CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2007 (CVSS score >= 7)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2007-3504 22 Exec Code Dir. Trav. 2007-06-30 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file.
2 CVE-2007-3502 2007-06-30 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the web-based product configuration system in Kaspersky Anti-Spam before 3.0 MP1 allows remote attackers to obtain access to certain directories.
3 CVE-2007-3500 264 +Priv 2007-06-29 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Xeweb XEForum allows remote attackers to gain privileges via a modified xeforum cookie.
4 CVE-2007-3493 2007-06-29 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTAudioStudio (NCTAudioStudio2) 2.7, as used by Sienzo DMM and probably other products, allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the CreateFile method, a different product than CVE-2007-3400.
5 CVE-2007-3491 Overflow 2007-06-29 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in _mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to have an unknown impact via a malformed TCP/IP message.
6 CVE-2007-3490 2007-06-29 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls.
7 CVE-2007-3489 CSRF 2007-06-29 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Cross-site request forgery (CSRF) vulnerability in pop/WizU.html in the management interface in Check Point VPN-1 Edge X Embedded NGX 7.0.33x on the Check Point VPN-1 UTM Edge allows remote attackers to perform privileged actions as administrators, as demonstrated by a request with the swuuser and swupass parameters, which adds an administrator account. NOTE: the CSRF attack has no timing window because there is no logout capability in the management interface.
8 CVE-2007-3488 Exec Code Overflow 2007-06-29 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the viewer ActiveX control in Sony Network Camera SNC-RZ25N before 1.30; SNC-P1 and SNC-P5 before 1.29; SNC-CS10 and SNC-CS11 before 1.06; SNC-DF40N and SNC-DF70N before 1.18; SNC-RZ50N and SNC-CS50N before 2.22; SNC-DF85N, SNC-DF80N, and SNC-DF50N before 1.12; and SNC-RX570N/W, SNC-RX570N/B, SNC-RX550N/W, SNC-RX550N/B, SNC-RX530N/W, and SNC-RX530N/B 3.00 and 2.x before 2.31; allows remote attackers to execute arbitrary code via a long first argument to the PrmSetNetworkParam method.
9 CVE-2007-3483 2007-06-28 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Research in Motion BlackBerry Enterprise Server 4.0 through 4.1 has a default configuration that permits installation of arbitrary third-party applications on BlackBerry devices, which might facilitate loading of malware.
10 CVE-2007-3482 79 XSS Bypass 2007-06-28 2008-11-15
7.8
None Remote Low Not required Complete None None
Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute.
11 CVE-2007-3480 DoS 2007-06-28 2018-10-16
7.1
None Remote Medium Not required None None Complete
PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to cause a denial of service (infinite loop and resource consumption) via a malformed WDP project file.
12 CVE-2007-3471 Exec Code Overflow 2007-06-28 2017-09-29
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the dtsession Common Desktop Environment (CDE) Session Manager in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via unspecified vectors.
13 CVE-2007-3470 DoS 2007-06-28 2017-09-29
7.8
None Remote Low Not required None None Complete
Multiple unspecified vulnerabilities in the KSSL kernel module in Sun Solaris 10, when configured with the KSSL proxy, allow remote attackers to cause a denial of service (kernel panic) via unspecified vectors related to "memory buffers" of Secure Socket Layer (SSL) records.
14 CVE-2007-3468 DoS 2007-06-27 2018-10-16
7.8
None Remote Low Not required None None Complete
input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a crafted WAV file that causes an uninitialized i_nb_resamplers variable to be used.
15 CVE-2007-3467 DoS Overflow 2007-06-27 2018-10-16
7.8
None Remote Low Not required None None Complete
Integer overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a WAV file with a large sample rate.
16 CVE-2007-3465 2007-06-27 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, has a certain default password.
17 CVE-2007-3464 +Priv CSRF 2007-06-27 2018-10-16
8.5
None Remote Medium ??? Complete Complete Complete
Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, does not require entry of the old password when changing the admin password, which might allow attackers to gain privileges by conducting a CSRF attack, making a password change on an unattended workstation, or other vectors.
18 CVE-2007-3461 Exec Code Sql 2007-06-27 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in property.php in elkagroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
19 CVE-2007-3460 Exec Code File Inclusion 2007-06-27 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in index.php3 in EVA-Web 1.1 through 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) aide or (2) perso parameter.
20 CVE-2007-3455 264 Bypass 2007-06-27 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to "stored decrypted user logon information."
21 CVE-2007-3454 119 Exec Code Overflow 2007-06-27 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to execute arbitrary code via long crafted requests, as demonstrated using a long session cookie to unspecified CGI programs that use this library.
22 CVE-2007-3453 Exec Code Sql 2007-06-27 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Papoo 3.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the selmenuid parameter to certain components.
23 CVE-2007-3452 Exec Code Sql 2007-06-27 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in essentials/minutes/doc.php in eDocStore allows remote attackers to execute arbitrary SQL commands via the doc_id parameter in an inline action.
24 CVE-2007-3446 2007-06-27 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
BugMall Shopping Cart 2.5 and earlier has a default username "demo" and password "demo," which allows remote attackers to obtain login access.
25 CVE-2007-3438 Exec Code Overflow 2007-06-27 2008-11-15
7.8
None Remote Low Not required None None Complete
Buffer overflow in the SIP header parsing module in the Nortel PC Client SIP Soft Phone 4.1 3.5.208[20051015] allows remote attackers to execute arbitrary code via a malformed message, a different vulnerability than CVE-2007-3361.
26 CVE-2007-3437 DoS 2007-06-27 2017-07-29
7.8
None Remote Low Not required None None Complete
AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application crash) via a malformed header value in a SIP INVITE message, a different vulnerability than CVE-2007-3350.
