CVE List - 2007 / April
Showing 301 - 400 of 631 CVEs for April 2007 (Page 4 of 7)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2007-2068 | 2007-04-18 | Multiple PHP remote file inclusion vulnerabilities in the StoreFront mods for Gallery allow remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter to (1) mods/business_functions.php... |
| CVE-2007-2069 | 2007-04-18 | Directory traversal vulnerability in scr/soustab.php in openMairie 1.11 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dsn[phptype] parameter. |
| CVE-2007-2070 | 2007-04-18 | Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart before 3.5.1 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter... |
| CVE-2007-2071 | 2007-04-18 | Multiple cross-site scripting (XSS) vulnerabilities in Open-gorotto 2.0a 2006/02/08 edition, 2006/03/19 edition, and 2006/04/07 edition before 20070416 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters... |
| CVE-2007-2072 | 2007-04-18 | PHP remote file inclusion vulnerability in index.php in Ivan Gallery Script 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue... |
| CVE-2007-2073 | 2007-04-18 | PHP remote file inclusion vulnerability in index.php in Ivan Gallery Script 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the gallery parameter in a new... |
| CVE-2007-2074 | 2007-04-18 | Certain programs in containers in ScramDisk 4 Linux before 1.0-1 execute with SUID permissions, which allows local users to gain privileges via mounted containers. |
| CVE-2007-2075 | 2007-04-18 | ScramDisk 4 Linux before 1.0-1 does not perform permission checks on mount points, which allows local users to gain privileges by using a system directory as a mount point for... |
| CVE-2007-2076 | 2007-04-18 | PHP remote file inclusion vulnerability in index.php in Maian Gallery 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was... |
| CVE-2007-2077 | 2007-04-18 | PHP remote file inclusion vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was... |
| CVE-2007-2078 | 2007-04-18 | PHP remote file inclusion vulnerability in index.php in Maian Weblog 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was... |
| CVE-2007-2079 | 2007-04-18 | The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer... |
| CVE-2007-2080 | 2007-04-18 | Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows allow remote attackers to execute arbitrary SQL commands via unspecified vectors in certain test scripts. |
| CVE-2007-2081 | 2007-04-18 | MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication requirements via the admin cookie parameter to certain admin files, as demonstrated by admin/settings.php. |
| CVE-2007-2082 | 2007-04-18 | Direct static code injection vulnerability in admin/settings.php in MyBlog 0.9.8 and earlier allows remote authenticated admin users to inject arbitrary PHP code via the content parameter, which can be executed... |
| CVE-2007-2083 | 2007-04-18 | vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a... |
| CVE-2007-2065 | 2007-04-18 | PHP remote file inclusion vulnerability in db/PollDB.php in Robert Ladstaetter ActionPoll 1.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG_DATAREADERWRITER parameter, a different vector... |
| CVE-2007-2066 | 2007-04-18 | UseBB before 1.0.6 allows remote attackers to obtain sensitive information via a request with unspecified GET or POST parameters to an unspecified script, which reveals the path in an error... |
| CVE-2006-7194 | 2007-04-18 | PHP remote file inclusion vulnerability in modules/Mysqlfinder/MysqlfinderAdmin.php in Agora 1.4 RC1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the _SESSION[PATH_COMPOSANT] parameter. |
| CVE-2007-2084 | 2007-04-18 | PHP remote file inclusion vulnerability in MobilePublisherphp 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the auth_method parameter to (1) index.php, (2) list.php, (3) postreview.php,... |
| CVE-2007-2085 | 2007-04-18 | Cross-site scripting (XSS) vulnerability in oe2edit.cgi in oe2edit CMS allows remote attackers to inject arbitrary web script or HTML via the q parameter. |
| CVE-2007-2086 | 2007-04-18 | Multiple PHP remote file inclusion vulnerabilities in CNStats 2.9 allow remote attackers to execute arbitrary PHP code via a URL in the bj parameter to (1) who_r.php or (2) who_s.php... |
| CVE-2007-2087 | 2007-04-18 | Multiple PHP remote file inclusion vulnerabilities in CNStats 2.12, when register_globals is enabled and .htaccess is not recognized, allow remote attackers to execute arbitrary PHP code via a URL in... |
| CVE-2007-2088 | 2007-04-18 | Multiple PHP remote file inclusion vulnerabilities in Sitebar 3.3.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) writerFile parameter to index.php and... |
| CVE-2007-2089 | 2007-04-18 | Multiple PHP remote file inclusion vulnerabilities in the Jx Development Article 1.1 and earlier component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL... |
