CVE List - 2007 / June
Showing 201 - 300 of 575 CVEs for June 2007 (Page 3 of 6)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2007-3176 | 2007-06-11 | Unspecified vulnerability in Ingate Firewall and SIParator before 4.5.2 allows remote authenticated users without full privileges to download a Support Report. |
| CVE-2007-3177 | 2007-06-11 | Ingate Firewall and SIParator before 4.5.2 allow remote attackers to bypass SIP authentication via a certain maddr parameter. |
| CVE-2007-3178 | 2007-06-11 | Multiple SQL injection vulnerabilities in Zindizayn Okul Web Sistemi 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) pass parameter to (a) mezungiris.asp or... |
| CVE-2007-2453 | 2007-06-11 | The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed pools when there is no entropy, or (2) uses an incorrect... |
| CVE-2007-2873 | 2007-06-11 | SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as root in unusual configurations using vpopmail or virtual users, allows local users to cause a denial of service (corrupt arbitrary... |
| CVE-2007-2876 | 2007-06-11 | The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, allows remote attackers to cause a denial of service... |
| CVE-2007-3179 | 2007-06-11 | Multiple SQL injection vulnerabilities in archives.php in Particle Blogger 1.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the month parameter and other unspecified vectors. |
| CVE-2007-3180 | 2007-06-12 | Buffer overflow in Help and Support Center before 4.4 C on HP Windows systems allows remote attackers to read or write arbitrary files via unknown vectors. |
| CVE-2007-2796 | 2007-06-12 | Arris Cadant C3 CMTS allows remote attackers to cause a denial of service (service termination) via a malformed IP packet with an invalid IP option. |
| CVE-2007-0218 | 2007-06-12 | Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety... |
| CVE-2007-0934 | 2007-06-12 | Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption. |
| CVE-2007-0936 | 2007-06-12 | Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory... |
| CVE-2007-1750 | 2007-06-12 | Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption. |
| CVE-2007-1751 | 2007-06-12 | Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and... |
| CVE-2007-2218 | 2007-06-12 | Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause... |
| CVE-2007-2222 | 2007-06-12 | Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary... |
| CVE-2007-2229 | 2007-06-12 | Microsoft Windows Vista uses insecure default permissions for unspecified "local user information data stores" in the registry and the file system, which allows local users to obtain sensitive information such... |
| CVE-2007-3027 | 2007-06-12 | Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that... |
| CVE-2007-2219 | 2007-06-12 | Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an... |
| CVE-2007-2225 | 2007-06-12 | A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to... |
| CVE-2007-0245 | 2007-06-12 | Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier allows remote attackers to execute arbitrary code via a RTF file with a crafted prtdata tag with a length parameter inconsistency,... |
| CVE-2007-2227 | 2007-06-12 | The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from... |
| CVE-2007-3184 | 2007-06-12 | Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu... |
| CVE-2007-3185 | 2007-06-12 | Apple Safari Beta 3.0.1 for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi. |
| CVE-2007-3186 | 2007-06-12 | Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher... |
| CVE-2007-3187 | 2007-06-12 | Multiple unspecified vulnerabilities in Apple Safari for Windows allow remote attackers to cause a denial of service or execute arbitrary code, possibly involving memory corruption, and a different issue from... |
| CVE-2007-3181 | 2007-06-12 | Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows remote attackers to execute arbitrary code via a large p_cnct_count value in a p_cnct structure in a connect (0x01)... |
| CVE-2007-3188 | 2007-06-12 | SQL injection vulnerability in down_indir.asp in Fullaspsite GeometriX Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2007-3189 | 2007-06-12 | Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter. |
| CVE-2007-3190 | 2007-06-12 | Multiple SQL injection vulnerabilities in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1)... |
| CVE-2007-3191 | 2007-06-12 | Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to obtain configuration information via a direct request to admin/adm/test.php, which calls the phpinfo function. |
