CVE Daily
← All tags

Tag: Remote Code Execution

All CVEs associated with "Remote Code Execution". Page 318/345 • 41311 CVEs.

Subscribe CVEs: RSS for “Remote Code Execution”  ·  RSS (High+Critical only)

About “Remote Code Execution”

A curated feed of “Remote Code Execution”-related CVEs appears below. We currently track 41311 CVEs for this tag (all time). In the last 365 days, 4654 were published. Average CVSS is 8.3 (all time; 8.2 over 365d), and 86% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-94 - Improper Control of Generation of Code ('Code Injection'), CWE-434 - Unrestricted Upload of File with Dangerous Type, CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection').

In our taxonomy this topic maps to a VERY HIGH impact class. Common exploitation patterns for this weakness can lead to very high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2007-04-10
Medium

CVE-2007-0734

fsck, as used by the AirPort Disk feature of the AirPort Extreme Base Station with 802.11n before Firmware Update 7.1, and by Apple Mac OS X 10.3.9 through 10.4.9, does not properly enforce password…

CVSS: 5.4 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2007-0938

Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, ak…

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2007-1204

Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in Microsoft Windows XP SP2 allows remote attackers on the same subnet to execute arbitrary code via crafted HTTP headers in…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2007-1205

Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted…

CVSS: 9.3 CWE: N/A View on NVD
Medium

CVE-2006-4250

Buffer overflow in man and mandb (man-db) 2.4.3 and earlier allows local users to execute arbitrary code via crafted arguments to the -H flag.

CVSS: 4.6 CWE: N/A View on NVD
Critical

CVE-2007-1687

Multiple buffer overflows in the Internet Pictures Corporation iPIX Image Well ActiveX control (iPIX-ImageWell-ipix.dll) allow remote attackers to execute arbitrary code via unspecified vectors.

CVSS: 10.0 CWE: N/A View on NVD
2007-04-06
Critical

CVE-2007-0957

Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1…

CVSS: 9.0 CWE: CWE-787 - Out-of-bounds Write View on NVD
Critical

CVE-2007-1003

Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authent…

CVSS: 9.0 CWE: N/A View on NVD
Critical

CVE-2007-1216

Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication meth…

CVSS: 9.0 CWE: CWE-415 - Double Free View on NVD
High

CVE-2007-1351

Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code vi…

CVSS: 8.5 CWE: CWE-189 View on NVD
Low

CVE-2007-1352

Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which res…

CVSS: 3.8 CWE: N/A View on NVD
Critical

CVE-2007-1680

Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before 20070313 allows remote attackers to execute arbitrary cod…

CVSS: 9.3 CWE: N/A View on NVD
Medium

CVE-2007-1884

Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via (1) ce…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2007-1885

Integer overflow in the str_replace function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via a single character search string in conjunct…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-1887

Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an emp…

CVSS: 7.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2007-1888

Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code v…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-1889

Integer signedness error in the _zend_mm_alloc_int function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorr…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2007-1890

Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1, on FreeBSD and possibly other platforms, allows context-dependent attackers to execute arbitrary code via ce…

CVSS: 7.5 CWE: N/A View on NVD
Critical

CVE-2007-0445

Heap-based buffer overflow in the arj.ppl module in the OnDemand Scanner in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Ma…

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2007-1001

Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to…

CVSS: 6.8 CWE: CWE-189 View on NVD
Medium

CVE-2007-1270

Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows attackers to cause a denial of service (crash), obtain sensitive information, or possibly execute arbitrary code via unspecified…

CVSS: 5.0 CWE: CWE-189 View on NVD
Medium

CVE-2007-1878

Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension before 1.03 for Mozilla Firefox allows remote attackers to bypass zone re…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2007-1880

Integer overflow in the _NtSetValueKey function in klif.sys in Kaspersky Anti-Virus, Anti-Virus for Workstations, Anti-Virus for File Server 6.0, and Internet Security 6.0 before Maintenance Pack 2 b…

CVSS: 6.6 CWE: N/A View on NVD
2007-04-04
Critical

CVE-2007-1866

Stack-based buffer overflow in the dns_decode_reverse_name function in dns_decode.c in dproxy-nexgen allows remote attackers to execute arbitrary code by sending a crafted packet to port 53/udp, a di…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2007-1867

Buffer overflow in IrfanView 3.99 allows remote attackers to execute arbitrary code via a crafted animated cursor (ANI) file.

