259601
|
9.3 |
HIGH
|
zziplib
|
zziplib
|
Stack-based buffer overflow in the zzip_open_shared_io function in zzip/file.c in ZZIPlib Library before 0.13.49 allows user-assisted remote attackers to cause a denial of service (application crash)…
|
NVD-CWE-Other
|
CVE-2007-1614
|
2011-03-8 11:52 |
2007-03-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259602
|
7.5 |
HIGH
|
realguestbook
|
realguestbook
|
Multiple SQL injection vulnerabilities in realGuestbook 5.01 allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) homepage, and (4) text parameters to save_entry.…
|
NVD-CWE-Other
|
CVE-2007-1624
|
2011-03-8 11:52 |
2007-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259603
|
4.3 |
MEDIUM
|
realguestbook
|
realguestbook
|
Cross-site scripting (XSS) vulnerability in save_entry.php in realGuestbook 5.01 allows remote attackers to inject arbitrary web script or HTML via the homepage parameter, as reachable through add_en…
|
NVD-CWE-Other
|
CVE-2007-1625
|
2011-03-8 11:52 |
2007-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259604
|
7.5 |
HIGH
|
typolight
|
typolight_webcms
|
Unspecified vulnerability in TYPOlight webCMS before 2.2 Build 5 has unknown impact and attack vectors related to a "major security hole."
|
NVD-CWE-noinfo
|
CVE-2007-1632
|
2011-03-8 11:52 |
2007-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259605
|
9.3 |
HIGH
|
ipswitch
|
imail imail_plus imail_premium ipswitch_collaboration_suite
|
Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Conn…
|
NVD-CWE-Other
|
CVE-2007-1637
|
2011-03-8 11:52 |
2007-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259606
|
9.3 |
HIGH
|
ipswitch
|
imail imail_plus imail_premium ipswitch_collaboration_suite
|
Upgrade to version 2006.2.
|
NVD-CWE-Other
|
CVE-2007-1637
|
2011-03-8 11:52 |
2007-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259607
|
7.5 |
HIGH
|
katalog_plyt_audio
|
katalog_plyt_audio
|
Multiple SQL injection vulnerabilities in index.php in Katalog Plyt Audio 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fraza and (2) litera parameters, differe…
|
NVD-CWE-Other
|
CVE-2007-1656
|
2011-03-8 11:52 |
2007-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259608
|
6.8 |
MEDIUM
|
flyspray
|
flyspray
|
Flyspray 0.9.9, when output_buffering is disabled or "set to a low value," allows remote attackers to bypass authentication via a crafted post request.
|
NVD-CWE-Other
|
CVE-2007-1788
|
2011-03-8 11:52 |
2007-03-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259609
|
6.8 |
MEDIUM
|
flyspray
|
flyspray
|
Flyspray 0.9.9 allows remote attackers to obtain sensitive information (private project summaries) via direct requests.
|
NVD-CWE-Other
|
CVE-2007-1789
|
2011-03-8 11:52 |
2007-03-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259610
|
6.0 |
MEDIUM
|
web-app.org
|
webapp
|
Multiple unspecified vulnerabilities in form input validation in web-app.org WebAPP before 0.9.9.6 allow remote authenticated users to corrupt data files, gain access to private files, and execute ar…
|
NVD-CWE-Other
|
CVE-2007-1827
|
2011-03-8 11:52 |
2007-04-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259611
|
3.5 |
LOW
|
web-app.org
|
webapp
|
Multiple cross-site scripting (XSS) vulnerabilities in web-app.org WebAPP before 0.9.9.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the QUERY_STRING corresponding…
|
NVD-CWE-Other
|
CVE-2007-1828
|
2011-03-8 11:52 |
2007-04-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259612
|
6.0 |
MEDIUM
|
web-app.org
|
webapp
|
web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to open files and write "wrong data" via a crafted QUERY_STRING.
|
NVD-CWE-Other
|
CVE-2007-1831
|
2011-03-8 11:52 |
2007-04-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259613
|
5.0 |
MEDIUM
|
web-app.org
|
webapp
|
web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to upload certain files (1) via a crafted filename or (2) by "using percent encoding in forms."
