|
263601
|
- |
|
airspan
|
prost_web_management
|
The Advanced User Interface Pages in the ProST Web Management component on the Airspan WiMAX ProST have a certain default User ID and password, which makes it easier for remote attackers to obtain pa…
|
CWE-255
Credentials Management
|
CVE-2008-1543
|
2017-08-8 10:30 |
2008-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263602
|
- |
|
cubecart
|
cubecart
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in CubeCart 4.2.1 allow remote attackers to inject arbitrary web script or HTML via (1) the _a parameter in a searchStr action and the…
|
CWE-79
Cross-site Scripting
|
CVE-2008-1550
|
2017-08-8 10:30 |
2008-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263603
|
- |
|
file-transfer
|
file_transfer
|
Directory traversal vulnerability in Dan Costin File Transfer before 1.2f allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in the filename.
|
CWE-22
Path Traversal
|
CVE-2008-1564
|
2017-08-8 10:30 |
2008-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263604
|
- |
|
manageengine
|
applications_manager
|
Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine Applications Manager 8.x allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the prove…
|
CWE-79
Cross-site Scripting
|
CVE-2008-1566
|
2017-08-8 10:30 |
2008-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263605
|
- |
|
comix
|
comix
|
comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs.
|
CWE-20
Improper Input Validation
|
CVE-2008-1568
|
2017-08-8 10:30 |
2008-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263606
|
- |
|
policyd-weight
|
policyd-weight
|
policyd-weight 0.1.14 beta-16 and earlier allows local users to modify or delete arbitrary files via a symlink attack on temporary files that are used when creating a socket.
|
CWE-59
Link Following
|
CVE-2008-1569
|
2017-08-8 10:30 |
2008-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263607
|
- |
|
policyd-weight
|
policyd-weight
|
Race condition in the create_lockpath function in policyd-weight 0.1.14 beta-16 allows local users to modify or delete arbitrary files by creating the LOCKPATH directory, then modifying it after the …
|
CWE-362
Race Condition
|
CVE-2008-1570
|
2017-08-8 10:30 |
2008-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263608
|
- |
|
apple
|
mac_os_x
mac_os_x_server
|
Directory traversal vulnerability in the embedded web server in Image Capture in Apple Mac OS X before 10.5 allows remote attackers to read arbitrary files via directory traversal sequences in the UR…
|
CWE-22
Path Traversal
|
CVE-2008-1571
|
2017-08-8 10:30 |
2008-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263609
|
- |
|
apple
|
mac_os_x
mac_os_x_server
|
Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-1572
|
2017-08-8 10:30 |
2008-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263610
|
- |
|
apple
|
mac_os_x
mac_os_x_server
|
The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, whic…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2008-1573
|
2017-08-8 10:30 |
2008-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
