CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2007

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2007-3340 119 1 DoS Overflow 2007-06-21 2018-10-16
7.8
None Remote Low Not required None None Complete
BugHunter HTTP SERVER (httpsv.exe) 1.6.2 allows remote attackers to cause a denial of service (application crash) via a large number of requests for nonexistent pages.
152 CVE-2007-3339 79 XSS 2007-06-21 2018-10-16
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in forum/include/error/autherror.cfm in FuseTalk Basic, Standard, Enterprise, and ColdFusion allow remote attackers to inject arbitrary web script or HTML via the (1) FTVAR_LINKP and (2) FTVAR_URLP parameters to (a) forum/include/error/autherror.cfm, and the (3) FTVAR_SCRIPTRUN parameter to (b) forum/include/common/comfinish.cfm and (c) blog/include/common/comfinish.cfm.
153 CVE-2007-3338 119 Exec Code Overflow 2007-06-22 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions.
154 CVE-2007-3337 2007-06-22 2018-10-16
2.1
None Local Low Not required None Partial None
wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file.
155 CVE-2007-3336 Exec Code 2007-06-22 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.
156 CVE-2007-3335 Exec Code Sql 2007-06-21 2008-11-13
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the admin panel in PHPEcho CMS before 1.6 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
157 CVE-2007-3334 Exec Code Overflow 2007-06-21 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors.
158 CVE-2007-3332 Dir. Trav. 2007-06-21 2018-10-16
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Satellite.php in Satel Lite for PhpNuke allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the name parameter in a modload action.
159 CVE-2007-3331 CSRF 2007-06-21 2017-07-29
5.0
None Remote Low Not required None Partial None
Cross-site request forgery (CSRF) vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to change the admin password via (1) a certain HTML form that is posted automatically by JavaScript or (2) a news post.
160 CVE-2007-3330 XSS 2007-06-21 2017-07-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to inject arbitrary web script or HTML via a news post, which is stored in news/ without sanitization.
161 CVE-2007-3329 Exec Code 2007-06-21 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple array index errors in the (1) get_intra_block, (2) get_inter_block_h263, and (3) get_inter_block_mpeg functions in src/bitstream/mbcoding.c in Xvid 1.1.2 allow remote attackers to execute arbitrary code via a crafted (a) Avi, (b) H.263, or (c) MPEG file.
162 CVE-2007-3328 XSS 2007-06-21 2017-07-29
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Interact 2.4 beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) module_key parameter to (a) kb/kb.php, (b) quiz/runquiz.php, (c) quiz/quiz.php, (d) forum/forum.php, (e) forum/byname.php, and (f) journal/journalview.php in modules/, and unspecified other scripts; the (2) tag_key parameter to modules/journal/journalview.php; the (3) user_group_key parameter to (g) users/secureaccounts.php; and (4) the request_uri parameter to (h) login.php.
163 CVE-2007-3327 +Info 2007-06-21 2018-10-16
5.0
None Remote Low Not required Partial None None
httpsv.exe in HTTP Server 1.6.2 allows remote attackers to obtain sensitive information (script source code) via a URI with a trailing %20 (encoded space).
164 CVE-2007-3326 XSS Dir. Trav. 2007-06-21 2018-10-16
5.8
None Remote Medium Not required None Partial Partial
Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow remote attackers to redirect visitors to arbitrary local files via a .. (dot dot) in (1) the loc parameter to admincp/index.php and (2) the Hyperlink information URl field for post Topic in showthread.php, enabling cross-site scripting (XSS) and other attacks, a different vulnerability than CVE-2005-3025.2.
165 CVE-2007-3325 Exec Code File Inclusion 2007-06-21 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in lib/language.php in LAN Management System (LMS) 1.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643 and CVE-2007-2205.
166 CVE-2007-3324 XSS 2007-06-21 2018-10-16
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Comersus Cart 7.07 allow remote attackers to inject arbitrary web script or HTML via the redirectUrl parameter to (1) comersus_customerAuthenticateForm.asp or (2) comersus_message.asp, different vectors than CVE-2004-0681.
