CVE-2007-0159

Directory traversal vulnerability in the GeoIP_update_database_general function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious update servers (possibly only update.maxmind.com) to overwrite arbitrary files via a .. (dot dot) in the database filename, which is returned by a request to app/update_getfilename.

Publication date: Wed, 10 Jan 2007 06:28:00 +0000

Cyber News related to CVE-2007-0159

CVE-2015-2503 - Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 ...
6 years ago

CVE-2007-0159 - Directory traversal vulnerability in the GeoIP_update_database_general function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious update servers (possibly only update.maxmind.com) to overwrite arbitrary files via a .. (dot dot) in the ...
7 years ago

CVE-2012-0159 - Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 ...
6 years ago

CVE-2015-0159 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3570. Reason: This candidate is a reservation duplicate of CVE-2014-3570. Notes: All CVE users should reference CVE-2014-3570 instead of this candidate. All references and ...
54 years ago Tenable.com

CVE-2006-0159 - SQL injection vulnerability in escribir.php in Foro Domus 2.10 allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown, although it may be based on post-disclosure ...
7 years ago

CVE-2008-1626 - SQL injection vulnerability in eggBlog before 4.0.1 allows remote attackers to execute arbitrary SQL commands via an unspecified cookie. NOTE: this might overlap CVE-2008-0159. ...
7 years ago

CVE-2022-0159 - orchardcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') ...
2 years ago

CVE-2000-0159 - HP Ignite-UX does not save /etc/passwd when it creates an image of a trusted system, which can set the password field to a blank and allow an attacker to gain privileges. ...
16 years ago

CVE-2011-0159 - The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does not properly implement the clearing of cookies during execution of the Safari application, which might make it easier for remote web servers to track users by setting a cookie. ...
13 years ago

CVE-2014-0159 - Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument. ...
8 years ago

CVE-2002-0159 - Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of ...
8 years ago

CVE-2005-0159 - The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian GNU/Linux 3.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files. ...
7 years ago

CVE-2008-0159 - SQL injection vulnerability in index.php in eggBlog 3.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the eggblogpassword parameter in a cookie. ...
7 years ago

CVE-2004-0159 - Format string vulnerability in hsftp 1.11 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via file names containing format string characters that are not properly handled when executing an ...
7 years ago

CVE-2003-0159 - Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code. ...
7 years ago

CVE-2013-0159 - The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlink attack on /tmp/fedora-business-cards-buffer.svg. ...
6 years ago

CVE-2009-0159 - Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response. ...
6 years ago

CVE-2016-0159 - Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." ...
6 years ago

CVE-2010-0159 - The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute ...
5 years ago

CVE-2017-0159 - A security feature bypass vulnerability exists in Windows 10 1607, Windows Server 2012 R2, and Windows 2016 when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests, aka "ADFS Security Feature Bypass ...
5 years ago

CVE-2018-0159 - A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a ...
5 years ago

CVE-2020-0159 - In rw_mfc_writeBlock of rw_mfc.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: ...
4 years ago

CVE-2019-0159 - Insufficient memory protection in the Linux Administrative Tools for Intel(R) Network Adapters before version 24.3 may allow an authenticated user to potentially enable escalation of privilege via local access. ...
4 years ago

CVE-1999-0159 - Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases. ...
2 years ago

CVE-2021-0159 - Improper input validation in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. ...
2 years ago

Latest Cyber News

CVE-2024-43434 - 7 hours ago
CVE-2024-43436 - 7 hours ago
CVE-2024-43438 - 7 hours ago
CVE-2024-43440 - 7 hours ago
CVE-2024-43425 - 7 hours ago
CVE-2024-43426 - 7 hours ago
CVE-2024-43428 - 7 hours ago
CVE-2024-43431 - 7 hours ago
CVE-2024-8442 - 8 hours ago
CVE-2024-24914 - 9 hours ago
CVE-2024-10526 - 10 hours ago
CVE-2024-50169 - 11 hours ago
CVE-2024-50170 - 11 hours ago
CVE-2024-50171 - 11 hours ago
CVE-2024-50172 - 11 hours ago
CVE-2024-51504 - 11 hours ago
CVE-2024-50155 - 11 hours ago
CVE-2024-50156 - 11 hours ago
CVE-2024-50157 - 11 hours ago
CVE-2024-50158 - 11 hours ago

Cyber Trends (last 7 days)

Okta - 11 months ago
23andMe - 11 months ago
Kimsuky - 11 months ago
LogoFAIL - 11 months ago
Gh0st rat - 11 months ago

Trending Cyber News (last 7 days)

CVE-2024-10081 - 1 day ago
CVE-2024-10082 - 1 day ago
CVE-2024-10916 - 1 day ago
CVE-2024-35146 - 1 day ago
CVE-2024-6861 - 1 day ago
CVE-2024-10919 - 1 day ago
CVE-2024-10920 - 1 day ago
CVE-2024-10318 - 1 day ago
CVE-2024-20371 - 1 day ago
CVE-2024-20418 - 1 day ago
CVE-2024-20445 - 1 day ago
CVE-2024-20457 - 1 day ago
CVE-2024-20476 - 1 day ago
CVE-2024-20484 - 1 day ago
CVE-2024-20487 - 1 day ago
CVE-2024-20504 - 1 day ago
CVE-2024-20507 - 1 day ago
CVE-2024-20511 - 1 day ago
CVE-2024-20514 - 1 day ago
CVE-2024-20525 - 1 day ago