restart of the SIP module, which might make it easier for remote attackers to conduct unauthorized activities. | High | Nov 23, 2007 | n/a |
| CVE-2007-6098 | Ingate Firewall before 4.6.0 and SIParator before 4.6.0 do not log truncated (1) ICMP, (2) UDP, and (3) TCP packets, which has unknown impact and remote attack vectors; and do not log (4) serial-console login attempts with nonexistent usernames, which might make it easier for attackers with physical access to guess valid login credentials while avoiding detection. | High | Jan 15, 2008 | n/a |
| CVE-2007-6097 | Unspecified vulnerability in the ICMP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and remote attack vectors, related to ICMP packets that are "incorrectly accepted." | High | Nov 23, 2007 | n/a |
| CVE-2007-6096 | Ingate Firewall before 4.6.0 and SIParator before 4.6.0 use cleartext storage for passwords of "administrators with less privileges," which might allow attackers to read these passwords via unknown vectors. | Medium | Nov 23, 2007 | n/a |
| CVE-2007-6095 | The SIP component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0, when Remote NAT Traversal is employed, does not properly perform user registration and message distribution, which might allow remote authenticated users to receive messages intended for other users. | Medium | Nov 23, 2007 | n/a |
| CVE-2007-6094 | The IPsec module in the VPN component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (module crash) via an IPsec Phase 2 proposal that lacks Perfect Forward Secrecy (PFS). | Medium | Nov 23, 2007 | n/a |
| CVE-2007-6093 | The SRTP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (kernel crash) via an RTCP index that is "much more than expected." | High | Nov 23, 2007 | n/a |
| CVE-2007-6092 | Buffer overflow in libsrtp in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries. | High | Nov 23, 2007 | n/a |
| CVE-2007-6091 | Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System (JBS) 2.0, and possibly JiRo's Upload Manager (aka JiRo's Upload System or JUS), allow remote attackers to execute arbitrary SQL commands via the (1) Username (aka Login or Email) or (2) Password field. | High | Nov 23, 2007 | n/a |
| CVE-2007-6090 | Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | Medium | Nov 23, 2007 | n/a |
| CVE-2007-6089 | PHP remote file inclusion vulnerability in index.php in meBiblio 0.4.5 allows remote attackers to execute arbitrary PHP code via a URL in the action parameter. | High | Nov 23, 2007 | n/a |
| CVE-2007-6088 | PHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBBViet 02.03.07 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | High | Nov 23, 2007 | n/a |
| CVE-2007-6087 | Cross-site request forgery (CSRF) vulnerability in index.php in VigileCMS 1.4 allows remote attackers to change the admin password via certain parameters to the changepass module. | Medium | Nov 23, 2007 | n/a |
| CVE-2007-6086 | Directory traversal vulnerability in index.php in VigileCMS 1.4 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the module parameter. | High | Nov 23, 2007 | n/a |
| CVE-2007-6085 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in VigileCMS 1.4 allow remote attackers to inject arbitrary web script or HTML via the message field in the (1) vedipm or (2) live_chat module. | Medium | Nov 23, 2007 | n/a |
| CVE-2007-6084 | SQL injection vulnerability in software-description.php in HotScripts Clone Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | High | Nov 23, 2007 | n/a |
| CVE-2007-6083 | SQL injection vulnerability in admin/index.php in IceBB 1.0-rc6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header. | High | Nov 23, 2007 | n/a |
| CVE-2007-6082 | Direct static code injection vulnerability in acp/saveUnchangeds.php in Sciurus Hosting Panel, possibly 2.0.3, allows remote attackers to inject arbitrary PHP code via the filecontents parameter, which can be executed by accessing includes/Unchangeds.php. | High | Nov 23, 2007 | n/a |
| CVE-2007-6081 | AdventNet EventLog Analyzer build 4030 for Windows, and possibly other versions and platforms, installs a mysql instance with a default "root" account without a password, which allows remote attackers to gain privileges and modify logs. | High | Nov 23, 2007 | n/a |
| CVE-2007-6080 | SQL injection vulnerability in modules/banners/click.php in the banners module for bcoos 1.0.10 allows remote attackers to execute arbitrary SQL commands via the bid parameter. | High | Mar 4, 2008 | n/a |
| CVE-2007-6079 | Directory traversal vulnerability in include/common.php in bcoos 1.0.10 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsOption[pagetype] parameter to the default URI for modules/Unchangeds/. NOTE: this can be leveraged by using legitimate product functionality to upload a file that contains the code, then including that file. | High | Mar 4, 2008 | n/a |
| CVE-2007-6078 | Multiple SQL injection vulnerabilities in SkyPortal RC6 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) nc_top.asp; (2) inc_bookmarks.asp, possibly involving a parameter passed from cp_main.asp; (3) inc_profile_functions.asp; or (4) inc_SUBSCRIPTIONS.asp; or the (5) Avatar_URL, (6) LINK1, or (7) LINK2 parameter to cp_main.asp in an EditIt action. | High | Mar 4, 2008 | n/a |
| CVE-2007-6077 | The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes :cookie_only to only be applied to the first instantiation of CgiRequest, which allows remote attackers to conduct session fixation attacks. NOTE: this is due to an incomplete fix for CVE-2007-5380. | Medium | Dec 13, 2007 | n/a |
