|
284841
|
- |
|
ghlab
|
korean_ghboard
|
Unrestricted file upload vulnerability in component/upload.jsp in Korean GHBoard allows remote attackers to upload arbitrary files via unspecified vectors, probably involving a direct request.
|
CWE-94
CWE-20
Code Injection
Improper Input Validation
|
CVE-2007-5737
|
2018-10-16 06:46 |
2007-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284842
|
- |
|
ghlab
|
korean_ghboard
|
The FlashUpload component in Korean GHBoard uses a client-side protection mechanism to prevent uploading of dangerous file extensions, which allows remote attackers to bypass restrictions and upload …
|
CWE-20
Improper Input Validation
|
CVE-2007-5738
|
2018-10-16 06:46 |
2007-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284843
|
- |
|
ghlab
|
korean_ghboard
|
Directory traversal vulnerability in component/flashupload/download.jsp in the FlashUpload component in Korean GHBoard allows remote attackers to read arbitrary files via a .. (dot dot) in the name p…
|
CWE-22
Path Traversal
|
CVE-2007-5739
|
2018-10-16 06:46 |
2007-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284844
|
- |
|
vergenet
|
perdition_mail_retrieval_proxy
|
The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a fo…
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2007-5740
|
2018-10-16 06:46 |
2007-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284845
|
- |
|
plone
|
plone
|
Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity modu…
|
CWE-94
Code Injection
|
CVE-2007-5741
|
2018-10-16 06:46 |
2007-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284846
|
- |
|
agtc_websolutions
|
php-agtc_membership_system
|
adduser.php in PHP-AGTC Membership (AGTC-Membership) System 1.1a does not require authentication, which allows remote attackers to create accounts via a modified form, as demonstrated by an account w…
|
CWE-287
Improper Authentication
|
CVE-2007-5752
|
2018-10-16 06:46 |
2007-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284847
|
- |
|
x.org
xfree86_project
|
xserver
xfree86-misc
|
Array index error in the XFree86-Misc extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via a PassMessage request containing a large array index.
|
NVD-CWE-Other
|
CVE-2007-5760
|
2018-10-16 06:46 |
2008-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284848
|
- |
|
oracle
|
e-business_suite
|
SQL injection vulnerability in okxLOV.jsp in Oracle E-Business Suite 11 and 12 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: this is probably the same issue as…
|
CWE-89
SQL Injection
|
CVE-2007-5766
|
2018-10-16 06:46 |
2007-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284849
|
- |
|
flatnuke3
|
flatnuke3
|
Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain administrative access via a myforum%00 cookie.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2007-5771
|
2018-10-16 06:46 |
2007-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284850
|
- |
|
flatnuke3
|
flatnuke3
|
Direct static code injection vulnerability in the download module in Flatnuke 3 allows remote authenticated administrators to inject arbitrary PHP code into a description.it.php file in a subdirector…
|
CWE-94
Code Injection
|
CVE-2007-5772
|
2018-10-16 06:46 |
2007-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
