CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2007

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
451 CVE-2007-2998 DoS 2007-06-04 2017-07-29
4.9
None Local Low Not required None None Complete
The Pascal run-time library (PAS$RTL.EXE) before 20070418 on OpenVMS for Integrity Servers 8.3, and PAS$RTL.EXE before 20070419 on OpenVMS Alpha 8.3, does not properly restore PC and PSL values, which allows local users to cause a denial of service (system crash) via certain Pascal code.
452 CVE-2007-2997 89 Exec Code Sql 2007-06-04 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** Multiple SQL injection vulnerabilities in cgi-bin/reorder2.asp in SalesCart Shopping Cart allow remote attackers to execute arbitrary SQL commands via the password field and other unspecified vectors. NOTE: the vendor disputes this issue, stating "We were able to reproduce this sql injection on an old out-of-date demo on the website but not on the released product."
453 CVE-2007-2996 +Priv 2007-06-04 2012-10-31
6.6
None Local Medium ??? Complete Complete Complete
Unspecified vulnerability in perl.rte 5.8.0.10 through 5.8.0.95 on IBM AIX 5.2, and 5.8.2.10 through 5.8.2.50 on AIX 5.3, allows local users to gain privileges via unspecified vectors related to the installation and "waiting for a legitimate user to execute a binary that ships with Perl."
454 CVE-2007-2995 2007-06-04 2017-07-29
4.3
None Remote Medium Not required None None Partial
Unspecified vulnerability in sysmgt.websm.rte in IBM AIX 5.2.0 and 5.3.0 has unknown impact and attack vectors.
455 CVE-2007-2994 Exec Code Sql 2007-06-04 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a fullnews action, a different vector than CVE-2007-0693.
456 CVE-2007-2993 XSS 2007-06-04 2018-10-16
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in OmegaMw7.asp in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allow remote attackers to inject arbitrary web script or HTML via (1) user-created text fields; the (2) F05003, (3) F05005, and (4) F05015 fields; and other unspecified standard fields.
457 CVE-2007-2992 Exec Code Sql 2007-06-04 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in OmegaMw7.asp in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allow remote attackers to execute arbitrary SQL commands via (1) user-created text fields; the (2) F05003, (3) F05005, and (4) F05015 fields; and other unspecified standard fields.
458 CVE-2007-2991 XSS 2007-06-04 2018-10-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in includes/send.inc.php in Evenzia CMS allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
459 CVE-2007-2990 DoS 2007-06-01 2017-10-11
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in inetd in Sun Solaris 10 before 20070529 allows local users to cause a denial of service (daemon termination) via unspecified manipulations of the /var/run/.inetd.uds Unix domain socket file.
460 CVE-2007-2989 DoS 2007-06-01 2017-10-11
7.8
None Remote Low Not required None None Complete
The libike library in Sun Solaris 9 before 20070529 contains a logic error related to a certain pointer, which allows remote attackers to cause a denial of service (in.iked daemon crash) by sending certain UDP packets with a source port different from 500. NOTE: this issue might overlap CVE-2006-2298.
461 CVE-2007-2988 2007-06-01 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
A certain admin script in Inout Meta Search Engine sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a request to admin/create_engine.php followed by a request to admin/generate_tabs.php.
462 CVE-2007-2987 119 Exec Code Overflow 2007-06-01 2011-09-20
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in certain ActiveX controls in sasatl.dll in Zenturi ProgramChecker allow remote attackers to execute arbitrary code via unspecified vectors, possibly involving the (1) DebugMsgLog or (2) DoFileProperties methods.
463 CVE-2007-2986 Exec Code File Inclusion 2007-06-01 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in lib/live_status.lib.php in AdminBot MX 9.0.5 allows remote attackers to execute arbitrary PHP code via a URL in the ROOT parameter.
464 CVE-2007-2985 264 Exec Code Bypass +Info 2007-06-01 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Pheap 2.0 allows remote attackers to bypass authentication by setting a pheap_login cookie value to the administrator's username, which can be used to (1) obtain sensitive information, including the administrator password, via settings.php or (2) upload and execute arbitrary PHP code via an update_doc action in edit.php.
