|
310781
|
- |
|
spreecommerce
|
spree
|
The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.action_controller_session hash value (aka secret key), which makes it easier for remote attackers to bypass cryptographi…
|
CWE-255
Credentials Management
|
CVE-2008-7311
|
2024-11-21 09:58 |
2012-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310782
|
- |
|
spreecommerce
|
spree
|
Spree 0.2.0 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the Order state value and bypass the intended payment step vi…
|
CWE-255
Credentials Management
|
CVE-2008-7310
|
2024-11-21 09:58 |
2012-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310783
|
- |
|
insoshi
|
insoshi
|
Insoshi before 20080920 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the ForumPost user_id value via a modified URL, r…
|
CWE-255
Credentials Management
|
CVE-2008-7309
|
2024-11-21 09:58 |
2012-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310784
|
- |
|
apple
|
mac_os_x
|
The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted appl…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-7303
|
2024-11-21 09:58 |
2011-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310785
|
- |
|
netshinesoftware
|
com_netinvoice
|
SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving…
|
CWE-89
SQL Injection
|
CVE-2008-7302
|
2024-11-21 09:58 |
2011-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310786
|
- |
|
sclek
|
jsite
|
SQL injection vulnerability in admin/login.php in jSite 1.0 OE allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unkno…
|
CWE-89
SQL Injection
|
CVE-2008-7301
|
2024-11-21 09:58 |
2011-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310787
|
- |
|
sun
|
opensolaris
sunos
|
The labeled networking implementation in Solaris Trusted Extensions in Sun Solaris 10 and OpenSolaris snv_39 through snv_67, when a labeled zone is in the installed state, allows remote authenticated…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-7300
|
2024-11-21 09:58 |
2011-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310788
|
- |
|
ibm
|
tivoli_federated_identity_manager
|
IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2 uses an incomplete SAML 1.x browser-artifact, which allows remote OpenID providers to spoof assertions via vectors related to the Iss…
|
CWE-20
Improper Input Validation
|
CVE-2008-7299
|
2024-11-21 09:58 |
2011-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310789
|
- |
|
google
android
|
android
android_browser
|
The Android browser in Android cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-7298
|
2024-11-21 09:58 |
2011-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310790
|
- |
|
opera
|
opera_browser
|
Opera cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-7297
|
2024-11-21 09:58 |
2011-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
