-
Badware
- CVE-2008-2092 (SPA-2102 Phone Adapter)
- CVE-2008-2092 (SPA-2102 Phone Adapter)
- CVE-2008-2080 (Common Data Format)
- CVE-2008-2090 (Solaris)
- CVE-2008-2093 (community_builder, com_comprofiler)
- CVE-2008-2093 (community_builder, com_comprofiler)
- CVE-2008-2080 (Common Data Format)
- CVE-2008-2089 (Solaris)
- CVE-2008-2080 (Common Data Format)
- CVE-2008-2080 (Common Data Format)
- CVE-2008-2093 (community_builder, com_comprofiler)
- CVE-2008-2080 (Common Data Format)
- CVE-2008-2092 (SPA-2102 Phone Adapter)
- CVE-2008-2080 (Common Data Format)
- CVE-2008-2091 (kubelance)
- CVE-2008-2089 (Solaris)
- CVE-2008-2092 (SPA-2102 Phone Adapter)
- CVE-2008-2093 (community_builder, com_comprofiler)
- CVE-2008-2092 (SPA-2102 Phone Adapter)
- CVE-2008-2092 (SPA-2102 Phone Adapter)
- CVE-2008-2092 (SPA-2102 Phone Adapter)
- CVE-2008-2089 (Solaris)
- CVE-2008-2080 (Common Data Format)
- CVE-2008-2092 (SPA-2102 Phone Adapter)
- CVE-2008-2092 (SPA-2102 Phone Adapter)
Categories
Monthly Archives: December 2007
CVE-2007-6542 (Arcadem)
PHP remote file inclusion vulnerability in admin/frontpage_right.php in Arcadem LE 2.04 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter.
Posted in Badware
Leave a comment
CVE-2007-6562 (TCPreen)
Multiple stack-based buffer overflows in the use of FD_SET in TCPreen before 1.4.4 allow remote attackers to cause a denial of service via multiple concurrent connections, which result in overflows in the (1) SocketAddress::Connect function in libsolve/sockprot.cpp and (2) monitor_bridge function in src/bridge.cpp.
Posted in Badware
Leave a comment
CVE-2007-6538 (MRBS)
SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter.
Posted in Badware
Leave a comment
CVE-2007-6561 (PDFLib)
Multiple stack-based buffer overflows in PDFLib allow user-assisted remote attackers to execute arbitrary code via a long filename argument to the PDF_load_image function that results in an overflow in the pdc_fsearch_fopen function, and possibly other vectors.
Posted in Badware
Leave a comment
CVE-2007-6534 (Publisher)
Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart.
Posted in Badware
Leave a comment
CVE-2007-6560 (Logaholic)
Multiple cross-site scripting (XSS) vulnerabilities in Logaholic allow remote attackers to inject arbitrary web script or HTML via (1) the newconfname parameter to profiles.php or (2) the conf parameter to index.php.
Posted in Badware
Leave a comment
CVE-2007-6528 (Tikiwiki)
Directory traversal vulnerability in tiki-listmovies.php in TikiWiki before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and modified filename in the movie parameter.
Posted in Badware
Leave a comment
CVE-2007-6559 (Logaholic)
Multiple SQL injection vulnerabilities in Logaholic allow remote attackers to execute arbitrary SQL commands via (1) the from parameter to index.php or (2) the page parameter to update.php.
Posted in Badware
Leave a comment
CVE-2007-5342 (Tomcat)
The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
Posted in Badware
Leave a comment
CVE-2007-6558 (TotalPlayer)
TotalPlayer 3.0 allows user-assisted remote attackers to cause a denial of service (application crash) via a large .m3u file.
Posted in Badware
Leave a comment