465 CVE-2007-2984 119 Exec Code Overflow 2007-06-01 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple stack-based buffer overflows in the Media Technology Group CDPass ActiveX control in CDPass.dll allow remote attackers to execute arbitrary code via unspecified vectors, possibly involving the GetTOC2 method.
466 CVE-2007-2982 Exec Code Overflow 2007-06-01 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the British Telecommunications Business Connect webhelper ActiveX control before 1.0.0.7 in btbconnectwebcontrol.dll allow remote attackers to execute arbitrary code via unspecified vectors.
467 CVE-2007-2981 119 Exec Code Overflow 2007-06-01 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in a certain ActiveX control in LEAD Technologies LEADTOOLS Raster OCR Document Object Library (ltrdc14e.dll) 14.5.0.44 allows remote attackers to execute arbitrary code via a long DictionaryFileName property.
468 CVE-2007-2980 119 DoS Exec Code Overflow 2007-06-01 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in a certain ActiveX control in LEADTOOLS LEAD Raster ISIS Object (LTRIS14e.DLL) 14.5.0.44 allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long DriverName property, a different ActiveX control than CVE-2007-2827.
469 CVE-2007-2979 2007-06-01 2017-07-29
7.8
None Remote Low Not required Complete None None
Techno Dreams Web Directory / Search Engine 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Database.mdb.
470 CVE-2007-2978 59 2007-06-01 2018-10-16
6.8
None Remote Medium Not required Partial Partial Partial
Session fixation vulnerability in eggblog 3.1.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
471 CVE-2007-2977 DoS Overflow 2007-06-01 2017-07-29
7.8
None Remote Low Not required None None Complete
Buffer overflow in the receive function in submit/submitcommon.c in the submit daemon in DOMjudge before 2.0.0RC1 allows remote attackers to cause a denial of service or have other unspecified impact. NOTE: some of these details are obtained from third party information.
472 CVE-2007-2976 XSS 2007-06-01 2017-07-29
4.3
None Remote Medium Not required None Partial None
Centrinity FirstClass 8.3 and earlier, and Server and Internet Services 8.0 and earlier, do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS) attacks. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
473 CVE-2007-2975 264 Exec Code +Priv 2007-06-01 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
The admin console in Ignite Realtime Openfire 3.3.0 and earlier (formerly Wildfire) does not properly specify a filter mapping in web.xml, which allows remote attackers to gain privileges and execute arbitrary code by accessing functionality that is exposed through DWR, as demonstrated using the downloader.
474 CVE-2007-2974 Exec Code Overflow 2007-06-01 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the file parsing engine in Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to execute arbitrary code via a crafted LZH archive file, resulting from an "integer cast around."
475 CVE-2007-2973 DoS 2007-06-01 2018-10-16
7.8
None Remote Low Not required None None Complete
Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed TAR archive.
476 CVE-2007-2972 DoS 2007-06-01 2018-10-16
7.8
None Remote Low Not required None None Complete
The file parsing engine in Avira Antivir Antivirus before 7.04.00.24 allows remote attackers to cause a denial of service (application crash) via a crafted UPX compressed file, which triggers a divide-by-zero error.
477 CVE-2007-2971 Exec Code Sql 2007-06-01 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in getnewsitem.php in gCards 1.46 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
478 CVE-2007-2970 XSS 2007-06-01 2017-07-29
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in cgi/block.cgi in 8e6 R3000 Internet Filter allow remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) CAT, and (3) USER parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
479 CVE-2007-2969 Exec Code File Inclusion 2007-06-01 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in newsletter.php in WAnewsletter 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the waroot parameter.
480 CVE-2007-2968 XSS 2007-06-01 2018-10-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in register.php in cpCommerce 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter (Full Name field).
481 CVE-2007-2951 Exec Code 2007-06-26 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc 3.2.0 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an (1) irc:// or (2) irc6:// URI.
482 CVE-2007-2948 Exec Code Overflow 2007-06-07 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in stream/stream_cddb.c in MPlayer before 1.0rc1try3 allow remote attackers to execute arbitrary code via a CDDB entry with a long (1) album title or (2) category.