| CVE-2007-2090 | 2007-04-18 | Cross-site scripting (XSS) vulnerability in index.php in TuMusika Evolution 1.6 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. |
| CVE-2007-2091 | 2007-04-18 | PHP remote file inclusion vulnerability in blocks/tsdisplay4xoops_block2.php in tsdisplay4xoops (TSD4XOOPS, aka the TeamSpeak display module) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the xoops_url... |
| CVE-2007-2092 | 2007-04-18 | Direct static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook) allows remote attackers to inject arbitrary PHP code into posts.txt via the name parameter. NOTE: the provenance... |
| CVE-2007-2093 | 2007-04-18 | Direct static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook) 1.0 allows remote attackers to inject arbitrary PHP code into posts.txt via the message parameter. |
| CVE-2007-2094 | 2007-04-18 | PHP remote file inclusion vulnerability in index.php in Anthologia 0.5.2 allows remote attackers to execute arbitrary PHP code via a URL in the ads_file parameter. |
| CVE-2007-2095 | 2007-04-18 | PHP remote file inclusion vulnerability in chat.php in MySpeach 1.9 allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter, a different vector than CVE-2007-0498. |
| CVE-2007-2096 | 2007-04-18 | PHP remote file inclusion vulnerability in common.php in Hinton Design PHPHD Download System (phphd_downloads) allows remote attackers to execute arbitrary PHP code via a URL in the phphd_real_path parameter. NOTE:... |
| CVE-2007-2097 | 2007-04-18 | Multiple PHP remote file inclusion vulnerabilities in OpenConcept Back-End CMS 0.4.7 allow remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter to (1) click.php or... |
| CVE-2007-2098 | 2007-04-18 | Multiple cross-site scripting (XSS) vulnerabilities in showpic.php in Wabbit PHP Gallery 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) pic and (2) gal parameters. |
| CVE-2007-2099 | 2007-04-18 | Cross-site scripting (XSS) vulnerability in htdocs/php.php in OpenConcept Back-End CMS 0.4.7 allows remote attackers to inject arbitrary web script or HTML via the page[] parameter. |
| CVE-2007-2100 | 2007-04-18 | FAC Guestbook 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/Gdb.mdb. |
| CVE-2007-2101 | 2007-04-18 | FAC Guestbook 3.01 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/gbdb.mdb. NOTE: the... |
| CVE-2007-2102 | 2007-04-18 | Cross-site scripting (XSS) vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vector than CVE-2006-6087. |
| CVE-2007-2103 | 2007-04-18 | Multiple PHP remote file inclusion vulnerabilities in my little forum 1.7 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) admin.php and... |
| CVE-2007-2104 | 2007-04-18 | Multiple directory traversal vulnerabilities in iXon CMS 0.30 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme_url parameter to (1) index.php,... |
| CVE-2007-2105 | 2007-04-18 | Directory traversal vulnerability in admin/index.php in Monkey CMS 0.0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the admin_skin parameter. |
| CVE-2007-2106 | 2007-04-18 | Directory traversal vulnerability in index.php in Kai Content Management System (K-CMS) 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the current_theme... |
| CVE-2007-2107 | 2007-04-18 | SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than... |
| CVE-2007-2108 | 2007-04-18 | Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote attackers to have an unknown impact, aka DB01. NOTE: as of... |
| CVE-2007-2109 | 2007-04-18 | Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) Rules Manager and Expression Filter components (DB02) and (2) Oracle Streams (DB06).... |
| CVE-2007-2110 | 2007-04-18 | Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03. NOTE: as of 20070424, Oracle... |
| CVE-2007-2111 | 2007-04-18 | SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 allows remote authenticated users to inject arbitrary SQL commands via unknown vectors, aka DB04. NOTE: as... |
| CVE-2007-2112 | 2007-04-18 | Unspecified vulnerability in the Authentication component for Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and attack vectors, aka DB05. NOTE: as of 20070424, Oracle has not disputed reliable claims... |
| CVE-2007-2113 | 2007-04-18 | SQL injection vulnerability in the Upgrade/Downgrade component (DBMS_UPGRADE_INTERNAL) for Oracle Database 10.1.0.5 allows remote authenticated users to execute arbitrary SQL commands via unknown vectors, aka DB07. NOTE: as of 20070424,... |
| CVE-2007-2114 | 2007-04-18 | Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors, related to (1) Change Data Capture (CDC), aka DB08, and (2) Oracle Instant... |
| CVE-2007-2115 | 2007-04-18 | Unspecified vulnerability in the Change Data Capture (CDC) component in Oracle Database 9.2.0.7, 10.1.0.5, and 10.2.0.2 has unknown impact and attack vectors, aka DB09. NOTE: as of 20070424, oracle has... |
| CVE-2007-2116 | 2007-04-18 | Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors, aka DB10. NOTE: as of 20070424, Oracle has not disputed... |
