|
297601
|
- |
|
dotnetnuke
|
dotnetnuke
|
Unspecified vulnerability in the Skin Manager in DotNetNuke before 4.8.2 allows remote authenticated administrators to perform "server-side execution of application logic" by uploading a static file …
|
NVD-CWE-noinfo
|
CVE-2008-6542
|
2017-08-17 10:29 |
2009-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297602
|
- |
|
dotnetnuke
|
dotnetnuke
|
Per vendor advisory: http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno13/tabid/1149/Default.aspx
Mitigating factors
* The host user must have added the HTM or HTML file …
|
NVD-CWE-noinfo
|
CVE-2008-6542
|
2017-08-17 10:29 |
2009-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297603
|
- |
|
comscripts
|
quick_classifieds
|
Multiple PHP remote file inclusion vulnerabilities in ComScripts TEAM Quick Classifieds 1.0 via the DOCUMENT_ROOT parameter to (1) index.php3, (2) locate.php3, (3) search_results.php3, (4) classified…
|
CWE-94
Code Injection
|
CVE-2008-6543
|
2017-08-17 10:29 |
2009-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297604
|
- |
|
comscripts
|
web_server_creator_web_portal
|
PHP remote file inclusion vulnerability in news/include/createdb.php in Web Server Creator Web Portal 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the langfile parameter. N…
|
CWE-94
Code Injection
|
CVE-2008-6545
|
2017-08-17 10:29 |
2009-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297605
|
- |
|
formencode
|
formencode
|
schema.py in FormEncode for Python (python-formencode) 1.0 does not apply the chained_validators feature, which allows attackers to bypass intended access restrictions via unknown vectors.
|
CWE-20
Improper Input Validation
|
CVE-2008-6547
|
2017-08-17 10:29 |
2009-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297606
|
- |
|
davidbourrier
|
glossaire
|
Cross-site scripting (XSS) vulnerability in glossaire.php in Glossaire 2.0 allows remote attackers to inject arbitrary web script or HTML via the letter parameter. NOTE: the provenance of this infor…
|
CWE-79
Cross-site Scripting
|
CVE-2008-6550
|
2017-08-17 10:29 |
2009-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297607
|
- |
|
citrix
|
presentation_server_client
|
Citrix Presentation Server Client for Windows before 10.200 does not clear "credential information" from process memory in unspecified circumstances, which might allow local users to gain privileges.
|
CWE-200
Information Exposure
|
CVE-2008-6561
|
2017-08-17 10:29 |
2009-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297608
|
- |
|
jax_scripts
|
jax_linklists
|
Cross-site scripting (XSS) vulnerability in jax_linklists.php in Jack (tR) Jax LinkLists 1.00 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: the provenan…
|
CWE-79
Cross-site Scripting
|
CVE-2008-6562
|
2017-08-17 10:29 |
2009-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297609
|
- |
|
nortel
|
communication_server_1000
unistim_protocol
|
Nortel UNIStim protocol, as used in Communication Server 1000 and other products, uses predictable sequence numbers, which allows remote attackers to hijack sessions via sniffing or brute force attac…
|
NVD-CWE-Other
|
CVE-2008-6564
|
2017-08-17 10:29 |
2009-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297610
|
- |
|
yehe
|
yehe
|
Unrestricted file upload vulnerability in Yehe 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the fi…
|
CWE-20
Improper Input Validation
|
CVE-2008-6568
|
2017-08-17 10:29 |
2009-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
