CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2007

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2007-3288 XSS 2007-06-20 2018-10-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the skeltoac stats (Automattic Stats) 1.0 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer field.
202 CVE-2007-3285 264 Bypass 2007-06-20 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would.
203 CVE-2007-3284 DoS 2007-06-19 2012-10-31
7.8
None Remote Low Not required None None Complete
corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows remote attackers to cause a denial of service (crash) via certain forms that trigger errors related to History, possibly involving multiple form fields with the same name.
204 CVE-2007-3283 2007-06-19 2017-10-11
6.8
None Local Low ??? Complete Complete Complete
GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root is logged into the console, does not automatically lock the screen after a session has been inactive, which might allow physically proximate attackers to access the console.
205 CVE-2007-3282 DoS Exec Code Overflow 2007-06-19 2017-10-11
7.8
None Remote Low Not required None None Complete
Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX object allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the DeleteRecordSourceIfUnused method.
206 CVE-2007-3281 XSS 2007-06-19 2018-10-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Php Hosting Biller 1.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
207 CVE-2007-3280 2007-06-19 2018-10-16
9.0
None Remote Low ??? Complete Complete Complete
The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access.
208 CVE-2007-3279 2007-06-19 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
PostgreSQL 8.1 and probably later versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing attacks, which may evade intrusion detection.
209 CVE-2007-3278 264 2007-06-19 2018-10-16
6.9
None Local Medium Not required Complete Complete Complete
PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.
210 CVE-2007-3277 2007-06-19 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the localization before 1.2 module for WIKINDX allows attackers to access certain administrative capabilities via unknown vectors.
211 CVE-2007-3276 XSS 2007-06-19 2017-07-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Site@School (S@S) 2.4.10 allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
212 CVE-2007-3275 255 2007-06-19 2017-07-29
7.1
None Remote Medium Not required Complete None None
MailWasher Server before 2.2.1, when used with LDAP or Active Directory (AD), does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account, possibly related to the LoginCheck::doPost function in mwi/servlet/Login.cpp. NOTE: some of these details are obtained from third party information.
213 CVE-2007-3274 399 DoS 2007-06-19 2018-10-16
4.3
None Remote Medium Not required None None Partial
Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause a denial of service (application crash) via JavaScript that sets the document.location variable, as demonstrated by an empty value of document.location.
214 CVE-2007-3273 89 Exec Code Sql 2007-06-19 2012-10-24
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.cfm in FuseTalk 2.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
215 CVE-2007-3272 Dir. Trav. 2007-06-19 2017-10-11
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in index.php in MiniBB 2.0.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the language parameter in a register action.
216 CVE-2007-3271 Exec Code File Inclusion 2007-06-19 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in templates/2blue/bodyTemplate.php in YourFreeScreamer 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the serverPath parameter.
217 CVE-2007-3270 Exec Code File Inclusion 2007-06-19 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in Includes/global.inc.php in phpMyInventory 2.8 allows remote attackers to execute arbitrary PHP code via a URL in the strIncludePrefix parameter.
218 CVE-2007-3269 XSS 2007-06-19 2018-10-16
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Papoo Light 3.6 before 20070611 allow remote attackers to inject arbitrary web script or HTML via (1) the URI in a GET request or (2) the Title field of a visitor comment, and (3) allow remote authenticated users to inject arbitrary web script or HTML via a message to another user. NOTE: vector (2) might overlap CVE-2006-3571.1.
219 CVE-2007-3267 XSS 2007-06-19 2018-10-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.01b and earlier allows remote attackers to inject arbitrary web script or HTML via the fromaction parameter in a log action, a different vector than CVE-2007-3235.
220 CVE-2007-3266 Dir. Trav. 2007-06-19 2018-10-16
9.0
None Remote Low Not required Complete Partial Partial
Directory traversal vulnerability in webif.cgi in ifnet WEBIF allows remote attackers to include and execute arbitrary local files a .. (dot dot) in the outconfig parameter.
