|
285101
|
- |
|
puppetmaster
|
webutil
|
cgi-bin/webutil.pl in The Puppet Master WebUtil 2.7 allows remote attackers to execute arbitrary commands via shell metacharacters in the details command.
|
CWE-20
Improper Input Validation
|
CVE-2008-6557
|
2018-10-12 05:57 |
2009-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285102
|
- |
|
ceruleanstudios
|
trillian
|
Buffer overflow in the XML parser in Trillian 3.1.9.0, and possibly earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DTD file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2008-6563
|
2018-10-12 05:57 |
2009-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285103
|
- |
|
invision_power_services
|
invision_power_board
|
Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an IFRAME tag in the signature.
|
CWE-79
Cross-site Scripting
|
CVE-2008-6565
|
2018-10-12 05:57 |
2009-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285104
|
- |
|
abledating
|
abledating
|
SQL injection vulnerability in search_results.php in ABK-Soft AbleDating 2.4 allows remote attackers to execute arbitrary SQL commands via the keyword parameter.
|
CWE-89
SQL Injection
|
CVE-2008-6572
|
2018-10-12 05:57 |
2009-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285105
|
- |
|
torrentflux
|
torrentflux
|
html/index.php in TorrentFlux 2.3 allows remote authenticated users to execute arbitrary code via a URL with a file containing an executable extension in the url_upload parameter, which is downloaded…
|
CWE-94
Code Injection
|
CVE-2008-6584
|
2018-10-12 05:57 |
2009-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285106
|
- |
|
torrentflux
|
torrentflux
|
Cross-site request forgery (CSRF) vulnerability in html/admin.php in TorrentFlux 2.3 allows remote attackers to hijack the authentication of administrators for requests that add new accounts via the …
|
CWE-352
Origin Validation Error
|
CVE-2008-6585
|
2018-10-12 05:57 |
2009-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285107
|
- |
|
vuze
|
vuze
|
Cross-site request forgery (CSRF) vulnerability in index.tmpl in Vuze (formerly Azureus HTML WebUI), probably 0.7.6, allows remote attackers to hijack the authentication of users for requests that fo…
|
CWE-352
Origin Validation Error
|
CVE-2008-6587
|
2018-10-12 05:57 |
2009-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285108
|
- |
|
lightneasy
sqlite
|
lightneasy
sqlite
|
Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or H…
|
CWE-79
Cross-site Scripting
|
CVE-2008-6589
|
2018-10-12 05:57 |
2009-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285109
|
- |
|
lightneasy
sqlite
|
lightneasy
sqlite
|
Multiple directory traversal vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to read arbitrary files via a .. (dot dot)…
|
CWE-22
Path Traversal
|
CVE-2008-6590
|
2018-10-12 05:57 |
2009-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285110
|
- |
|
lightneasy
|
lightneasy
|
LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allows remote attackers to create arbitrary files via the page parameter to (1) index.php and (2) LightNEasy.php.
|
CWE-94
Code Injection
|
CVE-2008-6591
|
2018-10-12 05:57 |
2009-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
