249301
|
7.5 |
HIGH
|
mybb
|
mybb
|
SQL injection vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.4.1 allows remote attackers to execute arbitrary SQL commands via a certain editor field.
|
CWE-89
SQLインジェクション
|
CVE-2008-3965
|
2008-11-15 16:19 |
2008-09-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249302
|
7.5 |
HIGH
|
mybb
|
mybb
|
Patch information - http://community.mybboard.net/showthread.php?tid=36022
|
CWE-89
SQLインジェクション
|
CVE-2008-3965
|
2008-11-15 16:19 |
2008-09-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249303
|
4.3 |
MEDIUM
|
mybb
|
mybb
|
Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via (1) a certain referrer field in usercp…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2008-3966
|
2008-11-15 16:19 |
2008-09-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249304
|
4.3 |
MEDIUM
|
mybb
|
mybb
|
Patch information - http://community.mybboard.net/showthread.php?tid=36022
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2008-3966
|
2008-11-15 16:19 |
2008-09-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249305
|
7.5 |
HIGH
|
mybb
|
mybb
|
moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not properly check for moderator privileges, which has unknown impact and remote attack vectors.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2008-3967
|
2008-11-15 16:19 |
2008-09-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249306
|
7.5 |
HIGH
|
mybb
|
mybb
|
Patch information - http://community.mybboard.net/showthread.php?tid=36022
|
CWE-264
認可・権限・アクセス制御
|
CVE-2008-3967
|
2008-11-15 16:19 |
2008-09-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249307
|
7.5 |
HIGH
|
phpcredo
|
phcdownload
|
SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to execute arbitrary SQL commands via the string parameter.
|
CWE-89
SQLインジェクション
|
CVE-2007-6670
|
2008-11-15 16:06 |
2008-01-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249308
|
10.0 |
HIGH
|
menalto
|
gallery_publish_xp_module
|
Unspecified vulnerability in the Publish XP module Menalto Gallery before 2.2.4 allows attackers to create albums and upload files via unknown vectors.
|
NVD-CWE-noinfo CWE-264
認可・権限・アクセス制御
|
CVE-2007-6685
|
2008-11-15 16:06 |
2008-01-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249309
|
10.0 |
HIGH
|
menalto
|
gallery
|
The URL rewrite module in Menalto Gallery before 2.2.4 allows attackers to include and execute arbitrary local files via unknown vectors related to the admin controller.
|
NVD-CWE-noinfo
|
CVE-2007-6686
|
2008-11-15 16:06 |
2008-01-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249310
|
4.3 |
MEDIUM
|
menalto
|
gallery
|
Multiple cross-site scripting (XSS) vulnerabilities in Menalto Gallery before 2.2.4 allow remote attackers to inject arbitrary web script or HTML via crafted filenames to the (1) Core or (2) add-item…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2007-6687
|
2008-11-15 16:06 |
2008-01-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249311
|
7.5 |
HIGH
|
menalto
|
gallery
|
Menalto Gallery before 2.2.4 does not properly check for malicious file extensions during file uploads, which allows attackers to execute arbitrary code via the (1) Core application or (2) MIME modul…
|
CWE-20
不適切な入力確認
|
CVE-2007-6689
|
2008-11-15 16:06 |
2008-01-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249312
|
10.0 |
HIGH
|
menalto
|
gallery
|
The Gallery Remote module in Menalto Gallery before 2.2.4 does not check permissions for unspecified GR commands, which has unknown impact and attack vectors.
|
NVD-CWE-noinfo CWE-264
認可・権限・アクセス制御
|
CVE-2007-6690
|
2008-11-15 16:06 |
2008-01-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249313
|
10.0 |
HIGH
|
menalto
|
gallery
|
Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to (1) "hotlink protection" in the URL rewrite module, (2) a WebDAV view in the WebDAV module, (3) a …
|
NVD-CWE-noinfo
|
CVE-2007-6691
|
2008-11-15 16:06 |
2008-01-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249314
|
6.4 |
MEDIUM
|
menalto
|
gallery
|
Open redirect vulnerability in Menalto Gallery before 2.2.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) Core and (2) print modul…
|
CWE-59
リンク解釈の問題
|
CVE-2007-6692
|
2008-11-15 16:06 |
2008-01-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249315
|
10.0 |
HIGH
|
menalto
|
gallery_webcam_module
|
Unspecified vulnerability in the WebCam module in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to a "proxied request."
|
NVD-CWE-noinfo
|
CVE-2007-6693
|
2008-11-15 16:06 |
2008-01-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249316
|
2.1 |
LOW
|
webcalendar
|
webcalendar
|
Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) an event description, (2) the query string to pref.php, …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2007-6696
|
2008-11-15 16:06 |
2008-02-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249317
|
4.3 |
MEDIUM
|
aol
|
ygp_piceditor_activex_control
|
Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control in YGPPicEdit.dll in AOL You've Got Pictures (YGP) Picture Editor allow remote attackers to cause a denial of service (browser c…
|
CWE-119
バッファエラー
|
CVE-2007-6699
|
2008-11-15 16:06 |
2008-02-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249318
|
3.3 |
LOW
|
ibm
|
websphere_mq
|
The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon conne…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2007-6705
|
2008-11-15 16:06 |
2008-03-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249319
|
4.3 |
MEDIUM
|
mozilla
|
firefox
|
Mozilla Firefox allows remote attackers to cause a denial of service (crash) via crafted image, as demonstrated by the zzuf lol-firefox.gif test case.
