|
261071
|
- |
|
wordpress
|
wordpress
|
wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cro…
|
CWE-352
Origin Validation Error
|
CVE-2007-4893
|
2017-07-29 10:33 |
2007-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261072
|
- |
|
wordpress
|
wordpress
|
There is an input validation error in the wp-admin/admin-functions.php script when processing the no_filter parameter.
|
CWE-352
Origin Validation Error
|
CVE-2007-4893
|
2017-07-29 10:33 |
2007-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261073
|
- |
|
wordpress
|
wordpress
|
Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to th…
|
CWE-89
SQL Injection
|
CVE-2007-4894
|
2017-07-29 10:33 |
2007-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261074
|
- |
|
invision_power_services
|
invision_power_board
|
Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML int…
|
CWE-79
Cross-site Scripting
|
CVE-2007-4912
|
2017-07-29 10:33 |
2007-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261075
|
- |
|
invision_power_services
|
invision_power_board
|
Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privile…
|
CWE-20
Improper Input Validation
|
CVE-2007-4914
|
2017-07-29 10:33 |
2007-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261076
|
- |
|
jasmine_technologies
|
lettergrade
|
Multiple cross-site scripting (XSS) vulnerabilities in LetterGrade allow remote attackers to inject arbitrary web script or HTML via (1) a student's email address, (2) the year parameter to genbrws/S…
|
CWE-79
Cross-site Scripting
|
CVE-2007-4945
|
2017-07-29 10:33 |
2007-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261077
|
- |
|
jasmine_technologies
|
lettergrade
|
LetterGrade allows remote attackers to obtain sensitive information (installation path or account existence) via unspecified vectors. NOTE: the provenance of this information is unknown; the details …
|
NVD-CWE-noinfo
|
CVE-2007-4946
|
2017-07-29 10:33 |
2007-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261078
|
- |
|
tinywebgallery
|
tinywebgallery
|
Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) 1.6.3.4 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) index.php, (2) i_frames/i_login.p…
|
CWE-79
Cross-site Scripting
|
CVE-2007-4958
|
2017-07-29 10:33 |
2007-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261079
|
- |
|
jelsoft
|
oscmax
|
Cross-site scripting (XSS) vulnerability in catalog_products_with_images.php in osCMax 2.0.0-RC3-0-1 allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance …
|
CWE-79
Cross-site Scripting
|
CVE-2007-4959
|
2017-07-29 10:33 |
2007-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261080
|
- |
|
microsoft
|
isa_server
|
The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of anoth…
|
CWE-200
Information Exposure
|
CVE-2007-4991
|
2017-07-29 10:33 |
2007-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
