The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2007-5890 | Directory traversal vulnerability in index.php in easyGB 2.1.1 allows remote attackers to include arbitrary files via the DatabaseType parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | High | Nov 8, 2007 | n/a |
| CVE-2007-5889 | Multiple PHP remote file inclusion vulnerabilities in IDMOS 1.0 Alpha (aka Phoenix) allow remote attackers to execute arbitrary PHP code via a URL in the site_absolute_path parameter to (1) admin.php, (2) menu_add.php, and (3) menu_operation.php in administrator/, different vectors than CVE-2007-5294. | High | Nov 8, 2007 | n/a |
| CVE-2007-5888 | Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter. | Medium | Nov 8, 2007 | n/a |
| CVE-2007-5887 | SQL injection vulnerability in boards/printer.asp in ASP Message Board 2.2.1c allows remote attackers to execute arbitrary SQL commands via the id parameter. | High | Nov 8, 2007 | n/a |
| CVE-2007-5863 | Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the allow-external-scripts option. | High | Sep 5, 2008 | n/a |
| CVE-2007-5862 | Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet. | High | Sep 5, 2008 | n/a |
| CVE-2007-5861 | Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted .XLS file that triggers memory corruption in the Microsoft Office Spotlight Importer. | Medium | Sep 5, 2008 | n/a |
| CVE-2007-5860 | Unspecified vulnerability in Spin Tracer in Apple Mac OS X 10.5.1 allows local users to execute arbitrary code via unspecified output files, involving an insecure file operation. | High | Sep 5, 2008 | n/a |
| CVE-2007-5859 | Unspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted feed: URL that triggers memory corruption. | High | Sep 5, 2008 | n/a |
| CVE-2007-5858 | WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to navigate the subframes of any other page, which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information. | Medium | Sep 5, 2008 | n/a |
| CVE-2007-5857 | Quick Look in Apple Mac OS X 10.5.1 does not prevent a movie from accessing URLs when the movie file is previewed or if an icon is created, which might allow remote attackers to obtain sensitive information via HREFTrack. | Medium | Sep 5, 2008 | n/a |
| CVE-2007-5856 | Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information. | High | Sep 5, 2008 | n/a |
| CVE-2007-5855 | Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has been set up using Account Assistant, can use plaintext authentication even when MD5 Challenge-Response authentication is available, which makes it easier for remote attackers to sniff account activity. | Medium | Sep 5, 2008 | n/a |
| CVE-2007-5854 | Launch Services in Apple Mac OS X 10.4.11 and 10.5.1 does not treat HTML files as unsafe content, which allows attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via a crafted HTML file. | Medium | Sep 5, 2008 | n/a |
| CVE-2007-5853 | Unspecified vulnerability in IO Storage Family in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (system shutdown) or execute arbitrary code via a disk image with crafted GUID partition maps, which triggers memory corruption. | High | Sep 5, 2008 | n/a |
| CVE-2007-5851 | iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attackers to automatically initiate a video connection to another user via unknown vectors. | Low | Sep 5, 2008 | n/a |
| CVE-2007-5850 | Heap-based buffer overflow in Desktop Services in Apple Mac OS X 10.4.11 allows user-assisted attackers to execute arbitrary code via a directory with a crafted .DS_Store file. | High | Sep 5, 2008 | n/a |
| CVE-2007-5849 | Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow. | High | Sep 5, 2008 | n/a |
| CVE-2007-5848 | Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service. | High | Sep 5, 2008 | n/a |
| CVE-2007-5847 | Race condition in the CFURLWriteDataAndPropertiesToResource API in Core Foundation in Apple Mac OS X 10.4.11 creates files with insecure permissions, which might allow local users to obtain sensitive information. | Medium | Sep 5, 2008 | n/a |
