271241
|
- |
|
virusblokada
|
vba32_antivirus
|
VirusBlokAda Vba32 AntiVirus 3.12.2 uses weak permissions (Everyone:Write) for its installation directory, which allows local users to gain privileges by replacing application programs, as demonstrat…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2007-5254
|
2008-11-15 16:00 |
2007-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
271242
|
- |
|
ilient
|
sysaid
|
Cross-site request forgery (CSRF) vulnerability in Ilient SysAid 4.5.03 and 4.5.04 allows remote attackers to perform some actions as administrators, as demonstrated by changing the administrator pas…
|
CWE-352
Origin Validation Error
|
CVE-2007-5259
|
2008-11-15 16:00 |
2007-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
271243
|
- |
|
appfuse
|
appfuse
|
Multiple cross-site scripting (XSS) vulnerabilities in messages.jsp in AppFuse before 2.0 Final allow remote attackers to inject arbitrary web script or HTML via unspecified input that is recorded in…
|
CWE-79
Cross-site Scripting
|
CVE-2007-5280
|
2008-11-15 16:00 |
2007-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
271244
|
- |
|
sun
|
java_virtual_machine
|
Interpretation conflict in the Sun Java Virtual Machine (JVM) allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context…
|
CWE-16 CWE-20
Configuration Improper Input Validation
|
CVE-2007-5375
|
2008-11-15 16:00 |
2007-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
271245
|
- |
|
myphppagetool
|
myphppagetool
|
Multiple PHP remote file inclusion vulnerabilities in myphpPagetool 0.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the ptinclude parameter to (1) help1.php, (2) help2.php, (3…
|
CWE-94
Code Injection
|
CVE-2007-4947
|
2008-11-15 15:59 |
2007-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
271246
|
- |
|
webmedia_explorer
|
webmedia_explorer
|
Multiple PHP remote file inclusion vulnerabilities in Webmedia Explorer (webmex) 3.2.2 allow remote attackers to execute arbitrary PHP code via (1) a URL in the path_include parameter to includes/rss…
|
CWE-94
Code Injection
|
CVE-2007-4948
|
2008-11-15 15:59 |
2007-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
271247
|
- |
|
linux
|
linux_kernel
|
cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing mul…
|
CWE-59
Link Following
|
CVE-2007-4998
|
2008-11-15 15:59 |
2008-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
271248
|
- |
|
derek_leung
|
pslash
|
Multiple PHP remote file inclusion vulnerabilities in pSlash 0.70 allow remote attackers to execute arbitrary PHP code via a URL in (1) the lvc_admin_dir parameter to modules/visitors2/admin/view-arc…
|
CWE-94
Code Injection
|
CVE-2007-5014
|
2008-11-15 15:59 |
2007-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
271249
|
- |
|
apache
|
geronimo
|
Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vecto…
|
CWE-287
Improper Authentication
|
CVE-2007-5085
|
2008-11-15 15:59 |
2007-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
271250
|
- |
|
guanxicrm
|
guanxicrm_business_solution
|
PHP remote file inclusion vulnerability in modules/webmail2/inc/rfc822.php in guanxiCRM Business Solution 0.9.1 allows remote attackers to execute arbitrary PHP code via a URL in the webmail2_inc_dir…
|
CWE-94
Code Injection
|
CVE-2007-5096
|
2008-11-15 15:59 |
2007-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|