268151
|
- |
|
trixbox
|
trixbox
|
Multiple cross-site scripting (XSS) vulnerabilities in trixbox 2.4.2.0 allow remote attackers to inject arbitrary web script or HTML via the query string to index.php in (1) user/ or (2) maint/.
|
CWE-79
Cross-site Scripting
|
CVE-2008-0540
|
2008-09-6 06:35 |
2008-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268152
|
- |
|
uniwin
|
ecart_professional
|
Cross-site scripting (XSS) vulnerability in Uniwin eCart Professional before 2.0.16 allows remote attackers to inject arbitrary web script or HTML via the rp parameter to cartView.asp and unspecified…
|
CWE-79
Cross-site Scripting
|
CVE-2008-0558
|
2008-09-6 06:35 |
2008-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268153
|
- |
|
liferay
|
liferay_enterprise_portal
|
Cross-site request forgery (CSRF) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to perform unspecified actions as unspecified authenticated u…
|
CWE-352
Origin Validation Error
|
CVE-2008-0563
|
2008-09-6 06:35 |
2008-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268154
|
- |
|
xlight_ftp_server
|
xlight_ftp_server
|
The LDAP authentication feature in XLight FTP Server before 2.83, when used with some unspecified LDAP servers, does not check for blank passwords, which allows remote attackers to bypass intended ac…
|
CWE-255
Credentials Management
|
CVE-2008-0604
|
2008-09-6 06:35 |
2008-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268155
|
- |
|
mplayer
|
mplayer
|
Buffer overflow in stream_cddb.c in MPlayer 1.0rc2 and SVN before r25824 allows remote user-assisted attackers to execute arbitrary code via a CDDB database entry containing a long album title.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2008-0629
|
2008-09-6 06:35 |
2008-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268156
|
- |
|
mplayer
|
mplayer
|
Buffer overflow in url.c in MPlayer 1.0rc2 and SVN before r25823 allows remote attackers to execute arbitrary code via a crafted URL that prevents the IPv6 parsing code from setting a pointer to NULL…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2008-0630
|
2008-09-6 06:35 |
2008-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268157
|
- |
|
portail_web_php
|
portail_web_php
|
Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) config/conf-activation.p…
|
CWE-94
Code Injection
|
CVE-2008-0645
|
2008-09-6 06:35 |
2008-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268158
|
- |
|
simple_os_cms
|
simple_os_cms
|
SQL injection vulnerability in login.php in Simple OS CMS 0.1c beta allows remote attackers to execute arbitrary SQL commands via the username field. NOTE: the provenance of this information is unkn…
|
CWE-89
SQL Injection
|
CVE-2008-0650
|
2008-09-6 06:35 |
2008-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268159
|
- |
|
pedro_santana_codice
|
cms
|
SQL injection vulnerability in login.php in Pedro Santana Codice CMS allows remote attackers to execute arbitrary SQL commands via the username field. NOTE: the provenance of this information is unk…
|
CWE-89
SQL Injection
|
CVE-2008-0651
|
2008-09-6 06:35 |
2008-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268160
|
- |
|
website_meta_language
|
website_meta_language
|
wml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp temporary file.
|
CWE-59
Link Following
|
CVE-2008-0665
|
2008-09-6 06:35 |
2008-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|