273001
|
- |
|
microsoft
|
windows_vista
|
Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer during boot, which allows local users to obtain sen…
|
CWE-200
Information Exposure
|
CVE-2008-3893
|
2008-09-5 13:00 |
2008-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273002
|
- |
|
microsoft
|
windows_vista
|
Upgrade to Vista Service Pack 1
|
CWE-200
Information Exposure
|
CVE-2008-3893
|
2008-09-5 13:00 |
2008-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273003
|
- |
|
apple omnigroup
|
safari webkit omniweb mac_os_x
|
WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as dem…
|
CWE-399
Resource Management Errors
|
CVE-2007-0342
|
2008-09-5 13:00 |
2007-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273004
|
- |
|
php
|
php
|
Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes the same variable to be destr…
|
CWE-189
Numeric Errors
|
CVE-2007-1383
|
2008-09-5 13:00 |
2007-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273005
|
- |
|
exv2
|
content_management_system
|
Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie.
|
CWE-287
Improper Authentication
|
CVE-2007-1966
|
2008-09-5 13:00 |
2007-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273006
|
- |
|
mywebland
|
mybloggie
|
myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and …
|
CWE-200
Information Exposure
|
CVE-2007-3650
|
2008-09-5 13:00 |
2008-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273007
|
- |
|
fascript
|
faname
|
class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to obtain sensitive information via a '; (quote semicolon) sequence in the id parameter, which reveals the installatio…
|
CWE-200
Information Exposure
|
CVE-2007-3651
|
2008-09-5 13:00 |
2008-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273008
|
- |
|
fascript
|
faname
|
SQL injection vulnerability in class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might be the same i…
|
CWE-89
SQL Injection
|
CVE-2007-3652
|
2008-09-5 13:00 |
2008-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273009
|
- |
|
dirlist
|
dirlist_php
|
Directory traversal vulnerability in index.php in PHP Directory Lister (dirLIST) before 0.1.1 allows remote attackers to list the contents of a parent directory via a .. (dot dot) in the folder param…
|
CWE-22
Path Traversal
|
CVE-2007-3967
|
2008-09-5 13:00 |
2007-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273010
|
- |
|
dirlist
|
dirlist_php
|
index.php in dirLIST before 0.1.1 allows remote attackers to list the contents of an excluded folder via a modified URL containing the folder name.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2007-3968
|
2008-09-5 13:00 |
2007-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|