|
259321
|
- |
|
ultra_shareware
|
ultra_crypto_component
|
Absolute path traversal vulnerability in a certain ActiveX control in CryptoX.dll 2.0 and earlier in the Ultra Crypto Component allows remote attackers to write to arbitrary files via a full pathname…
|
CWE-22
Path Traversal
|
CVE-2007-4902
|
2017-09-29 10:29 |
2007-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259322
|
- |
|
ultra_shareware
|
ultra_crypto_component
|
Multiple buffer overflows in a certain ActiveX control in CryptoX.dll 2.0 and earlier in the Ultra Crypto Component allow remote attackers to execute arbitrary code via (1) a long string in the first…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2007-4903
|
2017-09-29 10:29 |
2007-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259323
|
- |
|
auracms
|
auracms
|
Unrestricted file upload vulnerability in mod/contak.php in AuraCMS 2.1 allows remote attackers to upload and execute arbitrary PHP files via the image parameter, which places a file under files/.
|
CWE-20
Improper Input Validation
|
CVE-2007-4905
|
2017-09-29 10:29 |
2007-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259324
|
- |
|
qualiteam
|
x-cart
|
Multiple PHP remote file inclusion vulnerabilities in X-Cart allow remote attackers to execute arbitrary PHP code via a URL in the xcart_dir parameter to (1) config.php, (2) prepare.php, (3) smarty.p…
|
CWE-94
Code Injection
|
CVE-2007-4907
|
2017-09-29 10:29 |
2007-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259325
|
- |
|
auracms
|
auracms
|
Directory traversal vulnerability in index.php in AuraCMS 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pilih parameter.
|
CWE-22
Path Traversal
|
CVE-2007-4908
|
2017-09-29 10:29 |
2007-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259326
|
- |
|
cowon_america
|
jetcast_server
|
JSMP3OGGWt.dll in JetCast Server 2.0.0.4308 allows remote attackers to cause a denial of service (daemon crash) via a long .mp3 URI to TCP port 8000. NOTE: some of these details are obtained from th…
|
CWE-20
Improper Input Validation
|
CVE-2007-4911
|
2017-09-29 10:29 |
2007-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259327
|
- |
|
jblog
|
jblog
|
Multiple SQL injection vulnerabilities in JBlog 1.0 allow (1) remote attackers to execute arbitrary SQL commands via the id parameter to index.php, and allow (2) remote authenticated administrators t…
|
CWE-89
SQL Injection
|
CVE-2007-4919
|
2017-09-29 10:29 |
2007-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259328
|
- |
|
php_webquest
|
php_webquest
|
SQL injection vulnerability in soporte_derecha_w.php in PHP Webquest 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter.
|
CWE-89
SQL Injection
|
CVE-2007-4920
|
2017-09-29 10:29 |
2007-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259329
|
- |
|
ajax
|
file_browser
|
PHP remote file inclusion vulnerability in _includes/settings.inc.php in Ajax File Browser 3 Beta allows remote attackers to execute arbitrary PHP code via a URL in the approot parameter.
|
CWE-94
Code Injection
|
CVE-2007-4921
|
2017-09-29 10:29 |
2007-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259330
|
- |
|
jeuxflash
kwsphp
|
jeuxflash_module
kwsphp
|
SQL injection vulnerability in play.php in the jeuxflash 1.0 module for KwsPHP allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a play ac action to index.ph…
|
CWE-89
SQL Injection
|
CVE-2007-4922
|
2017-09-29 10:29 |
2007-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
