269031
|
- |
|
mybb
|
mybb
|
Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via (1) a certain referrer field in usercp…
|
CWE-79
Cross-site Scripting
|
CVE-2008-3966
|
2008-11-15 16:19 |
2008-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
269032
|
- |
|
mybb
|
mybb
|
Patch information - http://community.mybboard.net/showthread.php?tid=36022
|
CWE-79
Cross-site Scripting
|
CVE-2008-3966
|
2008-11-15 16:19 |
2008-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
269033
|
- |
|
mybb
|
mybb
|
moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not properly check for moderator privileges, which has unknown impact and remote attack vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-3967
|
2008-11-15 16:19 |
2008-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
269034
|
- |
|
mybb
|
mybb
|
Patch information - http://community.mybboard.net/showthread.php?tid=36022
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-3967
|
2008-11-15 16:19 |
2008-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
269035
|
- |
|
phpcredo
|
phcdownload
|
SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to execute arbitrary SQL commands via the string parameter.
|
CWE-89
SQL Injection
|
CVE-2007-6670
|
2008-11-15 16:06 |
2008-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
269036
|
- |
|
menalto
|
gallery_publish_xp_module
|
Unspecified vulnerability in the Publish XP module Menalto Gallery before 2.2.4 allows attackers to create albums and upload files via unknown vectors.
|
NVD-CWE-noinfo CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2007-6685
|
2008-11-15 16:06 |
2008-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
269037
|
- |
|
menalto
|
gallery
|
The URL rewrite module in Menalto Gallery before 2.2.4 allows attackers to include and execute arbitrary local files via unknown vectors related to the admin controller.
|
NVD-CWE-noinfo
|
CVE-2007-6686
|
2008-11-15 16:06 |
2008-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
269038
|
- |
|
menalto
|
gallery
|
Multiple cross-site scripting (XSS) vulnerabilities in Menalto Gallery before 2.2.4 allow remote attackers to inject arbitrary web script or HTML via crafted filenames to the (1) Core or (2) add-item…
|
CWE-79
Cross-site Scripting
|
CVE-2007-6687
|
2008-11-15 16:06 |
2008-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
269039
|
- |
|
menalto
|
gallery
|
Menalto Gallery before 2.2.4 does not properly check for malicious file extensions during file uploads, which allows attackers to execute arbitrary code via the (1) Core application or (2) MIME modul…
|
CWE-20
Improper Input Validation
|
CVE-2007-6689
|
2008-11-15 16:06 |
2008-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
269040
|
- |
|
menalto
|
gallery
|
The Gallery Remote module in Menalto Gallery before 2.2.4 does not check permissions for unspecified GR commands, which has unknown impact and attack vectors.
|
NVD-CWE-noinfo CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2007-6690
|
2008-11-15 16:06 |
2008-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|