|
NVD-CWE-Other
|
CVE-2007-1832
|
2011-03-8 11:52 |
2007-04-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259614
|
10.0 |
HIGH
|
mohachat
|
moha_chat
|
MOHA Chat 0.1b7 and earlier does not require authentication for use of the plug in API, which has unknown impact and attack vectors.
|
NVD-CWE-Other
|
CVE-2007-0954
|
2011-03-8 11:51 |
2007-02-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259615
|
7.8 |
HIGH
|
cisco
|
firewall_services_module
|
Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.3), when set to log at the "debug" level, allows remote attackers to cause a denial of service (device reboot) by s…
|
NVD-CWE-Other
|
CVE-2007-0963
|
2011-03-8 11:51 |
2007-02-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259616
|
5.4 |
MEDIUM
|
cisco
|
firewall_services_module
|
Cisco FWSM 3.x before 3.1(3.18), when authentication is configured to use "aaa authentication match" or "aaa authentication include", allows remote attackers to cause a denial of service (device rebo…
|
NVD-CWE-Other
|
CVE-2007-0964
|
2011-03-8 11:51 |
2007-02-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259617
|
7.8 |
HIGH
|
cisco
|
firewall_services_module
|
Cisco FWSM 3.x before 3.1(3.2), when authentication is configured to use "aaa authentication match" or "aaa authentication include", allows remote attackers to cause a denial of service (device reboo…
|
NVD-CWE-Other
|
CVE-2007-0965
|
2011-03-8 11:51 |
2007-02-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259618
|
7.5 |
HIGH
|
ian_bezanson
|
dropbox
|
Multiple unspecified vulnerabilities in Ian Bezanson DropBox before 0.0.4 beta have unknown impact and attack vectors, possibly related to a variable extraction vulnerability.
|
NVD-CWE-Other
|
CVE-2007-0974
|
2011-03-8 11:51 |
2007-02-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259619
|
5.0 |
MEDIUM
|
apache_stats
|
apache_stats
|
Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUE…
|
NVD-CWE-Other
|
CVE-2007-0975
|
2011-03-8 11:51 |
2007-02-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259620
|
5.0 |
MEDIUM
|
lifetype
|
lifetype
|
Unspecified vulnerability in LifeType before 1.1.6, and 1.2 before 1.2-beta2, allows remote attackers to obtain sensitive information (file contents) via a "crafted URL."
|
CWE-200
情報漏えい
|
CVE-2007-0979
|
2011-03-8 11:51 |
2007-02-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259621
|
10.0 |
HIGH
|
hp
|
serviceguard_for_linux
|
Unspecified vulnerability in HP Serviceguard for Linux; packaged for SuSE SLES8 and United Linux 1.0 before SG A.11.15.07, SuSE SLES9 and SLES10 before SG A.11.16.10, and Red Hat Enterprise Linux (RH…
|
NVD-CWE-noinfo
|
CVE-2007-0980
|
2011-03-8 11:51 |
2007-02-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259622
|
7.5 |
HIGH
|
aktueldownload
|
aktueldownload_haber_script
|
SQL injection vulnerability in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via certain vectors related to the HaberDetay.asp and rss.asp components, and the …
|
NVD-CWE-Other
|
CVE-2007-1016
|
2011-03-8 11:51 |
2007-02-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259623
|
4.4 |
MEDIUM
|
ibm
|
db2
|
Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file.
|
CWE-59
リンク解釈の問題
|
CVE-2007-1027
|
2011-03-8 11:51 |
2007-02-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259624
|
7.5 |
HIGH
|
distributed_checksum_clearinghouse
|
dcc
|
Unspecified vulnerability in Distributed Checksum Clearinghouse (DCC) before 1.3.51 allows remote attackers to delete or add hosts in /var/dcc/maps.
