CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2007

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
301 CVE-2007-3184 287 Bypass 2007-06-12 2018-10-19
7.2
None Local Low Not required Complete Complete Complete
Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu when the Access Control Server (ACS) produces a user notification message after posture validation.
302 CVE-2007-3183 Exec Code Sql 2007-06-26 2018-10-16
6.8
None Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Calendarix 0.7.20070307, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters to calendar.php and the (3) search string to cal_search.php.
303 CVE-2007-3182 XSS 2007-06-26 2018-10-16
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Calendarix 0.7.20070307, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) year and (2) month parameters to calendar.php, and the (3) leftfooter parameter to cal_footer.inc.php. NOTE: the ycyear parameter to yearcal.php is already covered by CVE-2006-1835.
304 CVE-2007-3181 Exec Code Overflow 2007-06-12 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows remote attackers to execute arbitrary code via a large p_cnct_count value in a p_cnct structure in a connect (0x01) request to port 3050/tcp, related to "an InterBase version of gds32.dll."
305 CVE-2007-3180 119 Overflow 2007-06-12 2018-10-16
9.4
None Remote Low Not required Complete Complete None
Buffer overflow in Help and Support Center before 4.4 C on HP Windows systems allows remote attackers to read or write arbitrary files via unknown vectors.
306 CVE-2007-3179 Exec Code Sql 2007-06-11 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in archives.php in Particle Blogger 1.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the month parameter and other unspecified vectors.
307 CVE-2007-3178 Exec Code Sql 2007-06-11 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Zindizayn Okul Web Sistemi 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) pass parameter to (a) mezungiris.asp or (b) ogretmenkontrol.asp.
308 CVE-2007-3177 287 Bypass 2007-06-11 2017-07-29
5.0
None Remote Low Not required Partial None None
Ingate Firewall and SIParator before 4.5.2 allow remote attackers to bypass SIP authentication via a certain maddr parameter.
309 CVE-2007-3176 2007-06-11 2017-07-29
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in Ingate Firewall and SIParator before 4.5.2 allows remote authenticated users without full privileges to download a Support Report.
310 CVE-2007-3175 Exec Code Sql 2007-06-11 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in W2B Online Banking allow remote attackers to execute arbitrary SQL commands via (1) the draft parameter to mailer.w2b or (2) the listDocPay parameter to DocPay.w2b.
311 CVE-2007-3174 XSS 2007-06-11 2017-07-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in auth.w2b in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the adtype parameter, a different vector than CVE-2006-1980.
312 CVE-2007-3173 +Info 2007-06-11 2018-10-16
5.0
None Remote Low Not required Partial None None
Almnzm allows remote attackers to obtain sensitive information via an activateorder request to index.php with an invalid orderid parameter, probably related to '[' and ']' characters.
313 CVE-2007-3172 Dir. Trav. 2007-06-11 2017-07-29
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in demo/pop3/error.php in Uebimiau Webmail allows remote attackers to determine the existence of arbitrary directories via an absolute pathname and .. (dot dot) in the selected_theme parameter.
314 CVE-2007-3171 +Info 2007-06-11 2017-07-29
5.0
None Remote Low Not required Partial None None
Uebimiau Webmail allows remote attackers to obtain sensitive information via a request to demo/pop3/error.php with an invalid value of the (1) smarty or (2) selected_theme parameter, which reveals the path in various error messages.
315 CVE-2007-3170 XSS 2007-06-11 2017-07-29
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Uebimiau Webmail allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to redirect.php or (2) the selected_theme parameter to demo/pop3/error.php.
316 CVE-2007-3169 119 DoS Exec Code Overflow 2007-06-11 2017-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in a certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long first argument to the HttpDownloadFile method.
317 CVE-2007-3168 2007-06-11 2017-10-11
7.8
None Remote Medium Not required None Partial Complete
A certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to delete arbitrary files via the DeleteLocalFile method.
