LiveActive security incident?Get immediate response
CVE archive

June 2007

Browse CVE records published in June 2007, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 558 matching CVEs · Page 2 of 12.

Unknown · CVSS Not scored

CVE-2007-3463: Microsoft Windows XP SP2 allows local users, who have sessions created by another user's RunAs (run as) com...

Microsoft Windows XP SP2 allows local users, who have sessions created by another user's RunAs (run as) command, to kill arbitrary processes of this other user, as demonstrated by the taskkill program. NOTE: the researcher claims a vendor dispute in which the vendor states that "RunAs and UAC are convenience features, not security boundaries. If you need a security guarantee, please log out and log back in with a different account.

Published Jun 27, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-3279: PostgreSQL 8.1 and probably later versions, when the PL/pgSQL (plpgsql) language has been created, grants c...

PostgreSQL 8.1 and probably later versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing attacks, which may evade intrusion detection.

Published Jun 19, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-3410: Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNet...

Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to execute arbitrary code via an SMIL (SMIL2) file with a long wallclock value.

Published Jun 26, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-3444: The Research in Motion BlackBerry 7270 with 4.0 SP1 Bundle 83 allows remote attackers to cause a denial of...

The Research in Motion BlackBerry 7270 with 4.0 SP1 Bundle 83 allows remote attackers to cause a denial of service (blocked call reception) via a malformed SIP invite message, possibly related to multiple format string specifiers in the From field, a spoofed source IP address, and limitations of the function stack frame.

Published Jun 27, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-3417: Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/cgi-lib/search.pl in web-app.org WebAPP befo...

Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/cgi-lib/search.pl in web-app.org WebAPP before 0.9.9.7 allow remote attackers to inject arbitrary web script or HTML via a search string, which is not sanitized when an HREF attribute is printed by the (1) process_search or (2) show_recent_searches function.

Published Jun 26, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-3422: The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 attempts to parse query...

The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 attempts to parse query strings that contain (1) non-printing characters, (2) certain printing characters that do not commonly occur in URLs, or (3) invalid URL encoding sequences, which has unknown impact and remote attack vectors.

Published Jun 26, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-3339: Multiple cross-site scripting (XSS) vulnerabilities in forum/include/error/autherror.cfm in FuseTalk Basic,...

Multiple cross-site scripting (XSS) vulnerabilities in forum/include/error/autherror.cfm in FuseTalk Basic, Standard, Enterprise, and ColdFusion allow remote attackers to inject arbitrary web script or HTML via the (1) FTVAR_LINKP and (2) FTVAR_URLP parameters to (a) forum/include/error/autherror.cfm, and the (3) FTVAR_SCRIPTRUN parameter to (b) forum/include/common/comfinish.cfm and (c) blog/include/common/comfinish.cfm.

Published Jun 21, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-3359: Multiple PHP remote file inclusion vulnerabilities in SerWeb 0.9.6 and earlier allow remote attackers to ex...

Multiple PHP remote file inclusion vulnerabilities in SerWeb 0.9.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _SERWEB[serwebdir] parameter to (1) html/load_apu.php or (2) html/mail_prepend.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Jun 22, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-3342: Multiple cross-site scripting (XSS) vulnerabilities in Movable Type (MT) before 3.34 allow remote attackers...

Multiple cross-site scripting (XSS) vulnerabilities in Movable Type (MT) before 3.34 allow remote attackers to inject arbitrary web script or HTML via comments that have (1) a malformed SGML numeric character reference with a '\0' (0x00) character in a javascript: URI or (2) an attribute in an element that lacks the '>' character at the end of the start tag, a different vulnerability than CVE-2007-0231.

Published Jun 21, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-3362: ageet AGEphone before 1.6.2, running on Windows Mobile 5 on the HTC HyTN Pocket PC device, allows remote at...

ageet AGEphone before 1.6.2, running on Windows Mobile 5 on the HTC HyTN Pocket PC device, allows remote attackers to (1) cause a denial of service (call disruption and device hang) via a SIP message with a malformed header and (2) cause a denial of service (call disruption, false ring indication, and device outage) via a SIP message with a malformed SDP delimiter.

Published Jun 22, 2007 · Updated Aug 7, 2024