167 CVE-2007-3323 Exec Code Sql 2007-06-21 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in comersus_optReviewReadExec.asp in Comersus Shop Cart 7.07 allows remote attackers to execute arbitrary SQL commands via the idProduct parameter. NOTE: this might be the same as CVE-2005-2190.2.
168 CVE-2007-3322 DoS 2007-06-21 2017-07-29
5.0
None Remote Low Not required None None Partial
The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware uses a constant media port number for calls, which allows remote attackers to cause a denial of service (audio quality loss) via a flood of packets to the RTP port.
169 CVE-2007-3321 DoS 2007-06-21 2017-07-29
5.0
None Remote Low Not required None None Partial
The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware allows remote attackers to cause a denial of service (device reboot) via a flood of packets to the BOOTP port (68/udp).
170 CVE-2007-3320 2007-06-21 2017-07-29
5.0
None Remote Low Not required None Partial None
The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware accepts SIP INVITE requests from arbitrary source IP addresses, which allows remote attackers to have an unspecified impact.
171 CVE-2007-3319 2007-06-21 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication, which allows remote attackers to conduct man-in-the-middle attacks and hijack or intercept communications.
172 CVE-2007-3318 DoS Overflow 2007-06-21 2017-07-29
5.0
None Remote Low Not required None None Partial
Buffer overflow in the Session Initiation Protocol (SIP) User Access Client (UAC) message parsing module in Avaya one-X Desktop Edition 2.1.0.70 and earlier allows remote attackers to cause a denial of service (call reception outage) via a malformed SIP message.
173 CVE-2007-3317 DoS 2007-06-21 2017-07-29
7.8
None Remote Low Not required None None Complete
The Session Initiation Protocol (SIP) User Access Client (UAC) message parsing module in Avaya one-X Desktop Edition 2.1.0.70 and earlier allows remote attackers to cause a denial of service (device crash) via a malformed SIP message.
174 CVE-2007-3316 DoS Exec Code 2007-06-21 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for a CD Digital Audio (CDDA) file, or (4) Service Announce Protocol (SAP) multicast packets.
175 CVE-2007-3315 Exec Code File Inclusion 2007-06-21 2012-10-31
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in YourFreeScreamer 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the serverPath parameter to bodyTemplate.php in (1) templates/Classic/, (2) templates/Classic Guestbook/, (3) templates/DarkNights/, and (4) templates/Simplistic/, different vectors than CVE-2007-3271. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
176 CVE-2007-3314 Exec Code Overflow 2007-06-21 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in peviewer.spl in Altap Servant Salamander 2.5 with Portable Executable Viewer 2.02 (English Trial), and 2.0 with Portable Executable Viewer 1.00 (English Trial), allows remote attackers to execute arbitrary code via a long PDB debug filename in a PE file.
177 CVE-2007-3313 Exec Code Sql 2007-06-21 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Jasmine CMS 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the login_username parameter to login.php or (2) the item parameter to news.php.
178 CVE-2007-3312 Dir. Trav. 2007-06-21 2017-10-11
9.0
None Remote Low ??? Complete Complete Complete
Directory traversal vulnerability in admin/plugin_manager.php in Jasmine CMS 1.0 allows remote authenticated administrators to include and execute arbitrary local files a .. (dot dot) in the u parameter. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers.
179 CVE-2007-3311 Exec Code Sql 2007-06-21 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in print.php in the Articles 1.02 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter.
180 CVE-2007-3310 XSS 2007-06-21 2017-07-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in arama.asp in TDizin allows remote attackers to inject arbitrary web script or HTML via the ara parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
181 CVE-2007-3309 Exec Code 2007-06-21 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.2 allows remote attackers to execute arbitrary PHP code during (1) creation or (2) editing of a message.
182 CVE-2007-3308 2007-06-21 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Simple Machines Forum (SMF) 1.1.2 uses a concatenation method with insufficient randomization when creating a WAV file CAPTCHA, which allows remote attackers to pass the CAPTCHA test via an automated brute-force attack.
183 CVE-2007-3307 Exec Code Sql 2007-06-21 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in game_listing.php in Solar Empire 2.9.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
184 CVE-2007-3306 Exec Code File Inclusion 2007-06-21 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in crontab/run_billing.php in MiniBill 1.2.5 allows remote attackers to execute arbitrary PHP code via a URL in the config[include_dir] parameter, a different vector than CVE-2006-4489.
