256551
|
- |
|
libra_file_manager
|
php_filemanager
|
fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrar…
|
CWE-287
Improper Authentication
|
CVE-2008-4319
|
2017-09-29 10:32 |
2008-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
256552
|
- |
|
flashget
|
flashget_ftp
|
Buffer overflow in FlashGet (formerly JetCar) FTP 1.9 allows remote FTP servers to execute arbitrary code via a long response to the PWD command.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2008-4321
|
2017-09-29 10:32 |
2008-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
256553
|
- |
|
microsoft
|
windows_xp
|
Windows Explorer in Microsoft Windows XP SP3 allows user-assisted attackers to cause a denial of service (application crash) via a crafted .ZIP file.
|
NVD-CWE-noinfo
|
CVE-2008-4323
|
2017-09-29 10:32 |
2008-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
256554
|
- |
|
openengine
|
openengine
|
PHP remote file inclusion vulnerability in cms/system/openengine.php in openEngine 2.0 beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the oe_classpath parameter.
|
CWE-20
Improper Input Validation
|
CVE-2008-4329
|
2017-09-29 10:32 |
2008-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
256555
|
- |
|
lansuite
|
lansuite
|
Directory traversal vulnerability in index.php in LanSuite 3.3.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the design parameter.
|
CWE-22
Path Traversal
|
CVE-2008-4330
|
2017-09-29 10:32 |
2008-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
256556
|
- |
|
phpocs
|
phpocs
|
Directory traversal vulnerability in library/pagefunctions.inc.php in phpOCS 0.1 beta3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act p…
|
CWE-22
Path Traversal
|
CVE-2008-4331
|
2017-09-29 10:32 |
2008-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
256557
|
- |
|
cannot
|
php_infoboard
|
SQL injection vulnerability in the showjavatopic function in func.php in PHP infoBoard V.7 Plus allows remote attackers to execute arbitrary SQL commands via the idcat parameter to showtopic.php.
|
CWE-89
SQL Injection
|
CVE-2008-4332
|
2017-09-29 10:32 |
2008-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
256558
|
- |
|
cannot
|
php_infoboard
|
Cross-site scripting (XSS) vulnerability in PHP infoBoard V.7 Plus allows remote attackers to inject arbitrary web script or HTML via the isname parameter in a newtopic action.
|
CWE-79
Cross-site Scripting
|
CVE-2008-4333
|
2017-09-29 10:32 |
2008-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
256559
|
- |
|
cannot
|
php_infoboard
|
PHP infoBoard V.7 Plus allows remote attackers to bypass authentication and gain administrative access by setting the infouser cookie to 1.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-4334
|
2017-09-29 10:32 |
2008-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
256560
|
- |
|
atomic_photo_album
|
atomic_photo_album
|
SQL injection vulnerability in album.php in Atomic Photo Album (APA) 1.1.0pre4 allows remote attackers to execute arbitrary SQL commands via the apa_album_ID parameter.
|
CWE-89
SQL Injection
|
CVE-2008-4335
|
2017-09-29 10:32 |
2008-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|