|
262001
|
- |
|
dxproscripts
|
dxshopcart
|
SQL injection vulnerability in product_detail.php in DXShopCart 4.30mc allows remote attackers to execute arbitrary SQL commands via the pid parameter.
|
CWE-89
SQL Injection
|
CVE-2008-4744
|
2017-08-8 10:32 |
2008-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262002
|
- |
|
uniwin
|
ecart_professional
|
Cross-site scripting (XSS) vulnerability in emailFriend.asp in Uniwin eCart Professional 2.0.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2008-4745
|
2017-08-8 10:32 |
2008-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262003
|
- |
|
uniwin
|
ecart_professional
|
Multiple SQL injection vulnerabilities in Uniwin eCart Professional 2.0.17 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to (1) search.asp and (2) cartUtil.asp.
|
CWE-89
SQL Injection
|
CVE-2008-4746
|
2017-08-8 10:32 |
2008-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262004
|
- |
|
sun
|
java_access_manager
|
Unspecified vulnerability in the search feature in Sun Java System LDAP JDK before 4.20 allows context-dependent attackers to obtain sensitive information via unknown attack vectors related to the LD…
|
CWE-200
Information Exposure
|
CVE-2008-4747
|
2017-08-8 10:32 |
2008-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262005
|
- |
|
kayako
|
esupport
|
Cross-site scripting (XSS) vulnerability in includes/htmlArea/plugins/HtmlTidy/html-tidy-logic.php in Kayako eSupport 3.20.2 allows remote attackers to inject arbitrary web script or HTML via the jsM…
|
CWE-79
Cross-site Scripting
|
CVE-2008-4761
|
2017-08-8 10:32 |
2008-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262006
|
- |
|
o2php
|
oxygen_bulletin_board
|
SQL injection vulnerability in member.php in Oxygen Bulletin Board 1.1.3 allows remote attackers to execute arbitrary SQL commands via the member parameter. NOTE: the provenance of this information …
|
CWE-89
SQL Injection
|
CVE-2008-4766
|
2017-08-8 10:32 |
2008-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262007
|
- |
|
tlm_cms
|
tlm_cms
|
SQL injection vulnerability in TLM CMS 3.1 allows remote attackers to execute arbitrary SQL commands via the nom parameter to a-b-membres.php. NOTE: the goodies.php vector is already covered by CVE-…
|
CWE-89
SQL Injection
|
CVE-2008-4768
|
2017-08-8 10:32 |
2008-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262008
|
- |
|
wordpress
|
wordpress
|
Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbit…
|
CWE-22
Path Traversal
|
CVE-2008-4769
|
2017-08-8 10:32 |
2008-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262009
|
- |
|
wojtek_kaniewsk
|
libgadu
|
libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2008-4776
|
2017-08-8 10:32 |
2008-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262010
|
- |
|
drupal
|
drupal
|
The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "l…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-4789
|
2017-08-8 10:32 |
2008-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
