|
261171
|
- |
|
drupal
|
drupal
|
Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an execu…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-3742
|
2017-08-8 10:32 |
2008-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261172
|
- |
|
drupal
|
drupal
|
Multiple cross-site request forgery (CSRF) vulnerabilities in forms in Drupal 6.x before 6.4 allow remote attackers to perform unspecified actions via unknown vectors, related to improper token valid…
|
CWE-352
Origin Validation Error
|
CVE-2008-3743
|
2017-08-8 10:32 |
2008-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261173
|
- |
|
drupal
|
drupal
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.10 and 6.x before 6.4 allow remote attackers to hijack the authentication of administrators for requests that (1) add…
|
CWE-352
Origin Validation Error
|
CVE-2008-3744
|
2017-08-8 10:32 |
2008-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261174
|
- |
|
drupal
|
drupal
upload_module
|
The Upload module in Drupal 6.x before 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-3745
|
2017-08-8 10:32 |
2008-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261175
|
- |
|
webdav
|
neon
|
neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and t…
|
NVD-CWE-Other
|
CVE-2008-3746
|
2017-08-8 10:32 |
2008-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261176
|
- |
|
webdav
|
neon
|
Per: http://cwe.mitre.org/data/definitions/476.html
'CWE-476: NULL Pointer Dereference'
|
NVD-CWE-Other
|
CVE-2008-3746
|
2017-08-8 10:32 |
2008-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261177
|
- |
|
wordpress
|
wordpress
|
The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might al…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-3747
|
2017-08-8 10:32 |
2008-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261178
|
- |
|
yourfreeworld
|
ad-exchange_script
|
SQL injection vulnerability in tr.php in YourFreeWorld Ad-Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2008-3752
|
2017-08-8 10:32 |
2008-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261179
|
- |
|
yourfreeworld
|
programs_rating_script
|
SQL injection vulnerability in details.php in YourFreeWorld Programs Rating Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2008-3753
|
2017-08-8 10:32 |
2008-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261180
|
- |
|
lussumo
|
vanilla
|
Cross-site request forgery (CSRF) vulnerability in ajax/UpdateCheck.php in Vanilla 1.1.4 and earlier has unknown impact and remote attack vectors.
|
NVD-CWE-noinfo
CWE-352
Origin Validation Error
|
CVE-2008-3759
|
2017-08-8 10:32 |
2008-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
