|
276521
|
- |
|
e-ark
|
e-ark
|
Multiple PHP remote file inclusion vulnerabilities in eArk (e-Ark) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the cfg_vcard_path parameter to src/vcard_inc.php or (2) t…
|
CWE-94
Code Injection
|
CVE-2007-5216
|
2008-11-15 16:00 |
2007-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276522
|
- |
|
uebimiau
|
uebimiau
|
Cross-site scripting (XSS) vulnerability in index.php in Uebimiau 2.7.2 through 2.7.10 allows remote attackers to inject arbitrary web script or HTML via the f_email parameter. NOTE: the provenance …
|
CWE-79
Cross-site Scripting
|
CVE-2007-5235
|
2008-11-15 16:00 |
2007-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276523
|
- |
|
virusblokada
|
vba32_antivirus
|
VirusBlokAda Vba32 AntiVirus 3.12.2 uses weak permissions (Everyone:Write) for its installation directory, which allows local users to gain privileges by replacing application programs, as demonstrat…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2007-5254
|
2008-11-15 16:00 |
2007-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276524
|
- |
|
ilient
|
sysaid
|
Cross-site request forgery (CSRF) vulnerability in Ilient SysAid 4.5.03 and 4.5.04 allows remote attackers to perform some actions as administrators, as demonstrated by changing the administrator pas…
|
CWE-352
Origin Validation Error
|
CVE-2007-5259
|
2008-11-15 16:00 |
2007-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276525
|
- |
|
appfuse
|
appfuse
|
Multiple cross-site scripting (XSS) vulnerabilities in messages.jsp in AppFuse before 2.0 Final allow remote attackers to inject arbitrary web script or HTML via unspecified input that is recorded in…
|
CWE-79
Cross-site Scripting
|
CVE-2007-5280
|
2008-11-15 16:00 |
2007-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276526
|
- |
|
sun
|
java_virtual_machine
|
Interpretation conflict in the Sun Java Virtual Machine (JVM) allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context…
|
CWE-16
CWE-20
Configuration
Improper Input Validation
|
CVE-2007-5375
|
2008-11-15 16:00 |
2007-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276527
|
- |
|
myphppagetool
|
myphppagetool
|
Multiple PHP remote file inclusion vulnerabilities in myphpPagetool 0.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the ptinclude parameter to (1) help1.php, (2) help2.php, (3…
|
CWE-94
Code Injection
|
CVE-2007-4947
|
2008-11-15 15:59 |
2007-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276528
|
- |
|
webmedia_explorer
|
webmedia_explorer
|
Multiple PHP remote file inclusion vulnerabilities in Webmedia Explorer (webmex) 3.2.2 allow remote attackers to execute arbitrary PHP code via (1) a URL in the path_include parameter to includes/rss…
|
CWE-94
Code Injection
|
CVE-2007-4948
|
2008-11-15 15:59 |
2007-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276529
|
- |
|
linux
|
linux_kernel
|
cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing mul…
|
CWE-59
Link Following
|
CVE-2007-4998
|
2008-11-15 15:59 |
2008-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276530
|
- |
|
derek_leung
|
pslash
|
Multiple PHP remote file inclusion vulnerabilities in pSlash 0.70 allow remote attackers to execute arbitrary PHP code via a URL in (1) the lvc_admin_dir parameter to modules/visitors2/admin/view-arc…
|
CWE-94
Code Injection
|
CVE-2007-5014
|
2008-11-15 15:59 |
2007-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
