|
257631
|
- |
|
willo
|
mobius_web_publishing_software
|
Multiple SQL injection vulnerabilities in Mobius for Mimsy XG 1 1.4.4.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to browse.php or (2) the s parame…
|
CWE-89
SQL Injection
|
CVE-2008-3420
|
2017-09-29 10:31 |
2008-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257632
|
- |
|
apple
|
itunes
|
Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilg…
|
CWE-94
Code Injection
|
CVE-2008-3434
|
2017-09-29 10:31 |
2008-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257633
|
- |
|
phpmyrealty
|
phpmyrealty
|
SQL injection vulnerability in index.php in phpMyRealty (PMR) 2.0.0 allows remote attackers to execute arbitrary SQL commands via the location parameter.
|
CWE-89
SQL Injection
|
CVE-2008-3445
|
2017-09-29 10:31 |
2008-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257634
|
- |
|
letterit
|
letterit
|
Directory traversal vulnerability in inc/wysiwyg.php in LetterIt 2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
|
CWE-22
Path Traversal
|
CVE-2008-3446
|
2017-09-29 10:31 |
2008-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257635
|
- |
|
f-prot
|
f-prot_antivirus
scanning_engine
|
The scanning engine in F-Prot Antivirus 6.2.1 4252 allows remote attackers to cause a denial of service (infinite loop) via a malformed ZIP archive, probably related to invalid offsets.
|
CWE-399
Resource Management Errors
|
CVE-2008-3447
|
2017-09-29 10:31 |
2008-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257636
|
- |
|
endonesia
|
calendar_module
endonesia
|
SQL injection vulnerability in the Calendar module in eNdonesia 8.4 allows remote attackers to execute arbitrary SQL commands via the loc_id parameter in a list_events action to mod.php.
|
CWE-89
SQL Injection
|
CVE-2008-3452
|
2017-09-29 10:31 |
2008-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257637
|
- |
|
jnshosts
|
php_hosting_directory
|
JnSHosts PHP Hosting Directory 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the "adm" cookie value to 1.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-3454
|
2017-09-29 10:31 |
2008-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257638
|
- |
|
jnshosts
|
php_hosting_directory
|
PHP remote file inclusion vulnerability in include/admin.php in JnSHosts PHP Hosting Directory 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the rd parameter.
|
CWE-94
Code Injection
|
CVE-2008-3455
|
2017-09-29 10:31 |
2008-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257639
|
- |
|
coppermine-gallery
|
coppermine_photo_gallery
|
themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an er…
|
CWE-94
Code Injection
|
CVE-2008-3481
|
2017-09-29 10:31 |
2008-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257640
|
- |
|
coppermine-gallery
|
coppermine_photo_gallery
|
as per vendor link: http://coppermine-gallery.net/
"The development team is releasing a security update for Coppermine in order to counter a recently discovered injection vulnerability. It is import…
|
CWE-94
Code Injection
|
CVE-2008-3481
|
2017-09-29 10:31 |
2008-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
