269841
|
- |
|
itechscripts
|
itechclassifieds
|
SQL injection vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to execute arbitrary SQL commands via the CatID parameter.
|
CWE-89
SQL Injection
|
CVE-2008-0685
|
2008-09-6 06:35 |
2008-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
269842
|
- |
|
crux_software
|
cruxcms
|
Cross-site scripting (XSS) vulnerability in search.php in Crux Software CruxCMS 3.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of t…
|
CWE-79
Cross-site Scripting
|
CVE-2008-0700
|
2008-09-6 06:35 |
2008-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
269843
|
- |
|
planetluc
|
mynews
|
Cross-site scripting (XSS) vulnerability in mynews.inc.php in MyNews 1.6.4, and other earlier 1.6.x versions, allows remote attackers to inject arbitrary web script or HTML via the hash parameter in …
|
CWE-79
Cross-site Scripting
|
CVE-2008-0723
|
2008-09-6 06:35 |
2008-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
269844
|
- |
|
titan
|
ftp_server
|
Multiple heap-based buffer overflows in the (1) FTP service and (2) administration service in Titan FTP Server 6.0.5.549 allow remote attackers to cause a denial of service (daemon hang) and possibly…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2008-0725
|
2008-09-6 06:35 |
2008-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
269845
|
- |
|
novell
|
apparmor
|
The Linux kernel before 2.6.18.8-0.8 in SUSE openSUSE 10.2 does not properly handle failure of an AppArmor change_hat system call, which might allow attackers to trigger the unconfining of an apparmo…
|
NVD-CWE-noinfo CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-0731
|
2008-09-6 06:35 |
2008-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
269846
|
- |
|
apache
|
geronimo
|
The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
|
CWE-59
Link Following
|
CVE-2008-0732
|
2008-09-6 06:35 |
2008-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
269847
|
- |
|
loris
|
hotel_reservation_system
|
Cross-site scripting (XSS) vulnerability in search.cgi in Loris Hotel Reservation System 3.01 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the hotel_name pa…
|
CWE-79
Cross-site Scripting
|
CVE-2008-0774
|
2008-09-6 06:35 |
2008-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
269848
|
- |
|
freebsd
|
freebsd
|
The sendfile system call in FreeBSD 5.5 through 7.0 does not check the access flags of the file descriptor used for sending a file, which allows local users to read the contents of write-only files.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-0777
|
2008-09-6 06:35 |
2008-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
269849
|
- |
|
sam_lantinga
|
splitvt
|
misc.c in splitvt 1.6.6 and earlier does not drop group privileges before executing xprop, which allows local users to gain privileges.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-0162
|
2008-09-6 06:34 |
2008-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
269850
|
- |
|
liferay
|
liferay_enterprise_portal
|
Cross-site scripting (XSS) vulnerability in the Enterprise Admin Session Monitoring component in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the …
|
CWE-79
Cross-site Scripting
|
CVE-2008-0178
|
2008-09-6 06:34 |
2008-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|