Primary Vendor -- Product | Description | | CVSS Score | Source & Patch Info | Adobe -- Macromedia Shockwave Player
| The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser's DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324. | | 5.0 | CVE-2007-5275 OTHER-REF
| ag-solutions -- MOSMedia Lite
| Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2) info.html.php, (3) media.divs.php, (4) media.divs.js.php, (5) purchase.html.php, or (6) support.html.php in includes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: vector 3 may be the same as CVE-2007-2043.2. | | 6.8 | CVE-2007-5362 BID
| Alcatel -- SpeedTouch 7G router BT -- Home Hub
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub, allow remote attackers to perform actions as administrators via unspecified POST requests, as demonstrated by enabling an inbound remote-assistance HTTPS session on TCP port 51003. NOTE: an authentication bypass can be leveraged to exploit this in the absence of an existing administrative session. NOTE: SpeedTouch 780 might also be affected by some of these issues. | | 4.3 | CVE-2007-5384 BUGTRAQ OTHER-REF OTHER-REF BID
| Alcatel -- SpeedTouch 7G router BT -- Home Hub
| Multiple cross-site scripting (XSS) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | | 4.3 | CVE-2007-5385 BUGTRAQ OTHER-REF OTHER-REF BID
| Alsaplayer -- Alsaplayer
| Buffer overflow in the vorbis_stream_info function in input/vorbis/vorbis_engine.c (aka the vorbis input plugin) in AlsaPlayer before 0.99.80-rc3 allows remote attackers to execute arbitrary code via a .OGG file with long comments. | | 6.8 | CVE-2007-5301 OTHER-REF OTHER-REF FRSIRT SECUNIA
| Battlefront -- Dropteam
| Battlefront Dropteam 1.3.3 and earlier sends the client's online account name and password to the game server, which allows malicious game servers to steal account information. | | 5.0 | CVE-2007-5264 BUGTRAQ OTHER-REF BID SECUNIA
| Creamotion -- Creamotion
| Multiple PHP remote file inclusion vulnerabilities in CMS Creamotion allow remote attackers to execute arbitrary PHP code via a URL in the cfg[document_uri] parameter to (1) _administration/securite.php and (2) _administration/gestion_configurations/save_config.php. | | 6.4 | CVE-2007-5298 BUGTRAQ MILW0RM
| Electronic Arts -- SnoopyCtrl
| Multiple stack-based buffer overflows in Electronic Arts (EA) SnoopyCtrl ActiveX control (NPSnpy.dll) allow remote attackers to execute arbitrary code via unspecified methods and parameters. | | 6.8 | CVE-2007-4466 CERT-VN BID FRSIRT SECUNIA
| Fujitsu -- Interstage Apworks Fujitsu -- Interstage Studio Fujitsu -- Interstage Application Server
| The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option. | | 5.0 | CVE-2007-5366 OTHER-REF BID SECUNIA
| GNU -- TRAMP
| The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file functions in Tramp 2.1.10 extension for Emacs, and possibly earlier 2.1.x versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files. | | 6.9 | CVE-2007-5377 OTHER-REF MLIST MLIST
| Hitachi -- uCosminexus Service Architect Hitachi -- uCosminexus Application Server Standard Hitachi -- uCosminexus Application Server Enterprise Hitachi -- uCosminexus Client Hitachi -- uCosminexus Developer Standard Hitachi -- uCosminexus Developer Professional Hitachi -- uCosminexus Operator Hitachi -- uCosminexus Service Platform
| The Java Secure Socket Extension (JSSE) in the Hitachi Cosminexus Developer's Kit for Java in various Hitachi Cosminexus 7.5 products before 07-50-01, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service via certain SSL/TLS handshake requests. NOTE: this may be the same as CVE-2007-3698. | | 5.0 | CVE-2007-5281 OTHER-REF FRSIRT SECUNIA
| Hitachi -- Cosminexus Library Standard Hitachi -- Cosminexus Agent Hitachi -- Cosminexus Library Web
| Hitachi Cosminexus Agent 03-00 through 03-05, and Cosminexus Library Standard and Web Edition 04-00 and 04-01, might allow remote attackers to cause a denial of service (agent process crash) via invalid data from clients other than Cosminexus Manager. | | 4.3 | CVE-2007-5282 OTHER-REF FRSIRT SECUNIA
| Hitachi -- TPBroker Object Transaction Monitor
| The TSC Domain Manager in Hitachi TPBroker Object Transaction Monitor and Cosminexus TPBroker Object Transaction Monitor 01-00 through 03-00 might allow attackers to cause a denial of service (crash) via invalid messages. | | 5.0 | CVE-2007-5283 OTHER-REF FRSIRT SECUNIA
