LiveActive security incident?Get immediate response
CVE archive

July 2007

Browse CVE records published in July 2007, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 566 matching CVEs · Page 3 of 12.

Unknown · CVSS Not scored

CVE-2007-4056: SQL injection vulnerability in directory.php in Prozilla Adult Directory allows remote attackers to execute...

SQL injection vulnerability in directory.php in Prozilla Adult Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. NOTE: the original report indicated that this was the "photo" SourceForge project (aka Maan Bsat Photo Collection), but that was incorrect.

Published Jul 30, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4033: Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context...

Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3.

Published Jul 27, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-3930: Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote a...

Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain.

Published Jul 21, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4034: Stack-based buffer overflow in the YDPCTL.YDPControl.1 (aka Yahoo!

Stack-based buffer overflow in the YDPCTL.YDPControl.1 (aka Yahoo! Installer Plugin for Widgets) ActiveX control before 2007.7.13.3 (20070620) in YDPCTL.dll in Yahoo! Widgets before 4.0.5 allows remote attackers to execute arbitrary code via a long argument to the GetComponentVersion method. NOTE: some of these details are obtained from third party information.

Published Jul 27, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4035: Guidance Software EnCase does not properly handle (1) certain malformed MBR partition tables with many entr...

Guidance Software EnCase does not properly handle (1) certain malformed MBR partition tables with many entries, which allows remote attackers to prevent logical collection of a disk image; (2) NTFS filesystems with directory loops, which allows remote attackers to prevent examination of certain directory contents; and (3) certain other malformed NTFS filesystems, which allows remote attackers to prevent examination of corrupted records. NOTE: the vendor disputes the significance of these issues, because physical collection can be used instead, because the vendor believes that relevant attackers typically do not corrupt an MBR or a filesystem, and because detection of a loop is valuable on its own

Published Jul 27, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-3955: Buffer overflow in the IEToolbar.IEContextMenu.1 ActiveX control in LinkedInIEToolbar.dll in the LinkedIn T...

Buffer overflow in the IEToolbar.IEContextMenu.1 ActiveX control in LinkedInIEToolbar.dll in the LinkedIn Toolbar 3.0.2.1098 allows remote attackers to execute arbitrary code via a long second argument (varBrowser argument) to the search method. NOTE: some of these details are obtained from third party information.

Published Jul 24, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4037: Guidance Software EnCase allows user-assisted attackers to trigger a buffer over-read and application crash...

Guidance Software EnCase allows user-assisted attackers to trigger a buffer over-read and application crash via a malformed NTFS filesystem containing a modified FILE record with a certain large offset. NOTE: the vendor disputes the significance of this issue, asserting that relevant attackers typically do not corrupt a filesystem, and indicating that the relevant read operation can be disabled

Published Jul 27, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-3907: Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass au...

Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass authentication and perform certain actions as an arbitrary user via unspecified vectors involving a URL with a redirect parameter value, along with a callback parameter containing an escaped URL that specifies the action.

Published Jul 19, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4014: Cross-site scripting (XSS) vulnerability in a certain index.php installation script related to the (1) Blix...

Cross-site scripting (XSS) vulnerability in a certain index.php installation script related to the (1) Blix 0.9.1, (2) Blixed 1.0, and (3) BlixKrieg (Blix Krieg) 2.2 themes for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Jul 26, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-4011: Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software befo...

Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software before 3.2 20070727, 4.0 before 20070727, and 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (traffic amplification or ARP storm) via a crafted unicast ARP request that (1) has a destination MAC address unknown to the Layer-2 infrastructure, aka CSCsj69233; or (2) occurs during Layer-3 roaming across IP subnets, aka CSCsj70841.

Published Jul 26, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-3888: Multiple cross-site scripting (XSS) vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote at...

Multiple cross-site scripting (XSS) vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the search action, possibly related to the term parameter to index.php; or (2) an anonymous blog entry, possibly involving the (a) posted_by, (b) subject, and (c) content parameters to index.php; as demonstrated by the onmouseover attribute of certain elements. NOTE: some of these details are obtained from third party information.

Published Jul 18, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-3986: file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) 4.6.3 allows remote attackers...

file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) 4.6.3 allows remote attackers to bypass authentication via a name parameter that specifies the eventcache directory and a non-GIF file, which causes the $dontvalidate variable to be set to true. NOTE: a separate traversal vulnerability could be leveraged to download arbitrary files.

Published Jul 25, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-3962: Multiple stack-based buffer overflows in fsplib.c in fsplib before 0.9 might allow remote attackers to exec...

Multiple stack-based buffer overflows in fsplib.c in fsplib before 0.9 might allow remote attackers to execute arbitrary code via (1) a long filename that is not properly handled by the fsp_readdir_native function when MAXNAMLEN is greater than 255, or (2) a long d_name directory (dirent) field in the fsp_readdir function.

Published Jul 25, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2007-3989: Multiple cross-site scripting (XSS) vulnerabilities in default.asp in Dora Emlak 1.0, when the goster param...

Multiple cross-site scripting (XSS) vulnerabilities in default.asp in Dora Emlak 1.0, when the goster parameter is set to iletisim, allow remote attackers to inject arbitrary web script or HTML via the (1) Adiniz and (2) Soyadiniz parameters; and possibly other unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Jul 25, 2007 · Updated Aug 7, 2024