|
293021
|
- |
|
mozilla
|
firefox
seamonkey
thunderbird
|
The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-3835
|
2017-09-29 10:31 |
2008-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293022
|
- |
|
mozilla
|
firefox
seamonkey
thunderbird
|
NOTE: Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from runnin…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-3835
|
2017-09-29 10:31 |
2008-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293023
|
- |
|
pdesigner
|
z-breaknews
|
SQL injection vulnerability in single.php in Z-Breaknews 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2008-3848
|
2017-09-29 10:31 |
2008-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293024
|
- |
|
davlin
|
thickbox_gallery
|
Davlin Thickbox Gallery 2 allows remote attackers to obtain the administrative username and MD5 password hash via a direct request to conf/admins.php.
|
CWE-255
Credentials Management
|
CVE-2008-3859
|
2017-09-29 10:31 |
2008-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293025
|
- |
|
phpmyrealty
|
phpmyrealty
|
Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in pages.php and (2) the price_max para…
|
CWE-89
SQL Injection
|
CVE-2008-3861
|
2017-09-29 10:31 |
2008-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293026
|
- |
|
sun
|
opensolaris
solaris
|
The kernel in Sun Solaris 8 through 10 and OpenSolaris before snv_90 allows local users to bypass chroot, zones, and the Solaris Trusted Extensions multi-level security policy, and establish a covert…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-3875
|
2017-09-29 10:31 |
2008-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293027
|
- |
|
acoustica
|
mixcraft
|
Stack-based buffer overflow in Acoustica Mixcraft 4.1 Build 96 and 4.2 Build 98 allows user-assisted attackers to execute arbitrary code via a crafted .mx4 file. NOTE: it was later reported that ver…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2008-3877
|
2017-09-29 10:31 |
2008-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293028
|
- |
|
hans_oesterholt
|
cmme
|
Multiple cross-site scripting (XSS) vulnerabilities in statistics.php in Content Management Made Easy (CMME) 1.12 allow remote attackers to inject arbitrary web script or HTML via the (1) page and (2…
|
CWE-79
Cross-site Scripting
|
CVE-2008-3923
|
2017-09-29 10:31 |
2008-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293029
|
- |
|
hans_oesterholt
|
cmme
|
The "Make a backup" functionality in Content Management Made Easy (CMME) 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discov…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-3924
|
2017-09-29 10:31 |
2008-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293030
|
- |
|
hans_oesterholt
|
cmme
|
Cross-site request forgery (CSRF) vulnerability in admin.php in Content Management Made Easy (CMME) 1.12 allows remote attackers to trigger the logout of an administrative user via a logout action.
|
CWE-352
Origin Validation Error
|
CVE-2008-3925
|
2017-09-29 10:31 |
2008-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