| Hitachi -- uCosminexus Service Architect Hitachi -- uCosminexus Application Server Standard Hitachi -- uCosminexus Application Server Enterprise Hitachi -- uCosminexus Client Hitachi -- uCosminexus Developer Standard Hitachi -- uCosminexus Developer Professional Hitachi -- uCosminexus Operator Hitachi -- uCosminexus Service Platform
| The Java Secure Socket Extension (JSSE) in the Hitachi Cosminexus Developer's Kit for Java in various Hitachi Cosminexus 7.5 products before 07-50-01, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service via certain SSL/TLS handshake requests. NOTE: this may be the same as CVE-2007-3698. | | 5.0 | CVE-2007-5286 OTHER-REF FRSIRT SECUNIA
| Hitachi -- Cosminexus Library Standard Hitachi -- Cosminexus Agent Hitachi -- Cosminexus Library Web
| Hitachi Cosminexus Agent 03-00 through 03-05, and Cosminexus Library Standard and Web Edition 04-00 and 04-01, might allow remote attackers to cause a denial of service (agent process crash) via invalid data from clients other than Cosminexus Manager. | | 5.0 | CVE-2007-5287 OTHER-REF FRSIRT SECUNIA
| Hitachi -- TPBroker Object Transaction Monitor
| The TSC Domain Manager in Hitachi TPBroker Object Transaction Monitor and Cosminexus TPBroker Object Transaction Monitor 01-00 through 03-00 might allow attackers to cause a denial of service (crash) via invalid messages. | | 5.0 | CVE-2007-5288 OTHER-REF FRSIRT SECUNIA
| Joomla -- Joomla webmaster-tips.net -- Flash Image Gallery
| PHP remote file inclusion vulnerability in admin.wmtgallery.php in the webmaster-tips.net Flash Image Gallery (com_wmtgallery) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | | 6.8 | CVE-2007-5309 MILW0RM VIM VIM BID
| Joomla -- Joomla webmaster-tips.net -- Flash Image Gallery
| PHP remote file inclusion vulnerability in admin.wmtportfolio.php in the webmaster-tips.net wmtportfolio 1.0 (com_wmtportfolio) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | | 6.8 | CVE-2007-5310 MILW0RM BID XF
| Kodak -- Image Viewer
| Unspecified vulnerability in Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption. | | 6.8 | CVE-2007-2217 MS
| libpng -- libpng
| Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image that prevents a name field from being NULL terminated. | | 4.3 | CVE-2007-5266 MLIST MLIST
| libpng -- libpng
| Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266. | | 4.3 | CVE-2007-5267 MLIST MLIST FRSIRT SECUNIA
| libpng -- libpng
| pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical instead of bitwise operations and (2) incorrect comparisons, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG image. | | 4.3 | CVE-2007-5268 MLIST MLIST MLIST FRSIRT SECUNIA
| libpng -- libpng
| Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations. | | 5.0 | CVE-2007-5269 MLIST FRSIRT SECUNIA
| LightBlog -- LightBlog
| cp_memberedit.php in LightBlog 8.4.1.1 does not check for administrative credentials when processing an admin action, which allows remote authenticated users to increase the privileges of any account. | | 6.5 | CVE-2007-5374 MILW0RM
| Massive Entertainment -- World in Conflict
| The GetMagicNumberString function in Massive Entertainment World in Conflict 1.000 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a string to the VoIP port (52999/tcp) with an invalid value in the third byte. | | 5.0 | CVE-2007-5369 BUGTRAQ OTHER-REF BID
| Microsoft -- ie
| Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via unspecified vectors involving memory corruption from an unhandled error. | | 6.8 | CVE-2007-3893 MS
| Microsoft -- Outlook Express Microsoft -- Windows Mail
| Unspecified vulnerability in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista allows remote attackers to execute arbitrary code via malformed Network News Transfer Protocol (NNTP) responses that trigger memory corruption. | | 6.8 | CVE-2007-3897 MS
| Microsoft -- Internet Explorer
| Microsoft Internet Explorer 6 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80, a different issue than CVE-2006-4560. | | 4.3 | CVE-2007-5277 OTHER-REF
| MODxCMS -- MODxCMS
| Multiple SQL injection vulnerabilities in mutate_content.dynamic.php in MODx 0.9.6 allow remote attackers to execute arbitrary SQL commands via the (1) documentDirty or (2) modVariables parameter. | | 6.8 | CVE-2007-5371 BUGTRAQ
