269831
|
- |
|
xlight_ftp_server
|
xlight_ftp_server
|
The LDAP authentication feature in XLight FTP Server before 2.83, when used with some unspecified LDAP servers, does not check for blank passwords, which allows remote attackers to bypass intended ac…
|
CWE-255
Credentials Management
|
CVE-2008-0604
|
2008-09-6 06:35 |
2008-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
269832
|
- |
|
mplayer
|
mplayer
|
Buffer overflow in stream_cddb.c in MPlayer 1.0rc2 and SVN before r25824 allows remote user-assisted attackers to execute arbitrary code via a CDDB database entry containing a long album title.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2008-0629
|
2008-09-6 06:35 |
2008-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
269833
|
- |
|
mplayer
|
mplayer
|
Buffer overflow in url.c in MPlayer 1.0rc2 and SVN before r25823 allows remote attackers to execute arbitrary code via a crafted URL that prevents the IPv6 parsing code from setting a pointer to NULL…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2008-0630
|
2008-09-6 06:35 |
2008-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
269834
|
- |
|
portail_web_php
|
portail_web_php
|
Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) config/conf-activation.p…
|
CWE-94
Code Injection
|
CVE-2008-0645
|
2008-09-6 06:35 |
2008-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
269835
|
- |
|
simple_os_cms
|
simple_os_cms
|
SQL injection vulnerability in login.php in Simple OS CMS 0.1c beta allows remote attackers to execute arbitrary SQL commands via the username field. NOTE: the provenance of this information is unkn…
|
CWE-89
SQL Injection
|
CVE-2008-0650
|
2008-09-6 06:35 |
2008-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
269836
|
- |
|
pedro_santana_codice
|
cms
|
SQL injection vulnerability in login.php in Pedro Santana Codice CMS allows remote attackers to execute arbitrary SQL commands via the username field. NOTE: the provenance of this information is unk…
|
CWE-89
SQL Injection
|
CVE-2008-0651
|
2008-09-6 06:35 |
2008-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
269837
|
- |
|
website_meta_language
|
website_meta_language
|
wml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp temporary file.
|
CWE-59
Link Following
|
CVE-2008-0665
|
2008-09-6 06:35 |
2008-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
269838
|
- |
|
website_meta_language
|
website_meta_language
|
Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by wml_contrib/wmg.cgi and (2) temporary files us…
|
CWE-59
Link Following
|
CVE-2008-0666
|
2008-09-6 06:35 |
2008-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
269839
|
- |
|
sift
|
unity
|
Cross-site scripting (XSS) vulnerability in search.cgi in Sift Unity allows remote attackers to inject arbitrary web script or HTML via the qt parameter. NOTE: the provenance of this information is …
|
CWE-79
Cross-site Scripting
|
CVE-2008-0669
|
2008-09-6 06:35 |
2008-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
269840
|
- |
|
itechscripts
|
itechclassifieds
|
Cross-site scripting (XSS) vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to inject arbitrary web script or HTML via the CatID parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2008-0684
|
2008-09-6 06:35 |
2008-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|