|
263401
|
- |
|
a4desk
|
a4desk_flash_event_calendar
|
PHP remote file inclusion vulnerability in index.php in A4Desk Event Calendar, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the v parameter.
|
CWE-94
Code Injection
|
CVE-2008-6103
|
2017-08-8 10:33 |
2009-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263402
|
- |
|
linux
|
linux_kernel
|
The (1) sys32_mremap function in arch/sparc64/kernel/sys_sparc32.c, the (2) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c, and the (3) sparc64_mmap_check function in arch/sparc64/kernel/…
|
CWE-399
Resource Management Errors
|
CVE-2008-6107
|
2017-08-8 10:33 |
2009-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263403
|
- |
|
shelter_manager
|
animal_shelter_manager
|
Robin Rawson-Tetley Animal Shelter Manager (ASM) before 2.2.2 does not properly enforce the privileges of user accounts, which allows local users to bypass intended access restrictions by (1) opening…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6109
|
2017-08-8 10:33 |
2009-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263404
|
- |
|
semanticscuttle
|
semanticscuttle
|
Cross-site scripting (XSS) vulnerability in SemanticScuttle before 0.90 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the (1) username and (2) pro…
|
CWE-79
Cross-site Scripting
|
CVE-2008-6113
|
2017-08-8 10:33 |
2009-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263405
|
- |
|
goople_cms
|
goople_cms
|
Static code injection vulnerability in gooplecms/admin/account/action/editpass.php in Goople CMS 1.7 allows remote attackers to inject arbitrary PHP code into admin/userandpass.php via the (1) userna…
|
CWE-20
Improper Input Validation
|
CVE-2008-6119
|
2017-08-8 10:33 |
2009-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263406
|
- |
|
socialengine
|
socialengine
|
SQL injection vulnerability in profile_comments.php in SocialEngine (SE) 2.7 and earlier allows remote attackers to execute arbitrary SQL commands via the comment_secure parameter.
|
CWE-89
SQL Injection
|
CVE-2008-6120
|
2017-08-8 10:33 |
2009-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263407
|
- |
|
socialengine
|
socialengine
|
CRLF injection vulnerability in SocialEngine (SE) 2.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the PHPSESSID cookie.
|
CWE-20
Improper Input Validation
|
CVE-2008-6121
|
2017-08-8 10:33 |
2009-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263408
|
- |
|
netgear
|
wgr614
|
The web management interface in Netgear WGR614v9 allows remote attackers to cause a denial of service (crash) via a request that contains a question mark ("?").
|
CWE-20
Improper Input Validation
|
CVE-2008-6122
|
2017-08-8 10:33 |
2009-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263409
|
- |
|
calacode
|
atmail
|
Calacode @Mail 5.41 on Linux does not require administrative authentication for build-plesk-upgrade.php, which allows remote attackers to obtain sensitive information by creating and downloading a ba…
|
CWE-287
Improper Authentication
|
CVE-2008-3579
|
2017-08-8 10:32 |
2008-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263410
|
- |
|
netbsd
|
netbsd
|
NetBSD 3.0, 3.1, and 4.0, when a pppoe instance exists, does not properly check the length of a PPPoE packet tag, which allows remote attackers to cause a denial of service (system crash) via a craft…
|
CWE-20
Improper Input Validation
|
CVE-2008-3584
|
2017-08-8 10:32 |
2008-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