| CVE-2007-2117 | 2007-04-18 | Unspecified vulnerability in the Oracle Text component in Oracle Database 9.0.1.5+ and 9.2.0.5 has unknown impact and attack vectors, aka DB12. NOTE: as of 20070424, Oracle has not disputed reliable... |
| CVE-2007-2118 | 2007-04-18 | Unspecified vulnerability in the Upgrade/Downgrade component of Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors, aka DB13. NOTE: as of 20070424, Oracle has not disputed reliable claims... |
| CVE-2007-2119 | 2007-04-18 | Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the Administration Front End for Oracle Enterprise (Ultra) Search, as used in Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server 9.0.4.3,... |
| CVE-2007-2120 | 2007-04-18 | The Oracle Discoverer servlet in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to shut down an Oracle TNS Listener via a TNS STOP command in a request... |
| CVE-2007-2121 | 2007-04-18 | Unspecified vulnerability in the COREid Access component in Oracle Application Server 7.0.4.4 has unknown impact and attack vectors, aka AS02. |
| CVE-2007-2122 | 2007-04-18 | Unspecified vulnerability in the Wireless component in Oracle Application Server 9.0.4.3 has unknown impact and attack vectors, aka AS03. |
| CVE-2007-2123 | 2007-04-18 | Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.3 up to 10.1.3.2.0, 10.1.2 up to 10.1.2.2.0, and 9.0.4.3 has unknown impact and attack vectors, aka AS04. |
| CVE-2007-2124 | 2007-04-18 | Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.4.1.0 has unknown impact and remote attack vectors, aka AS05. |
| CVE-2007-2125 | 2007-04-18 | Unspecified vulnerability in Collaborative Workspace in Oracle Collaboration Suite 10.1.2 has unknown impact and attack vectors, aka OCS01. |
| CVE-2007-2126 | 2007-04-18 | Unspecified vulnerability in Oracle E-Business Suite 11.5.10CU2 has unknown impact and remote attack vectors in the (1) Common Applications (APPS01) and (2) iProcurement (APPS02). |
| CVE-2007-2127 | 2007-04-18 | Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.0 have unknown impact and remote attack vectors via (1) Application Object Library (APPS04), iStore (2) APPS05 and (3) APPS06, (4) iSupport (APPS07),... |
| CVE-2007-2128 | 2007-04-18 | Unspecified vulnerability in the Sales Online component for Oracle E-Business Suite 11.5.10 has unknown impact and remote authenticated attack vectors, aka APPS08. |
| CVE-2007-2129 | 2007-04-18 | Unspecified vulnerability in the Agent component in Oracle Enterprise Manager 9.2.0.8 has unknown impact and remote attack vectors, aka EM01. |
| CVE-2007-2130 | 2007-04-18 | Unspecified vulnerability in Workflow Cartridge, as used in Oracle Database Server 9.2.0.1, 10.1.0.2, and 10.2.0.1; Application Server 9.0.4.3 and 10.1.2.0.2; Collaboration Suite 10.1.2; and E-Business Suite; has unknown impact and... |
| CVE-2007-2131 | 2007-04-18 | Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.22.14, 8.47.12, and 8.48.08 has unknown impact and attack vectors, aka PSE01. |
| CVE-2007-2132 | 2007-04-18 | Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise 8.47.12 and 8.48.08 has unknown impact and attack vectors, aka PSE02. |
| CVE-2007-2133 | 2007-04-18 | Unspecified vulnerability in the PeopleSoft Enterprise Human Capital Management component in Oracle PeopleSoft Enterprise 8.9 has unknown impact and attack vectors, aka PSEHCM01. |
| CVE-2007-2134 | 2007-04-18 | Unspecified vulnerability in the HTML Server in Oracle JD Edwards EnterpriseOne SP23_Q1 and 8.96.I1 has unknown impact and local attack vectors, aka JDE01. |
| CVE-2007-1009 | 2007-04-19 | Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallScript.iap_xml configuration file without integrity protection to verify authorization for installing an application, which allows local users to perform unauthorized installations by removing... |
| CVE-2007-1681 | 2007-04-19 | Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute... |
| CVE-2007-1690 | 2007-04-19 | Multiple stack-based buffer overflows in Second Sight Software ActiveGS ActiveX control (ActiveGS.ocx) allow remote attackers to execute arbitrary code via unspecified vectors. |
| CVE-2007-1691 | 2007-04-19 | Stack-based buffer overflow in Second Sight Software ActiveMod ActiveX control (ActiveMod.ocx) allows remote attackers to execute arbitrary code via unspecified vectors. |
| CVE-2007-2140 | 2007-04-19 | PHP remote file inclusion vulnerability in everything.php in Franklin Huang Flip (aka Flip-search-add-on) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter. |
| CVE-2007-2141 | 2007-04-19 | Direct static code injection vulnerability in shoutbox.php in ShoutPro 1.5.2 allows remote attackers to inject arbitrary PHP code into shouts.php via the shout parameter. |
