|
284911
|
- |
|
ghlab
|
korean_ghboard
|
Directory traversal vulnerability in component/flashupload/download.jsp in the FlashUpload component in Korean GHBoard allows remote attackers to read arbitrary files via a .. (dot dot) in the name p…
|
CWE-22
Path Traversal
|
CVE-2007-5739
|
2018-10-16 06:46 |
2007-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284912
|
- |
|
vergenet
|
perdition_mail_retrieval_proxy
|
The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a fo…
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2007-5740
|
2018-10-16 06:46 |
2007-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284913
|
- |
|
plone
|
plone
|
Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity modu…
|
CWE-94
Code Injection
|
CVE-2007-5741
|
2018-10-16 06:46 |
2007-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284914
|
- |
|
agtc_websolutions
|
php-agtc_membership_system
|
adduser.php in PHP-AGTC Membership (AGTC-Membership) System 1.1a does not require authentication, which allows remote attackers to create accounts via a modified form, as demonstrated by an account w…
|
CWE-287
Improper Authentication
|
CVE-2007-5752
|
2018-10-16 06:46 |
2007-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284915
|
- |
|
x.org
xfree86_project
|
xserver
xfree86-misc
|
Array index error in the XFree86-Misc extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via a PassMessage request containing a large array index.
|
NVD-CWE-Other
|
CVE-2007-5760
|
2018-10-16 06:46 |
2008-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284916
|
- |
|
oracle
|
e-business_suite
|
SQL injection vulnerability in okxLOV.jsp in Oracle E-Business Suite 11 and 12 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: this is probably the same issue as…
|
CWE-89
SQL Injection
|
CVE-2007-5766
|
2018-10-16 06:46 |
2007-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284917
|
- |
|
flatnuke3
|
flatnuke3
|
Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain administrative access via a myforum%00 cookie.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2007-5771
|
2018-10-16 06:46 |
2007-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284918
|
- |
|
flatnuke3
|
flatnuke3
|
Direct static code injection vulnerability in the download module in Flatnuke 3 allows remote authenticated administrators to inject arbitrary PHP code into a description.it.php file in a subdirector…
|
CWE-94
Code Injection
|
CVE-2007-5772
|
2018-10-16 06:46 |
2007-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284919
|
- |
|
blue-collar_productions
|
i-gallery
|
Directory traversal vulnerability in igallery.asp in Blue-Collar Productions i-Gallery 3.4 allows remote attackers to read arbitrary files via encoded backslash sequences in the d parameter, as demon…
|
CWE-22
Path Traversal
|
CVE-2007-5776
|
2018-10-16 06:46 |
2007-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284920
|
- |
|
blue-collar_productions
|
i-gallery
|
Blue-Collar Productions i-Gallery 3.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a base64-encoded pa…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2007-5777
|
2018-10-16 06:46 |
2007-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
