LiveActive security incident?Get immediate response
CVE archive

July 2007

Browse CVE records published in July 2007, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 566 matching CVEs · Page 1 of 12.

Medium · CVSS 5.3

CVE-2007-3650: myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year pa...

myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and (3) a mode array parameter in the query string to login.php, which reveal the installation path in various error messages.

Published Jul 9, 2008 · Updated Apr 3, 2025

Critical · CVSS 9.8

CVE-2007-4039: Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attacke...

Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.

Published Jul 27, 2007 · Updated Apr 3, 2025

High · CVSS 8.8

CVE-2007-4040: Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are reg...

Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.

Published Jul 27, 2007 · Updated Apr 3, 2025

High · CVSS 7.5

CVE-2007-3816: JWIG might allow context-dependent attackers to cause a denial of service (service degradation) via loops o...

JWIG might allow context-dependent attackers to cause a denial of service (service degradation) via loops of references to external templates. NOTE: this issue has been disputed by multiple third parties who state that only the application developer can trigger the issue, so no privilege boundaries are crossed. However, it seems possible that this is a vulnerability class to which an JWIG application may be vulnerable if template contents can be influenced, but this would be an issue in the application itself, not JWIG

Published Jul 17, 2007 · Updated Jan 17, 2025

Unknown · CVSS Not scored

CVE-2007-3841: Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux allows remote authenticated users, who...

Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux allows remote authenticated users, who are listed in a users list, to execute certain commands via unspecified vectors, aka ZD-00000035. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.

Published Jul 17, 2007 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2007-3627: Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 allow remote attackers to execute a...

Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) login.php, (2) auth.php, and (3) subscribe.php. NOTE: the month.php, year.php, week.php, and day.php vectors are already covered by CVE-2005-4009. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Jul 9, 2007 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2007-4006: Buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 has unknown impact and remote attack vectors,...

Buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 has unknown impact and remote attack vectors, aka ZD-00000034. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.

Published Jul 26, 2007 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2007-3992: SQL injection vulnerability in vir_login.asp in iExpress Property Pro allows remote attackers to execute ar...

SQL injection vulnerability in vir_login.asp in iExpress Property Pro allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the Username parameter is covered by CVE-2006-6029. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Jul 25, 2007 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2007-3924: Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape inst...

Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape; this issue could arise with other protocol handlers in IE.

Published Jul 21, 2007 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2007-3954: Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with SeaMonkey ins...

Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with SeaMonkey installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking SeaMonkey.exe, a related issue to CVE-2007-3670.

Published Jul 24, 2007 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2007-3598: index.php in vtiger CRM before 5.0.3 allows remote authenticated users to obtain all users' names and e-mai...

index.php in vtiger CRM before 5.0.3 allows remote authenticated users to obtain all users' names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the Users module. NOTE: the vendor disputes the changing of settings, reporting that the attack vector results in a "You are not permitted to execute this Operation" error message in a 5.0.3 demo.

Published Jul 6, 2007 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2007-6754: The ipalloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD does not proper...

The ipalloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD does not properly allocate memory, which makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, related to "integer rounding and overflow" errors.

Published Jul 25, 2012 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4088: Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject a...

Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) f, (3) quote, and (4) act parameters to cp.php; the (5) u parameter to user.php; the (6) f parameter to post.php; the (7) s parameter to topic.php; the (8) quote, (9) t, (10) poll, and (11) p parameters to post.php; the (12) Message Title field of a private message (PM) in mode 6 of cp.php; the (13) title field of a private message (PM) in mode 7 of cp.php; and (14) allow user-assisted remote attackers to inject arbitrary web script or HTML via a dosearch action to search.php, which reflects the first lines of all posts by a user. NOTE: the act parameter to help.php and the p parameter to report.php are already covered by CVE-2006-4708. NOTE: vectors 12 and 13 might overlap CVE-2006-6283.1. NOTE: vector 14 might overlap CVE-2006-4708.b.

Published Jul 30, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4103: The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk...

The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of calls that do not complete a 3-way handshake, which causes an ast_channel to be allocated but not released.

Published Jul 31, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4090: Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject a...

Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to inc/lib/screen.php or (2) the title parameter to post.php. NOTE: vector 2 might overlap CVE-2006-6283. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Jul 30, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4087: AlstraSoft Video Share Enterprise allows remote attackers to obtain sensitive information (the full path) v...

AlstraSoft Video Share Enterprise allows remote attackers to obtain sensitive information (the full path) via (1) a ' (quote) character in the category parameter to view_video.php, or (2) an XSS sequence in the UID parameter to (a) uprofile.php, (b) channel_detail.php, (c) uvideos.php, (d) groups_home.php, or (e) ufriends.php.

Published Jul 30, 2007 · Updated Aug 7, 2024