| CVE-2007-2142 | 2007-04-19 | Multiple PHP remote file inclusion vulnerabilities in AjPortal2Php allow remote attackers to execute arbitrary PHP code via a URL in the PagePrefix parameter to (1) begin.inc.php, (2) connection.inc.php, (3) events.inc.php,... |
| CVE-2007-2143 | 2007-04-19 | PHP remote file inclusion vulnerability in index.php in the Be2004-2 template for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| CVE-2007-2144 | 2007-04-19 | PHP remote file inclusion vulnerability in includes/CAltInstaller.php in the JoomlaPack (com_jpack) 1.0.4a2 RE component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path... |
| CVE-2007-2145 | 2007-04-19 | The imagecomments function in classes.php in MiniGal b13 allows remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the input parameter. NOTE: some of... |
| CVE-2007-2146 | 2007-04-19 | The imagecomments function in classes.php in MiniGal b13 allow remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the (1) name or (2) email... |
| CVE-2007-2147 | 2007-04-19 | admin/options.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier does not check for administrative credentials, which allows remote attackers to read and modify the classes/vars.php and classes/varstuff.php configuration files... |
| CVE-2007-2148 | 2007-04-19 | Direct static code injection vulnerability in admin/save.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html... |
| CVE-2007-2149 | 2007-04-19 | Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier stores usernames and unencrypted passwords in (1) classes/vars.php and (2) classes/varstuff.php, and recommends 0666 or 0777 permissions for these files, which allows... |
| CVE-2007-2150 | 2007-04-19 | BlueArc-FTPD in BlueArc Titan 2x00 devices with firmware 4.2.944b allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command, a variant of CVE-1999-0017. |
| CVE-2007-2151 | 2007-04-19 | The administration server in McAfee e-Business Server before 8.1.1 and 8.5.x before 8.5.2 allows remote attackers to cause a denial of service (service crash) via a large length value in... |
| CVE-2007-2152 | 2007-04-19 | Buffer overflow in the On-Access Scanner in McAfee VirusScan Enterprise before 8.0i Patch 12 allows user-assisted remote attackers to execute arbitrary code via a long filename containing multi-byte (Unicode) characters. |
| CVE-2007-2153 | 2007-04-19 | Cross-site scripting (XSS) vulnerability in atmail.php in @Mail 5.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter. |
| CVE-2007-2154 | 2007-04-19 | PHP remote file inclusion vulnerability in services/samples/inclusionService.php in Cabron Connector 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the CabronServiceFolder parameter. |
| CVE-2007-2155 | 2007-04-19 | Directory traversal vulnerability in template.php in in phpFaber TopSites 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the modify parameter in a template action... |
| CVE-2007-2156 | 2007-04-19 | Multiple PHP remote file inclusion vulnerabilities in Rezervi Generic 0.9 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) datumVonDatumBis.inc.php, (2) footer.inc.php,... |
| CVE-2007-2157 | 2007-04-19 | Directory traversal vulnerability in upload/force_download.php in Zomplog 3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. |
| CVE-2007-2158 | 2007-04-19 | PHP remote file inclusion vulnerability in index.php in jGallery 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the G_JGALL[inc_path] parameter. |
| CVE-2007-1972 | 2007-04-22 | PatrolAgent.exe in BMC Performance Manager does not require authentication for requests to modify configuration files, which allows remote attackers to execute arbitrary code via a request on TCP port 3181... |
| CVE-2007-2136 | 2007-04-22 | Stack-based buffer overflow in bgs_sdservice.exe in BMC Patrol PerformAgent allows remote attackers to execute arbitrary code by connecting to TCP port 10128 and sending certain XDR data, which is not... |
| CVE-2007-2137 | 2007-04-22 | Heap-based buffer overflow in kde.dll in IBM Tivoli Monitoring Express 6.1.0 before Fix Pack 2, as used in Tivoli Universal Agent, Windows OS Monitoring agent, and Enterprise Portal Server, allows... |
| CVE-2007-2159 | 2007-04-22 | Multiple cross-site scripting (XSS) vulnerabilities in the Database Administration (dba) module 4.6.x-*, and before 4.7.x-1.2 in the 4.7.x-1.* series, for Drupal allow remote attackers to inject arbitrary web script or... |
| CVE-2007-2160 | 2007-04-22 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Database Administration (dba) module 4.6.x-*, and before 4.7.x-1.2 in the 4.7.x-1.* series, for Drupal allow remote attackers to perform unauthorized actions as... |
| CVE-2007-2161 | 2007-04-22 | Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (browser hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. |
| CVE-2007-2162 | 2007-04-22 | (1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote attackers to cause a denial of service (browser crash or system hang) via JavaScript that matches a regular expression... |