
CVE-2007-6045
https://notcve.org/view.php?id=CVE-2007-6045
20 Nov 2007 — Unspecified vulnerability in (1) DB2WATCH and (2) DB2FREEZE in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors. Vulnerabilidad no especificada en (1) DB2WATCH y (2) DB2FREEZE çen IBM DB2 UDB 9.1 anterior a Fixpak 4 tiene un impacto desconocido y vectores de ataque. • http://osvdb.org/41014 •

CVE-2007-6049
https://notcve.org/view.php?id=CVE-2007-6049
20 Nov 2007 — Unspecified vulnerability in the SSL LOAD GSKIT action in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, involving a call to dlopen when the effective uid is root. Vulnerabilidad no especificada en la acción SSL LOAD GSKIT en IBM DB2 UDB 9.1 anterior a Fixpak 4 tiene un impacto desconocido y vectores de ataque, afectando a la llamada a dlopen cuando el uid efectivo es root. • http://osvdb.org/41013 • CWE-264: Permissions, Privileges, and Access Controls •

CVE-2007-3073 – Gentoo Linux Security Advisory 201301-01
https://notcve.org/view.php?id=CVE-2007-3073
06 Jun 2007 — Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix allows remote attackers to read arbitrary files via ..%2F (dot dot encoded slash) sequences in a resource:// URI. Vulnerabilidad de salto de directorio en Mozilla Firefox 2.0.0.4 y anteriores en Mac OS X y Unix permite a atacantes remotos leer archivos de su elección mediante secuencias ..%2F (punto punto, barra codificada) en un URI resource://. Multiple vulnerabilities have been found in Mozilla Firefox, Thunderb... • http://ha.ckers.org/blog/20070516/read-firefox-settings-poc •

CVE-2006-7164
https://notcve.org/view.php?id=CVE-2006-7164
20 Mar 2007 — SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests. SimpleFileServlet en IBM WebSphere Application Server 5.0.1 hasta 5.0.2.7 en Linux y UNIX no bloquea determinados URIs inválidos y no emite un desafío de seguridad, lo cual permite a atacantes remotos leer archivos seguros y obtener in... • http://www-1.ibm.com/support/docview.wss?uid=swg24013029 •

CVE-2007-1228
https://notcve.org/view.php?id=CVE-2007-1228
02 Mar 2007 — IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories. IBM DB2 UDB 8.2 anterior a ixpak 7 (también conocido como fixpack 14), y DB2 9 anterior a Fix Pack 2, sobre UNIX permite al usuario "cercano" acceder a ciertos directorios no autorizados. • http://secunia.com/advisories/24387 • CWE-287: Improper Authentication •

CVE-2003-1423
https://notcve.org/view.php?id=CVE-2003-1423
31 Dec 2003 — Petitforum stores the liste.txt data file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as e-mail addresses and encrypted passwords. • http://securitytracker.com/id?1006117 • CWE-264: Permissions, Privileges, and Access Controls •

CVE-2003-1467
https://notcve.org/view.php?id=CVE-2003-1467
31 Dec 2003 — Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. • http://securityreason.com/securityalert/3288 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2003-1454
https://notcve.org/view.php?id=CVE-2003-1454
31 Dec 2003 — Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access. • http://securityreason.com/securityalert/3276 •

CVE-2003-1372 – myPHPNuke 1.8.8 - 'links.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2003-1372
31 Dec 2003 — Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters. • https://www.exploit-db.com/exploits/22268 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2003-1456 – Mike Bobbitt Album.PL 0.61 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2003-1456
31 Dec 2003 — Album.pl 6.1 allows remote attackers to execute arbitrary commands, when an alternative configuration file is used, via unknown attack vectors. • https://www.exploit-db.com/exploits/22545 • CWE-20: Improper Input Validation •