483 CVE-2007-2924 Exec Code Overflow 2007-06-19 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in RealNetworks GameHouse dldisplay ActiveX control (ghdlctl.dll) allow remote attackers to execute arbitrary code via unknown vectors.
484 CVE-2007-2923 Exec Code 2007-06-18 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
The launch method in the LocalExec ActiveX control (LocalExec.ocx) in Novell exteNd Director 4.1 and Portal Services allows remote attackers to execute arbitrary commands.
485 CVE-2007-2921 Exec Code Overflow 2007-06-14 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in acgm.dll in the Corel / Micrografx ActiveCGM Browser ActiveX control before 7.1.4.19 allow remote attackers to execute arbitrary code via unspecified vectors.
486 CVE-2007-2920 Exec Code Overflow 2007-06-11 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the Zoomify Viewer ActiveX control in ZActiveX.dll might allow remote attackers to execute arbitrary code via unspecified vectors.
487 CVE-2007-2919 DoS Exec Code Overflow 2007-06-06 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the FViewerLoading ActiveX control (FlipViewerX.dll) in E-Book Systems FlipViewer before 4.1 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via long (1) UID, (2) Opf, (3) PAGENO, (4) LaunchMode, (5) SubID, (6) BookID, (7) LibraryID, (8) SubURL, and (9) LoadOpf properties.
488 CVE-2007-2918 DoS Exec Code Overflow 2007-06-01 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple stack-based buffer overflows in ActiveX controls (1) VibeC in (a) vibecontrol.dll, (2) CallManager and (3) ViewerClient in (b) StarClient.dll, (4) ComLink in (c) uicomlink.dll, and (5) WebCamXMP in (d) wcamxmp.dll in Logitech VideoCall allow remote attackers to cause a denial of service (browser crash) and execute arbitrary code via unspecified vectors.
489 CVE-2007-2917 Exec Code Overflow 2007-06-01 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in a certain ActiveX control in odapi.dll in Authentium Command Antivirus before 4.93.8 allow remote attackers to execute arbitrary code via unspecified vectors.
490 CVE-2007-2876 DoS 2007-06-11 2018-10-30
6.1
None Local Network Low Not required None None Complete
The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, allows remote attackers to cause a denial of service by causing certain invalid states that trigger a NULL pointer dereference.
491 CVE-2007-2875 189 2007-06-11 2018-10-19
2.1
None Local Low Not required Partial None None
Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file.
492 CVE-2007-2873 DoS 2007-06-11 2017-10-11
1.9
None Local Medium Not required None None Partial
SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as root in unusual configurations using vpopmail or virtual users, allows local users to cause a denial of service (corrupt arbitrary files) via a symlink attack on a file that is used by spamd.
493 CVE-2007-2872 189 DoS Exec Code Overflow 2007-06-04 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments.
494 CVE-2007-2871 2007-06-01 2018-10-16
4.3
None Remote Medium Not required None Partial None
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: this issue can be leveraged for phishing and other attacks.
495 CVE-2007-2870 XSS Bypass 2007-06-01 2018-10-16
4.3
None Remote Medium Not required None Partial None
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the addEventListener method to add an event listener for a site, which is executed in the context of that site.
496 CVE-2007-2869 DoS 2007-06-01 2018-10-16
4.3
None Remote Medium Not required None None Partial
The form autocomplete feature in Mozilla Firefox 1.5.x before 1.5.0.12, 2.x before 2.0.0.4, and possibly earlier versions, allows remote attackers to cause a denial of service (persistent temporary CPU consumption) via a large number of characters in a submitted form.
497 CVE-2007-2868 94 DoS Exec Code Mem. Corr. 2007-06-01 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger memory corruption.
498 CVE-2007-2867 119 DoS Overflow 2007-06-01 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues.
499 CVE-2007-2864 Exec Code Overflow 2007-06-06 2021-04-14
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file.
500 CVE-2007-2863 Exec Code Overflow 2007-06-06 2021-04-08
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a long filename in a .CAB file.
Total number of vulnerabilities : 563   Page : 1 2 3 4 5 6 7 8 9 10 (This Page)11 12
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.