| CVE-2007-3192 | 2007-06-12 | admin/setup.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to read and modify configuration settings via a direct request. |
| CVE-2007-3193 | 2007-06-12 | lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, might allow remote attackers to bypass authentication via an empty password, which causes ldap_bind to return true when... |
| CVE-2007-3194 | 2007-06-12 | Multiple PHP remote file inclusion vulnerabilities in myBloggie 2.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the bloggie_root_path parameter to (1) config.php; (2) db.php, (3)... |
| CVE-2007-3195 | 2007-06-12 | Cross-site scripting (XSS) vulnerability in index.php in ERFAN WIKI 1.00 allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information... |
| CVE-2007-3196 | 2007-06-12 | SQL injection vulnerability in vBSupport.php in vSupport Integrated Ticket System 3.x.x allows remote attackers to execute arbitrary SQL commands via the ticketid parameter in a showticket action. |
| CVE-2007-3197 | 2007-06-12 | SQL injection vulnerability in vBSupport.php in vBSupport 1.1 before 1.1a allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2007-3198 | 2007-06-12 | Cross-site scripting (XSS) vulnerability in comments.php in Maran PHP Blog (Maran Blog), possibly only versions before 20070610, allows remote attackers to inject arbitrary web script or HTML via the id... |
| CVE-2007-3199 | 2007-06-12 | Unrestricted file upload vulnerability in Link Request Contact Form 3.4 allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension and an image content... |
| CVE-2007-3200 | 2007-06-12 | NMASINST in Novell Modular Authentication Service (NMAS) 3.1.2 and earlier on NetWare logs its invoking command line to NMASINST.LOG, which might allow local users to obtain the admin username and... |
| CVE-2007-3201 | 2007-06-12 | Visual truncation vulnerability in Windows Privacy Tray (WinPT) 1.2.0 allows user-assisted remote attackers to install a key listed under the wrong user ID, and possibly cause the user to encrypt... |
| CVE-2007-3202 | 2007-06-12 | Cross-site scripting (XSS) vulnerability in the rich text editor in Webwiz allows remote attackers to inject arbitrary web script or HTML via URL-encoded HTML composed of a frameset in which... |
| CVE-2007-3203 | 2007-06-12 | Stack-based buffer overflow in smtpdll.dll in the SMTP service in 602Pro LAN SUITE 2003 2003.0.03.0828 allows remote attackers to execute arbitrary code via an e-mail message with a long address.... |
| CVE-2007-3204 | 2007-06-12 | SQL injection vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.4-pre2 allows remote attackers to execute arbitrary SQL commands via the pass parameter. NOTE: this issue reportedly... |
| CVE-2007-3205 | 2007-06-13 | The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and... |
| CVE-2007-2391 | 2007-06-14 | Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via a web page that includes a windows.setTimeout function... |
| CVE-2006-4168 | 2007-06-14 | Integer overflow in the exif_data_load_data_entry function in libexif/exif-data.c in Libexif before 0.6.16 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via an image... |
| CVE-2007-3099 | 2007-06-14 | usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote attackers to access the management... |
| CVE-2007-3100 | 2007-06-14 | usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 uses a semaphore with insecure permissions (world-writable/world-readable) for managing log messages using shared memory, which allows local users to cause a denial... |
| CVE-2007-3208 | 2007-06-14 | CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 allows remote attackers to obtain administrative access via requests to (1) register.pl or (2) profile.pl that write CRLF sequences to... |
| CVE-2007-3209 | 2007-06-14 | Mail Notification 4.0, when WITH_SSL is set to 0 at compile time, uses unencrypted connections for accounts configured with SSL/TLS, which allows remote attackers to obtain sensitive information by sniffing... |
| CVE-2007-3210 | 2007-06-14 | Stack-based buffer overflow in nptoken.mox in the Cellosoft Tokens Object 2.0.0.6 extension for Vitalize! allows remote attackers to execute arbitrary code via a long string argument to the RemoveChr method.... |
| CVE-2007-3211 | 2007-06-14 | Cross-site scripting (XSS) vulnerability in 404.php in Domain Technologie Control (DTC) before 0.25.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI). NOTE: the provenance... |