221 CVE-2007-3265 XSS 2007-06-19 2017-07-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Samples component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
222 CVE-2007-3264 2007-06-19 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors.
223 CVE-2007-3263 2007-06-19 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors, related to "incorrect authorization on a remote interface to the SDO repository."
224 CVE-2007-3262 DoS 2007-06-19 2017-07-29
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to cause a denial of service related to a thread hang, and possibly related to a "TCP issue," or to MPAlarmThread and a resultant memory leak.
225 CVE-2007-3261 XSS 2007-06-19 2017-07-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in widgets/widget_search.php in dKret before 2.6 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).
226 CVE-2007-3260 +Priv 2007-06-19 2017-07-29
9.0
None Remote Low ??? Complete Complete Complete
HP System Management Homepage (SMH) before 2.1.9 for Linux, when used with Novell eDirectory, assigns the eDirectory members to the root group, which allows remote authenticated eDirectory users to gain privileges.
227 CVE-2007-3259 +Info 2007-06-26 2018-10-16
5.0
None Remote Low Not required Partial None None
Calendarix 0.7.20070307 allows remote attackers to obtain sensitive information via (1) an invalid month[] parameter to calendar.php, (2) an invalid catview[] parameter to cal_week.php in a week operation, (3) an invalid ycyear[] parameter to yearcal.php, or (4) a direct request to cal_functions.inc.php, which reveals the installation path in various error messages.
228 CVE-2007-3258 +Info 2007-06-27 2017-07-29
5.0
None Remote Low Not required Partial None None
calendar.php in Calendarix 0.7.20070307 allows remote attackers to obtain sensitive information via large values to the (1) year and (2) month parameters, which causes negative values to be passed to the mktime library call, and reveals the installation path in the error message.
229 CVE-2007-3257 Exec Code 2007-06-19 2018-10-16
6.8
None Remote Medium Not required Partial Partial Partial
Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index.
230 CVE-2007-3256 2007-06-27 2018-10-16
4.0
None Remote Low ??? None Partial None
Xythos Enterprise Document Manager (XEDM), Digital Locker (XDL), and possibly WebFile Server before 6.0.46.1 allow remote authenticated users to associate arbitrary Content-Type HTTP headers with documents, which might facilitate malware distribution.
231 CVE-2007-3255 Exec Code CSRF 2007-06-27 2018-10-16
6.5
None Remote Low ??? Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to execute commands as arbitrary users via (1) a saved Workflow name or (2) the Content-Type HTTP header. NOTE: item 2 also affects the same version numbers of Xythos Digital Locker (XDL). One or both vectors might also affect Xythos WebFile Server.
232 CVE-2007-3254 XSS 2007-06-27 2018-10-16
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to inject arbitrary web script or HTML via (1) a saved Workflow name; (2) a Workflow name, related to deletion of a Workflow template; (3) the Content-Type HTTP header; or (4) the name of an uploaded file. NOTE: items 3 and 4 also affect the same version numbers of Xythos Digital Locker (XDL). Some or all vectors might also affect Xythos WebFile Server.
233 CVE-2007-3253 DoS 2007-06-18 2017-07-29
7.8
None Remote Low Not required None None Complete
Multiple unspecified vulnerabilities in Astaro Security Gateway (ASG) before 7.005 allow remote attackers to cause a denial of service via (1) certain email, which stops the SMTP Proxy during scanning; (2) certain HTTP traffic, which stops or slows down the HTTP proxy during HTTP responses containing virus scanned web pages; and (3) a disconnection during a streaming session.
234 CVE-2007-3252 2007-06-18 2018-10-16
7.8
None Remote Low Not required Complete None None
PortalApp stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for 8691.mdb, a different vector than CVE-2004-1786.
