|
285121
|
- |
|
kronos
|
kronos_webta
|
Multiple cross-site scripting (XSS) vulnerabilities in Kronos webTA allow remote attackers to inject arbitrary web script or HTML via the description field to (1) servlet/com.threeis.webta.H710selPro…
|
CWE-79
Cross-site Scripting
|
CVE-2008-6666
|
2018-10-12 05:57 |
2009-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285122
|
- |
|
ghostscript
|
ghostscript
|
Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and possibly other versions, allows remote attackers to cause a denial of service (ps2pdf crash) and possibly execute arbitrary code…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2008-6679
|
2018-10-12 05:57 |
2009-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285123
|
- |
|
netscout
|
ngenius_infinistream
visualizer
|
NetScout (formerly Network General) Visualizer V2100 and InfiniStream i1730 do not restrict access to ResourceManager/en_US/domains/add_domain.jsp, which allows remote attackers to gain administrator…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6701
|
2018-10-12 05:57 |
2009-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285124
|
- |
|
stalker-game
|
s.t.a.l.k.e.r.\
|
S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to cause a denial of service (crash) via a long nickname, which triggers an exception.
|
CWE-20
Improper Input Validation
|
CVE-2008-6702
|
2018-10-12 05:57 |
2009-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285125
|
- |
|
ea
|
crysis
|
The HTTP/XML-RPC service in Crysis 1.21 (game version 1.1.1.6156) and earlier allows remote attackers to cause a denial of service (crash) via a long HTTP request, which triggers a NULL pointer deref…
|
NVD-CWE-Other
|
CVE-2008-6712
|
2018-10-12 05:57 |
2009-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285126
|
- |
|
massive_entertainment
|
wic
|
World in Conflict (WIC) 1.008 and earlier allows remote attackers to cause a denial of service (access violation and crash) via a zero-byte data block to TCP port 48000, which triggers a NULL pointer…
|
CWE-399
Resource Management Errors
|
CVE-2008-6713
|
2018-10-12 05:57 |
2009-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285127
|
- |
|
phpnuke
|
php-nuke
|
SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action to modules…
|
CWE-89
SQL Injection
|
CVE-2008-6728
|
2018-10-12 05:57 |
2009-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285128
|
- |
|
circulargenius
|
flat_calendar
|
Flat Calendar 1.1 does not properly restrict access to administrative functions, which allows remote attackers to (1) add new events via calAdd.php, as reachable from admin/add.php, or (2) delete eve…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6736
|
2018-10-12 05:57 |
2009-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285129
|
- |
|
megacubo
|
megacubo
|
Eval injection vulnerability in Megacubo 5.0.7 allows remote attackers to inject and execute arbitrary PHP code via the play action in a mega:// URI.
|
CWE-94
Code Injection
|
CVE-2008-6748
|
2018-10-12 05:57 |
2009-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285130
|
- |
|
mephisteus
|
the_personal_sticky_threads
|
The Personal Sticky Threads addon 1.0.3c for vBulletin allows remote authenticated users to read the title, author, and pages of an arbitrary thread by toggling a personal sticky.
|
CWE-200
Information Exposure
|
CVE-2008-6754
|
2018-10-12 05:57 |
2009-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
