Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-11-01 | CVE-2007-5778 | Cleartext Storage of Sensitive Information vulnerability in Flexispy Mobile SPY Mobile Spy (1) stores login credentials in cleartext under the RetinaxStudios registry key, and (2) sends login credentials and log data over a cleartext HTTP connection, which allows attackers to obtain sensitive information by reading the registry or sniffing the network. | 7.5 |
2007-11-01 | CVE-2007-5777 | Permissions, Privileges, and Access Controls vulnerability in Blue-Collar Productions I-Gallery 3.4 Blue-Collar Productions i-Gallery 3.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a base64-encoded password via a direct request for igallery.mdb. | 5.0 |
2007-11-01 | CVE-2007-5776 | Path Traversal vulnerability in Blue-Collar Productions I-Gallery 3.4 Directory traversal vulnerability in igallery.asp in Blue-Collar Productions i-Gallery 3.4 allows remote attackers to read arbitrary files via encoded backslash sequences in the d parameter, as demonstrated by a "%5c../../%5c" sequence. | 5.0 |
2007-11-01 | CVE-2007-5775 | Buffer Overflow vulnerability in BitDefender Online Scanner OScan.OCX ActiveX Control Heap Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. | 9.3 |
2007-11-01 | CVE-2007-5774 | Information Exposure vulnerability in Flatnuke3 index.php in the File Manager module in Flatnuke 3 allows remote attackers to obtain sensitive information via an invalid argumentname parameter in a disc op action, which reveals the path in an error message. | 5.0 |
2007-11-01 | CVE-2007-5773 | Cross-Site Request Forgery (CSRF) vulnerability in Flatnuke3 Cross-site request forgery (CSRF) vulnerability in index.php in the File Manager module in Flatnuke 3 allows remote attackers to perform certain actions as administrators via requests containing the pathname in the dir parameter and the filename in the ffile parameter. | 4.3 |
2007-11-01 | CVE-2007-5772 | Code Injection vulnerability in Flatnuke3 Direct static code injection vulnerability in the download module in Flatnuke 3 allows remote authenticated administrators to inject arbitrary PHP code into a description.it.php file in a subdirectory of Download/ by saving a description and setting fneditmode to 1. | 6.0 |
2007-11-01 | CVE-2007-5771 | Permissions, Privileges, and Access Controls vulnerability in Flatnuke3 Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain administrative access via a myforum%00 cookie. | 7.5 |
2007-10-31 | CVE-2007-4351 | Numeric Errors vulnerability in Cups Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-based buffer overflow. | 10.0 |
2007-10-31 | CVE-2007-2957 | Numeric Errors vulnerability in Mcafee E-Business Server Integer overflow in McAfee E-Business Server before 8.5.3 for Solaris, and before 8.1.2 for Linux, HP-UX, and AIX, allows remote attackers to execute arbitrary code via a large length value in an authentication packet, which results in a heap-based buffer overflow. | 9.3 |