Lucene search
K

149 matches found

OSV
OSV
added 2007/09/11 12:0 a.m.32 views

DSA-1374-1 jffnms - several vulnerabilities

Bulletin has no description...

9.4CVSS6AI score0.08383EPSS
Exploits2
Prion
Prion
added 2007/08/09 9:17 p.m.16 views

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code via a URL in the scriptroot parameter to 1 delete.php, 2 edit.php, or 3 inc/common.inc.php; or 4 database.php, 5 entries.php, 6 index.php, 7 logout.php, or 8 settings.ph...

7.5CVSS7.9AI score0.0157EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2007/08/09 9:17 p.m.27 views

CVE-2007-4290

Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code via a URL in the scriptroot parameter to 1 delete.php, 2 edit.php, or 3 inc/common.inc.php; or 4 database.php, 5 entries.php, 6 index.php, 7 logout.php, or 8 settings.ph...

9.8CVSS7.6AI score0.0157EPSS
Exploits0References4
Prion
Prion
added 2007/08/08 1:17 a.m.16 views

Design/Logic Flaw

Joomla! 1.0.12 allows remote attackers to obtain sensitive information via a direct request for 1 Stat.php 2 OutputFilter.php, 3 OutputCache.php, 4 Modifier.php, 5 Reader.php, and 6 TemplateCache.php in includes/patTemplate/patTemplate/; 7 includes/Cache/Lite/Output.php; and other unspecified...

5CVSS6.7AI score0.01814EPSS
Exploits0References11Affected Software1
NVD
NVD
added 2007/07/06 6:30 p.m.15 views

CVE-2007-3591

Unspecified vulnerability in Profile.php in Elite Bulletin Board before 1.0.10 allows remote attackers to modify profile information via unspecified vectors related to "a remote form," probably related to direct requests and missing authorization checks...

5CVSS6.3AI score0.01222EPSS
Exploits0References5
Cvelist
Cvelist
added 2007/07/06 6:0 p.m.19 views

CVE-2007-3591

Unspecified vulnerability in Profile.php in Elite Bulletin Board before 1.0.10 allows remote attackers to modify profile information via unspecified vectors related to "a remote form," probably related to direct requests and missing authorization checks...

6.3AI score0.01222EPSS
Exploits0References5
Cvelist
Cvelist
added 2007/05/21 11:0 p.m.17 views

CVE-2007-2776

AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject a credential variable setting and obtain administrative access via a direct request to admin/changeinfo.php...

6.7AI score0.08615EPSS
Exploits0References5
Prion
Prion
added 2007/05/16 1:19 a.m.16 views

Design/Logic Flaw

The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through SP6, and 8.1 through SP5 enforces security access policies on the front end, which allows remote attackers to access protected queues via direct requests to the JMS back-end server...

6.8CVSS7.3AI score0.02114EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2007/05/16 1:0 a.m.19 views

CVE-2007-2696

The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through SP6, and 8.1 through SP5 enforces security access policies on the front end, which allows remote attackers to access protected queues via direct requests to the JMS back-end server...

6.7AI score0.02114EPSS
Exploits0References6
Prion
Prion
added 2007/04/10 11:19 p.m.17 views

Improper access control

1 LedgerSMB and 2 DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0...

7.5CVSS6.9AI score0.02592EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2007/04/10 11:19 p.m.1 views

DEBIAN-CVE-2007-1923

1 LedgerSMB and 2 DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0...

7.5CVSS7AI score0.02592EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2007/04/10 12:0 a.m.3 views

PT-2007-3268 · Dws Systems +2 · Sql-Ledger +2

Name of the Vulnerable Software and Affected Versions: LedgerSMB versions prior to 1.3.0 DWS Systems SQL-Ledger affected versions not specified Description: The issue allows remote attackers to access restricted functionality via direct requests, as access control lists are implemented by changin...

7.5CVSS6.2AI score0.02592EPSS
Exploits0References18
NVD
NVD
added 2007/03/31 10:19 a.m.14 views

CVE-2007-1789

Flyspray 0.9.9 allows remote attackers to obtain sensitive information private project summaries via direct requests...

6.8CVSS6.2AI score0.01228EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2007/03/31 10:19 a.m.28 views

CVE-2007-1789

Flyspray 0.9.9 allows remote attackers to obtain sensitive information private project summaries via direct requests...

6.8CVSS5.9AI score0.01228EPSS
Exploits0References1
Prion
Prion
added 2007/03/31 10:19 a.m.19 views

Information disclosure

Flyspray 0.9.9 allows remote attackers to obtain sensitive information private project summaries via direct requests...

6.8CVSS6.4AI score0.01228EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2007/03/31 10:0 a.m.19 views

CVE-2007-1789

Flyspray 0.9.9 allows remote attackers to obtain sensitive information private project summaries via direct requests...

6.2AI score0.01228EPSS
Exploits0References5
Prion
Prion
added 2007/03/13 7:19 p.m.18 views

Code injection

Grayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to gain privileges via direct requests with modified arguments in 1 the userpermissions parameter to addusers.php, and unspecified parameters to 2 addblog.php, 3 editblog.php, 4 editlinks.php, 5 editusers.php, and 6...

7.5CVSS7.6AI score0.02293EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2007/01/26 12:28 a.m.13 views

Improper access control

The projectissueaccess function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests...

6CVSS6.6AI score0.01121EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2007/01/19 2:28 a.m.11 views

CVE-2006-6943

PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to a scripts/checklang.php and b themes/darkblueorange/layout.inc.php; and via the 1 lang, 2 target, 3 db, 4 goto, 5 table, and 6 tblgroup array arguments to c index.php, and the 7 back argument t...

6.5AI score
Exploits0References4
NVD
NVD
added 2007/01/16 11:28 p.m.12 views

CVE-2006-6933

Easy Chat Server 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download certain files via direct requests to files such as 1 ServerKey.pem and 2 AcceptIP.txt. NOTE: The provenance of this information is unknown; the details...

7.8CVSS6.4AI score0.02118EPSS
Exploits1References2
Rows per page
Query Builder