| CVE-2007-5846 | The SNMP agent in net-snmp 5.4.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value. | High | Feb 11, 2008 | n/a |
| CVE-2007-5845 | Directory traversal vulnerability in error.php in GuppY 4.6.3, 4.5.16, and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: this can be leveraged to bypass authentication and upload arbitrary files by including admin/inc/upload.inc and specifying certain multipart/form-data input for admin/inc/upload.inc. | High | Nov 7, 2007 | n/a |
| CVE-2007-5844 | Directory traversal vulnerability in inc/includes.inc in GuppY 4.6.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the selskin parameter to index.php. NOTE: this can be leveraged for remote file inclusion by including inc/boxleft.inc and specifying a URL in the xposbox[L][] array parameter. | High | Nov 7, 2007 | n/a |
| CVE-2007-5843 | PHP remote file inclusion vulnerability in includes/common.php in scWiki 1.0 Beta 2 allows remote attackers to execute arbitrary PHP code via a URL in the pathdot parameter. | Medium | Nov 7, 2007 | n/a |
| CVE-2007-5842 | Multiple PHP remote file inclusion vulnerabilities in Vortex Portal 1.0.42 allow remote attackers to execute arbitrary PHP code via a URL in the cfgProgDir parameter to (1) admincp/auth/secure.php or (2) admincp/auth/checklogin.php. | Medium | Nov 7, 2007 | n/a |
| CVE-2007-5841 | PHP remote file inclusion vulnerability in admin/index.php in nuBoard 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the site parameter. | Medium | Nov 7, 2007 | n/a |
| CVE-2007-5840 | PHP remote file inclusion vulnerability in starnet/themes/c-sky/main.inc.php in Fred Stuurman SyndeoCMS 2.5.01 allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter, a different vector than CVE-2006-4920.2. | Medium | Nov 7, 2007 | n/a |
| CVE-2007-5839 | The e_hostname function in commands.c in BitchX 1.1a allows local users to overwrite arbitrary files via a symlink attack on temporary files when using the (1) HOSTNAME or (2) IRCHOST command. | Medium | Nov 7, 2007 | n/a |
| CVE-2007-5838 | Aclient in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows local users to gain local System privileges via the "Enable key-based authentication to Deployment server" browser option, a different issue than CVE-2007-4380. | High | Nov 7, 2007 | n/a |
| CVE-2007-5837 | GUI.pm in yarssr 0.2.2, when Gnome default URL handling is disabled, allows remote attackers to execute arbitrary commands via shell metacharacters in a link element in a feed. | Medium | Nov 6, 2007 | n/a |
| CVE-2007-5836 | SQL injection vulnerability in Amazing Flash AFCommerce allows remote attackers to execute arbitrary SQL commands via the firstname parameter to an unspecified component, a different issue than CVE-2006-3794. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | High | Nov 6, 2007 | n/a |
| CVE-2007-5835 | Install.php in BosDev BosUnchangeds 4 and 5 does not require authentication for replacing an existing product installation or creating a Unchanged admin account, which allows remote attackers to cause a denial of service (overwritten files) and possibly obtain administrative access. | Medium | Nov 6, 2007 | n/a |
| CVE-2007-5834 | Cross-site scripting (XSS) vulnerability in BosDev BosUnchangeds 4 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in a Unchangeds post. | Medium | Nov 6, 2007 | n/a |
| CVE-2007-5833 | Multiple cross-site scripting (XSS) vulnerabilities in BosDev BosMarket Business Directory System allow remote authenticated users to inject arbitrary web script or HTML via (1) user info (account details) or (2) a post. | Low | Nov 6, 2007 | n/a |
| CVE-2007-5832 | Unspecified vulnerability in selectLanguage.do in SSL-Explorer before 0.2.15 allows remote attackers to inject (1) headers or (2) body data in an HTTP transaction, a different vulnerability than CVE-2007-2907. NOTE: some of these details are obtained from third party information. | High | Nov 6, 2007 | n/a |
