|
299311
|
- |
|
photopost
|
photopost_vbgallery
|
Unrestricted file upload vulnerability in PhotoPost vBGallery before 2.4.2 allows remote attackers to upload and execute arbitrary files via unknown vectors.
|
CWE-94
CWE-20
Code Injection
Improper Input Validation
|
CVE-2008-0251
|
2017-08-8 10:29 |
2008-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299312
|
- |
|
dansie
|
search_engine
|
Cross-site scripting (XSS) vulnerability in search.pl in Dansie Search Engine 2.7 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. NOTE: the provenance of t…
|
CWE-79
Cross-site Scripting
|
CVE-2008-0257
|
2017-08-8 10:29 |
2008-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299313
|
- |
|
php_running_management
|
phprunman
|
Cross-site scripting (XSS) vulnerability in index.php in PHP Running Management (phpRunMan) before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2008-0258
|
2017-08-8 10:29 |
2008-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299314
|
- |
|
mambo
|
mambo_open_source
|
Unspecified vulnerability in the search component and module in Mambo 4.5.x and 4.6.x allows remote attackers to cause a denial of service (query flood) via unspecified vectors.
|
CWE-399
Resource Management Errors
|
CVE-2008-0261
|
2017-08-8 10:29 |
2008-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299315
|
- |
|
drupal
|
meta_tags_module
|
Unspecified vulnerability in the Meta Tags (aka Nodewords) 5.x-1.6 module for Drupal, when images are permitted in node bodies, allows remote authenticated users to execute arbitrary code via unspeci…
|
CWE-20
Improper Input Validation
|
CVE-2008-0264
|
2017-08-8 10:29 |
2008-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299316
|
- |
|
drupal
|
bueditor
|
The editor deletion form in BUEditor 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.1, a module for Drupal, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct …
|
CWE-352
Origin Validation Error
|
CVE-2008-0271
|
2017-08-8 10:29 |
2008-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299317
|
- |
|
drupal
|
drupal
|
Cross-site request forgery (CSRF) vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users.
|
CWE-352
Origin Validation Error
|
CVE-2008-0272
|
2017-08-8 10:29 |
2008-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299318
|
- |
|
drupal
|
drupal
|
Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before 5.6, when Internet Explorer 6 is used, allows remote attackers to conduct cross-site scripting (XSS) attacks via invalid UTF-8 byt…
|
CWE-79
Cross-site Scripting
|
CVE-2008-0273
|
2017-08-8 10:29 |
2008-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299319
|
- |
|
drupal
|
drupal
|
Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links inv…
|
CWE-79
Cross-site Scripting
|
CVE-2008-0274
|
2017-08-8 10:29 |
2008-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299320
|
- |
|
drupal
|
atom_module
|
The Atom 4.7 before 4.7.x-1.0 and 5.x before 5.x-1.0 module for Drupal does not properly manage permissions for node (1) titles, (2) teasers, and (3) bodies, which might allow remote attackers to gai…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-0275
|
2017-08-8 10:29 |
2008-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
