CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2007

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2007-3076 2007-06-06 2011-03-08
7.8
None Remote Low Not required Complete None None
A certain ActiveX control in sasatl.dll in Zenturi ProgramChecker allows remote attackers to download arbitrary files to the client system via the DownloadFile function.
402 CVE-2007-3075 Dir. Trav. 2007-06-06 2021-07-23
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in Microsoft Internet Explorer allows remote attackers to read arbitrary files via directory traversal sequences in a URI with a certain scheme, possibly related to "..%5C" (encoded backslash) sequences.
403 CVE-2007-3074 200 +Info 2007-06-06 2018-10-16
4.3
None Remote Medium Not required Partial None None
Mozilla Firefox 2.0.0.4 and earlier allows remote attackers to read files in the local Firefox installation directory via a resource:// URI.
404 CVE-2007-3073 Dir. Trav. 2007-06-06 2018-10-16
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix allows remote attackers to read arbitrary files via ..%2F (dot dot encoded slash) sequences in a resource:// URI.
405 CVE-2007-3072 22 Dir. Trav. 2007-06-06 2018-10-16
7.1
None Remote Medium Not required Complete None None
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on Windows allows remote attackers to read arbitrary files via ..%5C (dot dot encoded backslash) sequences in a resource:// URI.
406 CVE-2007-3071 Exec Code Overflow 2007-06-06 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the GetWebStoreURL function in a certain ActiveX control in eSellerateControl365.dll 3.6.5.0 in eSellerate SDK allows user-assisted remote attackers to execute arbitrary code via a long first argument.
407 CVE-2007-3070 XSS 2007-06-06 2018-10-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in BDigital Web Solutions WebStudio allows remote attackers to inject arbitrary web script or HTML via the pageid parameter.
408 CVE-2007-3069 2007-06-06 2017-10-11
4.6
None Local Low Not required Partial Partial Partial
xscreensaver in Sun Solaris 10 before 20070604, when a GNOME session with Assistive Technology support is running, allows attackers with physical access to take control of the session after entering an Alt-Tab sequence.
409 CVE-2007-3068 Exec Code Overflow 2007-06-06 2017-10-19
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in DVD X Player 4.1 Professional allows remote attackers to execute arbitrary code via a PLF playlist containing a long filename.
410 CVE-2007-3067 XSS 2007-06-06 2017-07-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Attunement and Key Tracker 0.95 and earlier plugin for EQdkp allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the (1) keyshow, (2) sortkey, and (3) show parameters to index.php.
411 CVE-2007-3066 Exec Code File Inclusion 2007-06-06 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in php(Reactor) 1.2.7 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter to (1) view.inc.php, (2) users.inc.php, (3) updatecms.inc.php, and (4) polls.inc.php in inc/; and other unspecified files, different vectors than CVE-2006-3983.
412 CVE-2007-3065 Exec Code Sql 2007-06-06 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in viewimage.php in Particle Soft Particle Gallery 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the editcomment parameter, a different version and vector than CVE-2006-2862.
413 CVE-2007-3064 79 XSS 2007-06-06 2018-10-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in diary.php in My Databook allows remote attackers to inject arbitrary web script or HTML via the year parameter.
414 CVE-2007-3063 89 Exec Code Sql 2007-06-06 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in diary.php in My Databook allows remote attackers to execute arbitrary SQL commands via the delete parameter.
415 CVE-2007-3062 XSS 2007-06-06 2017-07-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.2 running on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
416 CVE-2007-3061 255 2007-06-06 2018-10-16
7.8
None Remote Low Not required Complete None None
Cactushop 6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) cactushop6.mdb or (2) cactushop5.mdb.
417 CVE-2007-3060 XSS 2007-06-06 2018-10-16
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to (a) chat.php, (2) LANG[DEFAULT_BRANDING] and (3) PHPLIVE_VERSION parameters to (b) help.php, the (4) admin[name] parameter to (c) admin/header.php, and the (5) BASE_URL parameter to (d) super/info.php, and in some cases, the LANG[DEFAULT_BRANDING], PHPLIVE_VERSION, and (6) nav_line parameters to setup/footer.php, different vectors than CVE-2006-6769.
418 CVE-2007-3059 +Info 2007-06-06 2018-10-16
5.0
None Remote Low Not required Partial None None
SendCard 3.3.0 allows remote attackers to obtain sensitive information via an invalid sc_language parameter to sendcard.php, which reveals the path in an error message.
419 CVE-2007-3058 Exec Code File Inclusion 2007-06-06 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Madirish Webmail 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter to (1) calendar.php, (2) compose.php, and (3) index.php, different vectors than CVE-2007-2826. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
420 CVE-2007-3057 Exec Code File Inclusion 2007-06-06 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in include/wysiwyg/spaw_control.class.php in the icontent 4.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656.
421 CVE-2007-3056 79 XSS 2007-06-06 2017-07-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter.
422 CVE-2007-3055 XSS 2007-06-06 2018-10-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
423 CVE-2007-3054 XSS 2007-06-06 2017-07-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the kword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
424 CVE-2007-3053 2007-06-06 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Session fixation vulnerability in Calimero.CMS 3.3.1232 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
425 CVE-2007-3052 Exec Code Sql 2007-06-06 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the PNphpBB2 1.2i and earlier module for PostNuke allows remote attackers to execute arbitrary SQL commands via the c parameter.
426 CVE-2007-3051 Exec Code Sql 2007-06-06 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in inc/class_users.php in RevokeSoft RevokeBB 1.0 RC4 and earlier allows remote attackers to execute arbitrary SQL commands via the revokebb_user cookie.
