|
303361
|
6.1 |
MEDIUM
Network
|
tubepress
|
tubepress
|
The tubepress plugin before 1.6.5 for WordPress has XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2008-7321
|
2024-11-21 09:58 |
2019-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303362
|
6.8 |
MEDIUM
Physics
|
gnome
|
seahorse
|
GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked. NOTE: this is di…
|
CWE-255
Credentials Management
|
CVE-2008-7320
|
2024-11-21 09:58 |
2018-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303363
|
9.8 |
CRITICAL
Network
|
net-ping-external_project
|
net-ping-external
|
The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing…
|
CWE-77
Command Injection
|
CVE-2008-7319
|
2024-11-21 09:58 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303364
|
9.8 |
CRITICAL
Network
|
cpan
|
ui\
|
UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands.
|
CWE-77
Command Injection
|
CVE-2008-7315
|
2024-11-21 09:58 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303365
|
9.8 |
CRITICAL
Network
|
snoopy
redhat
nagios
|
snoopy
openstack
nagios
|
The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.
|
CWE-77
Command Injection
|
CVE-2008-7313
|
2024-11-21 09:58 |
2017-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303366
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
mm/filemap.c in the Linux kernel before 2.6.25 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers an iovec of zero length, followed by a page fault…
|
CWE-20
Improper Input Validation
|
CVE-2008-7316
|
2024-11-21 09:58 |
2016-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303367
|
- |
|
websense
|
enterprise
|
The Filtering Service in Websense Enterprise 5.2 through 6.3 does not consider the IP address during URL categorization, which makes it easier for remote attackers to bypass filtering via an HTTP req…
|
CWE-20
Improper Input Validation
|
CVE-2008-7312
|
2024-11-21 09:58 |
2012-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303368
|
- |
|
spreecommerce
|
spree
|
The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.action_controller_session hash value (aka secret key), which makes it easier for remote attackers to bypass cryptographi…
|
CWE-255
Credentials Management
|
CVE-2008-7311
|
2024-11-21 09:58 |
2012-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303369
|
- |
|
spreecommerce
|
spree
|
Spree 0.2.0 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the Order state value and bypass the intended payment step vi…
|
CWE-255
Credentials Management
|
CVE-2008-7310
|
2024-11-21 09:58 |
2012-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303370
|
- |
|
insoshi
|
insoshi
|
Insoshi before 20080920 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the ForumPost user_id value via a modified URL, r…
|
CWE-255
Credentials Management
|
CVE-2008-7309
|
2024-11-21 09:58 |
2012-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