318 CVE-2007-3167 Exec Code Overflow 2007-06-11 2017-10-11
7.6
None Remote High Not required Complete Complete Complete
Stack-based buffer overflow in the Vivotek Motion Jpeg ActiveX control (aka MjpegControl) in MjpegDecoder.dll 2.0.0.13 allows remote attackers to execute arbitrary code via a long PtzUrl property value.
319 CVE-2007-3166 Exec Code Overflow 2007-06-11 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in Qualcomm Eudora 7.1.0.9 allows user-assisted, remote IMAP servers to execute arbitrary code via a long FLAGS response to a SELECT INBOX command.
320 CVE-2007-3165 2007-06-11 2011-03-08
5.0
None Remote Low Not required Partial None None
Tor before 0.1.2.14 can construct circuits in which an entry guard is in the same family as the exit node, which might compromise the anonymity of traffic sources and destinations by exposing traffic to inappropriate remote observers.
321 CVE-2007-3164 2007-06-11 2021-07-23
5.8
None Remote Medium Not required Partial Partial None
Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentication for an IDN web site, uses ACE labels for the domain name in the status bar, but uses internationalized labels for this name in the authentication dialog, which might allow remote attackers to perform phishing attacks if the user misinterprets confusable characters in the internationalized labels, as demonstrated by displaying xn--theshmogroup-bgk.com only in the status bar.
322 CVE-2007-3163 2007-06-11 2017-07-29
5.0
None Remote Low Not required None Partial None
Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by .php::$DATA filenames, a related issue to CVE-2006-0658.
323 CVE-2007-3162 1 DoS Overflow 2007-06-11 2017-10-11
5.0
None Remote Low Not required None None Partial
Buffer overflow in the NotSafe function in the idaiehlp ActiveX control in idaiehlp.dll 1.9.1.74 in Internet Download Accelerator (ida) 5.2 allows remote attackers to cause a denial of service (Internet Explorer crash) via a long argument.
324 CVE-2007-3161 Exec Code Overflow 2007-06-11 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in Ace-FTP Client 1.24a allows user-assisted, remote FTP servers to execute arbitrary code via a long response.
325 CVE-2007-3160 Exec Code File Inclusion 2007-06-11 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin/header.php in PHP Real Estate Classifieds Premium Plus allows remote attackers to execute arbitrary PHP code via a URL in the loc parameter.
326 CVE-2007-3159 DoS 2007-06-11 2017-10-11
5.0
None Remote Low Not required None None Partial
http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a denial of service (application crash) via a negative value in the Content-Length HTTP header.
327 CVE-2007-3158 2007-06-11 2018-10-16
5.0
None Remote Low Not required None Partial None
download_script.asp in ASP Folder Gallery allows remote attackers to read arbitrary files via a filename in the file parameter.
328 CVE-2007-3157 DoS 2007-06-11 2017-07-29
5.0
None Remote Low Not required None None Partial
IPSecDrv.sys 10.4.0.12 in SafeNET High Assurance Remote 1.4.0 Build 12, and SoftRemote, allows remote attackers to cause a denial of service (infinite loop and system hang) via an invalid packet with certain bytes in an option header, possibly related to the IPv6 support for IPSec.
329 CVE-2007-3156 79 XSS 2007-06-11 2011-09-13
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. NOTE: some of these details are obtained from third party information.
330 CVE-2007-3155 2007-06-11 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown impact and attack vectors related to ADOdb. NOTE: due to lack of details from the vendor, it is uncertain whether this issue is already covered by another CVE identifier.
331 CVE-2007-3154 2007-06-11 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka wz_tooltips) before 4.01, as used by eGroupWare before 1.2.107-2 and other packages, has unknown impact and remote attack vectors.
332 CVE-2007-3153 2007-06-11 2017-07-29
5.0
None Remote Low Not required None Partial None
The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random number sequence (Unix rand), which makes it easier for remote attackers to spoof DNS responses by guessing certain values.
