CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2007

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2006-7207 Overflow 2007-06-22 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in ageet AGEphone before 1.4.0 might allow remote attackers to have an unknown impact via unspecified vectors.
2 CVE-2007-1685 DoS Exec Code Overflow 2007-06-08 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in k9filter.exe in BlueCoat K9 Web Protection 3.2.36, and probably other versions before 3.2.44, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request to port 2372.
3 CVE-2007-2387 2007-06-04 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Apple Xserve Lights-Out Management before Firmware Update 1.0 on Intel hardware does not require a password for remote access to IPMI, which allows remote attackers to gain administrative access via unspecified requests with ipmitool.
4 CVE-2007-2419 Exec Code Overflow 2007-06-06 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the AddFileEx method, a different vulnerability than CVE-2007-0328.
5 CVE-2007-2442 Exec Code 2007-06-26 2021-02-02
10.0
None Remote Low Not required Complete Complete Complete
The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.
6 CVE-2007-2863 Exec Code Overflow 2007-06-06 2021-04-08
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a long filename in a .CAB file.
7 CVE-2007-2924 Exec Code Overflow 2007-06-19 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in RealNetworks GameHouse dldisplay ActiveX control (ghdlctl.dll) allow remote attackers to execute arbitrary code via unknown vectors.
8 CVE-2007-2974 Exec Code Overflow 2007-06-01 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the file parsing engine in Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to execute arbitrary code via a crafted LZH archive file, resulting from an "integer cast around."
9 CVE-2007-2985 264 Exec Code Bypass +Info 2007-06-01 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Pheap 2.0 allows remote attackers to bypass authentication by setting a pheap_login cookie value to the administrator's username, which can be used to (1) obtain sensitive information, including the administrator password, via settings.php or (2) upload and execute arbitrary PHP code via an update_doc action in edit.php.
10 CVE-2007-3023 2007-06-07 2012-10-31
10.0
None Remote Low Not required Complete Complete Complete
unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors.
11 CVE-2007-3047 2007-06-05 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
The Vonage VoIP Telephone Adapter has a default administrator username "user" and password "user," which allows remote attackers to obtain administrative access.
12 CVE-2007-3093 Exec Code 2007-06-06 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the logging mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote attackers to execute arbitrary code via unspecified vectors, related to the WBEM server.
13 CVE-2007-3111 Exec Code Overflow 2007-06-07 2021-07-23
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the Provideo Camimage ActiveX control in ISSCamControl.dll 1.0.1.5, when Internet Explorer 6 is used on Windows 2000 SP4, allows remote attackers to execute arbitrary code via a long URL property value.
14 CVE-2007-3154 2007-06-11 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka wz_tooltips) before 4.01, as used by eGroupWare before 1.2.107-2 and other packages, has unknown impact and remote attack vectors.
15 CVE-2007-3155 2007-06-11 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown impact and attack vectors related to ADOdb. NOTE: due to lack of details from the vendor, it is uncertain whether this issue is already covered by another CVE identifier.
16 CVE-2007-3181 Exec Code Overflow 2007-06-12 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows remote attackers to execute arbitrary code via a large p_cnct_count value in a p_cnct structure in a connect (0x01) request to port 3050/tcp, related to "an InterBase version of gds32.dll."
17 CVE-2007-3193 Bypass 2007-06-12 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, might allow remote attackers to bypass authentication via an empty password, which causes ldap_bind to return true when used with certain LDAP implementations.
18 CVE-2007-3208 Exec Code 2007-06-14 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 allows remote attackers to obtain administrative access via requests to (1) register.pl or (2) profile.pl that write CRLF sequences to a .vars file. NOTE: this can be leveraged to execute arbitrary code.
19 CVE-2007-3216 119 Exec Code Overflow XSS 2007-06-14 2021-04-07
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the LGServer component of CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.1 allow remote attackers to execute arbitrary code via crafted arguments to the (1) rxsAddNewUser, (2) rxsSetUserInfo, (3) rxsRenameUser, (4) rxsSetMessageLogSettings, (5) rxsExportData, (6) rxsSetServerOptions, (7) rxsRenameFile, (8) rxsACIManageSend, (9) rxsExportUser, (10) rxsImportUser, (11) rxsMoveUserData, (12) rxsUseLicenseIni, (13) rxsLicGetSiteId, (14) rxsGetLogFileNames, (15) rxsGetBackupLog, (16) rxsBackupComplete, (17) rxsSetDataProtectionSecurityData, (18) rxsSetDefaultConfigName, (19) rxsGetMessageLogSettings, (20) rxsHWDiskGetTotal, (21) rxsHWDiskGetFree, (22) rxsGetSubDirs, (23) rxsGetServerDBPathName, (24) rxsSetServerOptions, (25) rxsDeleteFile, (26) rxsACIManageSend, (27) rxcReadBackupSetList, (28) rxcWriteConfigInfo, (29) rxcSetAssetManagement, (30) rxcWriteFileListForRestore, (31) rxcReadSaveSetProfile, (32) rxcInitSaveSetProfile, (33) rxcAddSaveSetNextAppList, (34) rxcAddSaveSetNextFilesPathList, (35) rxcAddNextBackupSetIncWildCard, (36) rxcGetRevisions, (37) rxrAddMovedUser, (38) rxrSetClientVersion, or (39) rxsSetDataGrowthScheduleAndFilter commands.
