CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2007

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
501 CVE-2007-2833 DoS 2007-06-21 2008-09-05
7.8
None Remote Low Not required None None Complete
Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.
502 CVE-2007-2801 79 XSS 2007-06-30 2018-10-16
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in open.php in eTicket 1.5.5 and 1.5.5.1, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) err and (2) warn parameters. NOTE: the vendor disputes the significance of the issue, stating that "eTicket is not designed to work with register_globals On."
503 CVE-2007-2800 +Info 2007-06-28 2018-10-16
5.0
None Remote Low Not required Partial None None
index.php in eTicket 1.5.5.1 and earlier allows remote attackers to obtain sensitive information via the (1) name[], (2) email[], (3) phone[], or (4) subject[] parameters, which reveals the installation path in the resulting error messages.
504 CVE-2007-2798 787 Exec Code Overflow 2007-06-26 2021-02-02
9.0
None Remote Low ??? Complete Complete Complete
Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.
505 CVE-2007-2796 DoS 2007-06-12 2018-10-16
7.8
None Remote Low Not required None None Complete
Arris Cadant C3 CMTS allows remote attackers to cause a denial of service (service termination) via a malformed IP packet with an invalid IP option.
506 CVE-2007-2520 Exec Code Sql 2007-06-26 2018-10-16
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in admin.php in MyNews 0.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authacc cookie.
507 CVE-2007-2514 Exec Code Overflow 2007-06-06 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in XferWan.exe as used in multiple products including (1) Symantec Discovery 6.5, (2) Numara Asset Manager 8.0, and (3) Centennial UK Ltd Discovery 2006 Feature Pack, allows remote attackers to execute arbitrary code via a long request. NOTE: this might be a reservation duplicate of CVE-2007-1173.
508 CVE-2007-2513 2007-06-04 2017-07-29
4.3
None Remote Medium Not required Partial None None
Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before 6.5 post-SP6 20070522, allows remote attackers to obtain credentials via a man-in-the-middle attack.
509 CVE-2007-2512 2007-06-07 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and later enables the mini switch by default, which allows attackers to gain access to the voice VLAN via daisy-chained systems.
510 CVE-2007-2453 2007-06-11 2018-10-30
1.2
None Local High Not required Partial None None
The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed pools when there is no entropy, or (2) uses an incorrect cast when extracting entropy, which might cause the random number generator to provide the same values after reboots on systems without an entropy source.
511 CVE-2007-2452 Exec Code Overflow 2007-06-04 2018-10-16
6.0
None Remote Medium ??? Partial Partial Partial
Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036.
512 CVE-2007-2450 79 XSS 2007-06-14 2019-03-25
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
513 CVE-2007-2449 XSS 2007-06-14 2019-03-25
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.
514 CVE-2007-2448 +Info 2007-06-14 2012-11-06
2.1
None Remote High ??? Partial None None
Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit.
515 CVE-2007-2443 Exec Code 2007-06-26 2021-02-02
8.3
None Local Network Low Not required Complete Complete Complete
Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value.
516 CVE-2007-2442 Exec Code 2007-06-26 2021-02-02
10.0
None Remote Low Not required Complete Complete Complete
The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.
517 CVE-2007-2419 Exec Code Overflow 2007-06-06 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the AddFileEx method, a different vulnerability than CVE-2007-0328.
518 CVE-2007-2401 79 XSS 2007-06-25 2018-10-16
4.3
None Remote Medium Not required None Partial None
CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks.
519 CVE-2007-2400 79 XSS Bypass 2007-06-25 2011-08-10
4.3
None Remote Medium Not required None Partial None
Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects.
520 CVE-2007-2399 Exec Code Mem. Corr. 2007-06-25 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption.
521 CVE-2007-2398 2007-06-21 2018-10-16
7.1
None Remote Medium Not required None Complete None
Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks.
522 CVE-2007-2391 79 XSS 2007-06-14 2018-10-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via a web page that includes a windows.setTimeout function that is activated after the user has moved from the current page.
523 CVE-2007-2387 2007-06-04 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Apple Xserve Lights-Out Management before Firmware Update 1.0 on Intel hardware does not require a password for remote access to IPMI, which allows remote attackers to gain administrative access via unspecified requests with ipmitool.
524 CVE-2007-2279 264 Exec Code Bypass 2007-06-04 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\VxSvc\CurrentVersion\Schedules specifying future command execution.
525 CVE-2007-2237 DoS 2007-06-06 2018-10-16
7.1
None Remote Medium Not required None None Complete
Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error.
526 CVE-2007-2229 264 +Info 2007-06-12 2018-10-16
7.2
None Local Low Not required Complete Complete Complete
Microsoft Windows Vista uses insecure default permissions for unspecified "local user information data stores" in the registry and the file system, which allows local users to obtain sensitive information such as administrative passwords, aka "Permissive User Information Store ACLs Information Disclosure Vulnerability."