333 CVE-2007-3152 2007-06-11 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
c-ares before 1.4.0 uses a predictable seed for the random number generator for the DNS Transaction ID field, which might allow remote attackers to spoof DNS responses by guessing the field value.
334 CVE-2007-3151 DoS 2007-06-11 2018-10-16
5.0
None Remote Low Not required None None Partial
rpttop.htm in the web management interface in Packeteer PacketShaper 7.3.0g2 and 7.5.0g1 allows remote attackers to cause a denial of service (device reboot) via a request with empty values of the OP.MEAS.DATAQUERY and MEAS.TYPE parameters.
335 CVE-2007-3150 2007-06-11 2008-11-15
9.3
None Remote Medium Not required Complete Complete Complete
Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .exe file, which is displayed in the "results stored on your computer" portion of the search results, and when clicked invokes Google Desktop to execute this file.
336 CVE-2007-3149 +Priv 2007-06-11 2020-01-21
7.2
None Local Low Not required Complete Complete Complete
sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings. NOTE: another researcher disputes this vulnerability, stating that the attacker must be "a user, who can already log into your system, and can already use sudo."
337 CVE-2007-3148 119 Exec Code Overflow 2007-06-11 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the receive method.
338 CVE-2007-3147 119 Exec Code Overflow 2007-06-11 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method. NOTE: some of these details are obtained from third party information.
339 CVE-2007-3146 2007-06-11 2018-10-16
5.0
None Remote Low Not required Partial None None
Zen Help Desk 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct request for ZenHelpDesk.mdb.
340 CVE-2007-3145 2007-06-11 2017-07-29
5.8
None Remote Medium Not required Partial Partial None
Visual truncation vulnerability in Galeon 2.0.1 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication.
341 CVE-2007-3144 2007-06-11 2017-07-29
6.4
None Remote Low Not required Partial Partial None
Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication.
342 CVE-2007-3143 2007-06-11 2017-07-29
6.4
None Remote Low Not required Partial Partial None
Visual truncation vulnerability in Konqueror 3.5.5 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication.
343 CVE-2007-3142 2007-06-11 2017-07-29
5.8
None Remote Medium Not required Partial Partial None
Visual truncation vulnerability in Opera 9.21 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after 34 characters, as demonstrated by a phishing attack using HTTP Basic Authentication.
344 CVE-2007-3141 Exec Code File Inclusion 2007-06-11 2018-10-16
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in core/editor.php in phpWebThings 1.5.2 allows remote attackers to execute arbitrary PHP code via a URL in the editor_insert_top parameter. NOTE: the editor_insert_bottom vector is already covered by CVE-2006-6042.
345 CVE-2007-3140 Exec Code Sql 2007-06-08 2017-10-19
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897.
346 CVE-2007-3139 Exec Code 2007-06-08 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
config/general.php in Quick.Cart 2.2 and earlier uses a default username and password, which allows remote attackers to access the application via a login action to admin.php. NOTE: this can be leveraged to upload and execute arbitrary code.
347 CVE-2007-3138 Dir. Trav. 2007-06-08 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in index.php in Open Solution Quick.Cart 2.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in an sLanguage cookie, which is used to define a value in config/general.php.
348 CVE-2007-3137 79 XSS 2007-06-08 2018-10-16
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in 4print.asp in WmsCMS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sbl, (2) sbr, or (3) search parameter. NOTE: the original disclosure claims the pageid parameter in index.php is affected, but this is incorrect.
349 CVE-2007-3136 Exec Code File Inclusion 2007-06-08 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in inc/nuke_include.php in newsSync 1.5.0rc6 allows remote attackers to execute arbitrary PHP code via a URL in the newsSync_NUKE_PATH parameter.
350 CVE-2007-3135 XSS 2007-06-08 2018-10-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in atomPhotoBlog.php in Atom Photoblog 1.0.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the tag parameter.
Total number of vulnerabilities : 563   Page : 1 2 3 4 5 6 7 (This Page)8 9 10 11 12
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.