270551
|
- |
|
opendb
|
opendb
|
Cross-site request forgery (CSRF) vulnerability in user_admin.php in Open Media Collectors Database (OpenDb) 1.0.6 allows remote attackers to change arbitrary passwords via an update_password action.
|
CWE-352
Origin Validation Error
|
CVE-2008-3938
|
2008-09-6 00:08 |
2008-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270552
|
- |
|
avtech
|
pager_enterprise
|
Directory traversal vulnerability in the web interface in AVTECH PageR Enterprise before 5.0.7 allows remote attackers to read arbitrary files via directory traversal sequences in the URI.
|
CWE-22
Path Traversal
|
CVE-2008-3939
|
2008-09-6 00:08 |
2008-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270553
|
- |
|
manageengine
|
servicedesk_plus
|
Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows allows remote attackers to inject arbitrary web script or HTML via the sear…
|
CWE-79
Cross-site Scripting
|
CVE-2008-1299
|
2008-09-5 13:00 |
2008-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270554
|
- |
|
oocomments
|
oocomments
|
Multiple PHP remote file inclusion vulnerabilities in ooComments 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the PathToComment parameter for (1) classes/class_admin.php and …
|
CWE-94
Code Injection
|
CVE-2008-1511
|
2008-09-5 13:00 |
2008-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270555
|
- |
|
avici hitachi
|
router gr2000 gr3000 gr4000
|
Unspecified vulnerability in Avici routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue …
|
NVD-CWE-noinfo CWE-20
Improper Input Validation
|
CVE-2008-2169
|
2008-09-5 13:00 |
2008-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270556
|
- |
|
century_software
|
router
|
Unspecified vulnerability in Century routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issu…
|
CWE-20
Improper Input Validation
|
CVE-2008-2170
|
2008-09-5 13:00 |
2008-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270557
|
- |
|
yamaha
|
router
|
Unspecified vulnerability in Yamaha routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue…
|
CWE-20
Improper Input Validation
|
CVE-2008-2173
|
2008-09-5 13:00 |
2008-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270558
|
- |
|
runesoft
|
cerberus_cms
|
Cross-site scripting (XSS) vulnerability in Runesoft Cerberus CMS before 3_1.4_0.9 allows remote attackers to inject arbitrary web script or HTML via a cerberus_user cookie.
|
CWE-79
Cross-site Scripting
|
CVE-2008-3397
|
2008-09-5 13:00 |
2008-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270559
|
- |
|
spacetag
|
lacoodast
|
Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to hijack web sessions via unspecified vectors.
|
CWE-287
Improper Authentication
|
CVE-2008-3738
|
2008-09-5 13:00 |
2008-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270560
|
- |
|
microsoft
|
windows_vista
|
Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer during boot, which allows local users to obtain sen…
|
CWE-200
Information Exposure
|
CVE-2008-3893
|
2008-09-5 13:00 |
2008-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|