CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2007 (CVSS score >= 5)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2007-3504 22 Exec Code Dir. Trav. 2007-06-30 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file.
2 CVE-2007-3502 2007-06-30 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the web-based product configuration system in Kaspersky Anti-Spam before 3.0 MP1 allows remote attackers to obtain access to certain directories.
3 CVE-2007-3500 264 +Priv 2007-06-29 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Xeweb XEForum allows remote attackers to gain privileges via a modified xeforum cookie.
4 CVE-2007-3499 DoS 2007-06-29 2008-11-15
6.4
None Remote Low Not required None Partial Partial
SlackRoll before 8 accepts gpg exit codes other than 0 and 1 as evidence of a valid signature, which allows remote Slackware mirror sites or man-in-the-middle attackers to cause a denial of service (data inconsistency) or possibly install Trojan horse packages via malformed gpg signatures.
5 CVE-2007-3497 2007-06-29 2021-07-23
5.0
None Remote Low Not required Partial None None
Microsoft Internet Explorer 7 allows remote attackers to determine the existence of page history via the history.length JavaScript variable.
6 CVE-2007-3494 2007-06-29 2018-10-16
6.8
None Remote Low ??? Complete None None
Papoo CMS 3.6, and possibly earlier, does not verify user privileges when accessing the backend administration plugins, which allows remote authenticated users to (1) read the entire database by accessing the database backup plugin via a devtools/templates/newdump_backend.html argument in the template parameter to interna/plugin.php, (2) create plugins, (3) remove plugins, (4) enable debug mode, and have other unspecified impact.
7 CVE-2007-3493 2007-06-29 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTAudioStudio (NCTAudioStudio2) 2.7, as used by Sienzo DMM and probably other products, allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the CreateFile method, a different product than CVE-2007-3400.
8 CVE-2007-3492 DoS 2007-06-29 2018-10-16
6.8
None Remote Low ??? None None Complete
Conti FtpServer 1.0 allows remote authenticated users to cause a denial of service (daemon crash) via a certain string containing "//A:" in the argument to the LIST command.
9 CVE-2007-3491 Overflow 2007-06-29 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in _mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to have an unknown impact via a malformed TCP/IP message.
10 CVE-2007-3490 2007-06-29 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls.
11 CVE-2007-3489 CSRF 2007-06-29 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Cross-site request forgery (CSRF) vulnerability in pop/WizU.html in the management interface in Check Point VPN-1 Edge X Embedded NGX 7.0.33x on the Check Point VPN-1 UTM Edge allows remote attackers to perform privileged actions as administrators, as demonstrated by a request with the swuuser and swupass parameters, which adds an administrator account. NOTE: the CSRF attack has no timing window because there is no logout capability in the management interface.
12 CVE-2007-3488 Exec Code Overflow 2007-06-29 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the viewer ActiveX control in Sony Network Camera SNC-RZ25N before 1.30; SNC-P1 and SNC-P5 before 1.29; SNC-CS10 and SNC-CS11 before 1.06; SNC-DF40N and SNC-DF70N before 1.18; SNC-RZ50N and SNC-CS50N before 2.22; SNC-DF85N, SNC-DF80N, and SNC-DF50N before 1.12; and SNC-RX570N/W, SNC-RX570N/B, SNC-RX550N/W, SNC-RX550N/B, SNC-RX530N/W, and SNC-RX530N/B 3.00 and 2.x before 2.31; allows remote attackers to execute arbitrary code via a long first argument to the PrmSetNetworkParam method.
13 CVE-2007-3487 22 Dir. Trav. 2007-06-29 2018-10-16
6.4
None Remote Low Not required Partial Partial None
Absolute path traversal in a certain ActiveX control in hpqxml.dll 2.0.0.133 in Hewlett-Packard (HP) Photo Digital Imaging allows remote attackers to create or overwrite arbitrary files via the argument to the saveXMLAsFile method.
14 CVE-2007-3483 2007-06-28 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Research in Motion BlackBerry Enterprise Server 4.0 through 4.1 has a default configuration that permits installation of arbitrary third-party applications on BlackBerry devices, which might facilitate loading of malware.
15 CVE-2007-3482 79 XSS Bypass 2007-06-28 2008-11-15
7.8
None Remote Low Not required Complete None None
Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute.
16 CVE-2007-3481 119 Overflow Bypass 2007-06-28 2021-07-23
5.0
None Remote Low Not required Partial None None
** DISPUTED ** Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. NOTE: this issue has been disputed by other researchers, citing a variable scoping issue and information about the semantics of document.domain.
17 CVE-2007-3480 DoS 2007-06-28 2018-10-16
7.1
None Remote Medium Not required None None Complete
PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to cause a denial of service (infinite loop and resource consumption) via a malformed WDP project file.
18 CVE-2007-3479 Exec Code Overflow 2007-06-28 2018-10-16
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to execute arbitrary code via a long string in the "used DLL" field in a WDP project file.
19 CVE-2007-3477 399 DoS 2007-06-28 2018-10-16
5.0
None Remote Low Not required None None Partial
The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value.
20 CVE-2007-3471 Exec Code Overflow 2007-06-28 2017-09-29
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the dtsession Common Desktop Environment (CDE) Session Manager in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via unspecified vectors.
21 CVE-2007-3470 DoS 2007-06-28 2017-09-29
7.8
None Remote Low Not required None None Complete
Multiple unspecified vulnerabilities in the KSSL kernel module in Sun Solaris 10, when configured with the KSSL proxy, allow remote attackers to cause a denial of service (kernel panic) via unspecified vectors related to "memory buffers" of Secure Socket Layer (SSL) records.
