LiveActive security incident?Get immediate response
CVE archive

July 2007

Browse CVE records published in July 2007, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 566 matching CVEs · Page 2 of 12.

Unknown · CVSS Not scored

CVE-2007-4081: Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attack...

Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to inject arbitrary web script or HTML via vectors in (a) merchants/index.php, including the (1) id or (2) msg parameter in a programedit action; the (3) pgmid parameter in an uploadProducts action; the (4) d, (5) m, or (6) y parameter in a daily action; the (7) err parameter in a ProgramReport action; the (8) i, (9) txtto, (10) txtfrom, or (11) programs parameter in a LinkReport action; or the (12) msg parameter in an add_money action; and one vector in (b) merchants/temp.php using (13) the rowid parameter. NOTE: vector 7 might overlap CVE-2005-3795.1.

Published Jul 30, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4086: Multiple SQL injection vulnerabilities in AlstraSoft Video Share Enterprise allow remote attackers to execu...

Multiple SQL injection vulnerabilities in AlstraSoft Video Share Enterprise allow remote attackers to execute arbitrary SQL commands via (1) the gid parameter to gmembers.php, or (2) the UID parameter to (a) uvideos.php, (b) ugroups.php, (c) uprofile.php, (d) ufavour.php, (e) ufriends.php, or (f) uplaylist.php.

Published Jul 30, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4061: Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows...

Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument to the saveNessusRC method, which writes text specified by the addsetConfig method, possibly related to the SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Published Jul 30, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4077: Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Video Share Enterprise allow remote attac...

Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Video Share Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) msg, (2) page, (3) viewkey, or (4) viewtype parameter to (a) view_video.php; the (5) next parameter to (b) signup.php; the (6) search_id parameter to (c) search_result.php; the (7) category or (8) page parameter to (d) video.php; the (9) receiver parameter to (e) compose.php; the (10) catgy parameter to (f) groups.php; the (11) channelname parameter to (g) siteadmin/channels.php; or the (12) uname parameter to (h) siteadmin/muser.php.

Published Jul 30, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4078: Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Text Ads Enterprise allow remote attacker...

Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Text Ads Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) r parameter to (a) forgot_uid.php, the (2) query or (3) sk parameter to (b) search_results.php, or (4) the pageId parameter to (c) website_page.php.

Published Jul 30, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4036: Guidance Software EnCase allows user-assisted remote attackers to cause a denial of service via (1) a corru...

Guidance Software EnCase allows user-assisted remote attackers to cause a denial of service via (1) a corrupted Microsoft Exchange database, which triggers an application crash when many options are selected; (2) a corrupted NTFS filesystem, which causes the application to report "memory allocation errors;" or (3) deeply nested directories, which trigger an application crash during an Expand All action. NOTE: the vendor disputes the significance of these vectors because the user can select fewer options, there is no operational impact, or the user can do less expansion

Published Jul 27, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4064: Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x before 5.2, and 4.7.x before 4.7.7, (1) a...

Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x before 5.2, and 4.7.x before 4.7.7, (1) allow remote attackers to inject arbitrary web script or HTML via "some server variables," including PHP_SELF; and (2) allow remote authenticated administrators to inject arbitrary web script or HTML via custom content type names.

Published Jul 30, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4038: Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, when running on systems with Thunderbir...

Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, when running on systems with Thunderbird 1.5 installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking Thunderbird.exe, a similar issue to CVE-2007-3670.

Published Jul 27, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4074: The default configuration of Centre for Speech Technology Research (CSTR) Festival 1.95 beta (aka 2.0 beta)...

The default configuration of Centre for Speech Technology Research (CSTR) Festival 1.95 beta (aka 2.0 beta) on Gentoo Linux, SUSE Linux, and possibly other distributions, is run locally with elevated privileges without requiring authentication, which allows local and remote attackers to execute arbitrary commands via the local daemon on port 1314, a different vulnerability than CVE-2001-0956. NOTE: this issue is local in some environments, but remote on others.

Published Jul 30, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4029: libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a de...

libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c.

Published Jul 26, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4067: Absolute path traversal vulnerability in the clInetSuiteX6.clWebDav ActiveX control in CLINETSUITEX6.OCX in...

Absolute path traversal vulnerability in the clInetSuiteX6.clWebDav ActiveX control in CLINETSUITEX6.OCX in Clever Internet ActiveX Suite 6.2 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the GetToFile method. NOTE: some of these details are obtained from third party information.

Published Jul 30, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4076: Multiple SQL injection vulnerabilities in index.asp in Alisveris Sitesi Scripti allow remote attackers to e...

Multiple SQL injection vulnerabilities in index.asp in Alisveris Sitesi Scripti allow remote attackers to execute arbitrary SQL commands via the (1) product_id or (2) cat_id parameter in a product mod action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Jul 30, 2007 · Updated Aug 7, 2024