CVE-2008-4651

Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow remote authenticated users to execute arbitrary SQL commands via the 1 orderby parameter to admin/cms/images.php and the 2 navid parameter in an editrecord action to admin/cms/nav.php...

CVE-2008-4602

Post Affiliate Pro 2.0 is affected by a directory traversal vulnerability in index.php. Remote authenticated users can use a .. in the md parameter to read and potentially execute arbitrary local files. CVSS v2 base score 6.5 (Medium) with network access, single authentication, and partial impact...

Design/Logic Flaw

The Editor in IBM ENOVIA SmarTeam 5 before release 18 SP5, and release 19 before SP01, allows remote authenticated users to bypass intended access restrictions and read Document objects via the Workflow Process aka Flow Process view...

CVE-2008-3995

CVE-2008-3995 affects Oracle Database (10gR1/10gR2/11gR1) Change Data Capture component. The root cause is an SQL injection in SYS.DBMS_CDC_PUBLISH.ALTER_AUTOLOG_CHANGE_SOURCE, exploitable by any user with EXECUTE privilege on the package. Impact per sources: remote authenticated access that can ...

CVE-2008-4005

CVE-2008-4005 affects Oracle Database 11.1.0.6 via the Oracle Application Express component. The Nessus/OSS content confirms an unspecified vulnerability allowing remote authenticated users to affect confidentiality, integrity, and availability through unknown vectors. A patch is noted: Oracle Ap...

CVE-2008-3992

CVE-2008-3992 involves an unspecified vulnerability in the Oracle Data Mining component of Oracle Database 10.2.0.4, allowing remote authenticated users to affect confidentiality and integrity (related to DMSYS.DBMS_DM_EXP_INTERNAL). Connected documents confirm this CVE is among Oracle’s October ...

Cross site scripting

Cross-site scripting XSS vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote authenticated users with permissions to inject arbitrary web script or HTML via unspecified vectors related to posting of answers...

Command injection

Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service CPU consumption via a crafted stou command, probably related to MS-DOS device names, as demonstrated using "con:1"...

CVE-2008-4245

The CVE-2008-4245 entry concerns the Admin Control Panel of Rianxosencabos CMS 0.9, which does not require administrator privileges. This allows remote authenticated users to perform administrative actions (e.g., change a user's privileges, delete a user account) via vectors involving an admin li...

CVE-2008-4096

CVE-2008-4096 affects phpMyAdmin; vulnerable component is libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1, where a remote authenticated user can cause arbitrary code execution via a request to server_databases.php with a sort_by parameter that contains PHP sequences processed b...

FreeBSD Ports: pam_smb

The remote host is missing an update to the system as announced in the referenced advisory. VID 2bcd2d24-24ca-11d8-82e5-0020ed76ef5a OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

Directory traversal

Directory traversal vulnerability in index.php in PHPizabi 0.848b C1 HFP3 allows remote authenticated administrators to read arbitrary files via 1 a .. dot dot, 2 a URL, or possibly 3 a full pathname in the id parameter in an admin.templates.edittemplate action. NOTE: some of these details are...

CVE-2008-3423

IBM WebSphere Portal (versions 5.1–6.1.0.0) contains an authentication bypass that allows remote attackers to gain administrative access via unspecified vectors. Connected sources cite this as a remote flaw affecting Portal Server 5.x and 6.x with a published patch from IBM (swg1PK67104). Specifi...

Atmail Remote Authentication Bypass, Full DB Compromise

@Mail PHP Version 5.41 patch Release http://atmail.com/demo/atmailphpdemo.tgz The default install of Atmail 5.41 creates the following file in the atmail/ directory: build-plesk-upgrade.php If that file is called via http, such as: http://example.com/atmail/build-plesk-upgrade.php it will execute...

CVE-2008-3428

The CVE-2008-3428 entry concerns phpFreeChat 1.1, where a vulnerability in session handling allows a remote authenticated user to hijack another user’s session by setting the session_id parameter to match the victim’s nickid. This is a session fixation flaw with potential for partial confidential...

CVE-2008-3425

The vulnerability described in CVE-2008-3425 affects the Sun Java System Web Server 7.0 plugin within Sun N1 Service Provisioning System (SPS) versions 5.2 and 6.0. The issue allows remote authenticated SPS users to gain administrative access to the web server via unspecified attack vectors. The ...

CVE-2008-3302

SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, when magicquotesgpc is disabled, allows remote authenticated administrators to execute arbitrary SQL commands via the num parameter...

CVE-2008-3081

Multiple unspecified "input validation" vulnerabilities in the Web management interface aka Messaging Administration interface in Avaya Message Storage Server MSS 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user...

Sql injection

SQL injection vulnerability in search.asp in Xigla Absolute Live Support XE 5.1 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter...

SNMPv3 HMAC validation error Remote Authentication Bypass Exploit

No description provided by source. snmpv3exp.sh exploit the vulnerability described in CVE-2008-0960, the HMAC check problem on multiple vendor Copyright c 2008 @ Mediaservice.net Srl. All rights reserved Wrote by Maurizio Agazzini inodeatmediaservice.net http://lab.mediaservice.net/...