|
307291
|
- |
|
castor
|
castor
|
Multiple PHP remote file inclusion vulnerabilities in 2le.net Castor PHP Web Builder 1.1.1 allow remote attackers to execute arbitrary PHP code via the rootpath parameter in (1) lib/code.php, (2) lib…
|
CWE-94
Code Injection
|
CVE-2006-5481
|
2011-09-8 13:00 |
2006-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307292
|
- |
|
paristemi
|
paristemi
|
Multiple PHP remote file inclusion vulnerabilities in Paristemi 0.8.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the SERVER_DIRECTORY parameter to unspecified scrip…
|
CWE-94
Code Injection
|
CVE-2006-6689
|
2011-09-8 13:00 |
2006-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307293
|
- |
|
papoo
|
papoo
|
Multiple SQL injection vulnerabilities in Papoo 2.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) menuid parameter to (a) index.php and (b) guestbook.php, and the…
|
CWE-89
SQL Injection
|
CVE-2005-4478
|
2011-09-8 13:00 |
2005-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307294
|
- |
|
sixapart
|
movable_type
|
Multiple cross-site scripting (XSS) vulnerabilities in Six Apart Movable Type (MT) before 4.23 allow remote attackers to inject arbitrary web script or HTML via a (1) MTEntryAuthorUsername, (2) MTAut…
|
CWE-79
Cross-site Scripting
|
CVE-2008-5845
|
2011-09-7 11:53 |
2009-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307295
|
- |
|
web-app.org
|
webapp
|
Multiple unspecified vulnerabilities in WebAPP before 0.9.9.6 have unknown impact and attack vectors.
|
NVD-CWE-noinfo
|
CVE-2007-1259
|
2011-09-1 13:00 |
2007-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307296
|
- |
|
wordpress
|
wordpress
|
Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. NOTE: due to lack of details, it is not clear how these issues are different from CVE-20…
|
NVD-CWE-noinfo
|
CVE-2006-4028
|
2011-09-1 13:00 |
2006-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307297
|
- |
|
sun
|
java_system_web_server
|
Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP…
|
CWE-200
Information Exposure
|
CVE-2009-2445
|
2011-08-29 13:00 |
2009-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307298
|
- |
|
ozeki
|
http-sms_gateway
|
Ozeki HTTP-SMS Gateway 1.0, and possibly earlier, stores usernames and passwords in plaintext in the HKLM\Software\Ozeki\SMSServer\CurrentVersion\Plugins\httpsmsgate registry key, which allows local …
|
CWE-310
Cryptographic Issues
|
CVE-2006-6674
|
2011-08-25 13:00 |
2006-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307299
|
- |
|
postfix
|
postfix
|
The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink a…
|
CWE-59
Link Following
|
CVE-2009-2939
|
2011-08-24 12:02 |
2009-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307300
|
- |
|
ibm
|
websphere_application_server
|
PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 allows attackers to obtain sensitive information by reading the (1) systemout.log and (2)…
|
CWE-200
Information Exposure
|
CVE-2008-5413
|
2011-08-23 13:00 |
2008-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