20 CVE-2007-3232 2007-06-15 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
The IBM TotalStorage DS400 with firmware 4.15 uses a blank password for the (1) root, (2) user, (3) manager, (4) administrator, and (5) operator accounts, which allows remote attackers to gain login access via certain Linux daemons, including a telnet daemon on a nonstandard port, tcp/6000.
21 CVE-2007-3263 2007-06-19 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors, related to "incorrect authorization on a remote interface to the SDO repository."
22 CVE-2007-3264 2007-06-19 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors.
23 CVE-2007-3270 Exec Code File Inclusion 2007-06-19 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in Includes/global.inc.php in phpMyInventory 2.8 allows remote attackers to execute arbitrary PHP code via a URL in the strIncludePrefix parameter.
24 CVE-2007-3277 2007-06-19 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the localization before 1.2 module for WIKINDX allows attackers to access certain administrative capabilities via unknown vectors.
25 CVE-2007-3279 2007-06-19 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
PostgreSQL 8.1 and probably later versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing attacks, which may evade intrusion detection.
26 CVE-2007-3334 Exec Code Overflow 2007-06-21 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors.
27 CVE-2007-3336 Exec Code 2007-06-22 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.
28 CVE-2007-3338 119 Exec Code Overflow 2007-06-22 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions.
29 CVE-2007-3341 2007-06-21 2021-07-23
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the FTP implementation in Microsoft Internet Explorer allows remote attackers to "see a valid memory address" via unspecified vectors, a different issue than CVE-2007-0217.
30 CVE-2007-3357 +Info 2007-06-22 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
NetClassifieds Premium Edition does not use encryption for (1) stored passwords or (2) sensitive data, which might allow attackers to obtain information via certain vectors.
31 CVE-2007-3363 2007-06-22 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in ageet AGEphone before 1.6.3 allow remote attackers to have an unknown impact via malformed SIP packets.
32 CVE-2007-3454 119 Exec Code Overflow 2007-06-27 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to execute arbitrary code via long crafted requests, as demonstrated using a long session cookie to unspecified CGI programs that use this library.
33 CVE-2007-3455 264 Bypass 2007-06-27 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to "stored decrypted user logon information."
34 CVE-2007-3465 2007-06-27 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, has a certain default password.
35 CVE-2007-3483 2007-06-28 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Research in Motion BlackBerry Enterprise Server 4.0 through 4.1 has a default configuration that permits installation of arbitrary third-party applications on BlackBerry devices, which might facilitate loading of malware.
36 CVE-2007-3488 Exec Code Overflow 2007-06-29 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the viewer ActiveX control in Sony Network Camera SNC-RZ25N before 1.30; SNC-P1 and SNC-P5 before 1.29; SNC-CS10 and SNC-CS11 before 1.06; SNC-DF40N and SNC-DF70N before 1.18; SNC-RZ50N and SNC-CS50N before 2.22; SNC-DF85N, SNC-DF80N, and SNC-DF50N before 1.12; and SNC-RX570N/W, SNC-RX570N/B, SNC-RX550N/W, SNC-RX550N/B, SNC-RX530N/W, and SNC-RX530N/B 3.00 and 2.x before 2.31; allows remote attackers to execute arbitrary code via a long first argument to the PrmSetNetworkParam method.
37 CVE-2007-3500 264 +Priv 2007-06-29 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Xeweb XEForum allows remote attackers to gain privileges via a modified xeforum cookie.
38 CVE-2007-3180 119 Overflow 2007-06-12 2018-10-16
9.4
None Remote Low Not required Complete Complete None
Buffer overflow in Help and Support Center before 4.4 C on HP Windows systems allows remote attackers to read or write arbitrary files via unknown vectors.
39 CVE-2007-3191 +Info 2007-06-12 2018-10-16
9.4
None Remote Low Not required Complete Complete None
Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to obtain configuration information via a direct request to admin/adm/test.php, which calls the phpinfo function.
40 CVE-2007-3192 2007-06-12 2018-10-16
9.4
None Remote Low Not required Complete Complete None
admin/setup.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to read and modify configuration settings via a direct request.
41 CVE-2007-0068 +Priv 2007-06-06 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature on a signed scheduled agent after the agent is modified, which allows remote authenticated users to gain privileges via a modified agent in a server database.
42 CVE-2007-0218 94 Exec Code Mem. Corr. 2007-06-12 2021-07-23
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function.
43 CVE-2007-0245 119 Exec Code Overflow 2007-06-12 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier allows remote attackers to execute arbitrary code via a RTF file with a crafted prtdata tag with a length parameter inconsistency, which causes vtable entries to be overwritten.
44 CVE-2007-0328 Exec Code 2007-06-01 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via (1) the Execute method, and obtain the exit status using (2) the GetExitCode method.
45 CVE-2007-0934 Exec Code Mem. Corr. 2007-06-12 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption.
46 CVE-2007-0936 Exec Code Mem. Corr. 2007-06-12 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability."
47 CVE-2007-1750 Exec Code Mem. Corr. 2007-06-12 2021-07-23
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption.
48 CVE-2007-1751 94 Exec Code Mem. Corr. 2007-06-12 2021-07-23
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka "Uninitialized Memory Corruption Vulnerability."
49 CVE-2007-2218 DoS Exec Code 2007-06-12 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake.
50 CVE-2007-2219 Exec Code 2007-06-12 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.
Total number of vulnerabilities : 563   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.