| CVE-2007-3212 | 2007-06-14 | Multiple cross-site scripting (XSS) vulnerabilities in links.php in Beehive Forum 0.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) viewmode, (2) fid, and (3) sort_dir... |
| CVE-2007-3213 | 2007-06-14 | Multiple cross-site scripting (XSS) vulnerabilities in comments.cgi in Sporum Forum 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view and (2) mode... |
| CVE-2007-3214 | 2007-06-14 | SQL injection vulnerability in style.php in e-Vision CMS 2.02 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the template parameter. |
| CVE-2007-3215 | 2007-06-14 | PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php. |
| CVE-2007-3216 | 2007-06-14 | Multiple buffer overflows in the LGServer component of CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.1 allow remote attackers to execute arbitrary code via crafted arguments to... |
| CVE-2007-3217 | 2007-06-14 | Multiple PHP remote file inclusion vulnerabilities in Prototype of an PHP application 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the path_inc parameter to (1)... |
| CVE-2007-3218 | 2007-06-14 | Cross-site scripting (XSS) vulnerability in request.php in PHP Live! 3.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the pagex parameter. |
| CVE-2007-3219 | 2007-06-14 | Unspecified vulnerability in sources/action_public/xmlout.php in Invision Power Board (IPB or IP.Board) 2.2.0 through 2.2.2 allows remote attackers to modify another user's profile data, such as an AIM screen name or... |
| CVE-2007-2448 | 2007-06-14 | Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to... |
| CVE-2007-2449 | 2007-06-14 | Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and... |
| CVE-2007-2450 | 2007-06-14 | Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24,... |
| CVE-2007-2921 | 2007-06-14 | Multiple buffer overflows in acgm.dll in the Corel / Micrografx ActiveCGM Browser ActiveX control before 7.1.4.19 allow remote attackers to execute arbitrary code via unspecified vectors. |
| CVE-2007-3220 | 2007-06-14 | PHP remote file inclusion vulnerability in admin/editor2/spaw_control.class.php in the Cjay Content 3 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter.... |
| CVE-2007-3221 | 2007-06-14 | PHP remote file inclusion vulnerability in admin/spaw/spaw_control.class.php in the XT-Conteudo module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this... |
| CVE-2007-3222 | 2007-06-14 | PHP remote file inclusion vulnerability in modify.php in the XFsection 1.07 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the dir_module parameter. |
| CVE-2007-3223 | 2007-06-14 | Unspecified vulnerability in the NFS server in Sun Solaris 10 before 20070613 allows remote attackers to cause a denial of service (system crash) via certain XDR data in NFS requests,... |
| CVE-2007-3224 | 2007-06-14 | Unspecified vulnerability in Sun ONE/Java System Directory Server (slapd) 6.0, and 5.x before 5.2 Patch 5, allows remote attackers to determine the existence of attributes of an entry via unspecified... |
| CVE-2007-3225 | 2007-06-14 | Unspecified vulnerability in Sun Java System Directory Server (slapd) 6.0, and 5.2 with Patch 3 or 4, allows remote attackers to modify certain data via unknown vectors. |
| CVE-2007-3226 | 2007-06-14 | Cross-site scripting (XSS) vulnerability in dotProject before 2.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-2851 and CVE-2006-3240. |
| CVE-2007-3227 | 2007-06-14 | Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values. |
| CVE-2007-3228 | 2007-06-14 | PHP remote file inclusion vulnerability in saf/lib/PEAR/PhpDocumentor/Documentation/tests/bug-559668.php in Sitellite CMS 4.2.12 and earlier might allow remote attackers to execute arbitrary PHP code via a URL in the FORUM[LIB] parameter. NOTE:... |
| CVE-2007-3229 | 2007-06-14 | index.php in Singapore Gallery allows remote attackers to obtain sensitive information via a request with a non-directory gallery parameter, which reveals the path in an error message. |
| CVE-2007-3230 | 2007-06-14 | PHP remote file inclusion vulnerability in phphtml.php in Idan Sofer PHP::HTML 0.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the htmlclass_path parameter. |
| CVE-2007-3231 | 2007-06-14 | Buffer overflow in MeCab before 0.96 has unknown impact and attack vectors. |
| CVE-2007-3232 | 2007-06-15 | The IBM TotalStorage DS400 with firmware 4.15 uses a blank password for the (1) root, (2) user, (3) manager, (4) administrator, and (5) operator accounts, which allows remote attackers to... |