|
NVD-CWE-noinfo
|
CVE-2007-6715
|
2008-11-15 16:06 |
2008-04-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249320
|
4.3 |
MEDIUM
|
mantis
|
mantis
|
Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2007-6611
|
2008-11-15 16:05 |
2008-01-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249321
|
4.3 |
MEDIUM
|
atlassian
|
jira
|
Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA Enterprise Edition before 3.12.1 allows remote attackers to inject arbitrary web script or HTML, which is not properly handled when gen…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2007-6617
|
2008-11-15 16:05 |
2008-01-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249322
|
5.0 |
MEDIUM
|
atlassian
|
jira
|
JIRA Enterprise Edition before 3.12.1 allows remote attackers to delete another user's shared filter via a modified filter ID.
|
NVD-CWE-Other
|
CVE-2007-6618
|
2008-11-15 16:05 |
2008-01-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249323
|
7.5 |
HIGH
|
atlassian
|
jira
|
The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2007-6619
|
2008-11-15 16:05 |
2008-01-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249324
|
4.3 |
MEDIUM
|
joomla
|
joomla
|
Cross-site scripting (XSS) vulnerability in the com_poll component in Joomla! before 1.5 RC4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2007-6643
|
2008-11-15 16:05 |
2008-01-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249325
|
6.5 |
MEDIUM
|
joomla
|
joomla
|
Joomla! before 1.5 RC4 allows remote authenticated administrators to promote arbitrary users to the administrator group, in violation of the intended security model.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2007-6644
|
2008-11-15 16:05 |
2008-01-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249326
|
7.5 |
HIGH
|
joomla
|
joomla
|
Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote authenticated users to gain privileges via unspecified vectors, aka "registered user privilege escalation vulnerability."
|
CWE-264
認可・権限・アクセス制御
|
CVE-2007-6645
|
2008-11-15 16:05 |
2008-01-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249327
|
5.0 |
MEDIUM
|
fusion_news
|
fusion_news
|
Cross-site request forgery (CSRF) vulnerability in Fusion News 3.9.0 allows remote attackers to perform unauthorized actions via unspecified vectors.
|
CWE-352
同一生成元ポリシー違反
|
CVE-2007-6300
|
2008-11-15 16:04 |
2007-12-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249328
|
4.3 |
MEDIUM
|
httplogger
|
httplogger
|
Cross-site scripting (XSS) vulnerability in HttpLogger 0.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2007-6308
|
2008-11-15 16:04 |
2007-12-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249329
|
4.3 |
MEDIUM
|
drupal
|
feature_module
|
Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks.
|
CWE-352
同一生成元ポリシー違反
|
CVE-2007-6320
|
2008-11-15 16:04 |
2007-12-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249330
|
5.8 |
MEDIUM
|
microsoft
|
access
|
Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of …
|
CWE-119
バッファエラー
|
CVE-2007-6357
|
2008-11-15 16:04 |
2007-12-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249331
|
2.1 |
LOW
|
ibm
|
tivoli_netcool_security_manager
|
IBM Tivoli Netcool Security Manager 1.3.0 before Interim Fix 1, when using Active Directory (AD) LDAP authentication, allows remote attackers to obtain login access via unspecified vectors without en…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2007-6363
|
2008-11-15 16:04 |
2007-12-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249332
|
7.5 |
HIGH
|
francisco_burzi
|
php-nuke
|
Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the filename parameter, a …
|
CWE-22
パス・トラバーサル
|
CVE-2007-6376
|
2008-11-15 16:04 |
2007-12-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249333
|
2.1 |
LOW
|
debian
|
debian_linux
|
The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process a…
|
CWE-200
情報漏えい
|
CVE-2007-6418
|
2008-11-15 16:04 |
2007-12-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249334
|
4.3 |
MEDIUM
|
flyspray
|
flyspray
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flyspray 0.9.9 through 0.9.9.3 allow remote attackers to inject arbitrary web script or HTML via (1) the query string in an index a…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2007-6461
|
2008-11-15 16:04 |
2007-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249335
|
4.3 |
MEDIUM
|
php_real_estate_script
|
classifieds
|
Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in PHP Real Estate Classifieds allow remote attackers to inject arbitrary web script or HTML via unspecified "text areas/boxes."
