|
268441
|
- |
|
debian
|
feta
|
The to-upgrade plugin in feta 1.4.16 allows local users to overwrite arbitrary files via a symlink on the (1) /tmp/feta.install.$USER and (2) /tmp/feta.avail.$USER temporary files.
|
CWE-59
Link Following
|
CVE-2008-4440
|
2008-11-11 16:12 |
2008-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268442
|
- |
|
cybozu
|
collaborex
cybozu_ag
cybozu_pocket
garoon_1
mailwise
|
Directory traversal vulnerability in Cybozu Collaborex, AG before 1.2(1.5), AG Pocket before 5.2(0.8), Mailwise before 3.0(0.3), and Garoon 1 before 1.5(4.1) allows remote authenticated users to read…
|
NVD-CWE-Other
|
CVE-2006-4491
|
2008-11-11 15:28 |
2006-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268443
|
- |
|
cybozu
|
cybozu_office
|
Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows allows remote attackers to obtain sensitive information, including users and groups, via unspecified vectors.
|
NVD-CWE-Other
|
CVE-2006-4492
|
2008-11-11 15:28 |
2006-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268444
|
- |
|
hyper_estraier
|
hyper_estraier
|
estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote attackers to read unauthorized files via a crafted search request for a filename that contains Unicode characters.
|
NVD-CWE-Other
|
CVE-2005-3421
|
2008-11-11 14:55 |
2005-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268445
|
- |
|
hiki
|
hiki
|
Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via a page name in a Login link, a different vulnerability than CVE-2005…
|
NVD-CWE-Other
|
CVE-2005-2803
|
2008-11-11 14:53 |
2005-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268446
|
- |
|
hiki
|
hiki
|
Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via "missing pages" in which the page name is not properly escaped, a di…
|
NVD-CWE-Other
|
CVE-2005-2336
|
2008-11-11 14:51 |
2005-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268447
|
- |
|
sendmail
debian
|
sendmail
debian_linux
|
The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doubl…
|
NVD-CWE-Other
|
CVE-2003-0308
|
2008-11-11 14:29 |
2003-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268448
|
- |
|
eva-web
|
eva-web
|
An unspecified script in EVA-Web 2.1.2 and earlier, probably index.php, allows remote attackers to obtain the full path of the web server via invalid (1) perso or (2) aide parameters.
|
NVD-CWE-Other
|
CVE-2006-2690
|
2008-11-9 15:26 |
2006-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268449
|
- |
|
lars_bahner
|
xcal
|
pscal in xcal 4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/pscal##### temporary file.
|
CWE-59
Link Following
|
CVE-2008-4988
|
2008-11-7 00:55 |
2008-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268450
|
- |
|
microsoft
|
windows_media_player
|
Microsoft Windows Media Player (WMP) 9.0 through 11 allows user-assisted attackers to cause a denial of service (application crash) via a malformed (1) MIDI or (2) DAT file, related to "MThd Header P…
|
CWE-20
Improper Input Validation
|
CVE-2008-4927
|
2008-11-5 14:00 |
2008-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