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2007-1868

The management service in IBM Tivoli Provisioning Manager for OS Deployment before 5.1 Fix Pack 2 does not properly handle multipart/form-data in HTTP POST requests, which allows remote attackers to…

CVSS: 10.0 CWE: N/A View on NVD
2007-04-03
Medium

CVE-2007-1827

Multiple unspecified vulnerabilities in form input validation in web-app.org WebAPP before 0.9.9.6 allow remote authenticated users to corrupt data files, gain access to private files, and execute ar…

CVSS: 6.0 CWE: N/A View on NVD
2007-04-02
Critical

CVE-2007-1819

Stack-based buffer overflow in the SPIDERLib.Loader ActiveX control (Spider90.ocx) 9.1.0.4353 in TestDirector (TD) for Mercury Quality Center 9.0 before Patch 12.1, and 8.2 SP1 before Patch 32, allow…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2007-1825

Buffer overflow in the imap_mail_compose function in PHP 5 before 5.2.1, and PHP 4 before 4.4.5, allows remote attackers to execute arbitrary code via a long boundary string in a type.parameters fiel…

CVSS: 7.5 CWE: N/A View on NVD
Critical

CVE-2006-5820

The LinkSBIcons method in the SuperBuddy ActiveX control (Sb.SuperBuddy.1) in America Online 9.0 Security Edition dereferences an arbitrary function pointer, which allows remote attackers to execute…

CVSS: 9.3 CWE: N/A View on NVD
Medium

CVE-2007-1793

SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause…

CVSS: 4.9 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2007-1794

The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a…

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2007-1797

Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage funct…

CVSS: 6.8 CWE: CWE-189 View on NVD
High

CVE-2007-1798

Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long path name.

CVSS: 7.2 CWE: N/A View on NVD
2007-03-31
Critical

CVE-2007-1784

The JNILoader ActiveX control (STJNILoader.ocx) 3.1.0.26 in IBM Lotus Notes Sametime before 7.5 allows remote attackers to load arbitrary DLL libraries and execute arbitrary code via arbitrary argume…

CVSS: 9.3 CWE: N/A View on NVD
High

CVE-2007-1785

The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 SP2 build 4237 allows remote attackers to execute arbitrary code via crafted xdr_handle_t data in RPC packets, which is used in c…

CVSS: 7.1 CWE: N/A View on NVD
2007-03-30
Critical

CVE-2007-0038

Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot)…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2007-1770

Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attack…

CVSS: 10.0 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2007-1777

Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, whi…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2007-1677

Multiple buffer overflows in the ISO network protocol support in the NetBSD kernel 2.0 through 4.0_BETA2, and NetBSD-current before 20070329, allow local users to execute arbitrary code via long para…

CVSS: 6.6 CWE: N/A View on NVD
Medium

CVE-2007-1764

Stack-based buffer overflow in FastStone Image Viewer 2.8 allows user-assisted remote attackers to execute arbitrary code via a crafted JPG image.

CVSS: 6.0 CWE: N/A View on NVD
Critical

CVE-2007-1765

Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, whic…

CVSS: 9.3 CWE: N/A View on NVD
2007-03-28
Critical

CVE-2007-1733

Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remote attackers to execute arbitrary code via a long (1) /cgi-bin/ or (2) /cgi/ pathname in an HTTP GET request, probably a different…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2007-1735

Stack-based buffer overflow in Corel WordPerfect Office X3 (13.0.0.565) allows user-assisted remote attackers to execute arbitrary code via a long printer selection (PRS) name in a Wordperfect docume…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2007-1731

Multiple stack-based buffer overflows in High Performance Anonymous FTP Server (hpaftpd) 1.01 allow remote attackers to execute arbitrary code via long arguments to the (1) USER, (2) PASS, (3) CWD, (…

CVSS: 10.0 CWE: N/A View on NVD
High

CVE-2007-1719

Buffer overflow in eject.c in Jason W. Bacon mcweject 0.9 on FreeBSD, and possibly other versions, allows local users to execute arbitrary code via a long command line argument, possibly involving th…

CVSS: 7.2 CWE: N/A View on NVD
Critical

CVE-2007-1722

Buffer overflow in the DownloadCertificateExt function in SignKorea SKCommAX ActiveX control module 7.2.0.2 and 3280 6.6.0.1 allows remote attackers to execute arbitrary code via a long pszUserID arg…

CVSS: 10.0 CWE: N/A View on NVD
2007-03-27
High

CVE-2007-1700

The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2007-1701

PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitr…

CVSS: 6.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
Medium

CVE-2007-1709

Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC extension (PECL phpDOC) in PHP 5.2.1 allows context-dependent attackers to execute arbitrary code via a long argument string.