|
NVD-CWE-Other
|
CVE-2007-1047
|
2011-03-8 11:51 |
2007-02-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259625
|
4.3 |
MEDIUM
|
wordpress
|
wordpress
|
Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote …
|
NVD-CWE-Other
|
CVE-2007-1049
|
2011-03-8 11:51 |
2007-02-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259626
|
7.8 |
HIGH
|
apple
|
mac_os_x mac_os_x_server
|
Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a…
|
NVD-CWE-Other
|
CVE-2007-1071
|
2011-03-8 11:51 |
2007-02-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259627
|
6.4 |
MEDIUM
|
novell
|
zenworks
|
Unspecified vulnerability in Novell ZENworks 7 Desktop Management Support Pack 1 before Hot patch 3 (ZDM7SP1HP3) allows remote attackers to upload images to certain folders that were not configured i…
|
NVD-CWE-Other
|
CVE-2007-1119
|
2011-03-8 11:51 |
2007-02-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259628
|
6.4 |
MEDIUM
|
zephyrsoft_toolbox
|
address_book_continued
|
Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 and 1.01 allow remote attackers to execute arbitrary SQL commands via the id para…
|
NVD-CWE-Other
|
CVE-2007-1122
|
2011-03-8 11:51 |
2007-02-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259629
|
10.0 |
HIGH
|
watchtower
|
watchtower
|
Unspecified vulnerability in Watchtower (WT) before 0.12 has unknown impact and attack vectors, related to "unauthorized accounts."
|
NVD-CWE-noinfo
|
CVE-2007-1134
|
2011-03-8 11:51 |
2007-03-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259630
|
10.0 |
HIGH
|
watchtower
|
watchtower
|
Watchtower is prone to an unspecified authentication-bypass vulnerability.
An attacker can exploit this issue to gain unauthorized access to the application.
Versions prior to 0.12 are vulnerab…
|
NVD-CWE-noinfo
|
CVE-2007-1134
|
2011-03-8 11:51 |
2007-03-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259631
|
10.0 |
HIGH
|
watchtower
|
watchtower
|
The vendor has released version 0.12 to address this issue.
Download: http://downloads.sourceforge.net/wtelements/wt0.12.tar.gz?modtime=1171 460836&big_mirror=0
|
NVD-CWE-noinfo
|
CVE-2007-1134
|
2011-03-8 11:51 |
2007-03-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259632
|
6.8 |
MEDIUM
|
sourceforge
|
webmplayer
|
Multiple SQL injection vulnerabilities in WebMplayer before 0.6.1-Alpha allow remote attackers to execute arbitrary SQL commands via the (1) strid parameter to index.php and the (2) id[0] or other id…
|
NVD-CWE-Other
|
CVE-2007-1135
|
2011-03-8 11:51 |
2007-03-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259633
|
6.8 |
MEDIUM
|
webmplayer
|
webmplayer
|
index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to execute arbitrary code via shell metacharacters in an exec function call. NOTE: some sources have referred to this as eval injec…
|
CWE-20
不適切な入力確認
|
CVE-2007-1136
|
2011-03-8 11:51 |
2007-03-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259634
|
7.5 |
HIGH
|
trend_micro
|
serverprotect
|
Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 allows remote attackers to access arbitrary web pages and reconfigure the product via HTTP requests with the splx_2376_in…
|
NVD-CWE-Other
|
CVE-2007-1168
|
2011-03-8 11:51 |
2007-03-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259635
|
4.3 |
MEDIUM
|
web-app.org
|
webapp
|
Cross-site scripting (XSS) vulnerability in an admin feature in WebAPP before 20070209 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
NVD-CWE-Other
|
CVE-2007-1175
|
2011-03-8 11:51 |
2007-03-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259636
|
5.8 |
MEDIUM
|
web-app.org
|
webapp
|
WebAPP before 0.9.9.5 does not properly filter certain characters in contexts related to (1) the query string, (2) Profiles, (3) the Forum Post icon field, (4) the Edit Profile, and (5) the Gallery, …
|
NVD-CWE-Other
|
CVE-2007-1177
|
2011-03-8 11:51 |
2007-03-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259637
|
7.5 |
HIGH
|
web-app.org
|
webapp
|
WebAPP before 0.9.9.5 does not check access in certain contexts related to (1) Calendar Administration, (2) Instant Messages Administration, and (3) the Image Uploader, which has unknown impact and a…
|
NVD-CWE-Other
|
CVE-2007-1178
|
2011-03-8 11:51 |
2007-03-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259638
|
5.0 |
MEDIUM
|
web-app.org
|
webapp
|
WebAPP before 0.9.9.5 does not properly manage e-mail addresses in certain contexts related to (1) the Recommend feature, Email Article (2) senders and (3) recipients, (4) New User Approval, (5) Edit…
|
NVD-CWE-Other
|
CVE-2007-1179
|
2011-03-8 11:51 |
2007-03-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259639
|
4.3 |
MEDIUM
|
web-app.org
|
webapp
|
WebAPP before 0.9.9.5 does not check referrers in certain forms, which might facilitate remote cross-site request forgery (CSRF) attacks or have other unknown impact.
