|
257001
|
- |
|
wordpress
|
pictpress
|
Multiple directory traversal vulnerabilities in resize.php in the PictPress 0.91 and earlier plugin for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) size or …
|
CWE-22
Path Traversal
|
CVE-2007-6369
|
2017-09-29 10:29 |
2007-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257002
|
- |
|
intuit
microsoft
vantage_linquistics
|
bookkeeping
proseries
quickbooks
quicken
quicktax
turbo_tax
activex
answerworks
|
Multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 ActiveX control in awApi4.dll 4.0.0.42, as used by Vantage Linguistics AnswerWorks, and Intuit Clearly Bookkeeping, ProSeries, QuickB…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2007-6387
|
2017-09-29 10:29 |
2007-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257003
|
- |
|
sh-news
|
sh-news
|
SQL injection vulnerability in patch/comments.php in SH-News 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2007-6391
|
2017-09-29 10:29 |
2007-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257004
|
- |
|
dominion_web
|
dwdirectory
|
SQL injection vulnerability in DWdirectory 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter to the /search URI.
|
CWE-89
SQL Injection
|
CVE-2007-6392
|
2017-09-29 10:29 |
2007-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257005
|
- |
|
ace_image_hosting_script
|
ace_image_hosting_script
|
SQL injection vulnerability in albums.php in Ace Image Hosting Script allows remote authenticated users to execute arbitrary SQL commands via the id parameter in editalbum mode.
|
CWE-89
SQL Injection
|
CVE-2007-6393
|
2017-09-29 10:29 |
2007-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257006
|
- |
|
p3mbo
|
content_injector
|
SQL injection vulnerability in index.php in Content Injector 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter in an expand action.
|
CWE-89
SQL Injection
|
CVE-2007-6394
|
2017-09-29 10:29 |
2007-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257007
|
- |
|
p3mbo
|
content_injector
|
Patch Information - http://www.p3mbo.com/index.php?pg=10004
|
CWE-89
SQL Injection
|
CVE-2007-6394
|
2017-09-29 10:29 |
2007-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257008
|
- |
|
poldoc
|
poldoc_document_management_system
|
Directory traversal vulnerability in download_file.php in PolDoc CMS (aka PDDMS) 0.96 allows remote attackers to read arbitrary files via a .. (dot dot) or absolute pathname in the filename parameter.
|
CWE-22
Path Traversal
|
CVE-2007-6400
|
2017-09-29 10:29 |
2007-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257009
|
- |
|
adultscript
|
adultscript
|
admin/administrator.php in Adult Script 1.6 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication and obtain administrative credent…
|
CWE-255
Credentials Management
|
CVE-2007-6414
|
2017-09-29 10:29 |
2007-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257010
|
- |
|
xen
|
xen
|
The copy_to_user function in the PAL emulation functionality for Xen 3.1.2 and earlier, when running on ia64 systems, allows HVM guest users to access arbitrary physical memory by triggering certain …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2007-6416
|
2017-09-29 10:29 |
2007-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
