|
285351
|
- |
|
ibm
|
metrica_service_assurance_framework
|
Multiple cross-site scripting (XSS) vulnerabilities in the web-based interface in IBM Metrica Service Assurance Framework allow remote authenticated users to inject arbitrary web script or HTML via (…
|
CWE-79
Cross-site Scripting
|
CVE-2008-5043
|
2018-10-12 05:53 |
2008-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285352
|
- |
|
clam_anti-virus
|
clamav
|
Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2008-5050
|
2018-10-12 05:53 |
2008-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285353
|
- |
|
jooblog
|
jooblog
|
SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PostID parameter to index.php.
|
CWE-89
SQL Injection
|
CVE-2008-5051
|
2018-10-12 05:53 |
2008-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285354
|
- |
|
novell
|
zenworks_desktop_management
|
Heap-based buffer overflow in an ActiveX control in Novell ZENworks Desktop Management 6.5 allows remote attackers to execute arbitrary code via a long argument to the CanUninstall method.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2008-5073
|
2018-10-12 05:53 |
2008-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285355
|
- |
|
openssl
|
openssl
|
OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/…
|
CWE-20
Improper Input Validation
|
CVE-2008-5077
|
2018-10-12 05:53 |
2009-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285356
|
- |
|
crux_software
|
gallery
|
main.php in Crux Gallery 1.32 and earlier allows remote attackers to gain administrative access by setting the name parameter to "users," as demonstrated via index.php.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-4484
|
2018-10-12 05:52 |
2008-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285357
|
- |
|
apple
|
mail
|
Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-i…
|
CWE-200
Information Exposure
|
CVE-2008-4491
|
2018-10-12 05:52 |
2008-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285358
|
- |
|
todd_woolums
|
asp_news_management
|
Todd Woolums ASP News Management, possibly 2.21, stores db/news.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct req…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-4511
|
2018-10-12 05:52 |
2008-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285359
|
- |
|
designplace
|
asp\/ms_access_shoutbox
|
ASP/MS Access Shoutbox, probably 1.1 beta, stores db/shoutdb.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct reques…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-4512
|
2018-10-12 05:52 |
2008-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285360
|
- |
|
maxiscript
|
website_directory
|
Cross-site scripting (XSS) vulnerability in index.php in MaxiScript Website Directory allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action.
|
CWE-79
Cross-site Scripting
|
CVE-2008-4532
|
2018-10-12 05:52 |
2008-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
