|
261151
|
- |
|
hotscripts
|
cyboards_php_lite
|
Multiple cross-site scripting (XSS) vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to inject arbitrary web script or HTML via the (1) lOptionsOptions, (2) lNavAdminOptions, or (3) l…
|
CWE-79
Cross-site Scripting
|
CVE-2008-3709
|
2017-08-8 10:32 |
2008-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261152
|
- |
|
hotscripts
|
cyboards_php_lite
|
Multiple directory traversal vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) script_path par…
|
CWE-22
Path Traversal
|
CVE-2008-3710
|
2017-08-8 10:32 |
2008-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261153
|
- |
|
hotscripts
|
cyboards_php_lite
|
In order to exploit this vulnerability to execute arbitrary code, the attacker would first be required to upload a malicious file or inject arbitrary commands into an existing file and register_globa…
|
CWE-22
Path Traversal
|
CVE-2008-3710
|
2017-08-8 10:32 |
2008-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261154
|
- |
|
awstats
|
awstats
|
Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the query_string, a different vulnerability than CVE-2006-3681…
|
CWE-79
Cross-site Scripting
|
CVE-2008-3714
|
2017-08-8 10:32 |
2008-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261155
|
- |
|
harmoni
|
harmoni
|
Harmoni before 1.6.0 does not require administrative privileges to list (1) user names or (2) asset ids, which allows remote attackers to obtain sensitive information.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-3717
|
2017-08-8 10:32 |
2008-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261156
|
- |
|
harmoni
|
harmoni
|
Download Harmoni 1.6.0 at Sourceforge:
http://sourceforge.net/project/showfiles.php?group_id=82873&package_id=85063
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-3717
|
2017-08-8 10:32 |
2008-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261157
|
- |
|
fipsasp
|
fipscms
|
SQL injection vulnerability in forum/neu.asp in fipsCMS 2.1 allows remote attackers to execute arbitrary SQL commands via the kat parameter. NOTE: the provenance of this information is unknown; the …
|
CWE-89
SQL Injection
|
CVE-2008-3722
|
2017-08-8 10:32 |
2008-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261158
|
- |
|
phpizabi
|
phpizabi
|
Directory traversal vulnerability in index.php in PHPizabi 0.848b C1 HFP3 allows remote authenticated administrators to read arbitrary files via (1) a .. (dot dot), (2) a URL, or possibly (3) a full …
|
CWE-22
Path Traversal
|
CVE-2008-3723
|
2017-08-8 10:32 |
2008-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261159
|
- |
|
phpizabi
|
phpizabi
|
Attacker must have administrative access
In order to exploit this vulnerability to execute arbitrary code, the attacker would first be required to upload a malicious file or inject arbitrary comma…
|
CWE-22
Path Traversal
|
CVE-2008-3723
|
2017-08-8 10:32 |
2008-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261160
|
- |
|
papoo
|
papoo
|
SQL injection vulnerability in index.php in Papoo before 3.7.2 allows remote attackers to execute arbitrary SQL commands via the suchanzahl parameter.
|
CWE-89
SQL Injection
|
CVE-2008-3724
|
2017-08-8 10:32 |
2008-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
