|
279211
|
- |
|
opensymphony
|
xwork
|
Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression…
|
NVD-CWE-Other
|
CVE-2007-4556
|
2018-10-26 23:00 |
2007-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279212
|
- |
|
php
|
php
|
The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as d…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2007-3997
|
2018-10-26 22:59 |
2007-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279213
|
- |
|
php
debian
canonical
|
php
debian_linux
ubuntu_linux
|
The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error …
|
CWE-20
Improper Input Validation
|
CVE-2007-3998
|
2018-10-26 22:59 |
2007-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279214
|
- |
|
apple
microsoft
|
mac_os_x
windows_vista
windows_xp
|
Unspecified vulnerability in QuickTime for Java in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via untrusted Java applets that gain privileges via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2007-3751
|
2018-10-26 22:58 |
2007-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279215
|
- |
|
oracle
|
jdk
|
The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary we…
|
CWE-79
Cross-site Scripting
|
CVE-2007-3503
|
2018-10-26 22:56 |
2007-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279216
|
- |
|
php
|
php
|
The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375.
|
CWE-200
Information Exposure
|
CVE-2007-2748
|
2018-10-20 04:03 |
2007-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279217
|
- |
|
linux
debian
canonical
|
linux_kernel
debian_linux
ubuntu_linux
|
Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memo…
|
CWE-189
Numeric Errors
|
CVE-2007-2875
|
2018-10-20 04:03 |
2007-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279218
|
- |
|
apple
|
mac_os_x
|
Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the A…
|
CWE-287
Improper Authentication
|
CVE-2007-3184
|
2018-10-20 04:03 |
2007-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279219
|
- |
|
mysql
debian
canonical
|
mysql
debian_linux
ubuntu_linux
|
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
|
NVD-CWE-Other
|
CVE-2007-2691
|
2018-10-20 04:00 |
2007-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279220
|
- |
|
mysql
debian
canonical
|
mysql
debian_linux
ubuntu_linux
|
The vendor has released a product update to address this issue:
Upgrade to MySQL version 5.1.18: http://dev.mysql.com/downloads/
|
NVD-CWE-Other
|
CVE-2007-2691
|
2018-10-20 04:00 |
2007-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
