271241
|
- |
|
menalto
|
gallery
|
The Gallery Remote module in Menalto Gallery before 2.2.4 does not check permissions for unspecified GR commands, which has unknown impact and attack vectors.
|
NVD-CWE-noinfo CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2007-6690
|
2008-11-15 16:06 |
2008-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
271242
|
- |
|
menalto
|
gallery
|
Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to (1) "hotlink protection" in the URL rewrite module, (2) a WebDAV view in the WebDAV module, (3) a …
|
NVD-CWE-noinfo
|
CVE-2007-6691
|
2008-11-15 16:06 |
2008-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
271243
|
- |
|
menalto
|
gallery
|
Open redirect vulnerability in Menalto Gallery before 2.2.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) Core and (2) print modul…
|
CWE-59
Link Following
|
CVE-2007-6692
|
2008-11-15 16:06 |
2008-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
271244
|
- |
|
menalto
|
gallery_webcam_module
|
Unspecified vulnerability in the WebCam module in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to a "proxied request."
|
NVD-CWE-noinfo
|
CVE-2007-6693
|
2008-11-15 16:06 |
2008-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
271245
|
- |
|
webcalendar
|
webcalendar
|
Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) an event description, (2) the query string to pref.php, …
|
CWE-79
Cross-site Scripting
|
CVE-2007-6696
|
2008-11-15 16:06 |
2008-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
271246
|
- |
|
aol
|
ygp_piceditor_activex_control
|
Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control in YGPPicEdit.dll in AOL You've Got Pictures (YGP) Picture Editor allow remote attackers to cause a denial of service (browser c…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2007-6699
|
2008-11-15 16:06 |
2008-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
271247
|
- |
|
ibm
|
websphere_mq
|
The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon conne…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2007-6705
|
2008-11-15 16:06 |
2008-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
271248
|
- |
|
mozilla
|
firefox
|
Mozilla Firefox allows remote attackers to cause a denial of service (crash) via crafted image, as demonstrated by the zzuf lol-firefox.gif test case.
|
NVD-CWE-noinfo
|
CVE-2007-6715
|
2008-11-15 16:06 |
2008-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
271249
|
- |
|
mantis
|
mantis
|
Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php.
|
CWE-79
Cross-site Scripting
|
CVE-2007-6611
|
2008-11-15 16:05 |
2008-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
271250
|
- |
|
atlassian
|
jira
|
Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA Enterprise Edition before 3.12.1 allows remote attackers to inject arbitrary web script or HTML, which is not properly handled when gen…
|
CWE-79
Cross-site Scripting
|
CVE-2007-6617
|
2008-11-15 16:05 |
2008-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|