-
Badware
- CVE-2008-2092 (SPA-2102 Phone Adapter)
- CVE-2008-2092 (SPA-2102 Phone Adapter)
- CVE-2008-2080 (Common Data Format)
- CVE-2008-2090 (Solaris)
- CVE-2008-2093 (community_builder, com_comprofiler)
- CVE-2008-2093 (community_builder, com_comprofiler)
- CVE-2008-2080 (Common Data Format)
- CVE-2008-2089 (Solaris)
- CVE-2008-2080 (Common Data Format)
- CVE-2008-2080 (Common Data Format)
- CVE-2008-2093 (community_builder, com_comprofiler)
- CVE-2008-2080 (Common Data Format)
- CVE-2008-2092 (SPA-2102 Phone Adapter)
- CVE-2008-2080 (Common Data Format)
- CVE-2008-2091 (kubelance)
- CVE-2008-2089 (Solaris)
- CVE-2008-2092 (SPA-2102 Phone Adapter)
- CVE-2008-2093 (community_builder, com_comprofiler)
- CVE-2008-2092 (SPA-2102 Phone Adapter)
- CVE-2008-2092 (SPA-2102 Phone Adapter)
- CVE-2008-2092 (SPA-2102 Phone Adapter)
- CVE-2008-2089 (Solaris)
- CVE-2008-2080 (Common Data Format)
- CVE-2008-2092 (SPA-2102 Phone Adapter)
- CVE-2008-2092 (SPA-2102 Phone Adapter)
Categories
Monthly Archives: December 2007
CVE-2007-6589 (Firefox, SeaMonkey)
The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a different vulnerability than CVE-2007-5947.
Posted in Badware
Leave a comment
CVE-2007-6570 (Java Web Proxy Server, Java System Web Server)
Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309.
Posted in Badware
Leave a comment
CVE-2007-6588 (PHCDownload)
Cross-site scripting (XSS) vulnerability in PHCDownload 1.10 allows remote attackers to inject arbitrary web script or HTML via the username field in an unspecified component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Posted in Badware
Leave a comment
CVE-2007-6566 (XZero Community Classifieds)
SQL injection vulnerability in post.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatid parameter to index.php.
Posted in Badware
Leave a comment
CVE-2007-6587 (Plogger)
SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Posted in Badware
Leave a comment
CVE-2007-6579 (IP_Reg)
Multiple SQL injection vulnerabilities in Ip Reg 0.3 allow remote attackers to execute arbitrary SQL commands via the vlan_id parameter to (1) vlanview.php, (2) vlanedit.php, and (3) vlandel.php; the (4) assetclassgroup_id parameter to assetclassgroupview.php; the (5) subnet_id parameter to nodelist.php; and unspecified other vectors.
Posted in Badware
Leave a comment
CVE-2007-6586 (nicLor)
SQL injection vulnerability in sezione_news.php in nicLOR-CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a sezione page action to index.php.
Posted in Badware
Leave a comment
CVE-2007-6577 (zBlog)
Multiple SQL injection vulnerabilities in index.php in zBlog 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the categ parameter in a categ action or (2) the article parameter in an articles action.
Posted in Badware
Leave a comment
CVE-2007-6585 (NmnNewsletter)
PHP remote file inclusion vulnerability in confirmUnsubscription.php in NmnNewsletter 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the output parameter.
Posted in Badware
Leave a comment
CVE-2007-6575 (mmsLamp)
SQL injection vulnerability in default.php in MMSLamp allows remote attackers to execute arbitrary SQL commands via the idpro parameter in a prodotti_dettaglio action.
Posted in Badware
Leave a comment