|
260451
|
- |
|
imatix
|
xitami
|
Multiple format string vulnerabilities in the SSI filter in Xitami Web Server 2.5c2, and possibly other versions, allow remote attackers to cause a denial of service (daemon crash) and possibly execu…
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2008-6520
|
2017-08-17 10:29 |
2009-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260452
|
- |
|
drupal
|
drupal
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser v…
|
CWE-352
Origin Validation Error
|
CVE-2008-6532
|
2017-08-17 10:29 |
2009-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260453
|
- |
|
drupal
|
drupal
|
Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to c…
|
CWE-79
Cross-site Scripting
|
CVE-2008-6533
|
2017-08-17 10:29 |
2009-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260454
|
- |
|
7-zip
|
7-zip
|
Unspecified vulnerability in 7-zip before 4.5.7 has unknown impact and remote attack vectors, as demonstrated by the PROTOS GENOME test suite for Archive Formats (c10).
|
NVD-CWE-noinfo
|
CVE-2008-6536
|
2017-08-17 10:29 |
2009-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260455
|
- |
|
dotnetnuke
|
dotnetnuke
|
Unspecified vulnerability in the Skin Manager in DotNetNuke before 4.8.2 allows remote authenticated administrators to perform "server-side execution of application logic" by uploading a static file …
|
NVD-CWE-noinfo
|
CVE-2008-6542
|
2017-08-17 10:29 |
2009-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260456
|
- |
|
dotnetnuke
|
dotnetnuke
|
Per vendor advisory: http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno13/tabid/1149/Default.aspx
Mitigating factors
* The host user must have added the HTM or HTML file …
|
NVD-CWE-noinfo
|
CVE-2008-6542
|
2017-08-17 10:29 |
2009-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260457
|
- |
|
comscripts
|
quick_classifieds
|
Multiple PHP remote file inclusion vulnerabilities in ComScripts TEAM Quick Classifieds 1.0 via the DOCUMENT_ROOT parameter to (1) index.php3, (2) locate.php3, (3) search_results.php3, (4) classified…
|
CWE-94
Code Injection
|
CVE-2008-6543
|
2017-08-17 10:29 |
2009-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260458
|
- |
|
comscripts
|
web_server_creator_web_portal
|
PHP remote file inclusion vulnerability in news/include/createdb.php in Web Server Creator Web Portal 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the langfile parameter. N…
|
CWE-94
Code Injection
|
CVE-2008-6545
|
2017-08-17 10:29 |
2009-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260459
|
- |
|
formencode
|
formencode
|
schema.py in FormEncode for Python (python-formencode) 1.0 does not apply the chained_validators feature, which allows attackers to bypass intended access restrictions via unknown vectors.
|
CWE-20
Improper Input Validation
|
CVE-2008-6547
|
2017-08-17 10:29 |
2009-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260460
|
- |
|
davidbourrier
|
glossaire
|
Cross-site scripting (XSS) vulnerability in glossaire.php in Glossaire 2.0 allows remote attackers to inject arbitrary web script or HTML via the letter parameter. NOTE: the provenance of this infor…
|
CWE-79
Cross-site Scripting
|
CVE-2008-6550
|
2017-08-17 10:29 |
2009-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
