|
260741
|
- |
|
zoph
|
zoph
|
Multiple SQL injection vulnerabilities in Zoph before 0.7.0.5 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2008-3258
|
2017-08-8 10:31 |
2008-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260742
|
- |
|
openbsd
|
openssh
|
OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a b…
|
CWE-200
Information Exposure
|
CVE-2008-3259
|
2017-08-8 10:31 |
2008-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260743
|
- |
|
brickhost
|
phpscheduleit
|
Unspecified vulnerability in phpScheduleIt 1.2.0 through 1.2.9, when useLogonName is enabled, allows remote attackers with administrator email address knowledge to bypass restrictions and gain privil…
|
NVD-CWE-noinfo
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-3268
|
2017-08-8 10:31 |
2008-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260744
|
- |
|
jboss
|
enterprise_application_platform
|
JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-3273
|
2017-08-8 10:31 |
2008-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260745
|
- |
|
sierra
|
swat_4
|
SWAT 4 1.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) VERIFYCONTENT or (2) GAMECONFIG command sent to the server before user session initialization, whi…
|
CWE-20
Improper Input Validation
|
CVE-2008-3286
|
2017-08-8 10:31 |
2008-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260746
|
- |
|
xoops
|
xoops
|
Cross-site scripting (XSS) vulnerability in modules/system/admin.php in XOOPS 2.0.18.1 allows remote attackers to inject arbitrary web script or HTML via the fct parameter. NOTE: the provenance of t…
|
CWE-79
Cross-site Scripting
|
CVE-2008-3295
|
2017-08-8 10:31 |
2008-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260747
|
- |
|
xoops
|
xoops
|
Directory traversal vulnerability in modules/system/admin.php in XOOPS 2.0.18 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fct parameter. NOTE: th…
|
CWE-22
Path Traversal
|
CVE-2008-3296
|
2017-08-8 10:31 |
2008-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260748
|
- |
|
esyndicat
|
esyndicat
|
eSyndiCat 1.6 allows remote attackers to bypass authentication and gain administrative access by setting the admin_lng cookie value to 1. NOTE: the provenance of this information is unknown; the deta…
|
CWE-287
Improper Authentication
|
CVE-2008-3299
|
2017-08-8 10:31 |
2008-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260749
|
- |
|
alphadmin
|
alphadmin_cms
|
AlphAdmin CMS 1.0.5/03 allows remote attackers to bypass authentication and gain administrative access by setting the aa_login cookie value to 1. NOTE: the provenance of this information is unknown;…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-3300
|
2017-08-8 10:31 |
2008-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260750
|
- |
|
youtube_blog
|
youtube_blog
|
SQL injection vulnerability in info.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3307. NO…
|
CWE-89
SQL Injection
|
CVE-2008-3306
|
2017-08-8 10:31 |
2008-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