27 CVE-2007-3435 Exec Code Overflow 2007-06-27 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the BeginPrint method in a certain ActiveX control in RKD Software (barcodetools.com) BarCodeAx.dll 4.9 allows remote attackers to execute arbitrary code via a long argument.
28 CVE-2007-3433 Exec Code Sql 2007-06-27 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Pharmacy System 2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter in an add action.
29 CVE-2007-3432 Exec Code 2007-06-27 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename.
30 CVE-2007-3430 Exec Code Sql 2007-06-27 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 allows remote attackers to execute arbitrary SQL commands via the submit parameter in an email action.
31 CVE-2007-3428 2007-06-27 2008-11-15
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in phpTrafficA before 1.4.2 allow remote attackers to have an unknown impact via the file parameter to (1) plotStatBar.php or (2) plotStatPie.php, different vectors than CVE-2007-1076.
32 CVE-2007-3427 Exec Code Sql 2007-06-27 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a stats action.
33 CVE-2007-3424 2007-06-26 2008-11-15
7.5
None Remote Low Not required Partial Partial Partial
The moveim function in cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the tocat parameter as a subdirectory name when moving an instant message, which has unknown impact and remote attack vectors.
34 CVE-2007-3423 2007-06-26 2008-11-15
7.5
None Remote Low Not required Partial Partial Partial
cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the (1) imview2 or (2) imview3 function reads (a) an internal IM, or a message from a (b) guest or (c) removed member, which has unknown impact and remote attack vectors.
35 CVE-2007-3422 2007-06-26 2008-11-15
7.5
None Remote Low Not required Partial Partial Partial
The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 attempts to parse query strings that contain (1) non-printing characters, (2) certain printing characters that do not commonly occur in URLs, or (3) invalid URL encoding sequences, which has unknown impact and remote attack vectors.
36 CVE-2007-3421 2007-06-26 2008-11-15
7.5
None Remote Low Not required Partial Partial Partial
The (1) login, (2) admin profile edit, (3) reminder, (4) edit profile, (5) profile view, (6) gallery view, (7) gallery comment, and (8) gallery feedback capabilities in web-app.org WebAPP before 0.9.9.7 do not verify presence of users in memberlist.dat, which has unknown impact and remote attack vectors.
37 CVE-2007-3420 2007-06-26 2008-11-15
7.5
None Remote Low Not required Partial Partial Partial
The Random Cookie Password functionality in the loaduser function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 does not clear the (1) username, (2) password, (3) usertheme, and (4) userlang cookies for unauthorized users, which has unknown impact and remote attack vectors.
38 CVE-2007-3419 2007-06-26 2008-11-15
7.5
None Remote Low Not required Partial Partial Partial
The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org WebAPP before 0.9.9.7 does not properly check the (1) themes.dat, (2) languages.dat, (3) profession.dat, (4) gen.dat, (5) marstat.dat, (6) states.dat, and (7) ages.dat files before saving profile settings of members, which has unknown impact and remote attack vectors.
39 CVE-2007-3415 Exec Code Sql 2007-06-26 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in index.php in phpRaider 1.0.0 rc8 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) type parameter.
40 CVE-2007-3411 Exec Code Sql 2007-06-26 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in edit_image.asp in ClickGallery Server 5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the image_id parameter.
41 CVE-2007-3410 119 Exec Code Overflow 2007-06-26 2017-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to execute arbitrary code via an SMIL (SMIL2) file with a long wallclock value.
42 CVE-2007-3408 2007-06-26 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have unspecified attack vectors and impact, probably involving the use of vulnerable FreeType libraries that contain CVE-2007-2754 and/or CVE-2007-1351.
43 CVE-2007-3403 Exec Code 2007-06-26 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Unrestricted file upload vulnerability in upload.php in dreamLog (aka dreamblog) 0.5 allows remote attackers to upload and execute arbitrary PHP code in uploads/images/ via the uploadedFile[] parameter.
44 CVE-2007-3402 Exec Code Sql 2007-06-26 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in pagetool 1.07 allows remote attackers to execute arbitrary SQL commands via the news_id parameter in a pagetool_news action.
45 CVE-2007-3401 Exec Code File Inclusion 2007-06-26 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in footer.inc.php in B1G b1gBB 2.24 allows remote attackers to execute arbitrary PHP code via a URL in the tfooter parameter.
46 CVE-2007-3400 20 2007-06-26 2017-10-11
9.3
None Remote Medium Not required Complete Complete Complete
The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157, as distributed in NCTAudioEditor and NCTAudioStudio 2.7, allows remote attackers to overwrite arbitrary files via the CreateFile method.
47 CVE-2007-3399 89 Exec Code Sql 2007-06-26 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in include/get_userdata.php in Power Phlogger (PPhlogger) 2.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.php.
48 CVE-2007-3394 Exec Code Sql 2007-06-26 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via the (1) artid parameter to mod.php in a viewarticle action (publisher mod) and the (2) bid parameter to banners.php in a click action. NOTE: the mod.php viewdisk and viewlink vectors are already covered by CVE-2006-6873.
49 CVE-2007-3391 20 DoS 2007-06-26 2017-10-11
7.8
None Remote Low Not required None None Complete
Wireshark 0.99.5 allows remote attackers to cause a denial of service (memory consumption) via a malformed DCP ETSI packet that triggers an infinite loop.
50 CVE-2007-3376 DoS Exec Code Overflow 2007-06-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long value in the title HTML tag, which triggers the overflow when the user adds the page as a bookmark.
Total number of vulnerabilities : 272   Page : 1 (This Page)2 3 4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.