|
306261
|
- |
|
otrs
|
otrs
|
Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) before 2.3.2 creates a directory under /tmp/ with 1274 permissions, which might allow local users to bypass intended access restricti…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-7276
|
2024-11-21 09:58 |
2011-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306262
|
- |
|
otrs
|
otrs
|
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) before 2.3.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) AgentTic…
|
CWE-79
Cross-site Scripting
|
CVE-2008-7275
|
2024-11-21 09:58 |
2011-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306263
|
- |
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS Login functionality is enabled, allows attackers to perform an internal application hashtable login by (1) not providing a password or (2…
|
CWE-20
Improper Input Validation
|
CVE-2008-7274
|
2024-11-21 09:58 |
2011-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306264
|
- |
|
eclipse
|
eclipse_ide
|
Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or…
|
CWE-79
Cross-site Scripting
|
CVE-2008-7271
|
2024-11-21 09:58 |
2011-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306265
|
- |
|
openssl
|
openssl
|
OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use o…
|
CWE-310
Cryptographic Issues
|
CVE-2008-7270
|
2024-11-21 09:58 |
2010-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306266
|
- |
|
boka
|
siteengine
|
Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter…
|
CWE-20
Improper Input Validation
|
CVE-2008-7269
|
2024-11-21 09:58 |
2010-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306267
|
- |
|
boka
|
siteengine
|
The phpinfo function in SiteEngine 5.x allows remote attackers to obtain system information by setting the action parameter to php_info in misc.php.
|
CWE-200
Information Exposure
|
CVE-2008-7268
|
2024-11-21 09:58 |
2010-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306268
|
- |
|
boka
|
siteengine
|
SQL injection vulnerability in announcements.php in SiteEngine 5.x allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2008-7267
|
2024-11-21 09:58 |
2010-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306269
|
- |
|
rsa
|
adaptive_authentication
|
Cross-site scripting (XSS) vulnerability in an unspecified Shockwave Flash file in RSA Adaptive Authentication 2.x and 5.7.x allows remote attackers to inject arbitrary web script or HTML via unknown…
|
CWE-79
Cross-site Scripting
|
CVE-2008-7266
|
2024-11-21 09:58 |
2010-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306270
|
- |
|
proftpd
|
proftpd
|
The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a denial of service (CPU consumption) via an ABOR command during a data transfer.
|
CWE-399
Resource Management Errors
|
CVE-2008-7265
|
2024-11-21 09:58 |
2010-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
