CVE-2007-6589 (Firefox, SeaMonkey)

The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a different vulnerability than CVE-2007-5947.

CVE-2007-6570 (Java Web Proxy Server, Java System Web Server)

Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309.

CVE-2007-6588 (PHCDownload)

Cross-site scripting (XSS) vulnerability in PHCDownload 1.10 allows remote attackers to inject arbitrary web script or HTML via the username field in an unspecified component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2007-6566 (XZero Community Classifieds)

SQL injection vulnerability in post.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatid parameter to index.php.

CVE-2007-6587 (Plogger)

SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2007-6579 (IP_Reg)

Multiple SQL injection vulnerabilities in Ip Reg 0.3 allow remote attackers to execute arbitrary SQL commands via the vlan_id parameter to (1) vlanview.php, (2) vlanedit.php, and (3) vlandel.php; the (4) assetclassgroup_id parameter to assetclassgroupview.php; the (5) subnet_id parameter to nodelist.php; and unspecified other vectors.

CVE-2007-6586 (nicLor)

SQL injection vulnerability in sezione_news.php in nicLOR-CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a sezione page action to index.php.

CVE-2007-6577 (zBlog)

Multiple SQL injection vulnerabilities in index.php in zBlog 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the categ parameter in a categ action or (2) the article parameter in an articles action.

CVE-2007-6585 (NmnNewsletter)

PHP remote file inclusion vulnerability in confirmUnsubscription.php in NmnNewsletter 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the output parameter.

CVE-2007-6575 (mmsLamp)

SQL injection vulnerability in default.php in MMSLamp allows remote attackers to execute arbitrary SQL commands via the idpro parameter in a prodotti_dettaglio action.

« Previous Entries Next Entries »

Search Box

Badware Alerts

• CVE-2008-2092 (SPA-2102 Phone Adapter)
• CVE-2008-2092 (SPA-2102 Phone Adapter)
• CVE-2008-2080 (Common Data Format)
• CVE-2008-2090 (Solaris)
• CVE-2008-2093 (community_builder, com_comprofiler)
• CVE-2008-2093 (community_builder, com_comprofiler)
• CVE-2008-2080 (Common Data Format)
• CVE-2008-2089 (Solaris)
• CVE-2008-2080 (Common Data Format)
• CVE-2008-2080 (Common Data Format)
• CVE-2008-2093 (community_builder, com_comprofiler)
• CVE-2008-2080 (Common Data Format)
• CVE-2008-2092 (SPA-2102 Phone Adapter)
• CVE-2008-2080 (Common Data Format)
• CVE-2008-2091 (kubelance)
• CVE-2008-2089 (Solaris)
• CVE-2008-2092 (SPA-2102 Phone Adapter)
• CVE-2008-2093 (community_builder, com_comprofiler)
• CVE-2008-2092 (SPA-2102 Phone Adapter)
• CVE-2008-2092 (SPA-2102 Phone Adapter)

Related Sites

• Chart Vulnerabilities - Chart vulnerabilities discovered within a product

Categories

• Badware
• Badware News

Meta

• Log in
• Main Entries Rss
• Comments Rss