|
261861
|
- |
|
picturespro
|
picturespro_photo_cart
|
Cross-site scripting (XSS) vulnerability in index.php in Pictures Pro (aka Tim Grissett) Photo Cart 4.1 allows remote attackers to inject arbitrary web script or HTML via the amessage parameter. NOT…
|
CWE-79
Cross-site Scripting
|
CVE-2008-1536
|
2017-08-8 10:30 |
2008-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261862
|
- |
|
joomla
mambo
|
datsogallery
|
SQL injection vulnerability in the Datsogallery (com_datsogallery) 1.3.1 module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action…
|
CWE-89
SQL Injection
|
CVE-2008-1540
|
2017-08-8 10:30 |
2008-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261863
|
- |
|
airspan
|
base_station_distribution_unit
|
Airspan Base Station Distribution Unit (BSDU) has "topsecret" as its password for the root account, which allows remote attackers to obtain administrative access via a telnet login, a different vulne…
|
CWE-255
Credentials Management
|
CVE-2008-1542
|
2017-08-8 10:30 |
2008-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261864
|
- |
|
airspan
|
prost_web_management
|
The Advanced User Interface Pages in the ProST Web Management component on the Airspan WiMAX ProST have a certain default User ID and password, which makes it easier for remote attackers to obtain pa…
|
CWE-255
Credentials Management
|
CVE-2008-1543
|
2017-08-8 10:30 |
2008-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261865
|
- |
|
cubecart
|
cubecart
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in CubeCart 4.2.1 allow remote attackers to inject arbitrary web script or HTML via (1) the _a parameter in a searchStr action and the…
|
CWE-79
Cross-site Scripting
|
CVE-2008-1550
|
2017-08-8 10:30 |
2008-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261866
|
- |
|
file-transfer
|
file_transfer
|
Directory traversal vulnerability in Dan Costin File Transfer before 1.2f allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in the filename.
|
CWE-22
Path Traversal
|
CVE-2008-1564
|
2017-08-8 10:30 |
2008-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261867
|
- |
|
manageengine
|
applications_manager
|
Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine Applications Manager 8.x allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the prove…
|
CWE-79
Cross-site Scripting
|
CVE-2008-1566
|
2017-08-8 10:30 |
2008-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261868
|
- |
|
comix
|
comix
|
comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs.
|
CWE-20
Improper Input Validation
|
CVE-2008-1568
|
2017-08-8 10:30 |
2008-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261869
|
- |
|
policyd-weight
|
policyd-weight
|
policyd-weight 0.1.14 beta-16 and earlier allows local users to modify or delete arbitrary files via a symlink attack on temporary files that are used when creating a socket.
|
CWE-59
Link Following
|
CVE-2008-1569
|
2017-08-8 10:30 |
2008-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261870
|
- |
|
policyd-weight
|
policyd-weight
|
Race condition in the create_lockpath function in policyd-weight 0.1.14 beta-16 allows local users to modify or delete arbitrary files by creating the LOCKPATH directory, then modifying it after the …
|
CWE-362
Race Condition
|
CVE-2008-1570
|
2017-08-8 10:30 |
2008-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
