|
297941
|
- |
|
mozilla
|
bugzilla
|
The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canco…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-2104
|
2017-08-8 10:30 |
2008-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297942
|
- |
|
mozilla
|
bugzilla
|
email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-2105
|
2017-08-8 10:30 |
2008-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297943
|
- |
|
yahoo
|
yahoo_assistant
|
The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and earlier allows remote attackers to execute arbitrary code via unspecified vectors in the Ynoifier COM object that trigger memory corrup…
|
CWE-399
Resource Management Errors
|
CVE-2008-2111
|
2017-08-8 10:30 |
2008-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297944
|
- |
|
sun
|
ray_server_software
|
Unspecified vulnerability in Sun Ray Kiosk Mode 4.0 allows local and remote authenticated Sun Ray administrators to gain root privileges via unknown vectors related to utconfig.
|
NVD-CWE-noinfo
|
CVE-2008-2112
|
2017-08-8 10:30 |
2008-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297945
|
- |
|
sun
|
java_system_application_server
java_system_web_server
|
Unspecified vulnerability in Sun Java System Application Server 7 2004Q2 before Update 6, Web Server 6.1 before SP8, and Web Server 7.0 before Update 1 allows remote attackers to obtain source code o…
|
CWE-200
Information Exposure
|
CVE-2008-2120
|
2017-08-8 10:30 |
2008-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297946
|
- |
|
sap
|
internet_transaction_server
|
Cross-site scripting (XSS) vulnerability in WGate in SAP Internet Transaction Server (ITS) 6.20 allows remote attackers to inject arbitrary web script or HTML via (1) a "<>" sequence in the ~service …
|
CWE-79
Cross-site Scripting
|
CVE-2008-2123
|
2017-08-8 10:30 |
2008-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297947
|
- |
|
tux_cms
|
tux_cms
|
Multiple cross-site scripting (XSS) vulnerabilities in Tux CMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to index.php and the (2) returnURL parameter t…
|
CWE-79
Cross-site Scripting
|
CVE-2008-2126
|
2017-08-8 10:30 |
2008-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297948
|
- |
|
igaming
|
cms
|
SQL injection vulnerability in poll_vote.php in iGaming CMS 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2008-2130
|
2017-08-8 10:30 |
2008-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297949
|
- |
|
tru-zone
|
nukeet
|
Cross-site scripting (XSS) vulnerability in the Journal module in Tru-Zone Nuke ET 3.x allows remote attackers to inject arbitrary web script or HTML via the title parameter in a new entry, as demons…
|
CWE-79
Cross-site Scripting
|
CVE-2008-2133
|
2017-08-8 10:30 |
2008-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297950
|
- |
|
tru-zone
|
nukeet
|
The Journal module in Tru-Zone Nuke ET 3.x allows remote attackers to obtain access to arbitrary user accounts, and alter or delete data, via a modified username in an unspecified cookie.
|
CWE-20
Improper Input Validation
|
CVE-2008-2134
|
2017-08-8 10:30 |
2008-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
