267981
|
- |
|
viewvc
|
viewvc
|
ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information.
|
CWE-200
Information Exposure
|
CVE-2008-1290
|
2009-08-20 14:14 |
2008-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267982
|
- |
|
viewvc
|
viewvc
|
ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.
|
CWE-200
Information Exposure
|
CVE-2008-1291
|
2009-08-20 14:14 |
2008-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267983
|
- |
|
viewvc
|
viewvc
|
ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames …
|
CWE-200
Information Exposure
|
CVE-2008-1292
|
2009-08-20 14:14 |
2008-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267984
|
- |
|
shoppingtree
|
candypress_store
|
Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and earlier 4.1.x versions, allow remote attackers to execute arbitrary SQL commands via the (1) idcust parameter to (a) ajax_getTi…
|
CWE-89
SQL Injection
|
CVE-2008-0738
|
2009-08-20 14:13 |
2008-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267985
|
- |
|
shoppingtree
|
candypress_store
|
SQL injection vulnerability in admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and earlier 4.x and 3.x versions, allows remote attackers to execute arbitrary SQL commands via the FedExAccoun…
|
CWE-89
SQL Injection
|
CVE-2008-0739
|
2009-08-20 14:13 |
2008-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267986
|
- |
|
ibm
|
db2
|
IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-2859
|
2009-08-20 13:00 |
2009-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267987
|
- |
|
mybb
|
mybb
|
Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB 1.2.11 and earlier allow remote attackers to (1) hijack the authentication of moderators or administrators for requests that delete …
|
CWE-352
Origin Validation Error
|
CVE-2008-0788
|
2009-08-20 13:00 |
2008-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267988
|
- |
|
ibm
|
tklm
|
Unspecified vulnerability in IBM Tivoli Key Lifecycle Manager (TKLM) 1.0 has unknown impact and attack vectors, related to a "password security vulnerability."
|
NVD-CWE-noinfo
|
CVE-2009-2667
|
2009-08-19 14:29 |
2009-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267989
|
- |
|
apple
|
safari
|
Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 10.4.11 and 10.5.6, and Windows XP and Vista, allow remote attackers to execute arbitrary JavaScript in the local security zone vi…
|
CWE-20
Improper Input Validation
|
CVE-2009-0137
|
2009-08-19 14:25 |
2009-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267990
|
- |
|
dotnetnuke
|
dotnetnuke
|
Unrestricted file upload vulnerability in the file manager module in DotNetNuke before 4.8.2 allows remote administrators to upload arbitrary files and gain privileges to the server via unspecified v…
|
CWE-20
Improper Input Validation
|
CVE-2008-6541
|
2009-08-19 14:24 |
2009-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|