| CVE-2007-6070 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-1382. Reason: This candidate is a reservation duplicate of CVE-2008-1382. Notes: All CVE users should reference CVE-2008-1382 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 | n/a |
| CVE-2007-6067 | Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted complex regular expression with doubly-nested states. | Medium | Sep 5, 2008 | n/a |
| CVE-2007-6063 | Buffer overflow in the isdn_net_setcfg function in isdn_net.c in Linux kernel 2.6.23 allows local users to have an unknown impact via a crafted argument to the isdn_ioctl function. | Medium | Nov 21, 2007 | n/a |
| CVE-2007-6062 | irc-channel.c in ngIRCd 0.10.3 allows remote attackers to cause a denial of service (crash) via a JOIN command without a channel argument. | Medium | Dec 13, 2007 | n/a |
| CVE-2007-6061 | Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. NOTE: this issue can be leveraged to delete arbitrary files or directories via a symlink attack. | Medium | Nov 21, 2007 | n/a |
| CVE-2007-6060 | AhnLab Antivirus 3 Internet Security 2008 Platinum appends data to a filename string at a location indicated by the "Filename length" field in a ZIP header, which allows remote attackers to cause a denial of service (machine crash) and possibly execute arbitrary code via a ZIP file in which this field's value is larger than the actual number of bytes in the filename. | High | Nov 21, 2007 | n/a |
| CVE-2007-6059 | Javamail does not properly handle a series of invalid login attempts in which the same e-mail address is entered as username and password, and the domain portion of this address yields a Java UnknownHostException error, which allows remote attackers to cause a denial of service (connection pool exhaustion) via a large number of requests, resulting in a SQLNestedException. | Medium | Jan 11, 2008 | n/a |
| CVE-2007-6058 | Multiple SQL injection vulnerabilities in index.php in ProfileCMS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) codes action in the profile-codes module, (2) videos action in the video-codes module, or (3) games action in the arcade-games module. | High | Nov 21, 2007 | n/a |
| CVE-2007-6057 | PHP remote file inclusion vulnerability in index.php in datecomm Social Networking Script (aka Myspace Clone Script) allows remote attackers to execute arbitrary PHP code via a URL in the pg parameter. | Medium | Nov 21, 2007 | n/a |
| CVE-2007-6056 | frame.html in Aida-Web (Aida Web) allows remote attackers to bypass a protection mechanism and obtain comment and task details via certain values to the (1) Mehr and (2) SUPER parameters. | Medium | Dec 13, 2007 | n/a |
| CVE-2007-6055 | Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Portal 4.1.0 and 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter. NOTE: this issue reportedly exists because of a regression that followed a fix at an unspecified earlier date. | Medium | Nov 21, 2007 | n/a |
| CVE-2007-6054 | Cross-site scripting (XSS) vulnerability in the login page in the management interface in the Aruba 800 Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the /screens URI, related to the url variable. | Medium | Nov 21, 2007 | n/a |
| CVE-2007-6053 | IBM DB2 UDB 9.1 before Fixpak 4 does not properly handle use of large numbers of file descriptors, which might allow attackers to have an unknown impact involving "memory corruption." NOTE: the vendor description of this issue is too vague to be certain that it is security-related. | High | Nov 21, 2007 | n/a |
| CVE-2007-6052 | IBM DB2 UDB 9.1 before Fixpak 4 does not properly perform vector aggregation, which might allow attackers to cause a denial of service (divide-by-zero error and DBMS crash), related to an "overflow." NOTE: the vendor description of this issue is too vague to be certain that it is security-related. | High | Nov 21, 2007 | n/a |
| CVE-2007-6051 | IBM DB2 UDB 9.1 before Fixpak 4 assigns incorrect privileges to the (1) DB2ADMNS and (2) DB2USERS alternative groups, which has unknown impact. NOTE: the vendor description of this issue is too vague to be certain that it is security-related. | High | Nov 21, 2007 | n/a |
| CVE-2007-6050 | Unspecified vulnerability in DB2LICD in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, related to creation of an "insecure directory." | High | Nov 21, 2007 | n/a |
| CVE-2007-6049 | Unspecified vulnerability in the SSL LOAD GSKIT action in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, involving a call to dlopen when the effective uid is root. | High | Nov 21, 2007 | n/a |
| CVE-2007-6048 | IBM DB2 UDB 9.1 before Fixpak 4 uses incorrect permissions on ACLs for DB2NODES.CFG, which has unknown impact and attack vectors. NOTE: the vendor description of this issue is too vague to be certain that it is security-related. | High | Nov 21, 2007 | n/a |
| CVE-2007-6047 | Unspecified vulnerability in the DB2DART tool in IBM DB2 UDB 9.1 before Fixpak 4 allows attackers to execute arbitrary commands as the DB2 instance owner, related to invocation of TPUT by DB2DART. | High | Nov 21, 2007 | n/a |
| CVE-2007-6046 | Unspecified vulnerability in unspecified setuid programs in IBM DB2 UDB 9.1 before Fixpak 4 allows local users to have an unknown impact. | High | Nov 21, 2007 | n/a |