| CVE-2007-5831 | Directory traversal vulnerability in fileSystem.do in SSL-Explorer before 0.2.14 allows remote attackers to access arbitrary files via directory traversal sequences in the path parameter. NOTE: some of these details are obtained from third party information. | High | Nov 6, 2007 | n/a |
| CVE-2007-5830 | Unspecified vulnerability in the administrative interface in Avaya Messaging Storage Server (MSS) 3.1 before SP1, and Message Networking (MN) 3.1, allows remote attackers to cause a denial of service via unspecified vectors related to "input validation." | High | Nov 6, 2007 | n/a |
| CVE-2007-5829 | The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and 10.x, Norton AntiVirus for Macintosh 10.0 and 10.1, and Norton Internet Security for Macintosh 3.x, uses a directory with weak permissions (group writable), which allows local admin users to gain root privileges by replacing certain files, which are executed when a user with physical access inserts a disk and the "Show Progress During Mount Scans" option is enabled. | Medium | Dec 13, 2007 | n/a |
| CVE-2007-5828 | Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/. | Medium | Dec 13, 2007 | n/a |
| CVE-2007-5827 | iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for /etc/ietd.conf, which allows local users to obtain passwords. | Low | Nov 6, 2007 | n/a |
| CVE-2007-5826 | Absolute path traversal vulnerability in the EDraw Flowchart ActiveX control in EDImage.ocx 2.0.2005.1104 allows remote attackers to create or overwrite arbitrary files with arbitrary contents via a full pathname in the second argument to the HttpDownloadFile method, a different product than CVE-2007-4420. | High | Nov 6, 2007 | n/a |
| CVE-2007-5825 | Format string vulnerability in the ws_addarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the (1) username or (2) password portion of base64-encoded data on the "Authorization: Basic" HTTP header line. | Medium | Dec 6, 2007 | n/a |
| CVE-2007-5824 | webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a stats method action to /xml-rpc with (1) an empty Authorization header line, which triggers a crash in the ws_decodepassword function; or (2) a header line without a ':' character, which triggers a crash in the ws_getheaders function. | High | Nov 9, 2007 | n/a |
| CVE-2007-5823 | Directory traversal vulnerability in forum.php in Ben Ng Scribe 0.2 and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the username parameter in a Register action. | High | Nov 6, 2007 | n/a |
| CVE-2007-5822 | Direct static code injection vulnerability in forum.php in Ben Ng Scribe 0.2 and earlier allows remote attackers to inject arbitrary PHP code into a certain file in regged/ via the username parameter in a Register action. | High | Dec 13, 2007 | n/a |
| CVE-2007-5821 | Multiple directory traversal vulnerabilities in DM Guestbook 0.4.1 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lng parameter to (a) guestbook.php, (b) admin/admin.guestbook.php, or (c) auto/glob_Unchanged.php; or (2) the lngdefault parameter to auto/ch_lng.php. | Medium | Nov 6, 2007 | n/a |
| CVE-2007-5820 | Directory traversal vulnerability in index.php in Ax Developer CMS (AxDCMS) 0.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter. | High | Nov 6, 2007 | n/a |
| CVE-2007-5819 | IBM Tivoli Continuous Data Protection for Files (CDP) 3.1.0 uses weak permissions (unrestricted write) for the Central Admin Global download directory, which allows local users to place arbitrary files into a location used for updating CDP clients. | Low | Nov 6, 2007 | n/a |
| CVE-2007-5818 | Cross-site request forgery (CSRF) vulnerability in blocks_edit_do.php in sBlog 0.7.3 Beta allows remote attackers to change arbitrary blocks as administrators. | High | Nov 6, 2007 | n/a |
| CVE-2007-5817 | dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to perform certain privileged actions via a (1) del, (2) delbackup, (3) res, or (4) ren action. NOTE: this issue can be leveraged to conduct cross-site scripting (XSS) and possibly other attacks. | Medium | Nov 7, 2007 | n/a |
