|
285101
|
- |
|
xcms
|
xcms
|
Cross-site request forgery (CSRF) vulnerability in the cpass functionality in an admin action in index.php in XCMS allows remote attackers to change arbitrary passwords via certain password_ and rpas…
|
CWE-352
Origin Validation Error
|
CVE-2007-5060
|
2018-10-16 06:40 |
2007-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285102
|
- |
|
massimo_chioni
|
mobile_entertainment_module
|
Directory traversal vulnerability in data/compatible.php in the Nuke Mobile Entertainment 1 addon for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) …
|
CWE-22
Path Traversal
|
CVE-2007-5069
|
2018-10-16 06:40 |
2007-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285103
|
- |
|
alexander_palmo
|
simple_php_blog
|
Incomplete blacklist vulnerability in upload_img_cgi.php in Simple PHP Blog before 0.5.1 allows remote attackers to upload dangerous files and execute arbitrary code, as demonstrated by a filename en…
|
CWE-16
Configuration
|
CVE-2007-5071
|
2018-10-16 06:40 |
2007-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285104
|
- |
|
alexander_palmo
|
simple_php_blog
|
Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog (SPHPBlog) before 0.5.1, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via cer…
|
CWE-79
Cross-site Scripting
|
CVE-2007-5072
|
2018-10-16 06:40 |
2007-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285105
|
- |
|
egov
|
manger
|
Multiple cross-site scripting (XSS) vulnerabilities in eGov Manager allow remote attackers to inject arbitrary web script or HTML via unspecified "user-supplied input" to (1) center.exe or (2) Index.…
|
CWE-79
Cross-site Scripting
|
CVE-2007-5078
|
2018-10-16 06:40 |
2007-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285106
|
- |
|
sk.log
|
sk.log
|
PHP remote file inclusion vulnerability in php-inc/log.inc.php in sk.log 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SKIN_URL parameter.
|
CWE-94
Code Injection
|
CVE-2007-5089
|
2018-10-16 06:40 |
2007-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285107
|
- |
|
multimedia
|
dance_music_module_for_phpnuke
|
Directory traversal vulnerability in index.php in the Dance Music module for phpNuke, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (…
|
CWE-22
Path Traversal
|
CVE-2007-5092
|
2018-10-16 06:40 |
2007-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285108
|
- |
|
microsoft
|
windows_media_player
|
Microsoft Windows Media Player (WMP) 9 on Windows XP SP2 invokes Internet Explorer to render HTML documents contained inside some media files, regardless of what default web browser is configured, wh…
|
CWE-20
Improper Input Validation
|
CVE-2007-5095
|
2018-10-16 06:40 |
2007-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285109
|
- |
|
wordpress
|
wordpress
|
Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the user_email parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2007-5105
|
2018-10-16 06:40 |
2007-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285110
|
- |
|
wordpress
|
wordpress
|
Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 allows remote attackers to inject arbitrary web script or HTML via the user_login parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2007-5106
|
2018-10-16 06:40 |
2007-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
