|
276471
|
- |
|
atlassian
|
jira
|
The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2007-6619
|
2008-11-15 16:05 |
2008-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276472
|
- |
|
joomla
|
joomla
|
Cross-site scripting (XSS) vulnerability in the com_poll component in Joomla! before 1.5 RC4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2007-6643
|
2008-11-15 16:05 |
2008-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276473
|
- |
|
joomla
|
joomla
|
Joomla! before 1.5 RC4 allows remote authenticated administrators to promote arbitrary users to the administrator group, in violation of the intended security model.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2007-6644
|
2008-11-15 16:05 |
2008-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276474
|
- |
|
joomla
|
joomla
|
Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote authenticated users to gain privileges via unspecified vectors, aka "registered user privilege escalation vulnerability."
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2007-6645
|
2008-11-15 16:05 |
2008-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276475
|
- |
|
fusion_news
|
fusion_news
|
Cross-site request forgery (CSRF) vulnerability in Fusion News 3.9.0 allows remote attackers to perform unauthorized actions via unspecified vectors.
|
CWE-352
Origin Validation Error
|
CVE-2007-6300
|
2008-11-15 16:04 |
2007-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276476
|
- |
|
httplogger
|
httplogger
|
Cross-site scripting (XSS) vulnerability in HttpLogger 0.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2007-6308
|
2008-11-15 16:04 |
2007-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276477
|
- |
|
drupal
|
feature_module
|
Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks.
|
CWE-352
Origin Validation Error
|
CVE-2007-6320
|
2008-11-15 16:04 |
2007-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276478
|
- |
|
microsoft
|
access
|
Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2007-6357
|
2008-11-15 16:04 |
2007-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276479
|
- |
|
ibm
|
tivoli_netcool_security_manager
|
IBM Tivoli Netcool Security Manager 1.3.0 before Interim Fix 1, when using Active Directory (AD) LDAP authentication, allows remote attackers to obtain login access via unspecified vectors without en…
|
CWE-79
Cross-site Scripting
|
CVE-2007-6363
|
2008-11-15 16:04 |
2007-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276480
|
- |
|
francisco_burzi
|
php-nuke
|
Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the filename parameter, a …
|
CWE-22
Path Traversal
|
CVE-2007-6376
|
2008-11-15 16:04 |
2007-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
