|
262221
|
- |
|
patrick_matthai
|
pnopaste
|
Cross-site scripting (XSS) vulnerability in index.pl in Perl Nopaste 1.0 allows remote attackers to inject arbitrary web script or HTML via the language parameter. NOTE: some of these details are ob…
|
CWE-79
Cross-site Scripting
|
CVE-2008-6724
|
2017-08-17 10:29 |
2009-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262222
|
- |
|
dotnetnuke
|
dotnetnuke
|
Cross-site scripting (XSS) vulnerability in the Language skin object in DotNetNuke before 4.8.4 allows remote attackers to inject arbitrary web script or HTML via "newly generated paths."
|
CWE-79
Cross-site Scripting
|
CVE-2008-6732
|
2017-08-17 10:29 |
2009-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262223
|
- |
|
dotnetnuke
|
dotnetnuke
|
Cross-site scripting (XSS) vulnerability in the error handling page in DotNetNuke 4.6.2 through 4.8.3 allows remote attackers to inject arbitrary web script or HTML via the querystring parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2008-6733
|
2017-08-17 10:29 |
2009-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262224
|
- |
|
ea
|
crysis
|
Crysis 1.21 and earlier allows remote attackers to obtain sensitive player information such as real IP addresses by sending a keyexchange packet without a previous join packet, which causes Crysis to…
|
CWE-200
Information Exposure
|
CVE-2008-6737
|
2017-08-17 10:29 |
2009-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262225
|
- |
|
cybozu
|
cybozu_dezie
cybozu_garoon
cybozu_office
|
Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cybozu Dezie before 6.0(1.0), and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack the authentication of unspeci…
|
CWE-352
Origin Validation Error
|
CVE-2008-6744
|
2017-08-17 10:29 |
2009-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262226
|
- |
|
horde
|
turba_h3
|
Cross-site scripting (XSS) vulnerability in the contact display view in Turba Contact Manager H3 before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the contact name.
|
CWE-79
Cross-site Scripting
|
CVE-2008-6746
|
2017-08-17 10:29 |
2009-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262227
|
- |
|
dotproject
|
dotproject
|
dotProject before 2.1.2 does not properly restrict access to administrative pages, which allows remote attackers to gain privileges. NOTE: some of these details are obtained from third party informa…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6747
|
2017-08-17 10:29 |
2009-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262228
|
- |
|
silverstripe
|
silverstripe
|
SQL injection vulnerability in SilverStripe before 2.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to AjaxUniqueTextField.
|
CWE-89
SQL Injection
|
CVE-2008-6753
|
2017-08-17 10:29 |
2009-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262229
|
- |
|
zoneminder
|
zoneminder
|
ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by acces…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6755
|
2017-08-17 10:29 |
2009-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262230
|
- |
|
zoneminder
|
zoneminder
|
ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6756
|
2017-08-17 10:29 |
2009-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
