|
293091
|
- |
|
aj_square
|
aj_auction
|
AJ Square AJ Auction Pro Platinum Skin #1 sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass authentication via a direct request to admin/user.php.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6966
|
2017-09-29 10:33 |
2009-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293092
|
- |
|
simplemachines
|
smf
|
The password reset functionality in Simple Machines Forum (SMF) 1.0.x before 1.0.14, 1.1.x before 1.1.6, and 2.0 before 2.0 beta 4 includes clues about the random number generator state within a hidd…
|
CWE-255
Credentials Management
|
CVE-2008-6971
|
2017-09-29 10:33 |
2009-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293093
|
- |
|
dd-wrt
|
dd-wrt
|
Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) execut…
|
CWE-352
Origin Validation Error
|
CVE-2008-6974
|
2017-09-29 10:33 |
2009-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293094
|
- |
|
dd-wrt
|
dd-wrt
|
Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp2 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary …
|
CWE-352
Origin Validation Error
|
CVE-2008-6975
|
2017-09-29 10:33 |
2009-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293095
|
- |
|
fullrevolution
|
aspwebalbum
|
Cross-site scripting (XSS) vulnerability in album.asp in Full Revolution aspWebAlbum 3.2 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a summary action.
|
CWE-79
Cross-site Scripting
|
CVE-2008-6977
|
2017-09-29 10:33 |
2009-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293096
|
- |
|
fullrevolution
|
aspwebalbum
|
Unrestricted file upload vulnerability in Full Revolution aspWebAlbum 3.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a d…
|
CWE-20
Improper Input Validation
|
CVE-2008-6978
|
2017-09-29 10:33 |
2009-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293097
|
- |
|
devalcms
|
devalcms
|
Cross-site scripting (XSS) vulnerability in index.php in devalcms 1.4a allows remote attackers to inject arbitrary web script or HTML via the currentpath parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2008-6982
|
2017-09-29 10:33 |
2009-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293098
|
- |
|
devalcms
|
devalcms
|
modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers to execute arbitrary PHP code via the HTTP Referer header with a target file specified in the gv_folder_data parameter, as demonst…
|
CWE-94
Code Injection
|
CVE-2008-6983
|
2017-09-29 10:33 |
2009-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293099
|
- |
|
cmsbright
|
cmsbright
|
SQL injection vulnerability in public/page.php in Websens CMSbright allows remote attackers to execute arbitrary SQL commands via the id_rub_page parameter.
|
CWE-89
SQL Injection
|
CVE-2008-6991
|
2017-09-29 10:33 |
2009-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293100
|
- |
|
google
|
chrome
|
Integer underflow in net/base/escape.cc in chrome.dll in Google Chrome 0.2.149.27 allows remote attackers to cause a denial of service (browser crash) via a URI with an invalid handler followed by a …
|
CWE-189
Numeric Errors
|
CVE-2008-6995
|
2017-09-29 10:33 |
2009-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
