268501
|
- |
|
ossigeno
|
cms
|
Multiple PHP remote file inclusion vulnerabilities in Ossigeno CMS 2.2 pre1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) level parameter to (a) install_module.php and (b)…
|
CWE-20
Improper Input Validation
|
CVE-2007-6218
|
2008-11-15 16:03 |
2007-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268502
|
- |
|
work_system_e-commerce
|
work_system_e-commerce
|
Unspecified vulnerability in WORK system e-commerce before 4.0.2 has unknown impact and attack vectors related to "Ajax pages."
|
NVD-CWE-noinfo
|
CVE-2007-5801
|
2008-11-15 16:02 |
2007-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268503
|
- |
|
ssreader
|
ultra_star_reader
|
Buffer overflow in the register function in Ultra Star Reader ActiveX control in SSReader allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild. NOTE: t…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2007-5807
|
2008-11-15 16:02 |
2007-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268504
|
- |
|
contentcustomizer
|
contentcustomizer
|
dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to obtain sensitive author credentials by making a request with an editauthor action, then reading the value of the newlocalp…
|
CWE-200
Information Exposure
|
CVE-2007-5816
|
2008-11-15 16:02 |
2007-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268505
|
- |
|
avaya
|
message_networking messaging_storage_server
|
Unspecified vulnerability in the administrative interface in Avaya Messaging Storage Server (MSS) 3.1 before SP1, and Message Networking (MN) 3.1, allows remote attackers to cause a denial of service…
|
NVD-CWE-noinfo CWE-20
Improper Input Validation
|
CVE-2007-5830
|
2008-11-15 16:02 |
2007-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268506
|
- |
|
ssl-explorer
|
ssl-explorer
|
Unspecified vulnerability in selectLanguage.do in SSL-Explorer before 0.2.15 allows remote attackers to inject (1) headers or (2) body data in an HTTP transaction, a different vulnerability than CVE-…
|
NVD-CWE-noinfo CWE-20
Improper Input Validation
|
CVE-2007-5832
|
2008-11-15 16:02 |
2007-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268507
|
- |
|
easygb
|
easygb
|
Directory traversal vulnerability in index.php in easyGB 2.1.1 allows remote attackers to include arbitrary files via the DatabaseType parameter. NOTE: the provenance of this information is unknown;…
|
NVD-CWE-Other
|
CVE-2007-5890
|
2008-11-15 16:02 |
2007-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268508
|
- |
|
heimdal
|
heimdal
|
The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2007-5939
|
2008-11-15 16:02 |
2007-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268509
|
- |
|
helioscalendar
|
helios_calendar
|
Cross-site scripting (XSS) vulnerability in admin/index.php in Helios Calendar 1.2.1 Beta allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: the provena…
|
CWE-79
Cross-site Scripting
|
CVE-2007-5952
|
2008-11-15 16:02 |
2007-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268510
|
- |
|
x7_group
|
x7_chat
|
Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4, 2.0.5, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) room parameter to so…
|
CWE-79
Cross-site Scripting
|
CVE-2007-5982
|
2008-11-15 16:02 |
2007-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|