|
259351
|
- |
|
phphq
|
phshoutbox_final
|
phShoutBox Final 1.5 and earlier only checks passwords when specified in $_POST, which allows remote attackers to gain privileges by setting the (1) phadmin cookie to admin.php, or (2) in 1.4 and ear…
|
CWE-287
Improper Authentication
|
CVE-2008-1971
|
2017-09-29 10:30 |
2008-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259352
|
- |
|
artur_sikora
|
subedit_player
|
Heap-based buffer overflow in SubEdit Player build 4056 and 4066 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long subtitle file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2008-1973
|
2017-09-29 10:30 |
2008-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259353
|
- |
|
cogites
|
e_reserve
|
SQL injection vulnerability in index.php in E-RESERV 2.1 allows remote attackers to execute arbitrary SQL commands via the ID_loc parameter.
|
CWE-89
SQL Injection
|
CVE-2008-1975
|
2017-09-29 10:30 |
2008-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259354
|
- |
|
wordpress
|
wpss
|
SQL injection vulnerability in ss_load.php in the Spreadsheet (wpSS) 0.6 and earlier plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter.
|
CWE-89
SQL Injection
|
CVE-2008-1982
|
2017-09-29 10:30 |
2008-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259355
|
- |
|
123flashchat
e107
|
123_flash_chat_module
e107
|
PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a …
|
CWE-94
Code Injection
|
CVE-2008-1989
|
2017-09-29 10:30 |
2008-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259356
|
- |
|
qemu
|
qemu
|
The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to iden…
|
CWE-200
Information Exposure
|
CVE-2008-2004
|
2017-09-29 10:30 |
2008-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259357
|
- |
|
postnuke_software_foundation
|
postschedule
|
SQL injection vulnerability in index.php in the PostSchedule 1.0 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the eid parameter in an event action.
|
CWE-89
SQL Injection
|
CVE-2008-2012
|
2017-09-29 10:30 |
2008-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259358
|
- |
|
pnflashgames
|
pnflashgames
|
SQL injection vulnerability in index.php in the pnFlashGames 1.5 through 2.5 module for PostNuke, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the …
|
CWE-89
SQL Injection
|
CVE-2008-2013
|
2017-09-29 10:30 |
2008-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259359
|
- |
|
watchfire
|
appscan
|
Multiple absolute path traversal vulnerabilities in certain ActiveX controls in WatchFire AppScan 7.0 allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument…
|
CWE-22
Path Traversal
|
CVE-2008-2015
|
2017-09-29 10:30 |
2008-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259360
|
- |
|
phpizabi
|
phpizabi
|
The AssignUser function in template.class.php in PHPizabi 0.848b C1 HFP3 performs unsafe macro expansions on strings delimited by '{' and '}' characters, which allows remote authenticated users to ob…
|
CWE-200
Information Exposure
|
CVE-2008-2018
|
2017-09-29 10:30 |
2008-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
