|
298391
|
- |
|
phpcollab
|
phpcollab
|
general/login.php in phpCollab 2.5 rc3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified input related to the SSL_CLIENT_CERT environment varia…
|
CWE-78
OS Command
|
CVE-2008-4304
|
2017-08-8 10:32 |
2008-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298392
|
- |
|
php-collab
|
php-collab
|
Static code injection vulnerability in installation/setup.php in phpCollab 2.5 rc3 and earlier allows remote authenticated administrators to inject arbitrary PHP code into include/settings.php via th…
|
CWE-94
Code Injection
|
CVE-2008-4305
|
2017-08-8 10:32 |
2008-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298393
|
- |
|
freedesktop
|
dbus
|
The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sendin…
|
CWE-16
Configuration
|
CVE-2008-4311
|
2017-08-8 10:32 |
2008-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298394
|
- |
|
opennms.org
|
opennms
|
Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.5.94 allow remote attackers to inject arbitrary web script or HTML via (1) the j_username parameter to j_acegi_security_check, …
|
CWE-79
Cross-site Scripting
|
CVE-2008-4320
|
2017-08-8 10:32 |
2008-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298395
|
- |
|
bitweaver
|
bitweaver
|
Cross-site scripting (XSS) vulnerability in Bitweaver 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the URL parameter to (1) edit.php and (2) list.php in articles/; (3) lis…
|
CWE-79
Cross-site Scripting
|
CVE-2008-4337
|
2017-08-8 10:32 |
2008-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298396
|
- |
|
symantec
|
netbackup_enterprise_server
netbackup_server
|
Unspecified vulnerability in the Java Administration GUI (jnbSA) in Symantec Veritas NetBackup Server and NetBackup Enterprise Server 5.1 before MP7, 6.0 before MP7, and 6.5 before 6.5.2 allows remot…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-4339
|
2017-08-8 10:32 |
2008-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298397
|
- |
|
6rbscript
|
6rbscript
|
SQL injection vulnerability in cat.php in 6rbScript allows remote attackers to execute arbitrary SQL commands via the CatID parameter.
|
CWE-89
SQL Injection
|
CVE-2008-4344
|
2017-08-8 10:32 |
2008-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298398
|
- |
|
outshine
|
phportfolio
|
SQL injection vulnerability in photo.php in PHPortfolio, possibly 1.3, allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2008-4348
|
2017-08-8 10:32 |
2008-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298399
|
- |
|
s0nic
|
paranews
|
Multiple cross-site scripting (XSS) vulnerabilities in news.php in s0nic Paranews 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) page parameter in a details a…
|
CWE-79
Cross-site Scripting
|
CVE-2008-4349
|
2017-08-8 10:32 |
2008-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298400
|
- |
|
spaw_editor
|
spaw_php
|
Unspecified vulnerability in class/theme.class.php in SPAW Editor PHP Edition before 2.0.8.1 has unknown impact and attack vectors, probably related to directory traversal sequences in the theme name.
|
NVD-CWE-noinfo
CWE-20
Improper Input Validation
|
CVE-2008-4358
|
2017-08-8 10:32 |
2008-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
