|
300171
|
- |
|
drupal
|
drupal
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to (1) delete comments, (2) delete content revisions, and (3) disable menu items as privileg…
|
NVD-CWE-Other
|
CVE-2007-4063
|
2017-07-29 10:32 |
2007-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300172
|
- |
|
drupal
|
drupal
|
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x before 5.2, and 4.7.x before 4.7.7, (1) allow remote attackers to inject arbitrary web script or HTML via "some server variables," in…
|
CWE-79
Cross-site Scripting
|
CVE-2007-4064
|
2017-07-29 10:32 |
2007-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300173
|
- |
|
vikingboard
|
vikingboard
|
Vikingboard 0.1.2 allows remote attackers to obtain sensitive information via the debug parameter to (1) forum.php, (2) cp.php, and possibly other unspecified components.
|
NVD-CWE-Other
|
CVE-2007-4089
|
2017-07-29 10:32 |
2007-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300174
|
- |
|
vikingboard
|
vikingboard
|
Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) f, (3) quote, and (4) act parameters to cp.p…
|
NVD-CWE-Other
|
CVE-2007-4088
|
2017-07-29 10:32 |
2007-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300175
|
- |
|
mldonkey
|
mldonkey
|
MLDonkey before 2.9.0 does not load certain code from $MLDONKEY/web_infos/ before the network modules become active, which allows remote attackers to bypass the IP blocklist.
|
NVD-CWE-Other
|
CVE-2007-4100
|
2017-07-29 10:32 |
2007-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300176
|
- |
|
wp-feedstats
|
wordpress_plugin
|
Multiple cross-site scripting (XSS) vulnerabilities in the WP-FeedStats before 2.4 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, one of w…
|
NVD-CWE-Other
|
CVE-2007-4104
|
2017-07-29 10:32 |
2007-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300177
|
- |
|
advanced_webhost_billing_system
|
advanced_webhost_billing_system
|
Multiple SQL injection vulnerabilities in Advanced Webhost Billing System (AWBS) before 2.6.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via unspecif…
|
NVD-CWE-Other
|
CVE-2007-4112
|
2017-07-29 10:32 |
2007-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300178
|
- |
|
hitachi
|
jp1-cm2-hierarchical_viewer
|
Unspecified vulnerability in Hitachi JP1/Cm2/Hierarchical Viewer (HV) 06-00 through 06-71-/B allows remote attackers to cause a denial of service (application stop and web interface outage) via certa…
|
NVD-CWE-Other
|
CVE-2007-4122
|
2017-07-29 10:32 |
2007-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300179
|
- |
|
hitachi
|
groupmax_groupware_server
|
The Groupmax Scheduler_Facilities management tool in Hitachi Groupmax Groupware Server 07-00-/F through 07-32-/A before 20070731 does not properly manage schedule server configuration data, which mig…
|
NVD-CWE-Other
|
CVE-2007-4123
|
2017-07-29 10:32 |
2007-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300180
|
- |
|
hitachi
|
cosminexus_application_server
cosminexus_collaboration_portal
cosminexus_developer
cosminexus_erp_integrator
cosminexus_opentp1_web_front-end_set
electronic_form_workflow
groupmax_c…
|
The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspec…
|
NVD-CWE-Other
|
CVE-2007-4124
|
2017-07-29 10:32 |
2007-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