527 CVE-2007-2227 +Info 2007-06-12 2018-10-16
4.3
None Remote Medium Not required Partial None None
The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability."
528 CVE-2007-2225 +Info 2007-06-12 2018-10-16
4.3
None Remote Medium Not required Partial None None
A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability."
529 CVE-2007-2222 119 1 Exec Code Overflow Mem. Corr. 2007-06-12 2021-07-23
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS.
530 CVE-2007-2219 Exec Code 2007-06-12 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.
531 CVE-2007-2218 DoS Exec Code 2007-06-12 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake.
532 CVE-2007-1863 DoS 2007-06-27 2021-06-06
5.0
None Remote Low Not required None None Partial
cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
533 CVE-2007-1862 +Info 2007-06-04 2021-06-06
5.0
None Remote Low Not required Partial None None
The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
534 CVE-2007-1792 DoS 2007-06-27 2018-10-16
7.8
None Remote Low Not required None None Complete
libdayzero.dll in the Filter Hub Service (filter-hub.exe) in Symantec Mail Security for SMTP before 5.0.1 Patch 181 and Mail Security Appliance before 5.0.0-36 allows remote attackers to cause a denial of service (crash) via a crafted executable attachment in an e-mail, involving the detection of "PE-Shield v0.2" and "ASPack v1.00-1.08.02".
535 CVE-2007-1751 94 Exec Code Mem. Corr. 2007-06-12 2021-07-23
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka "Uninitialized Memory Corruption Vulnerability."
536 CVE-2007-1750 Exec Code Mem. Corr. 2007-06-12 2021-07-23
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption.
537 CVE-2007-1685 DoS Exec Code Overflow 2007-06-08 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in k9filter.exe in BlueCoat K9 Web Protection 3.2.36, and probably other versions before 3.2.44, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request to port 2372.
538 CVE-2007-1665 DoS 2007-06-27 2017-07-29
5.0
None Remote Low Not required None None Partial
Memory leak in the token OCR functionality in ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service.
539 CVE-2007-1664 DoS 2007-06-27 2017-07-29
5.0
None Remote Low Not required None None Partial
ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service (NULL pointer dereference) via a vector related to the token OCR functionality.
540 CVE-2007-1663 DoS 2007-06-27 2017-07-29
5.0
None Remote Low Not required None None Partial
Memory leak in the image message functionality in ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service.
541 CVE-2007-1593 399 DoS 2007-06-04 2017-07-29
5.0
None Remote Low Not required None None Partial
The administrative service in Symantec Veritas Volume Replicator (VVR) for Windows 3.1 through 4.3, and VVR for Unix 3.5 through 5.0, in Symantec Storage Foundation products allows remote attackers to cause a denial of service (memory consumption and service crash) via a crafted packet to the service port (8199/tcp) that triggers a request for more memory than available, which causes the service to write to an invalid pointer.
542 CVE-2007-1362 20 DoS 2007-06-01 2018-10-16
4.3
None Remote Medium Not required None None Partial
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name values, which could trigger a misinterpretation of cookie data, aka "Path Abuse in Cookies."
543 CVE-2007-0936 Exec Code Mem. Corr. 2007-06-12 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability."
544 CVE-2007-0934 Exec Code Mem. Corr. 2007-06-12 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption.
545 CVE-2007-0933 DoS Exec Code Overflow 2007-06-05 2017-07-29
7.8
None Remote Low Not required None None Complete
Buffer overflow in the wireless driver 6.0.0.18 for D-Link DWL-G650+ (Rev. A1) on Windows XP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a beacon frame with a long TIM Information Element.
546 CVE-2007-0773 DoS 2007-06-26 2017-10-11
4.6
None Local Low ??? None None Complete
The Linux kernel before 2.6.9-42.0.8 in Red Hat 4.4 allows local users to cause a denial of service (kernel OOPS from null dereference) via fput in a 32-bit ioctl on 64-bit x86 systems, an incomplete fix of CVE-2005-3044.1.
547 CVE-2007-0328 Exec Code 2007-06-01 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via (1) the Execute method, and obtain the exit status using (2) the GetExitCode method.
548 CVE-2007-0245 119 Exec Code Overflow 2007-06-12 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier allows remote attackers to execute arbitrary code via a RTF file with a crafted prtdata tag with a length parameter inconsistency, which causes vtable entries to be overwritten.
549 CVE-2007-0218 94 Exec Code Mem. Corr. 2007-06-12 2021-07-23
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function.
550 CVE-2007-0068 +Priv 2007-06-06 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature on a signed scheduled agent after the agent is modified, which allows remote authenticated users to gain privileges via a modified agent in a server database.
Total number of vulnerabilities : 563   Page : 1 2 3 4 5 6 7 8 9 10 11 (This Page)12
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.