|
293501
|
- |
|
videolan
|
vlc
|
Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue i…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2008-1881
|
2017-09-29 10:30 |
2008-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293502
|
- |
|
cdnetworks
|
download_client
|
Directory traversal vulnerability in the NeffyLauncher 1.0.5 ActiveX control (NeffyLauncher.dll) in CDNetworks Nefficient Download allows remote attackers to download arbitrary code onto a client sys…
|
CWE-22
Path Traversal
|
CVE-2008-1885
|
2017-09-29 10:30 |
2008-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293503
|
- |
|
cdnetworks
|
download_client
|
The NeffyLauncher 1.0.5 ActiveX control (NeffyLauncher.dll) in CDNetworks Nefficient Download uses weak cryptography for a KeyCode that blocks unauthorized use of the control, which allows remote att…
|
CWE-310
Cryptographic Issues
|
CVE-2008-1886
|
2017-09-29 10:30 |
2008-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293504
|
- |
|
xplodphp
|
autotutorials
|
SQL injection vulnerability in viewcat.php in XplodPHP AutoTutorials 2.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2008-1889
|
2017-09-29 10:30 |
2008-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293505
|
- |
|
newanz
|
newsoffice
|
PHP remote file inclusion vulnerability in news_show.php in Newanz NewsOffice 1.0 and 1.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the new…
|
CWE-94
Code Injection
|
CVE-2008-1903
|
2017-09-29 10:30 |
2008-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293506
|
- |
|
cicoandcico
|
ccmail
|
Cicoandcico CcMail 1.0.1 and earlier does not verify that the this_cookie cookie corresponds to an authenticated session, which allows remote attackers to obtain access to the "admin area" via a modi…
|
CWE-287
Improper Authentication
|
CVE-2008-1904
|
2017-09-29 10:30 |
2008-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293507
|
- |
|
cpcommerce
|
cpcommerce
|
Cross-site scripting (XSS) vulnerability in calendar.php in cpCommerce 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the year parameter in a view.year action.
|
CWE-79
Cross-site Scripting
|
CVE-2008-1906
|
2017-09-29 10:30 |
2008-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293508
|
- |
|
cpcommerce
|
cpcommerce
|
Multiple SQL injection vulnerabilities in functions/display_page.func.php in cpCommerce 1.1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id_product, (2) id_manufacturer, and…
|
CWE-89
SQL Injection
|
CVE-2008-1907
|
2017-09-29 10:30 |
2008-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293509
|
- |
|
cpcommerce
|
cpcommerce
|
Multiple directory traversal vulnerabilities in cpCommerce 1.1.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the language parameter in a language act…
|
CWE-22
Path Traversal
|
CVE-2008-1908
|
2017-09-29 10:30 |
2008-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293510
|
- |
|
chadha_software_technologies
|
phpkb_knowledge_base
|
SQL injection vulnerability in comment.php in PHP Knowledge Base (PHPKB) 1.5 and 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
|
CWE-89
SQL Injection
|
CVE-2008-1909
|
2017-09-29 10:30 |
2008-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
