|
268151
|
- |
|
mantis
|
mantis
|
Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php.
|
CWE-79
Cross-site Scripting
|
CVE-2007-6611
|
2008-11-15 16:05 |
2008-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268152
|
- |
|
atlassian
|
jira
|
Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA Enterprise Edition before 3.12.1 allows remote attackers to inject arbitrary web script or HTML, which is not properly handled when gen…
|
CWE-79
Cross-site Scripting
|
CVE-2007-6617
|
2008-11-15 16:05 |
2008-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268153
|
- |
|
atlassian
|
jira
|
JIRA Enterprise Edition before 3.12.1 allows remote attackers to delete another user's shared filter via a modified filter ID.
|
NVD-CWE-Other
|
CVE-2007-6618
|
2008-11-15 16:05 |
2008-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268154
|
- |
|
atlassian
|
jira
|
The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2007-6619
|
2008-11-15 16:05 |
2008-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268155
|
- |
|
joomla
|
joomla
|
Cross-site scripting (XSS) vulnerability in the com_poll component in Joomla! before 1.5 RC4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2007-6643
|
2008-11-15 16:05 |
2008-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268156
|
- |
|
joomla
|
joomla
|
Joomla! before 1.5 RC4 allows remote authenticated administrators to promote arbitrary users to the administrator group, in violation of the intended security model.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2007-6644
|
2008-11-15 16:05 |
2008-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268157
|
- |
|
joomla
|
joomla
|
Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote authenticated users to gain privileges via unspecified vectors, aka "registered user privilege escalation vulnerability."
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2007-6645
|
2008-11-15 16:05 |
2008-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268158
|
- |
|
fusion_news
|
fusion_news
|
Cross-site request forgery (CSRF) vulnerability in Fusion News 3.9.0 allows remote attackers to perform unauthorized actions via unspecified vectors.
|
CWE-352
Origin Validation Error
|
CVE-2007-6300
|
2008-11-15 16:04 |
2007-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268159
|
- |
|
httplogger
|
httplogger
|
Cross-site scripting (XSS) vulnerability in HttpLogger 0.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2007-6308
|
2008-11-15 16:04 |
2007-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268160
|
- |
|
drupal
|
feature_module
|
Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks.
|
CWE-352
Origin Validation Error
|
CVE-2007-6320
|
2008-11-15 16:04 |
2007-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
