|
257621
|
- |
|
lussumo
|
vanilla
|
Multiple SQL injection vulnerabilities in Lussumo Vanilla 1.1.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the CategoryID parameter to ajax/sortcategories.php or (2)…
|
CWE-89
SQL Injection
|
CVE-2007-5643
|
2017-09-29 10:29 |
2007-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257622
|
- |
|
lussumo
|
vanilla
|
Lussumo Vanilla 1.1.3 and earlier does not require admin privileges for (1) ajax/sortcategories.php and (2) ajax/sortroles.php, which allows remote attackers to conduct unauthorized sort operations a…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2007-5644
|
2017-09-29 10:29 |
2007-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257623
|
- |
|
phppm
|
php_project_management
|
Multiple PHP remote file inclusion vulnerabilities in PHP Project Management 0.8.10 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the full_path parameter to (1) certin…
|
CWE-94
Code Injection
|
CVE-2007-5641
|
2017-09-29 10:29 |
2007-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257624
|
- |
|
phppm
|
php_project_management
|
Multiple directory traversal vulnerabilities in PHP Project Management 0.8.10 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the def_lang pa…
|
CWE-22
Path Traversal
|
CVE-2007-5642
|
2017-09-29 10:29 |
2007-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257625
|
- |
|
cisco
|
catos
ios
|
Unspecified vulnerability in the Extensible Authentication Protocol (EAP) implementation in Cisco IOS 12.3 and 12.4 on Cisco Access Points and 1310 Wireless Bridges (Wireless EAP devices), IOS 12.1 a…
|
NVD-CWE-noinfo
|
CVE-2007-5651
|
2017-09-29 10:29 |
2007-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257626
|
- |
|
php
|
php
|
The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, a…
|
CWE-78
OS Command
|
CVE-2007-5653
|
2017-09-29 10:29 |
2007-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257627
|
- |
|
litespeed_technologies
|
litespeed_web_server
|
LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger use of an arbitrary MIME type for a file via a "%00." sequence followed by a new extension, as demonstrated by reading PHP source …
|
CWE-200
Information Exposure
|
CVE-2007-5654
|
2017-09-29 10:29 |
2007-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257628
|
- |
|
adobe
|
acrobat
acrobat_reader
|
Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file that calls an insecure JavaScript method in the EScript.api plug-in. NOTE: this is…
|
CWE-94
Code Injection
|
CVE-2007-5663
|
2017-09-29 10:29 |
2008-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257629
|
- |
|
adobe
|
acrobat
acrobat_reader
|
Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.1 and earlier allows local users to execute arbitrary code via a malicious Security Provider library in the reader's current workin…
|
CWE-94
Code Injection
|
CVE-2007-5666
|
2017-09-29 10:29 |
2008-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257630
|
- |
|
instaguide
|
weather
|
Directory traversal vulnerability in index.php in InstaGuide Weather (aka Weather for PHP) 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files…
|
CWE-22
Path Traversal
|
CVE-2007-5674
|
2017-09-29 10:29 |
2007-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
