CVE-2007-6584 (1024 CMS)

Multiple directory traversal vulnerabilities in 1024 CMS 1.3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang parameter to pages/print/default/ops/news.php or (2) the theme_dir parameter to pages/download/default/ops/search.php; or the admin_theme_dir parameter to (3) download.php, (4) forum.php, or (5) news.php in admin/ops/reports/ops/.

CVE-2007-6573 (QK SMTP Server 3)

QK SMTP Server 3 allows remote attackers to cause a denial of service (daemon crash) via a long (1) HELO, (2) MAIL FROM, or (3) RCPT TO command; or (4) a long string in the message sent after the DATA command; possibly a related issue to CVE-2006-5551.

CVE-2007-6583 (1024 CMS)

SQL injection vulnerability in admin/ops/findip/ajax/search.php in 1024 CMS 1.3.1 allows remote attackers to execute arbitrary SQL commands via the ip parameter.

CVE-2007-6571 (Java Web Proxy Server, Java System Web Server)

Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6611356.

CVE-2007-6582 (mBlog)

Directory traversal vulnerability in index.php in mBlog 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter in a page mode action.

CVE-2007-6569 (Java Web Proxy Server, Java System Web Server)

Cross-site scripting (XSS) vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566246.

CVE-2007-6581 (Social Engine)

Multiple directory traversal vulnerabilities in Social Engine 2.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the global_lang parameter to (1) header_album.php, (2) header_blog.php, or (3) header_group.php; or (4) admin_header_album.php, (5) admin_header_blog.php, or (6) admin_header_group.php in admin/.

CVE-2007-6567 (XZero Community Classifieds)

Directory traversal vulnerability in index.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter in a page view action.

CVE-2007-6569 (Java Web Proxy Server, Java System Web Server)

Cross-site scripting (XSS) vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566246.

CVE-2007-6568 (XZero Community Classifieds)

PHP remote file inclusion vulnerability in config.inc.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path_escape parameter.

« Previous Entries Next Entries »

Search Box

Badware Alerts

• CVE-2008-2092 (SPA-2102 Phone Adapter)
• CVE-2008-2092 (SPA-2102 Phone Adapter)
• CVE-2008-2080 (Common Data Format)
• CVE-2008-2090 (Solaris)
• CVE-2008-2093 (community_builder, com_comprofiler)
• CVE-2008-2093 (community_builder, com_comprofiler)
• CVE-2008-2080 (Common Data Format)
• CVE-2008-2089 (Solaris)
• CVE-2008-2080 (Common Data Format)
• CVE-2008-2080 (Common Data Format)
• CVE-2008-2093 (community_builder, com_comprofiler)
• CVE-2008-2080 (Common Data Format)
• CVE-2008-2092 (SPA-2102 Phone Adapter)
• CVE-2008-2080 (Common Data Format)
• CVE-2008-2091 (kubelance)
• CVE-2008-2089 (Solaris)
• CVE-2008-2092 (SPA-2102 Phone Adapter)
• CVE-2008-2093 (community_builder, com_comprofiler)
• CVE-2008-2092 (SPA-2102 Phone Adapter)
• CVE-2008-2092 (SPA-2102 Phone Adapter)

Related Sites

• Chart Vulnerabilities - Chart vulnerabilities discovered within a product

Categories

• Badware
• Badware News

Meta

• Log in
• Main Entries Rss
• Comments Rss