185 CVE-2007-3305 Exec Code Overflow 2007-06-21 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Cerulean Studios Trillian 3.x before 3.1.6.0 allows remote attackers to execute arbitrary code via a message sent through the MSN protocol, or possibly other protocols, with a crafted UTF-8 string, which triggers improper memory allocation for word wrapping when a window width is used as a buffer size, a different vulnerability than CVE-2007-2478.
186 CVE-2007-3304 DoS 2007-06-20 2021-06-06
4.7
None Local Medium Not required None None Complete
Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
187 CVE-2007-3303 94 DoS Exec Code 2007-06-20 2018-10-16
4.9
None Local Low Not required None None Complete
Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
188 CVE-2007-3301 89 Exec Code Sql 2007-06-20 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in forum/include/error/autherror.cfm in FuseTalk allows remote attackers to execute arbitrary SQL commands via the errorcode parameter. NOTE: a patch may have been released privately between April and June 2007. NOTE: this issue may overlap CVE-2007-3273.
189 CVE-2007-3300 Bypass 2007-06-20 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive.
190 CVE-2007-3299 XSS 2007-06-20 2011-03-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in AWFFull before 3.7.4, when AllSearchStr (aka the All Search Terms report) is enabled, allows remote attackers to inject arbitrary web script or HTML via a search string.
191 CVE-2007-3298 Exec Code Sql 2007-06-20 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Spey before 0.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to MessageProcessor.cc and possibly other components.
192 CVE-2007-3297 Exec Code File Inclusion 2007-06-20 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Musoo 0.21 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[ini_array][EXTLIB_PATH] parameter to (1) msDb.php, (2) modules/MusooTemplateLite.php, or (3) modules/SoundImporter.php.
193 CVE-2007-3296 2007-06-20 2008-11-15
9.3
None Remote Medium Not required Complete Complete Complete
The ThunderServer.webThunder.1 ActiveX control in xunlei Web Thunderbolt 1.7.3.109 allows remote attackers to download arbitrary files and conduct other unauthorized actions by invoking dangerous methods.
194 CVE-2007-3295 Exec Code Dir. Trav. 2007-06-20 2018-10-16
6.5
None Remote Low ??? Partial Partial Partial
Directory traversal vulnerability in Yet another Bulletin Board (YaBB) 2.1 and earlier allows remote authenticated users to execute arbitrary Perl code via a .. (dot dot) in the userlanguage profile setting, which sets the userlanguage key of the member hash, and is propagated to the language variable in (1) HelpCentre.pl and (2) ICQPager.pl, (3) the use_lang variable in Subs.pl, and the actlang variable in (4) Post.pl and (5) InstantMessage.pl; as demonstrated by pointing userlanguage to the English folder, modifying English/HelpCentre.lng file to contain Perl statements, and then invoking the help action in YaBB.pl.
195 CVE-2007-3294 119 Exec Code Overflow 2007-06-20 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via (1) a long second argument to the tidy_parse_string function or (2) an unspecified vector to the tidy_repair_string function. NOTE: this might only be an issue in environments where vsnprintf is implemented as a wrapper for vsprintf.
196 CVE-2007-3293 Exec Code Sql 2007-06-20 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in categoria.php in LiveCMS 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
197 CVE-2007-3292 Exec Code 2007-06-20 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier allows remote attackers to upload and execute arbitrary PHP code by specifying a PHP file type in a parameter intended for "a small image" associated with an article.
198 CVE-2007-3291 79 XSS 2007-06-20 2017-10-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in LiveCMS 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via an article name, possibly involving the titulo parameter in article.php.
199 CVE-2007-3290 +Info 2007-06-20 2017-10-11
9.3
None Remote Medium Not required Complete Complete Complete
categoria.php in LiveCMS 3.4 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the cid parameter, which reveals the path in a forced SQL error message.
200 CVE-2007-3289 Exec Code File Inclusion 2007-06-20 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in spaw/spaw_control.class.php in the WiwiMod 0.4 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656.
Total number of vulnerabilities : 563   Page : 1 2 3 4 (This Page)5 6 7 8 9 10 11 12
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.