CVSS: 4.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2007-1711

Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to (1) the GLOBALS array or (2) the…

CVSS: 6.8 CWE: N/A View on NVD
2007-03-24
Critical

CVE-2007-1465

Stack-based buffer overflow in dproxy.c for dproxy 0.1 through 0.5 allows remote attackers to execute arbitrary code via a long DNS query packet to UDP port 53.

CVSS: 10.0 CWE: N/A View on NVD
High

CVE-2007-1657

Stack-based buffer overflow in the file_compress function in minigzip (Modules/zlib) in Python 2.5 allows context-dependent attackers to execute arbitrary code via a long file argument.

CVSS: 7.5 CWE: N/A View on NVD
Critical

CVE-2007-1645

Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2007-1654

Buffer overflow in the Ne7sshSftp::addOpenHandle function in ne7ssh_sftp.cpp in NetSieben SSH Library (ne7ssh) before 1.2.1 allows user-assisted remote SFTP servers to cause a denial of service (cras…

CVSS: 9.3 CWE: N/A View on NVD
Critical

CVE-2007-1655

Buffer overflow in the fun_ladd function in funmath.cpp in TinyMUX before 20070126 might allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified…

CVSS: 10.0 CWE: N/A View on NVD
2007-03-23
Critical

CVE-2007-1637

Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Conn…

CVSS: 9.3 CWE: N/A View on NVD
Critical

CVE-2007-1614

Stack-based buffer overflow in the zzip_open_shared_io function in zzip/file.c in ZZIPlib Library before 0.13.49 allows user-assisted remote attackers to cause a denial of service (application crash)…

CVSS: 9.3 CWE: N/A View on NVD
2007-03-22
Medium

CVE-2007-1598

Stack-based buffer overflow in InterVations FileCOPA FTP Server 1.01 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by filecopa.tar by Immunity. NOTE: som…

CVSS: 6.8 CWE: N/A View on NVD
2007-03-21
Critical

CVE-2007-1578

Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD (mcrimap4.exe) 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument tha…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2007-1581

The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hash_update_file function via a userspace (1) error or (2) stream handl…

CVSS: 9.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Medium

CVE-2007-1582

The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting certain functions in the GD (ext/gd) extension and…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2007-1584

Buffer underflow in the header function in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by passing an all-whitespace string to this function, which causes it to write '\0' c…

CVSS: 6.8 CWE: N/A View on NVD
Critical

CVE-2007-0653

Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap ima…

CVSS: 9.3 CWE: N/A View on NVD
Critical

CVE-2007-0654

Integer underflow in X MultiMedia System (xmms) 1.2.10 allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which results in a stack-…

CVSS: 9.3 CWE: N/A View on NVD
Medium

CVE-2007-1002

Format string vulnerability in the write_html function in calendar/gui/e-cal-component-memo-preview.c in Evolution Shared Memo 2.8.2.1, and possibly earlier versions, allows user-assisted remote atta…

CVSS: 6.8 CWE: N/A View on NVD
Critical

CVE-2007-1567

Stack-based buffer overflow in War FTP Daemon 1.65, and possibly earlier, allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors, as demonstrated by wa…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2007-1568

Stack-based buffer overflow in DaanSystems NewsReactor 20070220.21 allows remote attackers to execute arbitrary code via a yEnc (yEncode) encoded article with a long filename.

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2007-1569

Stack-based buffer overflow in NewsBin Pro 4.32 allows remote attackers to cause a denial of service or execute arbitrary code via a yEnc (yEncode) encoded article with a long filename, as demonstrat…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2007-0238

Stack-based buffer overflow in filter\starcalc\scflt.cxx in the StarCalc parser in OpenOffice.org (OOo) Office Suite before 2.2, and 1.x before 1.1.5 Patch, allows user-assisted remote attackers to e…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2007-0348

Stack-based buffer overflow in the IASystemInfo.dll ActiveX control in (1) InterActual Player 2.60.12.0717, (2) Roxio CinePlayer 3.2, (3) WinDVD 7.0.27.172, and possibly other products, allows remote…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2007-1313

NETxAutomation NETxEIB OPC Server before 3.0.1300 does not properly validate OLE for Process Control (OPC) server handles, which allows attackers to cause a denial of service or possibly execute arbi…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2007-1463

Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain d…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2007-1464

Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.

