270321
|
- |
|
leszek_krupinski
|
l-forum
|
SQL injection vulnerability in search.php for L-Forum 2.40 allows remote attackers to execute arbitrary SQL statements via the search parameter.
|
NVD-CWE-Other
|
CVE-2002-1457
|
2008-09-6 05:30 |
2003-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270322
|
- |
|
leszek_krupinski
|
l-forum
|
Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is on, allows remote attackers to insert arbitrary script or HTML via message fields includin…
|
NVD-CWE-Other
|
CVE-2002-1458
|
2008-09-6 05:30 |
2003-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270323
|
- |
|
leszek_krupinski
|
l-forum
|
Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is off, allows remote attackers to insert arbitrary script or HTML via message fields includi…
|
NVD-CWE-Other
|
CVE-2002-1459
|
2008-09-6 05:30 |
2003-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270324
|
- |
|
leszek_krupinski
|
l-forum
|
L-Forum 2.40 and earlier does not properly verify whether a file was uploaded or if the associated variables were set by POST (attachment, attachment_name, attachment_size and attachment_type), which…
|
NVD-CWE-Other
|
CVE-2002-1460
|
2008-09-6 05:30 |
2003-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270325
|
- |
|
webscriptworld
|
web_shop_manager
|
Web Shop Manager 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search box.
|
NVD-CWE-Other
|
CVE-2002-1461
|
2008-09-6 05:30 |
2003-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270326
|
- |
|
organicphp
|
php-affiliate
|
details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later versions, allows remote attackers to modify information of other users by modifying certain hidden form fields.
|
NVD-CWE-Other
|
CVE-2002-1462
|
2008-09-6 05:30 |
2003-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270327
|
- |
|
cafelog
|
b2
|
Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool allows remote attackers to insert arbitrary HTML or script via the GPC variable.
|
NVD-CWE-Other
|
CVE-2002-1464
|
2008-09-6 05:30 |
2003-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270328
|
- |
|
cafelog
|
b2
|
SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote attackers to execute arbitrary SQL code via the tablehosts variable.
|
NVD-CWE-Other
|
CVE-2002-1465
|
2008-09-6 05:30 |
2003-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270329
|
- |
|
cafelog
|
b2
|
CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows remote attackers to execute arbitrary PHP code via the b2inc variable.
|
NVD-CWE-Other
|
CVE-2002-1466
|
2008-09-6 05:30 |
2003-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270330
|
- |
|
macromedia
|
flash_player shockwave
|
Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirect, (2) a "file://" base in a web document, or (3)…
|
NVD-CWE-Other
|
CVE-2002-1467
|
2008-09-6 05:30 |
2003-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|