Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file.
Max CVSS
9.3
EPSS Score
17.54%
Published
2007-06-30
Updated
2018-10-15
Unspecified vulnerability in the web-based product configuration system in Kaspersky Anti-Spam before 3.0 MP1 allows remote attackers to obtain access to certain directories.
Max CVSS
7.5
EPSS Score
2.85%
Published
2007-06-30
Updated
2017-07-29
Xeweb XEForum allows remote attackers to gain privileges via a modified xeforum cookie.
Max CVSS
10.0
EPSS Score
0.74%
Published
2007-06-29
Updated
2018-10-16
A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTAudioStudio (NCTAudioStudio2) 2.7, as used by Sienzo DMM and probably other products, allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the CreateFile method, a different product than CVE-2007-3400.
Max CVSS
7.5
EPSS Score
21.65%
Published
2007-06-29
Updated
2021-07-23
Buffer overflow in _mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to have an unknown impact via a malformed TCP/IP message.
Max CVSS
7.5
EPSS Score
2.69%
Published
2007-06-29
Updated
2018-10-16
Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls.
Max CVSS
7.5
EPSS Score
69.97%
Published
2007-06-29
Updated
2017-09-29
Cross-site request forgery (CSRF) vulnerability in pop/WizU.html in the management interface in Check Point VPN-1 Edge X Embedded NGX 7.0.33x on the Check Point VPN-1 UTM Edge allows remote attackers to perform privileged actions as administrators, as demonstrated by a request with the swuuser and swupass parameters, which adds an administrator account. NOTE: the CSRF attack has no timing window because there is no logout capability in the management interface.
Max CVSS
9.3
EPSS Score
1.28%
Published
2007-06-29
Updated
2018-10-16
Heap-based buffer overflow in the viewer ActiveX control in Sony Network Camera SNC-RZ25N before 1.30; SNC-P1 and SNC-P5 before 1.29; SNC-CS10 and SNC-CS11 before 1.06; SNC-DF40N and SNC-DF70N before 1.18; SNC-RZ50N and SNC-CS50N before 2.22; SNC-DF85N, SNC-DF80N, and SNC-DF50N before 1.12; and SNC-RX570N/W, SNC-RX570N/B, SNC-RX550N/W, SNC-RX550N/B, SNC-RX530N/W, and SNC-RX530N/B 3.00 and 2.x before 2.31; allows remote attackers to execute arbitrary code via a long first argument to the PrmSetNetworkParam method.
Max CVSS
10.0
EPSS Score
26.27%
Published
2007-06-29
Updated
2017-09-29
Research in Motion BlackBerry Enterprise Server 4.0 through 4.1 has a default configuration that permits installation of arbitrary third-party applications on BlackBerry devices, which might facilitate loading of malware.
Max CVSS
10.0
EPSS Score
0.36%
Published
2007-06-28
Updated
2017-07-29
Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute.
Max CVSS
7.8
EPSS Score
0.34%
Published
2007-06-28
Updated
2008-11-15
PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to cause a denial of service (infinite loop and resource consumption) via a malformed WDP project file.
Max CVSS
7.1
EPSS Score
0.95%
Published
2007-06-28
Updated
2018-10-16
Buffer overflow in the dtsession Common Desktop Environment (CDE) Session Manager in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.04%
Published
2007-06-28
Updated
2017-09-29
Multiple unspecified vulnerabilities in the KSSL kernel module in Sun Solaris 10, when configured with the KSSL proxy, allow remote attackers to cause a denial of service (kernel panic) via unspecified vectors related to "memory buffers" of Secure Socket Layer (SSL) records.
Max CVSS
7.8
EPSS Score
6.04%
Published
2007-06-28
Updated
2017-09-29
input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a crafted WAV file that causes an uninitialized i_nb_resamplers variable to be used.
Max CVSS
7.8
EPSS Score
2.65%
Published
2007-06-27
Updated
2018-10-16
Integer overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a WAV file with a large sample rate.
Max CVSS
7.8
EPSS Score
3.66%
Published
2007-06-27
Updated
2018-10-16
Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, has a certain default password.
Max CVSS
10.0
EPSS Score
0.40%
Published
2007-06-27
Updated
2018-10-16
Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, does not require entry of the old password when changing the admin password, which might allow attackers to gain privileges by conducting a CSRF attack, making a password change on an unattended workstation, or other vectors.
Max CVSS
8.5
EPSS Score
0.20%
Published
2007-06-27
Updated
2018-10-16
SQL injection vulnerability in property.php in elkagroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
Max CVSS
7.5
EPSS Score
13.92%
Published
2007-06-27
Updated
2017-10-11
Multiple PHP remote file inclusion vulnerabilities in index.php3 in EVA-Web 1.1 through 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) aide or (2) perso parameter.
Max CVSS
7.5
EPSS Score
9.99%
Published
2007-06-27
Updated
2017-10-11
cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to "stored decrypted user logon information."
Max CVSS
10.0
EPSS Score
1.55%
Published
2007-06-27
Updated
2017-07-29
Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to execute arbitrary code via long crafted requests, as demonstrated using a long session cookie to unspecified CGI programs that use this library.
Max CVSS
10.0
EPSS Score
80.30%
Published
2007-06-27
Updated
2017-07-29
SQL injection vulnerability in Papoo 3.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the selmenuid parameter to certain components.
Max CVSS
7.5
EPSS Score
0.86%
Published
2007-06-27
Updated
2018-10-16
SQL injection vulnerability in essentials/minutes/doc.php in eDocStore allows remote attackers to execute arbitrary SQL commands via the doc_id parameter in an inline action.
Max CVSS
7.5
EPSS Score
13.92%
Published
2007-06-27
Updated
2017-10-11
BugMall Shopping Cart 2.5 and earlier has a default username "demo" and password "demo," which allows remote attackers to obtain login access.
Max CVSS
7.5
EPSS Score
1.44%
Published
2007-06-27
Updated
2017-10-11
Buffer overflow in the SIP header parsing module in the Nortel PC Client SIP Soft Phone 4.1 3.5.208[20051015] allows remote attackers to execute arbitrary code via a malformed message, a different vulnerability than CVE-2007-3361.
Max CVSS
7.8
EPSS Score
0.86%
Published
2007-06-27
Updated
2008-11-15
273 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!