Search Results (Refine Search)

Search Parameters:
There are 155,392 matching records.
Displaying matches 129,501 through 129,520.
Vuln ID Summary CVSS Severity
CVE-2007-3883

The Data Dynamics ActiveBar ActiveX control (actbar3.ocx) 3.2 and earlier allows remote attackers to create or overwrite files via a full pathname in (1) the second argument to the Save method, or the first argument to the (2) SaveLayoutChanges or (3) SaveMenuUsageData method.

Published: July 18, 2007; 7:30:00 PM -0400
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2007-3884

SQL injection vulnerability in philboard_forum.asp in husrevforum 1.0.1 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: it was later reported that 2.0.1 is also affected.

Published: July 18, 2007; 7:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-3885

Cross-site scripting (XSS) vulnerability in philboard_search.asp in husrevforum 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published: July 18, 2007; 7:30:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-3886

Cross-site scripting (XSS) vulnerability in default.asp in Element CMS allows remote attackers to inject arbitrary web script or HTML via the s parameter in a search pID action.

Published: July 18, 2007; 7:30:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-3887

Multiple cross-site scripting (XSS) vulnerabilities in mesaj_formu.asp in ASP Ziyaretci Defteri 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Isim, (2) Mesajiniz, and (3) E-posta fields. NOTE: these probably correspond to the isim, mesaj, and posta parameters to save.php.

Published: July 18, 2007; 7:30:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-3888

Multiple cross-site scripting (XSS) vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the search action, possibly related to the term parameter to index.php; or (2) an anonymous blog entry, possibly involving the (a) posted_by, (b) subject, and (c) content parameters to index.php; as demonstrated by the onmouseover attribute of certain elements. NOTE: some of these details are obtained from third party information.

Published: July 18, 2007; 7:30:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-3889

Multiple SQL injection vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the current_subsection parameter to index.php and other unspecified vectors.

Published: July 18, 2007; 7:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-3853

Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to have unknown impact via (1) DBMS_JAVA_TEST in the JavaVM component (DB01), (2) Oracle Text component (DB09), and (3) MDSYS.SDO_GEOR_INT in the Spatial component (DB15). NOTE: a reliable researcher claims that DB01 is SQL injection in DBMS_PRVTAQIS.

Published: July 18, 2007; 3:30:00 PM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2007-3854

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12). NOTE: Oracle has not disputed reliable researcher claims that DB02 is for SQL injection and DB12 is for a buffer overflow.

Published: July 18, 2007; 3:30:00 PM -0400
V3.x:(not available)
V2.0: 5.5 MEDIUM
CVE-2007-3855

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to have an unknown impact via (1) SYS.DBMS_DRS in the DataGuard component (DB03), (2) SYS.DBMS_STANDARD in the PL/SQL component (DB10), (3) MDSYS.RTREE_IDX in the Spatial component (DB16), and (4) SQL Compiler (DB17). NOTE: a reliable researcher claims that DB17 is for using Views to perform unauthorized insert, update, or delete actions.

Published: July 18, 2007; 3:30:00 PM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2007-3856

Unspecified vulnerability in the Oracle Data Mining component for Oracle Database 10g Release 2 10.2.0.2 and 10.2.0.3, 10g 10.1.0.5, and Oracle9i Database Release 2 9.2.0.7, 9.2.0.8, and 9.2.0.8DV has unknown impact and remote authenticated attack vectors related to DMSYS.DMP_SYS, aka DB04.

Published: July 18, 2007; 3:30:00 PM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2007-3857

Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 allow remote authenticated users to have an unknown impact via (a) the Oracle Text component, including (1) unspecified vectors (DB05), (2) CTXSYS.DRVXMD (DB06), (3) CTXSYS.DRI_MOVE_CTXSYS (DB07), (4) CTXSYS.DRVXMD (DB08), and (b) JavaVM (DB14).

Published: July 18, 2007; 3:30:00 PM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2007-3858

Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 allow remote authenticated users to have an unknown impact via (1) EXFSYS.DBMS_RLMGR_UTL in Rules Manager (DB11) and (2) Program Interface (DB13).

Published: July 18, 2007; 3:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-3859

Unspecified vulnerability in the Oracle Internet Directory component for Oracle Database 9.2.0.8 and 9.2.0.8DV; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 10.1.2 has unknown impact and remote attack vectors, aka OID01.

Published: July 18, 2007; 3:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-3860

Unspecified vulnerability in Oracle Application Express (formerly Oracle HTML DB) 2.2.0.00.32 up to 3.0.0.00.20 allows developers to have an unknown impact via unknown attack vectors, aka APEX01. NOTE: a reliable researcher states that this is SQL injection in the wwv_flow_security.check_db_password function due to insufficient checks for '"' characters.

Published: July 18, 2007; 3:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-3861

Unspecified vulnerability in Oracle Jdeveloper in Oracle Application Server 10.1.2.2 and Collaboration Suite 10.1.2 allows context-dependent attackers to have an unknown impact via custom applications that use JBO.KEY, aka JDEV01.

Published: July 18, 2007; 3:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-3862

Unspecified vulnerability in Oracle Application Server 9.0.4.3 and 10.1.2.0.2 allows remote attackers to have an unknown impact via Oracle Single Sign On, aka AS01.

Published: July 18, 2007; 3:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-3863

Unspecified vulnerability in Oracle JDeveloper for Application Server 10.1.2.2 and 10.1.3.1, and Collaboration Suite 10.1.2, allows context-dependent attackers to have an unknown impact via custom applications that use JBO.SERVER, aka JDEV02.

Published: July 18, 2007; 3:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-3864

Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10.1.2 have unknown impact and remote attack vectors via (1) Instant Messaging/Presence (OCS01) and (2) Oracle Single Sign On (AS02).

Published: July 18, 2007; 3:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-3865

Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 12.0.1 has unknown impact and remote attack vectors, aka APPS01.

Published: July 18, 2007; 3:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH