|
266401
|
- |
|
mywebland
|
mybloggie
|
myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and …
|
CWE-200
Information Exposure
|
CVE-2007-3650
|
2008-09-5 13:00 |
2008-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266402
|
- |
|
fascript
|
faname
|
class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to obtain sensitive information via a '; (quote semicolon) sequence in the id parameter, which reveals the installatio…
|
CWE-200
Information Exposure
|
CVE-2007-3651
|
2008-09-5 13:00 |
2008-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266403
|
- |
|
fascript
|
faname
|
SQL injection vulnerability in class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might be the same i…
|
CWE-89
SQL Injection
|
CVE-2007-3652
|
2008-09-5 13:00 |
2008-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266404
|
- |
|
dirlist
|
dirlist_php
|
Directory traversal vulnerability in index.php in PHP Directory Lister (dirLIST) before 0.1.1 allows remote attackers to list the contents of a parent directory via a .. (dot dot) in the folder param…
|
CWE-22
Path Traversal
|
CVE-2007-3967
|
2008-09-5 13:00 |
2007-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266405
|
- |
|
dirlist
|
dirlist_php
|
index.php in dirLIST before 0.1.1 allows remote attackers to list the contents of an excluded folder via a modified URL containing the folder name.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2007-3968
|
2008-09-5 13:00 |
2007-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266406
|
- |
|
mozilla
|
mozilla
|
Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metac…
|
CWE-79
Cross-site Scripting
|
CVE-2007-4039
|
2008-09-5 13:00 |
2007-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266407
|
- |
|
microsoft
|
outlook
outlook_express
|
Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbi…
|
CWE-79
Cross-site Scripting
|
CVE-2007-4040
|
2008-09-5 13:00 |
2007-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266408
|
- |
|
securecomputing
|
securityreporter
|
file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence. NOTE…
|
CWE-287
Improper Authentication
|
CVE-2007-4043
|
2008-09-5 13:00 |
2007-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266409
|
- |
|
bitdefender
|
antivirus
internet_security
total_security
|
Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. NOTE: as of 20071029, the only disclosure is a vague pre-advisory wit…
|
NVD-CWE-noinfo
|
CVE-2007-5775
|
2008-09-5 13:00 |
2007-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266410
|
- |
|
contentcustomizer
|
contentcustomizer
|
dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to perform certain privileged actions via a (1) del, (2) delbackup, (3) res, or (4) ren action. NOTE: this issue can be leve…
|
CWE-79
Cross-site Scripting
|
CVE-2007-5817
|
2008-09-5 13:00 |
2007-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