|
NVD-CWE-Other
|
CVE-2007-1180
|
2011-03-8 11:51 |
2007-03-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259640
|
5.0 |
MEDIUM
|
web-app.org
|
webapp
|
WebAPP before 0.9.9.5 passes (1) Unused Informations and (2) the username through Edit Profile forms, which has unknown impact and attack vectors.
|
NVD-CWE-Other
|
CVE-2007-1181
|
2011-03-8 11:51 |
2007-03-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259641
|
6.4 |
MEDIUM
|
web-app.org
|
webapp
|
WebAPP before 0.9.9.5 allows remote Guest users to edit a Guest profile, which has unknown impact.
|
NVD-CWE-Other
|
CVE-2007-1182
|
2011-03-8 11:51 |
2007-03-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259642
|
7.5 |
HIGH
|
web-app.org
|
webapp
|
WebAPP before 0.9.9.5 allows remote authenticated users to spoof another user's Real Name via whitespace, which has unknown impact and attack vectors.
|
NVD-CWE-Other
|
CVE-2007-1183
|
2011-03-8 11:51 |
2007-03-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259643
|
5.0 |
MEDIUM
|
web-app.org
|
webapp
|
The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA setting of "no," which makes it easier for automated programs to submit false data.
|
CWE-16
環境設定
|
CVE-2007-1184
|
2011-03-8 11:51 |
2007-03-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259644
|
5.0 |
MEDIUM
|
web-app.org
|
webapp
|
The (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval forms in WebAPP before 0.9.9.5 use hidden inputs, which has unknown impact and remote attack vectors.
|
NVD-CWE-Other
|
CVE-2007-1185
|
2011-03-8 11:51 |
2007-03-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259645
|
5.0 |
MEDIUM
|
web-app.org
|
webapp
|
WebAPP before 0.9.9.5 does not "censor" the Latest Member real name, which has unknown impact.
|
NVD-CWE-Other
|
CVE-2007-1186
|
2011-03-8 11:51 |
2007-03-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259646
|
5.5 |
MEDIUM
|
web-app.org
|
webapp
|
WebAPP before 0.9.9.5 allows remote authenticated users, without admin privileges, to obtain sensitive information via (1) the Forum Archive feature and (2) Recent Searches.
|
NVD-CWE-Other
|
CVE-2007-1187
|
2011-03-8 11:51 |
2007-03-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259647
|
7.5 |
HIGH
|
web-app.org
|
webapp
|
WebAPP before 0.9.9.5 allows remote attackers to submit Search form input that is not checked for (1) composition or (2) length, which has unknown impact, possibly related to "search form hijacking".
|
NVD-CWE-Other
|
CVE-2007-1188
|
2011-03-8 11:51 |
2007-03-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259648
|
9.3 |
HIGH
|
orangehrm
|
orangehrm
|
Multiple unspecified vulnerabilities in the Login page in OrangeHRM before 20070212 have unknown impact and attack vectors.
|
NVD-CWE-Other
|
CVE-2007-1193
|
2011-03-8 11:51 |
2007-03-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259649
|
9.3 |
HIGH
|
orangehrm
|
orangehrm
|
Successful exploitation requires that "magic_quotes_gpc" is disabled.
|
NVD-CWE-Other
|
CVE-2007-1193
|
2011-03-8 11:51 |
2007-03-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259650
|
5.8 |
MEDIUM
|
wordpress
|
wordpress
|
Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via (1) the Referer HTTP…
|
NVD-CWE-Other
|
CVE-2007-1230
|
2011-03-8 11:51 |
2007-03-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|