Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-11-10 | CVE-2007-5928 | Improper Input Validation vulnerability in Openbase International LTD Openbase OpenBase 10.0.5 and earlier allows remote authenticated users to trigger a free of an arbitrary memory location via long strings in a SELECT statement. | 9.0 |
2007-11-10 | CVE-2007-5927 | Path Traversal vulnerability in Openbase International LTD Openbase Directory traversal vulnerability in OpenBase 10.0.5 and earlier allows remote authenticated users to create files with arbitrary contents via a .. | 9.0 |
2007-11-10 | CVE-2007-5926 | Improper Input Validation vulnerability in Openbase International LTD Openbase OpenBase 10.0.5 and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to the (1) AsciiBackup, (2) OEMLicenseInstall, and possibly other stored procedures. | 9.0 |
2007-11-10 | CVE-2007-5925 | Improper Input Validation vulnerability in Mysql The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error. | 4.0 |
2007-11-10 | CVE-2007-5924 | Cross-Site Scripting vulnerability in IBM Lotus Domino 7.0/7.0.2 Cross-site scripting (XSS) vulnerability in the Web Server (HTTP) task in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.2 FP2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-11-10 | CVE-2007-5923 | Cross-Site Scripting vulnerability in Broadcom Etrust Siteminder Cross-site scripting (XSS) vulnerability in forms/smpwservices.fcc in CA (formerly Computer Associates) eTrust SiteMinder Agent allows remote attackers to inject arbitrary web script or HTML via the SMAUTHREASON parameter, a different vector than CVE-2005-2204. | 4.3 |
2007-11-10 | CVE-2007-5922 | Information Exposure vulnerability in multiple products The modules/mdop.m in the Cypress 1.0k script for BitchX, as downloaded from a distribution site in November 2007, contains an externally introduced backdoor that e-mails sensitive information (hostnames, usernames, and shell history) to a fixed address. | 5.0 |
2007-11-10 | CVE-2007-5921 | Local Denial of Service vulnerability in Sun Solaris Volume Manager Unspecified vulnerability in the ioctl interface in the Solaris Volume Manager (SVM) in Sun Solaris 9 and 10 allows local users to cause a denial of service (panic) via unspecified vectors, a different vulnerability than CVE-2004-1346. local sun | 4.7 |
2007-11-10 | CVE-2007-5920 | Path Traversal vulnerability in Picoflat CMS Picoflat CMS index.php in Domenico Mancini PicoFlat CMS before 0.4.18 allows remote attackers to include certain files via unspecified vectors, possibly due to a directory traversal vulnerability. | 6.8 |
2007-11-10 | CVE-2007-5919 | Permissions, Privileges, and Access Controls vulnerability in Mywebftp MyWebFTP, possibly 5.3.2, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain an MD5 password hash via a direct request for pass/pass.txt. | 5.0 |