|
256681
|
- |
|
mr._cgi_guy
|
hot_links_sql_php
|
Cross-site scripting (XSS) vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2008-4379
|
2017-09-29 10:32 |
2008-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256682
|
- |
|
samsung
|
dvr_shr2040
|
The web interface in Samsung DVR SHR2040 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request, related to the filter for configuration properties and "/x" charact…
|
CWE-20
Improper Input Validation
|
CVE-2008-4380
|
2017-09-29 10:32 |
2008-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256683
|
- |
|
citrix
|
xen
|
xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS u…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-4405
|
2017-09-29 10:32 |
2008-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256684
|
- |
|
hp
|
hp-ux
|
Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2008-4416
|
2017-09-29 10:32 |
2008-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256685
|
- |
|
phlatline
|
personal_information_manager
|
Directory traversal vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to delete arbitrary files via directory traversal sequences in the file …
|
CWE-22
Path Traversal
|
CVE-2008-4425
|
2017-09-29 10:32 |
2008-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256686
|
- |
|
phlatline
|
personal_information_manager
|
Cross-site scripting (XSS) vulnerability in events.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to inject arbitrary web script or HTML via the date parameter in …
|
CWE-79
Cross-site Scripting
|
CVE-2008-4426
|
2017-09-29 10:32 |
2008-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256687
|
- |
|
phlatline
|
personal_information_manager
|
changepassword.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier does not require administrative authentication, which allows remote attackers to change arbitrary passwords.
|
CWE-287
Improper Authentication
|
CVE-2008-4427
|
2017-09-29 10:32 |
2008-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256688
|
- |
|
phlatline
|
personal_information_manager
|
Unrestricted file upload vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier allows remote attackers to execute arbitrary code by uploading a .php file, the…
|
CWE-20
Improper Input Validation
|
CVE-2008-4428
|
2017-09-29 10:32 |
2008-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256689
|
- |
|
bblog
|
wbblog
|
SQL injection vulnerability in bblog_plugins/builtin.help.php in bBlog 0.7.6 allows remote attackers to execute arbitrary SQL commands via the mod parameter.
|
CWE-89
SQL Injection
|
CVE-2008-4436
|
2017-09-29 10:32 |
2008-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256690
|
- |
|
bblog
|
wbblog
|
bBlog is no longer actively maintained, and there are no plans to carry on with development.
Source: http://www.bblog.com/
|
CWE-89
SQL Injection
|
CVE-2008-4436
|
2017-09-29 10:32 |
2008-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
