|
284521
|
- |
|
mybb
|
mybb
|
Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier allow remote moderators and administrators to execute arbitrary SQL commands via (1) the mergepost parameter in a do_mergeposts actio…
|
CWE-89
SQL Injection
|
CVE-2008-0383
|
2018-10-16 06:59 |
2008-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284522
|
- |
|
urulu
|
urulu
|
SQL injection vulnerability in server/widgetallocator.php in Urulu 2.1 allows remote attackers to execute arbitrary SQL commands via the connectionId parameter to index.php with (1) statprt/js/reques…
|
CWE-89
SQL Injection
|
CVE-2008-0385
|
2018-10-16 06:59 |
2008-03-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284523
|
- |
|
kayako
|
supportsuite
|
Kayako SupportSuite 3.11.01 allows remote attackers to obtain server configuration information via a direct request to syncml/index.php, which prints the contents of the $_SERVER superglobal.
|
CWE-200
Information Exposure
|
CVE-2008-0395
|
2018-10-16 06:59 |
2008-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284524
|
- |
|
bitdefender
|
update_server
|
Directory traversal vulnerability in BitDefender Update Server (http.exe), as used in BitDefender products including Security for Fileservers and Enterprise Manager (BDEM), allows remote attackers to…
|
CWE-22
Path Traversal
|
CVE-2008-0396
|
2018-10-16 06:59 |
2008-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284525
|
- |
|
belkin
|
f5d9230-4
|
The web server in Belkin Wireless G Plus MIMO Router F5D9230-4 does not require authentication for SaveCfgFile.cgi, which allows remote attackers to read and modify configuration via a direct request…
|
CWE-287
Improper Authentication
|
CVE-2008-0403
|
2018-10-16 06:59 |
2008-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284526
|
- |
|
hfs
|
http_file_server
|
Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) director…
|
CWE-22
Path Traversal
|
CVE-2008-0405
|
2018-10-16 06:59 |
2008-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284527
|
- |
|
hfs
|
http_file_server
|
HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name.
|
CWE-20
Improper Input Validation
|
CVE-2008-0406
|
2018-10-16 06:59 |
2008-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284528
|
- |
|
hfs
|
http_file_server
|
HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more diff…
|
CWE-287
Improper Authentication
|
CVE-2008-0407
|
2018-10-16 06:59 |
2008-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284529
|
- |
|
hfs
|
http_file_server
|
HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication.
|
CWE-287
Improper Authentication
|
CVE-2008-0408
|
2018-10-16 06:59 |
2008-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284530
|
- |
|
hfs
|
http_file_server
|
Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL.
|
CWE-79
Cross-site Scripting
|
CVE-2008-0409
|
2018-10-16 06:59 |
2008-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
