|
298811
|
- |
|
xoops
|
xoops
|
Cross-site scripting (XSS) vulnerability in modules/system/admin.php in XOOPS 2.0.18.1 allows remote attackers to inject arbitrary web script or HTML via the fct parameter. NOTE: the provenance of t…
|
CWE-79
Cross-site Scripting
|
CVE-2008-3295
|
2017-08-8 10:31 |
2008-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298812
|
- |
|
xoops
|
xoops
|
Directory traversal vulnerability in modules/system/admin.php in XOOPS 2.0.18 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fct parameter. NOTE: th…
|
CWE-22
Path Traversal
|
CVE-2008-3296
|
2017-08-8 10:31 |
2008-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298813
|
- |
|
esyndicat
|
esyndicat
|
eSyndiCat 1.6 allows remote attackers to bypass authentication and gain administrative access by setting the admin_lng cookie value to 1. NOTE: the provenance of this information is unknown; the deta…
|
CWE-287
Improper Authentication
|
CVE-2008-3299
|
2017-08-8 10:31 |
2008-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298814
|
- |
|
alphadmin
|
alphadmin_cms
|
AlphAdmin CMS 1.0.5/03 allows remote attackers to bypass authentication and gain administrative access by setting the aa_login cookie value to 1. NOTE: the provenance of this information is unknown;…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-3300
|
2017-08-8 10:31 |
2008-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298815
|
- |
|
youtube_blog
|
youtube_blog
|
SQL injection vulnerability in info.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3307. NO…
|
CWE-89
SQL Injection
|
CVE-2008-3306
|
2017-08-8 10:31 |
2008-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298816
|
- |
|
lemoncms
|
lemon_cms
|
Directory traversal vulnerability in lemon_includes/FCKeditor/editor/filemanager/browser/browser.php in Lemon CMS 1.10 allows remote attackers to include and execute arbitrary local files via a .. (d…
|
CWE-22
Path Traversal
|
CVE-2008-3312
|
2017-08-8 10:31 |
2008-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298817
|
- |
|
creacms
|
creacms
|
Multiple PHP remote file inclusion vulnerabilities in CreaCMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) cfg[document_uri] parameter to _administration/edition_arti…
|
CWE-94
Code Injection
|
CVE-2008-3313
|
2017-08-8 10:31 |
2008-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298818
|
- |
|
portalparts
|
forum_plugin
|
Cross-site scripting (XSS) vulnerability in the search feature in the Forum plugin before 2.7.1 for Geeklog allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, pro…
|
CWE-79
Cross-site Scripting
|
CVE-2008-3316
|
2017-08-8 10:31 |
2008-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298819
|
- |
|
edgewall_software
|
trac
|
Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2008-3328
|
2017-08-8 10:31 |
2008-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298820
|
- |
|
twibright
|
links
|
Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs."
|
CWE-59
NVD-CWE-noinfo
Link Following
|
CVE-2008-3329
|
2017-08-8 10:31 |
2008-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
