|
278101
|
- |
|
serendipity
|
serendipity
|
Cross-site request forgery (CSRF) vulnerability in the mycalendar plugin before 0.13 for Serendipity allows remote attackers to perform actions as blog administrators, which can be leveraged to condu…
|
CWE-352
Origin Validation Error
|
CVE-2007-6390
|
2008-09-6 06:33 |
2007-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278102
|
- |
|
debian
|
debian_linux
|
scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute arbitrary code by invoking scp, as implemented by OpenSSH, with the -F and -o options.
|
CWE-94
Code Injection
|
CVE-2007-6415
|
2008-09-6 06:33 |
2008-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278103
|
- |
|
anon_proxy_server
|
anon_proxy_server
|
Multiple cross-site scripting (XSS) vulnerabilities in Anon Proxy Server before 0.101 allow remote attackers to inject arbitrary web script or HTML via the URI, which is later displayed by (1) log.ph…
|
CWE-79
Cross-site Scripting
|
CVE-2007-6460
|
2008-09-6 06:33 |
2007-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278104
|
- |
|
phprpg
|
phprpg
|
SQL injection vulnerability in index.php in phpRPG 0.8, when magic_qutoes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these d…
|
CWE-89
SQL Injection
|
CVE-2007-6469
|
2008-09-6 06:33 |
2007-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278105
|
- |
|
phprpg
|
phprpg
|
phpRPG 0.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read session ID values in files under tmp/, and then hijack sessions via …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2007-6470
|
2008-09-6 06:33 |
2007-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278106
|
- |
|
phprpg
|
phprpg
|
SQL injection vulnerability in index.php in phpRPG 0.8 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the …
|
CWE-89
SQL Injection
|
CVE-2007-6484
|
2008-09-6 06:33 |
2007-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278107
|
- |
|
xoops
|
xoops
|
The b_system_comments_show function in htdocs/modules/system/blocks/system_blocks.php in XOOPS before 2.0.18 does not check permissions, which allows remote attackers to read the comments in restrict…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2007-6675
|
2008-09-6 06:33 |
2008-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278108
|
- |
|
autonomy
|
keyview_export_sdk
keyview_filter_sdk
keyview_viewer_sdk
|
Heap-based buffer overflow in emlsr.dll before 2.0.0.4 in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK allows remote attackers to execute arbitrary code via a long Content-Type h…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2007-6008
|
2008-09-6 06:32 |
2007-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278109
|
- |
|
bug_software
|
bughotel_reservation_system
|
Unspecified vulnerability in main.php of BugHotel Reservation System before 4.9.9 P3 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. NOTE: th…
|
CWE-287
Improper Authentication
|
CVE-2007-6011
|
2008-09-6 06:32 |
2007-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278110
|
- |
|
wpa_supplicant
|
wpa_supplicant
|
Stack-based buffer overflow in driver_wext.c in wpa_supplicant 0.6.0 and earlier allows remote attackers to cause a denial of service (crash) via crafted TSF data.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2007-6025
|
2008-09-6 06:32 |
2007-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