CVSS: 6.8 CWE: N/A View on NVD
2007-03-20
High

CVE-2006-7172

Multiple SQL injection vulnerabilities in php-stats.recphp.php in PHP-Stats 0.1.9.1b and earlier allow remote attackers to execute arbitrary code via a leading dotted-quad IP address string in the (1…

CVSS: 7.5 CWE: N/A View on NVD
Critical

CVE-2007-1543

Stack-based buffer overflow in the accept_att_local function in server/os/connection.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to execute arbitrary code via a long p…

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2007-1544

Integer overflow in the ProcAuWriteElement function in server/dia/audispatch.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) and possi…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2007-1521

Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated b…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2007-1522

Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejecte…

CVSS: 6.8 CWE: N/A View on NVD
Critical

CVE-2007-1536

Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.

CVSS: 9.3 CWE: CWE-189 View on NVD
High

CVE-2007-1511

Buffer overflow in FrontBase Relational Database Server 4.2.7 and earlier allows remote authenticated users, with privileges for creating a stored procedure, to execute arbitrary code via a CREATE PR…

CVSS: 7.1 CWE: N/A View on NVD
2007-03-19
Critical

CVE-2007-1319

Unspecified vulnerability in the IOPCServer::RemoveGroup function in the OPCDA interface in Takebishi Electric DeviceXPlorer OLE for Process Control (OPC) Server before 3.12 Build3 allows remote atta…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2007-1501

Stack-based buffer overflow in Avant Browser 11.0 build 26 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Content-Type HTTP header.

CVSS: 9.3 CWE: N/A View on NVD
Medium

CVE-2007-1502

Multiple buffer overflows in Rhapsody IRC 0.28b allow remote attackers to execute arbitrary code via a (1) long command, (2) long server argument to the (a) connect or (b) server commands, (3) long n…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2007-1503

Multiple format string vulnerabilities in comm.c in Rhapsody IRC 0.28b allow remote attackers to execute arbitrary code via format string specifiers to the create_ctcp_message function using the mess…

CVSS: 7.5 CWE: N/A View on NVD
2007-03-17
Medium

CVE-2007-1499

Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2007-03-16
Critical

CVE-2007-1447

The Tape Engine in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain R…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2007-1498

Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ActiveX control (SiteManager.dll) in the ePO management console in McAfee ePolicy Orchestrator (ePO) before 3.6.1 Patch 1 and Protec…

CVSS: 9.3 CWE: N/A View on NVD
Critical

CVE-2007-0002

Multiple heap-based buffer overflows in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allow user-assisted remote attackers to cause a denial of service (application crash) and possibly…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2007-1466

Integer overflow in the WP6GeneralTextPacket::_readContents function in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allows user-assisted remote attackers to cause a denial of service…

CVSS: 6.8 CWE: CWE-189 View on NVD
Medium

CVE-2007-1470

Multiple buffer overflows in LIBFtp 5.0 allow user-assisted remote attackers to execute arbitrary code via certain long arguments to the (1) FtpArchie, (2) FtpDebugDebug, (3) FtpOpenDir, (4) FtpSize,…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2007-1475

Multiple buffer overflows in the (1) ibase_connect and (2) ibase_pconnect functions in the interbase extension in PHP 4.4.6 and earlier allow context-dependent attackers to execute arbitrary code via…

CVSS: 5.4 CWE: N/A View on NVD
Medium

CVE-2007-1484

The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zval_dtor, which triggers memory corruption and allows local users to bypass safe_mode and…

CVSS: 4.6 CWE: N/A View on NVD
Critical

CVE-2007-1485

Buffer overflow in the set_umask function in QFTP in LIBFtp 3.1-1 allows local users to execute arbitrary code via a long -m argument. NOTE: CVE disputes this issue because QFTP is not setuid, and it…

CVSS: 10.0 CWE: N/A View on NVD
2007-03-14
High

CVE-2007-1453

Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext/filter) in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by calling filter_var with cert…

CVSS: 7.5 CWE: N/A View on NVD
Critical

CVE-2007-1457

Buffer overflow in the urarlib_get function in Christian Scheurer UniquE RAR File Library (unrarlib, aka URARFileLib) 0.4 allows context-dependent attackers to execute arbitrary code via a long (1) f…

CVSS: 10.0 CWE: N/A View on NVD
2007-03-13
Medium

CVE-2007-0721

Unspecified vulnerability in diskimages-helper in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted compressed disk image tha…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2007-0722

Integer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted AppleSingleEncoding disk image.

