|
268501
|
- |
|
drupal
|
feature_module
|
Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks.
|
CWE-352
Origin Validation Error
|
CVE-2007-6320
|
2008-11-15 16:04 |
2007-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268502
|
- |
|
microsoft
|
access
|
Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2007-6357
|
2008-11-15 16:04 |
2007-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268503
|
- |
|
ibm
|
tivoli_netcool_security_manager
|
IBM Tivoli Netcool Security Manager 1.3.0 before Interim Fix 1, when using Active Directory (AD) LDAP authentication, allows remote attackers to obtain login access via unspecified vectors without en…
|
CWE-79
Cross-site Scripting
|
CVE-2007-6363
|
2008-11-15 16:04 |
2007-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268504
|
- |
|
francisco_burzi
|
php-nuke
|
Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the filename parameter, a …
|
CWE-22
Path Traversal
|
CVE-2007-6376
|
2008-11-15 16:04 |
2007-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268505
|
- |
|
debian
|
debian_linux
|
The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process a…
|
CWE-200
Information Exposure
|
CVE-2007-6418
|
2008-11-15 16:04 |
2007-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268506
|
- |
|
flyspray
|
flyspray
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flyspray 0.9.9 through 0.9.9.3 allow remote attackers to inject arbitrary web script or HTML via (1) the query string in an index a…
|
CWE-79
Cross-site Scripting
|
CVE-2007-6461
|
2008-11-15 16:04 |
2007-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268507
|
- |
|
php_real_estate_script
|
classifieds
|
Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in PHP Real Estate Classifieds allow remote attackers to inject arbitrary web script or HTML via unspecified "text areas/boxes."
|
CWE-79
Cross-site Scripting
|
CVE-2007-6463
|
2008-11-15 16:04 |
2007-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268508
|
- |
|
testlink
|
testlink
|
TestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors.
|
CWE-287
Improper Authentication
|
CVE-2007-6006
|
2008-11-15 16:03 |
2007-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268509
|
- |
|
acdsee
|
photo_editor
photo_manager
pro_photo_manager
|
Multiple buffer overflows in ACD products allow user-assisted remote attackers to execute arbitrary code via a long section string in a (1) XBM or (2) XPM file to (a) ID_X.apl or (b) IDE_ACDStd.apl. …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2007-6009
|
2008-11-15 16:03 |
2007-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268510
|
- |
|
pioneers
|
pioneers
|
Unspecified vulnerability in pioneers (formerly gnocatan) 0.11.3 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors that trigger an assert error. NOTE: this …
|
CWE-20
Improper Input Validation
|
CVE-2007-6010
|
2008-11-15 16:03 |
2007-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