22 CVE-2007-3468 DoS 2007-06-27 2018-10-16
7.8
None Remote Low Not required None None Complete
input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a crafted WAV file that causes an uninitialized i_nb_resamplers variable to be used.
23 CVE-2007-3467 DoS Overflow 2007-06-27 2018-10-16
7.8
None Remote Low Not required None None Complete
Integer overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a WAV file with a large sample rate.
24 CVE-2007-3465 2007-06-27 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, has a certain default password.
25 CVE-2007-3464 +Priv CSRF 2007-06-27 2018-10-16
8.5
None Remote Medium ??? Complete Complete Complete
Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, does not require entry of the old password when changing the admin password, which might allow attackers to gain privileges by conducting a CSRF attack, making a password change on an unattended workstation, or other vectors.
26 CVE-2007-3462 Exec Code CSRF 2007-06-27 2018-10-16
6.0
None Remote Medium ??? Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, allows remote attackers to execute commands as arbitrary users, and disable firewalling of the protected network.
27 CVE-2007-3461 Exec Code Sql 2007-06-27 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in property.php in elkagroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
28 CVE-2007-3460 Exec Code File Inclusion 2007-06-27 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in index.php3 in EVA-Web 1.1 through 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) aide or (2) perso parameter.
29 CVE-2007-3459 2007-06-27 2018-10-16
6.4
None Remote Low Not required None Partial Partial
A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax Vector 1.3 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the WriteMovie method.
30 CVE-2007-3455 264 Bypass 2007-06-27 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to "stored decrypted user logon information."
31 CVE-2007-3454 119 Exec Code Overflow 2007-06-27 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to execute arbitrary code via long crafted requests, as demonstrated using a long session cookie to unspecified CGI programs that use this library.
32 CVE-2007-3453 Exec Code Sql 2007-06-27 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Papoo 3.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the selmenuid parameter to certain components.
33 CVE-2007-3452 Exec Code Sql 2007-06-27 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in essentials/minutes/doc.php in eDocStore allows remote attackers to execute arbitrary SQL commands via the doc_id parameter in an inline action.
34 CVE-2007-3451 Exec Code File Inclusion 2007-06-27 2017-10-11
6.5
None Remote Low ??? Partial Partial Partial
PHP remote file inclusion vulnerability in admin/index.php in 6ALBlog allows remote authenticated administrators to execute arbitrary PHP code via a URL in the pg parameter.
35 CVE-2007-3450 Exec Code Sql 2007-06-27 2012-10-31
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the member parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
36 CVE-2007-3449 Exec Code Sql 2007-06-27 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
37 CVE-2007-3447 89 Exec Code Sql 2007-06-27 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the "basic search box." NOTE: 4.0.2 and other versions might also be affected.
38 CVE-2007-3446 2007-06-27 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
BugMall Shopping Cart 2.5 and earlier has a default username "demo" and password "demo," which allows remote attackers to obtain login access.
39 CVE-2007-3441 DoS 2007-06-27 2017-07-29
5.0
None Remote Low Not required None None Partial
Format string vulnerability in the Aastra 9112i SIP Phone with firmware 1.4.0.1048 and boot version 1.1.0.10 allows remote attackers to cause a denial of service (blocked call reception and slow calling) via format string specifiers in an SDP header value, a different vulnerability than CVE-2007-3349.
40 CVE-2007-3440 2007-06-27 2008-11-15
6.4
None Remote Low Not required None Partial Partial
The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, and snom320 jffs23.36, allows remote attackers to place calls to arbitrary phone numbers via certain requests to the web server on port 1800.
41 CVE-2007-3439 2007-06-27 2008-11-15
5.0
None Remote Low Not required Partial None None
The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, and snom320 jffs23.36, allows remote attackers to read a list of missed calls, received calls, and dialed numbers via a direct request to the web server on port 1800.
42 CVE-2007-3438 Exec Code Overflow 2007-06-27 2008-11-15
7.8
None Remote Low Not required None None Complete
Buffer overflow in the SIP header parsing module in the Nortel PC Client SIP Soft Phone 4.1 3.5.208[20051015] allows remote attackers to execute arbitrary code via a malformed message, a different vulnerability than CVE-2007-3361.
43 CVE-2007-3437 DoS 2007-06-27 2017-07-29
7.8
None Remote Low Not required None None Complete
AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application crash) via a malformed header value in a SIP INVITE message, a different vulnerability than CVE-2007-3350.
44 CVE-2007-3436 DoS 2007-06-27 2017-07-29
5.0
None Remote Low Not required None None Partial
Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to cause a denial of service (resource consumption) via a flood of SIP INVITE requests to the port specified for voice conversation.
45 CVE-2007-3435 Exec Code Overflow 2007-06-27 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the BeginPrint method in a certain ActiveX control in RKD Software (barcodetools.com) BarCodeAx.dll 4.9 allows remote attackers to execute arbitrary code via a long argument.
46 CVE-2007-3434 +Info 2007-06-27 2017-10-11
5.0
None Remote Low Not required Partial None None
index.php in Pharmacy System 2 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the page parameter, which reveals the table prefix in an error message.
47 CVE-2007-3433 Exec Code Sql 2007-06-27 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Pharmacy System 2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter in an add action.
48 CVE-2007-3432 Exec Code 2007-06-27 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename.
49 CVE-2007-3431 Exec Code File Inclusion 2007-06-27 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in cal.func.php in Valerio Capello Dagger - The Cutting Edge r23jan2007 allows remote attackers to execute arbitrary PHP code via a URL in the dir_edge_lang parameter.
50 CVE-2007-3430 Exec Code Sql 2007-06-27 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 allows remote attackers to execute arbitrary SQL commands via the submit parameter in an email action.
Total number of vulnerabilities : 415   Page : 1 (This Page)2 3 4 5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.