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2007-6463
|
2008-11-15 16:04 |
2007-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249336
|
10.0 |
HIGH
|
testlink
|
testlink
|
TestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors.
|
CWE-287
不適切な認証
|
CVE-2007-6006
|
2008-11-15 16:03 |
2007-11-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249337
|
9.3 |
HIGH
|
acdsee
|
photo_editor photo_manager pro_photo_manager
|
Multiple buffer overflows in ACD products allow user-assisted remote attackers to execute arbitrary code via a long section string in a (1) XBM or (2) XPM file to (a) ID_X.apl or (b) IDE_ACDStd.apl. …
|
CWE-119
バッファエラー
|
CVE-2007-6009
|
2008-11-15 16:03 |
2007-11-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249338
|
7.8 |
HIGH
|
pioneers
|
pioneers
|
Unspecified vulnerability in pioneers (formerly gnocatan) 0.11.3 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors that trigger an assert error. NOTE: this …
|
CWE-20
不適切な入力確認
|
CVE-2007-6010
|
2008-11-15 16:03 |
2007-11-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249339
|
7.8 |
HIGH
|
van_dyke_technologies
|
vshell
|
Unspecified vulnerability in VanDyke VShell 3.0.1 allows remote attackers to cause a denial of service via unspecified vectors. NOTE: this information is based upon a vague advisory by a vulnerabili…
|
NVD-CWE-noinfo
|
CVE-2007-6031
|
2008-11-15 16:03 |
2007-11-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249340
|
10.0 |
HIGH
|
ingate
|
ingate_firewall ingate_siparator
|
Buffer overflow in libsrtp in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries.
|
CWE-119
バッファエラー
|
CVE-2007-6092
|
2008-11-15 16:03 |
2007-11-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249341
|
7.1 |
HIGH
|
ingate
|
ingate_firewall ingate_siparator
|
The SRTP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (kernel crash) via an RTCP index that is "much more than expect…
|
CWE-20
不適切な入力確認
|
CVE-2007-6093
|
2008-11-15 16:03 |
2007-11-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249342
|
4.3 |
MEDIUM
|
ingate
|
ingate_firewall ingate_siparator
|
The IPsec module in the VPN component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (module crash) via an IPsec Phase 2 proposal that…
|
CWE-20
不適切な入力確認
|
CVE-2007-6094
|
2008-11-15 16:03 |
2007-11-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249343
|
4.0 |
MEDIUM
|
ingate
|
ingate_firewall ingate_siparator
|
The SIP component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0, when Remote NAT Traversal is employed, does not properly perform user registration and message distribution, which might …
|
CWE-200
情報漏えい
|
CVE-2007-6095
|
2008-11-15 16:03 |
2007-11-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249344
|
5.0 |
MEDIUM
|
ingate
|
ingate_firewall ingate_siparator
|
Ingate Firewall before 4.6.0 and SIParator before 4.6.0 use cleartext storage for passwords of "administrators with less privileges," which might allow attackers to read these passwords via unknown v…
|
CWE-255
証明書・パスワード管理
|
CVE-2007-6096
|
2008-11-15 16:03 |
2007-11-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249345
|
10.0 |
HIGH
|
ingate
|
ingate_firewall ingate_siparator
|
Unspecified vulnerability in the ICMP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and remote attack vectors, related to ICMP packets that are "incorre…
|
NVD-CWE-noinfo
|
CVE-2007-6097
|
2008-11-15 16:03 |
2007-11-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249346
|
7.5 |
HIGH
|
ingate
|
ingate_firewall ingate_siparator
|
Ingate Firewall before 4.6.0 and SIParator before 4.6.0 do not log truncated (1) ICMP, (2) UDP, and (3) TCP packets, which has unknown impact and remote attack vectors; and do not log (4) serial-cons…
|
NVD-CWE-Other
|
CVE-2007-6098
|
2008-11-15 16:03 |
2007-11-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249347
|
3.6 |
LOW
|
claws_mail
|
claws_mail_tools
|
sylprint.pl in claws mail tools (claws-mail-tools) allows local users to overwrite arbitrary files via a symlink attack on the sylprint.[USER].[PID] temporary file.
|
CWE-59
リンク解釈の問題
|
CVE-2007-6208
|
2008-11-15 16:03 |
2007-12-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249348
|
5.0 |
MEDIUM
|
ossigeno
|
cms
|
Multiple PHP remote file inclusion vulnerabilities in Ossigeno CMS 2.2 pre1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) level parameter to (a) install_module.php and (b)…
|
CWE-20
不適切な入力確認
|
CVE-2007-6218
|
2008-11-15 16:03 |
2007-12-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249349
|
7.5 |
HIGH
|
work_system_e-commerce
|
work_system_e-commerce
|
Unspecified vulnerability in WORK system e-commerce before 4.0.2 has unknown impact and attack vectors related to "Ajax pages."
|
NVD-CWE-noinfo
|
CVE-2007-5801
|
2008-11-15 16:02 |
2007-11-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
249350
|
6.8 |
MEDIUM
|
ssreader
|
ultra_star_reader
|
Buffer overflow in the register function in Ultra Star Reader ActiveX control in SSReader allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild. NOTE: t…
|
CWE-119
バッファエラー
|
CVE-2007-5807
|
2008-11-15 16:02 |
2007-11-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|