427 CVE-2007-3050 287 2007-06-06 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Session fixation vulnerability in chameleon cms 3.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
428 CVE-2007-3049 XSS 2007-06-06 2017-07-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Buttercup web file manager (BWFM) May 2007 allows remote attackers to inject arbitrary web script or HTML via the title parameter.
429 CVE-2007-3048 2007-06-05 2017-07-29
7.2
None Local Low Not required Complete Complete Complete
** DISPUTED ** GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NOTE: multiple third parties report inability to reproduce this issue.
430 CVE-2007-3047 2007-06-05 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
The Vonage VoIP Telephone Adapter has a default administrator username "user" and password "user," which allows remote attackers to obtain administrative access.
431 CVE-2007-3046 DoS Overflow 2007-06-05 2008-11-15
5.0
None Remote Low Not required None None Partial
Buffer overflow in Advanced Software Production Line Vortex Library before 1.0.3 allows remote attackers to cause a denial of service (listener crash) via unspecified vectors related to the select I/O implementation and the file set buffer. NOTE: some of these details are obtained from third party information.
432 CVE-2007-3045 DoS 2007-06-05 2017-07-29
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Hitachi TP1/NET/OSI-TP-Extended on HI-UX/WE2 before 20070213, and on HP-UX before 20070314, allows remote attackers to cause a denial of service via certain data to a port.
433 CVE-2007-3044 DoS 2007-06-05 2017-07-29
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the Map I/O Service (xpwmap) in Hitachi XP/W on HI-UX/WE2 before 20070319, and XP/W on HP-UX before 20070405, allows remote attackers to cause a denial of service via certain data to the service port.
434 CVE-2007-3043 XSS 2007-06-05 2017-07-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Collaboration - File Sharing 01-20 up to 01-20-/B and 01-30 up to 01-30-/B in Hitachi Groupmax Collaboration Portal up to 07-30-/D, Groupmax Collaboration Web Client - Forum/File Sharing up to 07-30-/C, uCosminexus Collaboration Portal up to 06-30-/D, and uCosminexus Collaboration Portal - Forum/File Sharing up to 06-30-/C on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
435 CVE-2007-3042 XSS 2007-06-05 2017-07-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Meneame before 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
436 CVE-2007-3027 Exec Code Mem. Corr. 2007-06-12 2021-07-23
9.3
None Remote Medium Not required Complete Complete Complete
Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka "Language Pack Installation Vulnerability."
437 CVE-2007-3025 DoS 2007-06-07 2008-09-05
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1, when running on Solaris, allows remote attackers to cause a denial of service (hang) via unknown vectors related to the isURL function and regular expressions.
438 CVE-2007-3024 2007-06-07 2008-09-05
2.1
None Local Low Not required Partial None None
libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files.
439 CVE-2007-3023 2007-06-07 2012-10-31
10.0
None Remote Low Not required Complete Complete Complete
unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors.
440 CVE-2007-3022 2007-06-05 2017-07-29
4.3
None Remote Medium Not required Partial None None
Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks.
441 CVE-2007-3021 2007-06-05 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export.
442 CVE-2007-3009 DoS 2007-06-04 2011-03-08
4.3
None Remote Medium Not required None None Partial
Format string vulnerability in the MprLogToFile::logEvent function in Mbedthis AppWeb 2.0.5-4, when the build supports logging but the configuration disables logging, allows remote attackers to cause a denial of service (daemon crash) via format string specifiers in the HTTP scheme, as demonstrated by a "GET %n://localhost:80/" request.
443 CVE-2007-3008 79 XSS +Info 2007-06-04 2017-07-29
4.3
None Remote Medium Not required None Partial None
Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing (XST) attacks, a related issue to CVE-2004-2320 and CVE-2005-3398.
444 CVE-2007-3007 264 2007-06-04 2018-10-30
5.0
None Remote Low Not required Partial None None
PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function.
445 CVE-2007-3006 Exec Code Overflow 2007-06-04 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in Acoustica MP3 CD Burner 4.32 allows user-assisted remote attackers to execute arbitrary code via a .asx playlist file with a REF element containing a long string in the HREF attribute. NOTE: it was later claimed that 4.51 Build 147 is also affected.
446 CVE-2007-3003 Exec Code Sql 2007-06-04 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) year parameter to index.php in a viewuser action, different vectors than CVE-2005-1500 and CVE-2005-4225.
447 CVE-2007-3002 +Info 2007-06-04 2018-10-16
5.0
None Remote Low Not required Partial None None
PHP JackKnife (PHPJK) allows remote attackers to obtain sensitive information via (1) a request to index.php with an invalid value of the iParentUnq[] parameter, or a request to G_Display.php with an invalid (2) iCategoryUnq[] or (3) sSort[] array parameter, which reveals the path in various error messages.
448 CVE-2007-3001 XSS 2007-06-04 2018-10-16
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in PHP JackKnife (PHPJK) allow remote attackers to inject arbitrary web script or HTML via (1) the sUName parameter to UserArea/Authenticate.php, (2) the sAccountUnq parameter to UserArea/NewAccounts/index.php, or the (3) iCategoryUnq, (4) iDBLoc, (5) iTtlNumItems, (6) iNumPerPage, or (7) sSort parameter to G_Display.php, different vectors than CVE-2005-4239.
449 CVE-2007-3000 Exec Code Sql 2007-06-04 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in PHP JackKnife (PHPJK) allow remote attackers to execute arbitrary SQL commands via (1) the iCategoryUnq parameter to G_Display.php or (2) the iSearchID parameter to Search/DisplayResults.php.
450 CVE-2007-2999 2007-06-04 2012-11-06
1.8
None Local Network High Not required Partial None None
Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names.
Total number of vulnerabilities : 563   Page : 1 2 3 4 5 6 7 8 9 (This Page)10 11 12
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.