|
261341
|
- |
|
freedesktop
|
dbus
|
The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sendin…
|
CWE-16
Configuration
|
CVE-2008-4311
|
2017-08-8 10:32 |
2008-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261342
|
- |
|
opennms.org
|
opennms
|
Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.5.94 allow remote attackers to inject arbitrary web script or HTML via (1) the j_username parameter to j_acegi_security_check, …
|
CWE-79
Cross-site Scripting
|
CVE-2008-4320
|
2017-08-8 10:32 |
2008-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261343
|
- |
|
bitweaver
|
bitweaver
|
Cross-site scripting (XSS) vulnerability in Bitweaver 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the URL parameter to (1) edit.php and (2) list.php in articles/; (3) lis…
|
CWE-79
Cross-site Scripting
|
CVE-2008-4337
|
2017-08-8 10:32 |
2008-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261344
|
- |
|
symantec
|
netbackup_enterprise_server
netbackup_server
|
Unspecified vulnerability in the Java Administration GUI (jnbSA) in Symantec Veritas NetBackup Server and NetBackup Enterprise Server 5.1 before MP7, 6.0 before MP7, and 6.5 before 6.5.2 allows remot…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-4339
|
2017-08-8 10:32 |
2008-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261345
|
- |
|
6rbscript
|
6rbscript
|
SQL injection vulnerability in cat.php in 6rbScript allows remote attackers to execute arbitrary SQL commands via the CatID parameter.
|
CWE-89
SQL Injection
|
CVE-2008-4344
|
2017-08-8 10:32 |
2008-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261346
|
- |
|
outshine
|
phportfolio
|
SQL injection vulnerability in photo.php in PHPortfolio, possibly 1.3, allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2008-4348
|
2017-08-8 10:32 |
2008-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261347
|
- |
|
s0nic
|
paranews
|
Multiple cross-site scripting (XSS) vulnerabilities in news.php in s0nic Paranews 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) page parameter in a details a…
|
CWE-79
Cross-site Scripting
|
CVE-2008-4349
|
2017-08-8 10:32 |
2008-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261348
|
- |
|
spaw_editor
|
spaw_php
|
Unspecified vulnerability in class/theme.class.php in SPAW Editor PHP Edition before 2.0.8.1 has unknown impact and attack vectors, probably related to directory traversal sequences in the theme name.
|
NVD-CWE-noinfo
CWE-20
Improper Input Validation
|
CVE-2008-4358
|
2017-08-8 10:32 |
2008-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261349
|
- |
|
siteman
|
siteman
|
Cross-site scripting (XSS) vulnerability in search.php in Siteman 1.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: the provenance of this …
|
CWE-79
Cross-site Scripting
|
CVE-2008-4365
|
2017-08-8 10:32 |
2008-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261350
|
- |
|
apple
|
mac_os_x
|
The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and 10.5.5 contains a jurisdiction policy that limits Java Cryptography Extension (JCE) key sizes to 128 bits, which makes it easier for…
|
CWE-310
Cryptographic Issues
|
CVE-2008-4368
|
2017-08-8 10:32 |
2008-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