| NetWin -- DNewsWeb
| Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/dnewsweb.exe in NetWin DNewsWeb (DNews News Server) 57e1 allow remote attackers to inject arbitrary web script or HTML via the (1) group or (2) utag parameter. | | 4.3 | CVE-2007-5370 BUGTRAQ
| Opera Software -- Opera Web Browser
| Opera 9 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80. | | 4.3 | CVE-2007-5276 OTHER-REF
| Pegasus Imaging -- ImagXpress
| Multiple absolute path traversal vulnerabilities in Pegasus Imaging ImagXpress 8.0 allow remote attackers to (1) delete arbitrary files via the CacheFile attribute in the ThumbnailXpres.1 ActiveX control (PegasusImaging.ActiveX.ThumnailXpress1.dll) or (2) overwrite arbitrary files via the CompactFile function in the ImagXpress.8 ActiveX control (PegasusImaging.ActiveX.ImagXpress8.dll). | | 4.0 | CVE-2007-5320 OTHER-REF OTHER-REF BID BID FRSIRT SECUNIA
| PHP Homepage M -- PHP Homepage M
| SQL injection vulnerability in galerie.php in PHP Homepage M (phpHPm) 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action. | | 6.8 | CVE-2007-5308 MILW0RM
| phpMyAdmin -- phpMyAdmin
| Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: some of these details are obtained from third party information. | | 4.3 | CVE-2007-5386 OTHER-REF OTHER-REF OTHER-REF SECUNIA
| PicoFlat CMS -- PicoFlat CMS
| PHP remote file inclusion vulnerability in index.php in PicoFlat CMS 0.4.14 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pagina parameter. | | 6.8 | CVE-2007-5390 MILW0RM
| Pindorama -- Pindorama
| PHP remote file inclusion vulnerability in active/components/xmlrpc/client.php in Pindorama 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the c[components] parameter. | | 6.8 | CVE-2007-5387 MILW0RM
| SkaDate -- SkaDate Online Dating Software
| Multiple directory traversal vulnerabilities in SkaDate 5.0 and 6.0, and possibly later versions such as 6.482, allow remote attackers to read arbitrary files via a .. (dot dot) in the view_mode parameter to (1) featured_list.php and (2) online_list.php in member/. | | 5.0 | CVE-2007-5299 MILW0RM SECUNIA
| softbizscripts -- Softbiz Jobs and Recruitment Script
| SQL injection vulnerability in browsecats.php in Softbiz Jobs and Recruitment Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. | | 5.0 | CVE-2007-5316 MILW0RM SECUNIA
| Softpedia -- LiveAlbum
| PHP remote file inclusion vulnerability in common.php in LiveAlbum 0.9.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the livealbum_dir parameter. | | 6.8 | CVE-2007-5315 MILW0RM SECUNIA
| splitside -- Directory Image Gallery
| Cross-site scripting (XSS) vulnerability in photos.cfm in Directory Image Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the backwardDirectory parameter. | | 4.3 | CVE-2007-5317 OTHER-REF XF
| Sun -- JRE Sun -- SDK Sun -- JDK
| Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound connections via a DNS rebinding attack. | | 4.0 | CVE-2007-5232 OTHER-REF OTHER-REF SUNALERT SECTRACK
| Sun -- JRE Sun -- SDK Sun -- JDK
| Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232, but affects different product versions. | | 4.0 | CVE-2007-5273 FULLDISC OTHER-REF SUNALERT SECTRACK
| Sun -- JRE Sun -- SDK Mozilla -- Firefox Opera Software -- Opera Web Browser Sun -- JDK
| Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232, but affects different product versions. | | 4.0 | CVE-2007-5274 OTHER-REF SUNALERT SECTRACK
| Sun -- Solaris
| Unspecified vulnerability in the Virtual File System (VFS) in Sun Solaris 10 allows local users to cause a denial of service (kernel memory consumption) via unspecified vectors. | | 4.9 | CVE-2007-5367 SUNALERT
| Sun -- Solaris
| Multiple unspecified vulnerabilities in labeld in Trusted Extensions in Sun Solaris 10 allow local users to cause a denial of service (multiple application hang) via unspecified vectors. | | 4.9 | CVE-2007-5368 SUNALERT
| swmenupro -- swMenuFree Joomla -- Joomla
| ** DISPUTED ** PHP remote file inclusion vulnerability in preview.php in the swMenuFree (com_swmenufree) 4.6 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: a reliable third party disputes this issue because preview.php tests a certain constant to prevent direct requests. | | 6.8 | CVE-2007-5389 BUGTRAQ
| Tcl_Tk -- tk toolkit
| Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk Toolkit 8.4.12 and earlier, and 8.3.5 and earlier, allows user-assisted attackers to cause a denial of service (segmentation fault) via an animated GIF in which the first subimage is smaller than a subsequent subimage, which triggers the overflow in the ReadImage function, a different vulnerability than CVE-2007-5137. | | 4.3 | CVE-2007-5378 OTHER-REF
| TorrentTrader -- TorrentTrader
| Cross-site scripting (XSS) vulnerability in TorrentTrader Classic 1.07 allows remote attackers to inject arbitrary web script or HTML via the (1) color parameter to pjirc/css.php and the (2) cat parameter to browse.php. | | 4.3 | CVE-2007-5312 BUGTRAQ MILW0RM BID SECUNIA XF
| Trionic -- Cite CMS
| Multiple PHP remote file inclusion vulnerabilities in Trionic Cite CMS 1.2 rev9 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the bField[bf_data] parameter to (1) interface/editors/-custom.php or (2) interface/editors/custom.php. | | 6.8 | CVE-2007-5271 MILW0RM
| TYPOlight -- TYPOlight webCMS
| Unspecified vulnerability in preview.php in TYPOlight webCMS 2.4.6 allows remote attackers to download arbitrary files via the src parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 5.0 | CVE-2007-5318 SECUNIA
| Verlihub-Project -- Verlihub Control Panel
| Directory traversal vulnerability in index.php in Verlihub Control Panel (VHCP) 1.7 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) in the page parameter. | | 6.8 | CVE-2007-5321 MILW0RM BID SECUNIA XF
| WebDesktop -- WebDesktop
| Multiple PHP remote file inclusion vulnerabilities in WebDesktop 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) app parameter to apps/apps.php and the (2) wsk parameter to wsk/wsk.php. | | 6.8 | CVE-2007-5388 MILW0RM
| webmaster-tips -- Panoramic Picture Viewer
| PHP remote file inclusion vulnerability in admin.panoramic.php in the Panoramic Picture Viewer (com_panoramic) mambot (plugin) 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 6.8 | CVE-2007-5363 BID FRSIRT XF
| Wesnoth -- Wesnoth
| Unspecified vulnerability in the multiplayer engine in Wesnoth before 1.2.7 allows remote servers to cause a denial of service (client application crash) via invalid UTF-8 strings. NOTE: some of these details are obtained from third-party information. | | 5.0 | CVE-2007-3917 OTHER-REF SECUNIA
| wzdftpd -- wzdftpd
| Off-by-one error in the do_login_loop function in libwzd-core/wzd_login.c in wzdftpd 0.8.2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a long USER command that triggers a stack-based buffer overflow. NOTE: some of these details are obtained from third party information. | | 5.0 | CVE-2007-5300 MILW0RM FRSIRT SECUNIA
| xKiosk -- xKiosk WEB
| PHP remote file inclusion vulnerability in system/funcs/xkurl.php in xKiosk WEB 3.0.1i, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PEARPATH parameter. | | 6.8 | CVE-2007-5314 MILW0RM SECUNIA
| Yannick Tanguy -- Else If CMS
| Multiple PHP remote file inclusion vulnerabilities in ELSEIF CMS Beta 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) contenus parameter to (a) contenus.php; the (2) tpelseifportalrepertoire parameter to (b) votes.php, (c) espaceperso.php, (d) enregistrement.php, (e) commentaire.php, and (f) coeurusr.php in utilisateurs/, and (g) articles/fonctions.php and (h) depot/fonctions.php in moduleajouter/; the (3) corpsdesign parameter to (i) articles/usrarticles.php and (j) depot/usrdepot.php in moduleajouter/; and possibly other files. | | 6.4 | CVE-2007-5305 BUGTRAQ BID
| Yannick Tanguy -- Else If CMS
| ELSEIF CMS Beta 0.6 allows remote attackers to obtain sensitive information (full path) via unspecified vectors to utilisateurs/votesresultats.php. | | 5.0 | CVE-2007-5306 BUGTRAQ BID
| Yannick Tanguy -- Else If CMS
| ELSEIF CMS Beta 0.6 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a .php file via externe/swfupload/upload.php. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in ELSEIF CMS. | | 6.4 | CVE-2007-5307 BUGTRAQ BID
| Zomplog -- Zomplog
| Zomplog 3.8.1 and earlier stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to download files that were uploaded by users, as demonstrated by obtaining a directory listing via a direct request to /upload and then retrieving individual files. NOTE: in a non-default configuration, the directory listing is denied, but filenames may be predicable. | | 4.3 | CVE-2007-5278 MILW0RM BID
|