|
260531
|
- |
|
silverstripe
|
silverstripe
|
SQL injection vulnerability in SilverStripe before 2.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to AjaxUniqueTextField.
|
CWE-89
SQL Injection
|
CVE-2008-6753
|
2017-08-17 10:29 |
2009-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260532
|
- |
|
zoneminder
|
zoneminder
|
ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by acces…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6755
|
2017-08-17 10:29 |
2009-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260533
|
- |
|
zoneminder
|
zoneminder
|
ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6756
|
2017-08-17 10:29 |
2009-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260534
|
- |
|
wordpress
|
wordpress
|
Open redirect vulnerability in wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backto…
|
CWE-59
Link Following
|
CVE-2008-6762
|
2017-08-17 10:29 |
2009-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260535
|
- |
|
hypersilence
|
silentum_loginsys
|
Cross-site scripting (XSS) vulnerability in login.php in Silentum LoginSys 1.0.0 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2008-6764
|
2017-08-17 10:29 |
2009-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260536
|
- |
|
wordpress
|
wordpress
|
wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to upgrade the application, and possibly cause a denial of service (application outage), via a direct request.
|
NVD-CWE-noinfo
|
CVE-2008-6767
|
2017-08-17 10:29 |
2009-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260537
|
- |
|
peterselie
|
yourplace
|
internettoolbar/edit.php in YourPlace 1.0.2 and earlier does not end execution when an invalid username is detected, which allows remote attackers to bypass intended restrictions and edit toolbar set…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6774
|
2017-08-17 10:29 |
2009-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260538
|
- |
|
phpnuke
|
sarkilar_module
|
SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a showcontent action to modules.php.
|
CWE-89
SQL Injection
|
CVE-2008-6779
|
2017-08-17 10:29 |
2009-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260539
|
- |
|
ubuntu
|
linux
|
system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used by "Users and Groups" in GNOME System Tools, hashes account passwords with 3DES and consequently limits effective password length…
|
CWE-310
Cryptographic Issues
|
CVE-2008-6792
|
2017-08-17 10:29 |
2009-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260540
|
- |
|
tufat
|
flashchat
|
connection.php in FlashChat 5.0.8 allows remote attackers to bypass the role filter mechanism and gain administrative privileges by setting the s parameter to "7."
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6799
|
2017-08-17 10:29 |
2009-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
