|
297671
|
- |
|
comscripts
|
quick_classifieds
|
Multiple PHP remote file inclusion vulnerabilities in ComScripts TEAM Quick Classifieds 1.0 via the DOCUMENT_ROOT parameter to (1) index.php3, (2) locate.php3, (3) search_results.php3, (4) classified…
|
CWE-94
Code Injection
|
CVE-2008-6543
|
2017-08-17 10:29 |
2009-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297672
|
- |
|
comscripts
|
web_server_creator_web_portal
|
PHP remote file inclusion vulnerability in news/include/createdb.php in Web Server Creator Web Portal 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the langfile parameter. N…
|
CWE-94
Code Injection
|
CVE-2008-6545
|
2017-08-17 10:29 |
2009-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297673
|
- |
|
formencode
|
formencode
|
schema.py in FormEncode for Python (python-formencode) 1.0 does not apply the chained_validators feature, which allows attackers to bypass intended access restrictions via unknown vectors.
|
CWE-20
Improper Input Validation
|
CVE-2008-6547
|
2017-08-17 10:29 |
2009-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297674
|
- |
|
davidbourrier
|
glossaire
|
Cross-site scripting (XSS) vulnerability in glossaire.php in Glossaire 2.0 allows remote attackers to inject arbitrary web script or HTML via the letter parameter. NOTE: the provenance of this infor…
|
CWE-79
Cross-site Scripting
|
CVE-2008-6550
|
2017-08-17 10:29 |
2009-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297675
|
- |
|
citrix
|
presentation_server_client
|
Citrix Presentation Server Client for Windows before 10.200 does not clear "credential information" from process memory in unspecified circumstances, which might allow local users to gain privileges.
|
CWE-200
Information Exposure
|
CVE-2008-6561
|
2017-08-17 10:29 |
2009-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297676
|
- |
|
jax_scripts
|
jax_linklists
|
Cross-site scripting (XSS) vulnerability in jax_linklists.php in Jack (tR) Jax LinkLists 1.00 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: the provenan…
|
CWE-79
Cross-site Scripting
|
CVE-2008-6562
|
2017-08-17 10:29 |
2009-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297677
|
- |
|
nortel
|
communication_server_1000
unistim_protocol
|
Nortel UNIStim protocol, as used in Communication Server 1000 and other products, uses predictable sequence numbers, which allows remote attackers to hijack sessions via sniffing or brute force attac…
|
NVD-CWE-Other
|
CVE-2008-6564
|
2017-08-17 10:29 |
2009-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297678
|
- |
|
yehe
|
yehe
|
Unrestricted file upload vulnerability in Yehe 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the fi…
|
CWE-20
Improper Input Validation
|
CVE-2008-6568
|
2017-08-17 10:29 |
2009-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297679
|
- |
|
cybozu
|
garoon
|
Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack web sessions via the session ID in the login page.
|
CWE-287
Improper Authentication
|
CVE-2008-6569
|
2017-08-17 10:29 |
2009-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297680
|
- |
|
cybozu
|
garoon
|
Cross-site scripting (XSS) vulnerability in the RSS reader in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via a crafted RSS feed.
|
CWE-79
Cross-site Scripting
|
CVE-2008-6570
|
2017-08-17 10:29 |
2009-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
