|
306231
|
- |
|
websense
|
enterprise
|
The Filtering Service in Websense Enterprise 5.2 through 6.3 does not consider the IP address during URL categorization, which makes it easier for remote attackers to bypass filtering via an HTTP req…
|
CWE-20
Improper Input Validation
|
CVE-2008-7312
|
2024-11-21 09:58 |
2012-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306232
|
- |
|
spreecommerce
|
spree
|
The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.action_controller_session hash value (aka secret key), which makes it easier for remote attackers to bypass cryptographi…
|
CWE-255
Credentials Management
|
CVE-2008-7311
|
2024-11-21 09:58 |
2012-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306233
|
- |
|
spreecommerce
|
spree
|
Spree 0.2.0 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the Order state value and bypass the intended payment step vi…
|
CWE-255
Credentials Management
|
CVE-2008-7310
|
2024-11-21 09:58 |
2012-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306234
|
- |
|
insoshi
|
insoshi
|
Insoshi before 20080920 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the ForumPost user_id value via a modified URL, r…
|
CWE-255
Credentials Management
|
CVE-2008-7309
|
2024-11-21 09:58 |
2012-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306235
|
- |
|
apple
|
mac_os_x
|
The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted appl…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-7303
|
2024-11-21 09:58 |
2011-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306236
|
- |
|
netshinesoftware
|
com_netinvoice
|
SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving…
|
CWE-89
SQL Injection
|
CVE-2008-7302
|
2024-11-21 09:58 |
2011-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306237
|
- |
|
sclek
|
jsite
|
SQL injection vulnerability in admin/login.php in jSite 1.0 OE allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unkno…
|
CWE-89
SQL Injection
|
CVE-2008-7301
|
2024-11-21 09:58 |
2011-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306238
|
- |
|
sun
|
opensolaris
sunos
|
The labeled networking implementation in Solaris Trusted Extensions in Sun Solaris 10 and OpenSolaris snv_39 through snv_67, when a labeled zone is in the installed state, allows remote authenticated…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-7300
|
2024-11-21 09:58 |
2011-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306239
|
- |
|
ibm
|
tivoli_federated_identity_manager
|
IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2 uses an incomplete SAML 1.x browser-artifact, which allows remote OpenID providers to spoof assertions via vectors related to the Iss…
|
CWE-20
Improper Input Validation
|
CVE-2008-7299
|
2024-11-21 09:58 |
2011-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306240
|
- |
|
google
android
|
android
android_browser
|
The Android browser in Android cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-7298
|
2024-11-21 09:58 |
2011-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