235 CVE-2007-3251 Dir. Trav. 2007-06-18 2017-10-19
7.8
None Remote Low Not required Complete None None
Multiple directory traversal vulnerabilities in e-Vision CMS 2.02 and earlier allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the adminlang cookie to admin/functions.php or (2) read arbitrary local files via the img parameter to admin/show_img.php.
236 CVE-2007-3250 Exec Code Sql 2007-06-18 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in mod_banners.php in Elxis CMS before 2006.4 20070613 allows remote attackers to execute arbitrary SQL commands via the mb_tracker cookie. NOTE: the product was patched without updating the version number; later downloads of 2006.4 are not affected.
237 CVE-2007-3249 XSS 2007-06-18 2017-07-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in mod_lettermansubscribe.php in the Letterman Subscriber (mod_letterman) before 1.2.5 module for Joomla! allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter.
238 CVE-2007-3248 DoS 2007-06-18 2017-10-11
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Sun Solaris 10 before 20070614, when IPv6 interfaces are present but not configured for IPsec, allows remote attackers to cause a denial of service (system crash) via certain network traffic.
239 CVE-2007-3247 Exec Code Sql 2007-06-18 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in VirtueMart before 1.0.11 allows remote attackers to execute arbitrary SQL commands via unspecified parameters, possibly related to improper input validation of the PATH_INFO (PHP_SELF) by virtuemart_parser.php.
240 CVE-2007-3246 2007-06-15 2017-07-29
5.0
None Remote Low Not required Partial None None
The do_set_password function in modules/chanserv/set.c in IRC Services before 5.0.60 preserves channel founder privileges across a channel password change (ChanServ SET PASSWORD), which allows remote authenticated users to obtain the new password through automated e-mail, or perform privileged actions without knowing the new password.
241 CVE-2007-3245 2007-06-15 2017-07-29
5.0
None Remote Low Not required None None Partial
IRC Services before 5.0.62, and 5.1 before 5.1pre3, allows remote attackers to disconnect users with guest nicknames by linking a guest nickname to a nickname that is already registered.
242 CVE-2007-3244 Exec Code Sql 2007-06-15 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in bb-includes/formatting-functions.php in bbPress before 0.8.1 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors to forums/bb-edit.php, as demonstrated by a PRE element, aka the "quircky slashes bug."
243 CVE-2007-3243 XSS 2007-06-15 2017-07-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in bb-login.php in bbPress 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the re parameter. NOTE: exploitation may require forcing the client to send a certain Referer header.
244 CVE-2007-3242 264 Exec Code 2007-06-15 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
The Menu Manager Mod for (1) web-app.net WebAPP (aka WebAPP NE) 0.9.9.3.3 through 0.9.9.8, and (2) web-app.org WebAPP before 0.9.9.6, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the titles of items in a personal menu.
245 CVE-2007-3241 XSS 2007-06-15 2018-10-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in blogroll.php in the cordobo-green-park theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI.
246 CVE-2007-3240 Exec Code XSS 2007-06-15 2018-10-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in 404.php in the Vistered-Little theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI) that accesses index.php. NOTE: this can be leveraged for PHP code execution in an administrative session.
247 CVE-2007-3239 Exec Code XSS 2007-06-15 2018-10-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in searchform.php in the AndyBlue theme before 20070607 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to index.php. NOTE: this can be leveraged for PHP code execution in an administrative session.
248 CVE-2007-3238 XSS 2007-06-15 2018-10-16
6.0
None Remote Medium ??? Partial Partial Partial
Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability.
249 CVE-2007-3237 Exec Code File Inclusion 2007-06-15 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin/spaw/spaw_control.class.php in the TinyContent 1.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656.
250 CVE-2007-3236 Exec Code File Inclusion 2007-06-15 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in footer.php in the Horoscope 1.0 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter.
Total number of vulnerabilities : 563   Page : 1 2 3 4 5 (This Page)6 7 8 9 10 11 12
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.