256991
|
- |
|
fipsasp
|
fipscms_light
|
SQL injection vulnerability in home/index.asp in fipsCMS light 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the r parameter, a different vector than CVE-2006-6115 and…
|
CWE-89
SQL Injection
|
CVE-2008-3417
|
2017-09-29 10:31 |
2008-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
256992
|
- |
|
willo
|
trio
|
SQL injection vulnerability in browse.php in TriO 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2008-3418
|
2017-09-29 10:31 |
2008-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
256993
|
- |
|
greatclone
|
youtuber_clone
|
SQL injection vulnerability in ugroups.php in Youtuber Clone allows remote attackers to execute arbitrary SQL commands via the UID parameter.
|
CWE-89
SQL Injection
|
CVE-2008-3419
|
2017-09-29 10:31 |
2008-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
256994
|
- |
|
willo
|
mobius_web_publishing_software
|
Multiple SQL injection vulnerabilities in Mobius for Mimsy XG 1 1.4.4.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to browse.php or (2) the s parame…
|
CWE-89
SQL Injection
|
CVE-2008-3420
|
2017-09-29 10:31 |
2008-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
256995
|
- |
|
apple
|
itunes
|
Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilg…
|
CWE-94
Code Injection
|
CVE-2008-3434
|
2017-09-29 10:31 |
2008-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
256996
|
- |
|
phpmyrealty
|
phpmyrealty
|
SQL injection vulnerability in index.php in phpMyRealty (PMR) 2.0.0 allows remote attackers to execute arbitrary SQL commands via the location parameter.
|
CWE-89
SQL Injection
|
CVE-2008-3445
|
2017-09-29 10:31 |
2008-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
256997
|
- |
|
letterit
|
letterit
|
Directory traversal vulnerability in inc/wysiwyg.php in LetterIt 2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
|
CWE-22
Path Traversal
|
CVE-2008-3446
|
2017-09-29 10:31 |
2008-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
256998
|
- |
|
f-prot
|
f-prot_antivirus scanning_engine
|
The scanning engine in F-Prot Antivirus 6.2.1 4252 allows remote attackers to cause a denial of service (infinite loop) via a malformed ZIP archive, probably related to invalid offsets.
|
CWE-399
Resource Management Errors
|
CVE-2008-3447
|
2017-09-29 10:31 |
2008-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
256999
|
- |
|
endonesia
|
calendar_module endonesia
|
SQL injection vulnerability in the Calendar module in eNdonesia 8.4 allows remote attackers to execute arbitrary SQL commands via the loc_id parameter in a list_events action to mod.php.
|
CWE-89
SQL Injection
|
CVE-2008-3452
|
2017-09-29 10:31 |
2008-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257000
|
- |
|
jnshosts
|
php_hosting_directory
|
JnSHosts PHP Hosting Directory 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the "adm" cookie value to 1.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-3454
|
2017-09-29 10:31 |
2008-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|