|
263551
|
- |
|
joomla
|
com_mailto
|
The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 sends e-mail messages without validating the URL, which allows remote attackers to transmit spam.
|
CWE-20
Improper Input Validation
|
CVE-2008-4103
|
2017-08-8 10:32 |
2008-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263552
|
- |
|
joomla
|
joomla
|
Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL.
|
CWE-59
Link Following
|
CVE-2008-4104
|
2017-08-8 10:32 |
2008-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263553
|
- |
|
joomla
|
joomla
|
JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct "variable injection" attacks and have unspecified other …
|
CWE-20
Improper Input Validation
|
CVE-2008-4105
|
2017-08-8 10:32 |
2008-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263554
|
- |
|
python_software_foundation
|
python
|
Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOT…
|
CWE-59
Link Following
|
CVE-2008-4108
|
2017-08-8 10:32 |
2008-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263555
|
- |
|
ibm
|
websphere_application_server
|
Unspecified vulnerability in Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when the FileServing feature is enabled, has unknown…
|
NVD-CWE-noinfo
|
CVE-2008-4111
|
2017-08-8 10:32 |
2008-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263556
|
- |
|
sun
|
management_center
|
Unspecified vulnerability in a web page in the PRM module in Sun Management Center (SunMC) 3.6.1 and 4.0 allows remote attackers to cause a denial of service (memory consumption) via unspecified vect…
|
NVD-CWE-noinfo
|
CVE-2008-4117
|
2017-08-8 10:32 |
2008-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263557
|
- |
|
high_norm
|
sound_master_2nd
|
Cross-site scripting (XSS) vulnerability in High Norm Sound Master 2nd 1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2008-4118
|
2017-08-8 10:32 |
2008-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263558
|
- |
|
phpbb
|
phpbb
|
The search function in phpBB 2.x provides a search_id value that leaks the state of PHP's PRNG, which allows remote attackers to obtain potentially sensitive information, as demonstrated by a cross-a…
|
NVD-CWE-noinfo
CWE-200
Information Exposure
|
CVE-2008-4125
|
2017-08-8 10:32 |
2008-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263559
|
- |
|
gallery
|
gallery
|
Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read ar…
|
CWE-22
Path Traversal
|
CVE-2008-4129
|
2017-08-8 10:32 |
2008-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263560
|
- |
|
gallery
|
gallery
|
Cross-site scripting (XSS) vulnerability in Gallery 2.x before 2.2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted Flash animation, related to the ability of the animat…
|
CWE-79
Cross-site Scripting
|
CVE-2008-4130
|
2017-08-8 10:32 |
2008-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