| CVE-2007-3233 | 2007-06-15 | The TEC-IT TBarCode OCX ActiveX control (TBarCode7.ocx) 7.0.2.3524 allows remote attackers to overwrite arbitrary files via the SaveImage method. |
| CVE-2007-3234 | 2007-06-15 | SQL injection vulnerability in low.php in Fuzzylime Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the topic parameter. |
| CVE-2007-3235 | 2007-06-15 | Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.0 allows remote attackers to inject arbitrary web script or HTML via the topic parameter. NOTE: this might be resultant from... |
| CVE-2007-3236 | 2007-06-15 | PHP remote file inclusion vulnerability in footer.php in the Horoscope 1.0 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. |
| CVE-2007-3237 | 2007-06-15 | PHP remote file inclusion vulnerability in admin/spaw/spaw_control.class.php in the TinyContent 1.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE:... |
| CVE-2007-3238 | 2007-06-15 | Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php,... |
| CVE-2007-3239 | 2007-06-15 | Cross-site scripting (XSS) vulnerability in searchform.php in the AndyBlue theme before 20070607 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a... |
| CVE-2007-3240 | 2007-06-15 | Cross-site scripting (XSS) vulnerability in 404.php in the Vistered-Little theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI) that accesses index.php. NOTE:... |
| CVE-2007-3241 | 2007-06-15 | Cross-site scripting (XSS) vulnerability in blogroll.php in the cordobo-green-park theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI. |
| CVE-2007-3242 | 2007-06-15 | The Menu Manager Mod for (1) web-app.net WebAPP (aka WebAPP NE) 0.9.9.3.3 through 0.9.9.8, and (2) web-app.org WebAPP before 0.9.9.6, allows remote authenticated users to execute arbitrary commands via shell... |
| CVE-2007-3243 | 2007-06-15 | Cross-site scripting (XSS) vulnerability in bb-login.php in bbPress 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the re parameter. NOTE: exploitation may require forcing the client... |
| CVE-2007-3244 | 2007-06-15 | SQL injection vulnerability in bb-includes/formatting-functions.php in bbPress before 0.8.1 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors to forums/bb-edit.php, as demonstrated by a PRE element, aka... |
| CVE-2007-3245 | 2007-06-15 | IRC Services before 5.0.62, and 5.1 before 5.1pre3, allows remote attackers to disconnect users with guest nicknames by linking a guest nickname to a nickname that is already registered. |
| CVE-2007-3246 | 2007-06-15 | The do_set_password function in modules/chanserv/set.c in IRC Services before 5.0.60 preserves channel founder privileges across a channel password change (ChanServ SET PASSWORD), which allows remote authenticated users to obtain the... |
| CVE-2007-2923 | 2007-06-18 | The launch method in the LocalExec ActiveX control (LocalExec.ocx) in Novell exteNd Director 4.1 and Portal Services allows remote attackers to execute arbitrary commands. |
| CVE-2007-3101 | 2007-06-18 | Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected... |
| CVE-2007-3207 | 2007-06-18 | Buffer overflow in the NFS mount daemon (XNFS.NLM) in Novell NetWare 6.5 SP6, and probably earlier, allows remote attackers to cause a denial of service (abend) via a long path... |
| CVE-2007-3247 | 2007-06-18 | SQL injection vulnerability in VirtueMart before 1.0.11 allows remote attackers to execute arbitrary SQL commands via unspecified parameters, possibly related to improper input validation of the PATH_INFO (PHP_SELF) by virtuemart_parser.php. |
| CVE-2007-3248 | 2007-06-18 | Unspecified vulnerability in Sun Solaris 10 before 20070614, when IPv6 interfaces are present but not configured for IPsec, allows remote attackers to cause a denial of service (system crash) via... |
| CVE-2007-3249 | 2007-06-18 | Cross-site scripting (XSS) vulnerability in mod_lettermansubscribe.php in the Letterman Subscriber (mod_letterman) before 1.2.5 module for Joomla! allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter. |
| CVE-2007-3250 | 2007-06-18 | SQL injection vulnerability in mod_banners.php in Elxis CMS before 2006.4 20070613 allows remote attackers to execute arbitrary SQL commands via the mb_tracker cookie. NOTE: the product was patched without updating... |
| CVE-2007-3251 | 2007-06-18 | Multiple directory traversal vulnerabilities in e-Vision CMS 2.02 and earlier allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the adminlang cookie... |