|
298521
|
- |
|
kayako
|
esupport
|
Cross-site scripting (XSS) vulnerability in includes/htmlArea/plugins/HtmlTidy/html-tidy-logic.php in Kayako eSupport 3.20.2 allows remote attackers to inject arbitrary web script or HTML via the jsM…
|
CWE-79
Cross-site Scripting
|
CVE-2008-4761
|
2017-08-8 10:32 |
2008-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298522
|
- |
|
o2php
|
oxygen_bulletin_board
|
SQL injection vulnerability in member.php in Oxygen Bulletin Board 1.1.3 allows remote attackers to execute arbitrary SQL commands via the member parameter. NOTE: the provenance of this information …
|
CWE-89
SQL Injection
|
CVE-2008-4766
|
2017-08-8 10:32 |
2008-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298523
|
- |
|
tlm_cms
|
tlm_cms
|
SQL injection vulnerability in TLM CMS 3.1 allows remote attackers to execute arbitrary SQL commands via the nom parameter to a-b-membres.php. NOTE: the goodies.php vector is already covered by CVE-…
|
CWE-89
SQL Injection
|
CVE-2008-4768
|
2017-08-8 10:32 |
2008-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298524
|
- |
|
wordpress
|
wordpress
|
Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbit…
|
CWE-22
Path Traversal
|
CVE-2008-4769
|
2017-08-8 10:32 |
2008-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298525
|
- |
|
wojtek_kaniewsk
|
libgadu
|
libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2008-4776
|
2017-08-8 10:32 |
2008-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298526
|
- |
|
drupal
|
drupal
|
The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "l…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-4789
|
2017-08-8 10:32 |
2008-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298527
|
- |
|
drupal
|
drupal
|
The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-4790
|
2017-08-8 10:32 |
2008-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298528
|
- |
|
drupal
|
drupal
|
The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules.
|
NVD-CWE-noinfo
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-4793
|
2017-08-8 10:32 |
2008-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298529
|
- |
|
opera
|
opera
|
Opera before 9.62 allows remote attackers to execute arbitrary commands via the History Search results page, a different vulnerability than CVE-2008-4696.
|
CWE-20
Improper Input Validation
|
CVE-2008-4794
|
2017-08-8 10:32 |
2008-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298530
|
- |
|
opera
|
opera
|
The links panel in Opera before 9.62 processes Javascript within the context of the "outermost page" of a frame, which allows remote attackers to inject arbitrary web script or HTML via cross-site sc…
|
CWE-79
Cross-site Scripting
|
CVE-2008-4795
|
2017-08-8 10:32 |
2008-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