CVSS: 6.8 CWE: N/A View on NVD
Critical

CVE-2007-0731

Stack-based buffer overflow in the Apple-specific Samba module (SMB File Server) in Apple Mac OS X 10.4 through 10.4.8 allows context-dependent attackers to execute arbitrary code via a long ACL.

CVSS: 9.3 CWE: N/A View on NVD
Critical

CVE-2007-0733

Unspecified vulnerability in ImageIO in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to cause a denial of service (application crash) and possibly execute arbit…

CVSS: 9.3 CWE: N/A View on NVD
Medium

CVE-2007-0719

Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via an image with a crafted ColorSync profile.

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2007-1387

The DirectShow loader (loader/dshow/DS_VideoDecoder.c) in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers…

CVSS: 6.8 CWE: N/A View on NVD
2007-03-12
High

CVE-2007-1413

Buffer overflow in the snmpget function in the snmp extension in PHP 5.2.3 and earlier, including PHP 4.4.6 and probably other PHP 4 versions, allows context-dependent attackers to execute arbitrary…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2007-03-10
Critical

CVE-2007-1397

Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) decrypt_topic_332 functions in FiSH allow remote attackers to execute arbitrary code via long strings.

CVSS: 10.0 CWE: N/A View on NVD
High

CVE-2007-1403

Multiple stack-based buffer overflows in an ActiveX control in SwDir.dll 10.1.4.20 in Macromedia Shockwave allow remote attackers to cause a denial of service (Internet Explorer 7 crash) and possibly…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2007-1411

Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 versions, allows local and possibly remote attackers to execute arbitrary code via long server name arguments to the (1) mssql_connect…

CVSS: 6.8 CWE: N/A View on NVD
Critical

CVE-2007-1399

Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as d…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2007-1365

Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 allows remote attackers to execute arbitrary code via fragmented IPv6 packets due to "incorrect mbuf handling for ICMP6 packets." NOTE: th…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2007-0999

Format string vulnerability in Ekiga 2.0.3, and probably other versions, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2007-1006.

CVSS: 9.3 CWE: N/A View on NVD
Medium

CVE-2007-1371

Multiple buffer overflows in Conquest 8.2a and earlier (1) allow local users to gain privileges by querying a metaserver that sends a long server entry processed by metaGetServerList and allow remote…

CVSS: 6.9 CWE: N/A View on NVD
Critical

CVE-2007-1373

Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute arbitrary code via a long LOGIN command. NOTE: this might be the sa…

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2007-1379

The ovrimos_close function in the Ovrimos extension for PHP before 4.4.5 can trigger efree of an arbitrary address, which might allow context-dependent attackers to execute arbitrary code.

CVSS: 5.1 CWE: N/A View on NVD
High

CVE-2007-1381

The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10.2.13 in PHP 5, as modified in CVS on 20070224 and fixed on 20070304, calls strlcpy where strlcat was intended and uses improper…

CVSS: 7.6 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2007-1382

The PHP COM extensions for PHP on Windows systems allow context-dependent attackers to execute arbitrary code via a WScript.Shell COM object, as demonstrated by using the Run method of this object to…

CVSS: 6.8 CWE: N/A View on NVD
Critical

CVE-2007-1383

Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes the same variable to be destr…

CVSS: 9.8 CWE: CWE-189 View on NVD
2007-03-08
Critical

CVE-2007-1344

Multiple buffer overflows in src/ezstream.c in Ezstream before 0.3.0 allow remote attackers to execute arbitrary code via a crafted XML configuration file processed by the (1) urlParse function, whic…

CVSS: 9.3 CWE: N/A View on NVD
Medium

CVE-2007-1350

Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 allows remote attackers to execute arbitrary code via a long username during HTTP Basic authentication.

CVSS: 6.8 CWE: N/A View on NVD
2007-03-07
Critical

CVE-2007-1329

Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent…

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2006-7151

Untrusted search path vulnerability in the libtool-ltdl library (libltdl.so) 1.5.22-2.3 in Fedora Core 5 might allow local users to execute arbitrary code via a malicious library in the (1) hwcap, (2…

CVSS: 6.6 CWE: N/A View on NVD
Critical

CVE-2006-7153

PHP remote file inclusion vulnerability in index.php in MiniBB Forum 2 allows remote attackers to execute arbitrary code via a URL in the pathToFiles parameter.

CVSS: 10.0 CWE: N/A View on NVD