|
297841
|
- |
|
alexphpteam
|
\@lex_poll
|
Cross-site scripting (XSS) vulnerability in setup.php in @lex Poll 2.1 allows remote attackers to inject arbitrary web script or HTML via the language_setup parameter. NOTE: the provenance of this i…
|
CWE-79
Cross-site Scripting
|
CVE-2008-7141
|
2017-08-17 10:29 |
2009-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297842
|
- |
|
rarlab
|
winrar
|
Multiple unspecified vulnerabilities in RARLAB WinRAR before 3.71 have unknown impact and attack vectors related to crafted (1) ACE, (2) ARJ, (3) BZ2, (4) CAB, (5) GZ, (6) LHA, (7) RAR, (8) TAR, or (…
|
NVD-CWE-noinfo
|
CVE-2008-7144
|
2017-08-17 10:29 |
2009-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297843
|
- |
|
ber_kessels
|
refine_by_taxo
|
Cross-site scripting (XSS) vulnerability in Refine by Taxonomy 5.x before 5.x-0.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a taxonomy term, which is no…
|
CWE-79
Cross-site Scripting
|
CVE-2008-7150
|
2017-08-17 10:29 |
2009-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297844
|
- |
|
gurpartap_singh
|
live
|
Cross-site request forgery (CSRF) vulnerability in Live 5.x before 5.x-0.1, a module for Drupal, allows remote attackers to hijack the authentication of unspecified privileged users for requests that…
|
CWE-352
Origin Validation Error
|
CVE-2008-7151
|
2017-08-17 10:29 |
2009-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297845
|
- |
|
simon_rycroft
|
sid
|
Multiple PHP remote file inclusion vulnerabilities in Specimen Image Database (SID), when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the dir parame…
|
CWE-94
Code Injection
|
CVE-2008-7152
|
2017-08-17 10:29 |
2009-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297846
|
- |
|
phprisk
|
netrisk
|
NetRisk 1.9.7 does not properly restrict access to admin/change_submit.php, which allows remote attackers to change the password of arbitrary users via a direct request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-7155
|
2017-08-17 10:29 |
2009-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297847
|
- |
|
numarasoftware
|
footprints
|
Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) transcriptFile parameter to MRcgi/MRchat.pl or (2) …
|
CWE-78
OS Command
|
CVE-2008-7158
|
2017-08-17 10:29 |
2009-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297848
|
- |
|
silcnet
|
silc_toolkit
|
The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.8 allows remote attackers to overwrite a stack location and possibly ex…
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2008-7159
|
2017-08-17 10:29 |
2009-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297849
|
- |
|
heroshare
|
hero_super_player_3000
|
Buffer overflow in Hero Super Player 3000 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in a .M3U file. NOTE: this might be rel…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2008-7162
|
2017-08-17 10:29 |
2009-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297850
|
- |
|
ryo-oh-ki
|
shareaza
|
Multiple unspecified vulnerabilities in Shareaza before 2.3.1.0 have unknown impact and attack vectors related to "very important security fixes," possibly involving update notifications and a domain…
|
NVD-CWE-noinfo
|
CVE-2008-7164
|
2017-08-17 10:29 |
2009-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
