|
284731
|
- |
|
x.org
|
evi
mit-shm
xserver
|
Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used …
|
CWE-189
CWE-362
Numeric Errors
Race Condition
|
CVE-2007-6429
|
2018-10-16 06:53 |
2008-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284732
|
- |
|
real_time_logic
|
barracudadrive_web_server
barracudadrive_web_server_home_server
|
BarracudaDrive Web Server before 3.8 allows remote attackers to read the source code for web scripts by appending a (1) + (plus), (2) . (dot), or (3) %80 and similar characters to the file name in th…
|
CWE-20
Improper Input Validation
|
CVE-2007-6314
|
2018-10-16 06:52 |
2007-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284733
|
- |
|
real_time_logic
|
barracudadrive_web_server
barracudadrive_web_server_home_server
|
Group Chat in BarracudaDrive Web Server before 3.8 allows remote authenticated users to cause a denial of service (crash) via a HTTP request to /eh/chat.ehintf/C. that does not contain a Connection I…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2007-6315
|
2018-10-16 06:52 |
2007-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284734
|
- |
|
real_time_logic
|
barracudadrive_web_server
barracudadrive_web_server_home_server
|
Cross-site scripting (XSS) vulnerability in BarracudaDrive Web Server before 3.8 allows remote attackers to inject arbitrary web script or HTML via the URI path in an HTTP GET request, which is activ…
|
CWE-79
Cross-site Scripting
|
CVE-2007-6316
|
2018-10-16 06:52 |
2007-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284735
|
- |
|
real_time_logic
|
barracudadrive_web_server
barracudadrive_web_server_home_server
|
Multiple directory traversal vulnerabilities in BarracudaDrive Web Server before 3.8 allow (1) remote attackers to read arbitrary files via certain ..\ (dot dot backslash) sequences in the URL path, …
|
CWE-22
Path Traversal
|
CVE-2007-6317
|
2018-10-16 06:52 |
2007-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284736
|
- |
|
wordpress
|
wordpress
|
SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, …
|
CWE-89
SQL Injection
|
CVE-2007-6318
|
2018-10-16 06:52 |
2007-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284737
|
- |
|
lyris
|
list_manager
|
Multiple unspecified vulnerabilities in Lyris ListManager 8.x before 8.95d, 9.2 before 9.2c, and 9.3 before 9.3b allow remote attackers to (1) gain list administrator privileges or (2) access arbitra…
|
NVD-CWE-noinfo
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2007-6319
|
2018-10-16 06:52 |
2008-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284738
|
- |
|
roundcube
|
webmail
|
Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML vi…
|
CWE-79
Cross-site Scripting
|
CVE-2007-6321
|
2018-10-16 06:52 |
2007-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284739
|
- |
|
microsoft
|
office
|
Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fi…
|
CWE-255
Credentials Management
|
CVE-2007-6329
|
2018-10-16 06:52 |
2007-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284740
|
- |
|
meridian_software
|
prolog_manager
|
Meridian Prolog Manager 2007, and 7.5 and earlier, sends all usernames and passwords to the client in a (1) cleartext or (2) weakly encrypted format to support client-side login authentication, which…
|
NVD-CWE-Other
|
CVE-2007-6330
|
2018-10-16 06:52 |
2007-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
